[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[freehaven-dev] comments on Gnutella
Seen on cypherpunks...
---------- Forwarded message ----------
Date: Sun, 7 May 2000 18:07:27 -0400
From: David Marshall <email@example.com>
To: Multiple recipients of list <firstname.lastname@example.org>
Subject: Re: Napster + StegoMPEG: prelude to eternity
> Since the advent of Wrapster (a WinZIP-like tool for converting any group
> of files to a MP3-like appearance) some cleaver users have included the
> original (and hopefully correct) file length as part of the name. This
> is especially handy for the longer warez files, but could be used for Eternity
> purposes. I have yet to see a single music MP3 on Napster including the
> file length. Those with this addition are likely to be favored over the
> common variety, displacing them and encouraging the retention of Eternity
Ah, so that is what is behind the bogus search results like "Hacker
Napster is centralized and only works with MP3 files. You connect to
one of many centralized Napster servers, perform a search, and get
a list of results.
A similar project, Gnutella, works for any kind of file. It's
distributed. Unfortunately, it's very vulnerable to DoS attacks: all
someone has to do (and this has been done) is spam a bunch of
bullshit searches across the network, and it propogates like the
Morris Worm until either it hits the end of the chain or the TTL
of the request is exceeded. Gnutella would work for what we're talking
about probably better than Napster would, but it has a lot of
* It's a bandwidth hog.
* Searches tend to take quite a while. This is an artifact of the system.
* There's no way to request a file listing for a user. Instead, one
has to perform a search for a substring (e.g. ".mp3").
* It would be helpful if popular files were cached at intermediate
points, and if cached files were marked as such. This would increase
performance because you're actually grabbing the file off of a wide
pipe instead of some 28.8kbps dialup user who will disconnect in 5
minutes. The author of the "gnut" client is working on this, I believe.
* The existing clients leave much to be desired. (I don't know about
the Windows clients, since I refuse to use that OS.)
* The potential for abuse is huge, and has already been partially
realized. People spam B.S. searches all over the place like
"METALLICA SUCKS!!!!!". Some other dillweeds have hacked their
clients to return bullshit responses to search requests such as "THE
RIAA IS WATCHING YOU," or sending back file lists with invalid
pointer IPs (e.g. 10.1.1.1, 127.0.0.1, etc.)
* As with anything else, people mislabel files. I would imagine that
people trying to download music videos in MPEG format get porn
a lot of the time. Someone was complaining on IRC a few nights ago
that he tried to download some MPEG of
* Resume capability in the clients I've used is apparently
nonexistant. (Gnubile and Gnucleus, to be precise).
* Operations aren't anywhere near anonymous. As I recall, whenever you
submit a query, your IP is sent along with it. I know that when you
request a file, your IP is known to the sender, as the entire thing
is peer to peer. The danger of this is highlighted by a recent
scandal by ZeroPaid.com, which set up a bunch of files which were
titled in such a way as to make them "obvious" child porn. The idea
was that anybody attempting to download the files must be a child
pornographer. Links to the full story and a discussion concerning it
are available on Slashdot. Needless to say, the potential for
abuse and misuse here is *HUGE*, since many people do a search,
pull down all the files which come back, and then review them
later. Then there are people who cache files, and so on.
And of course there are problems with the organizational skills of the
users. It would be nice if someone searching for porn could specify
that. File descriptions and category fields might help here.
The resource requirement problems will probably be fixed out of
necessity, since Gnutella doesn't scale too well right now. I'm not
holding my breath for privacy concerns, though.
Systems like Gnutella tend to work better for people with big pipes
than they do for dialup users. If everyone had broadband, a kind of
CROWDS system could even be set up for these kinds of programs.
No, I am not volunteering to revamp Gnutella.
> So has anyone developed an MP3 stego program?
You can't stego the source audio file prior to encoding,
because MP3 is lossy compression. Unfortunately I don't know the exact
format of the MP3s, so I can't comment on whether one could play with
the LSBs of the compressed data.