Slashdot Mirror
Political and Technical Implications of GitTorrent
lkcl writes "The GitTorrent
Protocol (GTP) is a protocol for collaborative
git repository distribution across the Internet.
Git
promises to be a distributed software management tool, where a repository
can be distributed. Yet, the mechanisms used to date to actually
'distribute,' such as ssh, are very much still centralized.
GitTorrent makes
Git truly distributed. The initial plans are for reducing mirror
loading, however the full plans include totally distributed development:
no central mirrors whatsoever. PGP signing (an existing feature of git)
and other web-of-trust-based mechanisms will take over from protocols on ports
(e.g. ssh) as the access control 'clearing house.'
The implications of a truly distributed revision control system are
truly staggering: unrestricted software freedom. The playing field
is leveled in so many ways, as 'The Web Site' no longer becomes the
central choke-point of control. Coming just in time for that
all-encompassing Free Software revolution hinted at by
The Rebellion Against Vista,
this article will explain more fully
some of the implications that make this quiet and technically
brilliant project, GitTorrent,
so important to Software Freedom, from both technical and
political perspectives."
Reread the summary in Davros's voice, in creasing the volume and excitement as you get closer to the end. Come on -- it'll be fun.
The hyperbole makes you look like a frothing idiot.
This is cool, your code can be free. But unfortunately you're still stuck with hosting the documentation on a central website of some sort. I'm hopeful someone will whip up a standard for hosting the documentation website. IE PHP + SQlite + GitTorrent docRoot == Distributed website. Now several websites could support any GitTorrent-hosted documentation. Go to any GitTorrentDoc-enabled website, type in the .torrent of the repository, and blam -- the server pulls it down (or has it already cached) and you can page through the fully-dynamic docRoot. Could even contain Trac or something, so all the bug tracking is also in the GitTorrent repository.
TossableDigits.com: Temporary Phone Numb
...there's too many gits on the internet *now*...
this could make quite a mess, especially with malicious users.
The primary purpose of peer to peer systems are to either avoid censorship or provide lots of cheap/free bandwidth.
Neither of these really apply to source code management. Hosting is easily sponsored and the files aren't very big anyway. Few projects will face censorship anywhere other than the most regressive regimes (ie, China or the US).
A website and bandwidth has never been a chokepoint, sourceforge and google code has for years provided bandwidth.
This is a problem in search of a solution.
it keeps everything in sync across multiple locations, provides access control, and works with all my user's existing clients / IDEs.
The hyperventilation notwithstanding, what amuses me most is the fact that the project is currently hosted at Google Code.
Try meditation or something.
you don't need the hype. linking it to the downfall of vista makes us laugh at you
just describe what it does, dryly, concisely, technically. if it is worthy of the hype, we will supply the hype for you
but when you supply the hype, we are inclined to believe there's not much really going on with your project. which might not be true. so change your tone, for your own sake
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
By rebellion, you mean waiting for whatever MS comes up with next while Linux and Mac get the scraps.
It may be hard for me to admit, but I'm running 2008 x64 server and I love it. MS will flog the vista code base into a useable desktop before gitwhatever changes anything.
I could see this being used to distribute harmful source code...code that would otherwise violate the terms of service of such sites as sourceforge or Google Code. -- http://nigelt.blog.com/
nigelt.wordpress.com
Coming just in time for that all-encompassing Free Software revolution hinted at by The Rebellion Against Vista
Can you also point me to where the rainbow-powered unicorn factories are? I imagine they probably exist in the world you seem to live in, you insufferable twit.
But a central repository doesn't disappear when seeders disappear, and it is more easily controlled to protect commits. The magic of git is that I can easily have a private branch, and then easily merge it. But is this really a good idea?
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
The nice part about a repository hosted on a well-known site is (relative) confidence in the security of the code. If a repo is fully distributed, what's to protect against someone at a node adding malicious code? And, if something malicious is discovered in software you downloaded, how do you track it back to the source node?
Curious,
"What in the name of Fats Waller is that?"
