I don't dispute that. But you know just as well as I that there are stupid people, and people who WILL fall for this. Doesn't matter if it's their stupidity or idiocy that makes 'em do it, fact of the matter is that said prank just might have cost a life. But hey it ain't your fault, oh elitist one.
You cannot delete your account, merely expire or suspend it (by not keeping it funded). It will then lie dormant until you decide to pay for it again, and it will be right where you left it, characters, items, and all. That laying dormant probably keeps the cd key tied up.
Thing is, Blizzard doesn't really need to exhibit any good business practices. They are free to do whatever they want -- gamers will buy it and ask for more. Whether or not a couple thousand people cancel their subscription is inconsequential to them, they still have a million more...
Most people do not understand the significance of a product key. They enter it once (or even never, if the machine came preinstalled), never see it, and don't associate anything with it. It's a serial number on a piece of paper.
Please, count how many pieces of paper with numbers on them you got with your PC, Mouse, Graphics Card, Printer, Gizmos, Toys, USB kitchen sinks, etc. Now, how should a "regular" user decide which one(s) are actually important, and which ones go out with the trash ? Heck, people don't even remember (or find, if they wrote them down) their passwords. Good luck with keeping track of a useless number for more than a year or two. If you want to make it sting, let 'em find their original CDs which are now... you guessed it... useless ("but I have the CD RIGHT HERE !").
That nonwithstanding, while I have legitimate licenses for quite a few M$ OSs (and the respective license keys, of course), I pretty much always use one of the keys floating around and apply corporate patches. Activation sucks, and so does GUID tracking. Gues come July the good'ole'googl'a'key will have to be revised.
Your advice is good only for conserving bandwidth and delivering good performance with man regular users. You obviously haven't been dDoSed properly, yet.
If you block the requests once they hit apache, it's already much too late. Consider an average load of, say 150hits/sec (which is a reasonable-size load for one dedicated box with some dynamic content). Now consider the load, say, 10000 drones will be able to create on your server -- not just with plain http requests (say, one per second per drone), but also with plain bandwidth attacks ("let's just send a shitload of nonsense-packets to port 80"). Also, by the time you get to count on apache, the pipe is already saturated.
Load balancing doesn't even enter the equation if the attacker attacks ip-based (assuming DNS round-robin); if you have dedicated balancing hardware, even that can be dDoSed into oblivion in most cases.
Note that dronenets of 10000 are on the small side. They come in much larger sizes.
So that's that for "easily coping with dDoS"... It'll easily cope with a kid that found apachebench. It'll not make an iota of difference in a real attack. May that never happen to you, especially not on, say, xmas eve or new year's. Trust me, that's no fun.
BitTorrent has never been built for privacy; The tracker usually logs announces and progress; if the logs are kept, it's trivial to track you down by IP. In the case the tracker's owner is uncooperative or logs are simply not kept, all anyone has to do is hop on a torrent, announce a couple of times, and one has a nice list of all the ips on the torrent. Your fellow peers even tell you how fast they are progressing in their download.
So in short, yes, if they were fast enough, they could have easily tracked your download. Then again, they're probably a lot more interested in the people who actually leaked this code in the first place.
If you want true privacy, use Freenet and hope a lot of others do too.
Sorry, this is half-pure bollocks. Companies can easily distribute via P2P... Nobody said you'd have to use the "official" client. Many bigger software installers download the bits and pieces they need from the net. There's absolutely no reason why you wouldn't be able to put a P2P technology in there instead of simple http gets.
Even if you don't go the P2P route, look at the many dedicated server providers out there. If your tech staff is half-way decent, they can set up a "simple" fileserver in a very short amount of time... And at prices of $105 for 700gb burstable @ 100mbit/s (rackshack.net) or $99/1000gb burstable to 10mbit/s (unitedcolo) or even full 10mbit/s for $350/month (and similar deals at other places), I'm sure you can get a decent price for your needs.
