Slashdot Mirror
Bittorrent To Replace Standard Downloads?
Max Sayre writes "Have you ever tried to download an operating system update only to have it fail and have to start all over? What about patches for your favorite games? World of Warcraft already uses Bittorrent technology as a way to distribute large amounts of content at a lower cost to the company and faster speeds to all of their clients. So why haven't they replaced the standard downloading options built into any major OS? Companies like Opera are including the downloading of torrents in their products already and extensions have been written for Firefox to download torrents in-browser. Every day Bittorrent traffic is growing. Sites like OpenBittorrent already exist and DHT doesn't even require a tracker. So why isn't everyone doing it? Is it finally time to see all downloads replaced with Bittorrent?"
Why aren't linux package managers using this instead of just leaching off of college servers and the like?
Once you start despising the jerks, you become one.
The more and more I hear about how WoW rapes your pipe and your wallet, the more I wonder how people are willing to pay for it.
Combine this with social networking to allow/deny access to your files and I think you've got a game changer. Files which require no server, and which are unknown/unavailable to anyone who doesn't need to know about them. I could share my mp3 collection or movie collection with only my friends list, which would be much more along the lines of fair use (like tape trading).
... and the anecdote is right on. BUT... if it includes the word "torrent", it's frowned upon.
Sadly, too many people are uneducated/misinformed and they don't know the real statistics.
1) because I'm a leech.
2) because I don't want legal liability FOR DISTRIBUTING if I download a file that unknown to me is illegal, e.g. a software package from overseas that someone inserted illegal-in-my-country pornography into the binary. Yeah, I'll take the risk for possession but not for distribution.
3) because my employer's lawyer made me say #2 when it comes to company machines.
4) because I prefer to get my bits from the official location. Yea, I know a checksum should be good enough but I'm old school here.
Seriously though, I can see torrents overtaking web- and ftp- downloads as the primary method for distributing large, popular files. However, there will always be customers who refuse to share and who refuse to get data from any source that doesn't have a reputation for quality and isn't blessed by the original publisher.
Oh, and seriously, I'll be fine using torrents to download things like well-known linux distros. I trust modern checksums. I probably won't use them for low-demand files or smaller files though.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
That's the one real problem with BitTorrent. If nobody is seeding the file, nobody can download. If the servers that would be hosting the data were instead used as no-limit seeders, that might make BitTorrent a more viable system for "real" downloads.
the only way all downloads could do that would be by forcibly stealing bandwidth from their clients. which i see as an invasion of my rights, to you know, leech mercilessly from your(provider) pockets. of course it would be nice to get platinum status for 50mb of stream a month or something the likes.
similarly, what you suggest dear man, is communism
Downloading is "just there", is point-and-drool easy and (mostly) "just works". Bittorrent takes a modicum of knowledge, effort and understanding to install and operate and most of the time offers no big advantage. Hence until bittorrent is "just there" as a trivial point-and-drool option people will continue to use the old method.
This is essentially the same reason so many people run "old" software and hardware long past it's expected replace-by date. It's there, it works, so why change?
I recall really hoping that a new distributed file transfer protocol would become standard in browsers. For one thing, it could virtually eliminate large loads on smaller servers caused by flash crowds (more colloquially known as the slashdot effect).
What I had envisioned is that every webclient currently displaying a web page would effectively act as a seed for the content (including pictures, embedded videos, etc) that the browser has loaded from that page for as long as the user has that page open, radically reducing the load required by the webserver where the original data was hosted when a lot of people want to see the content at the same time.
Of course, it never happened.
File under 'M' for 'Manic ranting'
A start up I know of started out using peer to peer, but it was too much grief to get people to download a plug in, and then get it to set up port forwarding through their firewall, and at the price of CDNs these days, you are just not saving enough money for it to be worth while.
Now, when we get IPv6, and HTML5, perhaps it will be a different game (no NAT in IPv6, no need).
In the case of a game, you already have downloaded stuff, and can convince a fair chunk of your users to set it up.
Twitter uses it to push patches to their servers in 12 seconds instead of 10 min.
So it is part of the future.
Plato seems wrong to me today
Most houses have more than one PC. It is stupid that they all separately download the patches from the source.
How about an option to share patch downloads across a local network.
Nominate one machine as a master then all the other machines check with the master for their patches.
The master is responsible for contacting the source.
Hell, I'm on Shaw Cable in Canada, and if I don't limit my upload bandwidth to 5 kb/s, my download bandwidth drops to sub-50 kb/s. But if I do limit it to 5 kb/s, then download speeds go way up to over 200 kb/s.
And yes, they advertise that I should be getting an order of magnitude greater speed than this...
Sleep your way to a whiter smile...date a dentist!
Why has no one mentioned this?
Don't thank God, thank a doctor!
Say you've got a CD or DVD that's scratched, or an .iso you spent forever downloading via ftp and discovered to your dismay was corrupted. Assuming a bit-identical image is available online via .torrent, you can 'repair' your data without having to download the whole thing all over again:
Start your bittorrent app and begin downloading a new copy of the image you need. Immediately stop the download and exit your bittorrent app. An .iso file (incomplete, of course) will have been created in the destination folder.
Now rip your [damaged] disc to hard drive, creating an [obviously corrupted] .iso. Copy/paste that .iso into bittorrent's download folder, overwriting the existing .iso.
Fire-up bittorrent and begin your download once again. Bittorrent will analyze the corrupted .iso and immediately download the bits needed to repair (i.e. complete) it. In most cases this will only take a few seconds, even over dial-up, due to the insignificant amount of data usually needed (except, of course, in the event of a heavily scratched disc, which can also take a long time to rip in the first place; having a high-quality optical drive with good firmware and good optics certainly couldn't hurt).
