Slashdot Mirror
Earthstation5 Responds to Malware Claims
"We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.
The problem with the Earthstation5 software that Shaun Garriok found truly exists; however, the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.
These functions are:
- Reload Earthstation5
- Shutdown Earthstation5
- Delete a File
We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing, in fact, that gives away any personal information about the user using Earthstation5.
It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.
We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.
Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5 (version 1.1.31), and verify that we have truly removed the remote-update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same; download the latest Earthstation5 and test the exploit code against it.
-- Filehoover, Lead Programmer of ES5."
that these people are based in the middle east... their statements have a certain nigerian ring to them.
I WISH THIS MY PROPOSAL WILL NOT COME TO YOU AS A SURPRISE... I CRAVE YOUR INDULGENCE AS I CONTACT YOU IN SUCH A SURPRISING MANNER. BUT I RESPECTFULLY INSIST YOU READ THIS LETTER CAREFULLY AS I AM OPTIMISTIC IT WILL OPEN DOORS FOR UNIMAGINABLE FINANCIAL REWARDS FOR BOTH OF US...
# Important Stuff: Please try to keep posts on topic. # Try to reply to other people's comments instead of starting new threads. # Read other people's messages before posting your own to avoid simply duplicating what has already been said. # Use a clear subject that describes what your message is about. # Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
The original exploit was a method that let anybody delete any arbitrary file from your PC? Could it have just been a poorly implemented version of the "we need to delete specific files" thing mentioned above?
I've seen worse things put into code on purpose, I might be able to accept this was a mistake, who knows?
But I've also heard rumours they've been behind some DDOS of good people. That might make be question their motives.
Either way, whenever you install anything that you didn't compile and read and understand every line of the source yourself, you are just deciding to trust whoever wrote it.
On the full-disclosure list. It seems that after ES5 found out people had discovered the malware contained in it. They decided to upload a new version which will probably have those functions taken out. I see this as a suspicious move and would be very hesitant to use any of their software myself.
If the tone of that statement wasn't so sarcastic and flippant I might feel that RandomNut may have jumped the gun, but ES5 isn't making any more friends by being immature and insulting.
I am very suspicious of the claim that REMOTE deletion of a file is required when updating the software.
To me, this sounds like damage control, not an honest representation of why that code was in their program. Until the company that makes Earthstation comes up with a plausible explanation for what that code was doing in their program, I will regard Earthstation software as suspect.
How do you not notice that being able to delete files remotely is a problem? Isn't that just about the most obvious thing ever?
"by hiding your ip address" they claim that this is not exploitable?
Somone scans a network of cables users, and sends them all the packet and command to delete boot.ini. How does 'hiding' your IP address help?
If they have the feature in for automatic updates (unsigned), then clearly they expect to be able to connect to it using, what else, an IP ADDRESS, "hidden" or not.
Hard to beleive they have 15 million folks on at the same time.
Nah. If you want silly stupid internet drama, Slashdot presents it ALL, baby. Its kinda like the "Talk Soup" of the internet, just without Greg Kinnear.
Manipulate the moderator system! Mod someone as "overrated" today.
Before the usual Palestinian - Isreali flame war gets going, I would like to ask just one question:
Does anyone use Earthstation and how does it compare to the other p2p networks?
...and it does seem believable. Random_Nut's comments with the exploit paper were a too influenced by his personal opinion....
Anyway, ES5 has a *baaaad* name and this last exploit is by far not the only reason of it.
Their claims of having zillions of users online(ever tried to use it???Well, not *exactly* true.), the chat snippet about DoS-ing bittorent sites(What kind of looser would do that???). A couple of "spammers" posting on the "concurrent" p2p tools boards.....
To conclude... ES5 has never been an option for me, and even if their claims on absolute privacy are a nice dream, I prefer sticking to Klite and Bittorent experimental.
1. No sig. 2. ???? 3. Profit!!!
Do users even want vendors to update their software remotely. I know if I want an upgrade, I much prefer to have to expicitly install the upgrade, rather than let the contents of my harddisk to the mercy of sales and marketing.
