Putting P2P To Work 131
An anonymous reader writes "Looks like some folks at IBM have had moderate success in getting P2P adopted within the corporate enterprise. One new paper on the site describes experiences in deploying a decentralized search network spanning machines in 43 countries. Another describes a system for peer-to-peer sharing of dynamic web applications instead of static files. The idea is to support development and distribution of simple modules that themselves form meta p2p networks. Neat."
Re:yay p2p plus ibm=sweet (Score:1)
And 5000(?) users requiring registration?
Re:yay p2p plus ibm=sweet (Score:1)
Re:yay p2p plus ibm=sweet (Score:2)
Re:yay p2p plus ibm=sweet (Score:2)
Re:yay p2p plus ibm=sweet (Score:1)
Re:yay p2p plus ibm=sweet (Score:1)
Re:yay p2p plus ibm=sweet (Score:1)
Re:yay p2p plus ibm=sweet (Score:1)
Re:yay p2p plus ibm=sweet (Score:1)
except this is entirely arbitary - HTTP is just a protocol, you can speak it over any connection (port 8080? yoghurt pots & string?). For example Gnutella uses a slightly modified version of HTTP on port 6346, try pointing your web browser at somegnutellahost:6346 and you'll see what i mean.
Security? (Score:5, Interesting)
Re:Security? (Score:1)
Re:Security? (Score:5, Interesting)
One way of doing this practically is to joe-bloggs sign his new files with his keys. Then some main server checks over it all, and signs his keys. Then you client get: 1) the file 2) the pgp signature of the file 3) the pgp signature from the main server of the pgp key
This involves having a main server, however you don't need to talk to it.
You need some way to make a chain of trust, and a central server/group of servers that everyone trusts is the easiest way.
JohnFLux
Re:Um... no....! (Score:2)
The only time you access the central server is:
1) When a brand new client connects to the internet and needs to get the server's public key(s). This is when the client is at its most vulnerable from man in the middle attacks etc. You could try hard coding them into the client, but you get the same problem - basically you have to start off just trusting someone you don't know.
Then you have two choices. The server could either trust everything, say, apache spits out. To do this, the server would sign apache's public key. This is done once, and then never again do the user or apache have to contact the server again.
OR
The server could just sign individual files. The coder would then sign one of his files, then send the file and signature to the server. Some human would look over it, decide if it is good sign, then sign the signature.
In both cases, when the end-user downloads a file, they get 3 files directly from the coder - the file, their signature of the file, the signature of the signature/public key.
Re:Shit man, just post a MD5'd checksum (nt) (Score:2)
Re:Security? (Score:2)
You would have a centralized "checkin" server and files would be distributed based upon key from there, cached every time someone accesses them.
When you acquired a new file you would check the crypto key against the checkin server and get a "valid/invalid" response.
The only really hard part of such a system is coming up with an efficent search algorithm that doesn't chew up your network while at the same time getting a decent number of cache hits.
Re:Security? (Score:4, Insightful)
Re:Security? (Score:3, Informative)
Once the file has been signed by a certificate authority and the CA's public key is loaded in the P2P software, the validity of the file can be confirmed. Of course, certificate revocation lists are more problematic, but they too could be distributed via P2P.
If the network is used to insert files on a continueos basis, subordinate CA's could handle the load a redundancy.
Re:Security? (Score:3, Interesting)
I think the kind of security issues you would be most concerned about would be confidentiality. My guess would be that you only place insensitive files on the P2P network, or develop P2P software that has user defined rights. That of course could lead to elevation of privileges attacks. Either way you cut it.
This is all still info that is "internal" to IBM. As everyone knows (or should know) the largest security risk that all companies face comes from internally to begin with. So its not as though these files are not accessible by a malicious and knowledgeable person on the inside already.
There are many ways that the risk can be mitigated with such a system. I could go on for paragraphs on this. I think the concept of using P2P internal for corporations has many advantages and could be come a great tool. Much like any other means of sharing information digitally all the security risk will have to be assessed before it goes into "production"
Re:Security? (Score:2)
But then, look at other public P2P networks. It seems to work surprisingly well...in fact, it seems like the RIAA is the only one even talking about distributing bad (as in corrupted) files.
Re:Security? (Score:5, Informative)
YouServ is a bit different than traditional P2P apps most people are familiar with. For one, there is accountability: Every one of the files you share has YOUR NAME embedded within the URL required for accessing that file, even if that file resides on another machine at the time of download (e.g. from the ability to replicate your site to other machines). Unless you don't value your job, you'd be highly unlikely to use this system for sharing porn / MP3's / etc, a point made in the paper on the search function.
Two, it's not just for sharing files that are world readable. It's also for sharing stuff with only designated users and groups. Every node is tied together by a single sign-on infrastructure so you can use one and only one password to access secured content on any node, without the possibility of malicious nodes sniffing and stashing your password.
