If you have to expend your time documenting what you're doing for your boss(es) to know what all you do, then you've already lost. You should never have to justify your own value to your employer; it's a key sign that the bosses aren't paying any attention to the business, or don't understand it.
Well, then you are the exception. The world wide standard for handling security is to shoot anyone pointing out any flaws. NCSU's standard policy was (might still be) to punish anyone pointing out any security issues -- "because how else would you know there's a flaw but by having exploited it?" This is, of course, very lame logic as students run across all kinds of things by accident. All such policies do is make sure no one ever reports anything.
Encryption and closed communities ("subscribers") won't help at all. What you're dancing around is the concept of "trust". The way it works today, you implicitly trust all other p2p users to be honest and above board. This is not true, and never has been.
Encrypting the traffic will only make it more expensive to participate in any p2p system. (and prevent any sort of centralized ISP cache, which is very rare to begin with.) It won't stop peers from sending you garbage or otherwise lying. Just because the traffic is encrypted does not make it trustworthy. At best, all encryption will do it make subverting the network computationally very expensive at the cost of making normal traffic increasingly expensive.
Closed communities won't work either, unless you personally know every single member and can be assured they haven't been "hacked" or otherwise cooped. The Bad People(tm) find their way into closed communities all the time. They find ways into even the most secretive groups (e.g. criminal organizations, warez groups, etc.), so thinking you're going to keep your p2p community "clean" is a pipe-dream.
If Macrovision has found a means to generate "spoofed" hashes on-the-fly, then the hash function is flawed and/or too weak and needs to be replaced. The "whys" don't matter; the integrity of the protocol depends on the strength of the hash function. The entire point of the hashes is to prevent people from doing exactly what Macrovision is attempting to do. I don't doubt they will be moderately successful on a number of p2p systems (it's worked before), but bittorrent will be a very hard nut to crack. (if it were possible, script kiddies would've already been doing it.)
they now serve [as] nothing more than glorified VCRs Actually, on this point, they don't rank even that high... my VCR has "commercial advance"(TM). So, where were the lawsuits against RCA? They were making these things 10+ years ago. Suing DVR makers for something they let others do is bullshit.
(As far as I know, the patent for the commercial advance technology in my RCA VCR expired long ago.)
it just gets sent a stream of garbage. Most bittorrent clients already deal with this... repeated hash failures result in a local ban. In effect, if you send me bad data too many times, I'll eventually ignore you entirely. It already happens enough without people intentionally feeding junk.
Did you bother listening to your chemistry teacher when he/she did that? If you did, you'd know what's going on. Lithium is a highly reactive metal. When it meets water, it forms lithium hydroxide by ripping water molecules apart. You're left with lithium hydroxide, hydrogen gas, and a whole lot of heat. Add in the oxygen already in the air, and the result is a little explosion that spreads little bits of lithium all over the place.
why is it so hard to see how many people downloaded a torrent of a show? its usually posted right on most tracker sites
a) because the numbers are not 100% accurate b) because there's insufficient demographic information in that one number c) without demographic data, who should be paid and who should be paying it? (national ads vs. local ads where it was aired vs. local ads where it was downloaded, etc.)
And just how would they collect money for the ads in torrents? Those that created the content have no way of knowing how many people downloaded a copy of their broadcast, and thus have no way to appropriately charge the advertisers.
(The actual economics are a little complicated. I'm not gonna go into it.)
Two corrections... 1) you certainly can "just create new leech accounts"... as long as the site is below the 200k user limit. (you might have to get a little inventive to get around being banned, etc.) 2) the admins are not "arrogant assholes". This is typically the stance taken by those who have been banned for any number of (justified) reasons. (posting under-age or otherwise prohibited content, being a leech (i.e. refusing to seed/upload), breaking the rules you said you'd read, etc.)
Also, out of curiousity what's the exact reason BC got banned? Everyone I talk to (and explain the stupidity/futility of the ban) says that's the peer list sharing is the reason. In fact, someone made a "patch" that cripples BitComet by removing that exact feature. I've tried to explain the same futility. It only half-way works for BitComet because the users don't have the source to easily change the peer_id. Yes, it's trivial to change for anyone with much of a clue, but that's certainly not the masses using BC.
