Closed Gnutella System to Prevent Bandwidth Hogs

prostoalex writes: "Salon.com is running a story on Gnutella developers contemplating the creation of a closed or authorization-only system to prevent bandwidth hogging. Turns out, numerous applications, including Xolox and QTraxMax employ quering algorithms that are capable of bringing the network traffic to a halt. While it gets better download speeds for the users of the aforementioned applications, the damage to network traffic as a whole is substantial."

Build a better system

[MarsBar]

If you make a system which allows this kind of abuse you should expect it to happen.

The solution is not authentication - it's building better network infrastructure.

Re:Build a better system

[Mr2cents]

If you put warnings on gnutella's website not to use XoloX and the like, it might reduce the usage of these apps. Nobody is interested in bringing gunella down! (Well, except 'they', but 'they' are bastards).
I wonder what the authors of these apps have to say.

Ozone!

[B3ryllium]

Now would be a good time to plug the free, recently-opensourced Ozone file sharing program. It interfaces with MUSCLE/BeShare servers to allow people to share files without worries of AdWare and SpyWare and junk like that.

Ozone - Available for Linux, Windows, and OS X.

Beryllium's BeShare Server - use "Beryllium.BeShare.Com" inside of Ozone to check it out!

Enjoy :)

Re:Ozone!

[B3ryllium]

Alternate link for Ozone

Re:Ozone!

[B3ryllium]

Ozone was opensourced on SourceForge, check it out here.

Re:Ozone!

[technix4beos]

I use it daily from work.

Totally indespensible when you have a tough coding problem, and need instant
coding help.

I rely on many friends from the BeOS Community to help me out, and I in turn
do the same for others.

It's what makes us a very friendly bunch, to be sure.

I only wish there were more features in Ozone, but it's open source now...
perhaps someone from the linux community will help us poor souls out?

(hint hint... nudge nudge... there's free chocolate in it for anyone up to
the task... honest! ;)

Seriously though... the entire muscle/beshare system is TONS better than
anything I've ever used elsewhere when it comes to just working, and
connecting with a real community, instead of faceless creatues sucking your
bandwidth to get the latest Britney. (ugh)

Ozone. It's cool.
Muscle. It's even cooler.

You can find more information on Muscle here:
http://www.bebits.com/app/962


Definately worth a read.

-Chris Simmons,
Avid BeOS User.
The BeOSJournal
http://www.beosjournal.org

Re:Ozone!

[r00tarded]

Ozone! (Score:-1, Advertisement)

Re:Ozone!

[B3ryllium]

Heh, true, but it's an on-topic advertisement, you've gotta admit that. :) I mean, not only is it for file-sharing software, but it's opensource and works under Linux. Does it get any more on-topic than that, for Slashdot?

Oh, wait, I forgot. Hot grits and Natalie Portman. Nevermind. :)

Anyone else

[jchawk]

Is anyone else reminded of the book animal farm after reading this article?

Re:Anyone else

heh gotta love communism =P... metaphorical writing too :=)

Re:Anyone else

Four legs good! Two legs bad!

Information wants to be free!

The people, not the powerful!

Re:Anyone else

*chortle*

Re:Anyone else

[edibleplastic]

Actually, I'm very much reminded of John Nash's theory, which ws elegantly described in A Beautiful Mind. If every does what's best for himself, everybody blocks each other, as we see here with what happens when each client tries to maximize his or her own search requeries. What must happen is that everybody on the network must do what's best for him AND for the network, in this case backing off from queries, not auto-promoting to supernodes, etc.

Re:Anyone else

Practice, practice, practice...

A few thoughts on P2P

[jukal]

Here's a clip from an email I sent sometime ago to someone, it might or might not have something in it, judge yourself.

- the system must reorganise itself automatically based on current
analysis of the nodes available on the network. - the system must have a dynamic trust model, based on "paranoia".
- the trust model must be utilized in combination of other characteristics of each peer(node) to select best population of the nodes as more important servants. Untrusted/neutral nodes are not to be given any crucial tasks. No-one can do anything crucial alone, confirmation for the action must be confirmed from other trusted ones. - All functionality of the network mut be replicable automaticly. Tasks done by any node must be transferrable transparently.
- Weak nodes will not be given any "community work"
- Every node must pass constant quality criteria to be able to perform any actions on the actual network.

Just to mention a few points. In short, anarchy does not work - even in P2P networks. We need a government, but one which is always on move, but still governs population using strict - but adaptive - rules. :)

Re:A few thoughts on P2P

[Nomd]

Our government has proven that strict rules alone will work ;)

Re:A few thoughts on P2P

[olla+podriga]

One of the problems current P2P-Networks have are "hacked" clients (or add-ons like the eDonkey-Bot). Clients that pretend to meet your quality criteria but don't. All P2P-Networks so far worked for a while, then the anti-social elements increased bringing the overall network quality down.

Re:A few thoughts on P2P

[jukal]

That's a good point. Therefore, I think we need somekind of network of trust. A nodes trustability should be validated by others, it would have to get it's key signed by others before talking in public. That's not easy job ofcourse, but working models exist, atleast in other uses, such as simply in PGP. Adhoc P2P is ofcourse much more complicated - how does a node get trust in the first place?

Re:A few thoughts on P2P

[olla+podriga]

Talking about trust, look at the usual swapping channels in IRC:

"good guys" are easily identified because they stay longer in the channel, thus gaining trust/fame (whatever you call it). But within an almost anonymous P2P-Network there is no central authority (like chanops in IRC who give +v to good guys). I'd really like to see some kind of web of trust in P2P, but making it unforgeable seems difficult to me. Perhaps some kind of micropaymentsystem: For each byte I download from you, I give you 1 digitally signed credit that raises your possibilities (like better search, skipping queues...) But then we need a central signing authority, otherwise people would do multiple accounts and gain lots of credits by "downloading" from their own machine.

The decentralisation of P2P makes it independent from central servers but at the same time it raises the ability to abuse the system.

Re:A few thoughts on P2P

[jukal]

> But then we need a central signing authority

Well, if that central signing authority would consists of say 10 people (machines) in the beginning, they could certify others, which would then again share trust points etc. But then, the barrier for occasional users might make it impossible.

Re:A few thoughts on P2P

[linzeal]

anarchism only works when people have equal power over their own resources, which can be no greater in economic value than anyone else's. resources such as bandwidth i would hope would become as ubiquitous to become ordinary like food, shelter, transportation, and the like.

it takes a certain ilk of person to transgress these contemporary taboos that seem emblazoned in our mind, like cult members who were decieved into believing the village idiot was a prophet we must kill our poor heroes and move on. There is a grave difference between the mindless emulation that accompanies the idol's, the teacher's, and the leader's motive for control and instead be mindful (or at least apprectiative) of the common man's, the mentor's, and the family/friend's love of the ordinary.

for those that revel merely in the extraordinary are fools, and dangerous ones at that when placed at the helm of this huge corporate slave ship called earth. For if we decide to live in a world that advances technologically at such an advanced rate that no profit could ever be had than we have wrested control over humanity's ultimate destiny as a perfectly eglitarian species. Be it organic or otherwise.

Re:A few thoughts on P2P

Anarchists for life, an organisation that seeks to use their moral perception as a justification to influence those who wish to have a choice over their own personnal life eh?

I suppose a commitee proposes what morals are right and true as well, or is it just a gathering of like minded people?

Re:A few thoughts on P2P

[JahToasted]

Perhaps some kind of micropaymentsystem: For each byte I download from you, I give you 1 digitally signed credit that raises your possibilities (like better search, skipping queues...)

My Big Idea is similar yours only there is no global currency only local ones.

Basically every client contains a list of "good guys" locally on the box that the client is installed on. If I download a song from you and the file is complete and is properly encoded, etc. then it marks you in my list as a "good guy" and gives you one point. Conversly if you are the RIAA and are putting up dummy files then you get negative points.

You might be thinking that it'll take you a long time to figure out who are all the good guys and who are the bad guys. To speed up the process have the blacklists and whitelists shared. Once someone gets high enough points on your list, your client asks the good guy for his lists and adds his lists to yours. You might want to prorate lists you recieve from others depending on how many positive points he has.

This system isn't likely to be abused on a large scale since those who abuse the system on a smaller scale will be ignored. There is not single point of failure since the lists are kept by each individual client. The list of known abusers of the network will quickly propogate through the system.

A similar system could be used to guess people's preferences. Everyone could rate songs. People who rate songs similarly to you would recieve positive points (note: seperate point system from the one I discussed above). People who like Britney Spears will get negative points. Now by getting the "recommended" lists from those with similar tastes in music to you, your client could actually recommend songs for you to download.

Re:A few thoughts on P2P

[Akor]

Have you ever heard of modeless channels? Like the name says, there are no modes in such channels. And because chanops are just humans, it is good so. There are in fact a lot of inexperienced chanops kicking and banning instead of thinking and ignoring.
And on a p2p based solution such authorities would have a much harder time in making decisions who is a friend and who is a leecher/abuser, if such a solution would even be possible.

Maybe there could be some sort of "trusted groups", which can only download from people in the group, and have to authorize to that group using a special key.. think of it like a +i channel on IRC.

Re:A few thoughts on P2P

[ftobin]

This has all been implemented in GNUnet.

Re:A few thoughts on P2P

[jukal]

Yup, it indeed seems it seems to have good bones, thanks for reminding to check the site again. Although the mail I posted was more about grid computing than P2P in the meaning of gnutella, napster, gnunet - which is mostly file-sharing to me - there still are the same fundamental issues to be solved. So, what I wanted to say is that GNUnet does not implement what I meant, but it could provide a good basis.

Re:A few thoughts on P2P

[olla+podriga]

The credits (or call it "karma") can consist of many things. I'd like to up/download in it because it happens quite often that some users complain that they upload all day but don't manage to get that last percent of a file. So they should be bumped to the top of the queue. Not always, but sometimes and not too often. Hard to say. well. the idea doesn't sound so good anymore. :-/

Re:A few thoughts on P2P

[linzeal]

Just a group of like minded people. Ethically it is wrong to take another human life, and science is on the pro-life side not the abortionists. History is about expanding the amount of people that have basic rights, not about taking others away so that others may have the "right of convience".

Get rid of pop culture vultures!

[Glowing+Fish]

The biggest problem with gnutella is not technical. It is that gnutella was invented so that true hardcore underground people such as myself could complete our collection of harcore underground things, such as the entire run of Evangelion. However, gnutella is cluttered with people only interested in Brittney Spears. Here is an idea I first proposed on everything2 for making gnutella less crowded.

Gnutella is one of the best things to come out of Sedona, AZ since the hordes of Alien Invaders who passed through the vortex. At leat for those of us who have DSL or better, Gnutella is the best way to complete our collection of Evangelion episodes, obscure hip hop mp3s and fets.com sets.

The problem with gnutella though, is that it is crowded, and according to my estimates, about 75% of this crowding is due to people looking either for mp3s of that damn song that plays on the radio every half hour and\or nude pictures of celebrities. Often to compound matters, these people are looking for nude pictures of that one celebrity that sings that damn song they play on the radio every half hour.

If we have a tool that allows us to download obscure 90 minute long epic techno ballads from the Slovak Republic, why are we allowing people to use it to listen to music that they can hear by turning on MTV?

The answer is because we don't know how to stop them. But I have a possible solution for our problem. All it requires is for about 100 or so people to put a file in a shared directory called "Brittneyspearsbarebreasts.jpg" or something along those lines. But instead of said picture actually being of Miss Spears beare breats, why not make it something else...such as possibly goatse.cx?

After seeing this picture one too many times (which will probably be the first time), many people will cease to use gnutella as a vehicle for their pop culture stupidities.

Re:Get rid of pop culture vultures!

[Stonent1]

This reminds me of the people that were putting MP3s out on Napster with random chicken noises embedded or just laughing. It seems that it just pissed people off but didn't stop them from searching and downloading what they wanted.

Re:Get rid of pop culture vultures!

Yeah evangelion... hard fucking core...

wanker

Re:Get rid of pop culture vultures!

[danielpavel]

As a matter of fact, Kazaa was where I completed my Evangelion collection. The videos were rather low in quality, but good enough :)

Only switched to Gnutella after Kazaa became a place too dangerous for my taste.

And speaking of Kazaa, it worked _much_ faster than Gnutella. And you can't claim there aren't plenty of people looking for Britney's boobs on Kazaa...

-silent

Re:Get rid of pop culture vultures!

[NexusTw1n]

The record industry is already doing this in order to pollute P2P networks.

All is does is piss off dial up users, it doesn't stop them, they just keep searching.

Salon's article on the practice

I think having an enforced standard for the Gnutella protocol is the the sensible way to go. If you're going to design a protocol, do it properly and completely, which includes specifying exactly and clearly what a supernode is and how it should behave. If you don't clearly define every aspect of the protocol then it is going to break down as people interpret it in different ways.

A protocol has to be a set of rules or it isn't a protocol by definition.

Re:Get rid of pop culture vultures!

[gripdamage]

All it requires is for about 100 or so people to put a file in a shared directory called Brittneyspearsbarebreasts.jpg or something along those lines. But instead of said picture actually being of Miss Spears beare breats, why not make it something else...such as possibly goatse.cx?

What is interesting to me is that this would be EXACTLY what freeloaders would do if sharing was required. Just something to think about for people who think they have the freeloader issue figured out. It's a lot more difficult than it seems, since file names and file sizes say nothing about the quality of the content being shared.

Also if current Gnutella clients were simply amended to have the option don't allow people with 0 files in their library to download, how long would it be before a client was produced which falsely reported files in it's library, files which didn't exist and you can never download.

Re:Get rid of pop culture vultures!

Evangelion is not obscure. If you have any respect for the people who created it, you will buy the DVDs. It's not hard, just go to animecastle.com, amazon.com, bn.com... take your pick.

Re:Get rid of pop culture vultures!

[The_Guv'na]

All it requires is for about 100 or so people to put a file in a shared directory called "Brittneyspearsbarebreasts.jpg" or something along those lines. But instead of said picture actually being of Miss Spears beare breats, why not make it something else...such as possibly goatse.cx?

Great, just what the trolls wanted to hear! ;-)

Ali

Re:Get rid of pop culture vultures!

[JaredOfEuropa]

Interestingly, this is more or less one of the proposals put forward by the RIAA: flood the P2P networks with files named after popular songs, but containing garbage only.

Re:Get rid of pop culture vultures!

[bryanp]

The biggest problem with gnutella is not technical. It is that gnutella was invented so that true hardcore underground people such as myself could complete our collection of harcore underground things, such as the entire run of Evangelion.

Evangelion? Hardcore underground? You mean, the series you can go buy all of on DVD at your local Best Buy / Media Play / Suncoast / whatever right now? Okay, you can't get End Of Evangelion yet, but that's coming out in a month or so. Oh, and Eva is not exactly "underground" or even "edgy" in anime fandom either. It's OK, I mean, I'd watch it before I'd watch Dragonball Z or Akira (bleah) but give me something really good with a real story and an honest-to-god ending, like The Irresponsible Captain Tylor or Nadia any day.

(hmmm, am I grumpy today? Nah. :)

Re:Get rid of pop culture vultures!