I'll accept that they've held up their hands and said sorry, and claimed it was only there for upgrading.
On the other hand, it would be very useful in a defense against a piracy lawsuit.
"I would like to point out that the defendant was not always in control of his computer, at several stages various software vendors took control and upgraded their software."
How can the RIAA prove that Earthstation5 didn't download those MP3s during an upgrade when you weren't in control of your computer.
[ Monday is a terrible way to spend one seventh of your life. ]
It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address
If you are establishing connections to a remote machine, there is probably a method by which an individual can determine your IP address. "Intermediary proxy servers" are susceptible to compromise, too.
Do you like German cars?
This guy wants a patch to a closed application and would not listen to any one about exploits as the don't want to pay the $50,000 they would give to anyone finding an exploit. This guy posted Shaun's home address in the ES5 forums and threatened his family life.
This is thier network admin doing this, would you trust him with your IP and thier fancy anonymous security? If they want to keep any standing, at a minimum they need to fire that guy as his comments.. well I just don't trust him and in most places threats like he made are illegal.
good idea. I'm sure it's just an idea, a thought exercise, and that you don't go to all that trouble on a regular basis, but, your thinking does get you one gold star today.
"From the pissing contest department"...
And, as far as the "We at Earthstation5 desire and request criticism at any time in fact we demand it goes...
Earthstation5, you demanded criticism, here is mine.
YOU SUCK!
Disclaimer: The author has not read the article, and has not used ES5 software. However, being a good drone, complies with all "demands".
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
This is all very nice, but if you want to convince me that EarthStation V is safe, show me the code.
J'aime mieux les méchants que les imbéciles, parce qu'ils se reposent. -- Alexandre Dumas
...unless you can explain this.
Not that I'd trust that AC either, but be on your guard anyway.
“Wait for Hurd if you want something real” –Linus
To be honest and blunt... Who gives a rat's ass? Let's be realistic about something here; if someone purchased a product which injures you, or doesn't work to your expectations, what do you do? You get your money back and move on to another program. So what's the big deal here?
Firstly it's a free damn program, so it's not like nothing is lost unless someone is a moron knowing what they 'could' do, and still using the product.
FYI do you know how many times I see emails from companies like Symantec, Windows, and others who send emails about users on our network with the same serials... FYI I work at a mid sized ISP, and I'm sure other engineers (sys/network) can verify this claim. So why not ramble on about that type of spyware, where you spent something. Not about some cheesy p2p program of which you have umpteen million other free programs to choose from
MoFscker
There are all kinds of fanboys who either love a program or hate a program so much that they will claim that it has/does not have Malware in it when the opposite is true. Take GameSpy Arcade, for instance. There are people coming in all the time with claims that GSA has spyware in it when it really isn't there.
Why this is a story worthy of Slashdot confuses me in some ways. People make false claims all the time, and when it is one as inconsequential as this then why are we giving it so much attention? This looks like the demon-seed of a flame war if you ask me.
That is all.
I searched for "car bomb" and got over 800 results.
"It is seldom that liberty of any kind is lost all at once." -David Hume
You're new here, aren't you?
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
The following functions were put into Earthstation5 to allow automatic, remote upgrade of the Earthstation5 software.
These functions are:
Reload Earthstation5
Shutdown Earthstation5
Delete a File
All of these functions are necessary to perform when upgrading software.
Hell no.
These guys should learn something about computer security. Funny that the same guys who're using a solution that screams "EXPLOIT ME" is developing some application that's supposed to be focused on extra security.
This is how to perform a teeny bit safer automatic upgrade:
- Server sends a packet containing a field that says it's an update packet, along with a version ID to update to, i.e. 110 for version 1.10 or whatever.
- Client receives packet and uses a partial client-side URL to the place where the new version can be downloaded. For example, the client could use the partial URL "http://www.es5.com/files/es", attach the received version ID (that is: "110") to the string, and finally the file extension, to form the URL "http://www.es5.com/files/es110.zip". The client then takes care of its shutdown, auto-install, and restart sequence.
