Slashdot Mirror
Decentralize BitTorrent with Kenosis
UnderScan writes "Eric Ries, writer/programmer/CTO, authored an article 'Kenosis and the World Free Web' at Freshmeat [Owned by Slashdot's Parent OSTG]. Kenosis is described as a 'fully-distributed peer-to-peer RPC system built on top of XMLRPC.' He has combined his Kenosis with BitTorrent & removed the need for a centralized tracker. He states: 'To demonstrate Kenosis's suitability for these new applications, we have used it to improve upon another peer-to-peer filesharing application that Just Works: BitTorrent. BitTorrent does one thing incredibly well. Using a centralized "tracker," BitTorrent manages efficient distribution of data that is in high demand. We have extended BitTorrent, using Kenosis, to eliminate this dependence on a centralized tracker.'
See also the Kenosis README for details on using Kenosis-enabled BitTorrent."
Outside piracy, how useful is this?
n. Christianity
The relinquishment of the form of God by Jesus in becoming man and suffering death.
Thinkin' Lincoln - a web comic of presidential proportions
How is the RIAA and MPAA supposed to stamp out bittorrent if you guys keep improving it? Where's your compassion?
Neat, an open source alternative to Exeem which sadly turned out to be a spyware-ridden disappointment according to an earlier slashdot post.
Then this falls a bit short of the "killer p2p app" moniker that it *almost* deserves.
The old Lie: Dulce et decorum est Pro patria mori
QUite useful, of course! We could distribute spatial-data, and Wi-Fi locations to PDAs and laptops in this way. There are metric tons of useful applications for BT and K.
Zhrodague.net - I do projects and stuff too.
From the feature list...
Kenosis works in almost any networking environnment, including restrictive corporate firewalls, because it uses XMLRPC for its network communications. It can also work with an HTTP proxy.
This alone makes a worthwhile project, for those stuck behind firewalls/proxies.
And welcome to KBTR (formerly K/.), all Bit-Torrent stories, all the time.
Enough, already!
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
We all knew this was coming, but would this app get this kind of exposure had the MPAA not cracked down on those BT tracker sites?
It is just like Scour net (web based/centralized), then napster (p2p/centralized), then kazaa (p2p/decentralized). Every time they go after a technology, they force it to evolve into the next phase. They will never win IMHO.
3. Sell content
From TFA:
Kenosis is built in 100% pure Python
[snip]
He is author of several Free Software projects, most recently the peer-to-peer RPC system Kenosis, and co-author of several books, including The Black Art of Java Game Programming and Mastering Java.
It's fun to see how book-writing hackers act. Sell Java books to the Unwashed Masses, develop own projects in Python. BTW, interestingly enough, one could almost guess from reading the first few paragraphs that the implementation is going to be in Python.
Now we are just waiting for a platform-dependent implementation in C++ and MFC that is supposed to be faster because it's "native code", which all the clueless kids with 8mbit internet connections are going to download...
Save your wrists today - switch to Dvorak
The problem with this approach is dealing with untrustworthy peer. Without substantial protections, one peer can ruin everybody's downloads.
Well, since there is a central DNS server at bt.kenosisp2p.org, how can they sincerely declare this to have no central point of failure? Yeah, of course dns propagates, but turn off this central DNS server and in a few days everything is gone, right?
3 is "Get sued by MPAA anyway". Step 4 refers to the studios' profits.
Look, so long as the MPAA goons can trace at least one packet of a movie download to your IP address, you have liability. And with BT, as long as you're downloading, you're also uploading. Use torrent, and your ass is exposed, regardless of whether the index is centralized or decentralized. Call me paranoid, but that's how I look at it.
These little apps simply make the case for draconian DRM on everything, screwing us legitimate users even more.
Thank you pirates.
When will the Empire^H^H^H^H^H^H *AA ever learn?
You have two hands and one brain, so always code twice as much as you think!
This is an important step, but it still does not hide the user's IPs from the *AA.
From the Article:
It does not address problems of anonymity, privacy, or distributed data retention, although we hope to address these issues in future versions.
because downloaders still need a way to find the content. So you switched from a central tracker to a distributed RPC system - but you still need someone to give you an IP address and a port to connect to the swarm. As long as Joe Sixpack can find the swarm and connect to it, so can RIAA/MPAA attack-bots, and then the fun begins...