[R.Caley]

[...]harcore underground things, such as the entire run of Evangelion[...]

You mean that kiddie show that seems to be on tv every time I look to see if there's anything worth watching while I eat my tea?

`Hardcore' and `underground' sure have devalued recently.

Re:Get rid of pop culture vultures!

[Smedrick]

Just use Oth. Teeny boppers have no idea what FTP is and the ratios force you to do some actual work for those MP3s, creating a more rewarding experience in the end.

Re:Get rid of pop culture vultures!

Don't be hating on DBZ and Akira...

Tetsuo has a posse.

Re:Get rid of pop culture vultures!

[Saeger]

honest-to-god ending, like The Irresponsible Captain Tylor

You call that an ending? It was as predictable and corny as Hollywood. It should have been (open)ended after the nonbattle on the 2nd to last episode... instead of the crap about Tylor obviously not being able to quit, and choosing the old ship with the old crew over the new. .... IMO.

--

Re:Get rid of pop culture vultures!

Why not spend less then the cost of an HDD to fucking buy the whole series and movies on DVD you monkey whore.

Re:Get rid of pop culture vultures!

[EvlG]

How arrogant.

Everyone has just as much right to use the P2P network as you. They can search for whatever they want. Who are you to govern what is a proper use of the tool?

Re:Get rid of pop culture vultures!

[Glowing+Fish]

In case anyone was wondering, TWAJS.

Although I am glad to see that it somehow sparked a fight about the validity of Evangelion's ending. Perhaps we can also have a Rei vs. Asuka debate?

Re:Get rid of pop culture vultures!

No SHIT!

When he finds some mother adult-daughter real amateur sex, lemme know kids.

Re:Get rid of pop culture vultures!

[hyperturbopete]

The answer is because we don't know how to stop them


Duh. Much easier to just get the picture and let 'em have it. Hard code britney.avi into all gnutella binaries. Instant reduction in traffic!

(yeah i know, i know it will just make it worse. Well we need to find the britney video to end all britney videos, that will solve everything!)

Re:Get rid of pop culture vultures!

[Stonent1]

Yes the rumors were that the RIAA members were ones polluting the network.

Re:Get rid of pop culture vultures!

[schmiddy]

Your fears about people falsely sharing on p2p networks have come true (well, sort of) on another p2p network, called Direct Connect (Linux client available also). Basically, one selects from a pulic list of nodes, each of which has its own rules regarding the min. shared content, upload slots, and connection speed required to gain access. Although there are occassionally people who try to cheat the system, with fake shares, or shares of installed program directories, etc., the small size of most hubs -- just about all less than 1000 people, allows for effective self-policing by the ops. All in all, it works very effectively, and a great source for obscure files. Something to think about .

Re:Get rid of pop culture vultures!

[Pyrrus]

and don't forget users who will share a bunch of files
called urio33.jpg and puzzno.exe, which no one will
be looking for and are probably bogus, so it will be just
as if they are not sharing.

Upon Returning From China...

[Nomd]

Upon returning from China, Gnutella developers have begun contemplating ...

Someone spell it out for me...

[dimator]

Can I still download my porn?

Self-policing network

How about implementing per-node policing using a credit system like gnunet? (http://http://www.gnu.org/software/GNUnet/)

Nodes individually keep track of the behavior of their neighbors. Bad or expensive behavior like out-of-spec activity or excessive querying lowers the 'credit' of the node. Good behavior like answering queries increases a node's credit. Credit determines the probability that a node's queries will be answered or passed along and the priority with which they will be treated. Abusively written clients will eventually be ignored out of the network.

An idea: UL/DL ratios

[af_robot]

How about enforcing UPLOAD/DOWNLOAD ratios to all users?
So users won't be able to download without contributing to other user...

Re:An idea: UL/DL ratios

[DNS-and-BIND]

They had those on BBS's. They sucked. Unethical people uploaded trash files for credit. And the rest of us, frankly, ran out of quality files to upload after a while.

Re:An idea: UL/DL ratios

[DrVxD]

> And the rest of us, frankly, ran out of quality files to upload after a while.
That's implicit in ratios, though. Ratios are - by definition - about quantity over quality. As you point out, imposing UL/DL ratios increases noise.

Re:An idea: UL/DL ratios

[Gurp]

Um, how exactly?

This is a decentralised system. That means that an effective ratio system involves replicating the entire user database to each node or nominating a single user database server.

You don't want to do the former because, frankly, there's already too much background chatter. You don't want to do the latter because suddenly there's something for someone to sue if they want to shut it down.

Re:An idea: UL/DL ratios

[af_robot]

Well, my idea is slightly different..
You don't have to upload files manually - all you have to do is to share specified amount of traffic before you can download more from other users.

Example: you want to download 600Mb file from other users. Admin server will check your account and verify amount of traffic you allowed to download If you don't have enough traffic stats you have to wait until somebody will download something from you. .

Good example is Edonkey protocol: then downloading big file you HAVE to share parts of it in order to finish download.

Re: An idea: UL/DL ratios

[Antity]

No. Download ratios are bad. There's no easy way for someone to start getting in such a "closed community" because, at the beginning, you just don't have interesting files to upload. You have two choices: Upload lots of crap (and probably get kicked/banned) or be ethical and just don't upload crap but wait maybe weeks until your friend comes over and gives you CDs to upload.

Another possibility was to visit other networks or BBSes (this is where this ratio stuff started) which don't have ratios, download stuff there and upload it on your ratio net.

But - if such networks exist, why use the ratio ones anyway? On the other hand, you would piss off those who are running the non-ratio net because you were just leeching like hell.

Download ratios actually hurt the whole community very seriously.

Re:An idea: UL/DL ratios

Good example is Edonkey protocol: then downloading big file you HAVE to share parts of it in order to finish download.

Edonkey has some absolutely brilliant ideas (like that, and the way it doesn't fragment your hard drives too badly), but unfortunately it still doesn't work anywhere near as well as fasttrack.

Re:An idea: UL/DL ratios

[Koyaanisqatsi]

Audiogalaxy had something like this, remember? If you were sharing less than 10 files you'd be limited to 2 simultaneous downloads.

I think it was pretty fair a restriction. But not bullet-proof: you could always place some 10 obscure files on your share that no-one would download and still get your download quota ...

Re:An idea: UL/DL ratios

[MarvinMouse]

What about a grading system as well? Have 2 ratios running side by side

Quantity Ratio

and

Quality Ratio (Which is determined by a persons grade of the downloads they have from that server)

Re:An idea: UL/DL ratios

[DrVxD]

> Quality Ratio
So people download loads of crud to reduce their quality DL.
Or they vote up the "quality rating" of stuff they've uploaded.

Of course, this is very client/server oriented, and doesn't translate well to P2P anyway.

Re:An idea: UL/DL ratios

[maxume]

The big problem with this is modem users who happen to be out of their mind, and are downloading at, oh say 24 kbps, and would upload at said rate. They don't participate very well in a ratioed world, because the only people who will bother to download from them are people at, oh say 14 kbps. There aren't any of those people. Therefore I am screwed, despite ~4000 files...

Re:An idea: UL/DL ratios

Hey, I would love this to happen. I have been yelling about this for years.

I'm sick of running P2P programs like eDonkey and seeing two pages full of "On Queue" meanwhile, I've been uploading around 100KB/s steady for the past two weeks.

If someone wants a rare file no one else wants, they can have it, but don't make the people who are actually sharing/uploading stand in line while silent leeches get all the popular queues.

Elitist Bastards!

[funkhauser]

Heh, actually, I think this could be a good idea. Besides improving overall network performance, these authentication measures could help prevent possible malicious attacks by RIAA bots poking around the network. I don't think we need to worry about any sinister plot to force users to use spyware-laden clients, either. Gnutella is rooted in open-source development and would be just as pissed if that happened if they were in our shoes. They wouldn't let it happen.

Re:Elitist Bastards!

You are correct. Any loyal supporter of the open source revolution will be happy to use an officially approved client. Anyone who wants to connect his own client to the network is probably an RIAA imperialist traitor.

GNUNet

[flonker]

There is a P2P network layer called GNUNet. I've studied the papers on it, and the design looks extremely solid and resilient.

Re:What?!

[TheCarp]

I always find it amusing when someone takes a specific implimentation that happens to be similar to a philosophy that they know about, and take that specific example as proof that the whole theory is worthless.

In actuality, gnutella doesn't paralell any serious anarchist philosophy that I have seen very well at all. Most such systems that I have seen proposed generally call for communities of people that work together for benefit of the community and are run by a direct democracy rather than a representative democracy.

In fact anarchy doesn't advocate a state of chaos or lack of laws as much as a lack of hierarchy. It calls for elimination of the concept of "positions of power" where the laws of the land are decided directly by the people themselves and where no person is forced to live by those rules except as the voluntarily accepted price of living within a given community.

gnutella on the other hand is more of a "free for all". More of an "frontier", which isn't very anarchistic at all, as hierarchy is easily created in the frontier, all it takes is a small gang or some guns. Whoever has the most ability to weild deadly power is the top of the hierarchy.

-Steve

P2P and DOS Attacks

[herwin]

I have gotten the impression that these P2P networks are not good netizens. I access the net via a dial-up connection. Within a few minutes of logging on yesterday morning, I found myself dealing with what appeared to be a DOS attack on port 6346 coming from an adsl connection in Lithuania. I have that port blocked, so I was seeing a large queue of security alerts from my firewall. This has not been the first time this has happened with one of the P2P ports. Shto/WTFO?

Re:P2P and DOS Attacks

[anshil]

Port 6346 is the Gnutella network thats not a DOS attack, but normal gnutella operation.

Re:P2P and DOS Attacks

[Erpo]

What probably happened is that you snagged an IP previously used by a gnutella user when you dailed in. You're getting 6346 connection requests because the IP you're currently using is in the host cache of one or more gnutella nodes out there that are trying to connect. If it really bothers you, reconnect and get a different IP. Otherwise, wait for a bit and they'll realize you're not running a servent and stop trying to connect.

You're right, though. Most gnutella servent software out there doesn't behave very well.

Re:P2P and DOS Attacks

[radish]

I posted this elsewhere, but I have a static IP and I know there has not been a gnucleus client there for 2 months. I still get a barrage of 6346 connection requests 24/7. It doens't bother me, the bandwidth used is trivial and the firewall stops it all, but it amazes me that some luser app is still trying to connect to me 8 weeks later!

Re:P2P and DOS Attacks

[Erpo]

Ah. Most likely it is a badly behaved servent then. :)

Re:P2P and DOS Attacks

[13Echo]

I think that a lot of people just leave things queued up to do searches until they find the file. This can go on for days/weeks, especially with more obscure files. I have noticed the same things though. After using a P2P client, requests keep showing up for days. That is really one of the things that I don't like about a lot of Gnutella software.

When I used Windows, I never experienced such a thing with WinMX, but then again, it is much less decentralized.

Re:P2P and DOS Attacks

[wings]

I've had the same IP for 9 months, have never
run any P2P client, and my firewall logs show 17 port 6346 connection attempts in the last 10 days alone. I suspect port scanning.

Better Speed With Draw More Users

[roushi]

Wouldn't the better downloading speeds in theory entice new users towards using the network?

Re:What?!

[Ricky+M.+Waite]

Wonderfully said, you have just concisely and elegantly summed up what I have struggled so much to convey to so many like the parent poster. Thank you.

OT: Re:A few thoughts on P2P

[Akor]

Anarchy does not work? Who said this? (I'm not talking about P2P networks)

If you don't have a clue what anarchy is, read the Anarchist FAQ

Re:OT: Re:A few thoughts on P2P

[jukal]

> Anarchy does not work? Who said this?

I did. And in this case it means that we do have to have hierarchies to make the system work. However, I have to admit that it was a popularistic statement by me, since you can see such a network as Anarchists' dreamland - a society in which everything is decided based on functional voluntarism. However, this is not completely what I meant in that e-mail, I believe that there has to be some fixed hierarchy in it as well.

Re:OT: Re:A few thoughts on P2P

[DNS-and-BIND]

Worked really well in Afghanistan, Somalia, Albania, Zimbabwe, and others.

Now, run along and play, or we'll have to airdrop you and Chomsky into downtown Gonaives, and you two can try to explain Bakunin and Kropotkin to the natives, and why an absence of rule is a good thing.

Re:OT: Re:A few thoughts on P2P

[PastorOfMuppets]

The only problem with anarchy is, how do you enforce it? There will always be a certain number of people who desire power, and in order to obtain that power, they will try to form a government.

So, you need some kind of intelligence gathering agency and millitary force that could detect and prevent a potential outbreak of government. And, of course, you'll need rules for these agencys to follow, so as to protect everyone else from them, and some sort of oversight commity to make shure those rules are followed. And then you'll need a group of people handle the punishment of those who violate the rules, and another set of rules for them to follow to ensure that innocent people are not punished.

You'll also need some meathod of deterring people from lying, stealing, killing, or otherwise abusing eachother. After all, most people aren't very nice. And then you'll need some way of seeing to it that those who do violate the rules of common decency are dealt with, and again, there will need to be a set of rules for how to procede with such matters.

Wow, you were right, anarchy does work. All you have to do is follow these simple guidelines and...

Wait a minute. Oh shit! We've just created a government. Guess we'll have to start over.

Re:OT: Re:A few thoughts on P2P

[UncleFluffy]

When someone points a gun at you, it isn't anarchy any more, so none of your examples apply.

Re:OT: Re:A few thoughts on P2P

Interesting FAQ. But "no hierarchy" was exactly how the gnutella network started, and it didn't work very well at all. Now they're planning to add even more hierarchy. So far as technical enterprises are concerned, things aren't looking good for their version of anarchy.

Re:OT: Re:A few thoughts on P2P

You are thinking too soon. Think far in the future, but the ground must be laid flat now!

Re:OT: Re:A few thoughts on P2P

[plugger]

For an excellent example of this, check out George Orwell's 'A Homage to Catalonia', ISBN 0141183055.

He describes the transistion from a state of anarchy to one of hierarchy over several months, with the power struggle between about three different factions (it's been a while since I read the book).

Re:OT: Re:A few thoughts on P2P

[Massacrifice]

For a second I imagined Noam Chomsky with a large machine gun.

Re:OT: Re:A few thoughts on P2P

Who will make you put the gun away in an anarchy? Someone wielding a bigger gun?

Re:OT: Re:A few thoughts on P2P

Sure it is.

It's when society itself organizes and delegates people to point guns at other people that anarchy is lost.

Re:OT: Re:A few thoughts on P2P

[mother_superius]

What if everyone were to defend themselves?

Re:OT: Re:A few thoughts on P2P

It doesn't work. There's a little something called human nature. Read up on it.

Re:OT: Re:A few thoughts on P2P

[UncleFluffy]

Sure it is.

It's when society itself organizes and delegates people to point guns at other people that anarchy is lost.

Pointing a gun at someone creates a hierarchical relationship and a loss of freedom for the individual staring down the barrel, i.e. not an anarchy.

Organising can certainly occur in an anarchy, and delegation is possible in certain forms.