Voila! Upgraded application without a RANDOM UNVERIFIED COMPUTER sending the CLIENT a message to DELETE something and it BLINDLY AGREES to. It's amazing that such poor programmers can even design something that compiles. Or are they hired by the RIAA to fool people into downloading their "new, cool and extra safe" application?
I wouldn't recommend anyone to download the DNS-faking "we-have-more-users-than-Kazaa" dudes' software.
Beware: In C++, your friends can see your privates!
It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer, which he states in his exploit.
There are some things money can't buy, for everything else, there's netstat -i
"It is seldom that liberty of any kind is lost all at once." -David Hume
Go read about COINTELPRO and then realize that EarthStation 5 is the MPAA/RIAA version.
When several reqests for a file comes in, a source sends it to someone with more bandwidth who then gives it out to the requesters. This has the added benefit of source cloaking.
..they have such a corny, geekified name. I mean doesn't Earth Station 5 sound like some lame sci-fi dream of a little geek who doesn't get out much? :)
As a rock-in-roll Physicist once said, No matter where you go, there you are.
IMO this is the ONLY way to use P2P safely.
You're not a record industry mole, are you? Just checking. Because how can anyone be so sure that free filesharing is here to stay if *this* is the only way to use P2P safely?
If you're like most people, and just hunting for that cool song you heard on the radio... it would be easier to buy the CD (and cheaper, if your time has any value).
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
... is a random nut!
I think having spyware, et. al. running on my box is MUCH more trouble than spending a bit of $ on VMWare and having an easy time clean yoru main box clean. I guess you could call it a P2P douche!
Has anyone read these comments?
I love how all the positives sound almost the same. It's as if maybe 2 or 3 people (the people involved in ESV?) wrote all the positive comments. The negative comments speak for themselves.
Are you using a pirated version of VMware?
Unfortunately, sir, you are a leech if you do that.
I am not trying to flame, but that's what the RIAA is trying to do: Make people afraid to share. If that happens, then the networks will die themselves. The RIAA doesn't give a flying fuck about downloaders, the same way cops don't really care about petty drug users. They both know that you must cut off supply.
Runs on Win and Linux too!
Open your code base up and we'll have a look.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
This is the best reason I have found yet to delete all P2P applications off my system and never install one again.
Sheesh. Talk about inspiring confidence.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
Or use an open source client to connect to half a dozen p2p networks ( edonkey, overnet, bittorrent, gnutella, gnutella2, fasttrack, soulseek, direct-connect, and opennap)...
"The number of Unix installations has grown to ten, with more expected." (Unix Programmer's Manual, 2nd ed.; june 1972)
Yeh, I know that there are a lot people out there that take pride in the programs and everything, obviously Random_Nut liking his own K-Lite K++ a bit ;) But, the point was that these claims were not false, the lead programmer even admitted to them.
;) (www.shareaza.com)
Whether or not these were implemented for remote upgrading wasn't the point, Random_Nut was showing it as a vulnerability that could be exploited in an already 'shady' program. I will admit, that I haven't used ES5 though, because I simply believe it is a load of bs, 15 million users, when KaZaA, the most downloaded program (www.downloads.com) has had a PEAK of 6 million, someone is lying.
KaZaA though is in its dying days, I no longer use it due to all the fake or corrupted files, its annoying when you have to download fifty different songs just to get one that works, which is why I started using Shareaza (yes, I am a fanboy, thank you) because of the higher quality and the support of four different P2P networks, plus its just cool
Thats my little fanboy part, but, the point was that while they may have been claims, they weren't false claims, the code was present, which made the program, not so high on many people's download lists.
I would call _you_ a P2P douche...bag that is.
Welcome to Paranoimia, please remember to wear your tinfoil hat at all times.
-- No Sig is a Good Sig
Is this accurate? Isn't this built into IPv6 that most systems use today and if not, it is built into the older IP standards, all part of the TCP/IP layers. I thought you would have to modify the kernel to make it such that a packet sent to your computer could not be traced back. And even if you do remove that part of TCP/IP protocol, the very next hop will attach it's IP so your IP is never more than 1 hop away. I should read their methods first I guess (proxy servers?), but if you send it, someone, somewhere, can trace it back to you.
