I've moderated in this thread already, but I just have to respond to this.
I think it's sort of implied that when you license code under the GPL, you have set it "free". What this means is that the code is no longer really yours, it belongs to the collective pool of free software, from which anyone may draw freely.
It's true that there are some bad people out there who modify free software and re-sell it, but the problem is not them. It's is the people who have never heard of free software who are buying it. Why would you buy a copy of OpenOffice, or an office suite that looks exactly like it but is called something else?
The solution here is user education, not a tightening of the license..
Attitudes and sites like those of thepiratebay are exactly what gives them excuses to throw at lawmakers when demanding new laws.
Lawmakers don't need excuses, they just need to keep getting their bribes from the "entertainment industry".
American media corporations are attempting to bully TPB, and TPB are standing up for themselves... and they're doing it in a humorous way that pokes fun of those trying to bully them.
OSX stores it's preferences in XML.. great.. I'm sure they have a nice pretty GUI to edit it through, and the user has no idea XML is even back there. That's where XML belongs.
Style sheets are also great, but my point (which seemed to go over your head) was that there isn't any good mass-marketed consumer software available for editing and creating XML/XSLT (OpenOffice isn't quite there yet, but almost is), whereas ANY PIECE OF SOFTWARE can be used to create a PDF.
I know exactly why nobody uses XML and everyone uses PDF.
XML has absolutely NO software support. I can painstakingly write this great XML file by hand, using either a long, complex Tutorial which I can hopefully bend to my needs, or by reading the several pages of specification packed with technical garbage. Fine. Now what the fuck do I view it in? What do my recipients view it in?
On the other hand, to create a PDF, I can create the content with my application of choice and print to a PDF distiller (of which there's a bunchof freeones, mostly relying on GhostScript). A PDF viewer is already installed on almost every user's machine, and are available in any size (from minimal to bloated) for any platform.
When XML becomes just as easy to use (create document, export / print, e-mail) then it has a small, tiny chance to become relevant in the document space.
Why wait until you get a peer with you external IP? In a large swarm this may never happen. If you could do this, then just broadcast right away at start-up. It's a good idea, it's just not backwards compatible.
To really be effective, this is something that should be built on top of the current peer-discovery system, not beside it.
Also, if multiple machines are behind the same nat and downloading the same file then bittorrent should be smart enough to only bring 1 copy of the file down through the natbox and distribute it throughout the local peers..
The problem here is discovery. How do you make it 'smart enough' to recognize that multiple people behind your NAT are transferring this file, when you cannot (for practical reasons) connect to every peer on a torrent and you usually only get to see an external IP when you do.
There was some interest a while back in creating a special BitTorrent Tracker Proxy for NATs, similar to transparent HTTP proxying, that would keep track of things like this and insert local peer's info in with the real tracker's reponse.. so it's definitely possible, but I'm not sure what became of it. I could see this being very useful even on an ISP-level, where internal bandwidth is cheaper then external.
Torrent site administrators have known about this problem for a long time. Anyone who wrote their own tracker is definitely aware of the problem.
Over a year ago I had created a proof-of-concept client that could do the upload amplifying trick and had discussed the vulerability with several site admins. The general concenssus was that it would be dealt with if and only if it actually became a problem (because it's not something trivial to deal with; it requires extra resources at the server side, which many trackers simply haven't got).
I was responsible enough not to release the modified client, so it wasn't a problem then. The guy who wrote the article obviously isn't as responsible.. he just wants to leech. Too bad for him, becuase if everyone does this, leeching is the last thing he's going to be able to do.
Combined with only allowing one client per torrent per IP, this could prevent a single machine from providing false upload data.
I see 3 problems with your proposal:
1) I'm not sure if it's fair to impose a one client per torrent per IP rule.. sometimes NATs (I'm thinking unviersities here) can be pretty big, encompassing thousands of machines.
2) The original problem (trusting the client) has not been solved. Instead of trusting the client to report it's own statistics, you now trust it to report someone else's. Nothing stops several (2 or 3) clients from corroberating. They could refuse to connect to any client they don't know will lie for them, and then easily amplify their upload by 1000000x and their partners in crime will corroberate their story. This wouldn't need to be done very often, just when you feel like boosting your ratio.
3) This would add quite a bit of overhead to tracker requests; you now have to report statistics for every peer you're connected to.. and this could be hundreds of peers. Many trackers are bandwidth-strapped already.
