Slashdot Mirror

← Back to Stories (view on slashdot.org)

Putting P2P To Work

Posted by ryuzaki0 on from the it's-all-data-anyhow dept.

An anonymous reader writes "Looks like some folks at IBM have had moderate success in getting P2P adopted within the corporate enterprise. One new paper on the site describes experiences in deploying a decentralized search network spanning machines in 43 countries. Another describes a system for peer-to-peer sharing of dynamic web applications instead of static files. The idea is to support development and distribution of simple modules that themselves form meta p2p networks. Neat."

27 of 131 comments (clear)

  1. Security? by cscx · · Score: 5, Interesting

    What stops you from doing a man-in-the-middle attack, as so to speak? I.e., what assures the integrity of the original files, and how do you know that you're obtaining an authentic file?

    1. Re:Security? by cscx · · Score: 4, Insightful

      I was thinking of something like that, but you spoil the true peer-to-peer creamy goodness by relying a centralized server -- there's still a central point where failure can occur.

    2. Re:Security? by Chris_Stankowitz · · Score: 3, Interesting

      Well, for starters, I don't see why you would need a man in the middle attack on a LAN. To perform a man in the middle attack on a LAN you need a system on the LAN as well. At this point why bother with a man in the middle attack.

      I think the kind of security issues you would be most concerned about would be confidentiality. My guess would be that you only place insensitive files on the P2P network, or develop P2P software that has user defined rights. That of course could lead to elevation of privileges attacks. Either way you cut it.

      This is all still info that is "internal" to IBM. As everyone knows (or should know) the largest security risk that all companies face comes from internally to begin with. So its not as though these files are not accessible by a malicious and knowledgeable person on the inside already.

      There are many ways that the risk can be mitigated with such a system. I could go on for paragraphs on this. I think the concept of using P2P internal for corporations has many advantages and could be come a great tool. Much like any other means of sharing information digitally all the security risk will have to be assessed before it goes into "production"

    3. Re:Security? by JohnFluxx · · Score: 5, Interesting

      No no - look you just sign everything with pgp. The host has to inherently trust _someone_, so the key they trusts signs someones key who signs someone elses key and so on until you have a chain of trust to the signature on the pgp file.

      One way of doing this practically is to joe-bloggs sign his new files with his keys. Then some main server checks over it all, and signs his keys. Then you client get: 1) the file 2) the pgp signature of the file 3) the pgp signature from the main server of the pgp key

      This involves having a main server, however you don't need to talk to it.

      You need some way to make a chain of trust, and a central server/group of servers that everyone trusts is the easiest way.

      JohnFLux

    4. Re:Security? by Bert690 · · Score: 5, Informative
      Every YouServ node is granted an SSL certificate from an integrated certificate authority, and uses it for support of HTTPS/SSL. Use of HTTPS guarantees there is no man in the middle.

      YouServ is a bit different than traditional P2P apps most people are familiar with. For one, there is accountability: Every one of the files you share has YOUR NAME embedded within the URL required for accessing that file, even if that file resides on another machine at the time of download (e.g. from the ability to replicate your site to other machines). Unless you don't value your job, you'd be highly unlikely to use this system for sharing porn / MP3's / etc, a point made in the paper on the search function.

      Two, it's not just for sharing files that are world readable. It's also for sharing stuff with only designated users and groups. Every node is tied together by a single sign-on infrastructure so you can use one and only one password to access secured content on any node, without the possibility of malicious nodes sniffing and stashing your password.

      Third, it's at its core web compatible. You access the network with a regular web browser. There s no need to install spyware riddled clients to get at anything. Each node provides a web accessible search interface for searching the globally shared content or site-specific content. You only install the software if you want to host stuff.

    5. Re:Security? by bastion_xx · · Score: 3, Informative

      A P2P network based on PKI could perform authentication without requiring 24/7 access to a central server.

      Once the file has been signed by a certificate authority and the CA's public key is loaded in the P2P software, the validity of the file can be confirmed. Of course, certificate revocation lists are more problematic, but they too could be distributed via P2P.

      If the network is used to insert files on a continueos basis, subordinate CA's could handle the load a redundancy.

  2. As the linked webpage says... by kaosrain · · Score: 5, Insightful

    As the linked webpage says, we've already had a story on this here. All that is different is a new version (and name) of YouServ, and that the currently active users number has risen from 900 to 5,000. Good job to the guys at IBM, and keep up the good work!

  3. Project Jxta by Isosonys · · Score: 3, Informative

    www.jxta.org does this now, p2p search, and much more.