If I understand this correctly, this doesn't affect communication between the bittorrent peers, just the client and the tracker. It still won't work through an HTTP proxy.
I think I found a defect.
This thing doesn't make any fucking sense.
I was really excited by this slashdot story, because I think something like this could be very very useful. I have to say that I was disappointed a bit by the download.
No docs or pointers at the top of the tarball.
One of the READMEs on the site says try "test.py" for an example, which seems to just hang.
Elsewhere it says to fire up bittorrent
trackers and clients.
There clearly is a lot of work that has gone into this, and the idea sounds really promising, but it looks like it needs a better end-user documentation before it's ready for primetime.
Why would you want to remove the central tracker? Bittorrent works very well as it is.
Umm, yes, sir, the solution is quite easy - it's called a proxy + encryption. In an offshore country. One without MPAA goons. With packets that look like garbage to anyone looking at them.
Because you have a fixation on money like some I've been acquainted with.
Seriously... I don't see how to make money off this...
Seriously...why is that important? Did you even read the article? The author of this BitTorrent enhancement does not even use the word "money"--it is WAY down the list of motivations for its creation, not does it seem to be about getting pr0n and warez. This guy sounds like an idealist in a very true sense--it's about decentralisation of control--making content available without being reliant on central servers.
I think this would be immensely useful. The reliance on central BT trackers has been shown to be BTs primary weak point--once a torrent is located and transfer is initiated it is incredibly robust.
Besides the fact that the admins of BT trackers are being harassed into submission by MPAA and RIAA, the more popular trackers seemed to be quite unreliable. If this innovation (open sourced to boot) addresses the reliablity issues in LOCATING the content that BT is so good at DISTRIBUTING then it could be start a dramatic shift in how we use the Internet, much like the WWW was.
It doesn't even have to be about piracy. Used within a VPN or on a corporate WAN it would make distribution of a large number of big applications much easier to distribute. I make VMWare and ghost images of machines that are many gigabytes and this solution would be a great way of distrubuting them to a large customer with global sites (keep in mind that these clients are legally permitted to use these images--my employer is a stickler for that).
A small operator could distribute software this way and save on the costs and time associated with maintaining a critical server with big pipe to the 'net. Security patches could be distributed this way very effectively without reliance on a single entity for distribution. The possibilities are endless. It might not be a money making machine, but it is the kind of thing that (if it works well) could change the face of computing.
I just read about Kenosis from its homepage. And, I'm forced to ask:
Do we really need yet another bloated python p2p app? I can feel the flamebait and troll mods comming.. but seriously: Python sucks at gui work. It has to use generic wrappeers, like wxPython, that are extremely inefficient. Sure, like Pearl or Java, you can write gui apps using Python... but they always come out slow and over-weight.
Consider the BitTorrent client. Just running the application, without an actual torrent being transfered, consumes 23 MB of memory (on Windows) -- for that cheesy, very simplistic little GUI. When you actually start running a torrent through it, it'll easily chew 40 MB's and gobble considerably more CPU time than a comparable program written in C/C++.
I'm not saying Python isn't a useful language... But it was not designed to run P2P apps.
Just because a programming language can be extended to creating GUI applications does not mean it's a good idea. Python's strengths are elsewhere, and I for one am tired of the BitTorrent community using it to write p2p clients in.
Now go ahead and mod me down for having a modicum of common sense.
/dev/random
If you read the article carefully (or not so carefully), you'll note that this product does NOT include a fully distributed / decentralized tracker... an web server tracker is still necessary for the initial torrent retrieval. If that tracker becomes overloaded / unavailable this system will have real value, but there's still an originating central tracker for the MPAA to go after.
However, it's only a very short matter of time. The author explains that such a thing could be easily created with this framework. Clearly he could have done it if he wanted, so I'm guessing this is a purposeful strategy on his part to avoid any potential direct or indirect personal liability or legal issues down the road...
-R
Well with better P2P software, we can pirate more stuff thus have more money to donate. Sheesh. Look at the bigger picture.
Not meaning to sound mean or anything myself here, as I do feel for those in the path of the devestation.
Did Miss something? Since when does an accident stop the world from turning? It doesn't! In this case the world actually turns faster!