The solution is to block abusive servents

IIRC, the big players on the Gnutella network at this point (Limewire, Bearshare, etc) are able to exchange version information, and to confirm that version information. If this is true, and it's not possible for a rogue application to masquerade as another servent, I believe it's time to lock abusive servents out of the network. If they aren't playing fair, don't let them play at all. Period.

This means you, XoloX. As well as all the other servents which send requeries at ridiculously short intervals, send download requests tens of times per minute trying to force their way into a download slot, support downloading but not sharing, encourage or emphasize web downloading as opposed to participating in the Gnutella network, etc. Freeloaders are as much a problem as they ever were, but (IMO) only because they're being allowed to be such a problem.

The time has come when abusive servents need to be shown the door. I don't mind sharing most of the time. But when the same asshole is hammering me 100 times per minute trying to get a download slot, or sending the same query every 5 seconds trying to find more sources, my desire to share files goes down the toilet. Something needs to be done.

Re:The solution is to block abusive servents

[DNS-and-BIND]

The Gnutella developers see their mission as bringing a new, revolutionary network protocol to the masses. Something on the level of a new HTTP.

The Asia-based Qtraxmax developers see their mission as getting as many software(spyware?) installs as possible, through promising a superior user experience, and they would cheerfully destroy the network to do so.

Obviously, the solution is a new Gnutella option, defaulting to "on", that says "deny resources to abusive clients".

Re:The solution is to block abusive servents

Limewire has been GPL'd. ;http://www.limewire.org/. I really doubt that there is anything in that code that the other Gnute programmers aren't already aware of.

Vincent Falco has been arguing these points about XoloX and a few others for a long time now, and frankly, I see it just as his own method of trying to lock out the better clients. So go ahead, and hope for this to happen. Use your spyware/Trojan-ridden Bearshare program. Vince will surely be happy.

You are dealing with a decentralized, open protocol. Locking others out is silly. Vince should write his own P2P protocol instead.

If you are having problems with your connection, then perhaps you should stop trying to get files over a frickin' dialup modem.

Re:The solution is to block abusive servents

If you would have read the article you would have seen that XOLOX fixed their problem. Learn to read all info. It might help you someday

Re:The solution is to block abusive servents

[umStefa]

One problem with this idea..

One of the big players on the Gnutella network right now is Gnucleus and it is Open Source (GPL). So any changes in source code that restricted the network to access by the 'big players' would be immediatly accessable to anybody who wanted it,which would allow for the abusive clients to continue abusing the network.

The only solution that I see is to incorporate into the main clients source code a provision that would ban the IP (say for 24 hours) of anybody hammering the network. This would drop the abusive clients of the network but would still allow anybody with a client that play's nice to participate on the network.

Re:The solution is to block abusive servents

[StillAnonymous]

I'd be happy if Kazaa/grokster/etc would boot users who have their upload bandwidth set to 1kbps. Or the folks who set their "max uploads" to zero. It's so irritating.

Or even just give an option to see the number of files/upstream bandwidth/max uploads that a user who is downloading FROM you has set. That way I can boot their non-sharing asses myself.

In other news

[dirtsurfer]

The userbase of Xolox and QTraxMax doubled today...

You must be kidding

[dmiller]

While it gets better download speeds for the users of the aforementioned applications, the damage to network traffic as a whole is substantial.

Do you expect the same people who use the network predominantly for breaching copyright to care about the greater good?

Never mind Gnutella, this just in....

The S&P 500 and the FBI's most wanted lists are going to be merged.

GNL

[TheSHAD0W]

I was a part of the Gnutella development clique a while back, and had made a few proposals on improvements to Gnutella clients.

One such proposal, GNL, was to provide a way to define alternate Gnutella networks from the main system, and include ways to limit their behavior. Another proposal, GNV, was a method for administering these networks, and said administration could be performed anonymously.

Many people liked my ideas, until I made the mistake of mentioning that the end result would probably be differentiation of Gnutella into several networks, each specializing in different types of files; it would be like making Gnutella into IRC, with separate server networks providing different flavors of service. I also mentioned that I thought the original Gnutellanet would wither on the vine. They looked on this with horror and dropped my suggestions.

*shrug* I dunno. Considering that, at the time, the Gnutellanet was scaling itself into bloated nonoperation, I thought splitting the Gnet into different specialty networks was a good idea. Clients could even log onto more than one Gnet at a time.

Re:GNL

[Anenga]

...making Gnutella into IRC...

Clients (Shareaza started it, now Bearshare and Limewire are adding it) are now implamenting "File Queueing", just like how IRC has. It will tell you what queue slot your in, how many people are ahead of you, and how much time you may have left.

DeChat (Decentralized Chat) is now a big buzword in the Gnutella community. Clients such as Shareaza are working on adding it soon. This will alow you to find and join chatrooms similar to your intrests, and connect you to peers who have similar intrests as you do. So you can join "Anime" and find over 100+ online peers who have good Anime content. Where it would of taken hours, days or even months to connect through all of them using the Ultrapeer system.

Re:GNL

Clients (Shareaza started it, now Bearshare and Limewire are adding it) are now implamenting "File Queueing", just like how IRC has.

People seem to be spending a lot of time reinventing the wheel lately. Why not just use IRC or FTP and download crap from guys with IRC bots? That's how everyone USED to get their warez.

I'd rather see this as an option

[ShaunC]

I agree with you that some of the more abusive clients are getting out of control. I don't agree with blocking them outright, though. Gnutella is where it is because it's an open network and an open protocol; I think we have to leave it that way if we expect any future genius to appear on the network. Closing things up and locking the doors, these aren't the appropriate solutions IMO.

I think filtering of abusive apps should be done on the client side of the servent equation. The biggest problems I've seen lately don't involve Xolox specifically, but users of varying servents. People who queue up hundreds of different files to download at a time. People using programs which ignore "Not Shared" or "Refused" replies, and continue to pound my box looking for files that don't exist.

I was out of town for a few days last week (all computers turned off, except for my router box). When I came back, I fired up my Gnutella program. Without even connecting to the network, I was immediately serving uploads. That means that someone was trying to download from me for three full days while a) the files were not shared, b) Gnutella wasn't running, and c) the freaking computer wasn't even turned on! Come on, servent authors: pay some attention when you get "Refused" or "Not Shared" responses. Drop such files from the queue after 2 or 3 failed tries, don't leave them sitting there for eternity.

I want a setting that says "drop all packets from hosts who request a no-longer-shared file." I want a setting that says "drop all packets from hosts who attempt to download while the program is running but not connected to the network." I want a setting that says "drop all packets from hosts who send download requests more than $TIMES per minute." My per-user upload limit is set at 1, so someone queueing up 200 files at a time generates an enormous amount of protocol overhead. It might be 5 hours before that user gets all of his 200 files, all the while he's sending a constant barrage of packets which accomplish nothing.

Gnutella is an open network. Yes, we do need to do something about read-only clients, but I think it should be up to the people to decide what gets done. Provide the users with the appropriate filters and let the majority determine what behavior is good vs. bad.

Shaun

Re:I'd rather see this as an option

[radish]

I have a static IP. I haven't run a gnutella client for, oh about 2 months. I still get gnutella packets bouncing off my firewall at the rate of 4 or 5 a minute. That's insane...

Re: I'd rather see this as an option

[Antity]

My per-user upload limit is set at 1, so someone queueing up 200 files at a time generates an enormous amount of protocol overhead. It might be 5 hours before that user gets all of his 200 files, all the while he's sending a constant barrage of packets which accomplish nothing.

How about an option in the protocol that transmits the "per-user limit" value on failed requests? How about clients that react on this value?

Of course, peers that send requests for the same files every few seconds should be blocked. This really hurts bandwidth.

Re:I'd rather see this as an option

[ncoder]

I want a setting that says "drop all packets from hosts who request a no-longer-shared file." I want a setting that says "drop all packets from hosts who attempt to download while the program is running but not connected to the network." I want a setting that says "drop all packets from hosts who send download requests more than $TIMES per minute." My per-user upload limit is set at 1, so someone queueing up 200 files at a time generates an enormous amount of protocol overhead. It might be 5 hours before that user gets all of his 200 files, all the while he's sending a constant barrage of packets which accomplish nothing.

Yeah! filter out those MFs on the client. If 80% of the clients block abusive clients, they will be essentially rendered useless.

Another idea... A shared list of abusive clients. Or, a shared list of Gnutella client priority based on politeness? Gnutella Kharma points, anyone?

Re:I'd rather see this as an option

[hazyshadeofwinter]

The problem with trying to filter based on the client type is, if it becomes common, abusive clients will simply spoof their ID strings to that of a trusted client. AFAIK, Gnutella uses HTTP for the actual downloads, so this would work the same as Opera/Mozilla/whatever identifying itself as IE for badly behaved websites.

Those who do not learn from history...

[Todd+Knarr]

It's not like this hasn't happened before.

Sun did it with Ethernet. They set their NICs to use the minimum retry interval instead of minimum + random time like the spec says they must. This got better performance for Sun equipment. Right up to the time where someone put a dozen Suns on a single Ethernet segment and the competition between all of them hammered the network down to 10% of the expected bandwidth.

Various TCP/IP "accelerators" tried this too, by ignoring the exponential-backoff and slow-start parts of the TCP spec. They too improved speeds for the people who used them. Right up to the point where lots of people started to use them, when the competition between them hammered their transfer rates down to a fraction of what's expected.

We've seen it on UDP-based streaming protocols, where lack of flow-control mechanisms causes massive congestion problems and slower transfer rates than when flow-control is applied.

So why didn't anyone expect/predict this when they were designing the Gnutella network and protocols?

Re:Those who do not learn from history...

[jonathan_ingram]

Because Gnutella wasn't designed, it was hacked up in a weekend as a little closed source Windows file sharing app. Completely unscalable, completely insecure.

After AOL stamped on the writer to remove the program, lots of people reverse engineered the protocol (which was almost trivially easy), and wrote their own clients. Because it was the time of dot-com mania, lots of commercial and semi commercial applications sprung up using the same protocol, without any of the authors ever bothering to consider whether the protocol was usable at all.

It's only now, about 3 years later, that we're finally seeing work to move 'Gnutella' into a more workable system (see the superpeer system of Gnucleus, for example).

Re:Those who do not learn from history...

You're right. The protocol itself should have a built-in enforcement mechanism. Each node should be able to detect if someone is violating the protocol, and refuse to cooperate with the violators.

I should have added...

...the filters I proposed won't help the bandwidth problem in the short term; such options do nothing about the problem up front but I think they'd have a positive effect over the long haul. Setting my Gnutella program to drop all packets from $OFFENDER doesn't change the fact that they're still hammering me for uploads. However, I believe that such filters - applied in large proportions across the network (say, turned ON by default in the popular apps) - would eventually render abusive servents useless.

If users of Qtraxmax weren't able to search or download with any reliability, since the rest of the Gnutella world was ignoring them for sending too frequent requeries, they'd go away or find a different servent.

Shaun (AC, ain't karma whorin')

Gene Kan, YES!

[gripdamage]

Finally the time has come for that guy with the Gene Kan comments to be on-topic! But he's nowhere to be found.

In case it's not clear, I'm trying to be funny.

oh GOD. NO NO NO NO NO NO

[Perianwyr+Stormcrow]

Raw byte ratios = bad.

You need good administration and tight surveillance of users to make that work as intended.

Neither of which are feasible or good ideas for something intended to be another network layer.

OpenFT (free, inspired by FastTrack, beats Gnut.)

I think that the OpenFT project has a lot of potential, it for sure responds quicker and gives you a higher percentage of completed downloads. Gnutella never worked this good for me:

Check it out: A nice comparison of OpenFT, Gnutella and Napster (see section 3)

Gnutella is the future of the Internet

[Anenga]

Stop the FUD.

People need to realize that Gnutella is now fastly becoming a big player in the function and value of the Internet.

Gnutella, in my view (and many others), is not a mecca for porn, warez, and MP3's - but a pool where anyone can share any type of file.

A bigger trend now showing up is linking to files on the Gnutella network instead of the common http://site.com/file.zip. How does this benfit you? You get faster downloads by utilizing partial file sharing, swarm downloads, etc. It also benfits servers greatly. They now aren't the only source for the download, because once the file gets onto a Gnutella client, it searches for more peers, and shares the load with them. This can save TREMENDOUS bandwidth.

For example, Linux can link to Linux links as such: magnet:?xt=urn:sha1:(InsertSHA1)&dn=Linux&xs=http: //www.linux.org/linux.iso

(not an actual correct MAGNET link, but you get the idea)

When someone clicks that, it opens it up in a Gnutella client. It begins downloading from that source, and searching for the same file on the Gnutella network. Through the entire life of the download, it will continue to add sources. You could then be downloading from over 30 people at once, gaining speeds of up to 10MBPS+.

Oh, the power of Gnutella. Can KazAa (FastTrack) do that?! (Well, it can, kind of :P)

Oh, how do you know if that's the correct file? Hashing. Gnutella servents are implamenting hashing now, where each file has it's own hash. So when searching for files, they can swarm you downloads. You are GUARANTEED that all the sources your downloading from are in fact the same file, because they have the same hash (SHa1). That's whats getting the RIAA so scared :P No longer can they infect files and make them the same file size/file name.

Also new on the scene (well, new as in new popularity) is Bitzi. Bitzi catologs hashs (bitprints). You can search through their database, and find files with hashes. Click the hashes, and you can download a file. Each file on bitzi has a "Bitzi Ticket" where you can rate the file. You can mark it "Invalid/Misleading" which means it is not the file you want. You can mark them if they contain virus's too. I can almost hear the sweat dripping from the RIAA Lawyers foreheads.

Want to see the future of Gnutella? Check out Shareaza (WINE Compatable).

Supports all of what I discussed in this post.

Re:Gnutella is the future of the Internet

So what's to stop a malicious agent from reporting bogus hashes?

Re:Gnutella is the future of the Internet

So what's to stop a malicious agent from reporting bogus hashes?

Homer: "Ohhhhh CRAP! You're right."

Re:Gnutella is the future of the Internet

If Gnutella is the future of the Internet, then I guess we really are up Shit Creek.

Re:Gnutella is the future of the Internet

The masses. There are more gnutella users than there are employees of the RIAA, etc. It would take them more man power and money to go through and make false tickets and keep them "accurate" to their standards than it would for someone at home to simply keep doing what they've always been doing -- supplying the TRUE information to bitzi. For every 1 bitzi ticket that the "evil ones" falsely submit, there will be 100 more that are true. Considering that bitzi is based on an averaging system, which one do you think will win out?

Re:Gnutella is the future of the Internet

Tell me about Shareaza again ... when it runs on my operating system.

Re:Gnutella is the future of the Internet

[happyhangone]

For the first time since gnutella is out i can use a program for it without running away with my eyes in pain by a bad interface. Shareaza.

Re:Gnutella is the future of the Internet

[smiff]

You are GUARANTEED that all the sources your downloading from are in fact the same file, because they have the same hash (SHa1).

It is entirely possible that two different files can have the same hash. SHa1 produces a 160-bit signature. If you have 2^161 unique documents, you are guaranteed to have at least 2^160 duplicate hashes. Hashing algorithms are meant to detect malicious tampering of files, and random errors. They are not meant to guarantee the uniqueness of a file.

