Slashdot Mirror
Researchers Outline Targeted Content Poisoning For P2P Data
Diomidis Spinellis writes "Two USC researchers published a paper in the prestigious IEEE Transactions on Computers that describes a technique for p2p content poisoning targeted exclusively at detected copyright violators. Using identity-based signatures and time-stamped tokens they report a 99.9 percent prevention rate in Gnutella, KaZaA, and Freenet and a 85-98 percent prevention rate on eMule, eDonkey, and Morpheus. Poison-resilient networks based on the BitTorrent protocol are not affected. Also the system can't protect small files, like a single-song MP3. Although the authors don't say so explicitly, my understanding is that the scheme is only useful on commercial p2p distribution systems that adopt the proposed protocol."
We need to fight against this kind of tyranny. Make sure to keep ourselves armed with the latest knowledge on how to defeat and subvert these 'poisons'. These corporate moneymongers are sad that they can only buy 3 boats this year instead of two, while we are stuck paying $25 for a CD. The system of money is an ancient and outdated system that needs replaced with a resource based economy anyway, and P2P is a good step in the right direction.
Yeah good luck with that.
Abstract: Today's peer-to-peer (P2P) networks are grossly abused by Illegal distributions of music, games, video streams, and popular software. These abuses have resulted in heavy financial loss in media and content industry. Collusive piracy is the main source of intellectual property violations within the boundary of P2P networks. This problem is resulted from paid clients (colluders) illegally sharing copyrighted content files with unpaid clients (pirates). Such an on-line piracy has hindered the use of open P2P networks for commercial content delivery. We propose a proactive poisoning scheme to stop colluders and pirates from working together in alleged copyright infringements in P2P file sharing. The basic idea is to detect pirates with identity- based signatures and time-stamped tokens. Then we stop collusive piracy without hurting legitimate P2P clients. We developed a new peer authorization protocol (PAP) to distinguish pirates from legitimate clients. Detected pirates will receive poisoned chunks in repeated attempts. A reputation-based mechanism is developed to detect colluders. The system does not slow down legal download from paid clients. The pirates are severely penalized with no chance to download successfully in finite time. Based on simulation results, we find 99.9% success rate in preventing piracy on file-level hashing networks like Gnutella, KaZaA,Area, LimeWire, etc. Our protection scheme achieved 85-98% prevention rate on part-level hashing networks like eMuel, Shareaz, eDonkey, Morpheus, etc. Our new scheme enables P2P technology for building a new generation of content delivery networks (CDNs). These P2P-based CDNs provide faster delivery speed, higher content availability, and cost-effectiveness than using conventional CDNs built with huge network of surrogate servers.
This isn't unbiased in the least. Sure, arguably it is "research" but calling them researchers from an university makes them seem neutral at best.
Taxation is legalized theft, no more, no less.
ur funny
Actually, poisoning P2P networks as a commercial venture could be prosecuted as theft-by-deception.
Stealing bandwidth is a crime. Downloading songs isn't, if you aren't profiting form it.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
What's to prevent poisoning legal p2p? There are plenty of examples of copyrights being inappropriately asserted. The technology itself doesn't discriminate.
Humans had discovered methods to speedily and automatically transmit mountainous volumes of data. It was a new frontier, a utopia where information was shared peacefully between the people who wanted to see it. And what was its downfall? Not the anarchists, or the communists, or the Islamic fundamentalists, but the so called leaders of the free world.
"We had to do it," they said, "there is such a thing as too much freedom."
If all of the other p2p applications and protocols are vulnerable, as described by this research paper, then to me that gives direction to all pirates about what software they should use.
The other outcome likely is that the other applications/protocols will be improved to prevent such attacks.
This is a very nice and free security vulnerability analysis!
Poisoning the well. What an insightful revelation. Surely it's never been done before, maybe they should throw a patent on it.
"In the absence of the ability to establish the attribute of truth they tried to establish the noble attributes."
What does this even have to do with piracy? The "researchers" have found a way for a third party to break p2p software when used for its intended purpose. Whatever your motivation is for that, it's a bug in the software, not a feature.
The bios at the end of the paper clearly state that both the Ph.D. student and the professor are from USC, not UCLA.
They sound more like wannabe whores to me. How is this blatant soul-selling behavior legal and prostitution is not?