It was banned for distributing torrents via it's private communications. Or something like that. I don't use BC, so I don't know exactly what it was doing or what the "patch" turned off, but I do know it was a serious problem for some sites. It's probablly something like the magnet urls in azureus for dht hosted torrents. I've not dug into that either to see exactly where the torrent file is coming from. (but I do know how to turn it off from the torrent. too bad the tracker cannot notify the client -- and what idiot thought putting private in the info dictionary was a good idea? That changes the info_hash people.)
That document hasn't be updated for over a year now, btw.
Adding the message protocol for sending peer lists between peers is a long way from a distributed hash table or any trackerless system. And it's not want got BC banned at a lot of sites recently.
Before the MPAA and RIAA get their pants soiled... this is no different than an number of web caching systems that have been around for years. And for that matter, there already are some p2p caching systems around -- they work by intercepting traffic and thus don't require any "support" from the client.
As for the claims of "can't use it to spy on you"... that is just so laughable. They're your ISP; they can watch every damned thing you do. (I know, because I have.)
Where "long time" is measured in days? It was only released a month or two ago (v0.56+ as I recall.) Azureus has had DHT in the CVS tree for many months now. Proir to the full release, there were only a few thousand running from CVS builds. Now there's nearly 100k and growing within the DHT tree.
The way AZ is doing things, a tracker is not required at all. If you can find one peer, you'll be able to find the entire DHT tree. Btw, this is currently an azureus only thing -- you won't learn of any non-az clients this way.
what you're describing is pretty much what a plasma display is... one gun for each color of each pixel. (they just aren't aimed like a crt. the entire cell is flooded.)
This is only slightly true. CRTs have a native display size, too. They're designed with a fixed number of pixels the same as any other display. However, the effects of resizing an image over a CRT is generally less noticable than an LCD/DLP/Plasma display -- because pixels tend to bleed together which is simply not possible for the others. (Around here, we jokingly call that "hardware anti-aliasing":-)) And, of course, CRTs have significantly higher resolutions.
Screeners are not "copies for sale" nor are they "available... to the general public".
The courts are gonna have a field day with this "law" as there are simply too many broad, open areas. For example, to the letter of the law, what the hell is a "reasonable expectation of commercial distribution"? One could argue a recording of their neighbors/roomates/etc. having sex (with or without their knowledge) has a "reasonable expectation" of being commercially distributed.
There are several reasons... 1) it only has an MPEG2 decoder in it. An IBM CS22 if it's like all the other tivos. It's unlikely that it can be reprogrammed to support MPEG4. Replacing the chip might be an option, but that's more expensive than building a new unit. 2) if DTV is using 16QAM, the HD tivo won't even be able to see the signal. Again, a problem that is easily fixed with a different chip -- even on the S1 DTivo. (This one is not code fixable.)
The HD tivo isn't alone, btw. All of the current HD DSS gear will need replacing.
Incorrect. It's their network and their connectivity costs. If a University or business blocks specific types of traffic, it's perfectly legal and justified. See, they aren't even pretending to be "common carriers" which means they are legaly responsible for what happens from their network(s).
ISPs are a different jar of monkeys. The instant they begin policing one type of traffic, they are no longer a common carrier and are no longer protected as such. If they filter one type of traffic, they can be legal required to filter every other type of traffic.
That said, universities are blocking p2p traffic because it eats up most of the bandwidth. And bandwidth most certainly ain't free. Do you want your tuiton and fees to go up because the school now needs an OC-12 to handle all the p2p uers? Or your taxes which is where most of the money for state run schools come from.
No one has said anything about port blocking. Bittorrent packets are very easily identified and blocked. It doesn't matter what port it's on.
conveniently forgetting to mention it was ultimately Linus's decision to adopt BitKeeper.
It was unanimously Linus's decision. No one else had to use BK. There were a few dozen people for whom it would've been very convenient, but even they were neverrequired to use BK. In fact, several high-level maintainers never did (Alan Cox among them.)
This is exactly the thing the pundits refuse to point out or accept.
Here Stallman resorts to characterizing McVoy as a tantrum-throwing child. Not very mature.
