One question about encrypted packets I posted this question deep in another thread here, but I think it deserves it's own. Perhaps someone will actually answer it. I really have only one big question about the so-called "spy packets" which Vinnie has not seen fit to properly explain. Perhaps someone will be able to respond in an adult manner and satisfy my concerns. Why are these data packets necessary at all? I understand that they are used to trigger the update notice that Bearshare displays when a new version is available. But the question is, why has Vinnie felt it necessary to munge the Gnutella Protocol to accomplish this? Why can't users simply check for themselves at the Bearshare site to see if a new version is available. This is the way it is done most everywhere else. Or at the very least make this an option that the user can choose and approve or disapprove, like Symantec does when it *ASKS* it's users if they would *LIKE* to install Liveupdate with their AntiVirus products. Or the way that Microsoft does when it *ASKS* it's users if they would like to use the automated Windows Update features. Instead, Vinnie makes modifications to the Gnutella Protocol, uses encrypted data packets, and does not ask his users if they even *WANT* to be notified about new versions. Why is its necessary to force this on the users. This question has NEVER BEEN ADDRESSED. Does anyone have an answer to it? Certainly anyone should be able to understand the reason many are concerned about this. There is a tremendous potential for abuse in the use of these encrypted packets. We are told that they are harmless, but how can we be SURE that they are harmless? We are expected to take Vinnie's word for this. But unfortuantely Vinnie has not done much here recently to bolster his credibility. So ... anyone have an answer to this simple question? |
so, he HAS told everyone why they are there.... You just don't like his answer. I don't know what to say to that.... I'm satisfied with it! I keep hearing " it wasn't PROPERLY explained" What is it you guys are looking for? An admission of guilt? At this point, that's all that's gonna calm this witch hunt.... I'm not sure what else to say.... Oh yeah! Please don't compare BS and it's ONE programmer to multi-million dollar companies like Microsoft and Symantec.... That's not even fair.... man you guys are diggin'....... |
My Fault Its all my fault. I misinterpreted these people's originally postings as a desire to have questions answered. Unfortunately, despite repeated explanations, these accusations still linger. Which means they were interested less in information, and more in stirring ****. |
Re: My Fault Quote:
Yes, you have explained the function of the encrypted packets. Yes, you have eplained why they are encrypted. What you have not done is to answer why you have chosen this method of notification, which by modifying the Open Protocol itself is monumentally complicated and holds tremendous potential for abuse. And now you come in here with your little sock puppets and again evade and obfuscate a simple question. It just sounds more and more like you have something to hide. Why don't you answer the question? |
One More Thing Oh, and by the way, I have posted this same question on BearshareNet and the answers there have been more intelligent and adult than any you have ever given. It's a rather interesting discussion actually. That discussion can be found at: http://www.bearshare.net/htdocs/dcfo...mID26/246.html - "A question about the encrypted packets". Of course I felt it necessary to post under a different nickname since Vinnie has threatened to remove any post I make at BearshareNet. Hopefully he will allow the discussion there to flourish without censorship. I will of course be reporting any censorship of that discussion in this forum, you can be sure. |
The Light! Hmm...I think I finally get it now! Unfortunately, both the manner in which the question was asked, and the relentless repetition of the question in a confrontational way despite its having been answered, prevented you from getting the information you wanted. Three simple reasons - 1) ToadNode was already doing something almost identical, and I had noticed my inability to decipher their version number, so I figured it was something useful and did it roughly the same way. 2) Some basics of Defender functionality were actually already implemented before the first release of BearShare. I planned on using this "opaque" query to hold tons more data including the IP address of the server and its password hash if it was a private server. Unfortunately, broadcasting the information in a query instead of just sending it in the reply had disasterous effects on bandwidth utilization throughout the network, so I had to come up with a different scheme. However, for legacy reasons the method used to encode the message cannot change without some major reworking. 3) I wanted to do my best to prevent other servents from masquerading as BearShare servents. The method used to protect the version number is strong enough that it resists any attack, except those which would violate the license agreement (reverse engineering). There is nothing that can be done about reverse engineering, but this still prevents a commercial interest from taking advantage of my hard work. Hey, I'm just one guy I gotta watch my own back! |