There's alot of horrible things in the world today. Tsunami is just one of them. Twin Towers was another. Many Many others out there. The world moves on. So should YOU. Help if you want to. Support others that want to help. I donated. I'm also living my life.
Get a fucking clue, please.
RTFA and read it properly. The server is merely a pretty interface for older BT clients that will search the decentralised version and return the tracker address of the last known tracker for that item.
That's got nothing to do with the decentralised network itself.
The problem with Kenosis is, of course, it's reliance upon a central DNS server to point to a list of distributed trackers. Many will undoubtely point out, that this DNS server could be taken off, and that's it.
Now how can we really circumvent this problem? One solution would be to advertize a list of DNS resolvers on USENET. A preconfigured list of newsgroups could be used to bootstrap this, and new usegroups (should the original newsgroups get closed) could be regularly advertized as well. A client would just go to those newsgroups, and fetch the updated list of DNS servers, newsgroups etc...
This system would be much more resilient to attacks by RIAA or MPAA because they won't have a single point to attack. Closing newsgroups is much more difficult than taking one DNS server from the upper zone.
Another way to advertize the DNS servers would be via spam! Yes, you didn't misread this. One can easily encode the location of DNS servers in spams and have clients read those spams, effectively extracting an updated list every now and then!
This is very important, because spam is already used as a covert channel to prevent traffic analysis. Specialy crafted spam checkers can extract useful information from spams. One such information would be the distributed location of trackers (or DNS servers that point to them).
Just because it's unethical (to piggy back useful data on top of spam), doesn't mean that it's not already used on a quite wide scale. There's no reason why it shouldn't work on a new generation of distributed BitTorrent trackers!
cpghost at Cordula's Web.
You suffer from what is know as "lack of vision"
btw , who the hell are you to tell others what they should be doing?
just because you are too narrowminded to see the value in this, doesnt mean everyone else is.
you came up with some ideas, better guis. where is your work on the subject, where is your code. what have you done. ohhhh you expect everyone else to have the same priorities as you so you can just leech off their work all while being a dick about what people are doing with their time.
do something and stop bitching to others about what they choose to do.
i dotn see you doing jack.
Lets simplify this. You are a program that doesn't know anything about the world, because you are a de-centralized program. You are started by your master ("user," in human speak). What do you then do? Who do you connect to? Surely if you had an address hardcoded somewhere you would no longer qualify as being decentralized. Do you start walking the IP space, trying to connect to 1.1.1.1, 1.1.1.2, and so on? Oh, so the IPs you have coded in your config are "only hints," huh? Okay, then you should be able to cope with all those "hints" having gone bad. When those hints are all bad, what do you do, Mr. D. Centralized Program?
Decentralized, my ass.
Must-not-watch TV!
There is a ton of good legal content that will be created once the bandwidth issue is solved. It's sad that the default comment is "well this sucks because the **AA will still be able to track me down when I use it to break the law." Most of use see the cultural usefullness of these things but the handfull of anarchists among us are hurting the movement.
The fact that this can get through firewalls and that it won't fail under heavy load (as happens with bittorrent trackers) are the important things.
What if Digg added local news and a Slashdot inspired comment karma system? ---
http://houndwire.com
old band. i am getting old. soon i will be dead. sigh...
sum.zero
Correct me if I'm wrong, but wouldn't routing all tracker requests through a single domain create MORE of a bottleneck?
Please, give it a rest. You cannot change the bottom line. Spend your time writing better GUIs and promoting a 'standard'.
I agree. Joe Fourpack needs P2P applications with better GUI's; and a standard p2p is needed so that everyone's shared file collections are not scattered amongst different p2p protocols.
The price of freedom is eternal litigation.
this sounds great, but havent we been waiting a while now for exeem (which they're taking their time to develope to make sure it really works)?
how is it a project like this can come completely out from under the raidar. this sounds exactly like exeem, but out much quicker.
is this gonna be an app that winds up to be very disappointing because it was hyped up before it was thuroughly tested?
(I am one of the authors of Kenosis.)
We are planning improvements to Kenosis in a number of areas such as better integration with BitTorrent, a more distributed BT tracker, simulation of larger Kenosis networks and making Kenosis work over NAT.
