Putting P2P To Work

An anonymous reader writes "Looks like some folks at IBM have had moderate success in getting P2P adopted within the corporate enterprise. One new paper on the site describes experiences in deploying a decentralized search network spanning machines in 43 countries. Another describes a system for peer-to-peer sharing of dynamic web applications instead of static files. The idea is to support development and distribution of simple modules that themselves form meta p2p networks. Neat."

Security?

[cscx]

What stops you from doing a man-in-the-middle attack, as so to speak? I.e., what assures the integrity of the original files, and how do you know that you're obtaining an authentic file?

Re:Security?

perhaps a centralized server keeping tabs on all the checksums.. thats sort of how kazaa does it.. then again centralized and p2p don't go together at all

Re:Security?

[ealar+dlanvuli]

You probably look the files up by a cryptographically signed key that is impossible to duplicate.

You would have a centralized "checkin" server and files would be distributed based upon key from there, cached every time someone accesses them.

When you acquired a new file you would check the crypto key against the checkin server and get a "valid/invalid" response.

The only really hard part of such a system is coming up with an efficent search algorithm that doesn't chew up your network while at the same time getting a decent number of cache hits.

Re:Security?

[cscx]

I was thinking of something like that, but you spoil the true peer-to-peer creamy goodness by relying a centralized server -- there's still a central point where failure can occur.

Re:Security?

[buck_wild]

Truth be told, this is so damn close to the way I view the world that it made me laugh out loud.

Re:Security?

[Chris_Stankowitz]

Well, for starters, I don't see why you would need a man in the middle attack on a LAN. To perform a man in the middle attack on a LAN you need a system on the LAN as well. At this point why bother with a man in the middle attack.

I think the kind of security issues you would be most concerned about would be confidentiality. My guess would be that you only place insensitive files on the P2P network, or develop P2P software that has user defined rights. That of course could lead to elevation of privileges attacks. Either way you cut it.

This is all still info that is "internal" to IBM. As everyone knows (or should know) the largest security risk that all companies face comes from internally to begin with. So its not as though these files are not accessible by a malicious and knowledgeable person on the inside already.

There are many ways that the risk can be mitigated with such a system. I could go on for paragraphs on this. I think the concept of using P2P internal for corporations has many advantages and could be come a great tool. Much like any other means of sharing information digitally all the security risk will have to be assessed before it goes into "production"

Re:Security?

[JohnFluxx]

No no - look you just sign everything with pgp. The host has to inherently trust _someone_, so the key they trusts signs someones key who signs someone elses key and so on until you have a chain of trust to the signature on the pgp file.

One way of doing this practically is to joe-bloggs sign his new files with his keys. Then some main server checks over it all, and signs his keys. Then you client get: 1) the file 2) the pgp signature of the file 3) the pgp signature from the main server of the pgp key

This involves having a main server, however you don't need to talk to it.

You need some way to make a chain of trust, and a central server/group of servers that everyone trusts is the easiest way.

JohnFLux

Re:Security?

[ryochiji]

It probably works well in a trusted setting. For an example, if you're using this in s corporate network, it's probably in your best interest to not mess with the data.

But then, look at other public P2P networks. It seems to work surprisingly well...in fact, it seems like the RIAA is the only one even talking about distributing bad (as in corrupted) files.

Re:Security?

[Bert690]

Every YouServ node is granted an SSL certificate from an integrated certificate authority, and uses it for support of HTTPS/SSL. Use of HTTPS guarantees there is no man in the middle.

YouServ is a bit different than traditional P2P apps most people are familiar with. For one, there is accountability: Every one of the files you share has YOUR NAME embedded within the URL required for accessing that file, even if that file resides on another machine at the time of download (e.g. from the ability to replicate your site to other machines). Unless you don't value your job, you'd be highly unlikely to use this system for sharing porn / MP3's / etc, a point made in the paper on the search function.

Two, it's not just for sharing files that are world readable. It's also for sharing stuff with only designated users and groups. Every node is tied together by a single sign-on infrastructure so you can use one and only one password to access secured content on any node, without the possibility of malicious nodes sniffing and stashing your password.

Third, it's at its core web compatible. You access the network with a regular web browser. There s no need to install spyware riddled clients to get at anything. Each node provides a web accessible search interface for searching the globally shared content or site-specific content. You only install the software if you want to host stuff.

Re:Security?

[bastion_xx]

A P2P network based on PKI could perform authentication without requiring 24/7 access to a central server.

