Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Peer-to-Peer Goodness 77

Masem writes "ZDNet is reporting on two products that are based off the peer-to-peer sharing idea that Napster made popular to release two useful tools to the community. First, "Rumor" is a p2p program that helps to spread the updates to virus protections programs by having each client on an intranet act as a p2p node, reducing the load on servers and speeding the distrubtion of the update. The second new program called "Groove Transceiver", designed by Ray Ozzie of Lotus Notes fame, acts like an extended AIM client, allowing large groups of people to communicate as a whole, but without the need for something like an IRC server. It's good to see potentally useful programs attributing their success to the Napster model - hopefully they will help with further defence of it. "
This discussion has been archived. No new comments can be posted.

Peer-to-Peer Goodness

Comments Filter:
  • with icq being owned by AIM, maybe it is time for a new alternative to aohell...hopefully, this new IM won't be bogged down with advertisements...
  • Unfortunately I think the Napster model is out... too easy to lay blame... But, distributed peer to peer like Gnutella...not scalable enough and no clean interfaces... I think if anything like Napster comes around again it's gonna survive using a subscription model... nothing else will really hold sway.. I wish it did work...but hey...you know what a wish is worth..
  • by ddstreet ( 49825 ) <ddstreet&ieee,org> on Tuesday October 24, 2000 @10:01AM (#679286) Homepage
    p2p sharing of mp3 files is one thing, but sharing executable files is absolutely inexcusable. the potential for trojans is staggering, unless there is a central source for a key and signature.
  • I wonder how long it is going to be before someone hacks the distributed anti-viral updates so it spreads a nice and mallicious trojan.
  • ... is such a dangerous thing though. How long will it be until some secretary or executive type gets a bogus e-mail virus warning and sends out the virus "update" that ruins everyones computers?
  • Of course the executable files (and/or virus data files) are signed by trusted virus software vendors. I mean, they'd have to be. It'd be insane to expect it to work any other way.

    So what's the point? The point is, the distribution sites don't get slashdotted.

  • the napster model, you dumb fucks. peer-to-peer networking has been around for fucking years. watch less TV.
  • What would happen if Napster decided to move somewhere more friendly, like the Principality of Sealand? I mean, I thought the whole point of the internet was that there are no borders to it. To avoid blame, surely they could just move to a 'rogue'state?

  • ... isn't spreading AV updates through insecure nodes a BAD idea? I thought the point of those is that you want them to be secure and good, not themselves compromised!

    Its bad enough that theoretically someone with an important enough of a router could screw with stuff as it is being downloaded, I don't want this to be too easy...
  • before some enterprising individual writes a virus to exploit this, say, automatic sharing of updates to virus protectors? Say, removing the signatures of certain virii? Or possibly, hell, just turning the protector itself into an infector?

    As for distributed conversations, unless there's some strong crypto in there, not to mention good anonymization of the packets, I sure wouldn't want to discuss anything private, since any old schmoe with a little know-how along the conversation path would be able to read all about whatever I was discussing.

    Yes, I /msg over irc now. But usually it's on a private server, and the nut-kicking principle can apply. Not so if everyone is suddenly a "peer".

    What I'd prefer to see is something similar to the cypherpunk remailer networks for irc, something akin to onion routing or somesuch. Probably too much overhead though, and living in the States, I couldn't even work on it and release it.

    --
    It's pretty pathetic when karma can drop when you do nothing
  • This Link [yahoo.com] on Yahoo, has some interesting quotes on the inspiration behind Groove.

    I smiled at the quote about EverQuest...
  • by Weezul ( 52464 ) on Tuesday October 24, 2000 @10:14AM (#679295)
    Virus scanners should not be using executables anyway since there are very efficent algorithms for looking for a match from a list of patterns. Now, there are viruses which require code to identify, but people can wait for software updates to find these viruses. Also, it's worth pointing out that someone could trick your virus scanner by sending out a piece of pattern microsoft windows as an update. This would effectivly make everyone think that they were infected and need to reinstall windows.

