Peer-to-peer file sharing protocols
Jem Berkes
do my homework for me")
I have the pleasure of working with a professor at the university who is
very interested in peer to peer networks and file sharing as a natural
evolution of the Internet.
It's clear that wide area peer to peer networks can pool network and
storage resources in an incredible way. Corporate short-sightedness
aside, anonymous networks that allow people to share their resources form
an interesting, massive content distribution network the likes of which
we have never seen before. And to me anyway, it seems natural that the
Internet be used in such a way.
I began to research the topic (beyond what I already know about
Gnutella/Gnutella2) and seemed to have found that there really are no
important public, documented protocols other than Gnutella and Freenet.
Is this correct? Are these the only two major network types?
Can we go much further? My impression is that gnutella (or gnutella2)
doesn't really properly address massive scaling or security, two major
issues. Can this field be revolutionized with some better protocol? Does
one already exist?
--
Jem Berkes
http://www.pc-tools.net/
Windows, Linux & UNIX software
David H. Lipman
the fact that virus writers *love* P2P networks. All the P2P intelectual
property theft web sites (Kazaa, Gnutella, Morpheus, etc.) have their own
parasites that spread rather rapidly amogst the peers.
David H. Lipman
Jem Berkes
Virus writers love Microsoft Outlook Express much more. Should we kill the
Outlook product because of the hazard?
True, P2P networks offer a new avenue for virus distribution. But
considering that P2P is here to stay (just like internet mail), the focus
should probably be securing the clients and ensuring diversity of clients
to minimize the risk due to one particulary implementation flaw.
David H. Lipman
Securing the protocols will not help. The user will still need AV software.
Its the "peer" concept and not the protocol that viruses utilize.
I know of no viruses that exploit a vulnerability in the application of P2P,
they directly exploit shared directories. Besides the fact that P2P networks
steal intellectual property, you never will know if a "back door" wasn't written
in to access non shared areas of a PC.
BTW: It is NOT OE that is liked by virus writers, its the address book and
included full blown Outlook.
For that reason I use Pegasus Mail.
Dave
Jem Berkes
> software. Its the "peer" concept and not the protocol that viruses
> utilize. I know of no viruses that exploit a vulnerability in the
> application of P2P, they directly exploit shared directories. Besides
> the fact that P2P networks steal intellectual property, you never will
> know if a "back door" wasn't written in to access non shared areas of
> a PC.
Yes, viruses hang out and masquerade as shared files. The client must be
vigilant (as with every other internet application... including SSH,
where the client must verify host keys).
Whether or not there are instances of P2P networks that steal
intellectual property is beside the point. Before the days of P2P people
looked for ftp sites with shared incoming directories to exchange files
with. We didn't outlaw FTP. IRC is also a hotbed for sharing of stolen
software, and we don't outlaw IRC. Do you see what I'm getting at?
> BTW: It is NOT OE that is liked by virus writers, its the address
> book and included full blown Outlook.
> For that reason I use Pegasus Mail.
I (used to) use Outlook too... now I use my own client, JBMail.
There is certainly user error involved as well (running random
attachments they receive). But there are other important flaws too that
are specific to the poor programming in Outlook: vulnerability to
embedded scripts; insufficient checks or guards against file type;
vulnerability to forged MIME types; various sorts of automatic execution.
It's not just the address book or users being stupid.
Jem Berkes
LOL, the above should read Pegasus. I used to use Pegasus too, excellent
program.
Dale R Worley
> I began to research the topic (beyond what I already know about
> Gnutella/Gnutella2) and seemed to have found that there really are no
> important public, documented protocols other than Gnutella and Freenet.
> Is this correct? Are these the only two major network types?
A recent Communications of the ACM has a number of articles on
peer-to-peer systems.
Dale
Dale Worley wor...@theworld.com
--
Or conferences like the one held at the University of British Columbia
last month, "Remaining Human in the Face of Our Growing Dependence on
Technology," where 250 visibly well-nourished philosophers,
psychologists, spiritual seekers, alternative health practitioners,
entertainers, and even a slumming scientist or two came by jet from
around the planet to agree with each other that technology is toxic,
consumerism is unnatural, computers cause alienation and loneliness,
civilization pollutes, and we're stressing the ecosystem to the
point of collapse. Oddly, not one volunteered to kill or sterilize
themselves. -- Spider Robinson, The Globe and Mail, 2001-06-08
Robert Vazan
> It's clear that wide area peer to peer networks can pool network and
> storage resources in an incredible way.
I've been configuring local web cache last weekend and got sidetracked
into thinking about cacheability. :-)
I share with you the opinion that peer2peer can be perfectly secure. If
not in any other way, one can always do centralized distribution of
file signatures and transmit files themselves through peer2peer. This can
be further optimized by distributing only public key and use it to verify
whole subhierarchy of files.
I think large-scale projects like Debian could be done much more cheaply
and without any centralized resources. Just think how copies are
distributed around the world. If radius of Earth is N, then distribution
to every computer should cost total of N*N link utilization. However,
when you use client-server protocol like HTTP, then every connection
costs on average N and distribution to N*N computers costs N*N*N link
utilization. The best thing is that while original source has costs of
N*N*N for client-server protocol, it has costs of 1 (or constant) with
peer2peer because it needs to connect only to its neighbours.
Switching to broadcasts is rather hardcore. It would be better if some
software could automatically scale between links and broadcasts by
downloading nearest copy.
The key is we are talking about "copying" which is special case of
"communication" and it deserves optimization.