The poster stated a few megabytes to 30000 users. Let's say "a few" is 10m in this case. that's 300gb. One of the above servers is enough for that... and if you need more, just get another one; or pay the overuse fees of $0.50-$1.50 per gb, whichever will be cheaper for you). Of course you'd benefit by knowing in advance how often you are going to push these files, and how many downloads you expect, so you can plan accordingly.
Even at a million users, we'd have 10 terabyte of data to be transferred. Take 20 of the above servers and add more as you grow -- possibly from different providers and some good DNS load balancing. It's really not that hard.
True, there are ISPs (akamai, for example) that take almost all the work off your hands. They also charge quite a price for their services; It all comes down to whether you have enough money to pay for that kind of service.
It seems there's absolutely no need for that... (I guess I came to the game way too late); zerowing and gametab both have torrents for this already; I hope the slashdot editors will add it to the story RSN, too;)
"You assume that Freenet could only achieve anonymity by wasting bandwidth, yet provide little evidence for this. In many ways Freenet's caching algorithm makes more efficient use of bandwidth than many P2P architectures, and unlikely BitTorrent - it requires no centralized coordination for file distribution. Yes Freenet imposes some overhead for anonymity, but the other advantages of its content distribution algorithm more than compensate for this."
The caching nature of freenet is nice, it gets the content closer to the peers who want it. Though essentially, BitTorrent does the same; peers close to one another (in terms of throughput) benefit from eachother.
"Oh, so BitTorrent doesn't rely on people's generosity with storage and bandwidth? I must have misunderstood how it worked. One could argue that Freenet's more noble goals will make people more inclined to be generous with their resources than with BitTorrent."
BT relies on people's generosity in bandwidth, that much is true. Any P2P does. The tiny difference with Freenet is that you don't know what the storage and bandwidth go towards, and have no way of limiting it to, say, a specific group of files. Or to put it differently : many people are much more inclined to share the Red Hat 9 ISOs than any random junk.
Noble goals are nice. Even though you have complete deniability and decent anonymity on Freenet, not all people are as noble as to allowing ANY kind of content to flow through their lines -- and freenet does have/EVERY/ kind of content, even the most despickable stuff (by my moral standards, anyway).
"You are assuming that just because Freenet has more ambitious goals than BitTorrent, that it couldn't possibly beat BT at its own game while still maintaining anonymity. Given my experience of both systems, I wouldn't be so quick to make such an assumption."
Anonymity and optimal bandwidth use are two conflicting goals. Freenet does rather well, but all things being perfect, it will loose to the non-anonymous approach.
"Perhaps some kind of head-to-head comparison would be interesting."
It probably would, but to tell the truth, if you complain about my assumptions, it will be useless. You can do point-by-point comparisons of the technology and still have no coherent picture of real world performance; and real world performance is hard to validate or even describe in a decently huge swarm.
Care to say what you mean by permanent ? It's no more permanent than BitTorrent; if nobody wants the file, it dies off quickly.
"but will automatically begin to share it, if it becomes popular."... It will also use the bandwidth avaiable in a rather suboptimal way, to insure privacy and security. BitTorrent does not waste bandwidth, at the price of anonymity.
"That means faster download speeds. The RedHat 9 ISO files were downloading at over 120KB/sec on Freenet."
Hmm. I got a download rate of over 1mbyte/s on the torrent for that; and there were a LOT of people getting fast speeds (I have the logs to prove it;-)
"There is also the advantage that the link does not go down, when the people close their download windows;)"
Yeah, the link only goes down when the generous storage & bandwidth providers on the freenet network don't feel like providing this free service anymore...
Don't get me wrong, FreeNet is a nice system... Its goals are different from BitTorrent though (anonymity vs. efficient use of bandwidth, privacy vs. speed, everything vs. single-uri, etc.), and in this case, BT is probably the better choice.
