Slashdot Mirror

← Back to Stories (view on slashdot.org)

Entropy Project Closes Up Shop

Posted by CowboyNeal on from the calling-it-quits dept.

k0fcc writes "In a disappointing move to privacy enthusiasts, the Entropy Project's creator has released a statement that the project is shutting down. Entropy was a very popular, and some say faster, alternative to Freenet which supported a number of different cryptographic protocols. The creator alluded to the possibility that the project could continue if a new owner could be found."

21 of 143 comments (clear)

  1. Ironic by Chairboy · · Score: 5, Funny

    Does anyone else find it ironic that a project named 'Entropy' has come apart?

    1. Re:Ironic by Barto · · Score: 5, Insightful

      Considering irony is "incongruity between what might be expected and what actually occurs", ironic would be a project named Entropy staying together. A project named Entropy coming apart perfectly congruous IMHO. So there.

  2. that was fun... by elykyllek · · Score: 5, Funny

    Considering I just got this installed, configured and working 5 minutes ago.. this is great news...

  3. GNUnet by Anonymous Coward · · Score: 5, Informative
    There's still GNUnet!
    GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. GNUnet uses a simple, excess-based economic model to allocate resources. Peers in GNUnet monitor each others behavior with respect to resource usage; peers that contribute to the network are rewarded with better service.
    1. Re:GNUnet by NoMoreNicksLeft · · Score: 2, Interesting

      What if the project defines itself as a network, rather than a framework, or even a file-sharing application?

      What if its not much different than installing a virtual ethernet adapter, or if all your experience setting your computer up for TCP/IP counts for something on it?

      What if you get to use all your current internet apps, rather than scratching around for keyhashes of some file that is pieced together all over the network?

      What if only one guy can snitch on you, and he's somewhere in South Korea?

      Maybe not ready for prime-time, but I think I have the late-night viewing nailed. Way past CSPAN.

  4. Erm by Reality+Master+101 · · Score: 3, Interesting
    I don't mean to be snarky, but "very" popular? Does Freenet itself qualify as "popular", much less "very popular"? Does /anyone/ semi-normal (i.e., not a techno-geek, or a rights-geek) use Freenet, and if they do, has anything significant ever been published on it?

    Freenet seems to me to be one of those ivory tower projects that has little relation to the real world. Proof? No search engine, and very little chance of ever having one. How the hell can it ever be useful? [/rm101 resists making a dig about their choice to implement in Java]

    --
    Sometimes it's best to just let stupid people be stupid.
    1. Re:Erm by Neophytus · · Score: 3, Informative

      Just to bite the Java troll, may I cite the example of Azureus as an example of a Java program done right(tm). Runs fast, is responsive and doesn't use the godawful swing toolkit (it uses SWT instead).

    2. Re:Erm by TRACK-YOUR-POSITION · · Score: 2, Insightful
      Bittorrent doesn't have a built in search engine, but it's probably the most mainstream (if one considers appearance of legitimacy rather than strict popularity) of all the P2P protocols/clients.

      I don't think it has to do with being ivory tower--it's just that anonymity comes with a bandwidth/convenience cost, and at this time most people don't consider it worth paying. As computer resources increase, or political reality changes, anonymity might start to grow in relative importance.

    3. Re:Erm by ultranova · · Score: 2, Informative
      Does /anyone/ semi-normal (i.e., not a techno-geek, or a rights-geek) use Freenet,

      Couldn't really say, since few people who use anonymous filesharing/messaging use their real names in said anonymous network.

      has anything significant ever been published on it?

      Quickly scanning The Freedom Engine, I found Fahrenheit 9/11, IIP Revival (which tries to bring back the Invisible IRC), mirror of XBOX Linux, TrekLit (a collection of Star Trek novels in MS Reader .LIT format), various blogs, Freecraft (an open-sourced Warcraft clone which was cease-and-desisted off the Net), Bondage Fairies (fairy porn, kinky too !), a MAME ROM library, a few library freesites, a few movie freesites and, of course, lots of porn.

      I really don't know if this is significant, but it proves that there is content in Freenet.

      Freenet seems to me to be one of those ivory tower projects that has little relation to the real world.

      The development process could be better; currently people are throwing in new features before old ones have been debugged, and as a result the logs are full of NullPointerExecptions and other weird errors. And a bug which caused the node to always route to the worst possible choice went unnoticed for a long time during the switch to NGR...