"A four-foot prune."
sad but true...
Land of the free... my ass.
I would rather see a rebellion on Slashdot against articles that announced FOSS news as if it was predicting the second coming of Christ.
This story is in no way related the the Microsoft's (perceived) loss in market share, not to mention the fact that those who are dropping windows are moving to Apple, not Linux. But hey, gotta go for every low blow you can get while the news is still fresh, right?
"When you see a unixer brainwashed beyond saving, kick him out of the door." - Xah Lee
I bet gittorrent takes over the world before you get that movie finished.
It's funny that this is at the top of the front page just now. Just a few minutes ago I managed to insert my first Git repository into Freenet (that is, the first Git repo that I have inserted into Freenet, but not my first Git repository). Since git supports cloning and pulling over HTTP, it already supports doing the same thing through FProxy (an HTTP proxy that allows you to browse Freenet's content as if it were regular websites).
What this doesn't allow you to do is *push* changes to other people's repositories. What you'd need to do in this case is have every developer insert their own git repository into freenet, which others could pull from, and then incorporate into their own repositories. So the accusation that really, truly distributed version control would allow other people to mess up your repositories is hogwash. If someone makes crappy changes, you don't pull from them.
In case you'd like to try it, the freesite for my program (it's a Ruby implementation of the Freenet Client Protocol, not terribly interesting by itself) is here: freenet:USK@IdWcgxE2jxySYQvAWac4LoGfnU~tGVm7xvRCgvyjp3c,bKLoSHTgen8TW6gQpemdCeh4SKCTwVM~qnOtKZyFY40,AQACAAE/TOGoSFCP/2/ . To git it, you'd just run
git clone http://localhost:8888/freenet:USK@IdWcgxE2jxySYQvAWac4LoGfnU~tGVm7xvRCgvyjp3c,bKLoSHTgen8TW6gQpemdCeh4SKCTwVM~qnOtKZyFY40,AQACAAE/TOGoSFCP/2/TOGoSFCP.git/
Of course, you need Freenet installed in order to be able to resolve that URL ~_~
Duct tape, XML, democracy: Not doing the job? Use more.
for example, when ubuntu makes a new release, their servers are usually hit pretty hard, if their servers go down, people can still distribute the iso using bittorrent and the more people that use it the faster it goes
BitTorrent Trademark Guidelines: "Misleading or Confusing People. If you are using any of our trademarks in a way that will cause people to get the wrong idea about BitTorrent's involvement in something, you should stop! If you have some reason why you think your proposed use isn't misleading or confusing, let's talk."
Belief is the currency of delusion.
The only software that provides people with true political power to counterbalance that of others is software that gives them actual power in the political realm. That means software that can take control of resources or kill people and break things. You know what would be a program with political implications? A semi-sentient AI that a rebel group could use to infiltrate its government's command-and-control systems and intelligently make them target their own forces.
A distributed repository has no political implications that mirroring in general don't have already have.
So is this a new car from Pontiac or something?
This is an iffy idea for data that actually matters. The "torrent" type systems sort of work because they're willing to accept very poor data integrity in exchange for free music and video. Even that's going downhill, as more content shows up with logos, ads, and other various dreck tacked on.
When it doesn't work, or something gets lost, who do you blame?
Security is supposed to be through "signing". Who's signing what? Does everybody sign their own check-in, do servers sign collections of files, or what? How do you prevent the insertion of hostile code?
The problem with "web of trust" systems is that it's too easy to create phony identities on line, who then pretend to trust each other. Like link farms for search engine spamming.
Hey lkcl! Having written the last words of the summary did you spontaneously come in your pants?
> Was I close?
Not so much. Git is a revision control system. The linked-to project is about using BitTorrent to distribute Git repositories. The hype at the end of the summary is unrelated and can be totally ignored. It's not likely that anyone would GitTorrent for distributing movies or non-free software. It'd be possible, but silly.