Re: One More Thing >Of course I felt it necessary to post under a different nickname >since Vinnie has threatened to remove any post I make at >BearshareNet. Feel free to do so as long as you refrain from trolling. "bodhi" however is still banned - that name will be a blight for many weeks. |
Re: The Light! Quote:
Quote:
|
Re: Re: One More Thing Quote:
...and are you saying here that you still intend to censor anyone who posts under the nickname of Bodhi, including me? How childish! |
Fix it Originally posted by Vinnie: >the method used to encode the message cannot >change without some major reworking. Then you might want to get off these forums and get with it. You are playing catch up - try to do damage control instead of fixing the privacy and trust VIOLATION. The packets are causing problems with packets in other languages, get rid of it! You don't need it and you have several real good suggestions on your forums for ways to do it the right way, unless you deleted those already. >I wanted to do my best to prevent other servents from masquerading as BearShare servents This was already covered, the answer sucks because this isn't the way to do what you want. Go back and read previous messages. Stop trying to cover up a big no no and fix it please. As soon as you say its fixed in a new version, this will all stop. Till then you are messing with peoples privacy and trust and deserve all you get. Bodhi, just post here, why give his forums any appearance of being a good place for open discussion? |
Re: The Light! Quote:
Now, I'm not a lawyer, but If I remember correctly, clean-room reverse engineering used purely to allow compatability and interoperabilty is considered legal pretty much everywhere. Even the post-DMCA US. |
Yes Yes clean room engineering is condoned however due to the implementation this would require breaking an extremely strong encryption cipher. Not possible or practical without inspecting machine language code. |
a way to solve the "problem"? hi all you out there, i have been following a couple of these discussions going on out there with interest (although often more rant than discussion, but ...). there is this option in BearShare - think it's only in the file and not in the gui - to turn of the notifications. wouldn't this stop the client from sending these encrypted packets? i mean, this would ensure you (the user) is not transmitting any personal data and at the same time allow vinnie to have his versioning information (since there are enough to send them and the client would still receive them). just an idea which might help us to get rid of this discussion ... |
wow Yeah I forgot about those bFindFreePeers and bNotif*****Peers (I think) One of them supresses the version messages (i.e. doesn't send it out). This was needed for me during development, so I can test a new version on the public network without having everyone get the message. Unfortunately, I might have deleted the code that actually checks these variables (this is certainly true in Defender, which has a different opaque message format). I'm not sure though, you should try it and find out. |
spy software you want to see spy software? http://www.grc.com dos attack in detail and hundreds of infected windows machines out there, good reading about how he tracked the attackers down. this shows you why people are so upset over strange packets flying around. |
maybe good to include it again?!? vinnie, maybe it would be a good idea to include a similar option in defender also/again? all these guys having doubts would have noting to rant about then anymore ... |
Not an option I can't do that. Defender brings with it a major logistics nightmare when extended protocol messages have their format changed. And, the issue of supporting multiple languages demands a robust 'product identifier' capable of distinguishing the OEM ID (for branded versions i.e. "LycosShare"), build number, alpha/beta/release status, and version number. However, these messages have their TTL set to 1 now so it is strictly a servent to servent exchange. |
what a pitty it really is, because it means the rant will go on :( i guess it's also from your perspective, because it will be (and is already) a reason for users to change to other clients - at least when they become reliable and user friendly as bearshare is now. btw i would be interested in getting to know your intention behind your (good) work. do you make money with the add stuff? is that your plan for the future also? i mean, since the installer allows to opt-out (good!), i think no one will install them anymore, will they? or do you plan to sell future versions without having downloadable free versions? or if it's not really about money, so why don't you make it open source? this would allow investigation for any suspicious guys and development also for other platforms etc. and you would still be the hero that created it (and manages the developement)?!? no one can take this title off you :) just a thought ... |
Bodhi.....get a Life. |