If you were to share something that could get you into trouble (say, a complete crack of Microsoft's DRM schemes), you'd probably want to use Freenet instead;)
What you fail to mention is that it needs one centralized spot per file. So yeah, it's easy to knock out a specific file. But since trackers don't connect anywhere else, and just about anybody can run a tracker, your point is moot. Basically it's like saying "Because FTP needs a centralized server (the ftp server), it will be easier to knock out!" -- well yeah, it will be easy to knock out the offending site by sending nastygrams to its provider.
Note that BT never promised you resilience and anonymity when illegally sharing files. If you really care about that a lot, have a look at freenet.;)
We also have the BlackBoard web thingie. I'm not really surprised the company resorts to lawyers; they're as technically incompetent as can be.
That system is sitting on a Sun machine with over a dozen gigs of RAM and a generous amount of processors. It's servicing around 400 people, most of which go there two or three times a week.
The system regularily crashes, breaks horribly, or is just dead slow and unwieldy. You can use forums in there -- forums which become unusable after a dozen posts or so (you literally wait MINUTES to get a page). File downloads work, but there's no way to actually use a decent filename for them without hacking; ordinarily you get some.pdf or jokes like that. The eMail the system sends out in standard configuration is non-standard base64 encoded (i.e. many Mailers have problems groking it... Notable exception : Outlook). Managing the system is horribly ununituitive.
But hey, it just costs a couple dozen thousand dollars per year. Or so.
If their card system is as well engineered as their web system, they're going to be in for a rough ride. Tha Black in their name is well earned.
(to sum up : for that price, my university would be better off hiring students to do a decent implementation. Go figure).
Though the sums on RH9 do match the ones published by RH; we had taken special care of checking and rechecking them.
I have been told the Knoppix ISO mismatched by one bit. I can't vouch for that, as I haven't downloaded the image.
If you can trust the source the.torrent came from, the image you will have on your hdd after downloading will match/exactly/ the one used to create the.torrent (this is ensured by using SHA1-hashes in the.torrent and checking them after download). That still leaves room for tampering, but a hostile seed on the swarm won't yield you a broken or backdoored image:)
Has BitTorrent completed the download ? The file is the full size right from the beginning and pieces get filled in in a random order. Please verify that your BT client has said "Download completed" and recheck your files then;)
Please wait a couple of minutes. If the speed does not increase for you, and you are on an upstream-capped connection, you can try capping your upstream a little below your limit. This should improve things. The parameter to do that is --max_upload_rate X, where X is in kilobytes/sec.
It's not bottlenecked... I got a couple hundred k/s;)
Since the main site seems to have been hit hard by this slashdotting, try getting it from this BitTorrent site; Please leave your download window open as long as possible after finishing the download to help out others getting the file.
BitTorrent is a peer to peer file swarmer. You can get the client from http://bitconjurer.org/BitTorrent/download.html; it is Free, open, and does not contain ad/spyware; versions exist for *ix, win32, OS X, etc.
Since Slashdot had to link to the FTP, maybe this will help lighten the stress on the mirrors : http://tacos.sus.mcgill.ca/~hperes/BT_BSD5.0/ has BitTorrent files for the i386 release ISOs.
BitTorrent is a peer to peer fileswarmer. It's Free and Open Source, and comes in flavors for *ix, win32, and MacOS X. Clients are avaiable @ http://bitconjurer.org/BitTorrent/...
Once you have finished the download, please keep the window open as long as possible so that others can get the file as well. Thanks !
The download might be a little slow at the beginning, but as more and more people hop on, it should get really fast. Just give it a couple of minutes.
Slashdot Mirror
I don't dispute that. But you know just as well as I that there are stupid people, and people who WILL fall for this. Doesn't matter if it's their stupidity or idiocy that makes 'em do it, fact of the matter is that said prank just might have cost a life.
But hey it ain't your fault, oh elitist one.
Yes, sir, I congratulate you on possibly endangering somebody's life for a cheap prank. Well done.
You cannot delete your account, merely expire or suspend it (by not keeping it funded). It will then lie dormant until you decide to pay for it again, and it will be right where you left it, characters, items, and all.
...
That laying dormant probably keeps the cd key tied up.