No, but it's a rather accurate image. In fact, it's an apt (but incorrect) image of the community as a whole... a bunch of whiny children who want everything in the world to be free. Well, all of society is built on things not being free. You're not going to change the way the entire world works over night -- we're talking about BILLIONS of people here.
Just stand up and look at the technology around you. How much of it's running software for which you don't have source code? Answer: Most of it... let's start with the tech that's on your person: mp3 players, cell phones, pagers, and in some cases, watches. The computer you're using: BIOS, keyboard controller, ACPI controller, CD/DVD drive(s), hard drives, zip/jaz/ls120/etc., various adapter cards (NIC's, SCSI, Video, sound, etc.), scanners, printers (even the f'ing print cart.), USB media readers, even the CPU itself is a programmed device... Let's walk out to the parking lot and take a look at your car: Radio/CD/MP3 player, navigation system, security system, TV/DVD player (*grin*), AWD/traction control system(s), ABS system(s), ignition system(s), even the instrument cluster...
We are surrounded by proprietary, closed source software.
...
and all the open source / free software community has done...
Actually, the community is thousands (millions?) of people. There were only a handful who constantly bitched about bitkeeper. Yes, there were hundreds that refused to use it -- and said so. But, there were only a few dozen that went on and on, endlessly bitching about those that chose to use bitkeeper. (Like they have the right to tell me what software I can and cannot use.)
the BitKeeper anti-reverse-engineering clause was just plain stupid
Not at all... he's giving you the use of expensive, commercial software under the provision that you don't take it apart (and replicate it.) It's the exact same thing as me loaning you my car as long as you agree not to take it apart. If you want to take it apart, buy it first.
I find it stupid that people are so lame that they'll spend their entire life re-inventing every wheel they've ever seen or heard of. Why people cannot accept the wheel they have in hand that doesn't take any money from their pockets -- and does not unduly take away one's freedoms -- is stupid to me.
The biggest problem Larry had was with people taking his work as the foundation for their own work. There's never been anything stopping the FOSS community from making their own "bitkeeper". (In fact, they've had the past five (5) years to do it, and still haven't.) The thing is, the community tends not to create new, unique products but clones of what other people have created -- quite often by taking the other software apart. (Not always, mind you, but often.)
And just what do you suggest they do about it? They have no idea what you may be trading -- legal or not. So, how is the IT staff supposed to know which BT packets are "good" and which are "bad"?
This is exactly where ftp mirroring came from... instead of 100 downloads of the same thing, host a local mirror for those 100 that doesn't consume any external bandwidth (beyond the mirror process itself) -- and in most cases, it's faster, too. This has lead to the current world of web proxies (aka "web accelerator".) The difference is, it's easy to intercept ftp and http and know what you're asking for. Bittorrent is much more difficult to "proxy", as such. ('tho, I know of at least one company that makes a box to do it.)
[FWIW, one doesn't even need to intercept http. Akamai does it with DNS-fu.]
This, more often than not, is just stupid. DDoS or not, an authoritative name server cannot arbitrarily block ranges of addresses, or classes of users (dialup, cablemodem, etc.) If someone asks you about a domain for which you are authoritative, you MUST answer it. That's the price you've agreed to for running a name server. This is exactly like a Denny's resturant refusing to seat French people... "We've had problems with them in the past." Just because you've had problems with some French people doesn't mean they're all bad.
We've put up with this sort of subversion for email (SMTP) out of necessity -- there just isn't any other way to deal with dumbass users with unpatched windows boxes sending 95% of the world's spam. Subverting DNS like this should be punishable by death. Face it people, any service can be targeted.
No they don't. And in fact, many don't. But, yes, at some point patches have to reach someone who does (obviously.) However, that bk user can be Linus himself.
Just to be a data point, I use bitkeeper. I like it and have no problem with the "free license." (I use it for more than just the linux kernel, btw.) However, every change I've made that has been sent "up the line" was done so as a gnu patch via email. (No one has ever pulled from my repo(s), because they can't -- there are other changes in there they don't want that cannot be selectively ignored.)
Slashdot Mirror
If you have to expend your time documenting what you're doing for your boss(es) to know what all you do, then you've already lost. You should never have to justify your own value to your employer; it's a key sign that the bosses aren't paying any attention to the business, or don't understand it.
