Slashdot Mirror
Adeona Warns of Instability; OpenDHT Mothballed
gbickford writes "Adeona, the first open source system for tracking the location of your lost or stolen laptop, was featured on Slashdot last year. I was stoked when I read about how it worked and I installed it immediately. I just went to look for updates on the site and was greeted with a giant warning message stating, 'Adeona is currently not working.' It seems that OpenDHT, the distributed hash table that stores the location information and photos, has been fairly unstable lately. The developers claim that this is "largely because the back-end OpenDHT system is not able to tolerate the load imposed by Adeona. OpenDHT removed the need for a centralized database with tracking information, which in effect prevents a 3rd party from tracking a user's whereabouts. OpenDHT was Sean Rhea's Ph.D. project back in 2005 and he has decided to officially bow out of maintaining it as of July 1st, which has left the developers of Adeona looking for another back end to store location information and photos. The source code for Adeona is available and they are actively seeking developer contributions on the developer's list. Do any developers have ideas on where to put scads of information in a free, reliable, anonymous, and secure manner?"
Post the information in anonymous Slashdot comments!
scads of information in a free, reliable, anonymous, and secure manner?"
there's 4 criteria there. take away free, and you can get the other 3 criteria. leave in the word "free," and you can only have 1 of the other 3 criteria
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
BitTorrent to the rescue?
Freenet is an option that *might* meet your needs. Unfortunately, it won't work well unless you're willing to run a node a large fraction of the time (might be hard for a laptop). And that implies a nontrivial bandwidth and disk commitment.
Whether it's reliable enough is another matter. Data that isn't accessed at all will become unavailable after a week or three; shorter term than that, or for data that's accessed at least occasionally, reliability is quite good. Speed isn't exciting, but a few seconds (maybe 15-30 if you don't access at all, maybe a lot longer if it's almost but not quite completely gone) latency and a few kB/s should be plenty here.
On the plus side, it is Free, anonymous, and secure. Of course, all of Adeona switching to it might represent a rather larger load than it's ever seen before -- and would probably be disastrous if those nodes didn't have a decent uptime percentage.
"Distributed hashing tables are a class of decentralized distributed systems that provide a lookup service similar to a hash table: (key, value) pairs are stored in the DHT, and any participating node can efficiently retrieve the value associated with a given key." [1]
They should look at Bamboo DHT.
Put identity in the browser.
The reason for using OpenDHT, I think, was that Adeona didn't want it to be possible to trace user's movements using their system until the laptop was reported as stolen. Not that I am entirely clear on this. Perhaps the best thing to do for the time being would be to back off on the unbreakable-privacy goal until a reliable system arises, and use a database like the rest of us.
Yes, this is dangerous, in that it centralizes in one place the call-in data regarding some large number of laptops. And it makes it tempting for some government to subpoena the data, use it for eavesdropping, etc. So it should not be allowed to stand forever. But it seems kind of silly to just fold up tents until some reasonably blue-sky software meets production goals.
Bruce
Bruce Perens.
What I was thinking was just create a spreadsheet with Google docs. Google docs lets you create a webform to let anyone submit data to your spreadsheet. You could have your tracking software fill out the form with the IP address. The spreadsheet by default can only be viewed by your google account but it you want additional security, encrypt the entries.
There's two types of thieves for laptops/small electronic devices.
One type (drug users, thieves with little technical knowledge, people who just want very quick cash) generally just try to pawn the device ASAP and get less than 10% of the retail value. The person who purchases the device from the pawn shop may or may not be that knowledgeable or have install disks to wipe the installed system.
The other type will try to maximize the money they get from the system. These people tend to be more technically knowledgeable and are more likely to wipe the computer and install a new system on it and then ebay or craigslist it, or they may even try to ransom it back to the original owner.
The devices stolen by those of the first type of thief generally will get booted up and plugged into the internet with tracking software intact and ready to report.
Now, it's not enough just to get a report, like an IP address and possibly a photo of the person using the device, because the police may not be interested in tracking down the device. Recently, I read a story about a stolen Mac with tracking software installed, where the owner went to the police with the info, and they were brushing him off except a member of their drug enforcement department happened to see the picture and recognized a drug dealer they were looking for, so they did track down the location and arrested the guy/returned the computer intact.
Sleep your way to a whiter smile...date a dentist!
In this case you store the data in the other clients. If you want to use the software you have to agree to store a gig or so of encrypted data. Your laptop connects to the grid periodically and uploads your data and downloads someone else's. Cooperative cloud computing at its finest, and the developers don't have to ask for help from anybody.
Help stamp out iliturcy.
Let users specify a server of their own, and either FTP the data or send it to them with a HTTP post form.
HTTP post forms are perhaps the most reliable way to transfer data.
Other methods that involve different TCP/UDP ports, or custom protocols like RPC are prone to failure when firewalls on a foreign network block the traffic in the name of security.
It would be very difficult to accidentally block Adeona if its outbound traffic looked like ordinary web traffic and wasn't to a small list of servers (that thieves could easily research and block traffic to).
That's pragmatic advice to safeguard Adeona (I agree), but most of the responses here seem to have interpreted your advice to also mean dropping any interest in OpenDHT, because you called it "blue-sky"(which possibly suggests that "it's not gonna happen").
I think that a working Distributed Hash Table that is also scalable would be an immensely valuable resource to the community, and would end up underpinning many other projects besides Adeona. The legions of FOSS comprise not only coders but also many visionary designers and competent researchers as well, so I think we can do better than just leave OpenDHT to sink or swim without help.
How about fostering some more research-oriented work on OpenDHT (if the current design isn't a viable one) instead of abandoning it as the mood seems to be at the moment?
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
Something similar happened to my friend last year in London. Some scumbags got a copy of the key to his apartment -- most likely during an apartment inspection with the real estate agent. They swiped all 4 laptops in the apartment plus a few hundred in cash, but strangely enough left a bunch of digital cameras etc untouched.
My friend had Adeona installed on his MBP and managed to get a couple of good webcam captures of a suspect and IP address, which he sent to the cops. The cops weren't interested in recovering the stolen goods -- not enough police resources to devote to cases like this, apparently.
So much for that. I think it's almost better just to form your own P-P-P-Powerbook goon squad and go knocking heads once you've figured out a physical address for the IP.
Google's AppEngine is massively distributed. Be sure to encrypt the information written there, and you'll be done.
8 of 13 people found this answer helpful. Did you?
Let's see about that. I'll just fire up my custom metasploit and we'll see about that. Ok. Now its probing 127.0.0.1. We'll see ho
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
The functionality depends upon the thief being unaware that information from the laptop is being transmitted somewhere and thus could give away information revealing the theft. If the thief knew about the client then they would of course find a way to disable it before attaching to a network.
With the current state of technology it's credible that a thief would steal the laptop, connect to the internet, then hopefully get caught. But what if laptops routinely had a GPS receiver onboard, and possibly also a GSM/UMTS modem? At that point it would become widely known by even the dumbest thieves that "laptops are trackable when you turn them on" and an arms race would ensue. The distributed tracking system would no longer be any good though
I already have a mobile phone with onboard GPS and there is an app which at power-on can auto-send a GSM text message containing the phone's detail to a pre-specified number. This is not defeated by changing the SIM card.
"Don't belong. Never join. Think for yourself. Peace." V.Stone, Microsoft Corporation