I was curious as to how they were poisoning Freenet, which should be robust against this with its Forward Error Correcting.
According to the paper, Freenet falls under the category of the "Gnutella family" (p.2). The Freenet Project that I know is in no way related to Gnutella.
Are they referring to a different file sharing program by the name of Freenet, or is this statement of theirs just plain inaccurate?
The paper won't download here, so I'm asking without RTFA, but how can this work against Freenet? Do they discuss Freenet in the paper at all? Freenet does chunk-level hashing, and the network enforces that the data matches the hash at all steps. Nodes returning invalid data will rapidly get dropped by their peers. Attacks like this are something that Freenet is explicitly designed to prevent. Also, the anonymity guarantees that Freenet makes would make it hard (potentially very hard) for them to identify a single user, let alone "collusion".
I'm forced to wonder whether the researchers mention Freenet at all, or if the poster is simply lumping Freenet in with other p2p apps that it has very little in common with. (Bittorrent and Freenet should be similar in some ways to their resistance against this attack, but Freenet's strong anonymity guarantees should make it more resistant. The fact that a node engaged in widespread poisoning will have trouble even staying connected makes Freenet even more resistant.)
If they where, they would not be engaging in such pointless research. A little more Turtle and a little less Ari.
Winkey shortcut mapping for 64bit windows. WinKeyPlus
First, the *IAA went after the file-sharing services. "Oh no!" The geeks cried. "File-sharing services have their 2-5% legal uses, too. Why can't they go after the illegal usage?"
Next, the *IAA went after the individual copyright violators. "Oh no!" The geeks cried. "You're being mean! And sometimes the computer owner isn't the actual violator."
And now it seems the *IAA wants to increase the noise-to-signal ratio on P2P to raise the difficulty of illegally downloading copyrighted content. "Oh no!" now the geeks are crying (from the comments prior to mine). "It's harder to get my free shit." (literally)
Seriously, out of the three options presented, I would pick #3 any day of the week... I have no need of the latest trash from the next star of American Drooling Idiot, and it's the least punitive measure they've explored.
If you guys really cared about putting the *IAA out of business, you would stop buying AND downloading their products and encourage others to do the same. Their entire business cycle depends on hype and publicity, it doesn't matter HOW they get it.
"But... but... what about [insert favorite author/performer/director here]? I love their stuff!"
Fuck it. Get some priority, and figure out what's more important to you - your self-gratification or putting them out of business. Unfortunately, everyone, including the *IAA, already knows what the large majority of sheeple will pick.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
Not only are [private BitTorrent trackers] immune to content filtering, but due to ratio requirements and the possibility of getting banned if you misidentify content you upload, they're immune to content poisoning as well as data poisoning and have pretty much guaranteed high speed across the board.
But the sum of share ratios can never exceed 100%. Say I download a file and then leave my client seeding for a week, but almost nobody downloads the file from me because the torrent has a total of three downloaders getting pieces from about 100 other seeds. How do I get to even 90%? Or how strictly does a typical private tracker enforce ratios for older, overseeded torrents?
the network enforces that the data matches the hash at all steps.
But what enforces that the hash matches the title, as opposed to a cuckoo egg?
Today UCLA researchers enrolled in the RIAA's Junior Achievers program proved that p2p networks Gnutella, KaZaA, Freenet, eMule, eDonkey, and Morpheus are, in fact, still in use. Researchers proceeded to take great joy and pride in kicking a dead horse. Unfortunately they were unable to have any effect on modern incarnations of artificial scarcity reduction technology.
http://thepiratebay.org/torrent/5019955
Somebody's poisoned the water hole!
Anything can be found funny, from a certain point of view.
i'm wanna take a big shit on it.
These guys are from USC, not UCLA. As a UCLA graduate, I am extremely upset that anyone would make this mistake. USC students and professors are smelly, unclean, spoiled children who work for the RIAA. UCLA students and professors are the opposite.
Never, EVER, confuse us again.
Even researchers should have basic ethics. Research like this can only harm society in the long run.
...given the absolute rot most people are downloading on the networks. I mean honestly. What could be more poisonous than a Britney Spears song? I'd say let the downloaders have the content. Can't think of anything more poisonous.