Duct tape, XML, democracy: Not doing the job? Use more.
across most of europe, america and asia, internet access is near-unlimited.
have you considered the implications of receiving linux on a CD, and being cut off from the rest of the internet?
how would a group of 100 developers, or 1000 developers, or 10,000 developers - all of them "used to" the current levels of internet access and speed, cope in a situation where the access to the internet was restricted to intermittent 56k dialup?
Cool read up to the bagging on Vista part. Look, its really simple, my Vista PCs work, work fine and are stable, which is a hell of a lot more than I can say about my frigging Ubuntu box and laptop which had choked since 8.04 and forced me to reformat the box to Vista and laptop to BackTrack 3.
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
read the article: in it, you will see links to the fact that Git already has GPG signing on tags.
also, you will see references to KeyNote, aka RFC 2704. for convenience, i'm cut/pasting the top bit, here:
"Trust management, introduced in the PolicyMaker system [BFL96], is a unified approach to specifying and interpreting security policies, credentials, and relationships; it allows direct authorization of security-critical actions. A trust-management system provides standard, general-purpose mechanisms for specifying application security policies and credentials. Trust-management credentials describe a specific delegation of trust and subsume the role of public key certificates; unlike traditional certificates, which bind keys to names, credentials can bind keys directly to the authorization to perform specific tasks."
Not at all.
Git is a means of sharing and tracking changes to source code for a software project. Formerly, you needed a central server to do that. Now, with GitTorrent, it can be distributed among individual machines.
GitTorrent is designed to lower the bar for starting a multi-person software project, making it easier and cheaper for developers to collaborate with each other.
As a side effect, since there's no central server, it will be difficult for an authority to take down or block GitTorrent projects. I suspect GitTorrent will be popular with people developing software that is politically or legally troublesome in their country.
How can I believe you when you tell me what I don't want to hear?
Really?! Your ass is now the land of the free.. Very inspiring. When can I move there?
Observe the Ubuntu website this coming April when they release a new version and see if you still feel that a website is appropriate to the task. The site gets hammered so hard that it's problematic to even get the .torrent files directly from them, nevermind the ISOs, and it's not feasible to have that kind of bandwidth sitting around unused except for a few days every 6 months, nor is it currently feasible to get that much bandwidth on-demand for a website, but bittorrent allows for just that, as you're pooling the bandwidth of everyone downloading it. You can easily gets amounts of bandwidth that would cost tens of thousands of dollars to have in a conventional manner.
upon the advice of my lawyer, i have no sig at this time
You're supposed to have a connection to the "web of trust" system. The system isn't meant to work based on the idea of, "Oh, there are a bunch of keys that have signed each other. Must be fine."
SIG: HUP
I don't know how this would work with software, as Bit Torrent files seem to have a half-life of sorts, so that older files might disappear. What ensures that the entire list of files expected is actually available, and how do you browse "the repository" for a project?
Currently hooked on AMP
From a technical standpoint, with Git, there's nothing about the central server that is unique. Instead, it's a social convention. Everyone knows where to get the code. Linus discusses this here. http://lwn.net/Articles/246381/
Perhaps, my imagination is failing; but, I don't think this will change. Most people want to go to a well known trusted place to at least get a secure hash of the code they are downloading.
For instance, the Debian distro is available via bit torrent. No sane person, downloads the latest Debian .torrent posted by 1337_KeRNeL_haxor on the pirate bay. They get it from debian.com or some other trusted site.
Also, we really need those central servers. Without them you'll constantly run into distribution problems. Just imagine having to post a message like,"Will someone PLEASE seed the repository. I need to grab the latest kernel."
debian has a keysigning process that creates a web of trust.
http://www.chaosreigns.com/code/sig2dot/debian.html
http://www.debian.org/events/keysigning
Proof or it didn't happen.
Why don't you want your pet project hosted by a large corporation? You really just sound like you're whining about nothing.
I'm pretty sure neither Google Code nor Sourceforge discriminate against the third world.
I don't see why you'd keep a film project in a SCM, and game art assets can be kept separate from the code anyway. SCMs won't track them very well.