Once the file has been signed by a certificate authority and the CA's public key is loaded in the P2P software, the validity of the file can be confirmed. Of course, certificate revocation lists are more problematic, but they too could be distributed via P2P.

If the network is used to insert files on a continueos basis, subordinate CA's could handle the load a redundancy.

Re:Security?

[Reziac]

[scratching head] Did they just reinvent Groupwise??

Re:Security?

[Bert690]

Groupwise aggregates all content at a central server, whereas in YouServ, all content is stored at and served from end-user machines, hence its designation as p2p.

To be completely precise, YouServ is more of a Napster-like "brokered" form of p2p, as opposed to a purely decentralized architecture like Gnutella. For example, to be completely web compatible, it relies on DNS for peer location, and DNS requires a dedicated server (for a particular namepspace). But almost all the "real work" is still done by the peers.

Re:Security?

[Reziac]

Ah, I see. Good explanation, thanks.

Re:Security?

[|<amikaze]

HTTPS is not entirely secure. Ettercap will sniff HTTPS traffic, including traffic through a proxy.

Hmmmm....

[dethl]

But how long before the RIAA calls this evil and attempts to shut it down?

Re:Hmmmm....

[whereiswaldo]

So what. IBM is not going to control what files people share. They are supplying the technology only.
If it gets shut down, we might as well shut down the entire Internet and call it quits.

As the linked webpage says...

[kaosrain]

As the linked webpage says, we've already had a story on this here. All that is different is a new version (and name) of YouServ, and that the currently active users number has risen from 900 to 5,000. Good job to the guys at IBM, and keep up the good work!

Re:As the linked webpage says...

[CableModemSniper]

Look, its recursive linking! Slashdot links to IBM who links to slashdot who links to slashdot...arrg head hurts.

Project Jxta

[Isosonys]

www.jxta.org does this now, p2p search, and much more.

Re:Project Jxta

[Bert690]

There's a lot in YouServ that is not in JXTA. YouServ is an application, JXTA is more about infrastructure with a loose collection of apps atop it, none of which provide all the features offered by YouServ (web hosting with transparent site failover to buddy machines, dynamic dns, integrated authentication system and certificate authority for single sign-on and support of HTTPS, browser compatible access, p2p search over file *content* as well as filenames, and so on...)

Sure you could probably build something like this with JXTA, but nobody has done it yet.

Putting P2P To Work

[Istealmymusic]

MP3s from IBM's OC-192s?! Sign me up!

Re:Putting P2P To Work

[Cheese+Cracker]

MP3s from IBM's OC-192s?! Sign me up!

MP3s?.. Movies!

I can smell the synergy

[mr_gerbik]

What they need to do is synergize by making more robust b2b real-time applications using p2p e-solutions.

Re:I can smell the synergy

[capnjack41]

You've been using the Web Economy Bullshit Generator, haven't you!

Coming into its own

[dirvish]

First academia starts contributing to peer to peer development, now it is being used as a business app. Looks like the folks who would love to see p2p dissapear are out of luck.

P2P that isn't evil spyware????

[Shymon]

a P2P network that isn't evil spyware? must pretty cold in hell bout now.

Re:P2P that isn't evil spyware????

[dethl]

Actually, its raining down here.

Re:P2P that isn't evil spyware????

[the.jedi]

umm... yeah spyware isn't on the network.
it's on the frontend that you download.
And doing that is stupid.

There's Gnucleus
Open source and delicious.

And WinMx
No spyware. No bullshit.

the list continues...don't be dumb read the fine print

Re:P2P that isn't evil spyware????

[MarcQuadra]

I've used MyNapster (free, GPL, Win32, no spyware) for a long time now, the latest version is comparable to LimeWire, without the java-ickyness. MyNapster has a down-to-business interface and some cool tools to visualize the parts of the Gnutella network you can see. Give it a whirl if you can. On Linux I run GTK-Gnutella, because it has geeky features and I dig the interface.

For a real challenge, try P2P-ing the database

[Hugh+G.+Rekshunne]

The paper discusses "sharing of dynamic content generators, web services, and web applications" using P2P.

But as usual, the examples are of the trivial, "hello world" class.

In the real world, dynamic content and web services are linked to some back end database server. Doesn't matter what kind of fancy distributed malarkey you put in place, everything gets serialized back to a skinny pipe when you reach the database server.