Of course 2^161 is around 3x10^48, so the network won't have that many documents for a long, long time. However, the odds of finding a duplicate are much higher than most people would think, ala the birthday paradox (if you have a room of 23 people, there is over a 50% chance that two people have the same birthday). Similarily, if you have a hashing algorithm that maps into one quadrillion unique numbers (50 bits), you need around 40 million documents before the chance of a duplicate exceeds 50% (and 110 million documents before it exceeds 99%). I'm not going to calculate it for 160 bits (with 2 billion documents, the odds of a duplicate are less than 1x10-9, and I'd have to write a new program to go higher than that).

That's whats getting the RIAA so scared:P No longer can they infect files and make them the same file size/file name.

The RIAA can certainly claim that their file has the same size, name, and hash. You won't know for sure until you download the entire file and calculate its hash.

Re:Gnutella is the future of the Internet

[Saeger]

The RIAA can certainly claim that their file has the same size, name, and hash. You won't know for sure until you download the entire file and calculate its hash.

At which point the node that lied to you loses some trust, and you pass this info along your trust network.

"Hey guys, node '1234abcd' is a RIAA NARC; pass it along."

NARC says, "No I'm not, you are!", but the assholes will always be outnumbered ... as long as it's really damn computationally expensive to create floods of fake digital identities (vs dynamic IP addresses).

--

Re:Gnutella is the future of the Internet

So you extend the protocol like so:

for each file, you calculate a hash. You also split the file into Xk chunks, and generate hashes for each chunk. When you request a chunk from a peer, you ask it for the chunk hash first, if that matches what the majority of your peers claim it should be, you download it. Once you've downloaded a chunk, you calculate the hash, if it doesn't match what you were expecting, you shitlist that node as a filthy RIAA narc and don't talk to it any more.

[Slightly OT] Peer-to-peer and web of trust

[RavenDuck]

I'm not a coder myself, and am probably not very up to date on the whole p2p scene (other than knowning that Limewire doesn't seem to work real well on my box at work), but one of the real problems on the p2p networks seems to be trust. With the recent news about entertainment industry bodies seeking legislation to DoS the networks, and the common user experience of crap files on the network (incomplete, or incorrectly labled files), I wonder whether someone could make a system based on the same sort of web of trust model than PGP/GnuPG uses.

The Keyserver infrastructure is already there, and the apps (like GnuPG) are readily available cross-platform. So why can't p2p clients allow content to be signed, so that you can establish a web of trust as to whose content can and cannot be trusted. Downloading a signature of a file to check it's validity would certainly help reduce the chance of downloading dodgy content. This should be especially useful as you tend to get groups of people who are all interested in the same sorts of files (anime, divx, certain bands, etc), so you could imagine a good web forming fairly rapidly.

Making a valid OpenPGP key is a computationally intensive task, suggesting that few people would make thousands of them on the possibility they would be blacklisted. They also don't require any form of real identification, making them effectively anonymous. Also gaining a good trust metric would be an incentive to keep the same key, especially if downloading was restricted based on your trustability.

I can't think of any good reason that this couldn't be worked into an existing p2p network. Whether it would work in practice I have no idea. Anyone who knows more about this than me care to comment? Anyone done it already?

Re:[Slightly OT] Peer-to-peer and web of trust

[Saeger]

We don't have p2p webs of trust yet because they're nontrivial to implement, and because we don't absolutely need them to function yet. Most people are crisis motivated (witness 9/11 kneejerking.. or jobseeking intensity after your nestegg dips below 2 months rent.)

--

Re:[Slightly OT] Peer-to-peer and web of trust

[bwt]

I think peer based trust will rapidly become essential element of P2P. Digital signatures for identity authentication combined with some kind of peer based trust combined with some kind of network resource allocation based on trust seems like the way to go if the RIAA is going to start trying to infiltrate the networks.

The advogato trust metric and slashdot's moderation system are the most prominent implementations that try to solve the problem of peer based trust. It clearly needs more research.

Re:[Slightly OT] Peer-to-peer and web of trust

[Trevelyan]

i had a long chat about this on irc, the problem is its imposible. why?
there is No way I can ID another Peer, to black list them, see:

1) you base system on IP/Hostname
-most user dont have static IP/Hostname, hance the useless-ness of IRC bans

2) you base system on their GnuPG sig (or other encryption/signature system)
-if they get black listed they just create a new sig as their new ID

3) ext 2) new untrusted users get their keys from trusted users, so they cant just make a new one when they blocked
-no problem just get another new key from trusted peer, theres no way that trusted peer could know the untrusted one already got one

4) base ID on some serial num in their h/w (maybe that of CPU)
-can't prove they not lieing about the serial they say they have. (and like NIC MAC addresses the number probably not fixed in stone)

5) clients the are known to behave and be trusted, auth with each other, and only deal with each other, eg Xtrek, and suposedly some of the big Gnutella are starting to
-spoof a trusted client, it wont to too hard to find out what they say to each other during handshake

6) create a closed HW base DRM system, and call it Palladium
-When its broken (into) all that H/W would become useless, and the silly people who actual trusted the system to protect them get very hurt

the long term anonimoty of peers on the internet make it imposible. (in the short term u can track a peer, then they just hang up and redial (in case of eg 1.))

selected subnets

My proposition:

It would be nice to have a gnutells-client which could limit its connections to specific hosts or subnets.

Advantages:

- You could limit traffic to your company/scool. Saves bandwith and protects you from being discovered.

- It would be harder to spoof such smaller subnets. The music industry could not connect to all of them.

- You could limit connections to friends which would make it legal under fair use conditions.

Why people close systems...

[turnstyle]

From my experience making Andromeda, the main reason people restrict access to thier files is that upstream bandwidth is limited, and they'd rather keep it for themselves (or a small group of friends).

If the cable/dsl providers were mostly selling symmetric rather than asymmetric services, I'd bet that those same users would be much less likely to restrict access. Furthermore, I think the providers are well aware of that, so don't expect symmetric service to become common anytime soon.

Re:Why people close systems...

[Daniel_E]

I actually have higher upstream than downstream bandwidth from my ADSL provider. I get 55-60kB/s downstream, and 70-80kB/s upstream. I'd rather have the opposite, but it's not too bad.

Re:Why people close systems...

[turnstyle]

I've never heard of ADSL that favored upstream over downstream. Is that how they sold the service, or is it just how it performs?

Re:Why people close systems...

[Daniel_E]

The service was sold as "up to 512kbit both ways".

An obvious solution

[reflector]

and in an effort to give Xolox users faster downloads, its programmers had configured the program to frequently "re-query" the network to check for desired files.

Unfortunately only Shareaza ( www.shareaza.com ), and, IIRC, Bearshare, have implemented file queueing. It's like giving out a paper ticket at the deli, instead of asking the person behind the counter every 5 seconds if they're ready for you, you can just ask them at normal intervals (60 sec default for shareaza), because your spot in line is guaranteed, and there's no real advantage in asking more often.

Re:An obvious solution

[wuHoncho]

heh - Take a number. Interesting. Sounds pretty in line with traditional CS concepts - so it shouldn't be too difficult to implement, and might actually solve the problem.

Big, bad hash DB?

[Jeppe+Salvesen]

We all complain about the amount of crap (incomplete & low quality files and such) that we receive through the p2p networks. How about someone created a DB where you send the hash, and it returned the actual contents. Maybe you could even send the textual request, and it would return the hashes of files that match - and then you can search for files matching the hash?

Would this be feasible at all, do you think? It would be an additional p2p distributed network (we gotta make sure the DB is accurate and relatively synchronized, so we can't give direct, universal write access). I'm thinking that you open a socket to the server, and just keep sending requests as you search for files, and as you open files. This way, we would also be able to blacklist files we don't want distributed, blocking those from being returned by the initial search.

You think the RIAA guy monitoring this discussion just choked?

Re:Big, bad hash DB?

[cozziewozzie]

There is a DB like that for the edonkey network, at ShareReactor.

possible flaw?

[Erpo]

I've done everything short of examining the code for GNUNet and a possible flaw occurs to me. From your post:

Bad or expensive behavior like out-of-spec activity or excessive querying lowers the 'credit' of the node. Good behavior like answering queries increases a node's credit.

How to write an "abusive" client that is still serviced by the rest of the network:

1. Create queries at the request of the user and send them. Re-query frequently to increase search results (a la Xolox) ["karma" decrease]
2. Respond to all queries with an affirmative "I have that file!" message ["karma" increase].

Abusively written clients will not eventually be ignored out of the network. Users of abusive clients will get better search results and clog other clients will false query hits in the process. In the long term, users will have to migrate to abusive clients to be able to get search results thus crushing the network.

I may be wrong - I only have coding and protocol development experience with gnutella servents. Hopefully the good GNUNet developers have come up with an elegant solution to this problem, but it doesn't seem like it on the surface.

Re:possible flaw?

[Violet+Null]

2. Respond to all queries with an affirmative "I have that file!" message ["karma" increase].

That's already a problem that's been dealt with by Gnutella clients -- you would have servents that would respond positive to any (and all) query requests (typically by appending '.html' to it and returning a redirect to some spam page).

The easy answer is that the newer clients have an option to send out queries for random data every so often -- anything that answers affirmative to those queries gets ignored. Simple and effective.

Re:possible flaw?

[Erpo]

The easy answer is that the newer clients have an option to send out queries for random data every so often -- anything that answers affirmative to those queries gets ignored. Simple and effective.

That might cut down on the advertising spam that's commonly seen on gnutella. However, the counter attack to this, when karma-whoring to offset high volumes of repeat search traffic, lies is the solution to the advertising problem. Namely, you can safely ignore any host that responds to a randomly generated query as a direct result of the fact that legitimate queries (and file names) are not random. A malicious host could sit quietly on the network for a little while after connecting and parse incoming search queries to create a dictionary of valid search terms. This dictionary would then be used to validate incoming queries before responding to them by generating a "validity index" based on their similarity. Sure, some legitimate queries would be ignored, but enough would come through with a payload to the effect of "metallica mp3" or "britney spears porn" to make it worth the node's while.

Of course, this "solution" is only necessary when the network is not versatile enough to allow query hits to travel along a different host path than the original query. If the network does allow this, then it's a simple matter of generating query hits that nobody asked for and that will eventually be dropped.

Re:possible flaw?

[kwan3217]

Ok, maybe we need a better definition of random. Suppose I use my client mostly to look for anime, or some other small segment of the universe of content that is out there. There is still a continuous wash of search terms coming into my client based on the combined interests of all the users inside my horizon.

Now, my client mixes and matches terms from the influx of searches to generate its random validation searches. It just needs to make sure not to match any of the searches I actually entered. Since my validations will match up with the general flux of searches, there is no way for a person, let alone a program, to distinguish my validation searches from my real ones, unless the person or program knows me personally.

Combined with the other ideas mentioned, I think this is sufficient to find the malicious servers and ignore them. I might just build this into the open-source client I use.

internet as a mirror to rl

[fenux]

since I'm using the internet i stopped believeng the pourdhomme's anarhy was a way to go, all people are born good, but since i'm using internet i see that most people have not consience that tellss them that sharin is the way, edonkey users limit their upload to a byte a second, napster user refuse to share, gnutella user behave like morons. it's really pissing me off seeing this behaviour, it even makes me think if people in irl are behaven slitly different because they might be able to use me in the future. maybe the moment they get a chance to abuse me they'll just do it. chances that the gnu community turnes in this i (a)buse but why should i give back. maybe thats a reason why i don't want every one of those freeloaders/egoist to use linux, they'll be the rotting apple destroying allt hat i love in the open community. i could go on for hours about this, but you get my point. those who don't get it are provbably those i want to block, but hey, we are open, just like democrazy can vote itself to totalarism, open can evolve into closed just by being open.

Where's the party?

[Mirk]

This is simple. The solution to the problem of quality of service is just to invite your close, trusted friends onto your Gnutella network and not let the plebs out there know about it.

[pause]

Now if only I could find out where those elitist bastards are hiding! :-)

Monetize it

The way to make this work is to monetize access to the network. Essentially, if people have to pay for requests, and receive payment for servicing other requests, everything stays in balance. Let's assume for now that there is an accounting system that lets users make these payments without being able to cheat (I know it's a big assumption... I'll get back to it.) Some users will set up really good supernodes, and accumulate a lot of credits for serving a lot of requests. Others will not want to server stuff out but will want to download stuff quickly. We suddenly have a supply of credits and a demand for credits! Now we have a way to allocate resources! It's a market and an economy.

Now the question comes up, how do we do the accounting? That is not an easy question but there are answers. One is to have a centralized accounting system located somewhere. The problem with this is that it is centralized. However, it is not actually serving data; it is just accounting. Also it is not very centralized. There could be a bunch of them, which means there would be a bunch of somewhat isolated file networks. That's ok. We don't need absolutely everything on one network.

Qtraxmax

How likely is it that the record industry is linked to Qtraxmax, or people working for Qtraxmax? Obviosly we need some sort of moderation system ot be able to exclude, or at least, minimize the use of such destructive Gnutella-clients.

Re:What?!

direct democracy has rulers

anarchy has no rulers

direct democracy is not anarchy

What YOU can do to help out the community.

[Erpo]

Here's what you can do to work towards a better p2p future for everyone:

• See a new client? Check it out. Improved networks can't take off without a user base. If it sucks, uninstall it - but send a bug report/feature request. C'mon. If you can spend 2 minutes writing a slashdot post you can fire off a quick email.
  
• Share files. People think that if they share files it will unavoidably clog their upstream link and slow their downloads (and web browsing) to a crawl. Not true! Simply limit how much upstream bandwidth the client will use to (just a rough estimate) 60-70% of your upstream bandwidth. You'll be amazed at the difference. If the client lacks a bandwidth throttle, a serious problem for tcp-based networks, send a bug report.
  
• Get involved politically. Write your congresscritters and tell them you don't want to see competition in the home broadband arena killed by deregulation. Write your cable/phone company and tell them you oppose monthly transfer caps. Call your friends and make sure they're aware of the issues. Vote.
  

This is the bare minimum you should be doing if you care about/use p2p networks. If you're not willing to do this, stop downloading. Seriously. If you want to do more, there's a lot to be done.

• If you're a programmer, join an open source project and develop. Your time and skills are needed.
  
• If you're a logical thinker and like analyzing networks and complex node relationships, join a p2p protocol discussion forum. I suggest lurking for a while, though - there's a lot to learn if you're new to p2p protocol design.
  
• Whether you develop, research, or both, recognise that other people are going to have ideas that seem stupid to you and your ideas may seem stupid to other people. Don't waste time arguing. Think before you open your mouth (or put your hands on the keyboard) and recognise that the people making the actual coding decisions have an in-depth understanding of what's going on. Really bad ideas are shot down before they make it into the code -- flame wars are never necessary.
  

Need a link? Check here. It's a great client if you're windows-bound, it's open source, and it has a lively discussion forum.