These posts express my own personal views, not those of my employer
I read the summary as them finding a way to create a p2p network of 'customers' (clients who pay to be in your p2p network where you deliver paid content) and protecting yourself from the 'customers' who 'collude' (e.g. hacked client s/w?) with non paying client s/w to allow non paying customers to get the content. I don't think it's about subverting an existing network, it's about protecting a network from subversion. If so then the techniques could presumably be used for other purposes, poisoning surveillance perhaps.
People use Kazaa for large files? I thought Kazaa was for small files and bittorrent was for large ones. Now I'm confused.
Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
It's entirely possible that the authors do fundamentally believe in the rights of the copyright industry, but that doesn't mean they might not be frightfully ignorant of any number of closely related technologies.
In fact my experience has shown me that fundamentalists tend to be the most narrowly focused people I meet (whatever their beliefs).
Quack, quack.
anyone who still uses Gnutella, KaZaA, Area, LimeWire, eMuel, Shareaz, eDonkey, or Morpheus deserves this. anyone who researches said p2p apps should have their computer taken away, for they shall never understand the internets.
As a comp sci grad student, here's what I got from a quick reading of this paper:
Imagine that you're a content provider, with paying users. You've decided to distribute content to your users by running a Gnutella-style network. How do we make sure that only paying users can get our content? After all, it's an open network.
We start by sending some sort of magic timestamp-thing to all of the paying users. I didn't read this part in much detail. Anyway, the paying users can all identify each other somehow. They mention that it maintains privacy.
Some of your paying users (the "Clients") are good, virtuous folk, and they're running the Happy Authorized Gnutella software you gave them. Others (the "Colluders") are running Evil Hacked software. No matter what you do, the Colluders are going to send chunks of your precious data to the "Pirates" (anyone who hasn't paid you).
Normally, we'd expect our Clients to ignore requests from our Pirates. This paper instead suggests: let's obligate the Clients to send poison data to the Pirates! The Pirates won't know which chunks are bad; they'll only find out that the file is corrupt once it's finished downloading. The Pirates won't be able to get a good copy, and they'll give up and go away.
And there's one other great thing: we can set up *fake* Pirates, and check which users aren't giving out the poison they're supposed to! So we've served data to all of the Clients; we've identified all of the Colluders; and we've defeated all of the Pirates.
(Bittorrent has data integrity checks for every chunk, instead of every file; that's why it's not vulnerable to this attack...I mean business model).
In summary: This paper describes a way that a company can charge for distributing their own content on a peer-to-peer network. It only works if they control a centralized "transaction server" thThat's why no one has ever at organizes the entire network, and if they control the software of all the "honest" people. They can't destroy our existing networks with it, and it doesn't prevent anyone from turning around and posting the file to BitTorrent once it's downloaded.
The tone of the paper is definitely not as neutral as I feel it should be. What they're trying to say is "there's no obvious way to charge people for running a Gnutella server, because pirates will eat your lunch. But we think we have a way." But it definitely feels like they're putting moral force behind what's really a network algorithms result.
Lets me see if we substitute "not approved by the fearless leader" for "unlawful copyright violator" how does that change the what they are doing?
IMHO this is yet another attempt at FUDD to scare off people who would spread ideas that those in power do not like.
The enormous success of these approaches can easily be seen by a quick check of Emule/Bittorent which shows over 6 million users right now.
I once accidently did a minor DoS attack, when I was starting to write my own P2P client for the Kad network used by eMule, etc. it kept returning the same IP in response to every directory lookup.
Sorry to whoever had 127.0.0.1 back then, if your connection went down it was my fault.
(I don't remember the actual IP)
Note: This attack does not work on open networks as described. The abstract is in error.
They're actually describing the design of a large number of authorised, trusted (paid?) clients, and collusive content providers, indexed for some reason in an open network, but trying to poisoning that open network if it asks for the same.
Riddle me this - why the fuck would such a model not just form a closed network and "solve" the problem that way? (Of course, true Judas nodes are undetectable, leaking a highly-colluded file or master file immediately afterwards, rather than concurrently.)