We'd love help with any of these or other areas.
Please join the mailing list to get involved.
Azureus is an open-source Java-based BitTorrent client with a built-in tracker.
While this looks like a good start, this isn't likely to catch on until it can be installed from a single .exe file for windows users. Then it would have to have one GUI that provides a seemless interface for finding and downloading .torrent files distributed among Kenosis nodes, and then automatically starts downloading the files using the Kenosis distributed trackers.
what sig?
As soon as you enlighten us on how to send a directed IP packet without a destination address, I'm sure someone will write a few dozen p2p apps around it.
1) Have your p2p app run in promiscious mode.
2) Sniff traffic and find an IP address on your local network that you can see traffic flowing to.
3) Instead of giving the other p2p nodes your address, give them one of the addresses you found through sniffing.
4) Your P2P app must now scan for all traffic going to the address you gave to the other P2P nodes looking for traffic destined for you. As I understand networking, the computer who's address you're using will be recieving lots of data not intended for it, but it should just end up ignoring all of that. The only time this will be a problem is if it's listening on the same port that the P2P packet is sending to.
Unfortunately, this probably won't work on the internet where the prevalence of NAT Routers etc to access the internet, and that I don't think you can put a cable/dsl modem into promiscious mode.
On a LAN environment free of switches, this has potential, but that's about it.
I was raised christian but don't practice, make your own preach joke :) Anyway, to be fair I don't think it was the church who started producing chocolate and making easter synonymous with gorging yourself with candy.
And kids eat chocolate eggs, because of the color of the chocolate, and the color of the... wood on the cross. Well, you tell me! It's got nothing to do with it, has it? You know, people going, "Remember, kids," the kids who're eating the chocolate eggs,
"Jesus died for your sins."
"Yeah, I know, it's great!"
"No, no no, it's bad, it's bad!"
" No, it's bad! It's very bad. It's terrible! Whatever you want, just keep giving me these eggs."
And the bunny rabbits! Where do they come into the crucifixion? There were no bunny rabbits up on the hill going, "Hey, what, are you going to put those crosses in our warrens? We live below this hill, all right?" Bunny rabbits are for shagging, eggs are for fertility. It's a festival - it's the spring festival!
End of line..
You just have mathematically demonstrated that you have no clue whatsoever about Gödel's theoretical work. Way to establish your street creed.
This may be off topic...
I was wondering what the slashdot community thinks of the estimates that BT uses 1/3rd of available internet traffic.
Considering that it is a bit more private and "exclusive" than things like Kazaa and Edonkey does that number seem possible. You know. It takes the install of the basic BT binary as well as the GUI client of your desire. Then you need to find a decent BT website/ community.
If this figure IS true, wouldn't making BT even more viable eventually choke the internet?
Thoughts?
It would be ironic that something that was designed to "manage" bandwidth may end up hogging all that is available.
Do you know of a bit torrent client written thats faster for windows? cTorrent might be useful for Linux users, but is there an alternative for windows users. I've seen that bit torrent is slow and am interested to know that it is because it was written in Python.
Frylock: "We should have cloned twenties, Jackson wouldn't have given a fuck."
got an ebuild anyone?
The one I love to see on resumes is "HTML programmer". "HTML programmer"? WTF is that? What did you do before that? WordPerfect and WordStar programming? When I have an embarassing gap in my resume I usually lie and say that I was a transvestite cabaret dancer. It might not be true but it does get HRs attention.
cheap labor conservatives - they want to keep you hungry enough to be thankful for minimum wage.
DHTs work like this: Every node on the network has a 160 bit identifier. Given a key, through the DHT we can find the node whose identifier is 'closest' to the key. In Kademlia, the closeness of a node is quantified by treating its identifier XORed with the key as an unsigned integer. The node with the smallest such integer is the closest, and is therefore responsible for the key.
.torrent as the key (extracted from the tracker URL, in the .torrent). So say you have a .torrent whose tracker you would like to eliminate. Just choose your node identifier, when you join the network, as either equal to the hash in the URL or close to it (such as by simply flipping one of the lower-order bits). That way, you will with near-certainty be the closest node to that hash, and thus be designated the tracker for that torrent. Now just ignore all requests from clients.
If you look at their readme file, they're just using the hash of the file kept in the
It can easily be done.