Third, it's at its core web compatible. You access the network with a regular web browser. There s no need to install spyware riddled clients to get at anything. Each node provides a web accessible search interface for searching the globally shared content or site-specific content. You only install the software if you want to host stuff.
Re:Security? (Score:2)
Re:Security? (Score:1)
To be completely precise, YouServ is more of a Napster-like "brokered" form of p2p, as opposed to a purely decentralized architecture like Gnutella. For example, to be completely web compatible, it relies on DNS for peer location, and DNS requires a dedicated server (for a particular namepspace). But almost all the "real work" is still done by the peers.
Re:Security? (Score:2)
Re:Security? (Score:2)
Re:Security? (Score:1)
Hmmmm.... (Score:2, Funny)
Re:Hmmmm.... (Score:2, Insightful)
So what. IBM is not going to control what files people share. They are supplying the technology only.
If it gets shut down, we might as well shut down the entire Internet and call it quits.
As the linked webpage says... (Score:5, Insightful)
Re:As the linked webpage says... (Score:1, Funny)
Project Jxta (Score:3, Informative)
Re:Project Jxta (Score:3, Informative)
Sure you could probably build something like this with JXTA, but nobody has done it yet.
Putting P2P To Work (Score:4, Funny)
Re:Putting P2P To Work (Score:2)
MP3s?.. Movies!
I can smell the synergy (Score:5, Funny)
Re:I can smell the synergy (Score:5, Funny)
Coming into its own (Score:5, Interesting)
Re:Coming into its own-half n' half. (Score:2, Insightful)
No it's the half-n-half rule. Those on the business half can do what they want because they have the money to do it. Those on the residential side (our side) will have to put up with bandwidth limits and download caps, as well as port blocks, because we DON'T have the money. Isn't it nice how the world DOESN'T work.
P2P that isn't evil spyware???? (Score:3, Funny)
Re:P2P that isn't evil spyware???? (Score:2, Funny)
Re:P2P that isn't evil spyware???? (Score:2, Informative)
it's on the frontend that you download.
And doing that is stupid.
There's Gnucleus [gnucleus.net]
Open source and delicious.
And WinMx [winmx.com]
No spyware. No bullshit.
the list continues...don't be dumb read the fine print
Re:P2P that isn't evil spyware???? (Score:2, Informative)
For a real challenge, try P2P-ing the database (Score:4, Interesting)
But as usual, the examples are of the trivial, "hello world" class.
In the real world, dynamic content and web services are linked to some back end database server. Doesn't matter what kind of fancy distributed malarkey you put in place, everything gets serialized back to a skinny pipe when you reach the database server.
Now a distributed database server based on P2P - that would be news. Oracle had such a project, code-named Andromeda, some 8 years ago but it came to naught cos it ain't that easy.
Re:For a real challenge, try P2P-ing the database (Score:2, Interesting)
Re:For a real challenge, try P2P-ing the database (Score:2, Informative)
Re:For a real challenge, try P2P-ing the database (Score:5, Informative)
The system is intended for personal web hosting, that is, for use by mostly non-technical users for sharing files, creating web logs, guest books, and so on, using their own hardware (and that of their friends). In no way are we trying to provide p2p solutions to business class functions such as serving an online store (though I agree it would be cool if someone did that).
Indeed the existing plugins are simple (my development time has been limited and this component is very new), and at this point are intended only to demonstrate the API features. But even quite simple plugins, if they cooperate across multiple machines, can do some very cool things, a few examples of which are proposed in the paper: sharing files on multiple other p2p networks, distributed content caching ("akamai for free"), cooperative weblogging, and so on. Again, you woudln't use this to build a high-traffic online store, but it does give you many new and easy to use ways to enhance and publish your own (web) content.
Re:For a real challenge, try P2P-ing the database (Score:2)
Re:For a real challenge, try P2P-ing the database (Score:4, Informative)
PIER is a P2P Query Processor
http://www.cs.berkeley.edu/~huebsch/pier/
Re:For a real challenge, try P2P-ing the database (Score:1, Informative)
Other Upcoming Uses (Score:5, Interesting)
Earlier I posted to
With the system I built, they are going to give downloads of actual music files protected by DRM on these p2p networks, where upon playing it, you will be prompted for payment. You can make payment in the licensing window of WMP. It should be noted this only works for
It will be interesting to see how this works. It can obviously be circumvented using one of the DRM hacks, but I'm sure at least some will buy the files. Especially those on dial up who spent 15 minutes to get one song.
Is it evil? Sure. Not as evil in my mind as those companies that distribute silence or ads on these networks. Please understand, I have all the same feelings as the concensus here has. But this is a necessary step for the industry to get with the times. The DRM at least will have unlimited play, cd copy, and move to portable device.
