Thread: *Spy Packets found NOT Onflow or Savenow 2.2.4
View Single Post
  #17 (permalink)  
Old May 28th, 2001
Wonko Wonko is offline
Novicius
  
Join Date: May 25th, 2001
Posts: 4
Wonko is flying high
Default Re: You have to trust someone
Originally posted by Unregistered
>WE DON'T KNOW WHAT THESE PACKETS DO!

Quote:
Actually, we do. Well, sort of. We know what Vinnie says the packets do. And his explaination seems perfectly reasonable. Tell me, how would YOU handle upate notifications without encryption? Better yet, how would you do so SECURELY?
I wouldn't make them fully distributed. Either use a pre-determined central server the servent knows about (Problematic for ovbious reasons) or with public-key cryptography.

Quote:
>Now think what I could do with this information if I was a hacker
>and de-compiled the software so I could make up my own
>packets and send them out over the network! Not that hard to
>do.

The most you could do woud be to spoof a higher version number and maybe screw around with the horizon statistics. At least you would have to work to do it.
It's an issue of trust. Do you trust Vinnie? After the OnFlow faux pas, I don't.

Quote:
As for open source clients, would you examine every line of code before compiling the client yourself? Did you examine the compiler code to be sure that it's not introducing rogue instructions? Have you examined your processor's hardware to make sure that every machine instruction is executed as planned, and there isn't some "erase hard drive" instruction lurking in there somewhere? If not, you'd have to trust SOMEONE.
Of course. But I trust the open source community more than I trust Vinnie, for instance.

Quote:
And really, any of the possibilies you mentioned would spell disaster for Vinnie. Would probably get him into a whole HEAP of legal trouble as well. Would also alienate his user base. None of these would be in his self interest. You may not like his attitude, but even you would have to admit that he's not THAT much of an idiot.
He doesn't seem to care too much about alienating his current userbase. At least the part of it that actually cares about anything but the download rates. And why's that? Because that part is a) small, and b) vocal. And can cause him no end of trouble. The less attention people like that pay to BearShare, the better. What he (Like any p2p developer, actually, but that's besides the point ) is after is the Napster hordes. And they are hardly bothered by a lot of the nasty stuff he can do. Or unable to connect it with him. Or both.
Reply With Quote