P2P Meets Push 269
meonkeys writes "What if you could securely subscribe to a trusted P2P file broadcaster? Check out konspire! An interesting concept; implemented in C++ and controllable via a cool Web interface ala Mutella."
This discussion has been archived.
No new comments can be posted.
P2P Meets Push
Related Links Top of the: day, week, month.
Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky
Five seconds for the lawsuits to hit (Score:5, Funny)
Re:Five seconds for the lawsuits to hit (Score:2)
Don't believe me? Read Snow Crash!
Re:Five seconds for the lawsuits to hit (Score:5, Funny)
Yes! (Score:3, Interesting)
Actually, this looks like a cool idea. The fact that it's a sourceforge project only makes it better!
Re:Yes! (Score:4, Funny)
No, crappy rips of somebody else's favorite songs will be forced upon you.
Re:Yes! (Score:5, Funny)
It's called radio.
Re:Yes! (Score:2, Interesting)
what??? (Score:2, Funny)
TERRORIST!
You WILL be assimilated! Now go buy something, from one of our advertisers! That is your ONLY redemption at this point, and be aware, you just racked up several points in the list, you are now a "person of interest" in the database!
---the proceedi
Re:Yes! (Score:4, Informative)
Users marked up that way could put songs on your queue, and so you could get up in the morning to find your hard driver more or less full with new music you didn't actually request yourself, but which was "pushed" onto your computer by other users sharing your taste in music. It was a neat concept. Obviously, it had room for abuse - someone you prematurely gave permission could spam your hard driver with junk, but generally systems like this work fairly well since the community gets rid of such idiots pretty fast.
Like secure, anonymous, spam-free newsgroups (Score:2)
MS already has this... (Score:2, Funny)
Microsoft security stance (Score:5, Funny)
"Needles," it reasoned, "often contain medicine."
And, so reasoning, it jammed the rusty needle directly into its ass.
Moral of the story:
I liked it better... (Score:5, Insightful)
Well, I think the idea might be (Score:5, Insightful)
I'm gonna try it now!
Re:I liked it better... (Score:4, Informative)
The difference between this and IRC fserv bots is important: kast/konspire (I dont' know which - seems the two are related) are server push.
On fservs, you still have to go out, look for what you want, try to figure out who has it, download it, and then see if it's what you want.
The new tool in question delivers content to your computer without your interaction. The analogy to broadcasting was right on: Somebody else decides what you want to / get to see, then you tune in to the appropriate channel and the content is delivered without you having to do anything.
It has a few inherent problems, absolute trust of the sender being the biggest that I can see. I have to trust whoever's running the channel not to send me kiddie pr0n and then call the FBI on me. Disk quotas (don't send me more than m megs per n hours, or perhaps don't let my incoming directory grow to larger than x megs) would be a good thing to have, and I don't know if it's been implemented here or not.
It has potential, though. News services, shareware-of-the-day services, new-song-of-the-day services (generate buzz about new bands), etc etc. I'll look at it, but I'll be wary about it.
Re:I liked it better... (Score:3, Insightful)
If you were flipping channels and HBO showed a naked child that was later ruled to be kiddie porn, who would be legally responsible?
Re:I liked it better... (Score:2, Insightful)
There are plenty of channels that serve specialty genres, punk, soul, hiphop, etc... The catch is that most of the xdccs are on r00ted boxes, and there is no
New Thinking (Score:4, Insightful)
I think that web based interfaces are severly underrated in their potential because of the reason mentioned. I love the new thinking being employed throughout this project.
Cheap $3 hosting plans [cheap-web-...ing.com.au]
Re:New Thinking (Score:4, Interesting)
My long time dream (Score:5, Funny)
Karma to burn... (Score:3, Funny)
Re:My long time dream (Score:3, Funny)
Screw multimedia; how about software? (Score:5, Interesting)
upgrading gentoo (Score:5, Funny)
with konspire: 7h55m compiling software
Wohoo!
Re:Screw multimedia; how about software? (Score:5, Insightful)
Hmmm, sounds exactly like Windows Update.