Baby steps. Slow and steady wins the race.
Re:Other Upcoming Uses (Score:3, Interesting)
Re:Other Upcoming Uses (Score:2)
I take my HD of MP3's (around 5,000) and put DRM on them. Then You pay ME to play the downloaded file. If only I was that unscrupulous...
It would be VERY easy to do. So, I guess I am not that evil.
Re:Other Upcoming Uses (Score:3, Insightful)
That's true, but it's also how DRM could become something much more menacing that what you invision it to be. Do you think Hillary Rosen shares your moderate viewpoint on DRM? You just build the tools, you don't get to decide how they are going to be used. Most people here are aware that succesful software oftentimes ends up being adopted to perform functions that the designer never even considered.
As well indended as your efforts may be to try and find a working compromise between content consumers/producers. You are laying a groundwork that could dramatically dis-empower millions of people.
The primary issue here is one of precedent. You're helping to bolster the notion that DRM is something that people will accept.
Right now marketing is being pressured into "selling" DRM without disrupting product sales. Which is very tricky in recessionary times like these. Companies need consumer dollars to stay afloat, so they can't be too hasty and scare them away with technologies like DRM. Once sales pick up again however, there will be much more leaway to completely transition to DRM based media distribution. Have you really considered what that would imply?
This isn't a comic book, and what you're doing could end up effecting real people in very negative ways. I'm just curious what is going through your mind as you're coding this stuff. Do you think you're some kind of hero? Would you please elaborate your point of view?
Re:Other Upcoming Uses (Score:3, Interesting)
When I was initially apprached, I pushed MP3's hard, I even built the system around MP3's at first. They brought up DRM. I never worked with DRM and as I mentioned before, implementing DRM was the most horrific experience ever.
I am not a hero. DRM IS WRONG, IMHO. But, it is the same with software serialization. Even that is wrong, but it is a fact of our use of computers. The only thing we can do is to make it as easy as possible.
Ask yourself, What should DRM do? Not what it does (inconvenience people, anger everyone, etc..) It is to simply make sure that the people who paid for an item, get to play the songs, those who did not pay for the song, should have to pay. That is what DRM *should* do.
Does it do it in all of my previous experience? No, of course not. Is it MS's fault, partially. What have I personally done different? Well, I made it a little easier and more transparent. Its it completely silent in its process? No, of course not, the toll just is not there yet.
What do I think of things like palladium. I'm scared. But in this respect, I think I am doing a good thing, and I am proud of improving something so horrible. Again, I have the same concerns as most of us here (even if I am a Win developer
Hope that helps. I'm open to off list discussion...
Re:Other Upcoming Uses (Score:2)
I appreciate your honesty, but I have another question for you.
The tone of your post seems to indicate that you don't have much say in what gets implemented. Are you in a position where the only kind of work/contract you can find right now is building something like this?
Said another way, are you having to choose between paying your rent/morgage vs. doing what you seem to know in your heart of hearts is wrong?
Re:Other Upcoming Uses (Score:2)
I think most developers will agree, this is a once in a lifetime contract. The biggest client I have ever had, doing an extremely high profile project. I am trying to build a business.
I do have my objections, sure, but the opportunity is just way too much. The industry is struggling right now, I am not doing that bad though, but still, it is a great opportunity. I think I am helping them move in the right direction.
I know, I won't be remembered for the money I made, it will be volunteering at the Mormon Church, coaching little league, etc, but there are very few of us that would turn this contract down under these circumstances.
Re:Other Upcoming Uses (Score:1, Flamebait)
So as long as what you're doing is highly profitable it's ok? How is this different from Microsoft again?
there are very few of us that would turn this contract down under these circumstances.
Everyone has a price, therefore so do you?
I know, I won't be remembered for the money I made,
It's very likely that you won't be remembered for any of the software you wrote, or the money you made. But that memory is embedded within the software itself. Behind every tool is the endorsement of the person who built it.
it will be volunteering at the Mormon Church, coaching little league, etc,
Oh right, you're saving the children so that outwieghs building a product like this. And if that isn't enough, Jesus Christ is your savior so you can pretty much get away with bloody murder and still get into heaven, because all your sins are forgiven. Do you know how much damage this Christian rationlization has caused in the US alone. Doing 95% harm and 5% good is exactly that. Must be nice not having to worry about the consequences of your actions.
there are very few of us that would turn this contract down under these circumstances.
What would Jesus do? Even Jesus was violent once. When he saw the money changers who were supporting a system that said "God will see you at a price". Don't you think what you're doing is somewhat similar? You're supporting people who have extended the copyright term to over 80 years. These are the people who say "Your culture, your memories, and your history are ours. You can only revisit them if you can afford it." Holding our humanity hostage is almost as evil as saying we need to pay for God to love us.