Thing is, Blizzard doesn't really need to exhibit any good business practices. They are free to do whatever they want -- gamers will buy it and ask for more. Whether or not a couple thousand people cancel their subscription is inconsequential to them, they still have a million more
Most people do not understand the significance of a product key. They enter it once (or even never, if the machine came preinstalled), never see it, and don't associate anything with it. It's a serial number on a piece of paper.
... you guessed it ... useless ("but I have the CD RIGHT HERE !").
Please, count how many pieces of paper with numbers on them you got with your PC, Mouse, Graphics Card, Printer, Gizmos, Toys, USB kitchen sinks, etc. Now, how should a "regular" user decide which one(s) are actually important, and which ones go out with the trash ?
Heck, people don't even remember (or find, if they wrote them down) their passwords. Good luck with keeping track of a useless number for more than a year or two.
If you want to make it sting, let 'em find their original CDs which are now
That nonwithstanding, while I have legitimate licenses for quite a few M$ OSs (and the respective license keys, of course), I pretty much always use one of the keys floating around and apply corporate patches. Activation sucks, and so does GUID tracking. Gues come July the good'ole'googl'a'key will have to be revised.
Your advice is good only for conserving bandwidth and delivering good performance with man regular users.
... It'll easily cope with a kid that found apachebench. It'll not make an iota of difference in a real attack. May that never happen to you, especially not on, say, xmas eve or new year's. Trust me, that's no fun.
You obviously haven't been dDoSed properly, yet.
If you block the requests once they hit apache, it's already much too late. Consider an average load of, say 150hits/sec (which is a reasonable-size load for one dedicated box with some dynamic content). Now consider the load, say, 10000 drones will be able to create on your server -- not just with plain http requests (say, one per second per drone), but also with plain bandwidth attacks ("let's just send a shitload of nonsense-packets to port 80").
Also, by the time you get to count on apache, the pipe is already saturated.
Load balancing doesn't even enter the equation if the attacker attacks ip-based (assuming DNS round-robin); if you have dedicated balancing hardware, even that can be dDoSed into oblivion in most cases.
Note that dronenets of 10000 are on the small side. They come in much larger sizes.
So that's that for "easily coping with dDoS"
BitTorrent has never been built for privacy; The tracker usually logs announces and progress; if the logs are kept, it's trivial to track you down by IP.
In the case the tracker's owner is uncooperative or logs are simply not kept, all anyone has to do is hop on a torrent, announce a couple of times, and one has a nice list of all the ips on the torrent. Your fellow peers even tell you how fast they are progressing in their download.
So in short, yes, if they were fast enough, they could have easily tracked your download. Then again, they're probably a lot more interested in the people who actually leaked this code in the first place.
If you want true privacy, use Freenet and hope a lot of others do too.
--mxs
Sorry, this is half-pure bollocks. Companies can easily distribute via P2P ... Nobody said you'd have to use the "official" client. Many bigger software installers download the bits and pieces they need from the net. There's absolutely no reason why you wouldn't be able to put a P2P technology in there instead of simple http gets.
Even if you don't go the P2P route, look at the many dedicated server providers out there. If your tech staff is half-way decent, they can set up a "simple" fileserver in a very short amount of time ... And at prices of $105 for 700gb burstable @ 100mbit/s (rackshack.net) or $99/1000gb burstable to 10mbit/s (unitedcolo) or even full 10mbit/s for $350/month (and similar deals at other places), I'm sure you can get a decent price for your needs.
The poster stated a few megabytes to 30000 users. Let's say "a few" is 10m in this case. that's 300gb. One of the above servers is enough for that ... and if you need more, just get another one; or pay the overuse fees of $0.50-$1.50 per gb, whichever will be cheaper for you). Of course you'd benefit by knowing in advance how often you are going to push these files, and how many downloads you expect, so you can plan accordingly.
Even at a million users, we'd have 10 terabyte of data to be transferred. Take 20 of the above servers and add more as you grow -- possibly from different providers and some good DNS load balancing. It's really not that hard.
