June 24, 2010 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | >
June 24, 2010 NOTICE: This channel is no longer actively logged.
[00:25:06] *** Andrius has quit IRC[00:25:17] <alus> The_8472: damnit[00:25:24] <The_8472> huh?[00:25:58] <alus> well a) screw Google and b) making a self-pub website is ok as long as you have enough money to fight the lawsuit[00:26:32] <DeHackEd> I don't see how this is bad...[00:26:41] <The_8472> well... it would be far worse if they lost the lawsuit. the mafiaa would be all over the internet sueing people...[00:26:55] <alus> The_8472: they already are[00:26:56] <The_8472> not just the mafiaa... everyone who loves to abuse the dmca[00:27:08] <alus> if I made a YouTube clone, I would be sued, and I would be forced to shut down[00:27:10] <The_8472> it would be far far worse[00:27:20] <alus> even after this judgement[00:27:35] <DeHackEd> if youtube lost, they'd have a million other lawsuits on their asses and/or that bit of the DMCA would be rendered null and void. that's a hell of a can of worms[00:27:36] <The_8472> ask the judge to throw out the lawsuit based on the precedent?[00:28:03] <alus> still takes time and money to fight it[00:28:30] <The_8472> <The_8472> it would be far far worse <-[00:28:44] <DeHackEd> of which google has plenty and can might get lawyer fees back[00:29:15] <alus> DeHackEd: yes but of which we have none[00:29:38] <DeHackEd> then the victory is a good thing[00:29:44] <alus> I'd prefer the situation deteriarate until no one wants to work with the mafiaa, and their content and mediums become valueless[00:30:06] <The_8472> how much collateral damage do you want in the process?[00:30:21] <DeHackEd> .. that's not happening. not before 2012 anyways, even if shit starts going down yesterday[00:30:28] <DWKnight> I'd prefer the situation that the govts get their heads out of their asses and recognize that the MAFIAA are terrorists[00:30:46] <alus> The_8472: see: a[00:30:49] <The_8472> that usually takes years[00:31:07] <The_8472> alus, google wouldn't be the only collateral damage[00:31:39] <alus> well, since I don't own a youtube clone, I'm fine with that :)[00:31:44] <The_8472> think... blogs, wikis, our favorite funny image sites... everything that can contain user-generated content could be sued into oblivion if they lost[00:31:47] <alus> or see any value in them, really[00:31:55] <DeHackEd> imageshack[00:32:02] <alus> that's already happening...[00:32:16] <alus> do I need to call up the list of torrent sites?[00:32:21] <alus> and other pre-BT p2p[00:32:35] <alus> they are just as valid as youtube[00:32:50] <The_8472> more even since they don't host actual content...[00:32:56] <DeHackEd> the argument would be direct transfer vs linking[00:33:25] <alus> youtube directly transfers data to you. how could that be less of a violation[00:34:03] <DeHackEd> torrent sites do not[00:34:21] <The_8472> the problem with bittorrent is that that we don't make good poster children, a larger percentage of the content is infringing copy rights, there is no central instance to cut deals for advertisments (like youtube did) to make up for the infringments and content filtering is not an option either since indexing sites can't really filter for anything but infohashes...[00:35:14] <alus> right. see: a[00:35:32] <The_8472> so, google needs to get into the bittorrent business ^^[00:35:52] <alus> YouTube lost money to the tune of 11MM/mo iirc, Google subsidized it until they could slap everyone with cash[00:35:58] <alus> they have! Google invested in Chinese p2p[00:36:12] <The_8472> well... china is china...[00:36:30] <The_8472> you can buy iphone clones for a dime a dozen there[00:36:39] <alus> yeah I saw them they are weird[00:36:45] <alus> tiny ones, like ipod minis[00:38:18] <alus> speaking of, iPhone 4 tomorrow.[00:38:24] <alus> is anyone excited?[00:38:42] <DWKnight> meh[00:38:57] <The_8472> nah, i'm not an appletard[00:39:03] <burris> no, it doesn't run on my iphone (which is still runnig 1.1.4) and my next phone will run android[00:39:26] <alus> but there are no good android phones[00:39:37] <burris> yeah android is inferior but at least I own it[00:40:03] <alus> until they want to show you ads[00:40:30] <burris> I'm confident there will be ad free distros[00:40:37] <The_8472> there are[00:40:39] <alus> this is Google's specialty. free ok product which is very simple, until it is popular then they smother it in ads[00:40:45] <The_8472> just don't use the android store...