Yep. He gives up his ass freely.
This is a very legitimate torrent use that will frustrate the RIAA in its attempts to stamp out torrents.
I could see this being used to distribute harmful source code
...for similar reasons, I suggest we make atoms illegal. It is a widely known fact that atoms can be used to make weapons and bombs. I don't understand why the government isn't doing anything about this. Also, I read somewhere that rapists and murderers are made of atoms.
right up there with
proposed
planned
we might get to it someday
we needed something to fill the hole
This protocol already exists:
http://en.wikipedia.org/wiki/GPRS_Tunnelling_Protocol
Don't make the protocol world more confusing than it already is...
"There can be little doubt that union activities lead to continuous and progressive inflation." F. A. Hayek
The last project entries/downloads are from February 2008. Why such a hype over a dead/dormant project?
"whilst many people would be capable of making the same deductions, many people are not"
the people who are not making the deductions you are making are the ones who seem to be in better contact with reality
regardless, no one likes someone else making deductions for them, no matter how truthful
its patronizing, it drives people away. it demonstrates a colossal arrogance
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
You mean someone else supports cleartype fonts now?
I'm not a Microsoft fan but this shit about a vista rebellion has nothing to do with bringing two technologies together (that also have their warts).
I'm petty sure the frustrated Vista users won't be benefiting from peer-peer distributed source code anytime soon.
And a famously overactive censor.
it's not feasible to have that kind of bandwidth sitting around unused except for a few days every 6 months, nor is it currently feasible to get that much bandwidth on-demand for a website
Ahem.
It costs money, yes -- but it's certainly possible.
Don't thank God, thank a doctor!
You're used to permanent online Internet access.
in cases where internet access is prohibitively expensive or even impossible, it makes perfect sense to have everything in easily-syncable git repositories.
once you have the documentation, the wiki, the code and the bugtracker in repositories, you could even sync those repositories up with the rest of the world through the exchange of floppy disks, CDs or USB memory sticks.
so the article is about "thinking ahead".
So we can put porn on Git, right?
Ooh a new way to distribute DeCSS source!
Define illegal. Distributing documents that certain organisations (or, say, religions...) don't want to see distributed? Showing video footage that certain governments would love to see vanish (because, say, it shows how they deal with protesters)?
But don't worry, governments will agree with you and make this tool illegal for that very reason. Or national security. Or any other excuse if the price is right.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I had attempted an implementation of similar concept limited to Java applications and based on top of JXTA P2P protocol as my MS project. http://www-users.cs.umn.edu/~salvi/downloads/jyro_aos_project.doc All the possible applications mentioned in this article are nice and are known for a long time. What matters is execution. Good luck to the project!
Git is basically just a generic distributed versioning-filesystem layer, right? Source control is its current killer app, but it's got no particular hooks to make it dependent on that domain.
So if we combined Git + Bittorrent... does that give us a generalised peer-to-peer distributed filesystem?
If so, that's a whole lot more interesting than just a way to share source code fast. Imagine a true peer-to-peer Web built on something like this.
Imagine, for instance, posting blog or wiki posts as little paragraphs of text, each as a separate file, not uploaded to a 'server' but just put out onto the grid. Cache every chunk of data as it moves through servers, maybe have a name-resolution layer like DNS over the top so that one server is 'authoritative' for your blog posts, but that server doesn't need to be online all the time as long as another one has replicated the data. Add a language which allows transclusion of chunks and/or functional manipulation of them, so you don't have to use messy AJAX tricks which bust the caches.
We could get a few steps closer toward Xanadu.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
GitTorrent seems more about keeping everyone's repository updated. No one will ever accept you're pushed content if you're not on the inside. You can still contribute but only through the more slow traditional vetting process of emailing a repository update along with change explanations.
