Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Dec 2012 15:01:40 -0800
From:      Peter Wemm <peter@wemm.org>
To:        Chris Rees <utisoft@gmail.com>
Cc:        Eitan Adler <lists@eitanadler.com>, stable@freebsd.org, Willem Jan Withagen <wjw@digiware.nl>
Subject:   Re: No more torrents.....
Message-ID:  <CAGE5yCove76TQqcN98GDv7Q0YTPj=OruG4JPfjas8TvZ=7oh7A@mail.gmail.com>
In-Reply-To: <CADLo838e0YMe-1CrPBEYJySpq2oXADvO1qN2HS80y-5W1590kQ@mail.gmail.com>
References:  <50D0308A.9000200@digiware.nl> <CAF6rxg=s23H5k-Hwzg=aj_--ju4vuA2sC35W=3fZgoiCr2mQdA@mail.gmail.com> <CADLo838e0YMe-1CrPBEYJySpq2oXADvO1qN2HS80y-5W1590kQ@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 18, 2012 at 11:52 AM, Chris Rees <utisoft@gmail.com> wrote:
> On 18 Dec 2012 19:44, "Eitan Adler" <lists@eitanadler.com> wrote:
>>
>> On 18 December 2012 03:59, Willem Jan Withagen <wjw@digiware.nl> wrote:
>>
>> > So what is the reason for this?
>>
>> The software used to seed the torrents was horribly insecure.   This
>> was found *prior* to the security incident.
>
> What software?

A hybrid of bnbt, xbnbt, xbtt, and something else that I don't recall
the name of.  We ran the seeders from py-bittornado in curses mode in
about 15 screen sessions.. by hand.

The tracker/indexer code had an open http connect proxy in it (!).
The code was particularly difficult to work with and looked extremely
light for defensive programming.  (string buffer overflows, the
works).

The bottom line is the nice indexer / tracker / stats thing we had
isn't something I feel we can trust.

I do believe we can/should publish trackerless/dht torrent files to go
with the release binaries.

Perhaps an initial web-seed might work, otherwise we could have a few
folks with good ftp connectivity do an initial seed from the ftp
files.

Another option is a no-frills tracker (eg: no gui).

So, the old way:
xbnbt + xbtt + bnbt provided a tracker, an index, downloads of the
.torrent files.
via screen, we ran a farm of py-bittornado (which particpated in
utorrent-compatible pex/dht)
very high maintenence and magic.

New way:
www.freebsd.org: provides an index and downloads of the .torrent files
if required, a no-frills tracker.
as required, run py-bittornado for a week or so, and/or well connected
folks preload their clients via ftp.


-- 
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGE5yCove76TQqcN98GDv7Q0YTPj=OruG4JPfjas8TvZ=7oh7A>