    Actually, it's always astounded me that virus writers did not "seek diversity" and force virus scanners to scan with code instead of pttern matching algorithms. You could potentially make it impossible to scan for viruses by forcing the scanners to do to much work, but it would take a lot of viruses.

    I suppose a better idea would be to have a mutating "do not reinfect" flag, but only remember the flag for the last 5 generation and the future 5 generations, i.e. each generation would randomly creat the "do not reinfect flag" for it's children 5 generations down the line nd forget the "do not reinfect" of it's grandparents 5 generations removed. This would mean that the virus would eventually reinfect the same files, but it would take a while.. and it would mean that the virus's distant children would not be vulnerable to the same virus scanner (assuming that the decryption code it's self mutated and could not be used as a pattern for a virus scanner).
  • You are right about digital signatures but wrong about the central source. There's no need for some central authority, just an entity that you trust. Lots of work is being done with distributed trust metrics, such as on Advogato [advogato.org].

    Burris

  • by JohnZed ( 20191 ) on Tuesday October 24, 2000 @10:16AM (#679297)
    A way for groups of people to communicate online in real time! For only $50-$100 per seat! Wow!!! The world will never be the same! I'm so glad to live at the turn of the millennium where we have such radical new technologies.
  • This is true.
    IMHO, the top two reasons viruses are propagted so massivly are AOL and Micro$oft outlook/outlook 2000.
    These, combined with an incredible lack of discretion on the part of the end user, allow viruses to have a continued existance.
    This type of p2p network would be even more highly trusted than AOL and outlook, solely because of its purpose- therefore making it a huge target for those hell bent on propagating their virus throughout the world. The number of checks that a file would have to go through would be prohibitive, and how do you explain these things to the average end user anyway? How do you tell them that they can't update their virus defs because their virus defs are viruses? I just cant see this kind of thing working. We need to be trating comptuer viruses like we treat AIDS. Educate people about what is safe to download and run, create keys and programs that are easy to use to check those keys.

    -isnt it strange to be anything at all.... -jeff mangum
  • This application sounds like it could have a lot of promise. For anybody working in a corporation with high centralized IT departments where every request to get something done (usually because the IT department is stuck in firefighting mode) takes days if not weeks, the ability to set up a collaborative environment without the need for IT to make server space, set up a database or install applications would be a godsend.

    Include concepts from the Eternity Service and you could make a real good case for adopting this tool in an environment where The Powers That Be decided to adopt a monolith document repository system or a centralized email system that seem to be down way too much.


    How soon before we see an open source version?

  • Ignoring the obvious stuff about hax0red antivirus updates...

    Groove [groove.net] looks pretty cool. First the bad news: Right now it's Windows-only, the protocols are undocumented, and there may be patents involved. But the good news is that these guys seem to have a good attitude. They're definitely in it for the long haul, actually thinking their design through (unlike Napster, Gnutella, etc.), and putting in security that would make a cypherpunk proud. And they're promising to release protocol docs so that other apps can interoperate with it.

    This interview at the O'Reilly Network [oreillynet.com] seems to have some interesting technical bits.
  • So I was trying to download that Groove thing and even find out what it is about, site is slow and getting slower. Then I come here and find out why...

    I had at least made it to the minimum requirements section. PII, 50MB for applications, 150MB for data? I thought ICQ 99 and ICQ2000b were fat bloated blimps...

    But then it is supposed to be more/different than ICQ/AIM or the P2P flavor of the month. Somewhere I saw it described at NetMeeting on steroids. The Next Generation of Groupware. I'm not exactly sure what it is supposed to be, the few pages of the site that I could get to download weren't exactly descriptive.