    1. Re:Project Jxta by Bert690 · · Score: 3, Informative
      There's a lot in YouServ that is not in JXTA. YouServ is an application, JXTA is more about infrastructure with a loose collection of apps atop it, none of which provide all the features offered by YouServ (web hosting with transparent site failover to buddy machines, dynamic dns, integrated authentication system and certificate authority for single sign-on and support of HTTPS, browser compatible access, p2p search over file *content* as well as filenames, and so on...)

      Sure you could probably build something like this with JXTA, but nobody has done it yet.

  4. Putting P2P To Work by Istealmymusic · · Score: 4, Funny

    MP3s from IBM's OC-192s?! Sign me up!

    --
    "The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
  5. I can smell the synergy by mr_gerbik · · Score: 5, Funny

    What they need to do is synergize by making more robust b2b real-time applications using p2p e-solutions.

    1. Re:I can smell the synergy by capnjack41 · · Score: 5, Funny

      You've been using the Web Economy Bullshit Generator, haven't you!

  6. Coming into its own by dirvish · · Score: 5, Interesting

    First academia starts contributing to peer to peer development, now it is being used as a business app. Looks like the folks who would love to see p2p dissapear are out of luck.

    --
    FoundNews.com - get paid to blog.,
  7. P2P that isn't evil spyware???? by Shymon · · Score: 3, Funny

    a P2P network that isn't evil spyware? must pretty cold in hell bout now.

  8. For a real challenge, try P2P-ing the database by Hugh+G.+Rekshunne · · Score: 4, Interesting
    The paper discusses "sharing of dynamic content generators, web services, and web applications" using P2P.

    But as usual, the examples are of the trivial, "hello world" class.

    In the real world, dynamic content and web services are linked to some back end database server. Doesn't matter what kind of fancy distributed malarkey you put in place, everything gets serialized back to a skinny pipe when you reach the database server.

    Now a distributed database server based on P2P - that would be news. Oracle had such a project, code-named Andromeda, some 8 years ago but it came to naught cos it ain't that easy.

    1. Re:For a real challenge, try P2P-ing the database by Bert690 · · Score: 5, Informative
      As a developer of the system, I can tell you that a p2p database is not, nor will it be, one of the goals of YouServ.

      The system is intended for personal web hosting, that is, for use by mostly non-technical users for sharing files, creating web logs, guest books, and so on, using their own hardware (and that of their friends). In no way are we trying to provide p2p solutions to business class functions such as serving an online store (though I agree it would be cool if someone did that).

      Indeed the existing plugins are simple (my development time has been limited and this component is very new), and at this point are intended only to demonstrate the API features. But even quite simple plugins, if they cooperate across multiple machines, can do some very cool things, a few examples of which are proposed in the paper: sharing files on multiple other p2p networks, distributed content caching ("akamai for free"), cooperative weblogging, and so on. Again, you woudln't use this to build a high-traffic online store, but it does give you many new and easy to use ways to enhance and publish your own (web) content.

    2. Re:For a real challenge, try P2P-ing the database by sailesh · · Score: 4, Informative

      Look at the PIER project at the Database group in UC Berkeley.

      PIER is a P2P Query Processor .. it stands for "P2P Information Exchange and Retrieval"

      http://www.cs.berkeley.edu/~huebsch/pier/

  9. Other Upcoming Uses by Superfreaker · · Score: 5, Interesting

    Well,
    Earlier I posted to /. on a DRM solution I was deploying for a major record label. Some of you also know that these labels are paying companies to distribute files that look like real audio files, but turn out to be ads, or silence.

    With the system I built, they are going to give downloads of actual music files protected by DRM on these p2p networks, where upon playing it, you will be prompted for payment. You can make payment in the licensing window of WMP. It should be noted this only works for .wma files and not mp3's. However, most p2p users use apps like kazaa where selecting "audio" files will return wma's.

    It will be interesting to see how this works. It can obviously be circumvented using one of the DRM hacks, but I'm sure at least some will buy the files. Especially those on dial up who spent 15 minutes to get one song.

    Is it evil? Sure. Not as evil in my mind as those companies that distribute silence or ads on these networks. Please understand, I have all the same feelings as the concensus here has. But this is a necessary step for the industry to get with the times. The DRM at least will have unlimited play, cd copy, and move to portable device.

    Baby steps. Slow and steady wins the race.

    1. Re:Other Upcoming Uses by LostCluster · · Score: 3, Interesting

      Okay... So how long until somebody writes the one where it looks like you've downloaded the song and it then pops up the DRM window. User types in the info to buy, and off it goes to the hacker who charges a whole lot more than what he said he would! The risk of it being a fake one of these discredits the real ones, and this technology goes down the drain due to inability to be trusted.

    2. Re:Other Upcoming Uses by grumpygrodyguy · · Score: 3, Insightful

      Baby steps. Slow and steady wins the race.