Problems about UDP

[r6144]

I tried GNUnet last month. The most serious problem I see is that it uses UDP, so I can be flooded by UDP packets (sometimes about 30KB/sec) even after I shutdown everything about GNUnet. And there is no way to stop them --- even icmp-host-unreachable errors aren't respected. The UDP flooding didn't calm down till the next day.

I hope such problems are fixed now, but older clients will continue to eat my bandwidth. I don't want to make my ISP unhappy by letting lots of useless packets in.

Have you tried gnunet?

[chocolatei]

I am trying gnunet at the moment. In my opinion, we need more users - my modem light on my server is barely flickering. Maybe some of the freeloaders could come over. Maybe not, maybe they all use DOS

Re:Have you tried gnunet?

gnunet sounds good but the problem is the old chicken and egg situation: people only use it if other people use it. Its not helped by the fact that gnunet is,last time I checked, a linux only app no 'duhs. With any p2p system you just have to have a windows app first. As a dedicated linux lover it chokes me to have to say that but its true.

It's called "The Tragedy of the Commons" (1833)

[kriegsman]

This problem was first identified and analized in 1833 by Willian Lloyd. It went something like this:

The tragedy of the commons develops in this way. Picture a pasture open to all. It is to be expected that each herdsman will try to keep as many cattle as possible on the commons. Such an arrangement may work reasonably satisfactorily for centuries because tribal wars, poaching, and disease keep the numbers of both man and beast well below the carrying capacity of the land. Finally, however, comes the day of reckoning, that is, the day when the long-desired goal of social stability becomes a reality. At this point, the inherent logic of the commons remorselessly generates tragedy.

As a rational being, each herdsman seeks to maximize his gain. Explicitly or implicitly, more or less consciously, he asks, "What is the utility to me of adding one more animal to my herd?" This utility has one negative and one positive component.

1. The positive component is a function of the increment of one animal. Since the herdsman receives all the proceeds from the sale of the additional animal, the positive utility is nearly + 1.

2. The negative component is a function of the additional overgrazing created by one more animal. Since, however, the effects of overgrazing are shared by all the herdsmen, the negative utility for any particular decisionmaking herdsman is only a fraction of - 1.

Adding together the component partial utilities, the rational herdsman concludes that the only sensible course for him to pursue is to add another animal to his herd. And another.... But this is the conclusion reached by each and every rational herdsman sharing a commons. Therein is the tragedy. Each man is locked into a system that compels him to increase his herd without limit -- in a world that is limited. Ruin is the destination toward which all men rush, each pursuing his own best interest in a society that believes in the freedom of the commons. Freedom in a commons brings ruin to all.

The problem in general arises when you've set up a situation where if each user acted in both a rational and self-interested way, the system overall would collapse for all the users.

When designing any kind of multi-user system, it's critical to plan for the "what if all the users (or half of them) suddenly got very selfish." What results are things like disk quotas: central-system-enforced limits on individual behavior.

In a system like the gnutella network, where there is no 'central system' to enforce 'community-minded' behavior, the eventual collapse of the system can be predicted as a function of overall population, presuming that there are always a few people who are more selfish than the rest.

Centralized systems like Napster actually had an advantage in that the centralized servers could establish and enforce 'fairness' policies that kept selfish users from triggeringa 'Tragedy of The Commons'.

-Mark

Emergence

[hofer]

We need a government, but one which is always on move, but still governs population using strict - but adaptive - rules. :)

Just wanted to call your attention to the book Emergence by Steven Johnson. I read it recently after reading about it here on Slashdot. Not really technical, but very thought provoking. I do believe that the next task about the Internet is to find those simple rules that turn it into a sort of organism.

Re:Emergence

[jukal]

> Score:1, Unread

BleeEEP - wrong :) Thanks, I ordered the book, your link was broken though, here's a working one: Emergence: The Connected Lives of Ants, Brains, Cities, and Software

Chicken and egg if they make me share

[yerricde]

don't allow people with 0 files in their library to download

Then what about one file?

Besides, making the network trade-only leads to a chicken-and-egg problem for new users. How are "honest" users (the ones willing to share) supposed to get into the network in the first place? Where does a new network member get her first audio or video file?

Re:Chicken and egg if they make me share

[mhesseltine]

How are "honest" users (the ones willing to share) supposed to get into the network in the first place?

Simple, download CDEX (it's free), insert CD, rip to MP3, share folder.

Anyone who wants to take from the network should have something to contribute to the network, even if it is the same top 40 crap that 30 billion other people already have.

Re:Chicken and egg if they make me share

[plugger]

Limewire has a slider to control the likelihood of a freeloader being allowed to download. I have mine set to give freeloaders roughly 20% chance of connecting. It also allows you to define a freeloader by the number of files they are sharing.

Re:Chicken and egg if they make me share

[maxume]

with eac and lame, cdparanoia, etc. Rip away, and ye shall posess your first media. and it will even have a chance at decent quality!

Inhernetly N-P Incomplete Problem

[tlambert]

The problem is inherently NP-incomplete.

You want a system without a central authority that can be shut down, so you create a peer-to-peer system.

The peer-to-peer system pretends to be a virtual network over a real network using point-to-point links to establish proximity relationships between sets of peers, mostly ignoring physical proximity and bandwidth constraints.

In order to force the proximity issue and address the bandwidth scaling issues, you invent a concept of "super nodes", which end up being self-selected.

In order to get better performance for themselves, people play "the prisoners dilemma", and rat everyone else out with clients that gang up on requests to ensure disproportionately favorable service.

In order to lock out these clients, you create a central authority, but try to make it decentralized (e.g. "karma", voting, self-regulation, etc.) to maintain the original design goals.

But there are too many strategies to use to attack this. The current "attacks" are taking the form of over-requesting to the point of denial of service... and these are people not intent on destroying the network.

Say you figure out a way to create forced altruism for requests... the node equivalent of the GPL on source code, when you can't enforce the GPL. The natural reaction will be to move on to the next "attack": the "bad guys" pretend they are multiple nodes by avoiding intersecting connectivity with peers, so that dual adjacency won't give them away, and let them be countered.

So you move to a different protocol for "super nodes"; you counter the next obvious attack ("pretend to be a super node") by locking down binaries ("blessed binaries").

But the next attack is to modify the kernel that is running the blessed binaries, and defeat the attack that way (a common "borg" attack on the "blessed binary" NetTrek clients).

Now take active attacks. "Automatic Karma" can deal with dummy files -- "poisoning"... at least until they start intermixing bad with good. But it can't deal with the other issues, without a client lock-down. At which point, you lose repudiability (original design goal out the window: legal attacks work again).

The only real way to deal with this is to define a new protocol that is not virtual point-to-point linked.

And that can be blocked at the routers, unless all other content moves to the same protocol, so it can't be discriminated against.

The only way you are going to be able to create a "blacknet" is to actually create a "blacknet".

-- Terry

Re:Inhernetly N-P Incomplete Problem

[WolfWithoutAClause]

The peer-to-peer system pretends to be a virtual network over a real network using point-to-point links to establish proximity relationships between sets of peers, mostly ignoring physical proximity and bandwidth constraints.

Actually, you mostly don't want to ignore these constraints. The P2P should make use of closer servers (mostly, but not exclusively).

In order to get better performance for themselves, people play "the prisoners dilemma", and rat everyone else out with clients that gang up on requests to ensure disproportionately favorable service.

I don't see that this is necessarily a real issue. After all the server that has the file you want can keep a queue of requestors, and serve it in strict first come, first served order. 'Take a ticket and sit down over there.' It works. Asking more than once doesn't get you anywhere; and may even get you lower down the list.

The only real way to deal with this is to define a new protocol that is not virtual point-to-point linked.

Unclear. Very unclear.

Now take active attacks. "Automatic Karma" can deal with dummy files -- "poisoning"... at least until they start intermixing bad with good.

Yes, but users can usually play files before they've finished and cryptographic hashing of file contents can preclude people spoofing files, even when downloaded from multiple servers simultaneously.

Re:Inhernetly N-P Incomplete Problem

[imta11]

Ok, but what does this have to do with NP complete? I don't see an algorithm or problem statement anywhere, so what is the O(n) that we are looking at? Go back to bed.

Re:Inhernetly N-P Incomplete Problem

> "... what is the O(n) that we are looking at?"

Huh? Did you learn your CS on the back of a cereal box?

The original poster wrote "NP incomplete", which apparently is some sort of joke. I can't figure it out, but your attempt at outsmarting him is ruined by your inability to use jargon correctly.

Re:Inhernetly N-P Incomplete Problem

[imta11]

So are you the origonal poster logged in as AC? Somehow I am a moron for using a correct term, but the unsubstansiated little bastard is just making a joke? Go take a flying fuck at a rolling doughnut.

And for new users?

[yerricde]

For each byte I download from you, I give you 1 digitally signed credit that raises your possibilities

Then how, late in the game, does a fellow new to the network get "something to share" that others will download? Or are we looking at more elitism than some Direct Connect hubs are notorious for?

Re:And for new users?

[mother_superius]

Get your actual cds or records out (you own them, right?). Rip them. Allow access to them.

Re:And for new users?

[olla+podriga]

The usual problem with ratios ;-)
You have to give some initial credit, but then one could simply reinstall the software, and so on.

No. up/download ratio can't be the solution. Perhaps a little part of it, but no more.

Lies?

[reflector]

"Note that clients like Qtrax and Shareaza allow leaves with limitless numbers of [super nodes]," wrote BearShare's Falco in the GDF. "This incredibly selfish behavior causes a flood of query traffic. Although it maximizes results for the local user, it impacts the network greatly. If every client behaved like Qtrax, Gnutella would surely fall."

Why does he claim that Shareaza allows limitless numbers of supernodes? Shareaza DOES NOT support more than 10. You can enter any number in Shareaza options, but anything over 10 gets dropped.

Is he just misinformed on this issue? Or is he just jealous that Shareaza has a better app and he is losing market share to them? ;)

I'm confused...

[AyeRoxor!]

What is "quering" ?

Slow dialup or sticker-shock T1, take your pick

[yerricde]

If you are having problems with your connection, then perhaps you should stop trying to get files over a frickin' dialup modem.

I am not willing to pay upwards of $500 per month for what is in many areas the next step up from dial-up and ISDN, namely T1. Some areas don't have cable modem service.

If you want to improve bandwidth....

[3seas]

Get MS to clean up their act of bandwidth hogging.

I know there are settings that can be set but most people don't.

I access a web page, it down loads it to my system.
I want to printthe same page, it downloads it again.
I want to save the same page and again it downloads it.

And what of radio over the net?

I got dial up at what is suppose to be 56k (earthlink) but they
only give me at best 28.8 ......

And I believe I helped finance free cable boxes for other earthlink
customers .....

SO what's the deal......with this concern over bandwidth????

Seems pretty clear to me that my ISP might give me more bandwidth
and speed if other things I have no control over were better delt
with, even spam mail accounts for more mail then I get otherwise.

Monetize against what reference?

[yerricde]

We suddenly have a supply of credits and a demand for credits! Now we have a way to allocate resources!

In economics, supply and demand state the value of one good in terms of the value of another (usually cash). So what's the other good? It can't be cash because cash transactions will get users in trouble with tax law if not copyright law.

how do I share files on dial-up?

[yerricde]

I want to help, but I've run into snags:

See a new client? Check it out.

I don't like blue screens, I don't like spyware, I don't know how to use CVS, and I don't have the second hard disk to hold a Linux installation. (My current hard disk already dual-boots winme and win2k, and FIPS can't shorten an NTFS partition.) Besides, some of the apps let a server administrator kick off any user who connects to the Internet at ISDN data rate or slower.

Share files.

I share as much as I am able, but if I share files, I will cut off the person downloading from me when I go offline. Because of how I connect to the Internet, whenever somebody else in the household wants to make a voice telephone call, I have to disconnect from the Internet.

Need a link? Check here [gnucleus.net].

Gnucleus is a Gnutella client. I've read rumors that the design of the Gnutella network is not very compatible with connections slower than 64 kbps, which unfortunately is the fastest connection that many users in many geographical areas can afford. To get a faster connection would require either upwards of $500 per month for a T1 or $200,000 to move house. Is it true that Gnucleus will not work well over dial-up?

Read up a bit.

[Andy+Dodd]

Earlier in this thread, someone mentioned exactly such a database.

I *believe* it was called Bitzi.

Re:Read up a bit.

[Jeppe+Salvesen]

Yer right. Bitzi looks close to what I propose.

However, it seems to be built around a company. That is bad news. This sort of service should be based on peer-to-peer technology, and should not be owned by someone who can be sued. There are of course problems involved in maintaining such a database within a p2p network (collision management, etc).

Unrelated : If a law enforcement official finds a piece of kiddie pr0n, they could use such a service to find others with the same piece under a different name. On the flip side, the Chinese government would use the technology to track down dissidents who share subversive literature by renaming the files.

Can't install Linux because it needs a partition

[yerricde]

I am trying gnunet at the moment. In my opinion, we need more users - my modem light on my server is barely flickering.

You answered your own question:

maybe they all use DOS

Most users of peer-to-peer file sharing software use either an MS-DOS based operating system (Windows 95, Windows 98, Windows ME) or an NT-based operating system (Windows 2000, Windows XP). Until the developers get such an app running under Cygwin, it'll be nearly impossible to attract Windows users, who might have to buy another hard disk on which to install FNU/Linux because FIPS, the partition shortening tool included with popular Linux distributions, can't shorten NTFS partitions.

Why not use databases?

[Master+Of+Ninja]

I'm wondering why there can't be databases for use in gnutella. When downloading a file, a client searches for all copies of the file. When it has found the copies it can tell the servers it is downloading from that it has found other places to download from and give them the list. Would this not allow better searching?

Why not also a centralised database system for files (like napster) on a passworded basis - it would not have to be mandatory (so gnutella could work without it) but having it enabled could allow faster searches. All searches from the client could go to the database which could house the results so in other searches it would be faster. Different databases (run by different people) could hold info on different types of files (e.g. music, software, pron etc.), with a p2p network of just databases allowing search results to propogate easily.

This makes sense to me, but since IANA expert on gnutella, I may be talking out of my arse.

Re:Why not use databases?

[_Knots]

I've been a longtime proponent of an "introduction" algorithm being added to Gnutella. I'm still not sure exactly *what* to introduce, but a handful of ideas that seem good are:

1) As you said, nodes sharing the same file. Introduce them to each other, have them compare SHA1 hashes [a bit-commitment protocol is necessary so nodes cannot cheat and return what the other is expecting after they got it]. Making full use of this would require the ability to return redirects instead of files.

2) Nodes in closer network-proximity - say on the same LAN or behind a common router. If the network collapsed (no, no, not failed) to be closer to the underlying structure of the internet it would reduce the potential flooding of non-node routers (i.e. machines that aren't participating in the Gnutella network, just routing packets) and possibly nodes as well, but I'm not sure.

As for your DB, I don't see it as being all that important. Go ahead and add it if you want - a local community could make use of it, but I wouldn't anticipate it being popular for the internet at large. Especially if the nodes keep a short list of other nodes sharing given files (see my #1).

Combine #1 and the ability for nodes to answer "I've got you in queue slot #N" and the downloading node can intelligently traverse the sugguested alternate servers until it finds a place to download or one of the queueing servers announces that it may download. At which point the downloader should cancel its presence in the other servers' queues.