The statistics reported to the tracker by the client were never meant to be used for things like enforcing ratios because they TRUST THE CLIENT. But there's simply no other way to collect statistics such as amount uploaded.. if the client lies to you (which is what this "vulerability" is exposing), there is little you can do to protect yourself.
It's TRIVIAL (a 1 line change, or if you want to make it a parameter, a 4 line change) to modify any python open source client such that it 'amplifies' the ammount you upload by 10x or 100x. Then you don't need to do any HTTP sniffing, your client can just lie for you.
Now, there is a way to block this author's method because he doesn't amplify the upload, he creates a step-change in the upload ammount (which can be caught on the server side.. if it's been the same ammount of time since the last check-in, but suddenly his cumulative upload ammounts tripled, you're likely being abused). However, using my 'amplifying' trick from above, this is much trickier to detect. Perhaps you measure the client's upload speed on the website and record it to the database, maybe even double it just to be safe.. so you KNOW this client can only do 60 k/sec or whatever. Then when the client reports in stats, you take the time since the last check-in and you calculate his approxomate 'instantenous' rate. If this rate is higher then the upload rate you previously decided was this client's ceiling, then he's lying to you.
The above method is not foolproof, but it would likely be better then the nothing we have now. It was really only a matter of time this surfaced.. and I'm amazed it took this long.
I used to have a version of Terminal Velocity with a ViRGE rendering path, and that looked much nicer than the software version.
Yep, that version of Terminal Velocity actually came bundled with the card.. along with optimized versions of Descent and Tomb Raider, IIRC. I remember being in awe of how nice and smooth they looked (compared to software rendering).
It was definitely not a OpenGL card, it required the (DOS) games be specifically tailored to use it.
Yes, it's a lot more suspicious that a couple of acres in the *middle of the US* are missing, then an entirely different continent (perhaps not their target market?)
Rest assured, this guy was more then a spammer, he was a criminal. How much money do you think was involved with all that spam sending? In Russia, where there's monney, the mafia is sure to follow. And if you fuck them, they will just kill you.
Me and my friends import all our engineering textbooks from Taiwan, for about 1/3rd of the price.
I don't think it's actually legal, there's big stickers that say "NOT FOR RESALE IN NORTH AMERICA", but since we technically are buying them in Taiwan and then just shipping them over here, I don't think there's much they can do..
I hear if you can get the Middle Eastern editions (as sold in Egypt and such) that you can get an even bigger discount.
The first is that bittorrent is not really a stable protocol. By which I mean, the protocol itself is still under active development
Spoken like someone who doesn't actively monitor BitTorrent development.
Lots of things have been proposed, but VERY, VERY little has actually changed since the original conception of BitTorrent. Multi-tracker extensions are probably the most popular, followed by UDP trackers (usually with http as a backup).
Bram is kind of a nazi about what you can actually call BitTorrent, and is VERY resistant to change.
Oh, and you're an expert in the field? I'm a third year computer engineering student, and I've taken my share of electrical classes to know that an "Ideal" Voltage Source exists only in principle. There are however ways of simulating the ideal case in various ways, by making the voltage across the source vary very slightly with the current drawn.
Second, neither the graphic card nor the motherboard nor the hard drives require that much 12V power.
No, they don't require that much power. But what particularly a video card does require is CLEAN power. HDs spin up and down, so their power usage varies... and since there's no such thing as a 'real' voltage source, the voltage supplied by the PSU does vary (however slightly) with amps drawn.
Putting your HD+Mobo and Videocard on a seperate rail prevents these fluctuations from affecting the stability of your (overclocked!) video card.
And you've obviously never heard of DVD-Shrink. DVD-Rs have reached the 'disposable' price point... your kids kill one, burn another from the original (that you keep stored away).
the fact that practically every company runs Windows
This is true, but do they run ONLY windows?
At the company where I work, we all have windows desktops. However, when you walk by, you will see a full screen Exceed or VNC session on 90% of engineer's screens. We have dozens of linux boxes to do our actual work on.
Slashdot Mirror
I've moderated in this thread already, but I just have to respond to this.
I think it's sort of implied that when you license code under the GPL, you have set it "free". What this means is that the code is no longer really yours, it belongs to the collective pool of free software, from which anyone may draw freely.
It's true that there are some bad people out there who modify free software and re-sell it, but the problem is not them. It's is the people who have never heard of free software who are buying it. Why would you buy a copy of OpenOffice, or an office suite that looks exactly like it but is called something else?