Actually, ReplayTV should've plopped that little "exception to the rule" on the table. But I wasn't a party in those proceedings, so ...
Well, then you are the exception. The world wide standard for handling security is to shoot anyone pointing out any flaws. NCSU's standard policy was (might still be) to punish anyone pointing out any security issues -- "because how else would you know there's a flaw but by having exploited it?" This is, of course, very lame logic as students run across all kinds of things by accident. All such policies do is make sure no one ever reports anything.
Encryption and closed communities ("subscribers") won't help at all. What you're dancing around is the concept of "trust". The way it works today, you implicitly trust all other p2p users to be honest and above board. This is not true, and never has been.
Encrypting the traffic will only make it more expensive to participate in any p2p system. (and prevent any sort of centralized ISP cache, which is very rare to begin with.) It won't stop peers from sending you garbage or otherwise lying. Just because the traffic is encrypted does not make it trustworthy. At best, all encryption will do it make subverting the network computationally very expensive at the cost of making normal traffic increasingly expensive.
Closed communities won't work either, unless you personally know every single member and can be assured they haven't been "hacked" or otherwise cooped. The Bad People(tm) find their way into closed communities all the time. They find ways into even the most secretive groups (e.g. criminal organizations, warez groups, etc.), so thinking you're going to keep your p2p community "clean" is a pipe-dream.
If Macrovision has found a means to generate "spoofed" hashes on-the-fly, then the hash function is flawed and/or too weak and needs to be replaced. The "whys" don't matter; the integrity of the protocol depends on the strength of the hash function. The entire point of the hashes is to prevent people from doing exactly what Macrovision is attempting to do. I don't doubt they will be moderately successful on a number of p2p systems (it's worked before), but bittorrent will be a very hard nut to crack. (if it were possible, script kiddies would've already been doing it.)
they now serve [as] nothing more than glorified VCRs Actually, on this point, they don't rank even that high... my VCR has "commercial advance"(TM). So, where were the lawsuits against RCA? They were making these things 10+ years ago. Suing DVR makers for something they let others do is bullshit.
(As far as I know, the patent for the commercial advance technology in my RCA VCR expired long ago.)
it just gets sent a stream of garbage. Most bittorrent clients already deal with this... repeated hash failures result in a local ban. In effect, if you send me bad data too many times, I'll eventually ignore you entirely. It already happens enough without people intentionally feeding junk.
Did you bother listening to your chemistry teacher when he/she did that? If you did, you'd know what's going on. Lithium is a highly reactive metal. When it meets water, it forms lithium hydroxide by ripping water molecules apart. You're left with lithium hydroxide, hydrogen gas, and a whole lot of heat. Add in the oxygen already in the air, and the result is a little explosion that spreads little bits of lithium all over the place.
Unhealthy all the way around.
why is it so hard to see how many people downloaded a torrent of a show? its usually posted right on most tracker sites
a) because the numbers are not 100% accurate
b) because there's insufficient demographic information in that one number
c) without demographic data, who should be paid and who should be paying it? (national ads vs. local ads where it was aired vs. local ads where it was downloaded, etc.)
And just how would they collect money for the ads in torrents? Those that created the content have no way of knowing how many people downloaded a copy of their broadcast, and thus have no way to appropriately charge the advertisers.
(The actual economics are a little complicated. I'm not gonna go into it.)
Two corrections... 1) you certainly can "just create new leech accounts"... as long as the site is below the 200k user limit. (you might have to get a little inventive to get around being banned, etc.) 2) the admins are not "arrogant assholes". This is typically the stance taken by those who have been banned for any number of (justified) reasons. (posting under-age or otherwise prohibited content, being a leech (i.e. refusing to seed/upload), breaking the rules you said you'd read, etc.)
That said, there are numerous pr0n torrent sites.
Also, out of curiousity what's the exact reason BC got banned? Everyone I talk to (and explain the stupidity/futility of the ban) says that's the peer list sharing is the reason. In fact, someone made a "patch" that cripples BitComet by removing that exact feature. I've tried to explain the same futility. It only half-way works for BitComet because the users don't have the source to easily change the peer_id. Yes, it's trivial to change for anyone with much of a clue, but that's certainly not the masses using BC.