      Apart from that, I really don't see any indication of an ivory tower, especially when it's becoming increasingly clear that the freedoms we are enjoying now are not going to last. And the freedom of communication anonymously is the basis of all other freedoms; without it, you cannot know if your government is honoring the other freedoms, and thus it has no reason to do so.

      Please explain your statement ?

      No search engine, and very little chance of ever having one.

      Three (3) different indexes linked from the start page. And if you use Frost it has an internal search engine for files inserted with Frost.

      [/un resists making a dig about people who have been spoiled with Google so they don't know how to find things by surfing anymore]

      [/rm101 resists making a dig about their choice to implement in Java]

      Considering the amount of NullPointerExecptions the logs contain, I'd say that this was a wise decision. A C program would render the network useless. Of course this might also give an incentive to actually fix those errors before implementing more features...

      Just be sure to give the command "LD_ASSUME_KERNEL=2.4.1" followed by "export LD_ASSUME_KERNEL" before running Freenet in Linux 2.6, because otherwise it will try to use pthreads, which will cause Sun JVM to hang.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    4. Re:Erm by Mind+Booster+Noori · · Score: 2, Informative

      In fact, GNUnet is the first and only (AFAIK) p2p program that guarantees a level 3 anonymity, which, per se, makes it the most attractive p2p project (for me, of course, those who doesn't care with anonymity and encription and prefer speed won't choose an anonymous P2P protocol...).

      --
      Mind Booster Noori
    5. Re:Erm by OverlordQ · · Score: 2, Informative

      Obvoiusly you have no clue as to how Freent works. Out of the box, it's just like a baby, it has no clue where anything is, nor what anything is. You have to leave it connected for a while for it to learn this things like routes, etc. I left mine running overnight, and I could get all but the most obscure sites to load.

      --
      Your hair look like poop, Bob! - Wanker.
    6. Re:Erm by paganizer · · Score: 2, Informative

      sort of.
      if you are talking dial-up, then it's going to take a while for your node to learn the neighborhood; you would probably want to turn it on and run FROST for about an hour; you still are going to have problems getting to some freesites. You will also want to go into your default.ini file and change transient=false to true.

      BTW, when people are saying FREENET is not searchable, they are mainly wrong; the Internet isn't searchable, or at least most search engines don't search it the way it would be searchable, by hitting every IP address. It's searchable because search engines go to known sites, index those, and follow the links it just found to other sites, rinse, wash, repeat. You have the same thing going on in freenet, with tools like spider.

      If you are expecting freenet to act like emule or gnutella, don't. it's not. If you mainly want to trade files, run frost, it's sort of like using USENET.

      Freenet is actually still working pretty well, BTW.
      The developers have a nasty tendency to come out with a working build, wait about 2-4 weeks, then come out with a non-working build. the last 6 stable releases have all worked about as well as any have in the past, and we are WAY overdue for the must upgrade non-working build.
      Frost is even working pretty good; it has unnecessary libraries (why, exactly, do you need to format the messages in XML? what was wrong with TXT?), and is about 2mb more bloated than the may 9th, 2003 build which worked better, but it DOES work.

      --
      Why, yes, I AM a Pagan Libertarian.
  5. Some say faster?! by sulli · · Score: 4, Funny

    My 11 year old VW Jetta is faster than Freenet. In 5 pm Bay Bridge traffic.

    --

    sulli
    RTFJ.
  6. Yeah, entropy ain't what it used to be. by cool_st_elizabeth · · Score: 2, Insightful

    Now it's official.

  7. mmm really? by eldacan · · Score: 3, Insightful

    GNUnet is written in C. One buffer overflow exploit could compromise the whole network.

    Not quite true IMHO: it's obviously not sufficient to compromise one client/server to compromise the whole network. If it was, it would be a piece of cake to take the existing source code and use it to build this "compromised" client/server.

    If you want to compromise the whole network with one buffer overflow exploit, I guess you will have to find an exploit that works with all versions of GNUnet, and you will have to run it against all (ok, most) clients/servers on the network (most of the traffic seen by one computer on the network doesn't make sense for it, it just relays the packets to other computers).

    And there is also a Java implementation under development.

  8. Anonymity and Entropy by trifakir · · Score: 5, Interesting
    Yep, anonymity is a favourite topic of conversation of me and my colleagues. Frankly, I do not understand the concerns of the "Entropy" project leader. Here is why:

    1. Theoretically, it is impossible to have anonymous communication on the Internet.
    2. In practice it is a balance of resources. The trick is that it is much cheaper to publish contents anonymously, than to trace the origin of an information. Therefore projects like Hacktivismo - Six/Four, Crowds, Freedom-Net, Tarzan, Onion-Routing, etc. make sense.