Re:Screw multimedia; how about software? (Score:2)
Re:Screw multimedia; how about software? (Score:3, Informative)
Re:Screw multimedia; how about software? (Score:5, Informative)
Re:Screw multimedia; how about software? (Score:2)
Re:Screw multimedia; how about software? (Score:2)
2. Select the "Automatic Updates" tab.
3. Make sure Automatic Updates is enabled by checking the box if necessary
4. Select one of:
- Inform me before the updates are downloaded, and inform me again before they're installed.
- Get the updates automatically and inform me when they're ready to be installed. <--- this one is what I use at work. Very convenient -- just a small tool tip at the task bar appears when something is downloaded, no dialog box or anything intrusiv
Re:Screw multimedia; how about software? (Score:2)
Re:Screw multimedia; how about software? (Score:2)
Re:Screw multimedia; how about software? (Score:2)
True, you do have needless queries, when there isn't an update, but if they send an email or some other notification, it's trivial to use that as the fmirror trigger instead of cron.
Re:Screw multimedia; how about software? (Score:2)
The advantage of gentoo is that it is compiled for your system, right? The disadvantage is that it takes ages. No I'm sure you're not the only person with that hardware configuration. How about breaking the compilation down and having it share each object file on a p2p network, and then the first machine to do the linking share the final executables. That way you can still have executables built for your system, and if all else fails build them yourself, but not spend so much time duplic
What? (Score:5, Insightful)
unknown files.. (Score:3, Informative)
I was thinking in terms of sharing common music interests (great for indie stuff), but I suppose you could start little clans for those who have certain fetishes in pr0n or gamez as well.
Re:unknown files.. (Score:2)
So, it's just like alt.binaries on usenet?
Oh, nice... (Score:2, Funny)
Re:Oh, nice... (Score:5, Insightful)
It's just getting better... (Score:2, Insightful)
This sounds like a great tool to cut down on mouseclicks and leave me with a nice shiney playlist to listen to in the morning.
The displacement of responsibility (Score:3, Insightful)
Step 6 of their P2P path to success is: build trust for a channel owner's tastes over time (owners are completely responsible for what goes out on their channels)
I wonder how effective this will be when the RIAA and the other big dogs come after them.
Re:The displacement of responsibility (Score:2)
I started using bittorent for grabbing ISO's, when a new ISO comes out, I can get it within minutes now. This has to be one of the best uses, saves the hosting companies, and everyone wins. (And thanks to peeps on Slashdot for posting when new ISO's come out, mod them up..)
Now this push channel comes out, (hopefully splits data, but I didn't read the specs yet.) so we can push new software out regular
Oh great, now the RIAA... (Score:2, Funny)
Re:Oh great, now the RIAA... (Score:2)
1) make people steal our songs
2) ?
3) Profit!
Re:Oh great, now the RIAA... (Score:2)
In Soviet Russia, the jokes play you out!
C++? (Score:2, Insightful)
But for server apps, I think it's the wrong choice. Let's face it, languages with security features are more suitable for servers. Bittorrent is in python. mldonkey is in objective-caml. And I'm sure there's something in java out there somewhere. No, I haven't seen any really professonal looking GUIs written in any of these languages, but I'd rather have the added security any day w
Re:C++? (Score:5, Insightful)
But for server apps, I think it's the wrong choice.
Maybe, but my personal opinion is that in the end it's better to write an application in a language you know really well (but might not be the best thing) than write some hacky fudge job (which will no doubt be really flakey and possibly even more insecure) in a language you don't know just because it's the best one to use.
Re:C++? (Score:2)
Of course you should not write an application in a language you don't know. But if something is a better tool for what you plan to do, why not learn that tool first, rather than using
Re:C++? (Score:2)
That depends on what languages you knew before and what you're going to learn. You can quickly learn a syntax of new language, but it takes time before you know how to use it well.
Re:C++? (Score:5, Informative)
Uh, exactly what security features are you looking for?
I'm assuming you're going to be using the STL... if you're not, well then I hope you're not planning on using any Perl modules or Python libraries either, because otherwise you're really comparing apples and oranges (not that you aren't already, but that's another discussion).
std::string and std::vector take care of most of the security concerns you might have -- presuming you use them properly of course. If you need to deal with pointers and std::auto_ptr isn't useful (which, in general, it's not) then use a smart pointer library -- I highly recommend Boost [boost.org] - I've used it's shared_ptr class and like it. In over a year of serious C++ development we've had exactly one memory related problem -- and that was from me misusing boost (and suspecting I was doing so during development but forgetting about it during testing).