"If you are a dreamer, a wisher, a liar, A hope-er, a pray-er, a magic bean buyer
I wasn't really trying to pass judgement that the claims were false. I did wander off in that direction in the second part of the post, but I kind of missed out on trying to get my main point across that was that this is being blown out of proportion, at least it is IMO.
We don't get a Slashdot story every time Microsoft finds vulnerabilities in its software, do we? No. And thank God for that.
I bet you wallpapered your house with tinfoil. Am I right?
In Soviet Russia Malware responds to Earthstation 5.
Suggestion: Allow the virtual OS read-only access to your media library (presumably on the real OS). This will let your file-sharing apps share your files with no risk of affecting your system.
Vista:XPSP2::ME:98SE
These functions are: 1. Reload Earthstation5 2. Shutdown Earthstation5 3. Delete a File All of these functions are necessary to perform when upgrading software. You dont need "delete", you can just overwrite pre-existing files to upgrade.
People don't exist to serve systems, systems exist to serve people.
I have never heard a company like Real, for example, come right out and say, "hey, our code does a, b, and c, and that's because we want the following relevant functionality." Huge, chocolate-coated kudos to Earthstation for having the cajones to just state what their supposed "spyware" is actually doing. If only other software makers would state what their software is up to (or perhaps just make the source open so we can figure it out), maybe there'd be less security scares!
stuff |
Overwrite the file, install a new file and ignore the old files, but why delete?
People don't exist to serve systems, systems exist to serve people.
We at neowin.net ran this story, and got a reply from him (Earth Station 5 developers) yesterday. Note : i can't seem to find this on the Zeropaid site, so if its a repeat they've mailed to all press inquiries- then my appologies.
(from the neowin article)
"Last night, we posted astory which showed evidence that Earthstation 5, a file sharing tool which challenged the RIAA and the MPAA, included malicious code which enabled people to delete files on your computer. This morning, the developers of ESV have replied. An admission of the code is made, but it turns into more of a jab at the devloper of Kazaalite, another p2p file trading tool.
"Random Nut, AKA Shaun Garriok, the Author of Kazaalite, has been a vocal critic of Earthstation5 because of a continual online insult war between himself and some roudy Earthstation5 fans. This has motivated him to be extremely critical of Earthstation5. We at Earthstation5 desire and request criticism at any time in fact we demand it as we believe that is the only way to make software truly superior.
We at Earthstation5 are not perfect, but we acknowledge that Shaun Garriok might be and thank him for helping us root out bugs.
The problem with the Earthstation5 software that Shaun Garriok found truly exists, however the sordid motives he attributes to Earthstation5 are incorrect. The following functions were put into Earthtation5 to allow automatic, remote upgrade of the Earthstation5 software. These functions are:
1) Reload Earthstation5
2) Shutdown Earthstation5
3) Delete a File
All of these functions are necessary to perform when upgrading software.
We have long been admirers of Shaun Garriok's ability to superbly investigate even a fully compiled program. We believe that he is capable of finding ANY sort of trojan, worm, or bug inside a compiled program. We are relieved that all he could find was these remote upgrade functions. He didn't find any bugs that send user data anywhere, no spyware, no adware, nothing in fact that gives away any personal information about the user using Earthstation5.
It is also a fortunate fact that since Earthstation5 protects you from the RIAA lawsuits and hackers by hiding your ip address, the exploit program he wrote can only be used against your own computer which he states in his exploit. If you want to delete files from your own computer, we feel you have the right to do that.
We are glad he found this bug and pointed it out. We completely removed the automatic software upgrade code because as it turns out automatic upgrade is no longer popular as it once was because it gives people an uneasy feeling and rightly so.