The solution here is user education, not a tightening of the license..
They had obviously meant an HTTP PUT..
Attitudes and sites like those of thepiratebay are exactly what gives them excuses to throw at lawmakers when demanding new laws.
Lawmakers don't need excuses, they just need to keep getting their bribes from the "entertainment industry".
American media corporations are attempting to bully TPB, and TPB are standing up for themselves... and they're doing it in a humorous way that pokes fun of those trying to bully them.
Alright there, Einstein.
OSX stores it's preferences in XML.. great.. I'm sure they have a nice pretty GUI to edit it through, and the user has no idea XML is even back there. That's where XML belongs.
Style sheets are also great, but my point (which seemed to go over your head) was that there isn't any good mass-marketed consumer software available for editing and creating XML/XSLT (OpenOffice isn't quite there yet, but almost is), whereas ANY PIECE OF SOFTWARE can be used to create a PDF.
I know exactly why nobody uses XML and everyone uses PDF.
XML has absolutely NO software support. I can painstakingly write this great XML file by hand, using either a long, complex Tutorial which I can hopefully bend to my needs, or by reading the several pages of specification packed with technical garbage. Fine. Now what the fuck do I view it in? What do my recipients view it in?
On the other hand, to create a PDF, I can create the content with my application of choice and print to a PDF distiller (of which there's a bunch of free ones, mostly relying on GhostScript). A PDF viewer is already installed on almost every user's machine, and are available in any size (from minimal to bloated) for any platform.
When XML becomes just as easy to use (create document, export / print, e-mail) then it has a small, tiny chance to become relevant in the document space.
Why wait until you get a peer with you external IP? In a large swarm this may never happen. If you could do this, then just broadcast right away at start-up. It's a good idea, it's just not backwards compatible.
To really be effective, this is something that should be built on top of the current peer-discovery system, not beside it.
Also, if multiple machines are behind the same nat and downloading the same file then bittorrent should be smart enough to only bring 1 copy of the file down through the natbox and distribute it throughout the local peers..
The problem here is discovery. How do you make it 'smart enough' to recognize that multiple people behind your NAT are transferring this file, when you cannot (for practical reasons) connect to every peer on a torrent and you usually only get to see an external IP when you do.
There was some interest a while back in creating a special BitTorrent Tracker Proxy for NATs, similar to transparent HTTP proxying, that would keep track of things like this and insert local peer's info in with the real tracker's reponse.. so it's definitely possible, but I'm not sure what became of it. I could see this being very useful even on an ISP-level, where internal bandwidth is cheaper then external.
Torrent site administrators have known about this problem for a long time. Anyone who wrote their own tracker is definitely aware of the problem.
Over a year ago I had created a proof-of-concept client that could do the upload amplifying trick and had discussed the vulerability with several site admins. The general concenssus was that it would be dealt with if and only if it actually became a problem (because it's not something trivial to deal with; it requires extra resources at the server side, which many trackers simply haven't got).
I was responsible enough not to release the modified client, so it wasn't a problem then. The guy who wrote the article obviously isn't as responsible.. he just wants to leech. Too bad for him, becuase if everyone does this, leeching is the last thing he's going to be able to do.
Combined with only allowing one client per torrent per IP, this could prevent a single machine from providing false upload data.
I see 3 problems with your proposal:
1) I'm not sure if it's fair to impose a one client per torrent per IP rule.. sometimes NATs (I'm thinking unviersities here) can be pretty big, encompassing thousands of machines.
2) The original problem (trusting the client) has not been solved. Instead of trusting the client to report it's own statistics, you now trust it to report someone else's. Nothing stops several (2 or 3) clients from corroberating. They could refuse to connect to any client they don't know will lie for them, and then easily amplify their upload by 1000000x and their partners in crime will corroberate their story. This wouldn't need to be done very often, just when you feel like boosting your ratio.
3) This would add quite a bit of overhead to tracker requests; you now have to report statistics for every peer you're connected to.. and this could be hundreds of peers. Many trackers are bandwidth-strapped already.
This is not a vulnerability .. it's by design.
The statistics reported to the tracker by the client were never meant to be used for things like enforcing ratios because they TRUST THE CLIENT. But there's simply no other way to collect statistics such as amount uploaded.. if the client lies to you (which is what this "vulerability" is exposing), there is little you can do to protect yourself.
It's TRIVIAL (a 1 line change, or if you want to make it a parameter, a 4 line change) to modify any python open source client such that it 'amplifies' the ammount you upload by 10x or 100x. Then you don't need to do any HTTP sniffing, your client can just lie for you.