Now a distributed database server based on P2P - that would be news. Oracle had such a project, code-named Andromeda, some 8 years ago but it came to naught cos it ain't that easy.

Re:For a real challenge, try P2P-ing the database

[mcroydon]

From what I can remember, Microsoft is currently working on a p2p database. I would love to see something similar implemented in the *nix community. I know it would be hard as hell, but it'd be nice to have something that sets up easier than an openmosix cluster, preferably something that you can install once and forget about...

Re:For a real challenge, try P2P-ing the database

Adndromeda came to naught because the executive sponsor, Bob Miner, got sick and died. Key people moved on to work on the RAC database. (Not to say that Andromeda was easy).

Re:For a real challenge, try P2P-ing the database

[Bert690]

As a developer of the system, I can tell you that a p2p database is not, nor will it be, one of the goals of YouServ.

The system is intended for personal web hosting, that is, for use by mostly non-technical users for sharing files, creating web logs, guest books, and so on, using their own hardware (and that of their friends). In no way are we trying to provide p2p solutions to business class functions such as serving an online store (though I agree it would be cool if someone did that).

Indeed the existing plugins are simple (my development time has been limited and this component is very new), and at this point are intended only to demonstrate the API features. But even quite simple plugins, if they cooperate across multiple machines, can do some very cool things, a few examples of which are proposed in the paper: sharing files on multiple other p2p networks, distributed content caching ("akamai for free"), cooperative weblogging, and so on. Again, you woudln't use this to build a high-traffic online store, but it does give you many new and easy to use ways to enhance and publish your own (web) content.

Re:For a real challenge, try P2P-ing the database

[cei]

Well, Akamai seems to have the best handle on this. I know it's not exactly the same as P2P, but the transfer model is similar... Someone in one corner of the net wants a file, and the user is directed to the proxy server closest to them. If that server doesn't have it, it asks its neighbors, until a copy of the requested data gets passed to it. The data then gets cached at that proxy on the chance that someone else in the neighborhood might be interested as well.

Re:For a real challenge, try P2P-ing the database

[sailesh]

Look at the PIER project at the Database group in UC Berkeley.

PIER is a P2P Query Processor .. it stands for "P2P Information Exchange and Retrieval"

http://www.cs.berkeley.edu/~huebsch/pier/

Re:For a real challenge, try P2P-ing the database

Take a look at the content query system (CQS)on IBM's developerworks...

Re:yay p2p plus ibm=sweet

[LittleBigScript]

Ok, this is actually pretty cool, but why is the doorway to credibility guarded by IBM?
And 5000(?) users requiring registration?

Other Upcoming Uses

[Superfreaker]

Well,
Earlier I posted to /. on a DRM solution I was deploying for a major record label. Some of you also know that these labels are paying companies to distribute files that look like real audio files, but turn out to be ads, or silence.

With the system I built, they are going to give downloads of actual music files protected by DRM on these p2p networks, where upon playing it, you will be prompted for payment. You can make payment in the licensing window of WMP. It should be noted this only works for .wma files and not mp3's. However, most p2p users use apps like kazaa where selecting "audio" files will return wma's.

It will be interesting to see how this works. It can obviously be circumvented using one of the DRM hacks, but I'm sure at least some will buy the files. Especially those on dial up who spent 15 minutes to get one song.

Is it evil? Sure. Not as evil in my mind as those companies that distribute silence or ads on these networks. Please understand, I have all the same feelings as the concensus here has. But this is a necessary step for the industry to get with the times. The DRM at least will have unlimited play, cd copy, and move to portable device.

Baby steps. Slow and steady wins the race.

Re:Other Upcoming Uses

[LostCluster]

Okay... So how long until somebody writes the one where it looks like you've downloaded the song and it then pops up the DRM window. User types in the info to buy, and off it goes to the hacker who charges a whole lot more than what he said he would! The risk of it being a fake one of these discredits the real ones, and this technology goes down the drain due to inability to be trusted.

Re:Other Upcoming Uses

[Superfreaker]

Well, what I was thinking, and I'M the original poster for this reply....

I take my HD of MP3's (around 5,000) and put DRM on them. Then You pay ME to play the downloaded file. If only I was that unscrupulous...

It would be VERY easy to do. So, I guess I am not that evil.

Re:Other Upcoming Uses

[grumpygrodyguy]

Baby steps. Slow and steady wins the race.

