SoylentNews is people
SoylentNews
from the where-will-they-store-the-source-code? dept.
Chris Ball, about whom I know very little, gave a talk to the Data Terra Nemo conference on 23/24 May in Berlin. From the conference site, I gathered the following: "Data Terra Nemo is a technical conference for discussing the ideas behind systems and protocols without centralized ownership and how they impact the landscape of the Internet".
Chris gave a presentation regarding a decentralized git repository which he has dubbed 'GitTorrent'. His notes, which he describes as an 'aspirational transcript' of the talk, take the story up:
Why a decentralized GitHub?
First, the practical reasons: GitHub might become untrustworthy, get hacked — or get DDOS'd by China, as happened while I was working on this project! I know GitHub seems to be doing many things right at the moment, but there often comes a point at which companies that have raised $100M in Venture Capital funding start making decisions that their users would strongly prefer them not to.
There are philosophical reasons, too: GitHub is closed source, so we can't make it better ourselves. Mako Hill has an essay called Free Software Needs Free Tools, which describes the problems with depending on proprietary software to produce free software, and I think he's right. To look at it another way: the experience of our collaboration around open source projects is currently being defined by the unmodifiable tools that GitHub has decided that we should use.
So that's the practical and philosophical, and I guess I'll call the third reason the "ironical". It is a massive irony to move from many servers running the CVS and Subversion protocols, to a single centralized server speaking the decentralized Git protocol. Google Code announced its shutdown a few months ago, and their rationale was explicitly along the lines of "everyone's using GitHub anyway, so we don't need to exist anymore". We're quickly heading towards a single central service for all of the world's source code.
So, especially at this conference, I expect you'll agree with me that this level of centralization is unwise.
The talk continues in the first link at the start of this summary.
Original Submission
(Score: 3, Interesting) by KGIII on Sunday May 31 2015, @03:21AM
I think that this would go a long ways towards stopping (or hindering) actions such as those done by Dice to the GIMP for Windows product. That kind of behavior is becoming all too common and an open, distributed, standardized (Is there a .torrent standard? I seem to recall reading something about a proposed standard for .magnet links, I have not followed up on learning more about either though.) so something like this should be beneficial.
When you place something online, at a third party site, you have lost control of it. As this would make the content distributed I have to wonder how well it will do syncing if you change a file. I really do not know... If you have a revision but not a new version then? I do not see how that would propagate. I think that, really, is my only concern except that someone may choose to poison their local file in hopes of sending it upstream but that seems unlikely and what things like the MD5 checksum prevent.
Actually, how about authentication? How will torrent know who is authorized to send a revision upstream? How will it prevent unauthorized access? It seems potentially rife for man-in-the-middle attacks depending on the authentication method.
"So long and thanks for all the fish."
(Score: 2) by MichaelDavidCrawford on Sunday May 31 2015, @03:50AM
I don't know much about it so I don't want to steer you wrong by providing incomplete information.
I came across it while exploring a hidden wiki; I don't recall where it was.
Yes I Have No Bananas. [gofundme.com]
(Score: 1) by KGIII on Sunday May 31 2015, @04:39AM
My understanding is that the onion networks are terrible for downloading medium to large files. I have personally witnessed this and my experience support the statements but I, too, am no expert with this technology. The additional is likely true in that attempting to torrent over an onion network is neigh impossible, slows others down as well s yourself, and is generally a bad idea because the traffic is run through multiple loads and latency is very high so packet checking and throttling are difficult. I am not sure how anonymous traffic would benefit/solve the first few issues that I mentioned.
I think that this is a great idea, in theory, but I think the implementation may be more difficult if they want to get it right the first time. The whole authentication for modification and distributing new content concerns me. I worry about security for the developers and the potential to circumvent this which puts the consumers at risk. If they get it wrong at the start they enter the defeatist circle that is without security they will gain fewer developers and without developers they will gain fewer users to distribute to. That would negate the entire purpose.
I also wonder about the 'complexity.' You, the other members here, and I are all familiar with downloading torrents and getting an application installed to do so. We may even have a torrent client on our microwave even. The vast majority of internet traffic is consumers. These people do not know anything. They know nothing about FTP. They know nothing about alternative browsers. They know nothing about computer security. They know nothing about their operating system. In all the cases I just listed it is a near certainty that they know less than nothing about torrents or onion networks. This is a barrier to entry...