[00:40:57] <alus> the app store is a great thing about the iPhone[00:41:05] <alus> giving that up would be like going back to Windows Mobile[00:41:07] <The_8472> it's the worst thing of it, actually[00:41:20] <DeHackEd> the installation of arbitrary apps on your own terms is better[00:41:24] <burris> you can dl the source for the OS and the entire toolchain through git without entering into any stupid agreements[00:41:47] <The_8472> since it gives apple power over developers, censors the content that you can see and can even retract already installed apps. it's like DRM²[00:42:30] <The_8472> oh, and if you install location-aware apps it'll track all your movements now, beaming it right to the apple HQ[00:43:09] <alus> so wear a tin-foil hat[00:43:24] <alus> apple filters crap out of the app store. I consider it a service.[00:43:37] <alus> I don't want to download 10 apps to find the 1 that kinda works but has bugs[00:43:50] <The_8472> yes, just like the chinese filter out harmful websites for their citizens.[00:44:13] <The_8472> there is a difference between denying apps and certifying apps....[00:44:17] <alus> except apple is not trying to keep me from knowing anything. they're trying to make a good phone[00:44:30] <kjetilho> obviously no other programmers than Apple's own are capable of writing movie editing software[00:44:31] <The_8472> apple has no "safe sarch: off" mode. no "use alternative, unsafe appstore". nothing.[00:44:52] <alus> I'd really rather have that than broken apps[00:45:05] <The_8472> then don't use broken apps, d'uh[00:45:14] <The_8472> you don't need apple to do that[00:45:17] <kjetilho> obviously no SIP implementation can be bug free enough[00:45:35] <kjetilho> to mention just two areas[00:45:45] <The_8472> they could assist you with that with a "apple certified" app listing or whatever. there is NO need to lock out everyone.[00:45:49] <alus> kjetilho: ? skype works over 3G now[00:46:03] <kjetilho> Skype is SIP now?[00:46:03] <alus> The_8472: someone has to test the apps[00:46:11] <alus> kjetilho: why do you want SIP?[00:46:15] <kjetilho> uh...[00:46:19] <The_8472> yes, that's what the apple certified logo would be good for.[00:46:31] <kjetilho> VoIP === SIP[00:46:41] <alus> kjetilho: yeah, why do you want VoIP?[00:46:44] <The_8472> apple does the testing now, right? so they could also do it in the future, without locking everyone ele out.[00:46:51] <kjetilho> that's what my company uses?[00:46:54] <burris> yeah, having an apple moderated store isn't mutually exclusive with having alternate stores, you could always choose to buy exclusivelsy from apple's built in store, and most people will[00:46:56] <The_8472> testing apps is _not_ an argument for a lock-in scheme.[00:46:59] <alus> The_8472: it's true. I would like a way to download apps off of a website[00:47:19] <alus> The_8472: but that might hurt their app store revenue stream for app developers, lowering the incentive to make good apps[00:47:20] <The_8472> there we go[00:47:24] <kjetilho> are there any enterprises routing their calls over Skype servers?[00:47:42] <The_8472> they could still earn money, even with uncertified apps[00:47:46] <alus> kjetilho: why not use the telephone you have in your hand[00:48:06] <alus> The_8472: but somehow less than otherwise, right?[00:48:06] <kjetilho> alus: a) phone number mobility b) cost[00:48:26] <kjetilho> and actually c) sound quality[00:48:33] <alus> kjetilho: a) google voice b) you think VoIP over 3G is somehow cheaper than cellphone minutes?[00:49:07] <kjetilho> alus: depends on your plan[00:49:19] <The_8472> possibly. but again, conveniences are not an argument to restrict freedoms. i take the chance of a buggy app over apple arbitarily putting its business over my user experience[00:49:19] <alus> kjetilho: no, I mean cheaper to the service provider.