The lawyers and politicians can pass whatever laws/policy they feel will continue to empower the few at the expense of the many. But it's the person at the end of that chain of command who actually decides if it happens. People just like yourself. Unfortunately it looks as if the lowest common denomenator is going to win out.
Do you think you're the first person to be offered this contract? Do you wonder went through the minds of those who decided not to take the job. I guess you'll never know.
Re:Other Upcoming Uses (Score:1)
Re:Other Upcoming Uses (Score:2)
Actually what he's doing is worse.
He's fattening himself by sacrificing the rights of babies(all of ours). If I was a baby I'd rather he eat me than force me to grow up in a world like the one he's helping to create.
Re:Other Upcoming Uses (Score:2, Insightful)
Either that, or they'll be mad that you just wasted 15 minutes of their time and bandwidth. On top of that, you face the rest of the problems this kind of business model faces, the biggest of which being a large chunk of your target audience doesn't have a credit card. Sure, some will buy it, but not enough will to make it sucessful.
Baby steps. Slow and steady wins the race.
Baby steps don't mean much if you fall flat on your face every time you stand up, and slow and steady is still doomed when your opponent (in this case, the free P2Ps) has such a huge headstart.
Re:Other Upcoming Uses (Score:2)
Re:Other Upcoming Uses (Score:1)
Re:Other Upcoming Uses (Score:1)
I don't get it (Score:5, Funny)
Like Gnutella, but webpages. (Score:2, Informative)
Meta Bracket This... (Score:3, Interesting)
The american anthropolgist and all around genius Gregory Bateson [oikos.org] was among the first to investigate theories of meta bracketing as sources of information. His two best books 'Steps to an Ecology of the Mind', and 'Mind and Nature: A Necessary Unity' [amazon.com] are both excellent reads and brilliant insights into the human psyche.
yay... (Score:1)
another thought... (Score:2, Interesting)
Re:another thought... (Score:1)
Wow... (Score:2, Funny)
Slap "P2P" on something old and watch people drool...
Re:Wow... (Score:2)
Hooray (Score:5, Funny)
Re:Hooray (Score:2, Funny)
Excellent for college application! (Score:2, Interesting)
Re:Excellent for college application! (Score:1)
I'll leave the reasons behind this feature omission to your imagination. :-)
Hooray! (Score:1, Funny)
Oh oh! Not compatible? Bahhhh (Score:1)
Regarding remote publishing to the user's server: [http://userv.web.cmu.edu/userv/FAQ.jsp#remotepub [cmu.edu]
Under "Limitations:"
The upload form does not work properly with the Mozilla browser due to a bug in the current (1.0, 1.1) version of this browser. We have reported the problem and hope it will be fixed in an upcoming release in the not too distant future.
Re:Oh oh! Not compatible? Bahhhh (Score:3, Informative)
A worse one (for YouServ compatability and anything else reyling on dynamic DNS) is the fact that Mozilla caches IP addresses until the browser is completely restarted. How's that for stupid?
Please vote to have this issue fixed right here [mozilla.org].
Re:Oh oh! Not compatible? Bahhhh (Score:1)
Sorry, links to Bugzilla from Slashdot are disabled.
Ad-hoc p2p on OS X (Score:4, Informative)
This sort of technology is being pushed by Apple and will be included in future updates to various "iApps" including iTunes...
In related news... (Score:2, Funny)
Yea, my mouse is bigger then your mouse (Score:1)
and
Nikki Hemming, CEO of Sharman Networks, the creator of Kazaa, released a statement today that they plan to file a lawsuit against IBM, claiming that IBM's new P2P system could interfere with their trademark fasttrack technology.
Stay tuned to Fox 11 10 o' clock news, news that works for you!
give ibm credit (Score:1, Interesting)
Reliability (Score:1)
Re:Reliability (Score:2, Informative)
Yes, this means it does exhibit a single point of failure, but as the system is not intended for piracy, porn, evading censorship, or other uses that tend to get systems "shut down", the benefits of centrally coordinating the system outweigh the functionality and performance limitations of a fully decentralized approach.
The difference from this and a completely server-based solution is that there are no central requirements that involve a large amount of resources. The central servers are a pair of old 400MHZ PII boxes, one for DNS, and one for the coordinating services. A one man operation can easily run this system on cheap hardware and a pipe with only moderate bandwidth, and still serve tens if not hundreds of thousands of users.
Rather cool (Score:1)
P2O vs the Slashdot effect (Score:3, Interesting)
It's practically the perfect application for P2P.
Re:P2O vs the Slashdot effect (Score:2, Informative)
It will let you encode any YouServ URL so that it gets cached and served by an army of available machines instead of just your own machine.
Last Post! (Score:1)
be shot on sight. Cassandra did not get half the kicking around she deserved.
-- R.A. Heinlein
- this post brought to you by the Automated Last Post Generator...