GossipTrust has various flaws I'm not going to talk about here; let us simply say, gossip is unreliable, and susceptible to as many attacks as it is in real life. :)
Further, it's possible for the rest of the network to collude in the exact same way to detect the fake nodes and drop them off the face of the network, using the same thing. Which they do, because a few nodes tried this attack about five years ago. So, the colluders will be partitioned out into a separate network anyway.
Receive a single poisoned chunk, which is in fact detectable with a single TTH leaf (they have completely forgotten that Gnutella as it was originally defined no longer operates, and in fact TTH is widely pervasive and, due to the smaller block size, many times quicker at spotting corrupted chunks than torrent's often 512KB/1MB SHA-1 list is, although torrent also has a TTH extension now), and all modern P2P network designs will "shitlist" you, which will spread as fast as your chunks do.
How'd this piece of shit research ever get published in the IEEE journal? It's worthless, its conclusions are questionable, you'd be laughed off the stage talking about this at any security conference. Turn it around and talk about detection, but don't pretend this is practical at all.
I'm part way through the research paper, the article summary is just plain wrong.
There is no vulnerability here. They CANNOT poison Gnutella, KaZaA, and Freenet, eMule, eDonkey, Morpheus, or any other existing network with this technique. To quote the paper: Presently none of these P2P networks has built with satisfactory support for copyright protection.
The "problem" they want to "solve" is that existing networks to not possess adequate support for poisoning attacks. This paper proposes creating a NEW additional P2P network. They propose deliberately building in special support to ENABLE poisoning attacks.
While I'm sure the RIAA will eagerly read it over while dreaming of world conquest by releasing their own deliberately crippled "legal P2P network" where they get paid for each authorized client-to-client transfer. As far as most readers here are concerned, this is a completely non-newsworthy story, the contents of this paper are completely irrelevant and harmless. There is absolutely nothing new or surprising about the fact that you can deliberately make your software insecure and you can deliberately leave it vulnerable to poisoning. Yes, a P2P new network could be built Defective By Design.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Did I just step back in time?! Hello? 2001 called and wants it's technologies back.....
"Actually, poisoning P2P networks as a commercial venture could be prosecuted as theft-by-deception."
And engaging in illegal copyright infringement could be prosecuted as? Are you sure you've thought this whole thing through?
"Stealing bandwidth is a crime."
You might want to be careful with that argument. Carried to it's conclusion people who abuse their ISPs connection could be fined and do jail time.
"Downloading songs isn't, if you aren't profiting form it"
Uploading is, poisoning them takes care of the downloading part.
People use bittorrent for small files all of the time.
*knock on Pirate Bay's office door*
"What the hell is that?"
*Hannigan the traveling salesman enters*
"Good evening, little girl, is your mommy home?"
"Dude, this is the pirate bay office."
"No worries precious, I'm sure your birthday party can wait a few moments longer until the dreadful pointlessness of existance crushes your youthful hopes and dreams like mine have been two decades ago, leaving me a hollow broken shell of a man seeking solace in cheap whores and nickel whiskey shots on hungarian hobos."
"Who the hell are you?"
"Hannigan's the name, and I'm here to offer you a great product - it's Peer to Peer Protocol Poison, or 'Pee Pee Pee Pee', from Doc Poison's computer destroyers. When there's traffic that needs destroying, it's Doc Poison or arson!"
Gnutella, eDonkey and Ares clients simply check the chunks and discard them if they're bad. If a client repeatedly feeds bad chunks, the client receiving data from it will simply ban it and get its chunks from other people. In order to slow down P2P networks poisoners only a little bit poisoners would need thousands of peers, which simply doesn't work (just ask the lamers at MediaDefender). OverPeer had managed to poison Kazaa because of the weakness of Kazaa's hashing system: it considered only the beginning of each file instead of the entire file, but modern P2P clients are immune to this (which explains why OverPeer went bankrupt).
To put it simply, this "research" looks like BS to me. Besides, the paper was published in April 2008. If their stuff had a chance to work, I guess the mafiaa would have been already using it by now.
I only use the eDonkey network for small files (music, images, books), and BitTorrent for the big ones, so that thing won't even affect that.
The only bad thing is, that now rare bigger files (like lossless music, very specific software, etc) will be hard to get.
But I really do wonder. Because as far as I know, no network out there works without checksums. So poisoning will be detected, and then circumvented (e.g, manually).