[00:49:39] <kjetilho> in any case, SIP-applications with smooth transitioning between Wi-Fi and 3G are barred from the Appstore[00:49:43] <alus> kjetilho: they're going to charge you (or limit you) to cover their costs. you can't avoid it by using a different, more expensive to operate technology[00:49:46] <The_8472> who are they to deceide that i cannot live with a crash due to buggy software if that software is the only one that does what i want?[00:50:17] <alus> The_8472: if the iPhone battery dies, it's Apple's "fault", not the shitty 100% cpu app you installed[00:50:23] <kjetilho> alus: that's not something Apple should meddle with![00:50:39] <The_8472> alus, then they better provide me with some system monitoring tools[00:50:41] <burris> alus: no its apple's fault for having a poor os and ui for managing[00:50:56] <alus> kjetilho: it's entirely possible that Apple is doing this because AT&T insisted[00:51:03] <The_8472> or i could *gasp* install 3rd party monitoring tools if that became a problem[00:51:16] <kjetilho> alus: guess what, there is no AT&T here[00:51:23] <alus> are there tools like that for android?[00:51:25] <The_8472> alus, and? that still doesn't change the fact that apple restricts user freedoms and competition[00:51:28] <alus> kjetilho: well, whoever.[00:51:33] <The_8472> alus, top?[00:51:49] <kjetilho> alus: EU disallows operator lock-in[00:52:25] <alus> The_8472: VoIP+3G is not "competition". I'm sure it's something Apple would love to enable if they were allowed to. Skype made it somehow.[00:52:53] <The_8472> it's competition to voice services[00:52:59] <burris> seriously, managing competing resources on limited processing power machines was solved 40 years ago, how about apple applynig some of their famous design skillz to it instead of using the ban hammer, which is actually cover for them protecting their turf[00:53:08] <alus> The_8472: there's more than just "top" though. how often does an app run? how often does it dial the internet? how much power does it consume?[00:53:18] <kjetilho> "Skype made it somehow". do you think Joe Random Developer could make it?[00:53:35] <kjetilho> regardless of the quality of his software?[00:53:38] <alus> The_8472: apple doesn't run a voice service. why would they care which voice service you use?[00:53:57] <The_8472> because at&t waves money in their face[00:54:04] <alus> kjetilho: I just think it's indicative of some other limitation, not Apple saying "no"[00:54:14] <burris> they don't have at&t where kjetilho lives[00:54:19] <kjetilho> alus: wow, you're a true fanboi[00:54:40] <alus> kjetilho: I don't own an Apple product[00:55:00] <The_8472> burris, that matters... how? they just made that generic restriction in their app store, it doesn't _hurt_ them to play nice with at&t. it only hurts their users[00:55:26] <alus> The_8472: and yet iPhone users seem to be some of the happiest users[00:55:37] <alus> except burris here[00:56:01] <burris> yeah its a long festering wound that started when apple bought SoundJam and turned it into iTunes[00:56:04] <alus> but honestly I think he's paid his dues under the thumb of Jobs[00:56:18] <The_8472> you're basically defending big business interests here. apple exerts ultimate control over everything the user does. they can remotely shut down any app and even the entire phone, open source software is practically disallowed on the iphone... they even restrict what types of apps can be run (no porn for example).[00:56:52] <alus> The_8472: having used other phones with crappy software, I find this vastly preferable. I don't care how they do it.[00:57:01] <kjetilho> they allow any variation of fart application, though[00:57:04] <kjetilho> so it's not all bad[00:57:13] <alus> The_8472: I don't want a flimsy mobile web browser with a stylus[00:57:15] <burris> seriously, my iphone is paired with a computer I don't have any more, I can't pair it with my current computer without blowing away all my contacts, so I have to jailbreak it and ssh in and copy the address book or something :-P[00:57:32] <The_8472> then get an android phone, they're getting better every day[00:57:38] <alus> burris: ok that's weird. I didn't know the iPhone had "pairing"[00:57:49] <alus> The_8472: the current generation has like a 6 hour battery life[00:57:51] <burris> yeah its paired with your itunes install[00:58:02] <alus> not for just music?