That's true, but it's also how DRM could become something much more menacing that what you invision it to be. Do you think Hillary Rosen shares your moderate viewpoint on DRM? You just build the tools, you don't get to decide how they are going to be used. Most people here are aware that succesful software oftentimes ends up being adopted to perform functions that the designer never even considered.

As well indended as your efforts may be to try and find a working compromise between content consumers/producers. You are laying a groundwork that could dramatically dis-empower millions of people.

The primary issue here is one of precedent. You're helping to bolster the notion that DRM is something that people will accept.

Right now marketing is being pressured into "selling" DRM without disrupting product sales. Which is very tricky in recessionary times like these. Companies need consumer dollars to stay afloat, so they can't be too hasty and scare them away with technologies like DRM. Once sales pick up again however, there will be much more leaway to completely transition to DRM based media distribution. Have you really considered what that would imply?

This isn't a comic book, and what you're doing could end up effecting real people in very negative ways. I'm just curious what is going through your mind as you're coding this stuff. Do you think you're some kind of hero? Would you please elaborate your point of view?

Re:Other Upcoming Uses

[Superfreaker]

Again, please let me emphasize, I am an average /. poster with the same exact feelings. I have HATED all experiences with DRM before I started working with it.

When I was initially apprached, I pushed MP3's hard, I even built the system around MP3's at first. They brought up DRM. I never worked with DRM and as I mentioned before, implementing DRM was the most horrific experience ever.

I am not a hero. DRM IS WRONG, IMHO. But, it is the same with software serialization. Even that is wrong, but it is a fact of our use of computers. The only thing we can do is to make it as easy as possible.

Ask yourself, What should DRM do? Not what it does (inconvenience people, anger everyone, etc..) It is to simply make sure that the people who paid for an item, get to play the songs, those who did not pay for the song, should have to pay. That is what DRM *should* do.

Does it do it in all of my previous experience? No, of course not. Is it MS's fault, partially. What have I personally done different? Well, I made it a little easier and more transparent. Its it completely silent in its process? No, of course not, the toll just is not there yet.

What do I think of things like palladium. I'm scared. But in this respect, I think I am doing a good thing, and I am proud of improving something so horrible. Again, I have the same concerns as most of us here (even if I am a Win developer :-)

Hope that helps. I'm open to off list discussion...

Re:Other Upcoming Uses

[GimmeFuel]

It will be interesting to see how this works. It can obviously be circumvented using one of the DRM hacks, but I'm sure at least some will buy the files. Especially those on dial up who spent 15 minutes to get one song.

Either that, or they'll be mad that you just wasted 15 minutes of their time and bandwidth. On top of that, you face the rest of the problems this kind of business model faces, the biggest of which being a large chunk of your target audience doesn't have a credit card. Sure, some will buy it, but not enough will to make it sucessful.

Baby steps. Slow and steady wins the race.

Baby steps don't mean much if you fall flat on your face every time you stand up, and slow and steady is still doomed when your opponent (in this case, the free P2Ps) has such a huge headstart.

Re:Other Upcoming Uses

[I_redwolf]

For the industry to get with the times they'd put all musical content online on their own p2p service and charge a fair price for a download. What you're doing is not getting with the times it's a waste of time, effort and money. The obvious solution is the simple solution is the solution the RIAA is fighting tooth and nail.

Re:Other Upcoming Uses

[grumpygrodyguy]

When I was initially apprached, I pushed MP3's hard, I even built the system around MP3's at first. They brought up DRM. I never worked with DRM and as I mentioned before, implementing DRM was the most horrific experience ever.

I appreciate your honesty, but I have another question for you.

The tone of your post seems to indicate that you don't have much say in what gets implemented. Are you in a position where the only kind of work/contract you can find right now is building something like this?

Said another way, are you having to choose between paying your rent/morgage vs. doing what you seem to know in your heart of hearts is wrong?

Re:Other Upcoming Uses

[yukster]

No. For the industry to get with the times they need to find a new industry. There's no need for A&R reps, record execs, or any of that now. Musicians can still make money playing shows and selling swag. But for the rest of "the industry" it's not a matter of playing nice or finding a new business model... it's a matter of figuring out that it's time to shove off.

Re:Other Upcoming Uses

[Superfreaker]

"aid another way, are you having to choose between paying your rent/morgage vs. doing what you seem to know in your heart of hearts is wrong?"

I think most developers will agree, this is a once in a lifetime contract. The biggest client I have ever had, doing an extremely high profile project. I am trying to build a business.