Maybe HTML 5.1 will find a way to bind sockets and providing a website will be doable? Maybe a simple Java client can grab the URL and do the work (overhead is less an issue now)? This is, unfortunately, going to create a user class of leechers, this is not what the torrent networks are for. Hell, that is the antithesis of torrents... How will one remove a defective or malware afflicted file? Will one be required to visit the developer's site or the official GitTorrent site? Can third parties index them? How about if they include links to virus infected or backdoored files that mimic the file name and structure?
I could go on... I think the idea is great but it is along the lines of cold fusion unless I am missing something. I could easily be missing something. I am not infallible, I do not even possess the ego to pretend I am error free.
"So long and thanks for all the fish."
(Score: 3, Interesting) by MichaelDavidCrawford on Sunday May 31 2015, @05:04AM
the main problem I've experienced is that some file share sites limit the rate at which any client IP may download new files. That makes sense if some freeloader is downloading directly - not with tor - but breaks down if a lot of clients are going through a proxy.
There aren't that many exit nodes, so quite commonly I either have to wait a long time or I'm not permitted to download at all. Sometimes I can work around it by using Tor's "New Identity" feature, which gives me a new exit node but it doesn't always work.
The most straightforward way to fix it would be to create lots more exit nodes but getting that to actually happen is problematic.
Once I am able to start a download, in my experience the transfer rate is reasonable.
Yes I Have No Bananas. [gofundme.com]
(Score: 1) by KGIII on Monday June 01 2015, @05:47AM
I can only speak for myself and have not torrented over it as it was advised not to. The files I downloaded were very slow. Now that I think about it, it may have been because the onion network via Tor was rather new at the time and changes may well have been made and the popularity has certainly increased. I will install the pirate browser bundle and give it a new run.
"So long and thanks for all the fish."
(Score: 4, Insightful) by janrinok on Sunday May 31 2015, @07:09AM
But perhaps those people are not the target use case? We know about western states wanting to break encryption standards to give them access to anything they want, we know that shutting down those who refuse to play ball with government requests is not something that some nations will think twice about. So the value of this system might be that those who are bright enough to be writing the next clever piece of code are more than capable of using both Git and torrents, and they will benefit because their source code cannot magically disappear or become worthless because of the possibility that the only source is contaminated. If a TLA wants to control the source code, they will have to be able to control each and every distributed git repository because, if they don't, they cannot be sure that they 'control' anything. They haven't managed to do that with other torrents, have they?
End users don't need to know about torrents - they can install packages or programs the same way that they have always done so. Whether those packages are secure or not will not change - but the end user who doesn't know enough to to use torrents probably doesn't care about security of the packages. As long as they can access emails, create and watch videos, and publish cat photographs they will be happy. But those who have decided that there might be a better way than having a society with no privacy whatsoever can have more faith that any code that they produce will exist in so many places it would be hard for a TLA to exert total control. This is not a perfect solution, but perhaps it is a step in the right direction?
(Score: 1) by KGIII on Monday June 01 2015, @05:42AM
That may work to some extent (I would still worry about security and things like authentication as well as replication and versioning) but it appeared that the intent was for end-users... Hmm... I like the way you are headed with this line of thinking though. I will ponder it and see what I come up with. I wonder if a more traditional P2P may be the solution? I will ponder.
"So long and thanks for all the fish."
(Score: 2) by Yog-Yogguth on Sunday June 14 2015, @05:02PM
I'm only reading this now because I'm trying to catch up but BitTorrent (the name of the protocol using .torrent files) is better than “a standard”: it's a protocol and has a specification which is in the public domain (when I say that protocols are better than standards I'm kind of joking, don't worry if you didn't find it funny) :)
Here's an example [bittorrent.org] of the protocol specification that might be outdated (taken from the Wikipedia entry [wikipedia.org]).
I don't know anything about GitTorrent (I only started reading the comments here first) so I can't answer anything about that, I'd like to know (a lot) more just like you.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))