[00:58:04] <burris> you can't just hook it up to your friend's itunes and sync it you fucking pirate[00:58:09] <kjetilho> alus: "current generation"? there's like 50 different handsets[00:58:09] <alus> that's odd. there's no on-phone contact backup?[00:58:21] <burris> no the backup is managed by itunes[00:58:22] <alus> kjetilho: the Evo. the iPhone 4 generation of hardware[00:58:40] <kjetilho> how about the Incredible?[00:58:43] <alus> burris: haha pirate contacts[00:59:24] <The_8472> <alus> The_8472: having used other phones with crappy software, I find this vastly preferable. I don't care how they do it. <- so, DRM is good as long as it's packaged in a nice fluffy ball of user experience?[00:59:33] <The_8472> and you don't happen to run into its limitations[00:59:36] <The_8472> like burris did[00:59:50] <The_8472> i think you have your reasoning backwards[00:59:51] <burris> it is the best user experience[01:00:10] <burris> and the best developer experience, as long as you're well lubed up[01:01:00] <The_8472> what i'm criticising is not the user experience. apple may be great at that stuff. but that can be achieved without - thx for the analogy - being assraped by apple.[01:01:19] <The_8472> user experience: good. being the drm-buttmonkey: bad[01:01:26] <burris> just to start up itunes you have to agree to let apple look at what apps you have installed on your mac[01:01:52] <burris> oh, you also let them agree to see if you have pirated mp3s[01:03:13] <burris> since the agreement says you're just licensing it and you don't own the copy and you agree not to use it on infringing material and you consent to let them gather data to "verify compliance with the terms of this License."[01:04:14] <The_8472> apple is basically controlling everything you do so you can't do anything that might tarnish their corporate image of awesomeness.[01:04:22] <The_8472> i don't see how this can be a "good thing"[01:05:51] <burris> hey maybe im wrong about the sync thing[01:06:44] <burris> maybe i'll uprade from 1.1.4 to 3.1.3[01:07:34] <alus> kjetilho: no front side camera, one year old version of android, lower ppi, no 802.11n (or wimax)[01:08:08] <kjetilho> Android can be upgraded, you know[01:08:10] <alus> it is tempting to switch to Verizon now, in the hopes that I can upgrade to the Verizon iPhone when that actually happens[01:08:20] <kjetilho> .11n is not really that relevant yet[01:08:24] <alus> kjetilho: but HTC Sense does not run on newer versions[01:08:25] <kjetilho> but it's a nice bullet point[01:08:32] <alus> I have .11n at my house[01:08:48] <kjetilho> and no b or g?[01:09:01] <alus> well sure I have b and g[01:09:31] <alus> and so do like 20 of the neighbors[01:12:20] <burris> hey how do I turn this mp3 into a ringtone with itunes?[01:15:52] <burris> oh you can only do it with music you bought from apple, what assholes what if I want to have my kids voice be my ringtone?[01:17:24] <alus> hm, Verizon is $10/mo more than AT&T[01:18:01] <mpl> burris: then send your kids voice to the apple store, you'll make the pedos happy as well :)[01:19:24] <alus> burris: do you have kids[01:19:53] <burris> no but it sounds better than "what if I want my hippie noodle dance crap as my ring tone??"[01:20:58] <alus> burris: make an AAC. rename it to .m4r, open it[01:21:19] <burris> yeah I have to get some tool to make an aac now because itunes wont do it[01:21:26] <alus> what[01:21:32] <burris> still, how stupid is that?[01:22:00] <alus> I'm not sure. I haven't used a ringtone in about 7 years[01:22:09] <alus> s/ringtone/ringer/[01:22:24] <burris> I'm more curious if it can be done, apparently no you have to fool itunes to do it[01:22:44] <burris> its all about the money[01:23:08] <alus> hooray capitalism[01:24:00] <burris> plus if your source is mp3 you now have serial lossy compression generation loss, yuck[01:24:11] <burris> though it is a ringtone[01:26:03] <alus> hahaa[01:26:25] <burris> nope, I converted it to aac and renamed it with .m4r and it refused to make a ringtone[01:26:29] <alus> aw[01:26:36] <burris> seriously, what assholes[01:27:25] <burris> oh and then "show in finder" doesn't use the normal method so it starts up Finder even though I use PathFinder[01:28:29] <alus> there seem to be a few apps for that[01:55:57] <burris> apps for ringtones?