      That's true, but it's also how DRM could become something much more menacing that what you invision it to be. Do you think Hillary Rosen shares your moderate viewpoint on DRM? You just build the tools, you don't get to decide how they are going to be used. Most people here are aware that succesful software oftentimes ends up being adopted to perform functions that the designer never even considered.

      As well indended as your efforts may be to try and find a working compromise between content consumers/producers. You are laying a groundwork that could dramatically dis-empower millions of people.

      The primary issue here is one of precedent. You're helping to bolster the notion that DRM is something that people will accept.

      Right now marketing is being pressured into "selling" DRM without disrupting product sales. Which is very tricky in recessionary times like these. Companies need consumer dollars to stay afloat, so they can't be too hasty and scare them away with technologies like DRM. Once sales pick up again however, there will be much more leaway to completely transition to DRM based media distribution. Have you really considered what that would imply?

      This isn't a comic book, and what you're doing could end up effecting real people in very negative ways. I'm just curious what is going through your mind as you're coding this stuff. Do you think you're some kind of hero? Would you please elaborate your point of view?

      --
      The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
    3. Re:Other Upcoming Uses by Superfreaker · · Score: 3, Interesting

      Again, please let me emphasize, I am an average /. poster with the same exact feelings. I have HATED all experiences with DRM before I started working with it.

      When I was initially apprached, I pushed MP3's hard, I even built the system around MP3's at first. They brought up DRM. I never worked with DRM and as I mentioned before, implementing DRM was the most horrific experience ever.

      I am not a hero. DRM IS WRONG, IMHO. But, it is the same with software serialization. Even that is wrong, but it is a fact of our use of computers. The only thing we can do is to make it as easy as possible.

      Ask yourself, What should DRM do? Not what it does (inconvenience people, anger everyone, etc..) It is to simply make sure that the people who paid for an item, get to play the songs, those who did not pay for the song, should have to pay. That is what DRM *should* do.

      Does it do it in all of my previous experience? No, of course not. Is it MS's fault, partially. What have I personally done different? Well, I made it a little easier and more transparent. Its it completely silent in its process? No, of course not, the toll just is not there yet.

      What do I think of things like palladium. I'm scared. But in this respect, I think I am doing a good thing, and I am proud of improving something so horrible. Again, I have the same concerns as most of us here (even if I am a Win developer :-)

      Hope that helps. I'm open to off list discussion...

  10. I don't get it by papasui · · Score: 5, Funny

    You'd think a huge corporation like IBM would have enough copies of 'Jenna's built for speed' to around so employees wouldn't have to share DiVX's. Damn ecconomy.

  11. Meta Bracket This... by Quirk · · Score: 3, Interesting
    The idea is to support development and distribution of simple modules that themselves form meta p2p networks. Neat."

    The american anthropolgist and all around genius Gregory Bateson was among the first to investigate theories of meta bracketing as sources of information. His two best books 'Steps to an Ecology of the Mind', and 'Mind and Nature: A Necessary Unity' are both excellent reads and brilliant insights into the human psyche.

    --
    "Academicians are more likely to share each other's toothbrush than each other's nomenclature."
    Cohen
  12. Hooray by toomz · · Score: 5, Funny

    At the rate P2P is going people will be able to use 100% of my CPU power and hard disk space to remotely code DivX files reliably in just a few years!

    --
    If a chair is thrown in a forest, and there are no witnesses, did Ballmer still do it?
  13. Ad-hoc p2p on OS X by h0tblack · · Score: 4, Informative

    One great feature of 10.2.x has become apparent through use of Rendezvous (aka OpenConf) and iChat. Rather than connecting to a central iChat (ie AOL) server, you can easily and automagically create an ad-hoc iChat network between any capable (running 10.2 and have a network connection) machines. This enables people to easily chat, exchange files etc. wherever they may be, by setting up simple wired or wireless networks. Look out for more of this at various conferences (wireless ad-hoc networks) and in the workplace.
    This sort of technology is being pushed by Apple and will be included in future updates to various "iApps" including iTunes...

  14. Re:Oh oh! Not compatible? Bahhhh by Bert690 · · Score: 3, Informative
    That's a pretty minor issue since it only affects HTTPS/SSL (which is used for file uploads to protect auth credentials).

    A worse one (for YouServ compatability and anything else reyling on dynamic DNS) is the fact that Mozilla caches IP addresses until the browser is completely restarted. How's that for stupid?

    Please vote to have this issue fixed right here.

  15. P2O vs the Slashdot effect by TomRC · · Score: 3, Interesting

    What we REALLY need is P2P software for slashdotters, to counter the slashdot effect.

    It's practically the perfect application for P2P.