I really don't want that, but I don't see an alternative. If you look at LimeWire's host graph, there has been a sharp increase in the rate of decline of the network size. It started about 3 weeks ago, and it coincides with reports of an increase in fake query hits and download troubles.

There was also a recent paper that shows that all it takes is a small decimation of a population in order to cause a catastrophe. In Gnutella's case, targeting less than 1% of the high-volume servents sharing files can cause a mass exodus of users from the network.

Therefore, the choice is in the hands of the users.

Notice that FastTrack, AudioGalaxy, iMesh, et. al. all have proprietary networks and they have the highest download success rate and best search results.

And no, Secure Channels authentication features are not vulnerable to a replay attack.

And even if they break the key, we have facilities for rotating the key schedule from an external source using special messages which are digitally signed. The method used to rotate the key schedule is such that a client has no knowledge of the "next" key in the rotation until a piece of a secret share (Shamir's secret sharing algorithm) is retrieved.

Besides, reverse engineering is a violation of the DMCA, and no legitimate company that receives venture capital would dare to do such a thing - they have too much to lose.

Comments welcome.

I was silent because nobody did really care (especially developers which gave me a troll rating), not that I was convinced clustering from those commercial vendors has a non-harming effect on Gnutella. I see Bearshare's politics getting worse and the marketing "arguments" more ridiculous.

PS: Reverse engineering is not forbidden in Europe.

But its forbidden in the EULA.

For e.g. german law (european law too?) an EULA on install time does not care, it's void. I'm no lawyer, at least it can not limit basic rights, free speech or reverse engineering are some.

Btw, for an application that mainly is used to copy/hurt DMCA protected material, an EULA building on DMCA is a funny thingie. Oops, I shouldn't have mentioned this....

I said ONLY time will tell who is right... now I see I was right, after Vinnie confirmed his future split!

@ Vinnie

And now what next? Will you use Gnutella as a leeching pool, or will you be "fair" and leave the net?

Morgwen

__________________
patience is a virtue

Yes,

the most of the other developers don´t visit bearshare.net I ask me why? Do they really don´t care? Or are they really fearing a possible split?

Btw, not only you get a TROLL status, but I don´t care what Vinnie and some of his knights say, the most people are with us but they are to lazy to fight!

This sucks!

Morgwen

__________________
patience is a virtue

It doesn't have to be. Since there are gnutella nodes located in the U.S. you can sue an entity that reversely engineered an authentication handshake in the U.S. although the entity might originally be located in Europe.

__________________
Ich verabscheue euch wegen eurer Kleinkunst zutiefst.

In any event, reverse engineering or not, there are plenty of landmines and obfuscation techniques that will buy us many months of time before the security is compromised (even if it is illegally compromised).

There are encrypted portions of code which will be in the final release that aren't even going to get used for quite some time, we will be activating these additional security methods as the existing ones get broken.

True, even these additional hidden techniques will eventually be broken, but I have planned for that, instead of assuming that the protection methods are unstoppable.

Fortunately, with peer to peer software, frequent updates ensure that we will be able to combat the evils of corporate hacking as they appear.

Eh? Is Morpheus being "fair" by releasing millions of buggy servents?

Probably not, but you complaining about it isn't likely to change anything.

good point... against bearshare

Its nice that you show your true face... the next time one of your knights will tell me something about fair competition will see a link to this thread here!

And don´t point to Morpheus, you are not a better guy because some other are bad too...

And I hope that some people wake up know!

Morgwen

__________________
patience is a virtue

Alright im upgraded to "knight" They are better looking, get armor and a nice sword, a stead and all the wenches they want so i cant complain..

Fair competition why dont you do gnutella and p2p a favor and explain that to the trade groups!

They are the ones who are trying to get rid of P2P by hiring firms to monitor and spam gnutella, send automated notices to users to weaken and eventually shut down the network. Making security related features needed in the first place. They are the ones who are continuing to sure programs and are now trying various ways through legislation to stop P2P. While this is happening how can there be fair competition when someone else is trying to destroy you can the competition?

Should they be allowed to send fake data, target users and target users? No of course not but how do you prevent it without losing the "open network" if it truely is a open network shouldnt they also be entitiled to know about whatever security plan is implemented to stop them or have it be compromised? That is the million dollar question..

Yes of course and now ALL developers should fight also instead of solving the problems together...

Ah I forget Vinnie need some features that others don´t have, he has to sell his $19,95 client - and don´t tell me now anything about the Spyware version...

Do you think the open source clients, or the non-commercial clients will act this way?

What do you think will happen if Vinnie proceed this way? I think the commercial clients will start to block each other, this will destroy the Gnutella net, nice future!

Vinnie has proven here that he don´t want to work with other developers together , he ONLY wants to earn money...

Morgwen

__________________
patience is a virtue

You mean the one where everything is opt-out?

While I admire open source, and while I firmly believe that BearShare will be open source in the not too distant future (after some rather challenging problems that have been pointed out get solved), it is unfortunate that open-source Gnutella servents have a critical vulnerability - they cannot implement secure security features.

Not to worry - if the situation gets out of control we will move the secured features to a second, parallel private Gnutella network and give users the option of operating on either one. The "regular" Gnutella network (open source, vulnerable to spammers) will be freely supported by our public.bearshare.net host cache, and the "secure" Gnutella network (read: proprietary BearShare network until we can figure out how to open it up without allowing it to be attacked) supported by a private anchor server which accepts no incoming connections and cannot be attacked.

Of course ssh, SSL, PGP and all good commonly used secure protocols or hashs are available as open source.

So why security by obscurity? Instead of working on a better protocol, Bearshare tries (again) to get an advantage from proprietray extensions. Needless to say what's good for Bearshare isn't automatically good for Gnutella.