Any sufficiently advanced intelligence is indistinguishable from stupidity.
You're not confused, the "researchers" are.
Free Martian Whores!
One problem with bittorrent is that it has a centralized tracker. You see what is happening to The Pirate Bay.
This may be of interest.
For those who can't be arsed to follow the link:
Reply to That ||
The paper has tons of English grammar mistakes and typos. I also noticed several semantic mistakes, like calling p2p clients "networks", and using the word "swamp" when they obviously meant "swarm". They also repeated the "this won't work against FTP/email/DVD-in-mail" paragraph at least 3 times in the first two pages.
Doesn't IEEE have some quality standard for their publications?
Anyways, I got bored of reading this thing after the first few pages (maybe that was their intent?). In short, they propose a custom p2p content distribution system, or augmentation of existing p2p software. The main servers would do the management, and users would do the decentralized distribution part.
Their system adds some sort of authorization mechanism: after purchasing something you get a receipt, and you use that to connect to the network via a (company-controlled) bootstrap node. You have to continuously refresh your auth token against this node. And somehow this token lets anyone recognize a legal/illegal download request. And the poisoning part is there to stop clients that skip the authentication process (both producers and consumers). Does anyone feel like examining their method in detail?
is that you don't know who your peers are. They might not even be "peers" in the everyday commonly-understood sense.
Solution: remove anonymity, or at least replace it with pseudo-anonymity. I don't know who the guy that signs his chunks with keyid 0xDEADBEEF is, but I know he's never sent me garbage in the past. The owner of keyid 0xF00C1000 sends me chunks that don't match up with the rest of the content. My computer has a hard disk. It can remember things like this.
Gnutella blacklists mediasentry IPs. IPs are ephemeral. What they ought to do is use a signed protocol, and blacklist bad signing keys. Or better yet, greylist everyone by default and whitelist the ones who show a history of integrity. No wait, program the client to do all that, and don't distribute any lists at all.
"Believe me!" -- Donald Trump
The Gnutella community began discussing the use of Tiger Tree Hashes over eight years ago, and I can't think of a major Gnutella "servant" that does not have tiger tree hashing - Limewire has it, Bearshare has it, Shareaza has it, Gnucleus has it, and GTK-Gnutella has some support for it.
While this paper says it was revised in April 2008, it seems to have been completed in September 2007. In their references, only one paper referenced is from 2007, while they have several references to papers, articles and events in 2006. Thus, it is likely a lot of this work was done in 2006 or before (three years ago), with a little brushing up before it was submitted, accepted and published in a journal.
I am not much interested in the legal aspects of someone sharing a Jonas Brothers or Britney Spears mp3, although of course I think it is absurd that p2p developers are being sued by the RIAA/MPAA mafiaa, because among other things, if they're law-breakers, then people who develop ftp servers, or web servers or IRC clients with DCC file sending could be charged as criminals as well. I have spent a lot of time looking at RIAA/MPAA organizations, and am fully convinced they are not after just pirates, but anyone that threatens their profits, including independent labels and artists who might circumvent their monopoly on the commissar-like monopoly of the marketplace of ideas and art. The excellent documentary "This Film is Not Yet Rated" shows how the MPAA not only imposes de facto censorship, but how it uses its power to shut out players outside of the major studios. We don't even know what a network of free citizens using peer to peer to share files, videos, music, web pages and the like would be like, since developers are all legally threatened and stopped before the technology can even get off the ground.
Putting that aside, I do not think these poisoning attempts are all bad because they allow for a more robust p2p (and Gnutella) protocol. People are poisoning file chunks? Gnutella puts in full file SHA hashing, and later partial chunk tiger tree hashing. People are using misleading file names so that people will download junk instead of what they want? Gnutella servants implement file ratings, allow junk files and junk serving hosts to be marked as sources of junk and so forth. Everything the p2p well poisoners have come up with has resulted in a counter-foil which strengthens Gnutella and p2p. The structure is already in these programs to foil all of this, if it is not up to the 99% or so level its just because the poisoning has not been at a level to up it to that much robustness, the structure and classes are already there in the programs, and the methodology is already within the protocol, so if the mafiaa goes all out on this path, it can be countered. But of course, it is necessary to the RIAA/MPAA mafiaa on the legal/political front as well, that they can go after p2p developers is ridiculous - if we're liable, who is next? It's one step from legal mandates for DRM in all devices so some corporation is the one who controls your machine, not you, and all of that garbage.
