Senator Diane Feinstein Wants to know about the Benefits of P2P
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology. -Henry
My two cents: When Windows XP SP2 was released the only way to get it (for those of us not part of MSDN at least) was via P2P. The same has been true for countless other large but important software releases on various platforms (particularly ones like Linux that aren't backed by huge corporations with tons of bandwidth to host these sorts of files). Point is? P2P is extremely valuable for the timely and cost-effective delivery of critical updates to the masses. -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
-Henry
I think the clear case is this: To get effective patch distribution, there needs to be some form of 'Local distribution'. I live in an area where there really are no high speed connection choices that are available for the consumer (aside from satellite). [no cable, no dsl, only dial-up]. Now, imagine a case where a machine (laptop or otherwise) that gets connected to a high speed link periodically can distribute [via home lan, or wlan] to other neighbors computers these patches that they surely will not download via dial-up. Microsoft recently frowned on using p2p for this activity (imho, for a semi-good reason, if they make a minor change to the patch set which then breaks less peoples computers, it's in their interest to do so, and without really telling people there was a change, just the checksum and other technical details may change). This way people get the latest updates.. but for Joe average user in my vicinity, it's not really possible to obtain these large patches without being forced to download them for hours and hours over 26.4k dial-up.. This plus the ability for the patches to be shared (possibly automatically) to other users via a home/wireless lan to reduce having to download 3-4 copies if you have 3-4 machines at home would be ideal. No need to download hundreds of megs that are dupes. Basically: p2p as a caching media, i go to the local hotspot, download the patch and make it available to others that are 'local' to me so they don't have to go through a painful process of downloading it themselves at low speeds, or bother with the ordering process on the website. - jared On Mon, Aug 30, 2004 at 02:43:49PM -0400, Jeff Wheeler wrote:
My two cents: When Windows XP SP2 was released the only way to get it (for those of us not part of MSDN at least) was via P2P. The same has been true for countless other large but important software releases on various platforms (particularly ones like Linux that aren't backed by huge corporations with tons of bandwidth to host these sorts of files).
Point is? P2P is extremely valuable for the timely and cost-effective delivery of critical updates to the masses.
-- Jeff Wheeler Postmaster, Network Admin US Institute of Peace
On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
-Henry
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
You know, I'm not even sure why it is necessary for us to argue the case for P2P - I see it's primary beneficiary as content providers (the people that make the ISOs, movie trailers, etc... that take advantage of technologies like BitTorrent) - why haven't any of these people stepped up to lobby P2P's benefits? (or if they have, maybe someone can point Henry at these lobbyists?) -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Aug 30, 2004, at 2:56 PM, Jared Mauch wrote:
<SNIP>
On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
-Henry
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. -- Byron L. Hicks Network Engineer NMSU ICT On 8/30/04 12:43 PM, "Jeff Wheeler" <jwheeler@usip.org> wrote:
My two cents: When Windows XP SP2 was released the only way to get it (for those of us not part of MSDN at least) was via P2P. The same has been true for countless other large but important software releases on various platforms (particularly ones like Linux that aren't backed by huge corporations with tons of bandwidth to host these sorts of files).
Point is? P2P is extremely valuable for the timely and cost-effective delivery of critical updates to the masses.
-- Jeff Wheeler Postmaster, Network Admin US Institute of Peace
On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
-Henry
Byron L. Hicks wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P.
How is the p2p checksum different from any other checksum on the file? Pete
On Mon, 30 Aug 2004, Petri Helenius wrote:
Byron L. Hicks wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. How is the p2p checksum different from any other checksum on the file?
the cynic in me says that the senator is looking for our arguments in favor of p2p, so that she knows exactly how to argue against us and exactly how to write a bill to hurt us the most. recall that feinstein is one of the loudest anti-p2p legislators. i am not sure anyone should be helping her. -Dan
On Mon, 30 Aug 2004, Dan Hollis wrote:
On Mon, 30 Aug 2004, Petri Helenius wrote:
Byron L. Hicks wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. How is the p2p checksum different from any other checksum on the file?
the cynic in me says that the senator is looking for our arguments in favor of p2p, so that she knows exactly how to argue against us and exactly how to write a bill to hurt us the most.
recall that feinstein is one of the loudest anti-p2p legislators.
i am not sure anyone should be helping her.
because legislating in the 'USA' something that is clearly 'global' has worked so well? politicians looking to get: 1) votes 2) 'political bang for the buck' 3) useless hot air blown up someone's rear really need to stop trying to legislate behaviour in places they can't touch... To repeat: "If you make <currently legal Internet thing> illegal in the US, I'll just move my <currently legal Internet thing> OUTSIDE the US Borders and give you the middle finger as a salute." that seems to 'work' well enough: 1) spam 2) hacking 3) Child Porn 4) drug sales 5) p2p network 'stuff' (kazaa was built by some corporation out of christmas island ?? or was that another of the P2P products?) -Chris
<quote who="Byron L. Hicks">
In fact, I would be very reluctant to trust a Windows update downloaded via P2P.
why? Not only were there many sources all showing the same MD5 hash (and for the time being, we can still trust MD5...) BUT it was also digitally signed by Microsoft which was easily verifiable. Then again, I would be reluctant to install it because I have no idea how my debian system would respond... :) -david ---------------------------------------------------- David A. Ulevitch - Founder, EveryDNS.Net http://david.ulevitch.com -- http://everydns.net ----------------------------------------------------
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P.