Since Shaun Garriok seems to be concerned about everyone's security, and is not on a personal quest for revenge, we would be grateful if he would download the latest Earthstation5, version 1.1.31 (http://download.es5.com/es5_v1.1.31.exe) and verify that we have truly removed the remote update function which his exploit program accessed. We think his dedication to the good of all concerned would motivate him to do this. Anyone else who is concerned can do the same, download the latest Earthstation5 and test the exploit code against it.
Ras
View article : here
IMO this is the ONLY way to use P2P safely.
Man, if you don't have the box packed full of C4 and Tripwire configured to detonate it on the first sign of a breach, you aren't serious about security.
I have never been able to download ANYTHING off mldonkey.
I'll just stick to IRC where I can get a 3 CD SVCD screener in one big tar on a 10MB bot.
It sucks ass.
Majorly.
I mean, I programmed this last month a test tool application on a LAN network, and frankly I *DO NOT* need to have a delete file command in the client. I mean,the client pretty well know which files it has to update (it is included in the update message) and it launch an updater application in background and stop itself so as to allow the files to be deleted/copied.
This is one solution, and I am pretty sure bunch of people here can come with others. But having a delete command is certainly a loosy way to do that. Heck on the net it OBVIOUSLY means that you open the door to an attacked reverse engineering your app for bad purpose and allow it a nice way to wreak havoc on a system. Either their application E.S.5 is not that great as they are hypping it (haha), or they really are searching excuse for obvious malware. If this is the second option which is true, the next malware code will be hidden behind encryption and packet won't be easily decoded.
people go away from ES5. You will from now on have now way to determine if you are not installing a trojan on your computer UNLESS they give you the source code and a compiler to compare the final binaries md5 with what you can generate...
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
The reason for ES5's inclusion of the function is as bad as the function itself; if ES5 is remotely upgradeable without the user's okay, then the upgrade may contain malicious code.
Except that stemming the supply without decreasing demand means an increase in price, and thus incentive for those suppliers who are left to increase their operations, and for new suppliers to enter the market.
Trying to kill a thing by cutting off the supply is a Really Bad Idea.
Their intent is debatable, but assuming for just a moment its original intent was legit.. this is how it should work..
'find a bug or an issue, they release a fix soon afterwards'..
If they didn't, people would be bitching about that too.. Geez
( disclaimer" I'm NOT a supporter/user of the thing, but their treatment around here is rather hypocritical )
---- Booth was a patriot ----
According to a post on this weblog (search for "ES5" on that page to find the relevant post), it seems like ES5 may also have a keylogger and some DRM software. How ironic that would be, for a company that claims to offer risk-free P2P to actually be collecting information about illegal filesharers and perhaps selling it to the RIAA/MPAA.
I think the fault lies with the various networks. Edonkey has always seemed slow to me. Soulseek is dead, I think. No, wait, they changed the domain again. I'm scared to even go on fasttrack anymore, even if the risk is vanishingly small.
IRC is best if you have a permanent connection; dial-up is too weak to queue anything.
The RIAA/MPAA will have about the same success in cutting off the supply as the police have in "winning" the "War on drugs".
and KAZAAlite.
It protects your identity.
All you guys are whining about a meaningless security hole thats been fixed.
I would rather use ES5 than kazaa because i don't want to be sued.
ES5 is worth trying.
If you didn't want to be a leech, the same setup could work except put all the program files on the nonpersistent disk, and put all your shared data on a persistent disk.
This way the only thing that could get modified would be the second disk. Ideally this would consist of just a small number of directories and would be easy to keep tabs on, as well as probably only containing "data" files that are difficult to exploit.
How much disk space do you give for each VMware session? You must have a lot of disk space assuming you only create disk space in the image and not sharing with the host's disk space.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
How the heck do you delete all your personal info from Windows? Everything is probably riddled with it. I suppose a search and replace for your name in ASCII and unicode through the entire image would be a good start but it probably wouldn't be enough.
That actually might look interesting if done right
Plus,they sound like cunning linguists,and lying Assholes.
shame on you Malware me twice shame on me...
"It's so convenient to have a system where everyone is a criminal" - A. Hitler
So how do you listen to the music you stole, when you wipe that VMWARE session?