The general concerns with C/C++ are buffer overruns and other memory stomps. If you use the right libraries it's not an issue in either (go look at vsftpd's string functions for an example of what I'm talking about in C). If you're writing insecure C++ code then it's most likely because you're ignoring significant language features (like the STL). It's not a language issue.
Re:C++? (Score:5, Informative)
Yes, I fully agree. vsftpd is one of the best examples of how to write secure C. As for Kast .. I briefly checked the sources, it's using a lot of code such as:
foo = new[ strlen(bar) + 100 ]; sprintf(foo, "stuff %s", bar);Which is safe only as long as you're careful. And was the author careful enough? No. I'm not touching this thing until the sprintf()s are gone.
Security features in a language? (Score:5, Insightful)
My advice is go the opposite direction. Learn about security from a programmer perspective. Accept only libraries and components that have been extensively audited by knowledgeable, trusted sources. Then build your server on top of them in a lower level language that affords you the ability to take direct charge of everything else. Make your server secure by thinking about security in every line you code.
I use C, but the exact choice of language isn't important; the mindset and approach is. This advice applies equally to any other language: Check the return value from EVERY system call, EVERY resource allocation, and EVERY library call. Verify ALL inputs before using them, both for length and for sanity of contents. Before EACH time you write something to any kind of buffer, check that you won't write past the end FIRST. Do all of these things in every function of every module of every application. And if you rely on a language or library feature instead of doing it yourself, you'd better be damn sure that the language or library feature is doing it correctly and completely -- VERIFY this before you deploy your program.
Some may call writing in C a security risk. Inherently, it isn't. C just gives the programmer more rope to either make a better knot or make a better noose, as they see fit. The first ten to twenty lines of nearly every C function I write go like this: return failure if this parameter isn't sane; return failure if that parameter isn't sane; return failure if any persistent context isn't consistent with how we were called; try to allocate all resources required for the function and return failure if any of those allocations failed. Some other languages may automate some of that. But as a security auditor, I'm going to want to see all that. If I can't see it, I'm going to want to examine in detail the implementation of the language features that do it implicitly. If I can't do that, then I can't consider the program secure. Using C helps me audit my code because it forces all security measures to be explicit and spelled out in detail. Yes, that's more work for the programmer. But it's less work and more certainty for the security auditor. That's a tradeoff I'm willing to make.
Re:Security features in a language? (Score:2)
Even better: write wrappers to commonly used functions so you don't have to do that all the time. For example checking malloc() failures is use
"potential for anonymity" (Score:5, Insightful)
Especially since in this network, whoever distributes a given file also requested it (at least that's what I am reading out of the documentation), in contrast to other networks, eg. freenet where the fact that you have data on your HD and distribute it to other people does not imply that you requested that data to be there yourself.
(Note: I still think this is a pretty neat concept, though!)
Not especially... (Score:5, Interesting)
Freenet is basicly trying to make everyone (except the inserter and the requester, which are difficult to find) be a common carrier (ISPs do caching, so the fact that Freenet caches stuff does not prevent this). Whether that argument will stand up in court is questionable, but this system certainly won't hold up to this defense.
Kjella
Re:"potential for anonymity" (Score:2)
Re:"potential for anonymity" (Score:2)
And by the way, according to this page [albany.edu], copyright is already a strict liability offense. You may have a defence under the DMCA, but only if you've registered as an ISP.
Y'all don't seem to understand. (Score:3, Interesting)
I'd love to share my stuff, but port forwarding is annoying, and I've only got one IP. This would allow me to share back.
What I don't understand is... why doesn't gnutella support this sort of thing? How come I can't check with my ultrapeer to see if someone wants one of my songs? Would that require maintaining a heavier connection to my ultrapeer?
I've got all this pr0n, and all this bandwidth... but no IPs to share it with.
Re:Y'all don't seem to understand. (Score:4, Funny)
*hands shaking...*
Ok, write this down. 12.225.189.24
I love you.