[01:55:57] <burris> I love to make bbq but I always end up smelling like smoke[01:59:25] <alus> yeah. some free, some not[03:15:51] *** init0 has quit IRC[03:18:01] *** init0 has joined #bittorrent[03:33:15] *** mmmxxxccc has joined #bittorrent[03:35:18] *** mmmxxxccc has quit IRC[03:35:35] *** mmmxxxccc has joined #bittorrent[04:01:42] *** The_8472 has quit IRC[04:06:16] *** The_8472 has joined #bittorrent[04:08:20] *** The_8472 has quit IRC[04:08:21] *** tomaw has quit IRC[04:08:50] *** MassaRoddel has quit IRC[04:09:28] *** The_8472 has joined #bittorrent[04:09:28] *** tomaw has joined #bittorrent[05:19:43] *** Switeck has joined #bittorrent[06:27:40] *** edigaryev has joined #bittorrent[07:15:27] *** MassaRoddel has joined #bittorrent[07:26:34] *** guy has joined #bittorrent[07:26:39] <guy> Hello ![07:27:02] *** guy is now known as Guest88830[07:27:10] <Guest88830> i got a quick question about torrent software[07:27:16] <Guest88830> can anyone help ?[07:27:46] <Guest88830> neone ?[07:28:01] *** Guest88830 has quit IRC[07:38:30] *** edigaryev has quit IRC[08:03:47] <Switeck> no[08:04:10] <Switeck> evil very late reply.[09:34:30] *** edigaryev has joined #bittorrent[09:47:59] *** Andrius has joined #bittorrent[10:05:40] *** Switeck has quit IRC[11:31:29] *** edigaryev has quit IRC[11:44:05] *** e-manuel has joined #bittorrent[11:44:34] *** e-manuel has quit IRC[12:57:52] *** mmmxxxccc has quit IRC[13:06:17] *** edigaryev has joined #bittorrent[13:29:14] <The_8472> in case anyone is interested... i pretty finished my DHT Indexer... it harvests about 200 to 500 new torrents every 10 minutes. better than any indexing sites :)[13:32:43] *** K`Tetch has quit IRC[13:38:02] *** K`Tetch has joined #bittorrent[13:38:03] *** K`Tetch has quit IRC[13:38:03] *** K`Tetch has joined #bittorrent[13:48:27] *** edigaryev has quit IRC[14:21:01] *** The_8472 has quit IRC[14:23:24] *** The_8472 has joined #bittorrent[15:29:52] *** [diablo] has joined #bittorrent[15:56:53] <alus> The_8472: great! now make it connect to peers and get the metadata[15:57:03] <alus> The_8472: then build search[16:00:26] <The_8472> it already connects to peers and grabs metadata :)[16:00:56] <The_8472> i said it harvests 200-500 torrents, not infohashes ;)[16:34:14] <alus> off to buy an iPhone 4[16:34:20] <alus> or wait in line and kill Apple fanboys[16:34:23] <alus> haven't decided[16:34:25] <K`Tetch> fool[16:34:31] <K`Tetch> yeah, kill them, kill them all![16:34:41] <K`Tetch> and then buy any one of many more suprior phones[16:34:57] <burris> alus now that you have an iphone you can write BT for iphone... hahahahahahahaha[16:35:08] <K`Tetch> http://consumerist.com/2010/06/billshrink-iphone-4-is-best-value-among-latest-smartphones-if-you-watch-data-usage.html[16:35:09] <mpl> uh why? just become an apple shareholder and profit from their dumbness.[16:36:27] <K`Tetch> that's best value, if you don't mind a 200Mb/month limit, compared to limited data for everyone else[16:38:29] <burris> I <3 "there, I fixed it" blog[17:03:31] *** stalled has quit IRC[17:14:44] *** stalled has joined #bittorrent[20:09:36] *** ajaya has joined #bittorrent[20:26:12] <TheSHAD0W> http://www.prefixmag.com/news/us-starts-task-force-to-crack-down-on-file-sharers/41701/[21:05:46] <scottwolchok> alus: I have that implemented...[21:06:28] *** stalled has quit IRC[21:16:48] *** stalled has joined #bittorrent[21:24:49] <scottwolchok> alus: DHT crawling, search, and IP <-> content mapping for Vuze DHT[21:26:59] <The_8472> and i have it for the mainline DHT ^^[21:27:40] <The_8472> what throughput numbers do you achieve?[21:27:48] <The_8472> and also, do you have a paper i could reference?[21:31:00] <scottwolchok> paper's in submission[21:31:24] <scottwolchok> we're going to tech report it ASAP, but we want to wait until either we get it camera-ready or it's rejected[21:31:53] <scottwolchok> I think I overlooked your DHT crawler in the rush to write the draft[21:32:06] <scottwolchok> are the forum posts the canonical reference?