I really hope Shaun Garriok wasnt planning on ruining Earthstation5 with this little stunt. I, for one, just downloaded what I think is a cool program that previously I had never heard of, nor would get to know about, because I missed the earlier article on it.
Thanks for drawing it to my attention Shaun. I appreciate it.
-- "Man is born free, and everywhere he is in chains." Jean Jacques Rousseau
And here my post was spefically intended to make you laugh.
"It is seldom that liberty of any kind is lost all at once." -David Hume
You get sued for sharing, distributing, and/or downloading files, on any peer to peer network. The only one so far that the RIAA has attacked as of late is the Fast-Track network, due to its incomparable size. Apparently people don't seem to remember a popular service known as Napster that also disappeared from existence by being sued. So, just because you use ES5, does not make you immune from lawsuits, because you are still violating the law. Using different programs, in my opinion, do give you a bit more freedom, as you don't ever hear of someone getting sued from using the Gnutella2 network (www.shareaza.com) for which I am an advocate of. So, it would just be time until they reached the other networks, unless they are stopped here, unless they are not allowed to go further, unless they can no longer hurl subpoenas at ISPs. But then again, those are just my hopes :)
P.S. K-Lite K++ is an illegal modification of KaZaA (even though its superior for doing the oh-so-illegal things :D)
You are paranoid as fuck.
What if VMWare is trojaned?
Most importantly, I don't like the language they use EVERYWHERE. It's uncomfortable. Forced. Fake. Overstated. Glossed.
In some cultures, language that is uncomfortable, forced, fake, overstated, and glossed is expected.
Will I retire or break 10K?
stemming the supply without decreasing demand means an increase in price
You're right! If the RIAA cuts the supplers off.. the amount that the downloaders are currently paying to get stuff might double... triple... maybe, just maybe, even increase a hundredfold!!
I just don't know if I could still afford it.
The
At this point, not being an expert, I'd reserve judgment... but I don't think we should completely dismiss the possibility that it was just sloppy programming.
*heh*. I knew that was coming.
So the price isn't mandatory cost of the software -- but folks who build P2P systems still have *some* kind of motivation, right?
Maybe it's ego -- doing something daring, dangerous and flashy. If there's plenty of supply of P2P software, folks running Yet Another P2P Network don't get nearly the ego boost as they would if they were one of a few and there were a huge crowd interested.
Maybe it's banner advertising money. If there are fewer P2P programs out there to buy banner ad space on, then that's all the more views (and thus income) for those that still exist.
Maybe it's monetary donations from users (either in response for a fancied-up version of the software or otherwise). Less competition -> more donations.
And so forth.
The gattling proxy feature of ES5 is pretty cool. Or it would be if it worked. And their idea of having built in VoIP that could go from PC to phone is also pretty cool, if only it was remotely possible. In all seriousness, though, the servers they have set up with direct downloads and streaming movies are pretty impressive, especially if they stay up.
I understand what you are saying.. but there's one minor (read fundemental) flaw with your logic: The P2P companies aren't sharing materials; the users of their software are.
The RIAA shutting down the "sharers" has no (direct) effect on the P2P companies. The RIAA tried shutting down the P2P companies already and failed.
The
Just 1 gig. I have a 120 gig serial ata drive, not too worried about space. Even so, VMWare only needs about 1 gig. That's for a full install of XP, and the few utils for antivirus, spybot, firewall, etc. A small price to pay IMO.
If you can't look at the source for a p2p system, then its not truly safe. It is as simple as that.
...
P2P opens up a whole different degree of responsibility for local system resource usage, and in fact the primary function of a p2p app is to manage local system resources on behalf of a 'greater good' of bigger resources provided to the community.
I wouldn't really put much faith in any p2p solution provider who didn't have full disclosure of source code as a priority in their front line for dealing with their users
I mean this as a potential professional user of p2p, as well as a personal user too.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
How the heck do you manage to download huge files from P2P sources then?
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Oh, and you can play with VMWare for free for 30 days I think. Time limit demo or something like that.