    Still, I wanna check it out, even if it just becomes more trash clogging up my Windoze Registry. Mainly cause I've got assorted projects spread across the world with mainly Windows Users (must... resist... temptation... to insert L there) to deal with. Anything to make it easier. So, UH, anyone played with it yet? Or should I listen to that little (BSD) devil on my shoulder saying "200MB? you should know it will suck regardless of who designed it. STICK TO EMAIL"

  • These websites also have that story:

    http://www.wired.com/news/technology/0,1282,37874, 00.html?tw=wn20000729
    http://www.crn.com/sections/News/top_news.asp?Arti cleID=18579

  • err, yeah... let me write my own virus def file and then spread it around. it'll include portions of 'win.com' and the office package, so that they are scanned and deleted like the viruses they are. :)

    eudas
  • ...helps to spread the updates to virus protections programs by having each client on an intranet act as a p2p node...

    So all I have to do is submit my virus to this, and infect my intranet?

    I'll pass, thanks anyway.
    --

  • I'm surprised that I haven't seen something like this for the warez and iso scene. Of course with the large file sizes, it's not nearly as effective as napster.
  • One, I know I've played with that update model. Two, didn't we discuss the peer-to-peer update on a old Ask Slashdot? Or mabye it was an article on DDOS..

    I hope they have patented it, cuz some lawyer is going to have fun talking to me!
  • Well, I can see distributing signed binaries via peer-to-peer and having their signatures checked via the master database handled by the originator of the binaries. Sure, everyone downloading said binaries will still have to connect to one centralized source, but the amount of data being transferred would be significantly smaller. Sort of a hybrid between peer-to-peer and centralized server distribution.

  • by technos ( 73414 ) on Tuesday October 24, 2000 @10:52AM (#679308) Homepage Journal
    Oh, http://slashdot.org/articles/0 0/0 5/23/2022208.shtml [slashdot.org].. It's been archived, so you'll have to peruse down..

    Why is it Google works so much better searching /. than /. itself?
  • Actually it sounds like a good system for distributing a worm.

  • I can attest to what Groove and can't let you do as I was a part of the beta test this summer and early fall. I thought the product was really cool, but it had some problems when I was using it (ie, last week while still in beta).

    For one, it was dog slow. My usage was on a celeron 333 with 128 megs of ram on win2k, and it felt quite sluggish. Whenever you want to add more modules or different shared spaces, you need to download them from the Groove servers, update your software, and pray that the other person you are Grooving with has the module. It was quite slow.

    Often, I could not connect to other Groove users. This is, of course, to be expected from a beta test, but it was frequently not allowing me to communicate at all with others on Groove. And even on my 384 k dsl line, the VoIP was quite bad.

    That being said, I think that Groove is a kick-ass product. The idea is really cool and I believe they are intending to do (at least for a consumer product) branding with Portals and major media names. The idea that the company is just giving out suggestions for how to use it seems promising...they are letting the users (corporate and consumer) figure out how Groove can be a "killer app". Although it seems wasteful, I think they are planning on skinning capabilites so that you could have a "Matrix 2" skin and talk about the Matrix movies with your friends, or a Pepsi skin, and whatnot.

    Did I mention it was slow?

    Since the announcement today, the servers have been completely bogged down. I imagine this is from all the press they are getting. Anyway, try to get it. I think its cool, just slow... Oh yeah, its win32 only, but my employee friend told me they have MacOS X and Linux in the works...

  • I have no idea how this might relate to other P2P applications, but it seems like IP Multicasting solves these 2 problems in a more scalable fashion - too bad it hasn't taken off...
  • Hi, I work at myCIO as the chief architect and developer of the rumor technology (despite the misquote in the eWeek article). The files shared are CAB files that have been signed with a key from myCIO. The myCIO agent will only trusts files that have been digitally signed. If it can't find anyone on the local network with a trusted file, it will go directly to the source (myCIO).

    Personally I think this is more secure than something like SSL, as even if our website is compromised, the key for the CAB files is not accessible.
  • >> The Christian religion has been and still is the principal enemy of moral progress in the world.

    Simply attributing a declarative like this to some famous name is not proof. At best it is argument by authority. Where are your arguments? What line of logical reasoning leads you to such a dim-witted statement?

