From owner-freebsd-stable@FreeBSD.ORG  Tue Dec 18 23:01:43 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 751E89D5
 for <stable@freebsd.org>; Tue, 18 Dec 2012 23:01:43 +0000 (UTC)
 (envelope-from peter@wemm.org)
Received: from mail-vc0-f171.google.com (mail-vc0-f171.google.com
 [209.85.220.171])
 by mx1.freebsd.org (Postfix) with ESMTP id 178648FC17
 for <stable@freebsd.org>; Tue, 18 Dec 2012 23:01:41 +0000 (UTC)
Received: by mail-vc0-f171.google.com with SMTP id n11so1585492vch.16
 for <stable@freebsd.org>; Tue, 18 Dec 2012 15:01:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=google;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=gr6Bxx3zgnf8f7ibCYm0/naH4VdvOgX5pbXT3qsNDKg=;
 b=DoVc6bEx5j2tIUqvhe+RSCPdnsPbC9eK8cWbD8wnVwo7ugdNMOq/D4T9kNJ4wsYl2Q
 zUSkxrX51ZgTJUyAmK4pLWxkIx/0fWkRdVKApaez9A7ogO8lkfzcSniUky3BQJ2jl3r7
 52UnQtsEZFrEbyJLiqgyuQPzVxSxKI7mx3zZw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type:x-gm-message-state;
 bh=gr6Bxx3zgnf8f7ibCYm0/naH4VdvOgX5pbXT3qsNDKg=;
 b=HPiWsiOOxklGD6BKrvsqrwUZc2SK2NdOP1b3K0X48yRECljuwGnyhoU6yp2P8N42MV
 K0GJXni2O366c5dapCsYflSTzmJFAt20r7uOU6jK9EKFpKSK+HvfYx2SbXSSynD6AcvR
 Y4Hv7inoNOpS+rOVUEzakIf7j7MYXdWbCoIxsUMTX+Pe940r7D2xiqHcdwPIkViwQOKT
 n+Cbfvzv/D0Awp7MBEACQ3J02YE+APNa5PsFmuruehoC6+JvV101O164322/Kl5Z4jG4
 74aZeoQW3tKjCZDP84IWky8ynjqmHfgNVEATqyqFR32/aZM1BKxfDgmdRD2OLb9EYewm
 MaEw==
MIME-Version: 1.0
Received: by 10.52.20.108 with SMTP id m12mr5163244vde.11.1355871700399; Tue,
 18 Dec 2012 15:01:40 -0800 (PST)
Received: by 10.220.38.71 with HTTP; Tue, 18 Dec 2012 15:01:40 -0800 (PST)
In-Reply-To: <CADLo838e0YMe-1CrPBEYJySpq2oXADvO1qN2HS80y-5W1590kQ@mail.gmail.com>
References: <50D0308A.9000200@digiware.nl>
 <CAF6rxg=s23H5k-Hwzg=aj_--ju4vuA2sC35W=3fZgoiCr2mQdA@mail.gmail.com>
 <CADLo838e0YMe-1CrPBEYJySpq2oXADvO1qN2HS80y-5W1590kQ@mail.gmail.com>
Date: Tue, 18 Dec 2012 15:01:40 -0800
Message-ID: <CAGE5yCove76TQqcN98GDv7Q0YTPj=OruG4JPfjas8TvZ=7oh7A@mail.gmail.com>
Subject: Re: No more torrents.....
From: Peter Wemm <peter@wemm.org>
To: Chris Rees <utisoft@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQkvNPLaNIDq18UGKBqgSxuzSkqa6cdQFTr9/p+gH0jeo5N8e6q28jgkX2Lu2z5XsVNbU8FA
Cc: Eitan Adler <lists@eitanadler.com>, stable@freebsd.org,
 Willem Jan Withagen <wjw@digiware.nl>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2012 23:01:43 -0000

On Tue, Dec 18, 2012 at 11:52 AM, Chris Rees <utisoft@gmail.com> wrote:
> On 18 Dec 2012 19:44, "Eitan Adler" <lists@eitanadler.com> wrote:
>>
>> On 18 December 2012 03:59, Willem Jan Withagen <wjw@digiware.nl> wrote:
>>
>> > So what is the reason for this?
>>
>> The software used to seed the torrents was horribly insecure.   This
>> was found *prior* to the security incident.
>
> What software?

A hybrid of bnbt, xbnbt, xbtt, and something else that I don't recall
the name of.  We ran the seeders from py-bittornado in curses mode in
about 15 screen sessions.. by hand.

The tracker/indexer code had an open http connect proxy in it (!).
The code was particularly difficult to work with and looked extremely
light for defensive programming.  (string buffer overflows, the
works).

The bottom line is the nice indexer / tracker / stats thing we had
isn't something I feel we can trust.

I do believe we can/should publish trackerless/dht torrent files to go
with the release binaries.

Perhaps an initial web-seed might work, otherwise we could have a few
folks with good ftp connectivity do an initial seed from the ftp
files.

Another option is a no-frills tracker (eg: no gui).

So, the old way:
xbnbt + xbtt + bnbt provided a tracker, an index, downloads of the
.torrent files.
via screen, we ran a farm of py-bittornado (which particpated in
utorrent-compatible pex/dht)
very high maintenence and magic.

New way:
www.freebsd.org: provides an index and downloads of the .torrent files
if required, a no-frills tracker.
as required, run py-bittornado for a week or so, and/or well connected
folks preload their clients via ftp.


-- 
Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV
"All of this is for nothing if we don't go to the stars" - JMS/B5
"If Java had true garbage collection, most programs would delete
themselves upon execution." -- Robert Sewell