[21:32:41] <The_8472> i found a prof willing to accept it as student project. so i'm currently writing a paper on it too ^^[21:32:51] <scottwolchok> (also, it was my understanding at the time that it didn't do search and IP <-> content mapping)[21:33:50] <The_8472> oh, no. i'm just doing infohash gathering to database -> highly optimized DHT lookups to fetch peer lists -> download .torrents[21:33:59] <The_8472> storing the IP lists in the database too would be trivial though[21:34:04] <scottwolchok> well, search is easy with the .torrents[21:34:41] <The_8472> i built this thing for high throughput. processing ~400 infohashes per minute[21:34:52] <scottwolchok> let me calculate the rate[21:35:03] <scottwolchok> mine reuses the crawler from the Vanish work, so it's a bulk DHT dump[21:35:48] <The_8472> so you try to maintain an exhaustive view of all nodes in the DHT?[21:36:14] <scottwolchok> average 249k infohashes recovered per hour of DHT crawl[21:36:25] <scottwolchok> the correct number is more like 249k / 100 minutes[21:36:39] <scottwolchok> so, 2,490 infohashes/min[21:37:00] <scottwolchok> no, ClearView does a Sybil attack and waits for replication[21:37:00] <The_8472> including peer lists?[21:37:04] <scottwolchok> yes[21:37:16] <The_8472> oh, how many nodes are you using?[21:37:29] <scottwolchok> if you were to modify Vuze a bit, you could up the numerator to 1M[21:37:43] <scottwolchok> two 30-min hops, 4,000 Sybils each[21:37:46] <scottwolchok> it's not 100% coverage[21:37:57] <scottwolchok> but it's not clear what fraction of torrents we capture[21:38:14] <scottwolchok> metadata recovery is worse; 56.6k / 100 minutes[21:38:35] <scottwolchok> I'll be giving a talk about this at DEFCON, btw[21:38:40] <The_8472> ah, my approach is different, it's designed to be a well-behaved DHT node (or bunch of virtual nodes) that can be operated for extended amounts of time without violating the protocol[21:39:05] <The_8472> i'm running 64 IPv4 and 64 IPv6 nodes[21:39:12] <scottwolchok> I think "fails to respond to requests" is within spec ;)[21:39:21] <The_8472> yeah... nooo...[21:40:09] <scottwolchok> "network issues" ;)[21:40:50] <scottwolchok> kidding aside, I'm not actually planning to deploy a BitTorrent search engine any time soon[21:40:56] <scottwolchok> I like not having to consult with lawyers daily[21:41:02] <The_8472> mine actually benefits other nodes to some extent since it provides shortcuts through the keyspace ^^[21:41:22] <The_8472> heh, i don't have that problem. i write the code, others use it ^^[21:41:33] <scottwolchok> I can do a global routing table in < 1 hour for Vuze[21:41:50] <scottwolchok> but the nodes don't maintain or make use of it =\[21:42:20] <The_8472> yeah, i do. i have implemented a shared routing table that can be used in a multihomed environment[21:42:25] <scottwolchok> the mainline port for the crawler needs a couple days of work and I haven't justified it[21:42:27] <scottwolchok> nice[21:43:34] <scottwolchok> are you expecting to release your paper any time soon?[21:43:51] <The_8472> about end of the month, yes[21:44:02] <scottwolchok> good, we'll probably need to cite it[21:44:50] <The_8472> although now i have to change some wording wrt. to similar work being done on the vuze DHT ^^[21:46:39] <The_8472> i thought parg implemented some encryption for the infohashes and stuff[21:46:44] <scottwolchok> it's ineffective.[21:46:49] <The_8472> i see ^^[21:49:28] <scottwolchok> and of course, there are some good reasons for not fixing it[21:49:42] <scottwolchok> like the fact that you can build a torrent site with this[21:50:05] <The_8472> yeeah, except that your approach isn't the best way to do it :P[21:50:20] <scottwolchok> why not? it's fast[21:50:38] <The_8472> yes, but if several indexing sites do it you might screw up things[21:51:14] <scottwolchok> yes, like routing consistency and reliability[21:51:31] <scottwolchok> I suppose a good neighbor policy could be implemented[21:51:54] * The_8472 nods. that was what i'm aiming for[21:52:18] <scottwolchok> I'm still debating when and whether to release the crawler[21:54:05] <The_8472> since mldht doesn't support replication i'm basically windowing over the keyspace and using a cache of nodes seen during nearby lookups[21:54:16] <scottwolchok> oh, I say in my paper that that may not mattery[21:54:24] <scottwolchok> clients need to republish anyway if they want reliability[21:54:41] <scottwolchok> so Sybiling mainline might still work, I just haven't ported the crawler[21:55:47] <The_8472> sybilling involves spoofing your source node ID depending on who queries you?