What is mega different is that two ego tripping developers can stop pulling one another's changes while allowing other developers to continue pushing to everyone.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
I call bullshit and gross exagerration. First, GitTorrent lacks any implementation, there is only some code testing concepts in the GTP 0.1, the draft of protocol. Second, Git is distributed version control system by itself, and doesn't need GitTorrent for this: GitTorrent is meant only to distribute the load of initial clone and fetching large parts of history among peers (among clients), reducing load on the server it clones from; no more.
git - Noun:
Brit slang a contemptible person [from get (in the sense: to beget, hence a bastard, fool)]
Do we really need a torrent that facilitates easy distribution of these people?
A One that isn't cold, is scarcely a One at all.
Given that a fair proportion of most of the firms I've worked for do not know how to use SCMS, a lot of the SCMS I've maintained contain rather large binary snapshots. Also, distributed firms. So this might be a useful tool if I could get people to use it. Which is unlikely.
but the politics? In this case, leave it out. Just a distraction.
Patriotism is a virtue of the vicious
I'm not saying that Ubuntu would foot the bill, I'm talking about having centralized torrent hosting sites for... legit content! Who'd have thunk it? There are other, easier ways to get the desired outcome without creating a safe haven for piracy, which is obviously what this is about more than anything else.
You keep source code in an SCM to manage diffs. Binary blobs don't diff very well.
Sure, it makes sense to keep binary blobs intended for specific revisions in an SCM, but other than that?
You should get tested.
Does having a witty signature really indicate normality?
In the words of the bards, "This. Is. A. Dead. Parrot."
We welcome our Git brothers for reinventing the wheel again versus CVS's established http://www.cvsup.org/ for mirroring and distribution.
The more the merrier.
Which then leads to the problem of how to effectively filter for "legit content" or even how to define what "legit content" is.
upon the advice of my lawyer, i have no sig at this time
I always check my GIT repository into SVN for safe keeping ;-)
These posts express my own personal views, not those of my employer
Instead of sign DNS, why dont we just maintain the dns by ourself?
Allow a distributed dns may get better security. the dns is just a assistant way to make address easier to use. It shall not be a reaon that the net have a single central control and a break point.
It is the site to give out ip as well as the preference name, it is the user to decide how to call the ip.
It is the freedom.
Attention, whoever tagged this "giterdone": I hate you.
This idea has been around since 2005 at least...
I'm genuinely curious.
It seems to me that there'd be better revision management tools for video.
Sounds like most nerd conventions.
"Git: A completely ignorant, childish person with no manners; a person who feels justified in their callow behaviour."
http://www.urbandictionary.com/define.php?term=git
and anything else you want... just set up a distributed git repository for it...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
For instance, the Debian distro is available via bit torrent. No sane person, downloads the latest Debian .torrent posted by 1337_KeRNeL_haxor on the pirate bay. They get it from debian.com or some other trusted site.
Have a look at debtorrent (or apt-p2p)...
You're right that you need centralized servers for signatures, and a backup seed if no one else seeds. But other than that, it's safe to grab binaries from just about anyone.
Unless you think that either the crypto doesn't work, or it's been misapplied. In that case, the trust you need if you download from a centralized server is that there are no men in the middle.
Oh noes! The glasses they do no good!
> No sane person, downloads the latest Debian .torrent
.torrent. You can't trust debian.org to provide you with "good" torrents if it won't provide the signatures along, or can you?
> posted by 1337_KeRNeL_haxor on the pirate bay.
The code would be all signed. If you trust the keys, you can trust the
> "Will someone PLEASE seed the repository. I need to grab the latest kernel."
Yup, I can imagine this happening. But rather for +5 year old archives. And even then, I'm pretty sure there would always be a few bastards that'd keep the 0.99 releases of Linux, pre-1.1 Debian, etc. We'd just move away from thinking of projectname.org as a source of stable, central... "authority"? -- and just grab everything from the closest neighbor (which _could_ be debian.org), and verify the signatures.
You never needed a central server for Git. You've always been able to do "peer-to-peer" distributed development by transferring patches over email, or by setting up a git daemon.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 Whoops, silly middle mouse button...