Re: Not an option ---- Mind reading device ACTIVATED..... Originally posted by Vinnie: >I can't do that. I won't do that. >Defender brings with it a major logistics nightmare when extended protocol messages have their format changed. Defender is my attempt to wipe out all the other clients, so I need to do it my way. It's not that I couldn't let all the other gnutella developers know what my proprietary "I thought of it first so its mine, mine, mine" messages are, since I am using their network to try to make a buck, but I never was good at sharing my toys with others. Hope no one finds out. >And, the issue of supporting multiple languages demands a robust 'product identifier' capable of distinguishing the OEM ID (for branded versions i.e. "LycosShare"), build number, alpha/beta/release status, and version number. I hope that baffles them enough to just leave me alone. I have no clue what I just said. Hope they don't catch on. I've got to get back to thinking up more control packet stuff, I love this sneaky stuff.... >However, these messages have their TTL set to 1 now so it is strictly a servent to servent exchange. I will set it back later because I know this won't work to my satisfaction, damn I'm sneaky! ----- Mind reader DISENGAGED |
Maybe I shouldn't say this but I'm going to anyway..... Gagme... go phuck yourself. |
So sad, but true humand behaviour. It is called GREED. Don't you people get it? We all need to make money. Vinnie does not want to give you the choice to not have his creation Bearshare (which must have taken a lot of time to develop) not phone home, with whatever information he thinks he, his present or his future sponsors want. Yes, Bearshare is a bloody good Gnutella net client. A lot of people like it, a lot more like to use it more often, but are scared. But nobody would want to pay any or much money for it, would you??? I wouldn't. So stop bugging him. Bodhi, he cannot answer your (very well written) question, about the choice of update. He doesn't want it, but cannot publicly say it. It would be so easy to do. Normal business tactics, keep them talking and discussing but also keep your customers using your goods. JD PS: Is it maybe possible to have a firewall block Bearshare sending these packets to this 'certain address'??? (ATGuard is flexible enough to possibly do this). |
firewall would need inspection you asked if it is possible to block this using a firewall? sure, everything is possible ;) any "desktop-firewall" will not be enough though, as these packets are send to all other bearshare clients you connect to (i suppose), thus blocking all of them would deny communication at all. but you should be able to do this with a firewall looking into _each_ package (i think this is called stateful inspection then). this would require: a) you to know the common structure of these packets to set up according rules, and b) processor time - each packet needs to be inspected. so if you are willing and able to set up something like that ... well, go ahead :) |
So one silly programmer assumes that he has total control over "his" network and thinks that since he made his client now use TTL 1 that all the clients will be updated in a day or something. too bad jr. programmers don't think before they make these stupid decisions I would think a more mature programmer would know that something like this would be bad for the whole network, unless you were thinking you owned the whole network and it was all yours cause you were the dictator personality I say if a client sends even one non standard packet, then instantly block that IP for 24 hrs. Then within a day or two everyone would dump the crap and go get something not in the greed factor. Hows that for a control packet? That should control the dictator types! "I have to be one up on the competition" WHY??? COULD IT BE GREED? The other thing would be to make a simple program that blasts out zillions of copies of this packet with ttl 7 to every client so that gnutella stops and everyone blames the stupid packets and the lame author. |
Reading this posting makes me again thinking about writing an open source gnutella proxy in my free time. In the very beginning I hought about firewall solutions and maybe anti-kidporn, but now about filtering out unwanted meta stuff. I still wanna wait and see how gnutella protocoll gets improved. I hope all sides sit together and launch a new Gnutella RFC. Sorry I don't agree with the behavior " I'll take a open network protocoll and add some hidden/encypted metadata but no one else should profit or reverse engeneer it, because now it's all mine and this is my bussiness concept". Too aggresive for my taste. |
True Yeah you're right - instead of developing a good servent and implementing functionality, maybe we should have just filed for a few "busines process" patents like Gnotella / Petapeer and then wait for someone to accidentally infringe it so we could file a law suit. |
Yeah, you are right what you are doing, it is a very nice servant. It is the way how you do which I don't agree with. OR maybe it's really my personal problem. I'm a freelance programmer and maybe I should stop spending free time for bearshare, no further improvement suggestions or helping in forums (e.g. german Bearshare forum)... instead put my focus into a open source gnutella servant and further protocol development. If there is a preffered way I can help Bearshare, let me know. I hope you find a good business concept! |
All times are GMT -7. The time now is 11:01 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.