    Ok, this is flamin' when I shouldn't, but - where are your brains? It's a sig that presents a small portion of someone's beliefs. Considering a /. sig has a limit of 120 characters, I'm fairly certain that the person in question wasn't going to add a paragraph, or even a 50 page paper on the subject. And if he did, you'd probably flame even harder that he took up your precious bandwidth doing it.

    It's definitely not a discussion relating to P2P networking in the context of the original /. article which was presented for discussion. Neither is my comment, of course ;-)

    PS: Didn't say I agreed or disagreed with the comment, but, I didn't bother to save my karma by posting as an AC either ;-)

  • The files distributed are not binaries, and are signed. If you can't trust the AV update software to compare signatures, then it doesn't matter where the file came from. Furthermore, the most damage an invalid AV rule can do is give a false positive and cause an uninfected file to be..."cleaned". You do back up your workstations, don't you?

    Right?
  • From the article's description (given ZDNet is not exactly a bastion of accuracy), this "Groove Transciver" thing sounds an awful lot like Hotline [bigredh.com], which has been around for quite a while now.

    ----

  • There are over 50 thousand viruses now and a large percentage of them are not something you can describe with just a pattern matcher because the virus is self-encrypted. Most modern virus scanners have fairly complex code to deal with decrypting a virus and then applying a pattern matcher. At least in the case of myCIO, we code updates are only 2-3 times per year, most of the time what you are getting are just virus signatures.

    As for your ideas on writing viruses, everything you've mentioned has already been done before. Most AV software has some sort of CPU emulator to deal with self-encrypted code, so it doesn't really matter how much it mutates, if it can decrypt it self in the real world, we can decrypt it in the virtual world (and if it can't decrypt itself it's not going to propagate and so isn't a virus [ just a wannabe ])
  • what happens when someone writes a virus that modifies the virus scan file to remove itself, and propagates that file across the p2p network as the latest update?
  • anyone here heard of digital signatures? come on guys.. think about it for a minute. this is no less risky than downloading an update off a webserver, infact probably more secure because you can verify the sig and make sure it can from a non-web accessable (and therefore non-externally-crackable) source (such as a vault). cracked webservers are a dime a dozen.. try messing with a DSA sig. basic encryption here folks.
  • p2p sharing of virus definitions:
    • The only viable solution to the virus problem is a secure machine (OS and apps). Anti-virus software is to computer security as an automatic sentry gun is to home security. It does more harm than good, no matter how well it's administrated.
    • So now the virus writers can check their virii against the latest definitions without even hitting the main servers? They'll appreciate that. :)
    • Why make a different app for sharing of each kind of file? Why not a single distributed master-less network with distributed trust and market-based load balancing that is content-agnostic? (MojoNation [mojonation.net])
    p2p group messaging:
    • Oh great, another way my friends who've just discovered the internet can bug me.
    • Why just text messages? Why not extend existing protocols to be peer2peer broadcast rather than simply point-to-point? Oh wait, we have that already. It's called EMAIL.
    • What's wrong with a MUD (or MOO)? Is it so hard to run one or find a friendly one? I don't seem to have any trouble...
    Looks like more attempts by TheMan(tm) to capitalize on and control the one thing He can never completely own.
  • If you read it you would know that the files are authenticated by them before you download them.
  • The nodes are semi-trusted (peer 2 peer in rumor is only done within a subnet); and the files exchanged are digitally signed.
  • by SunRunner ( 199977 ) on Tuesday October 24, 2000 @11:31AM (#679322)
    All the little hacker kids out there really need to open their eyes to what myCIO has done with their implementation of p2p. Though Rumor supports the same acronym as Napster, they're very different.