It was banned for distributing torrents via it's private communications. Or something like that. I don't use BC, so I don't know exactly what it was doing or what the "patch" turned off, but I do know it was a serious problem for some sites. It's probablly something like the magnet urls in azureus for dht hosted torrents. I've not dug into that either to see exactly where the torrent file is coming from. (but I do know how to turn it off from the torrent. too bad the tracker cannot notify the client -- and what idiot thought putting private in the info dictionary was a good idea? That changes the info_hash people.)
That document hasn't be updated for over a year now, btw.
Adding the message protocol for sending peer lists between peers is a long way from a distributed hash table or any trackerless system. And it's not want got BC banned at a lot of sites recently.
Before the MPAA and RIAA get their pants soiled... this is no different than an number of web caching systems that have been around for years. And for that matter, there already are some p2p caching systems around -- they work by intercepting traffic and thus don't require any "support" from the client.
As for the claims of "can't use it to spy on you"... that is just so laughable. They're your ISP; they can watch every damned thing you do. (I know, because I have.)
Where "long time" is measured in days? It was only released a month or two ago (v0.56+ as I recall.) Azureus has had DHT in the CVS tree for many months now. Proir to the full release, there were only a few thousand running from CVS builds. Now there's nearly 100k and growing within the DHT tree.
The way AZ is doing things, a tracker is not required at all. If you can find one peer, you'll be able to find the entire DHT tree. Btw, this is currently an azureus only thing -- you won't learn of any non-az clients this way.
what you're describing is pretty much what a plasma display is... one gun for each color of each pixel. (they just aren't aimed like a crt. the entire cell is flooded.)
This is only slightly true. CRTs have a native display size, too. They're designed with a fixed number of pixels the same as any other display. However, the effects of resizing an image over a CRT is generally less noticable than an LCD/DLP/Plasma display -- because pixels tend to bleed together which is simply not possible for the others. (Around here, we jokingly call that "hardware anti-aliasing" :-)) And, of course, CRTs have significantly higher resolutions.
Screeners are not "copies for sale" nor are they "available ... to the general public".
The courts are gonna have a field day with this "law" as there are simply too many broad, open areas. For example, to the letter of the law, what the hell is a "reasonable expectation of commercial distribution"? One could argue a recording of their neighbors/roomates/etc. having sex (with or without their knowledge) has a "reasonable expectation" of being commercially distributed.
I'm glad I'm not the only one who remembers that episode of WKRP. (or am I?)
There are several reasons... 1) it only has an MPEG2 decoder in it. An IBM CS22 if it's like all the other tivos. It's unlikely that it can be reprogrammed to support MPEG4. Replacing the chip might be an option, but that's more expensive than building a new unit. 2) if DTV is using 16QAM, the HD tivo won't even be able to see the signal. Again, a problem that is easily fixed with a different chip -- even on the S1 DTivo. (This one is not code fixable.)
The HD tivo isn't alone, btw. All of the current HD DSS gear will need replacing.
- That is MY data and MY bussiness, not theirs.
Incorrect. It's their network and their connectivity costs. If a University or business blocks specific types of traffic, it's perfectly legal and justified. See, they aren't even pretending to be "common carriers" which means they are legaly responsible for what happens from their network(s).ISPs are a different jar of monkeys. The instant they begin policing one type of traffic, they are no longer a common carrier and are no longer protected as such. If they filter one type of traffic, they can be legal required to filter every other type of traffic.
That said, universities are blocking p2p traffic because it eats up most of the bandwidth. And bandwidth most certainly ain't free. Do you want your tuiton and fees to go up because the school now needs an OC-12 to handle all the p2p uers? Or your taxes which is where most of the money for state run schools come from.
No one has said anything about port blocking. Bittorrent packets are very easily identified and blocked. It doesn't matter what port it's on.
- conveniently forgetting to mention it was ultimately Linus's decision to adopt BitKeeper.
It was unanimously Linus's decision. No one else had to use BK. There were a few dozen people for whom it would've been very convenient, but even they were never required to use BK. In fact, several high-level maintainers never did (Alan Cox among them.)This is exactly the thing the pundits refuse to point out or accept.