--Knots;

Ripping my own collection works ... to a point

[yerricde]

[To enter a network that requires users to share files,] download CDEX (it's free), insert CD, rip to MP3, share folder.

CDex + LAME --r3mix works for my collection of Eminem (who expressed approval of MP3 trading in the lyrics of "The Real Slim Shady"), Nine Inch Nails, Michael Jackson, and Weird Al Yankovic CDs, and recordings of songs that I write and perform, but then how do I get credits for downloading copies of music videos or Japanese animated television series? I don't have both a DVD-ROM drive and a plane ticket to Canada, so I can't rip my own.

Freeloading? That's Always How It Will Work

[MoNickels]

I'm pretty tired of all the complaints about freeloading on any system even remotely likely Gnutella. It's the same with Carracho, Hotline, FTP, what have you: you will always have more freeloaders than sharers until equilibrium is achieved; equilibrium, though, will never be achieved.

The ratio of users who have useful, desireable files to share to users who do not will always be low, perhaps 1 to 10 or 1 to 100. This is because the "freeloaders" cannot and do not have files to share until the get them from someone else. They will continue to be non-sharing nodes until such time as the sharers with desireable files open up the portcullis.

The point of the system is filesharing: Why impose restrictions on its primary function? The way to stop "freeloading" is not to restrict downloads, but to *increase* them. The closer to the unachievable equilibrium we come, the less "freeloading" there will be.

We need to block the MPAA etc....

I currently work at a isp and can tell you that the amount of DMCA emails I see is on the rise. We are a faily small network. About 2000-4000 users online at any one time. We are getting about 2-5 emails from MPAA or other companies that scan gnutella networks. I know everyone talks about how people should share files but with the activity i see from the MPAA and the likes it would be hard to do.

Example of MPAA email below ---
From: MPAA@copyright.org
To: johndoe@myfakeisp.com
Date: 8/8/02 1:36PM
Subject: Unauthorized Distribution of Copyrighted Motion Pictures (Reference#: 0000000)

MOTION PICTURE ASSOCIATION OF AMERICA, INC.
15503 VENTURA BOULEVARD
ENCINO, CALIFORNIA 91436

UNITED STATES
Anti-Piracy Operations
PHONE: (818) 728 - 8127
Email: MPAA@copyright.org

Thursday, August 08, 2002

Name: John Doe
E-mail: johndoe@myfakeisp.com
ISP: MyFakeIsp

Via Fax/Email

RE: Unauthorized Distribution of Copyrighted Motion Pictures
Site/URL: gnutella://000.000.000.000:6346/ [with IP address: 000.000.000.000]
Reference#: 0000000

Date of Infringement: 8/6/2002 11:24:35 PM GMT

Dear Dave Lechlitner:

The Motion Picture Association of America (MPAA) represents the following motion picture production and distribution companies:

Columbia Pictures Industries, Inc.
Disney Enterprises, Inc.
Metro-Goldwyn-Mayer Studios Inc.
Paramount Pictures Corporation
TriStar Pictures, Inc.
Twentieth Century Fox Film Corporation
United Artists Pictures, Inc.
United Artists Corporation
Universal City Studios, Inc.
Warner Bros., a Division of Time Warner Entertainment Company, L.P.

We have received information that an individual has utilized the above referenced IP address at the noted date and time to offer downloads of copyrighted motion picture(s) through a @Ç£peer-to-peer@Ç¥ service, including such title(s) as:

Austin Powers III

The distribution of unauthorized copies of copyrighted motion pictures constitutes copyright infringement under the Copyright Act, Title 17 United States Code Section 106(3). This conduct may also violate the laws of other countries, international law, and/or treaty obligations.

Since you own this IP address, we request that you immediately do the following:

1. Disable access to the individual who has engaged in the conduct described above, and;
2. Take appropriate action against the account holder under your Abuse Policy/Terms of Service Agreement.

On behalf of the respective owners of the exclusive rights to the copyrighted material at issue in this notice, we hereby state, pursuant to the Digital Millennium Copyright Act, Title 17 United States Code Section 512, that we have a good faith belief that use of the material in the manner complained of is not authorized by the copyright owners, their respective agents, or the law.

Also pursuant to the Digital Millennium Copyright Act, we hereby state, under penalty of perjury, under the laws of the State of California and under the laws of the United States, that the information in this notification is accurate and that we are authorized to act on behalf of the owners of the exclusive rights being infringed as set forth in this notification.

Please contact us at the above listed address or by replying to this email should you have any questions. Kindly include the above noted Reference # in the subject line of all email correspondence.

We thank you for your cooperation in this matter. Your prompt response is requested.

Respectfully,

Thomas Temple
Director
Worldwide Internet Enforcement

Re:We need to block the MPAA etc....

That was to say 2-5 emails a week.

Also i looked at the email headers and its very interesting. They must use rackshack.net and ware.net to hosts there gnutella searching nodes. I removed our info again....

Received: from 216.127.68.130 (plain.rackshack.net [216.127.68.130])
by plain.rackshack.net (8.11.6/8.11.6) with SMTP id g795GnH14055;
Fri, 9 Aug 2002 01:16:49 -0400
Received: from mail5.ware.net (mail5.ware.net [205.143.192.50])
by mail with SMTP; Thu, 08 Aug 2002 17:17:00 (GMT)
Message-ID:
From: MPAA@copyright.org
To: johndoe@myfakeisp.com
Date: Thu, 08 Aug 2002 17:17:00 (GMT)
Subject: Unauthorized Distribution of Copyrighted Motion Pictures (Reference#: 000000)
MIME-Version: 1.0
Content-Type: multipart/mixed;

silly

[theLOUDroom]

Do you expect the same people who use the network predominantly for breaching copyright to care about the greater good?

Do you actually think they copyrights they're breaching have anything to do with the greater good?

Four companies have collectively monopolized music distribution, using copyright. Is this a good thing?

Get real. Record companies are scum. The artist would get more money if I mailed them a quarter, than if I bought the CD. Meanwhile, I would be giving the RIAA more money to keep it illegal to play legally purchased DVDs on my PC. I hope they all go bankrupt. Then we'll have competition.

I'll participate in a free market, but not the current abusive, short-sighted ologoploy. Tell me where I could legally download my 300 favorite CDs for a reasonable fee? I can't. Thankfully record companies don't have a long term business plan. They just keep trying to stifle new technology and get their business model legislated. They should be trying to provide the services people want. That's what they'd be doing in a free market economy. They're trying to tell me what I want. They can bite me.

Re:silly

[dmiller]

I that it that you make anonymous payments to the artists then to make up for your theft?

Re:silly

Hehehe.

If every blowhard who whined about the evils of copyrights getting in their way of stealing music would send, say, 50 cents per stolen complete CD to the artist, then I would actually believe the artists would be richer than they are now.

answers

[Erpo]

I don't like blue screens
I don't know what to say about this one. I use win2k and I hardly ever get a blue screen. The philosophy for all NT kernel based OSs is: if a program can crash the OS, it's a bug. I'm not saying all NT kernel based OSs are stable, just that they're less unstable than (for example) WinME.

I don't like spyware
Do research beforehand so you don't download spyware or adware-infested clients. For every corporate sponsored client that I know of (KaZaa, Morpheus, etc...) there exists a spyware-free version (KaZaa Lite, Gnucleus, etc...)
that is available for free.

I don't know how to use CVS
You don't need to know how to use CVS. If the author isn't providing binaries, the program is either too early in the development cycle to use or the author (and it pains me to say this) doesn't care enough about the project to make it a success. The fact is, "most people" don't know how to use CVS/compile non-autoconf software under windows OR linux. One of the keys to success for a p2p file transfer program is that "most people" are able to use it.

I don't have the second hard disk to hold a Linux installation.
Two things:
1. You don't need a second hard disk to install linux. Some distros even let you install by borrowing space on your main fat32 windows drive. If you're using WinME, you can do it.
2. You don't, by any means, have to use linux. I don't know of a p2p network that doesn't have a win32 client of some kind.

Besides, some of the apps let a server administrator kick off any user who connects to the Internet at ISDN data rate or slower.
In a true p2p system, and user can kick any other user from their own server. However, one of the ways you can avoid being booted (not that it's all that common anyway) is by not tying up a whole bunch of download slots with one 56k connection. In other words, if someone has a bunch of files you want, download them one at a time.

I share as much as I am able, but if I share files, I will cut off the person downloading from me when I go offline.
All major p2p networks in existance provide for resuming downloads. You can pop on and offline as much as you want, and those people downloading from you will simply download when you're available. When you're offline, those same people will resume the file from other hosts. Unreliable net connections are not a problem.

Is it true that Gnucleus will not work well over dial-up?
This used to be a BIG issue. What happened was, all nodes in a gnutella network performed two functions: searching and file transfer. The file transfer part meant nodes directly connected to one-another to transfer files at the request of a user. The searching part meant nodes also maintained (an average of) 4-7 connections at all times to other nodes through which search requests were broadcast and query hits were routed. As the size of the gnutella network grew, the volume of searches grew beyond what a 56k connection could handle. All bandwidth was being consumed by searches leaving nothing for file transfers, or anything else. Even worse, slow connections caused searches to be dropped. Clients started implementing xolox-esqe methods to "improve" searching and it all went down hill from there. The solution? Supernodes (aka ultrapeers). Now, in the post-supernode network, nodes still transfer files in the usual way (direct connect). However, only a small portion of the nodes, the ones with the most bandwidth, form a sort of "search network" in which each node maintains the ususal 4-7 connections and forwards searches. Nodes with less bandwidth (modem users, 64k and BRI ISDN users, etc...) operate in "leaf mode" or "child node mode" (depending on whether you speak fastrackese or gnutellian). They make a single connection to a supernode through which they send queries and receive query hits. Upon connecting, the leaf node tells its supernode what files it has, and the supernode responds to queries on behalf of the leaf node.

It's actually a bit more complicated than that, but that explains the basic idea. The answer to your question is: "No. Using gnucleus on a modem is not a problem." Other clients shouldn't cause problems as long as they properly support either "supernodes" or "ultrapeers". Most do.

Why not have a blocker on the clients?

[MarvinMouse]

Why not have the clients block anyone automatically who starts to do instant requeries?

I am not sure exactly how the Gnutella protocol works, but if every valid client had this blocker, then these "super-nodes" would not be able to get any information in or out.

Basically, the idea would be that when one of the malicious nodes starts to send multiple queries to another node with this blocking code. The other node would determine whether or not this is legit. If it is not legit, that node will be blocked. Eventually, a "fence" would be put up around the offending nodes, and the damage they cause would be limited to non-standard clients.

As well, it may be prudent to make the block last for a specific time period. Perhaps even add the ability to pass the offending node addresses to other clients so they block as well.

If the gnutella protocol allows this. It would be the most effective way of preventing malicious clients because as soon as they threaten the infrastructure, they are blocked off.

Nice try Beryllium

[HanzoSan]

nice try but we arent stupid, this is slashdot

GNUnet, Direct Connect, and Sonny Bono

[yerricde]

Thanks for the answers.

I don't know of a p2p network that doesn't have a win32 client of some kind.

Somebody wrote comments in reply to this article, pleading for more testers of GNUnet and giFT, neither of which is "ready" enough to release Windows binaries, or even a source tarball that will compile properly under MinGW.

In a true p2p system, and user can kick any other user from their own server.

I was specifically referring to the policies of many Direct Connect hubs.

In other words, if someone has a bunch of files you want, download them one at a time.

I already do that, using software such as WinMX that supports a local queue.

[they'll] download when you're available [or if not] resume the file from other hosts.

And if I'm not available often (I only get 150 hours per month on my dial-up plan), then I feel like I'm cheating people who try to download rare stuff from me when I cut them off.

And what about recordings of my own performance? I'm a musician, but I suck at vocals so I just record instrumental music. How do I make those available on a P2P network? I can't use the "legit" solutions (Vivendi's MP3.com or Bertelsmann's New Napster) because they ask me to verify that nobody has already "taken" the melodies that I use in my compositions, and I don't know how to do that. Any pointers?

No. Using gnucleus on a modem is not a problem.

Is using gnucleus and WinMX on the same modem a problem?

Re:GNUnet, Direct Connect, and Sonny Bono

[Erpo]

Somebody wrote comments in reply to this article, pleading for more testers of GNUnet and giFT, neither of which is "ready" enough to release Windows binaries, or even a source tarball that will compile properly under MinGW.
I'm not saying nobody should test out those systems. In this case, only users who are willing to download the sources, do a little hacking/run linux, and compile should (and could) test them out. My original post wasn't suggesting that people need to go out of their way to learn new skills or spend lots of time getting frustrated with their compiler - only that users should test out all that they are able to and evaluate the merits of new systems.

I was specifically referring to the policies of many Direct Connect hubs.
Ok.

I already [download one at a time], using software such as WinMX that supports a local queue.
Good for you! A lot of people don't have the courtesy to do that, and it really helps out the network. I can't offer you much help about getting kicked there. In my experience winmx users tend to micromanage - it's not as bad elsewhere.

And if I'm not available often (I only get 150 hours per month on my dial-up plan), then I feel like I'm cheating people who try to download rare stuff from me when I cut them off.
Two things:
1. Investigate other dial-up ISPs (if there are any in your area). Many are offering unlimited hours per month.
2. Even if you drop someone who's trying to download a rare file, you provided that person with an opportunity they otherwise wouldn't have had to get a few more bytes. In addition, if you served the initial bytes in the file to that person, you gave that person a valid hash to search for later thereby vastly improving their chances of finding other sources for the same data.

And what about recordings of my own performance? I'm a musician, but I suck at vocals so I just record instrumental music. How do I make those available on a P2P network?

Just drop them in your shared folder. If you're using a p2p system that supports metadata, make sure to fully describe you music (i.e. set the genre, release date, author, title, etc...). You may not be able to put as much bandwidth toward "getting them out there" as you would want, but that's the plight of anyone who has data and wants it hosted. Not being a musician, I couldn't point you toward any known good and reliable web-based mp3.com style "exposure" sites. Maybe someone else on slashdot will have a suggestion?

Is using gnucleus and WinMX on the same modem a problem?
In general, running more than one p2p client on a single connection is not a good idea. Inside a p2p client's program logic, essential, high-priority, latency-sensitive data (searches and routing updates) can be differentiated from (and prioritized over) less critical or latency insensitive data (file transfers). With intelligent bandwidth throttling code this works out pretty well. However, when more than one p2p client is running at the same time and both are set to use a max of 70% of your bandwidth, contention arises and the operating system is called in to arbitrate. The problem is that packets are packets to the OS so high priority packets from one program may be lost in favor of low priority packets from the other program. You could solve this by setting each p2p client to use a max of 50% of your bandwidth, but then you wouldn't get optimal usage of your connection. In short, your apps would be competing with eachother.