    First off, application/enterprise p2p is Intra-p2p, not extra. That means that all p2p file sharing is done inside your network, behind your firewall. Additionally, as /stated in the article/, Rumor uses token level authentication. As a network admin, Rumor's implications on a pure technology level intruiges me. No longer do I have to manage 450 desktops which each must go out onto the Internet to grab antivirus dat files. Instead, I spend a significantly smaller amount of time managing one SINGLE access point. Much more secure/efficient, and it gives me more time for Quake. ;)

    And Kudos to myCIO for developing Rumor as an application indepedent technology. From perusing their website, they offer everything from at-the-gateway virus scanning, desktop virus scanning, VPN, firewall... One can only hope that they can integrate all these services into a single p2p platform. What I'd give to manage all my security measures from a single access point and control console.

    And to anyone who mention sharing of executables... go back to a refresher CS course. ZDNet's right. Implemented correctly, Intra-p2p could possibly be the wave of the future.
  • I can't help but wonder..
    Woudl this work much better if it was in a LAN environment? That is where much of this really appeals...
  • thats the point. there _is_ a central source for a key and signature, and everything is verified based on the root key. I assume you understand digital signatures and certificates, so you would understand certficiate signing and hash's of an executable to prove it's validity.
  • Aren't the described applications closer in their workings to things like gnutella?--considering that they are not based on a central server and all--and as far as the chat client goes---you can do that with gnutella now!--just take a look at the search monitor window!
    ;-}
  • And I can't help but think some of this is just to 'cash in' on the big p2p frenzy these days.

    Gimme a break. p2p is *old* technology, not new. It's using p2p in a large, distributed fashion that is new.

    As a distribution model, this might seem neat. It also could be considered distributed caching, or something like freenet.

    Really, as an organization, I have no problems haveing my few hundred or thousand users grab virus updates off a central server; how is having them fetch it off their neighbors somehow better? In certain network architectures, this may work better.... but really.

    Instant messaging? You mean like... talk in unix?
    Certainly, there is an application for instant messaging. Part of the centralized nature of instant messaging is so peopel can find each other; with a slight bit more effor,t ICQ woudl not NEED a server.. but that's too much work for joe average to do. Heck.. most of the reason for the central server is due to dynamic IP addressing anyway..

  • that doesnt happen. the av software would remove the virus before it had a chance to do anything (like remove itself from the scan file). that's part of the basics of av software, you have a fingerprint, and you can detect a virus before it can do anything. else av software would be pretty useless wouldnt it? "norton has found the stoner virus, but only after it made your computer completely useless" ;)
  • Would P2p gaming work? I'm tired of not being able to play Cstroke/TFC/Quake because of goofy server hang-ups. Or would this just be a cheaters' haven?
  • You might be willing to do set up a server, but why do it if you don't have to? Using the Rumor technology anyone can set up AV on their network without having to worry about a centralized server, or keeping the virus signatures on that server up to date. Also, if you have hundreds or thousands of users, you are at a company which can afford to have someone taking care of a central server, not everyone can do this. Even in large companies, you don't really want to have to deploy a server at every location do you?
  • Hmm. More closed corporate ware for isolated p2p functions. Yippie.

    I'm disappointed. I want p2p emacs. Not a text editor, but I want a p2p base that's open source and as powerful as emacs. Then we could all write our own MUDs or chat services or encryption services, file fiddling, or whatever the heck we feel like on this solid p2p base. And then I can browse .el files or something to download new p2p plugins.

    Hopefully in all the hype one of the p2p lemmings will come up with something more original and useful, rather than just another for-the-money p2p Valley play.

  • Our company, grub.org, is writing a distibuted web crawler.

    The project is a cross between a peer-to-peer client network and a centralized server network. Clients use their resources to enable crawling the Internet and then report back to a central server which will serve up searches for the public. Web administrators will want to run the client to enable auto indexing of the sites they host on their servers.

    We should have a client ready sometime in November, so be sure to check back with us then.

    The site is located at http://www.grub.org [grub.org]

    Kord

  • http://sourceforge.net/projects/hum anc asting [sourceforge.net]

    Humancasting [sourceforge.net] is an open source attempt to tap into the processing power of desktops to enable individual broadcasting to a large audience, please take a look.
    --
    DigitalContent PAC [weblogs.com]
  • Crowbar! Crowbar! Crowbar!