True, there are ISPs (akamai, for example) that take almost all the work off your hands. They also charge quite a price for their services; It all comes down to whether you have enough money to pay for that kind of service.
Somebody has already done that ;) I linked the .torrent on http://f.scarywater.net/ , the original location is http://fnord.andrew.cmu.edu/nwn/index.html ...
Have fun ! :)
It seems there's absolutely no need for that ... (I guess I came to the game way too late); zerowing and gametab both have torrents for this already; I hope the slashdot editors will add it to the story RSN, too ;)
"You assume that Freenet could only achieve anonymity by wasting bandwidth, yet provide little evidence for this. In many ways Freenet's caching algorithm makes more efficient use of bandwidth than many P2P architectures, and unlikely BitTorrent - it requires no centralized coordination for file distribution. Yes Freenet imposes some overhead for anonymity, but the other advantages of its content distribution algorithm more than compensate for this."
/EVERY/ kind of content, even the most despickable stuff (by my moral standards, anyway).
The caching nature of freenet is nice, it gets the content closer to the peers who want it. Though essentially, BitTorrent does the same; peers close to one another (in terms of throughput) benefit from eachother.
"Oh, so BitTorrent doesn't rely on people's generosity with storage and bandwidth? I must have misunderstood how it worked. One could argue that Freenet's more noble goals will make people more inclined to be generous with their resources than with BitTorrent."
BT relies on people's generosity in bandwidth, that much is true. Any P2P does. The tiny difference with Freenet is that you don't know what the storage and bandwidth go towards, and have no way of limiting it to, say, a specific group of files. Or to put it differently : many people are much more inclined to share the Red Hat 9 ISOs than any random junk.
Noble goals are nice. Even though you have complete deniability and decent anonymity on Freenet, not all people are as noble as to allowing ANY kind of content to flow through their lines -- and freenet does have
"You are assuming that just because Freenet has more ambitious goals than BitTorrent, that it couldn't possibly beat BT at its own game while still maintaining anonymity. Given my experience of both systems, I wouldn't be so quick to make such an assumption."
Anonymity and optimal bandwidth use are two conflicting goals. Freenet does rather well, but all things being perfect, it will loose to the non-anonymous approach.
"Perhaps some kind of head-to-head comparison would be interesting."
It probably would, but to tell the truth, if you complain about my assumptions, it will be useless. You can do point-by-point comparisons of the technology and still have no coherent picture of real world performance; and real world performance is hard to validate or even describe in a decently huge swarm.
"as Freenet has a more robust, permanent network"
... It will also use the bandwidth avaiable in a rather suboptimal way, to insure privacy and security. BitTorrent does not waste bandwidth, at the price of anonymity.
;-)
;)"
...
... Its goals are different from BitTorrent though (anonymity vs. efficient use of bandwidth, privacy vs. speed, everything vs. single-uri, etc.), and in this case, BT is probably the better choice.
;)
Care to say what you mean by permanent ? It's no more permanent than BitTorrent; if nobody wants the file, it dies off quickly.
"but will automatically begin to share it, if it becomes popular."
"That means faster download speeds. The RedHat 9 ISO files were downloading at over 120KB/sec on Freenet."
Hmm. I got a download rate of over 1mbyte/s on the torrent for that; and there were a LOT of people getting fast speeds (I have the logs to prove it
"There is also the advantage that the link does not go down, when the people close their download windows
Yeah, the link only goes down when the generous storage & bandwidth providers on the freenet network don't feel like providing this free service anymore
Don't get me wrong, FreeNet is a nice system
If you were to share something that could get you into trouble (say, a complete crack of Microsoft's DRM schemes), you'd probably want to use Freenet instead
What you fail to mention is that it needs one centralized spot per file. So yeah, it's easy to knock out a specific file. But since trackers don't connect anywhere else, and just about anybody can run a tracker, your point is moot.