    Furthermore, it is often the content which speaks more about the authorship, than the chain of technical events that leads to the publishing of the information. In Slashdot, for example, I have chosen not to show my e-mail, etc., but by reading my comments even a 10-years old kid can make a deduction about my real identity. Does it make sense for me to use IP-tunneling then?

    Finally, I do not understand the author. He just seems pissed. Maybe he will reconsider his opinion and revive the project. Is he sick from the lies (?) about the crypto-protocols used in the software which is written? IMHO the theory proves quite stable and if there is a room for attacks it is more in the implementations than in the protocols themselves. How many broken cryptosystems do you recollect (I know, I know "the knapsack", but it got broken on the conference on which it was presented).

    Still, even with this project retreating, the subject remains interesting.

    1. Re:Anonymity and Entropy by NoMoreNicksLeft · · Score: 2, Interesting

      You bring up a good point, that is often ignored. Your authorship style can do alot to destroy perfect anonymity, from both the low level (stalkers) and high (CIA/NSA tinfoil hat stuff).

      There are resources available on my network that are at least trying to train people how not to give themselves away. Simple example, someone invites you, and right away you jump on IRC as trifakir. Someone showing up there as "trifakir" isn't necessarily you, of course. But if I wanted to track someone down that had that nick, I'd search everywhere on the internet and commercially available databases. In the end, any handles/nicknames/usernames you use on an anonymous network have to be totally original for yourself... you can't get away with re-using that hotmail username you had 5 years ago. And as simple as this all seems, there are problems. It's not easy to turn off that impulse to do such things... and no one can help you, either. 100% your own responsibility (not totally true, the guy that invites you knows at least enough to ID you, and can give advice, get you pointed at the website that goes over this in detail... but that's about it).

      There are other problems along these lines too. Certain applications are "leaky". Mirc, in particular. Right from the beginning, we knew it would be a problem, and I was helping folks set it up at the command line level to point at a new INI file. But it is pure shit. Even doing that, it is pulling sensitive details from the registry or the original ini files. We haven't found any quite as bad as this one, but is far from unique. Word documents are suspect, in that we can't be 100% certain that published documents don't have some hidden metadata that identifies the author. PDFs created with Adobe are likely as problematic.

      And this is the easy stuff. We've yet to come up with guidelines that will protect you from the most insistent long-term attacks. If a well funded agency were to compile psychological data on you, is itso far-fetched that a demographic profile could lead them to you? Male, 30-40, native born english speaker with definite american language traits, has let a few comments slip about his favorite sports team (in the area?)... it all adds up.

      And as serious as all this is, with me communicating with less than 50 users ever, I've still had questions about how safe VOIP and webcam apps are! I mean, I doubt we have spooks listening yet, but who can say?

      Many books could be written on this subject without ever exhausting it.

  9. Tried it, looked suspicious by vadim_t · · Score: 3, Interesting

    Okay, first impression was:

    "Wow, great project!". It was like Freenet, only faster, lower latency, some stuff was cooler. It looked really promising. It was much easier to install in a chroot jail than Freenet.

    However. From what I saw, I wouldn't trust it for any serious purpose. It looked like the author was only interested in using it for testing his own crypto algorithms, and as anybody who read on this stuff should know, rolling your own crypto is a really bad idea unless you're really, really good, and then make sure it gets well tested for a few years.

    It had a nice possibility of restricting the node to chosen allowed crypto algorithms, but none of the available ones was in widespread use. I mean, AES, DES and Blowfish weren't in the list last time I checked. That makes me rather suspicious.

    I voiced my concerns once in the Entropy forum, and the author replied saying this is basically a research project and not intended for serious use (IIRC).

    If somebody does decide to continue with it, I certainly hope that one of the first things that will be done is to put some tested crypto in it instead of a bunch of homebrew methods. Nothing personal against the author, but I believe that if it was easier to trust it, it could become more popular.

  10. Oh no ... by Entropy · · Score: 3, Funny

    Ack!

    What are they doing to me???!

    --
    The sea changes color, but the sea does not change.
  11. Mute: The Searchable Alternative by KrisHolland · · Score: 3, Interesting

    There is one alternative called Mute, which solves one key problem with Freenet or Entropy which is that it is searchable.

    --
    3dinfo@maficstudios.com
  12. Entropy Project Closes Up Shop... by rwbaskette · · Score: 3, Funny

    ...well that was random!