    Instead of using my chaingun on you, Chuck, I think I'll just p2p a crowbar to your machine. ;)

  • Speaking as someone who has to use Notes every day, I'd like the programmers responsible for Notes to keep their new projects to themselves. :-)

    Please.
  • actually I think it would follow a more of a keyring model.. the clients have a copy of the pub key and as long as the signature is signed with the corrosponding priv key youre good to go. if, for whatever reason, the priv key changes, its a simple matter of a revocation certificate.
  • please refer to the above comments on digital signatures regarding rumor.
  • I dont know much about multicasting, but I seem to recall that its only real use is on the MBONE, (wasnt there an ask slashdot about that a while ago), and MBONE doesnt really work to well for distruted file sharing (the general consencus of the ask slashdot about that). Like i said, im not sure, i know next to nothin on multicasting, but i think its completely infeasable for something like this. For example, say client a gets the packet and b gets a bad packet, how does b say "retransmit" when a doesnt need it? unless the network has 0.00% packet collision you would have serious issues.
  • Ray Ozzie started Groove in 1997, pre-Napster. Technology like this doesn't get written overnight. Saying that this is "cashing in" on the Napster P2P frenzy is ridiculous.
  • the av software would remove the virus before it had a chance to do anything (like remove itself from the scan file). that's part of the basics of av software, you have a fingerprint, and you can detect a virus before it can do anything.

    OK, but what if the virus checker doesn't know about it? (that's the whole point of 'updates' isn't it? to catch the new virii that didn't get caught in the last patch?)

    I must be missing something here - this is way too obvious (a virus/trojan that neuters anti-virus programs).. seems to me (although I'm not a Windoze programmer) that it should be relatively simple to write a virus that does the following:
    • Terminate the resident AV cheker (kill -9 equivalent)
    • replace the AV executable with a bogus file
    • replicate

      Can someone enlighten me as to why this hasn't happened?
  • It works,
    it is a cheaters heaven.

    It's called Star Craft and Battelnet. Battelnet just sets the game up (like napster's servers) after that it's pure P2P.

    You can even loose your connection to Battelnet and still play.

    -Peace
    Dave
  • Well, since I was such a whiney bastard, I thought I'd follow up...

    First, read the O'Reilly interview [oreillynet.com] with them. Some decent ideas there.

    Second, after downloading it and playing around a little bit it has some intriguing features. I'm going to play more. I'm reccomending to other people to try playing with it too.

  • Why would anyone need virus protection software? Does anyone else besides me get sick of the idea that computers are innately susceptible to virii? The whole concept is so absurd, and yet so ingrained into our subconscious.
  • Sharing executable code is something that will need to happen for the p2p paradigm to succeed. Remember, in a true p2p world you are literally running executable code on other people's machines. For now that's not a big problem because there are only a few well-known p2p applications (Napster, Gnutella, etc.)

    What about the future when there are hundreds? What is lacking is an operating system for managing p2p executable code. Desktop OSes are no good because they assume that you trust your local applications.

    A p2p OS would need a way to control the security and system resources for each application because 1) part of the app is on someone else's machine, 2) you don't want the p2p app saturating your network or formatting your hard drive.

  • I agree. I think that the business potential of p2p is the "one-click install" and simplified administration of the software on a network. If you don't have centralized servers, there is no need to pay for their maintenance.

    It is questionable if an open source app will ever come out. Right now what all the p2p people are trying to figure out is a way to make money. Their only value is in the code they possess and if they make it open source will they ever see the green?

  • Question, is the Groove Transciever Open Source etc? I know that many OS MMORPGs are basing a large part of their servers off of IRC servers. If this technology is freely available, then the expensive server end of OS MMORPGs may have a very valid workaround that would remove an almost prohibitive cost from the system.