- sm
The other issue i see is that when a DDOS is carried out, it'll quite possibly affect significant numbers of computers on residential connections... Your cable/dsl/sat company won't like this.
[Fuck Beta]
o0t!
ctorrent is a nice BT CLI client written in C, which won't use that much memory.
For C and C++ programs using the POSIX API, you have to take into account the overhead of Cygwin as well.
Kneejerker suggests: "Then just dual boot!" Clients for file transfer networks are designed to run in the background while the user does something not bound by continuous network throughput in the foreground (such as word processing, image editing, surfing an HTML based web site, or playing a 2D video game) on the same machine. Rebooting between a Free operating system for the client and a more popular proprietary operating system for use of peripherals with poor Free driver support stops the transfer, defeating the purpose.
Kneejerker suggests: "Then just use a Free operating system to begin with!" Buy me a new scanner and I will.
There is a ton of good legal content that will be created once the bandwidth issue is solved.
Oh really? Watch the big copyright owners sue the independent producers of so-called "good legal content", alleging that the so-called "good legal content" is in fact subconsciously copied from an existing copyrighted work. It could happen, especially with music.
Self-publishing content without the need to find a reliable tracker will help lawful BT users considerably.
Right, so simply taking the original site the virus downloads from won't affect it. Cool!
Put identity in the browser.
Basically a bunch of speculation, that COULD happen. I COULD get hit by a bus ... Call us when it ACTUALLY happens.*
Had you taken the time to click the link, you'd see a bunch of cases leading up to one where it has happened. In Bright Tunes Music v. Harrisongs Music , George Harrison got sued and lost for inadvertently copying a song on his solo debut album.
However it also seems to lack Exeem's kazaa-like simplicity.
Each has it's pros and cons. Exeem will very likely be a much easier and more streamlined solution, but BT/K, being opensourced, opens the possibility of support in other opensourced clients such as Azureus (Which seems to be the most popular client based on what I see in swarms).
Also the allegation still has to be proven (there's a reason we have a legal system).
Most independent artists don't have the means to finance a legal defense. Many Slashdot users agree that the litigation process needs some sort of reform.
Courts also do take into mind "what did so and so do to comply with the law?" e.g. Compaq and the IBM bios.
So which steps would you suggest that a songwriter take to avoid subconsciously copying a song he happened to have heard 15 years ago on commercial radio?
This is a question that I have been wondering about, why couldn't somebody code an application that used the gnutella network (or some varient similar to it) to share torrent files? For example, the application ignores all the non .torrent files, such that when you search, it works similar as gnutella network and displays the number of any .torrent files shared. Then you download the torrent file first through gnutella or something like it, which is tiny and will be fast, then the BT part kicks in and the speed of the bittorrent protocal kicks in.
It seems very simple and would offer solutions to a lot of the problems people keep mentioning. Of course, if it was attacked it would need modification etc, but I am just wondering conception why this wouldn't work.
jet
The legal standard is substantial noninfringing use. Not "primarily noninfringing use", substantial. If you want to use your own standard, fine -- but I think the one encoded in current US case law works quite well, thank you.
I agree inasmuch as the fact that laws are being broken on a regular basis indicates that there is indeed a problem somewhere -- but it doesn't mean that the problem is with the technology used to break the laws. Whether it's related to the behaviour of the people who break the laws, the economic models which encourage individuals to break said laws, the laws themselves, or other factors is well beyond the scope of this discussion.
Finally, coming back to topic: Having distributed failover for BitTorrent trackers is a Good Thing! If I'm providing a massive download (say, a patch to my game) to a number of users and someone runs a DDOS on my server, I'd really quite prefer that the download still stays up.
You'd suffer from the Gnutella network's biggest problem as well, fake files. Using this method it would be very easy to start spoofing files. That's the beauty of a centralised web repository of .torrent files, they are guaranteed to point to known good copies of files.
Do we really need another network-heavy (client and server) C/C++ app with multiple buffer overflows waiting to be exploited?
I, for one, am glad this thing is written in Python.
Plus, it isn't the distribution of the .torrent's that is the problem Kenosis is trying to solve, but the role of the trackers.
catch (HumourFailureException e) { e.user.send("You, sir, are a humourless idiot."); }