I do have my objections, sure, but the opportunity is just way too much. The industry is struggling right now, I am not doing that bad though, but still, it is a great opportunity. I think I am helping them move in the right direction.

I know, I won't be remembered for the money I made, it will be volunteering at the Mormon Church, coaching little league, etc, but there are very few of us that would turn this contract down under these circumstances.

Re:Other Upcoming Uses

[iamacat]

It's not DRM hacks that you have to worry about. P2P software will be simply modified to not share or download protected files. In the meantime, people will just stop downloading WMAs.

Re:Other Upcoming Uses

[grumpygrodyguy]

I think most developers will agree, this is a once in a lifetime contract. The biggest client I have ever had, doing an extremely high profile project. I am trying to build a business.

So as long as what you're doing is highly profitable it's ok? How is this different from Microsoft again?

there are very few of us that would turn this contract down under these circumstances.

Everyone has a price, therefore so do you?

I know, I won't be remembered for the money I made,

It's very likely that you won't be remembered for any of the software you wrote, or the money you made. But that memory is embedded within the software itself. Behind every tool is the endorsement of the person who built it.

it will be volunteering at the Mormon Church, coaching little league, etc,

Oh right, you're saving the children so that outwieghs building a product like this. And if that isn't enough, Jesus Christ is your savior so you can pretty much get away with bloody murder and still get into heaven, because all your sins are forgiven. Do you know how much damage this Christian rationlization has caused in the US alone. Doing 95% harm and 5% good is exactly that. Must be nice not having to worry about the consequences of your actions.

there are very few of us that would turn this contract down under these circumstances.

What would Jesus do? Even Jesus was violent once. When he saw the money changers who were supporting a system that said "God will see you at a price". Don't you think what you're doing is somewhat similar? You're supporting people who have extended the copyright term to over 80 years. These are the people who say "Your culture, your memories, and your history are ours. You can only revisit them if you can afford it." Holding our humanity hostage is almost as evil as saying we need to pay for God to love us.

The lawyers and politicians can pass whatever laws/policy they feel will continue to empower the few at the expense of the many. But it's the person at the end of that chain of command who actually decides if it happens. People just like yourself. Unfortunately it looks as if the lowest common denomenator is going to win out.

Do you think you're the first person to be offered this contract? Do you wonder went through the minds of those who decided not to take the job. I guess you'll never know.

Re:Other Upcoming Uses

[Etone]

My god, the man is writing DRM software, not eating babies. This kind of reaction is wholly unjustified given what he has told us. Besides, I personally would rather have someone sympathetic to anti-DRM beliefs working on the DRM software than some corporate know-nothing. -E-

Re:Other Upcoming Uses

[grumpygrodyguy]

My god, the man is writing DRM software, not eating babies.

Actually what he's doing is worse.

He's fattening himself by sacrificing the rights of babies(all of ours). If I was a baby I'd rather he eat me than force me to grow up in a world like the one he's helping to create.

I don't get it

[papasui]

You'd think a huge corporation like IBM would have enough copies of 'Jenna's built for speed' to around so employees wouldn't have to share DiVX's. Damn ecconomy.

Like Gnutella, but webpages.

[deathcloset]

uServ + Java p2p DDNS server = Dynamic Javanet = Good times for pppoe dsl users with dynamic ip's.

Meta Bracket This...

[Quirk]

The idea is to support development and distribution of simple modules that themselves form meta p2p networks. Neat."

The american anthropolgist and all around genius Gregory Bateson was among the first to investigate theories of meta bracketing as sources of information. His two best books 'Steps to an Ecology of the Mind', and 'Mind and Nature: A Necessary Unity' are both excellent reads and brilliant insights into the human psyche.

yay...

[shaitand]

apparently ibm gnutella is too limited and too slow, I'm with ibm ;) Besides, the only damn version of the new debbie does dallas you can get is a freakin asf (no matter what it claims to be).

another thought...

[shaitand]

When will microsoft make a p2p filesharing app, will they include it with the next release of windows? That should piss the riaa off but I don't think microsoft cares as long as they use a propriatary protocol so it only communicates with windows boxes. I mean, Microsoft can afford to keep an eternal court case going with the riaa.

Re:another thought...

[surprise_audit]

As usual, Microsoft has built this into the OS - Network Neighborhood... Sure, it doesn't have a fancy searching or indexing engine, but it's there, and it has been for years.

Wow...