However, there is a way you can run both at the same time while avoiding any serious adverse effects. In gnucleus, go into properties and uncheck "can become a supernode/ultrapeer". In winmx, select the radio button for "make a secondary connection to the network". This will guarantee that the only high priority traffic your nodes have to deal with will be the data generated by you. Your file transfers will compete for bandwidth, but the networks won't be adversely affected. Even if you choose to continue running winmx alone, you should create a secondary connection to the network. Primary connections speed up searches a bit, but usually use bandwidth in quantities only available to broadband users.

Bitzi - community based file rating

[hkmwbz]

Strange that you should write about "web of trust" right now. Well, this isn't exactly the same, but it is a similar-ish solution. The post before yours mentions Bitzi, which allows people to rate files (and search through the ratings).

Currently, anyone can rate a file, but perhaps Bitzi could be expanded into a kind of web of trust thing by allowing people to pick friends and enemies, for example. Friends' reviews of a file would have more impact on the score you see than an enemie's for example. And then you can perhaps rate each user's file ratings and say if the rating was helpful or unhelpful.

Without this, even Bitzi can be abused, but with thousands, if not millions, of people rating files and then, well, "metamoderating" the file ratings, fakers would have to organize a huge crowd of people to have an impact.

I am surprised that I hadn't heard about Bitzi until I read about it in the Slashdot post just before yours. It is a great idea, and I am sure there is plenty in store for it in the future. Let's hope they will expand the concept and "integrate" it with even more file sharing software.

Anarchism revisited

[Gorimek]

Anarchy in the sense of "violent chaos/civil war" that is the meaning used in your articles is not seen as a good thing by any one except the occasional mercenary.

Anarchy in the sense of lack of a government is a different matter altogether. The brutal governemnt repression in Zimbabwe etc are examples of the exact opposite of that. Though actually present day Somalia is seen by many anarchists as a promising experiment

Many thoughtful articles about Somalia, Iceland and other interesing societies here: Anarchy without chaos.

This is mostly the anarcho-capitalist angle. Not sure where the Kropotkin people are on this.

Re:Anarchism revisited

[aminorex]

Indeed, it is difficult to imagine how anarchy
could do worse than the current nation-state system,
in which, according to UN figures, the last century
saw 170 million people killed by their "own"
governments. Of course this does not even begin
to touch upon the hundreds of millions killed in
intra- and inter-state conflicts.

OverNet?

[mxmissile]

Anyone have a opinion on OverNet? http://www.overnet.com/

Re:OverNet?

Kademlia, the XOR metric-based routing system that it is based upon seems so simple that I wonder why it wasn't in use before. It's basically a unified namespace (files and nodes are given unique keys) organized in a distributed binary tree wherein each node keeps a reference to each level in the binary tree to make locating a key quite efficient. I think each node is also protected from flooding in various respects (or at least will be when the implementation is complete).

OverNet (an adaptation by the eDonkey guy) and VarVar (by the designer of Kademlia) seem very promising. It seems to take a bit of time to get properly organized into the network, but hopefully, that should be optimized to be a near one time event... and other optimizations should follow.

The only "problem" might be the lack of anonymity... though I don't know if that is even possible anymore.

Really.

[A+nonymous+Coward]

So when SOME of society organizes itself and points guns at the rest of society, that doesn't count?

Whether it's society backing up laws with collective delegated guns, or individuals backing up their own dictates with guns, it's still authority from the barrel of a gun.

Opens them up for legal issues

[nurb432]

Once you have to authenicate, that leaves the 'authenicators' open for legal issue.. Remember napster???

Good bye Gnutella..

Yes something has to be done to clean up the bandwidth, but i dont think THIS is it..

this may be a little paranoid, but...

[wuHoncho]

I've been reading through some of the news and related sites on this topic and it seems the possibility exists that one or more of these gnutella clients that send massive numbers of request in such short periods could actually be a maliciously intended program. Some of the developers who make these have yet to respond to any of these problems even though there have been repeated attempts to contact them about the situation. The way some (I'm looking at QTRAXMAX right now) word their sales pitch, it sounds eerily similar to some e-mails I've gotten with links to these sites or those mysterious 53k-attachments-to-emails-that-just-say-hi-from-so me-guy-named-boris-in-siberia that are so obviously worms or viruses. The way they currently work looks eerily similar to a DoS attack. Use people's own greed to flood a network with requests. It would actually be a pretty clever strategy - millions of users instantly flock to the program to maximize their gain out of gnutella, only to block each other out when they send 83 gazillion file requests a second. Classic Nash.

Who would be behind such an attack? There are many possibilities. The recording industry is definately one of them. There could be others. Who knows.

The point is you should all be careful what you install on your computer or even download. Millions of people around the world know how to program at varying levels of control over many different kinds of computers with different purposes. It's like the Force - some use it for good, some don't. There's bound to be at least a couple who are going to write a full-fledged application that is really just one big worm.

Bitzi -- accuracy

The masses. There are more gnutella users than there are employees of the RIAA, etc. It would take them more man power and money to go through and make false tickets and keep them "accurate" to their standards than it would for someone at home to simply keep doing what they've always been doing -- supplying the TRUE information to bitzi. For every 1 bitzi ticket that the "evil ones" falsely submit, there will be 100 more that are true. Considering that bitzi is based on an averaging system, which one do you think will win out?

Re:Bitzi -- accuracy

[Entropy_ah]

I think what he is trying to say is that a rogue gnutella client could server up a file of the correct size as the "real" file, and report that is has the same hash as the "real" file.

Re:What?!

[TheCarp]

In this context I mean direct democracy as in "Town meeting style" as in, the community gets tohgether now and again and votes on the issues. The community never gets together and votes people into offices to make decisions, the people make the decisions directly via a democratic process.

-Steve

Tactics

[si1k]

It's true that Gnutella has often had problems because of the protocol itself. And building some degrees of trust into the model would help it.

One of the things that could be done to prevent this kind of network abuse is for nodes to block out those programs sending excessive numbers of queries. As soon as a given client receives more than a certain number of queries within a given time span from the same client, it blocks that client out.

I think that the best way to deal with this kind of problem is by building more intelligence into the clients.

If digital signatures were used only for central servers (super nodes) then it might make sense. But that begins to defeat the original principle of Gnutella.

AI

[si1k]

Really, when you think about it, the way to get a system to work better (ie. a fairly chaotic P2P system) is to greatly increase the intelligence of the clients, and to base it off the real-life methods that people use in dealing with people.

The clients just need more AI-like intelligence. They need to individually learn who to trust as a "hub," who to look for files from, who to offer files to, and who to tell to @#$% off.

This could be established by gathering statistics about network activity and using a point-based system to determine who to trust and for what purposes. Essentially you'd be automating the process that a human would use.

Person A gave me a file, and it was good. Rating for A goes up. Person B gave me a bad file: mark them down, and warn my friends. Person C doesn't seem to have much bandwidth, so I won't go to them as readily as another. D,E,F and G are all on the same network and all of them gave me bad files. H, I, J and K were all recommended by L, and they gave me good files.

The hardest part would be patterns, of course, a major study of AI.

Digital signatures could be used to establish who your friends are regardless of their changing IP addresses.

Re:AI

[Tom7]

> Digital signatures could be used to establish who your friends are regardless of their
> changing IP addresses.

And what's to prevent the RIAA from generating a zillion keys and flooding the network with crap?

Re:AI

[si1k]

Well, the idea would be that each user would have a signature (where user is defined as an instance of a person acting as a user, as referenced by a signature).

The number of signatures wouldn't matter. You'd just use signatures first to decide who is a friend. The zillion keys wouldn't work because they'd need to have an IP address (well server, so at least IP:port combination) per key. They couldn't say "IP address W.X.Y.Z has the following 300,000,000 keys."

Re:AI

[Tom7]

If it's an IP/port combination, that gives them 64k different keys per IP address. It's easy to procure a class C or B IP range for a small amount, and 64k*64k is several billion keys...

No

That would require that I read the article!

Re:It's called "The Tragedy of the Commons" (1833)

[WolfWithoutAClause]

In a system like the gnutella network, where there is no 'central system' to enforce 'community-minded' behavior, the eventual collapse of the system can be predicted as a function of overall population, presuming that there are always a few people who are more selfish than the rest.

Sounds logical doesn't it? In fact it isn't necessarily so. Consider the internet, the IP infrastructure is P2P in fact; let's apply what you said to it:

"In a system like the internet, where there is no central system to enforce community-minded behaviour; the eventual collapse of the system can be predicted as a function of overall population, presuming that there are always a few people who are more selfish than the rest."

Doesn't sound so obvious anymore does it?

Actually, this is an example of iterated prisoners dilemma; there is no known solution to that in the general case. It all depends critically on the details. However, in the case of Gnutella, I think that Gnutella lacks some features that would have allowed it to weather situations that Kazaa seems to handle very much better.

There's always going to be some leeches. The point is to make sure that the leeches don't gain anything by abusing the mechanisms the network supplies- with Gnutella, and to some extent Kazaa, they do gain... if they end up abusing it too much- the network dies.

And for people who like anime?

[yerricde]

Get your actual cds or records out (you own them, right?)

Yes, I have a couple dozen CDs, and CDex and LAME work well for me, but I don't own any anime DVDs that most other people don't already own, and even then, I don't have the money for a plane ticket to fly to Canada (or another non-DMCA non-EUCD country) to pick up a copy of DeCSS.

Re:And for people who like anime?

[MadAhab]

HAHAHAHAHA that's funny.

Re:What?!

helLo, MY EnERGY EfFICIENT CaR WOn'T Go FAsTER THaN TwENTY-FiVE MileS PeR hOuR! CaN i stOP At yoUr CoMmUnE AnD GeT a New batterY!! ThAnKs koommrad!! SuPEr-aNaRcHist-666

phReE dA wArEZ!

ignoring servers

[Erpo]

Ok. So you're talking about ignoring servers that respond to queries that do not have to do with your specific interests. As I see it, there are a couple problems with that:

1. If you only use your client to search for anime, what happens when your client sees lots of queries for "mp3" or "porn" and includes those terms in a validation search? Lots of hosts will respond to those queries, bloating your "ignored hosts" table and hammering your internet connection with query hits.
2. What about people that share your interests but also have others of their own? A validation search with the terms "metallica" and "mp3" will provoke a query hit from a host that has a file named "metallica-song.mp3" as well as "anime-episode.mpg". Since that host responds to your validation search, it will be ignored.

Re:ignoring servers

[ScooterBill]

Why not remove the ability to generate "good" karma and simply blacklist the servers that hammer or report false positive matches. Allowing a server to compensate for bad behavior is an open door to abuse. It will happen.

Making identity generation difficult

[Tom7]

> Making a valid OpenPGP key is a computationally intensive task, suggesting that few people
> would make thousands of them on the possibility they would be blacklisted. They also don't
> require any form of real identification, making them effectively anonymous. Also gaining a
> good trust metric would be an incentive to keep the same key, especially if downloading
> was restricted based on your trustability.

I did a project that concentrated essentially on what you say here -- making key (identity) generation difficult. It's easy to make RSA keys (for instance) quickly if you don't care about security (and also difficult to independently verify that the key is "valid"), but I give a way to provide a token along with the key that's independently verifiable and difficult to create. This token can also "grow" in strength over time. Check out the paper here:

http://www-2.cs.cmu.edu/~tom7/papers/peer.pdf

We don't talk much about creating a "web of trust" kind of thing, but do talk about "cold hard evidence" of cheating. The next step is to see what other kinds of misbehavior can be audited (and how someone can provide proof of infraction), for instance, sending out too many flood messages onto the network.

Databases aren't the solution...

[Tom7]

Any solution that talks about a "database" is probably trouble, because setting up a "database" requires some sort of trusted centralized server, or if done peer-to-peer, is subject to the same sorts of problems that the peer-to-peer systems already face. (ie, what about the RIAA computers that inject their own hashes into the system?)

One basic problem with relying on hashing for the identification of files is that a malicious user can still send you a file, telling you it has the right hash, and you won't be able to check until you receive the whole thing. (Or you won't be able to check at all if you download only part of the file from them!)

Use a different kind of discovery mechanism

[PureFiction]

The problem is that gnutella's reliance on broadcast forwarding and indirect communication will always allow rogue peers to exploit bandwidth or queries in the network.

There are a number of alternative discovery mechanisms which do not suffere from these kinds of architectural problems.

For example, NeuroGrid and alpine both use social discovery and peer profiling to prevent bandwidth hogging or query spamming.

There are also hybrid network that use super peers like the Kazaa and Grokster clients.

There is only so much you can do to improve a flooding broadcast architecture. Gnutella will always have some kind of bandwidth and query problems no matter how optimized the clients become.

One Little Problem

[BlackGriffen]

If they make it so that they can control who is on Gnutella, won't the RIAA be able to sue whomever has this control? Bad idea, folks. The simple solution is bandwidth limiting, and blacklists for IP's that are abusive.

BlackGriffen

Re:One Little Problem

[elite+lamer]

... and blacklists for IP's that are abusive.

Is that really fair, though? Banning someone's IP from using accessing the Gnutella network at all, just because they decided to see what QTraxMax is all about?

Re:It's called "The Tragedy of the Commons" (1833)

[kriegsman]

It seems to me that the Tradegy of the Commons kicks in when the 'leeches' hit a certain density within the general population, and when their 'leeching' begins to have a measurable effect on the average non-leeching individual.

And, in fact, we have seen exactly this kind of thing kicking in in certain parts of the Internet, like broadband service and pricing. AT&T has started separating out the 'leeches' ("heavy users") from average users, and applying negative feedback (higher prices) to their leeching behavior. Again, you can see how it takes a centralized administration (AT&T) to bring the system back into balance.

So you can either (1) hope that your system never becomes popular, or (2) hope that the denisty of leeches in your population never exceeds a certain 'thermal runaway' threshold, or (3) hope that the very worst leeching behavior doesn't substantially degrade service for everyone else, or you can (4) design the system so that at least one of those is true. Since popularity is desirable in a p2p system, and there are always some leeches, you need to design in limits to how much leeching one user can do -- an interesting problem in an open-source, p2p network.

-Mark

and bad files...

Another useful option would allow me to block all traffic from hosts that are sharing bad or corrupt files (looped MP3's, advert's).

Let the users trim the bad leaves off the network themselves.

-AC

Interesting ad

"Turns out, numerous applications [...] are capable of bringing the network traffic to a halt. While it gets better download speeds for the users of the aforementioned applications, the damage to network traffic as a whole is substantial."

Quite interesting to see a Microsoft .NET ad under this sentence ;-)

Re:It's called "The Tragedy of the Commons" (1833)

[WolfWithoutAClause]

AT&T has started separating out the 'leeches' ("heavy users") from average users, and applying negative feedback (higher prices) to their leeching behavior. Again, you can see how it takes a centralized administration (AT&T) to bring the system back into balance.

No no. AT&T are very able to control the bandwidth available to anyone on their network, lookup up 'traffic shaping'; it's interesting that they have chosen not to do this. Apart from a few crackers there are no leeches.

The real point is that most people who buy a broadband contract off them don't understand what they have just signed, so when congestion occurs, they start moaning. AT&T aren't going to go "well you shouldn't have signed the contract if you didn't understand it", so they've created this fictitious 'leech' guy who is supposedly stealing all the bandwidth. Then AT&T realised that they could actually make money for bandwidth they had already sold, by charging over a certain download limit- but it's just profiteering, there's no real issue, or atleast not if AT&T are running their network well.