Re:Y'all don't seem to understand. (Score:4, Funny)
I've got all this pr0n, and all this bandwidth... but no IPs to share it with.
I believe this is a first for humanity. Sort of like why you never hear the statement, "Man! What am I going to do with all these drugs?"
What I would like to see.. (Score:3, Informative)
this system seems limited by linear pushing 1:1 host:client ratio, and this increases the output logarithmically.
the problem they are going to run into is that 90% of users on the internet (atleast) have 256 kbps or lower broadband caps, and therefore the network will not efficiently use bandwidth if its 1:1 sends.
so anyway, this with
Re:What I would like to see.. (Score:2, Interesting)
sort of like peercast (Score:2)
Same stuff Different Day. (Score:2)
the only P2P i trust is the gnutella group I belong to that you are required to join by being invited. and yes we boot people on a regualr basis for simple things like bitrates below 196 document files that are infected, etc...
THAT is the only way to have atrusted P2P... I dont care what they try via software, all it takes is 1 bad apple to poison the whole orchard.
Re:Same stuff Different Day. (Score:3, Funny)
Thanks,
Hillary Rosen
pop lawsuits.... (Score:2, Funny)
push p2p
pop lawsuits
Cool legit use (Score:2, Interesting)
maybe I've been surfing the web too long (Score:5, Funny)
Re:maybe I've been surfing the web too long (Score:2)
Moderation and subscription. (Score:5, Insightful)
Only two things are missing from this cool idea to make it really awesome: Moderation and subscription.
With a channel moderation system, users can award positive or negative karma to a channel. This could be implemented as a separate "phone directory" service, where channels are listed by categories and users can post comments about a channel and give a few moderation points once in a while, a la Slashdot and/or eBay. You could award points for quality, speed, relevancy, etc., and provide an explanation of why you awarded that score.
Channel owners who have high moderation can then capitalize on their channel by charging others to distribute their files.
Which brings me to my next point: Subscribing to channels. If your channel is really good (has high karma), you could even charge a subscription fee to subscribe to your channel. So instead of paying X amount of money to download a single MP3 file, you would pay, say, $10.00 a month to subscribe to some channel and receive all the MP3 files distributed on that channel. A channel that distributes old, "yesterday's news" music could charge a small subscription fee whereas one that distributes the latest smash hits could charge a lot more. I know that while I would not pay for an individual MP3 file (or even an entire album worth of MP3s), I would certainly pay for really good, relevant channels.
Why paying can SCREW the RIAA:If the proceeds from the subscribers went to "the artists" and not some money hungry RIAA, a good channel could provide artists a mechanism by which to "self-publish" their music without signing over their copyright and paying most of the proceeds to the RIAA.
These practices would result in a very nice balance between money-hungry channel owners (like huge businesses that "jump on the bandwagon" to ruin it for the rest of us) and free community channel owners, because the users get to control who has the most visibility, and that would depend on how good the service really is.
Re:Moderation and subscription. (Score:2)
New RIAA Defense? (Score:2)
After all
Ugh. Web interfaces. (Score:2)
Sure, they're nice for some things, and multiplatform, but they're not for everything. I
binary newsgroups (Score:2)
I just installed it... (Score:2)
I wish someone would make something like AudioGalaxy again. That was sweet. I could search for files that I wanted while I was at work and when I got home, they'd be there on my computer. It was simple, and it worked well. Is anyone working on a project like that?
Re:I just installed it... (Score:4, Funny)
Baaaad name (Score:3, Funny)
You P2P guys really crack me up.
-Shane
Good idea for legal sharing (Score:2)
However, if I'm working on some project and want to share a bunch of stuff to the other working on the project (without versionning), then the idea is good. I can put a file on my channel and it will be automatically replicated to the other channel subscribers.
From what i read from their site
Something I don't understand (Score:3, Interesting)
Re:Something I don't understand (Score:3, Informative)
Retrograde step (Score:4, Insightful)
It turns p2p file downloading into a "tv-like" experience where you have to be online at the right time to get the file.
Sure, you could probably script it so you get the files, but that makes it like tivo where you can watch programmes when you want but you have to remember to set it up so it records it in the first place.