[Duncan3]

IBM gets ancient client-server systems to work, news at 11...

Slap "P2P" on something old and watch people drool...

Re:Wow...

[LostCluster]

IP is a P2P protocol... but since it does things other than share MP3s that's quickly forgoten.

Re:yay p2p plus ibm=sweet

[The+Original+Yama]

p2p at work? Pr0n will acquire a whole new meaning when you can pull it in over your company's T3 line.

Hooray

[toomz]

At the rate P2P is going people will be able to use 100% of my CPU power and hard disk space to remotely code DivX files reliably in just a few years!

Re:Hooray

[deathcloset]

But look on the bright side. You could use thier CPU likewise :)

Re:yay p2p plus ibm=sweet

[scott1853]

So they're going to block port 80? It's ok if posters don't want to read the articles, but the moderators should before modding someone up as insightful.

Excellent for college application!

[dethl]

Colleges could cut down on bandwidth due to the "abuse" of P2P applications by students and staff. With most networks at 100baseT, local P2P would be quick, easy, and efficient, and save bandwidth for other stuff. Still, someone would get onto Gnutella or Kazaa and download stuff, but then again, if one person downloads the new Harry Potter movie, the local P2P network can send copies all over the campus in a few seconds...that would kick a$$

Re:Excellent for college application!

[Bert690]

Kick ass indeed. Unfortunately the CMU deployment of YouServ does not support the p2p search component. But then this limitation is also probably why this deployment hasn't reached a critical mass of users.

I'll leave the reasons behind this feature omission to your imagination. :-)

Hooray!

Now IBM has a new buzzword its sales force can toss out. Of course, there's not exactly a whole lot of practical applications for P2P at the corporate level, but hey, the 20 dollar words sell themselves.

Re:yay p2p plus ibm=sweet

[erax0r]

ice reply..before you flame read the statement. who said anything about blocking port 80? New idea! think before you flame?

Oh oh! Not compatible? Bahhhh

[thebigmacd]

From the FAQ:
Regarding remote publishing to the user's server: [http://userv.web.cmu.edu/userv/FAQ.jsp#remotepub]

Under "Limitations:"
The upload form does not work properly with the Mozilla browser due to a bug in the current (1.0, 1.1) version of this browser. We have reported the problem and hope it will be fixed in an upcoming release in the not too distant future.

Re:Oh oh! Not compatible? Bahhhh

[Bert690]

That's a pretty minor issue since it only affects HTTPS/SSL (which is used for file uploads to protect auth credentials).

A worse one (for YouServ compatability and anything else reyling on dynamic DNS) is the fact that Mozilla caches IP addresses until the browser is completely restarted. How's that for stupid?

Please vote to have this issue fixed right here.

Re:Oh oh! Not compatible? Bahhhh

[ViVeLaMe]

seems like mozilla doesn't like /. very much.. :-))

Sorry, links to Bugzilla from Slashdot are disabled.

Re:yay p2p plus ibm=sweet

[xenode]

You didn't read the article, bub. It uses existing procotols, such as HTTP, which incidentally uses port 80. So you said something about blocking it.

Ad-hoc p2p on OS X

[h0tblack]

One great feature of 10.2.x has become apparent through use of Rendezvous (aka OpenConf) and iChat. Rather than connecting to a central iChat (ie AOL) server, you can easily and automagically create an ad-hoc iChat network between any capable (running 10.2 and have a network connection) machines. This enables people to easily chat, exchange files etc. wherever they may be, by setting up simple wired or wireless networks. Look out for more of this at various conferences (wireless ad-hoc networks) and in the workplace.
This sort of technology is being pushed by Apple and will be included in future updates to various "iApps" including iTunes...

In related news...

[Morologous]

IBM plans to license this technology at $45,000 per processor.

Re:Coming into its own-half n' half.

" First academia starts contributing [slashdot.org] to peer to peer development, now it is being used as a business app. Looks like the folks who would love to see p2p dissapear are out of luck."

No it's the half-n-half rule. Those on the business half can do what they want because they have the money to do it. Those on the residential side (our side) will have to put up with bandwidth limits and download caps, as well as port blocks, because we DON'T have the money. Isn't it nice how the world DOESN'T work.

Re:yay p2p plus ibm=sweet

[erax0r]

throttling, blocking same difference? NOPE. nice try troll -)

Re:yay p2p plus ibm=sweet

[scott1853]

Ok already, do you really think they're going to throttle port 80! Geez, grow up.