  • If you can get one of the little DDOS wariors on that Groove thing, this will be a fast and extremely effective way to attack.

    Oh.. about encryption. Yeah the files will be signed, whatever. But all it takes is to compromise the originating host. (The anti-viri providor host) or the host that provides public keys then it can propagate from there.

    getting any executables is a bad idea.
    • Gimme a break. p2p is *old* technology, not new. It's using p2p in a large, distributed fashion that is new.
    Well, Groove has apparently been working on the technology for three years [nwfusion.com], so in theory their product precedes Napster, for example. :)
  • would you have gotten it if he included <joke> tags?
  • There has been viruses that attacked antivirus programs. Back in the DOS 6 days, we got bit by by a bootsector virus that destroyed the filesystem only after it was detected by Norton. Only solution was to wait for a patch.
    --
  • Agreed hopefully eiter freenet or something like it will provide some basic fuctionallity. I would like to see distributed anonymous p2p emoney [kuro5hin.org]
  • The Groove Transceiver is not Open Source.

    I don't know enough about Groove to know if it would be helpful for MMORPGs or not. But some of the protocol auto-negotiation stuff that sneaks through NATs and firewalls might be helpful.
  • Only if you dont trust the person you're getting the content from. This is a shameless plug, but I'm working on a P2P program that removes this problem. As every user is identified by their RSA public key, you can be sure who you're getting the file from, and assign trust based upon that identity.

    A simpler solution in this case is just to sign the virus definitions, but that's less interesting ;)

    Mike
  • Most AV software has some sort of CPU emulator to deal with self-encrypted code

    Wow! I had no idea that people had really gone so far with these things. The last virus source code I looked at was one of the first ones which used self encryption. I have to admit that I'm supprised that anyone has been tricky enough to write a decryption function which can it's self be hidden/mutated.

    Anyway, it dosn't seem like it would be hard to make a virus which hid deep inside a program instead of in the RTS code. Wouldn't this make it impossible to find the virus by running the RTS code to the programs on the system in a safe enviroment? The "do not reinfect" flag could just use the +/- 5 generations idea to be immune to current virus scanners. Personally, I think the hardest pert of this is making the virus's decryption code immune to patern matching.
  • I downloaded groove (after wading through multiple failures of their NT web server) and played with it for 1/2 hour. In its current form, the UI appears as a organizing shell with several applets. The applets operate cleanly, but with limited functionality. (The notepad is can display multiple fonts). All of the applets are "live" spaces that update ~real time on everbodies screen who is viewing that particular applet. The applets include:
    notepad
    browser(with bookmarks)
    outliner
    forum
    chat
    sketchpad
    calendar
    contact manager
    file repository
    (and more)

    Applets can be organized into collections, which are appropriate for a task (like organizing a meeting or presentation)

    Pluses: The eye candy is pleasent. The secure shared workspace is a good thing, the kind of thing that engineering groups need. (Certainly mine does)

    Minus: I didn't see anything in the way of different permission levels. I would think that that should be built into the framework itself. Also, the shell permits multiple copies of an applet to be added to a workspace, to allow, say, different topics to be discussed. These instances can be named, and are accessed via tabs like a multipage spreadsheet. I don't see how this would scale beyond 20 pages. So I don't see enough hierarchy in the system to handle life size projects. Even if multiple workspaces are used, I didn't see any hierarchy there either.
    I have seen a lot of tools which seemed really useful until the number of items being managed exceeded what would fit on a page.

    I like the concept, I like the attitude, I plan to get some of my co-workers to play with it, but it needs more in the way of content management.
  • "It's good to see potentally useful programs attributing their success to the Napster model - hopefully they will help with further defence of it."