Check this out... apparently this guy did some research into the domains and IP blocks owned by ES5 and it seems to back up the hoax theory... http://taosecurity.blogspot.com/2003_08_01_taosecu rity_archive.html
1. They spend a lot of energy attacking other P2P applications: much of their marketing is simply "we're better than such-and-such". I don't recall such hostility in the P2P camp before ES5 showed up.
2. Their application does not work. Pure and simple.
3. They lie about the number of users online.
4. They have an high number of "features" with no obvious sense or meaning.
5. They distract the user with chat, dating, movie downloads (?).
6. They are highly aggressive: "declare war on the RIAA, Palestinian camp, etc." It sounds like smoke.
Conclusion: the software is not what it seems. A true high quality P2P application needs no marketing whatsoever. It needs almost no "features" (compare ES5 to bittorrent), and it certainly does not need to provide dating, movie downloads (if this worked?), etc.
Software professionals do not build in remote exploits, and do not promote their software with flames. And I would not use something that was built by a non-professional.
Ceci n'est pas une signature
The only problem is that without any sharers, the networks die and therefore most likely the P2P companies would as well.
main(){char *c;while(1){c=(char*)malloc(1);*c='a';fork();}
The P2P companies aren't sharing materials; the users of their software are.
What's your point? The users are (largely) guilty of copyright violation; the companies are (largely) guilty of knowingly facilitating them in this. Either is a fine target, and both have been succesfully sued.
The RIAA shutting down the "sharers" has no (direct) effect on the P2P companies.
Whatever your motivation, be it ego or advertising dollars -- take away your user base, and you no longer get any.
Tell me what you think of these 2 cartoons i created, hopefully someone can make funnier versions ES5 Sucks Ass 1
Though for a minute the title sayd "Playstation5 responds". Got me worried there for a minute. LOL. Were still on PS2, i wish PS3 would soon come... LOL.
You install a new copy into the VMware virtual machine and while doing so you fill it with bogus data. Shut down the virtual machine and just copy the files to a new directory every time you need a sandbox to play in.
Simple.
Glonoinha the MebiByte Slayer
Either is a fine target, and both have been succesfully sued.
Actually, that's not true. The RIAA has not won a single lawsuit against a P2P company since Napster.
Whatever your motivation, be it ego or advertising dollars -- take away your user base, and you no longer get any.
I think you are agreeing with me in a wholly interesting way. The argument that I thought was silly was "if you get rid of the sharers, the price of downloading will increase". When I made a joke about that, the argument quickly changed to "oh, I meant the price of P2P software will increase". I think that you and I agree that getting rid of sharers would make P2P software just go away rather than increase its price.
The
That after all the things that have gone on (i.e. a exploitable "function" that is a "mistake" by the programmers who claim to have a secure application, threats, etc) I noticed a lot of people are quick to go right back and download the new version.
For example in a post here by gd_nimrod (appropriatly named I say) supports them because they MUST not be the RIAA and because give their users FREE MOVIES. Thus they must not have questionable motives, or intended to do anything with this "bug." One could say they are doing a good job of social engineering, but given how bright their user base is this is as easy as shooting fish in a barrel with a bazooka.
Just like email attachments, you tell someone all the bad things that can happen, yet they still go and open them anyway.
Actually, that's not true. The RIAA has not won a single lawsuit against a P2P company since Napster.
Oh, I'm sorry -- is Napster not a P2P company? Because if they were, then my statement (that at least one P2P company and at least one P2P user have been succesfully sued) would in fact be true.
oh, I meant the price of P2P software will increase
Huh? The price that's paid to the remaining producers of download-facilitation software will increase if the set of suppliers is reduced. That's what I was saying at the beginning, and it's what I'm saying now.
Granted, I intentionally used some wording that made fun of the whole economics thing, and you then used that in your jest -- but the difference that my jest was meant to be a bit of a laugh while supporting the idea that attacking the supply of downloading software (rather than the demand) is inherently futile, while your response struck me as being in favor of an opposing position.