Yea, my mouse is bigger then your mouse

[Veovis]

Next on Fox 11 News: IBM has invented something, that we already knew about. They call it P2P, and it could revolutionize the way you share content over the internet.

and

Nikki Hemming, CEO of Sharman Networks, the creator of Kazaa, released a statement today that they plan to file a lawsuit against IBM, claiming that IBM's new P2P system could interfere with their trademark fasttrack technology.

Stay tuned to Fox 11 10 o' clock news, news that works for you!

give ibm credit

[narkotix]

atleast they are giving all these technologies "devalued" by other companies and organisations - p2p, linux, etc - a shot...and they are making a wad of cash at the same time. Its great to see that a large corporation like ibm see what us "hackers, warez kiddies and 3l33t folks" have been using for quite a long time! They contribute alot and give it back to the community, just like sun and others like them do. Heck if your makin money off somtehing free, wouldnt it be "morally" right to give something back!

Reliability

[yehim1]

I wonder how reliable this service will be, in terms of locating what we need? What will happen if a split happens in the network? We will have 2 separate p2p networks and then it becomes difficult to find information we need. If the network uses some permanent hosts for servers, then what is the difference with using a server-based solution?

Re:Reliability

[Bert690]

Because it is a centrally coordinated system, fragmentation of the network is not possible and search results are almost always "complete" (that is, if what you are searching for is out there and available at the time of your search, you're almost guaranteed to find it). Check out the paper on the search function for details.

Yes, this means it does exhibit a single point of failure, but as the system is not intended for piracy, porn, evading censorship, or other uses that tend to get systems "shut down", the benefits of centrally coordinating the system outweigh the functionality and performance limitations of a fully decentralized approach.

The difference from this and a completely server-based solution is that there are no central requirements that involve a large amount of resources. The central servers are a pair of old 400MHZ PII boxes, one for DNS, and one for the coordinating services. A one man operation can easily run this system on cheap hardware and a pipe with only moderate bandwidth, and still serve tens if not hundreds of thousands of users.

Re:yay p2p plus ibm=sweet

[mocktor]

which incidentally uses port 80

except this is entirely arbitary - HTTP is just a protocol, you can speak it over any connection (port 8080? yoghurt pots & string?). For example Gnutella uses a slightly modified version of HTTP on port 6346, try pointing your web browser at somegnutellahost:6346 and you'll see what i mean.

Rather cool

[FRAGaLOT]

This concept seems to be like a combination of automatic server load balancing, and Distributed Computing.

Re:yay p2p plus ibm=sweet

[cyberkreiger]

I have also been reading the news on this site for about two years, and i have noticed that some users that would be happy to get first post aren't quick enough. Instead they reply to the first post with something just as meaningless...

;-)

P2O vs the Slashdot effect

[TomRC]

What we REALLY need is P2P software for slashdotters, to counter the slashdot effect.

It's practically the perfect application for P2P.

Re:P2O vs the Slashdot effect

[Bert690]

Working on it. See the "distributed content caching" plugin example described in the "peer to peer sharing of web applications" paper on the YouServ project page.

It will let you encode any YouServ URL so that it gets cached and served by an army of available machines instead of just your own machine.

Re:Um... no....!

[JohnFluxx]

I don't follow your point, sorry :(

The only time you access the central server is:

1) When a brand new client connects to the internet and needs to get the server's public key(s). This is when the client is at its most vulnerable from man in the middle attacks etc. You could try hard coding them into the client, but you get the same problem - basically you have to start off just trusting someone you don't know.

Then you have two choices. The server could either trust everything, say, apache spits out. To do this, the server would sign apache's public key. This is done once, and then never again do the user or apache have to contact the server again.

OR

The server could just sign individual files. The coder would then sign one of his files, then send the file and signature to the server. Some human would look over it, decide if it is good sign, then sign the signature.

In both cases, when the end-user downloads a file, they get 3 files directly from the coder - the file, their signature of the file, the signature of the signature/public key.

Re:Shit man, just post a MD5'd checksum (nt)

[JohnFluxx]

And how do you know whether somebody hasn't maliciously replaced both the binary and the md5?

Last Post!

[alpg]

A fake fortuneteller can be tolerated. But an authentic soothsayer should
be shot on sight. Cassandra did not get half the kicking around she deserved.
-- R.A. Heinlein

- this post brought to you by the Automated Last Post Generator...