I posted this question deep in another thread here, but I think it deserves it's own. Perhaps someone will actually answer it.

I really have only one big question about the so-called "spy packets" which Vinnie has not seen fit to properly explain. Perhaps someone will be able to respond in an adult manner and satisfy my concerns.

Why are these data packets necessary at all? I understand that they are used to trigger the update notice that Bearshare displays when a new version is available. But the question is, why has Vinnie felt it necessary to munge the Gnutella Protocol to accomplish this? Why can't users simply check for themselves at the Bearshare site to see if a new version is available. This is the way it is done most everywhere else. Or at the very least make this an option that the user can choose and approve or disapprove, like Symantec does when it *ASKS* it's users if they would *LIKE* to install Liveupdate with their AntiVirus products. Or the way that Microsoft does when it *ASKS* it's users if they would like to use the automated Windows Update features. Instead, Vinnie makes modifications to the Gnutella Protocol, uses encrypted data packets, and does not ask his users if they even *WANT* to be notified about new versions. Why is its necessary to force this on the users. This question has NEVER BEEN ADDRESSED. Does anyone have an answer to it?

Certainly anyone should be able to understand the reason many are concerned about this. There is a tremendous potential for abuse in the use of these encrypted packets. We are told that they are harmless, but how can we be SURE that they are harmless? We are expected to take Vinnie's word for this. But unfortuantely Vinnie has not done much here recently to bolster his credibility.

So ... anyone have an answer to this simple question?

so, he HAS told everyone why they are there.... You just don't like his answer. I don't know what to say to that.... I'm satisfied with it! I keep hearing " it wasn't PROPERLY explained" What is it you guys are looking for? An admission of guilt? At this point, that's all that's gonna calm this witch hunt.... I'm not sure what else to say....

Oh yeah!
Please don't compare BS and it's ONE programmer to multi-million dollar companies like Microsoft and Symantec.... That's not even fair.... man you guys are diggin'.......

Its all my fault.

I misinterpreted these people's originally postings as a desire to have questions answered.

Unfortunately, despite repeated explanations, these accusations still linger.

Which means they were interested less in information, and more in stirring ****.

You have NEVER answered the question that has been asked here.

Yes, you have explained the function of the encrypted packets.

Yes, you have eplained why they are encrypted.

What you have not done is to answer why you have chosen this method of notification, which by modifying the Open Protocol itself is monumentally complicated and holds tremendous potential for abuse.

And now you come in here with your little sock puppets and again evade and obfuscate a simple question.

It just sounds more and more like you have something to hide.

Why don't you answer the question?

Oh, and by the way, I have posted this same question on BearshareNet and the answers there have been more intelligent and adult than any you have ever given. It's a rather interesting discussion actually.

That discussion can be found at:

http://www.bearshare.net/htdocs/dcfo...mID26/246.html - "A question about the encrypted packets".

Of course I felt it necessary to post under a different nickname since Vinnie has threatened to remove any post I make at BearshareNet.

Hopefully he will allow the discussion there to flourish without censorship. I will of course be reporting any censorship of that discussion in this forum, you can be sure.

Hmm...I think I finally get it now!

Unfortunately, both the manner in which the question was asked, and the relentless repetition of the question in a confrontational way despite its having been answered, prevented you from getting the information you wanted.

Three simple reasons -

1) ToadNode was already doing something almost identical, and I had noticed my inability to decipher their version number, so I figured it was something useful and did it roughly the same way.

2) Some basics of Defender functionality were actually already implemented before the first release of BearShare. I planned on using this "opaque" query to hold tons more data including the IP address of the server and its password hash if it was a private server. Unfortunately, broadcasting the information in a query instead of just sending it in the reply had disasterous effects on bandwidth utilization throughout the network, so I had to come up with a different scheme. However, for legacy reasons the method used to encode the message cannot change without some major reworking.

3) I wanted to do my best to prevent other servents from masquerading as BearShare servents. The method used to protect the version number is strong enough that it resists any attack, except those which would violate the license agreement (reverse engineering). There is nothing that can be done about reverse engineering, but this still prevents a commercial interest from taking advantage of my hard work. Hey, I'm just one guy I gotta watch my own back!

>Of course I felt it necessary to post under a different nickname
>since Vinnie has threatened to remove any post I make at
>BearshareNet.

Feel free to do so as long as you refrain from trolling.

"bodhi" however is still banned - that name will be a blight for many weeks.

Vinnie please...you are not really attempting to lecture me on manners now, are you?

Not exactly simple, but ok, it was a business decision. I think it sucks, but you are within your right. I just hope you don't wind up munging up the entire network in your efforts to keep ahead of your competition.

This from a guy who trolls his own forums...

...and are you saying here that you still intend to censor anyone who posts under the nickname of Bodhi, including me?

How childish!

Originally posted by Vinnie:
>the method used to encode the message cannot
>change without some major reworking.

Then you might want to get off these forums and get with it. You are playing catch up - try to do damage control instead of fixing the privacy and trust VIOLATION.

The packets are causing problems with packets in other languages, get rid of it! You don't need it and you have several real good suggestions on your forums for ways to do it the right way, unless you deleted those already.

>I wanted to do my best to prevent other servents from masquerading as BearShare servents

This was already covered, the answer sucks because this isn't the way to do what you want. Go back and read previous messages. Stop trying to cover up a big no no and fix it please.

As soon as you say its fixed in a new version, this will all stop. Till then you are messing with peoples privacy and trust and deserve all you get.

Bodhi, just post here, why give his forums any appearance of being a good place for open discussion?

Better consult your lawyers again, Vinnie...
Now, I'm not a lawyer, but If I remember correctly, clean-room reverse engineering used purely to allow compatability and interoperabilty is considered legal pretty much everywhere. Even the post-DMCA US.

Yes clean room engineering is condoned however due to the implementation this would require breaking an extremely strong encryption cipher. Not possible or practical without inspecting machine language code.

hi all you out there,

i have been following a couple of these discussions going on out there with interest (although often more rant than discussion, but ...).

there is this option in BearShare - think it's only in the file and not in the gui - to turn of the notifications. wouldn't this stop the client from sending these encrypted packets? i mean, this would ensure you (the user) is not transmitting any personal data and at the same time allow vinnie to have his versioning information (since there are enough to send them and the client would still receive them).

just an idea which might help us to get rid of this discussion ...

__________________
the GNUTELLED guy

Yeah I forgot about those

bFindFreePeers
and
bNotif*****Peers

(I think)

One of them supresses the version messages (i.e. doesn't send it out). This was needed for me during development, so I can test a new version on the public network without having everyone get the message.

Unfortunately, I might have deleted the code that actually checks these variables (this is certainly true in Defender, which has a different opaque message format). I'm not sure though, you should try it and find out.

you want to see spy software?

http://www.grc.com

dos attack in detail and hundreds of infected windows machines out there, good reading about how he tracked the attackers down.

this shows you why people are so upset over strange packets flying around.