Companies like Overpeer developed effective P2P poisoning over 7 years ago. Which means they didn't do much research for section 2.2.
(note: I'm posting this as A/C because I not only worked for Overpeer, I actually designed and developed the system used for P2P poisoning which is unpopular on Slashdot. Though people are often under the misconception that we would protect anything and everything, as opposed to just protecting copyrighted material we were paid to protect).
Overpeer's software was VERY effective, and supported many different protocols. While they are correct with some basic points (eg. the hashing and chunking of various networks), their approach could never be financially viable or sustainable.
First, they disregard the fact that making it harder to FIND a pirate file is much more economical than poisoning the ones that are out there. If there are 1000 results out there, and you can manage to be 985 of them, each with a high number of 'sharers', then you never need to send a single byte of the file, just have all your clients be 'busy' and put the client on queue. Most people will think they'll get the download soon enough, and eventually will give up and possibly search again, with the same chances of finding our systems again. note: for some P2P schemes, like BitTorrent, where the search is not part of the network infrastructure, poisoning is the only thing possible.
Second, Poisoning pirate files, as they state, is possible. But it is usually used as something of last resort, or something you want to have happen as little as possible. That is because it is very bandwidth intensive. The biggest cost at Overpeer was bandwidth, and although we implemented file transfer throttling and system-level throttling in our custom software, once you get into this game, especially with things like swarming downloads, you're in for a LOT of file transfers, whether you like it or not.
Third, the second biggest challenge at Overpeer was IP blocklists. IP addresses used for P2P blocking of this type have a limited shelf life, and although usually only the more savvy P2P users will implement blocklists, and they're usually not who you're trying to protect against, once your IP addresses start showing up on blocklists, you usually have to request a new block of IP's from your service provider and return the ones you have, and reassign those IP addresses to the various machines (or routers if using NAT like they do). Which means you had better have programmed for it.
Fourth, they really don't touch on some of the network self protection measures aside from the hashing and chunk hashes involved. It's all well and good to say 'we can protect anything you want on these networks', but at some point you really need to have distributed computing and emulate multiple clients from a single host. Why? Because certain networks implement certain restrictions on purpose to stop people sharing millions of files on a single client connection. For example, most eDonkey servers will limit the number of files you can share with a soft limit (anything above this is not indexed) and a hard limit (trying to share more than this will get you disconnected). So scalability becomes an issue unless you design your software to split your content into 'bite sized chunks' so to speak. Not to mention that on things like eDonkey, you get a lower priority (and often no connction) if you are NAT'd, so their methodology of using NAT without some kind of specialized software also makes no sense.
Fifth, their approach talks about modifying file indexes to have a certain signature. Doing this makes you easily detectable. And they seem to think people on P2P networks aren't good enough to figure this out. They are. You want to look as much like a regular 'pirate' as you can in this game. Any small thing, like a detectable signature will get client writers, blacklist writers and even in some cases network writers writing code that detects your signature and automatically blocks your IP from the
I think he might have been suggesting that you upload your own torrents.
I don't see how I could create a work and upload it to these trackers in order to gain credits. The first time I looked into the private tracker scene, I found some boilerplate language across a bunch of trackers running ByteMonsoon software: "If it's not on NFOrce then forget it!" or "If it's not on NFOrce or grokMusiQ then forget it!" In fact, there are still a bunch of sites using this exact notice. And as I understand it, NFOrce and their ilk track only illicit releases of major-label works from recognized release groups in the warez scene.
Ah. Well i'm not big on the private tracker scene, but at least *some* aren't so picky. Some certainly are, but that's the same for all kinds of communities i think.
I dont know any tracker that enforces ratio on a "per torrent" basis. All I've ever seen enforce a global user ratio.
If you are still seeding your first torrent, then your global user ratio must necessarily equal the ratio on the only torrent you've downloaded.
This protocol will never even put a dent in illegal filesharing. When are folks gonna wake up: music and films have been free for the past 10 years and we don't ever get any closer to figuring out how to stop folks from sharing files. We win!!! Die RIAA and the motion picture industry!!