[21:56:17] <scottwolchok> well, I'd probably do the port by simulating many clients in one process, binding 1 ID per port[21:56:35] <scottwolchok> **do the port to mainline, binding 1 ID per UDP port[21:56:54] <scottwolchok> i.e. just choose a random ID instead of letting SHA-1 do it[21:57:02] <The_8472> yeah, idk about other implementations, but mine has extensive defenses against that ^^[21:57:40] <scottwolchok> does it still work if I buy a bunch of EC2 nodes?[21:57:41] <The_8472> 1 ID per IP[21:57:58] <scottwolchok> I'm also not convinced it's that easy to defend against[21:58:07] <The_8472> if you got enough IPs then you'll be fine[21:58:30] <scottwolchok> a given DHT node shouldn't be hearing from a large fraction of the sybils[21:58:51] <scottwolchok> and if you believe what you hear from other nodes about this, I can kick you from the network by poisoning the routing tables[21:59:21] <The_8472> that's pretty much impossible. since that would just lead to bucket-splitting[21:59:28] <The_8472> the more nodes there are the more the buckets get split[22:00:16] <The_8472> well, not impossible[22:00:20] <The_8472> but needs significant resources[22:01:25] <scottwolchok> Mallory tells Bob that Alice's ID is X. Alice's ID is really Y. If Bob listens to Mallory, Bob will ignore Alice. If Bob doesn't listen, he also won't listen when Carol tells him that Mallory's ID is Z, allowing Mallory to say his ID is Z to Carol and W to Bob.[22:01:52] <scottwolchok> I don't see how buckets relate.[22:02:21] <The_8472> i don't trust node IDs provided by others[22:02:31] <The_8472> i only take node IDs directly from responses to fill them into the routing table[22:02:42] <scottwolchok> in the mlDHT Az plugin?![22:02:48] <The_8472> yes[22:02:52] <scottwolchok> that works?![22:03:17] <scottwolchok> how can you possibly do even a FIND-NODE[22:03:45] <The_8472> that's a lookup procedure. that doesn't insert nodes to the routing table[22:03:51] <The_8472> only responses insert to the routing table[22:04:12] <scottwolchok> gotcha[22:05:06] <The_8472> well, not just responses. also any incoming traffic. but only responses are used to verify rechability and thus liveness in the routing table[22:05:38] <The_8472> so even if you spoof your way into the table it'll be stale soon[22:06:42] <The_8472> i considered adding ID verification to lookups too, but then i realized that this could cause trouble if nodes provide conflicting ID information[22:06:48] <scottwolchok> I don't think this breaks ClearView, but I don't see myself testing it any time soon[22:07:48] <The_8472> probably not, but i'm quite pedantic about keeping my buckets clean ^^[22:08:03] <The_8472> my implementation only provides a tiny fraction of the nodes anyway[22:08:24] <The_8472> most are running µT[22:09:06] <The_8472> trying to secure the mainline DHT isn't easy anyway, since the specification is so wide-open[22:17:18] <scottwolchok> no kidding[22:17:21] <scottwolchok> free ID choice is *terrible*[22:17:29] <The_8472> it has its advantages actually[22:17:42] <The_8472> makes reusing your routing table across sessions easy[22:17:46] <scottwolchok> like expediting the Eclipse attack?[22:18:39] <The_8472> which one would that be? i don't know them by name[22:19:26] <scottwolchok> surround a target ID with evil nodes so as to supply your own data for that ID instead of legit data[22:19:30] <scottwolchok> hence "eclipse"[22:19:48] <scottwolchok> incoming routing requests are intercepted and answered[22:21:15] <The_8472> ah, yeah[22:21:59] <The_8472> pretty trivial as attack, but can't be done in bulk without combining it with other ones[22:27:29] <scottwolchok> yep, it's a targeted attack[22:49:08] <The_8472> and given enough IPs and ports you can do it anyway, simply by picking the right combinations[22:49:13] <The_8472> *cough*IPv6*cough*[22:59:40] *** [diablo] has quit IRC[23:23:42] <K`Tetch> http://ktetch.wordpress.com/2010/06/24/why-vhs-didnt-kill-the-movie-theatre/[23:30:44] <andar> shameless self-promotion[23:31:12] <The_8472> yeah, but at least there's disclosure right in the hostname[23:31:53] <K`Tetch> yep[23:31:54] *** cgreco has quit IRC[23:32:00] *** cgreco has joined #bittorrent[23:32:00] *** cgreco has joined #bittorrent