;)
Basically it's like saying "Because FTP needs a centralized server (the ftp server), it will be easier to knock out!" -- well yeah, it will be easy to knock out the offending site by sending nastygrams to its provider.
Note that BT never promised you resilience and anonymity when illegally sharing files. If you really care about that a lot, have a look at freenet.
Make that f.scarywater.net has the Windows Test; the linux torrent has been posted here already ;)
http://f.scarywater.net/ has the Windows Test; the linux torrent has been posted here already ;)
We also have the BlackBoard web thingie. I'm not really surprised the company resorts to lawyers; they're as technically incompetent as can be.
.pdf or jokes like that. The eMail the system sends out in standard configuration is non-standard base64 encoded (i.e. many Mailers have problems groking it ... Notable exception : Outlook). Managing the system is horribly ununituitive.
That system is sitting on a Sun machine with over a dozen gigs of RAM and a generous amount of processors. It's servicing around 400 people, most of which go there two or three times a week.
The system regularily crashes, breaks horribly, or is just dead slow and unwieldy. You can use forums in there -- forums which become unusable after a dozen posts or so (you literally wait MINUTES to get a page). File downloads work, but there's no way to actually use a decent filename for them without hacking; ordinarily you get some
But hey, it just costs a couple dozen thousand dollars per year. Or so.
If their card system is as well engineered as their web system, they're going to be in for a rough ride. Tha Black in their name is well earned.
(to sum up : for that price, my university would be better off hiring students to do a decent implementation. Go figure).
is here, along with all the others ...
Yes, checking md5 sums is important !
.torrent came from, the image you will have on your hdd after downloading will match /exactly/ the one used to create the .torrent (this is ensured by using SHA1-hashes in the .torrent and checking them after download). That still leaves room for tampering, but a hostile seed on the swarm won't yield you a broken or backdoored image :)
Though the sums on RH9 do match the ones published by RH; we had taken special care of checking and rechecking them.
I have been told the Knoppix ISO mismatched by one bit. I can't vouch for that, as I haven't downloaded the image.
If you can trust the source the
Whoever told you that it was a plugin for IE ? Consider yourself having been lied to ... Or having just about found a willing troll-taker ;)
no need to change the source --max_upload_rate 350 would have done the trick ;)
;)
Got the file at an average of 1200k/s, then again, that client was one of the first
Has BitTorrent completed the download ? The file is the full size right from the beginning and pieces get filled in in a random order. Please verify that your BT client has said "Download completed" and recheck your files then ;)
Please wait a couple of minutes. If the speed does not increase for you, and you are on an upstream-capped connection, you can try capping your upstream a little below your limit. This should improve things. The parameter to do that is --max_upload_rate X, where X is in kilobytes/sec.
... I got a couple hundred k/s ;)
It's not bottlenecked
It doesn't matter which, no. Both files are the same and point to the same tracker. I just included two links in case one of them goes down :)
The same .torrent (though this time not garbled :) is avaiable
here and here ... Guess something went wrong on the server side ;)
animatrixlgfinal_dl_mov.torrent
Since the main site seems to have been hit hard by this slashdotting, try getting it from this BitTorrent site; Please leave your download window open as long as possible after finishing the download to help out others getting the file.
BitTorrent is a peer to peer file swarmer. You can get the client from http://bitconjurer.org/BitTorrent/download.html; it is Free, open, and does not contain ad/spyware; versions exist for *ix, win32, OS X, etc.
Since Slashdot had to link to the FTP, maybe this will help lighten the stress on the mirrors : http://tacos.sus.mcgill.ca/~hperes/BT_BSD5.0/ has BitTorrent files for the i386 release ISOs.
BitTorrent is a peer to peer fileswarmer. It's Free and Open Source, and comes in flavors for *ix, win32, and MacOS X. Clients are avaiable @ http://bitconjurer.org/BitTorrent/ ...
Once you have finished the download, please keep the window open as long as possible so that others can get the file as well. Thanks !
The download might be a little slow at the beginning, but as more and more people hop on, it should get really fast. Just give it a couple of minutes.