Now, there is a way to block this author's method because he doesn't amplify the upload, he creates a step-change in the upload ammount (which can be caught on the server side.. if it's been the same ammount of time since the last check-in, but suddenly his cumulative upload ammounts tripled, you're likely being abused). However, using my 'amplifying' trick from above, this is much trickier to detect. Perhaps you measure the client's upload speed on the website and record it to the database, maybe even double it just to be safe.. so you KNOW this client can only do 60 k/sec or whatever. Then when the client reports in stats, you take the time since the last check-in and you calculate his approxomate 'instantenous' rate. If this rate is higher then the upload rate you previously decided was this client's ceiling, then he's lying to you.
The above method is not foolproof, but it would likely be better then the nothing we have now. It was really only a matter of time this surfaced.. and I'm amazed it took this long.
--kRYPT
(author of burst! and MakeTorrent)
I used to have a version of Terminal Velocity with a ViRGE rendering path, and that looked much nicer than the software version.
Yep, that version of Terminal Velocity actually came bundled with the card.. along with optimized versions of Descent and Tomb Raider, IIRC. I remember being in awe of how nice and smooth they looked (compared to software rendering).
It was definitely not a OpenGL card, it required the (DOS) games be specifically tailored to use it.
Zoom out.
It's totally closer to Canada!
Informative?
Yes, it's a lot more suspicious that a couple of acres in the *middle of the US* are missing, then an entirely different continent (perhaps not their target market?)
Rest assured, this guy was more then a spammer, he was a criminal. How much money do you think was involved with all that spam sending? In Russia, where there's monney, the mafia is sure to follow. And if you fuck them, they will just kill you.
Me and my friends import all our engineering textbooks from Taiwan, for about 1/3rd of the price.
I don't think it's actually legal, there's big stickers that say "NOT FOR RESALE IN NORTH AMERICA", but since we technically are buying them in Taiwan and then just shipping them over here, I don't think there's much they can do..
I hear if you can get the Middle Eastern editions (as sold in Egypt and such) that you can get an even bigger discount.
The first is that bittorrent is not really a stable protocol. By which I mean, the protocol itself is still under active development
Spoken like someone who doesn't actively monitor BitTorrent development.
Lots of things have been proposed, but VERY, VERY little has actually changed since the original conception of BitTorrent. Multi-tracker extensions are probably the most popular, followed by UDP trackers (usually with http as a backup).
Bram is kind of a nazi about what you can actually call BitTorrent, and is VERY resistant to change.
Face it, how do you feel when some links in slashdot to a "register for free!" kind of link?
Actually, it used to bother the hell out of me.. but now, it BugsMeNot..
Oh, and you're an expert in the field? I'm a third year computer engineering student, and I've taken my share of electrical classes to know that an "Ideal" Voltage Source exists only in principle. There are however ways of simulating the ideal case in various ways, by making the voltage across the source vary very slightly with the current drawn.
Second, neither the graphic card nor the motherboard nor the hard drives require that much 12V power.
No, they don't require that much power. But what particularly a video card does require is CLEAN power. HDs spin up and down, so their power usage varies... and since there's no such thing as a 'real' voltage source, the voltage supplied by the PSU does vary (however slightly) with amps drawn.
Putting your HD+Mobo and Videocard on a seperate rail prevents these fluctuations from affecting the stability of your (overclocked!) video card.
Get it now?
And you've obviously never heard of DVD-Shrink. DVD-Rs have reached the 'disposable' price point... your kids kill one, burn another from the original (that you keep stored away).
Sure.
It was all started by Russian-board comedian Yakov Smirnoff.
The original (and most funny version) of this joke was "In California, you can always find a party. In Soviet Russia, the Party can always find you!".
I think it was the family guy episode that really popularized it though.. read the wikipedia article I linked for more info.
PCAnywhere?
Ultr@VNC.
It's better every way, not the least of which is the price.
Like in puzzled. I've always felt the "fuzz" part in the middle of the word is the most important, and it should be pronounced properly.
IBM and Motorolla... also part of the Trusted Computing group. Sorry.
the fact that practically every company runs Windows
This is true, but do they run ONLY windows?
At the company where I work, we all have windows desktops. However, when you walk by, you will see a full screen Exceed or VNC session on 90% of engineer's screens. We have dozens of linux boxes to do our actual work on.