No thanks. They did some research recently on how easy it is to track users in swarms. As soon as you're in the swarm you can know every other IP transfering those files (depending on tracker usage ofcourse). It's easy to compile a list of IP adresses and the content they downloaded over time.
I like my privacy and I have no intention to let people know what software I'm downloading.
And as stated before, it's a security risk too. This doesn't only apply to software updates, it applies to any software that is downloaded.
For example: there is an outdated version of some application still hosted on the tracker of download.com and I'm someone who knows of a vulnerability in it. I join into the swarm, collect all IP's and eventually just exploit them as I go.
Hell, I don't even have to scan entire ranges for this application port anymore!
I was just about to post the same thing. I wish I had mod points to give this. I can see myself watching my slow connection get saturated with torrent traffic but unable to block it because my co-workers need it to download.
That said, I think it would be a great idea if it was an alternative option, especially over those stupid proprietary download mangers (looking at you Dell). At the end of the day it will only take off if the end user likes it more which faster download speeds would do.
Content delivery networks already solve a lot of the issues that bittorrent addresses - You can distribute large files without consuming a huge amount of backbone bandwidth, with a lot of regional servers.
It also helps with some other things:
1) Guaranteed level of reliable local service.
2) Customers don't know who each other are, a data privacy issue (Say, I notice someone at ip 4.5.6.7 is downloading this particular security patch)
3) Security (yes I know torrents are checksummed but it's not impossible to defeat).
But basically, it's all about a known level of quality for customers, which CDN's deliver and which are more of a case by case thing for torrents.
Also, some customers could be angry that companies are using bandwidth to send files to other people - I've been surprised that Blizzard gets away with that with as little complaint as they do.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Bittorrent already has built in checksumming which most people don't do with regular downloads
Bittorrent requires checksumming because it has to pull data from random sources, some of which may attempt to poison the Torrent. It relies on the SHA-1 checksum, which isn't broken yet, but a dedicated enough individual can find a way to poison such a system.
If an attacker manages to get enough control to manipulate HTTP downloads, he can also manipulate the posted checksum as well.
If you're worried about corruption appearing in HTTP, remember that there's already checksumming on the packet level, as well as some found in the compression algorithm used in most downloads.
Torrent itself, probably not. There's nothing in P2P that's inherently evil.
But there are several ISPs out there already using DPI to specifically throttle/downgrade the service for certain protocols. Downloading through BitTorrent is a *slower* download for me than HTTP or FTP, even when connecting to a server that can't push more than 1mbit. I'd be seriously peeved if things like OS patches went BitTorrent, because I'd never be able to get them downloaded/installed the day they release.
Surely you forgot about browser toolbars... the last time I cleaned my parent's computer I removed at least half a dozen damn toolbars from Firefox, several of them with very questionable intent. Remember, if Joe Sixpack visits a page and it prompts them to install something... they will very likely install it. They don't know they don't need it, most likely, because the general public has been conditioned over the years that various add-ons are required for viewing certain websites and content.
I did instruct my parents to not install anything prompted by a website withing knowing what it is and why they need the add-on.
One issue is that customers may not want to give away their bandwidth to the companies that they are paying for a service. Game patches are a good example...The player pays a monthly fee for access to the game. That fee should be paying for the bandwidth used to download patches. Why should the customer have to give their upstream bandwidth to other players trying to download the patch? The server load and cost issues for the game company are not his problem. I've encountered several "downloaders" that load themselves into Startup and will proceed to seed the game or patch that you just downloaded indefinitely, stealing your bandwidth. The only way to stop it is to kill the task and manually remove the program that's seeding the content. At the very least, seeding the completed download needs to be opt-in, not opt-out. That would break bittorrent distribution, of course, though, unless there were dedicated seeds. But the source company should be the primary seed, anyway.
Have you enabled ecryption. MSE (Message Stream Encryption) is standard on most torrent clients however most clients have it disabled by default. In uTorrent I enable MSE and reject all non encrypted packets & requests.
Using MSE ISP can no longer simply shape based on protocol. Bittorrent uses a random port which makes shaping based on port equally ineffective.
Thing is, a proper bittorrent implementation would actually improve speeds at a private network. That way, rather than having 50-100* clients all contacting microsoft for updates and downloading that 200MB set of patches, while they do their contact, the BT system realizes they're all on the same network/subnet and they promptly share them all with each other first. Without needing some sort of 'official' local patch depository server or fancy management system like SMS. Or even a caching proxy server(which would have to be properly set up to catch the patches).
So rather than transporting, say 25Gig over their line for 100 clients, you only transport 400 MB - 1 MB overhead per client, the 200 MB set of patches, then the machines share locally.
If you set it up on a 'share equally' policy, the core system then shares out 200MB of patches to peers NOT on the network.
The biggest problem I see with using this for OS updates is the whole 'verified source' and 'untrusted communications' problems. Basically, many people aren't trusting of checksums, and many others don't want the OS doing any unauthorized network communication, as they're afraid that the bittorrent system 'could' be shipping personal data.
*Much above this and you'd want to start considering more enterprise solutions.
I don't read AC A human right
Encryption doesn't do shit against DPI. The encryption is application-level... Level 7 in the OSI model. DPI can go up to level 7 to find out what a packet is for. It doesn't give a damn what the data is, it only cares what application the data is for. Even if it's encrypted, believe me when I tell you that DPI can figure out enough to know whether it should be throttled.
Besides, even if it couldn't figure out what application the data was for, using stunnel/ssl or such, why not simply set the DPI to throttle anything that's encrypted? Or set the download throttling to kick in if your upload exceeds 2kb/s? There's a myriad of ways the ISP can configure the DPI, and there's no way encryption can protect you from all of them. It's pure chance that your ISP hasn't taken a belligerent stance towards encryption at this time.