We have evolved beyond that. Now, with p2p you can search for and download whatever you want, when you want. OK, so someone still has to be sharing it, which is less likely with older stuff, but there are starting to be Farenheit-451-like sharers out there (myself included) who are keeping one thing (e.g. a favourite anime series) alive by always sharing it.
Also, there is a significant barrier to adoption of a new p2p-like app. You have your p2p working fine, and downloading well, then you are expected to start using a new one. You don't know how it works yet, let alone how to optimize it or where to get what you want; you know that everyone else faces the same hurdles so there won't be much content for a while, if at all.
This wouldn't be so bad if you could try out a new p2p app while using an old one, but you really need to dedicate all your bandwidth to a program to make the most of it.
At the moment emule is where it's at (at least for me), and I won't stop using it unless everyone else does and the sources dry up.
graspee
Merge with bittorrent (Score:5, Interesting)
Interesting legal implications (Score:3, Insightful)
Queston for any reader who is: might this not excuse the computer owner from legal culpability, if it turns out he has recieved mp3s the RIAA don't like? He could just say "Hey, I subbed to the channel, but I don't control what goes out over it".
Sounds like the internet... (Score:2)
p2p subscribing? (Score:3, Insightful)
When do we get "useful" P2P? (Score:5, Interesting)
What it's good for.. (Score:2)
Great for the live recording groups! (Score:2)
Maybe as well offer an MP3 option to those who would want it (like me, I'm just going to rip it to MP3 anyway) to save bandwidth.
Legal Uses (Score:4, Interesting)
Anyways, I think its a really cool concept. Its been crashing on me a bit though, so hopefully it stabilizes and gains acceptance.
P2P RSS Channels (Score:4, Interesting)
Basically, you click on a link which will subscribe the peer to the channel, and the peer will automatically download/pre-cache any new items that are added to the RSS feed.
You simply have to create an RSS feed and create a link that converts that feed into a channel that is subscribable via the Open Content Network. I've set up an example of a movie trailer RSS feed here [onionnetworks.com] And have linked it into the Open Content Network here. [onionnetworks.com]
out of region sports (Score:3, Interesting)
If someone can put Larsson's 2 goals from today somewhere I'd appreciate it too.
Finally a P2P with encryption and privacy! (Score:3, Interesting)
The connections are encrypted and you can set up your own channels and only give the key to people you trust. You can also easily change the key to each channel in case you suspect a breech in security.
I'm sure we will see a lot of use of this technology, think about it as a continued development of P2P and IRC concepts icnluding privacy and encryption which makes intercepting the transports useless unless you have the necessary keys, else you will have to retort to brute force and that may take awhile.
Re:Wish List (Score:2)
Re:Argh! (Score:3, Insightful)
Re:Argh! (Score:5, Interesting)
(Any input given would be gratefully received btw)
Re:now, i dont get this... (Score:2)
And that isn't the only reason why they didn't use Java. Read the rest of the page.
Re:now, i dont get this... (Score:2)
Some good? If it doesn't do it's job correctly, you're going to have memory leaks. This is an accepted problem, and one that the developers understand. Who are you to question them? (Really, what are your qualifications? Do you know Java? How well?)
Well, if you program correctly in C++, you don't have a problem with memory leaks either. The whole point of a gc is so that memory leaks don't happen even with sloppy p
Re:now, i dont get this... (Score:2)
For example, a function that says [in non-pseudocode]
do
{ new variable = random();
manipulate( variable );
delete variable;
}while( keystate.escape() != DOWN )
could exist happily in C++, but an equivalent Java program would likely not be able to delete allocated memory until exiting the called function. Or maybe it will. But not controlling when the memory is managed can be difficult on
Re:Amazed at P2P software (Score:2)
Kintanon
Not the same (Score:2)
With e-mail, the sender can hide their identity. This allows for spamers to get your e-mail once and then come at you. With this approach, if spam is coming, then de-register. As to viruses:
They are not a problem of the protocol (smtp), but the programs (esentially outlook, but there have been others) that allow for untrusted code to be easily executed and/or so many cracks. Now, if you use this mechanism for accepting code and you get a virus, well, that is your fault.