- Here Stallman resorts to characterizing McVoy as a tantrum-throwing child. Not very mature.
No, but it's a rather accurate image. In fact, it's an apt (but incorrect) image of the community as a whole... a bunch of whiny children who want everything in the world to be free. Well, all of society is built on things not being free. You're not going to change the way the entire world works over night -- we're talking about BILLIONS of people here.Just stand up and look at the technology around you. How much of it's running software for which you don't have source code? Answer: Most of it... let's start with the tech that's on your person: mp3 players, cell phones, pagers, and in some cases, watches. The computer you're using: BIOS, keyboard controller, ACPI controller, CD/DVD drive(s), hard drives, zip/jaz/ls120/etc., various adapter cards (NIC's, SCSI, Video, sound, etc.), scanners, printers (even the f'ing print cart.), USB media readers, even the CPU itself is a programmed device... Let's walk out to the parking lot and take a look at your car: Radio/CD/MP3 player, navigation system, security system, TV/DVD player (*grin*), AWD/traction control system(s), ABS system(s), ignition system(s), even the instrument cluster...
We are surrounded by proprietary, closed source software.
- ...
- and all the open source / free software community has done
...
Actually, the community is thousands (millions?) of people. There were only a handful who constantly bitched about bitkeeper. Yes, there were hundreds that refused to use it -- and said so. But, there were only a few dozen that went on and on, endlessly bitching about those that chose to use bitkeeper. (Like they have the right to tell me what software I can and cannot use.)- the BitKeeper anti-reverse-engineering clause was just plain stupid
Not at all... he's giving you the use of expensive, commercial software under the provision that you don't take it apart (and replicate it.) It's the exact same thing as me loaning you my car as long as you agree not to take it apart. If you want to take it apart, buy it first.I find it stupid that people are so lame that they'll spend their entire life re-inventing every wheel they've ever seen or heard of. Why people cannot accept the wheel they have in hand that doesn't take any money from their pockets -- and does not unduly take away one's freedoms -- is stupid to me.
The biggest problem Larry had was with people taking his work as the foundation for their own work. There's never been anything stopping the FOSS community from making their own "bitkeeper". (In fact, they've had the past five (5) years to do it, and still haven't.) The thing is, the community tends not to create new, unique products but clones of what other people have created -- quite often by taking the other software apart. (Not always, mind you, but often.)
And just what do you suggest they do about it? They have no idea what you may be trading -- legal or not. So, how is the IT staff supposed to know which BT packets are "good" and which are "bad"?
This is exactly where ftp mirroring came from... instead of 100 downloads of the same thing, host a local mirror for those 100 that doesn't consume any external bandwidth (beyond the mirror process itself) -- and in most cases, it's faster, too. This has lead to the current world of web proxies (aka "web accelerator".) The difference is, it's easy to intercept ftp and http and know what you're asking for. Bittorrent is much more difficult to "proxy", as such. ('tho, I know of at least one company that makes a box to do it.)
[FWIW, one doesn't even need to intercept http. Akamai does it with DNS-fu.]
This, more often than not, is just stupid. DDoS or not, an authoritative name server cannot arbitrarily block ranges of addresses, or classes of users (dialup, cablemodem, etc.) If someone asks you about a domain for which you are authoritative, you MUST answer it. That's the price you've agreed to for running a name server. This is exactly like a Denny's resturant refusing to seat French people... "We've had problems with them in the past." Just because you've had problems with some French people doesn't mean they're all bad.
We've put up with this sort of subversion for email (SMTP) out of necessity -- there just isn't any other way to deal with dumbass users with unpatched windows boxes sending 95% of the world's spam. Subverting DNS like this should be punishable by death. Face it people, any service can be targeted.
- What about maintainers ? They do have to use bk.
No they don't. And in fact, many don't. But, yes, at some point patches have to reach someone who does (obviously.) However, that bk user can be Linus himself.Just to be a data point, I use bitkeeper. I like it and have no problem with the "free license." (I use it for more than just the linux kernel, btw.) However, every change I've made that has been sent "up the line" was done so as a gnu patch via email. (No one has ever pulled from my repo(s), because they can't -- there are other changes in there they don't want that cannot be selectively ignored.)