    I agree, it's very good to see new, innovative applications built on a p2p model. However, this will NOT help Napster because these programs are not Napster-like! These programs are true p2p, whereas Napster is only pseudo-p2p. The term Napster-like is very nice because EVERBODY knows what Napster is, so if you say "Napster-like" everyone knows what that means (or at least, they think they do). An illustration of why this is misleading:

    Napster looks like this:

    client <--> Napster-server <--> client

    True the server is only involved in the initial phase of a transaction, acting as the "negotiator" of a file-sharing session; once the two clients are talking the server drops out. But the server is, BY DESIGN, involved in every client-to-client session, and you can never have a client that is more than once removed from the server (i.e. no client can turn around and act as the server to another client, and the chain is never more than two clients long).

    By contrast, a true peer-to-peer implementation is "smooth" - that is, all the nodes are clients. So it looks like this:

    client <--> client <--> client <--> client <--> ...

    If there is ANY server involved (which must be the case with Rumour, though not with Groove), it is at the END of the chain:

    server <--> client <--> client <--> client <--> ...

    Thus one client talks to the server and then shares that information with other clients, which share the info with other clients... In reality the "chain" I've drawn is actually a tree, but the topology isn't important. The important point is that most of the clients NEVER talk to the server, whereas with Napster every client MUST talk to the server!

    The terms "server" and "client" are themselves ambiguous, but that's at least partially the fault of trying to force an apricot (Napster) to be an orange (p2p)! In Napster, what I have called the "server" is more of a broker between "clients" (user's computers). One of the clients acts as a "server" in each transaction, in the sense that it's serving files out, but no client can serve files to another client without going through the Napster server/broker. So it only makes sense to call the machine/site that brokers EVERY single session the "server". In the "true" p2p model the server (if there is one at all) acts in the more traditional sense (serving files), but is not generally involved in any given transaction.

    And, of course, there's the small point that neither chat (ala AIM, ICQ, or NetMeeting) nor virus-information-file sharing involves potential copyright infringement. Chat's pretty self-explanatory, and virus info is "safe" because you still have to have a working copy of the anti-virus engine in order to use it.

    I defy anyone to present a good reason why any of this should HELP Napster's defence(sic).

  • Our company, gruborg

    Tsk, tsk.
    __
  • Authentication isn't entirely the issue. If it were, we'd all be happily accepting ActiveX components. Instead, we also need control over authorization.

    The solution to the sharing of executables is the sandbox model. I got a kick out of the subthread here on anti-viral programs, as virtual CPUs were mentioned there as an AV technique. That, along with security constraints, is also a solution to the idea of sharing executables.

    Certification provides the authentication. We then add authorization in the form of security constraints which vary from identity to identify, and a nice solution is now created.

    Untrusted software might be given no network access and limited disk access (ie. a few megabytes in a fixed directory), trusted software given full access, and all the greys in between.
  • Who said it has to be some company that does the Open Source version? I think there would be some motivation for developers in their spare time to write an open source version of Groove that is either compatible with Groove or feature/functionality clone of Groove that works on more than just the Windows platform.

    If anybody is interested in something like this, let me know.
  • Well, I was demonstrating to one of co-workers how there was no hierarchy to the tabs, and I proved myself wrong. You can have tabs that "expose" a layer of tabs above them. (I've seen it nest a least a couple layers so far) So it can certainly scale beyond 20, but it stills needs some kind of cross reference or searching capability.
  • Maybe the latest p2p apps will not help Napster, but at least the excitement they create will help the people formerly known as Napster employees. :) On a somewhat related topic, I think that a successful p2p model would be able to support topologies ranging from purely clientclient all the way to clientserver. Some problems are just better suited for a clientserver approach whereas others are more clientclient (sorry, peerpeer.) I haven't seen many people talk about this... but how will the latest p2p software integrate with what's out there already? I just don't see the browser and the web being replaced by the Groove client. In which case, Groove has to somehow integrate with the web. How? In addition, I thought Groove had to eventually replicate with a "replicating server" or whatever it is called making it not a pure p2p app. As far as I know, there is NOT a single working (or even semi-working) p2p app out there 'cause namespace management & resolution, search, and security get ya.

APL is a write-only language. I can write programs in APL, but I can't read any of them. -- Roy Keir

Working...