I don't agree with your 4 'hopes'. These do not cover all the options you have in designing these networks. There's no hoping- you design it to have certain properties. If you write the software, you have central control anyway, in your terms. Every node in a P2P network can be a policeman if necessary.

Re:Inherently N-P Incomplete Problem

[tlambert]

I was commenting on the solvability of the problem using P2P as a hammer for this particular screw.

The GNUtella architecture is broken by design, for the goals it wants to achieve.

Lack of a choke-point, which was the real design goal for the system: "a napster that can't be shut down by a record company", means that you can't rely on voluntary compliance with social norms, particularly when one of the most effective attacks is non-compliance. Adding security adds non-repudiation, which adds back a legal hand-hold to act as a choke-point.

You're screwed if you enforce norms, and you're screwed if you don't.

The GNUNet architecture is somewhat similarly broken (in that it can be censored by ch router blocking), but it's at least a step in cheap right direction for solving that problem.

It's only if the Internet itself gets away from protocols subject to transparent proxy that end-to-end guarantees can be maintained. For that to happen, it has to be impossible to distiguish between traffic on the basis of content.

Any other approach, and the traffic will be able to be filtered through intentional failure to propagate.

The only way you can win is to make it too expensive: if it means shutting down the Internet for RIAA to get it's way, that will never happen, but anything short of that is probably doable. So you have to make it so they have to shut down the Internet to stop you.

I guess I'm saying that they are attacking the problem at the wrong level because it's tractable at the point they are trying to attack it... like looking for your contact lens under the streetlight instead of in the alley where you lost it, because the light's better.

Hence "Inherently N-P Incomplete".

-- Terry

Solutions anyone?

How about a system like the spam filtering organizations use. Users who get spam, forward it to a DNS deny service. The spammers get rejected until they clear it up. It becomes acceptance and denial purely via the userbase responses.

So to make the analogy to Gnutella, we make it so that clients will reject all queries via the blacklist. The blacklist is populated by those abusing the system via reports from the users.

It could be somewhat automatic. A "good" client would report those users that hammer their node in defiance of the protocol. So everyone has to play nice or else!

Any thoughts on this?

Re:Nice try Beryllium

[Archfeld]

isn't that a oxymoron...

"this is slashdot.....we aren't stupid"

you know like military intelligence, plastic glass,M$ security...

Wooohooo TGIF...have a good weekend all

Re:Nice try Beryllium

[technix4beos]

I just love long, thoughtful posts.

They really make my day.

My only question is this; Why are you replying to Beryllium in your subject, but attaching the post to MY reply to him?

What exactly is your problem today? ;)

Limewire is very quick to place blame

[LionMage]

It's worth noting that Limewire is one of the big guns in the Gnutella world, and they're very quick to lay the blame for any perceived problems at the feet of ill behaved clients. I've been fighting with their singularly unresponsive team of developers for some time now, reporting bugs and getting zero feedback on them. Since many of these bugs are not in the open sourced Limewire engine, but in the user interface code, it's not really easy for me to diagnose the problem and fix it for them. However, as a Java developer, I see much behavior in the 2.X Limewire clients which is indicative of very bad Java programming practices.

When I noticed some severe breakage in the user interface on Mac OS X (one of Limewire's supported platforms, and a premiere Java development environment), I reported it, and much of my complaints were ascribed to other gnutella clients behaving badly on the network. While I can understand why badly behaved clients on the network would cause failed searches, I don't see how that could possibly explain mangled UI elements in the application which do not behave as expected (or as documented)! All subsequent follow-ups to the Limewire staff were never responded to, and I can only conclude that bug reports are being ignored; the last several releases of Limewire that I've checked have fixed some, but certainly not all, application problems.

The most telling experiment conducted to date was when I used version 1.7 of Limewire, which I happened to keep a copy of; it was able to complete searches faster than the version 2.X clients that have been foisted on the public, and in many cases returned results where the 2.X clients would not. The main upgrade from version 1.X to 2.X of Limewire is the inclusion of the Ultrapeer protocol support. This leads me to conclude that Limewire's Ultrapeer support is either broken, or that Ultrapeer itself is fundamentally flawed. In an attempt to make Gnutella clients better behaved, the major vendors of Gnutella software have crippled the users of that software, rendering it useless.

What's sad is, I paid money to support the development of Limewire by purchasing Limewire Pro (so I wouldn't have to watch adware). As thanks, I've received product updates from Limewire that have given me less and less functionality, and more eye-candy that results in a broken user experience. (Last time I checked, I still couldn't successfully conduct a search for music using the specifically [re]designed interface for entering parameters such as artist or track or album title. This interface would never even instantiate the search in the first place. I had to instead use the most generic method of querying the Gnutella network, based on wildcard matching to filenames.)

In summary, I believe that some of the motivation behind claims that badly behaved clients are destroying the Gnutella network is simply a cover-up for incompetently written code written by the major players. I also believe that Ultrapeer is either badly implemented or badly specced in the first place. Turning Gnutella into a closed protocol flies in the face of what it purports to be -- an open standard. And since the major Gnutella players have a vested economic interest in keeping others out of the sandbox, I'm a bit skeptical of this proposed solution. If Gnutella becomes closed off, expect to see a major splintering of the community as people seek truly open standards.

Re:Limewire is very quick to place blame

[sameb]

>Since many of these bugs are not in the open sourced Limewire engine, but in the user interface code, it's not really easy for me to diagnose the problem and fix it for them. However, as a Java developer, I see much behavior in the 2.X Limewire clients which is indicative of very bad Java programming practices.

All of LimeWire is open-source, not just the engine. In fact, the recent version's 'Time Remaining', 'Uploads', 'Hits', and 'Alternate Location' columns are because I was bored, curious, downloaded the source, and submitted a patch.

Please, keep downloading as much as you can!

[CanadaDave]

But if we create as much unecessary internet traffic as possible, we'll create so much fibre demand that 360Networks may be able to get their stock up to $23 again, and I'll break even. So keep downloading everyone. Download, delete, download, delete.

why not remove "good" karma

[Erpo]

Because good karma makes the system work.

On the internet, it's fairly easy to generate a new identity. Just redail your isp on a modem, release and renew your IP on cable, or re-authenticate with PPPoE on DSL and you've got a new IP. If you're using a system that incorporates public key cryptography, just generate a new key pair and you're indistinguishable from a fresh node on the network. When people can "reset" like that and the system only allows for the accumulation of bad karma, there's no incentive to keep the same identity for long.

Good karma, combined with a starting "entry" karma that's not good enough to get a node serviced by others, encourages people to keep the same identity for a longer period of time. If a user has to contribute a little before they can search and download, the user is incapable of connecting and spamming the network right away. Once the user has gained karma to the point where they can search and download, the user is more likely to continue that good behavior. Why? Because behaving badly (spamming, clogging the network, etc...) would take away that hard-won good karma and make it necessary to start all over again.

What we need is a system that has both bad karma and good karma, but that doesn't associate them. Neither can cancel the other one out, and only hosts with sufficient good karma and sufficiently low bad karma would be serviced. Both should be initialized to 0 upon connecting. This is the simplest solution that I can think of off the top of my head. However, I remember reading a really well-written article involving an intricate trust system that sounded like it would be even more effective. Too bad I don't have it bookmarked....

Re:It's called "The Tragedy of the Commons" (1833)

[Todd+Knarr]

Leeches aren't fictional, and AT&T already knows about traffic shaping. Problem is, traffic shaping throttles your peak or burst bandwidth. For people who don't leech or abuse their connection, it's nice to let them occasionally burst to higher bandwidths. If you apply traffic shaping they won't be able to burst even if it's only 1 time a month for a few tens of megabytes. The billing change AT&T's doing hits leeches for long-term average usage without chopping off bursts for non-abusers.

I like AT&T's approach. Do a single 10-megabyte upload a month, you get full burst rate. Run a file-sharing server transferring at a megabit a second 24x7, you get hit with a big bill and a warning to either curb your transfers or pay full-time for a dedicated chunk of bandwidth.

Re:It's called "The Tragedy of the Commons" (1833)

[Saeger]

I like AT&T's approach.

How many shares do you own? *snicker*

Like the previous poster said, ISPs who gouge their users (not "leeches") for using their unlimited connection are simply profiteering.

The SANE and FAIR thing to do is to use traffic shaping to severely limit the "hogs" rate during peak traffic times so the light users like grandma don't suffer. The more bandwidth you use over time, the less you get to use when it's scarce - but at 3am, even the hog should be able to use his full 2Mbps if it's not being used, because unused bandwidth doesn't cost the ISP anything.

--

This has been done before.

[vawlk]

All these ideas have already been hashed many times over. Then the winamp boys released gnutella, it was still in the infant stage. The protocol never progressed from that point. Clients attempted to hack in features like chat, private networks, etc but the base protocol still remained unchanged.

Countless proposals were created about how to dynamicly move one's position in the network based on bandwidth, authentication, spam prevention, etc. No one could agree on a single plan and run with it.

Throw in a "community" leader who took everyone's ideas and started a company with them (he has since commited suicide), hung everyone ne out to dry, as well as many others who "sold out", pretty much halted the development of the protocol even to this day.

Hopefully someone can grab the reigns who cares about the systems rather than a quick way to make a buck. There's still lots that need to be done for P2P systems.

Re:It's called "The Tragedy of the Commons" (1833)

[WolfWithoutAClause]

10 megabyte is utterly tiny. I've downloaded more than that in the last 10 minutes.

Problem is, traffic shaping throttles your peak or burst bandwidth.

Nonsense. Traffic shaping usually works by averaging your bandwidth usage over a period, say 1/2 an hour, and then if you have exceeded the average you've paid for, and there is congestion, then you get throttled back. But the details can vary, there's no exact definition.

The point is this:

I pay for a 576 Kb/s link, of which they guarantee I get only 1/50th guaranteed bandwidth to the internet. That means I am guaranteed 10 Kb/s all day every day.

That means that I should be able to download 108 MB/day; average- so far today I've download 84 MB in the last couple of hours... I just checked; and that's probably a heavy download day for me; but not like when I'm downloading Linux distros.

According to your approach I should have paid how much? I already paid for this much bandwidth... Without too much trouble I can go over 3 gig a month without ever going over my paid for allowance. In Australia I would be charged more for that. They charge 15.9c per megabyte over 300 megabytes. Not that's extortionate.

Re:Nice try Beryllium

[B3ryllium]

I think maybe he noticed something about the IP address, maybe, considering that I posted the comment for you. I dunno. That's what his tone indicated, at least.

IN YOUR FACE, Hand Solo. :)

Or the Nash equilibrium.

[Inoshiro]

"The problem in general arises when you've set up a situation where if each user acted in both a rational and self-interested way, the system overall would collapse for all the users."

That sums up game theory nicely. The simple solution is to enchance your approach to the organization. Rather than having each herdman get all the gain for the shared work, share the gain among them. Maybe elect someone whose job it is to organize the herdsman for total gain.

Independant units working against each other will always destroy each other. Units which organize and work together will gain far more than they could if they were apart.

Kademlia: XOR metric-based routing

http://kademlia.scs.cs.nyu.edu/
or perhaps a more usable
http://overnet.com/
from the maker of eDonkey

Re:It's called "The Tragedy of the Commons" (1833)

[Todd+Knarr]

I think you misunderstand the concept of "leech". The abusers AT&T is talking about have upstream traffic every month of 20-30 gigabytes, with downstream traffic in excess of a hundred gigabytes a month. You're in the 90% of the users who, combined, use less than 20% of the system's bandwidth. The abusers are in the 10% that sucks up the other 80%.

I'm here to leach!

[pair-a-noyd]

There are a zillion numb-nuts out there that *do* share so they make up for me NOT sharing.

So what if someone knocks me off? My client resumes searching for another source and chugs onward. I set to ignore chats and my firewall is set to block everything.

I have downloaded a few movies then decided they suck and stopped doing that. Better to just wait and catch them on PPV. I don't DL much music because there is not much of my kind of music out there.

I do partake in a little pr0n here and there every now and then. But, I do not share, I leach and I don't care if it pisses people off or not. I will NOT open my machine up in that manner. Too bad for those wet diaper cry babies, let some other dumbass do the sharing, there are plenty of them out there.

When they find a way to stop leachers we will just find a new way around that. Cat and mouse.

Leach on baby!!

Thus spake the Deity

[__aakpxi9117]

Aaaahhhhhmmmmmmmmmuuuuuuuuuu...

Thus spake the Deity:

Any public system must be fault-tolerant. No matter what you may think, many will wish to abuse it. You should not have anything which is subject to abuse.

Thus spake the Deity:

If you are to use trust levels, then you have to trust others not to report good nodes as bad (a recursive trust situation). You will certainly block some poor sap that downloaded the same screwed-up file you have.

Thus spake the Deity:

No system of forwarding searches will ever scale. Each node should download a list of all available files, and related information from directly connected nodes (similar to routing tables) and then download and check the hash directly from the server, to verify. This will cost some privacy (having all shared files listed), but instantly solves all searching, scaling, and gnutella 'routing' problems.

Thus spake the Deity:

Gnutella will become a great savior of those requiring great bandwidth on low budgets, once users are able to search by hash. A gnutella:// link followed by the hash would be an easy way to make use of Gnutella for automatic downloading from multiple sources, and mirroring of large (or small). Big pipes download from many smaller pipes, resulting in faster downloads than previously possible. Everyone will be made a mirror for the file, once they have downloaded it themselves. The end of FTP.

Thus spake the Deity:

Because the powers that be will report false hash values, each 'chunk' of a file should have a hash. Minimizing effects of malicious beings, and quickly finding download errors.

Thus spake the Deity:

An upload queuing system is needed. A cause of great frustration is newcommers jumping the queue, in front of those who have waited a great deal of time for a file. This will alleviate the hammering of servers, to get a file.

Thus spake the Deity:

The web's sole redeming quality, is the ability to group sets of files together, and link to others. Gnutella should have such a system. Something like a 'family' should be established, which can be accessed through a common name. A family is a document, understood by gnutella, which says which files belong there, and include commands, such as the order the files shall be listed, dependencies between different files, and possibly formatting or highlighting of the name/link to each file.

Re:It's called "The Tragedy of the Commons" (1833)

[WolfWithoutAClause]

No, you're assuming that the concept of leech makes sense. It only makes sense if:

a) AT&T have lost control of their own network so that users can take as much bandwidth as they want. In that case, AT&T are in trouble and need to do something.

or:

b) they want to screw more money out of their existing customers.

In the normal way, the congestion protocols in the internet are quite good at ensuring fairness. If the users are actually fiddling with the protocols AT&T should exclude those users from the network. AT&T need to be able to throttle both upstream and downstream bandwidth usage. They need to manage their network.

Re:Can't install Linux because it needs a partitio

[chocolatei]

Yeah, well I was being ironic. So here goes, more clearly this time: Stupid, greedy file sharers use windows. Clever, nice people use GNU/Linux. Yes, that's right! gnunet is of GNU origin and more to the point G.N.L.