Have you heard of MD5 sum ? -- James H. Edwards Routing and Security Administrator At the Santa Fe Office: Internet at Cyber Mesa jamesh@cybermesa.com noc@cybermesa.com (505) 795-7101
On Mon, 30 Aug 2004, james edwards wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. Have you heard of MD5 sum ?
yep md5 made the news recently because it's been cracked: http://techrepublic.com.com/5100-22-5314533.html http://www.rtfm.com/movabletype/archives/2004_08.html#001055 -Dan
Thats SHA0. Still a checksum is a checksum, cracked or not. ----- Original Message ----- From: "Dan Hollis" <goemon@anime.net> To: "james edwards" <hackerwacker@cybermesa.com> Cc: "Byron L. Hicks" <bhicks@nmsu.edu>; "Jeff Wheeler" <jwheeler@usip.org>; "Henry Linneweh" <hrlinneweh@sbcglobal.net>; <nanog@merit.edu> Sent: Monday, August 30, 2004 2:12 PM Subject: Re: Senator Diane Feinstein Wants to know about the Benefits of P2P
On Mon, 30 Aug 2004, james edwards wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. Have you heard of MD5 sum ?
yep md5 made the news recently because it's been cracked:
http://techrepublic.com.com/5100-22-5314533.html http://www.rtfm.com/movabletype/archives/2004_08.html#001055
-Dan
At 04:12 PM 30/08/2004, Dan Hollis wrote:
yep md5 made the news recently because it's been cracked:
http://techrepublic.com.com/5100-22-5314533.html http://www.rtfm.com/movabletype/archives/2004_08.html#001055
Thats a misleading over simplification. A collision being found implies something different than "its cracked." A weakness that was theorized sometime ago has been demonstrated in practice. Finding collisions and altering files in a useful way to produce a duplicate hash are different things. There are FAR bigger security concerns than this one right now IMHO. I recall even seeing posts about people claiming this meant original data being reconstructed from the checksum! That would be truly amazing since I could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow! ---Mike ---Mike
On Mon, 30 Aug 2004, Mike Tancsa wrote:
I recall even seeing posts about people claiming this meant original data being reconstructed from the checksum! That would be truly amazing since I could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow!
Technically, using an Infinate Monkeys approach, you could rebuild the ISO by generating the expentially huge quantity of all possible data and check them and find the one that matches the ISO. Not practical but possible. As far as the P2P thing goes, framing is a free speach argument is probably not a bad way to start. For example, the guy from bikesagainstbush.com was arrested over the weekend (while being interviewed on MSNBC) and video of the arrest from a 3rd party was available on BT within minutes. A method like P2P (and BT's swarming in particular) allowed this file to spread without overtaxing the bandwidth of the person or organization distributing it. Frankly, in a day when news organizations are forced to think about any negative impacts of their reporting on their parent corp's agenda, this is a must have tech. -S
At 05:10 PM 30/08/2004, Scott Call wrote:
On Mon, 30 Aug 2004, Mike Tancsa wrote:
I recall even seeing posts about people claiming this meant original data being reconstructed from the checksum! That would be truly amazing since I could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow!
Technically, using an Infinate Monkeys approach, you could rebuild the ISO by generating the expentially huge quantity of all possible data and check them and find the one that matches the ISO.
Reminds me of Wyle E. Coyote. Instead of getting a damn shotgun and just shooting the road runner, he gets the ACME MD5 hash-collision-o-tron to concoct some possible but improbable scheme involving RR'.... ---Mike
Scott Call wrote:
On Mon, 30 Aug 2004, Mike Tancsa wrote:
I recall even seeing posts about people claiming this meant original data being reconstructed from the checksum! That would be truly amazing since I could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow!
Technically, using an Infinate Monkeys approach, you could rebuild the ISO by generating the expentially huge quantity of all possible data and check them and find the one that matches the ISO.
Not practical but possible.
Not possible. There are, theoretically, many 680 MB ISOs that have that hash. That you produce _a_ 680 MB ISO that has that hash does not mean that you have _the_ particular 680 MB ISO that produced it. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387
While I agree with everything you said, Scott, I think that is exactly the kind of application that Feinstein is looking to quash. Her agenda has been very pro-corporate control anti-free speech, anti-individual since she took office. The only thing she seems more opposed to is anyone besides her getting a gun. Owen --On Monday, August 30, 2004 2:10 PM -0700 Scott Call <scall@devolution.com> wrote:
On Mon, 30 Aug 2004, Mike Tancsa wrote:
I recall even seeing posts about people claiming this meant original data being reconstructed from the checksum! That would be truly amazing since I could reconstruct a 680MB ISO from just 61d38fad42b4037970338636b5e72e5a. Wow!
Technically, using an Infinate Monkeys approach, you could rebuild the ISO by generating the expentially huge quantity of all possible data and check them and find the one that matches the ISO.
Not practical but possible.
As far as the P2P thing goes, framing is a free speech argument is probably not a bad way to start. For example, the guy from bikesagainstbush.com was arrested over the weekend (while being interviewed on MSNBC) and video of the arrest from a 3rd party was available on BT within minutes.
A method like P2P (and BT's swarming in particular) allowed this file to spread without overtaxing the bandwidth of the person or organization distributing it.
Frankly, in a day when news organizations are forced to think about any negative impacts of their reporting on their parent corp's agenda, this is a must have tech.
-S
-- If it wasn't crypto-signed, it probably didn't come from me.
A method like P2P (and BT's swarming in particular) allowed this file to spread without overtaxing the bandwidth of the person or organization distributing it.
Frankly, in a day when news organizations are forced to think about any negative impacts of their reporting on their parent corp's agenda, this is a must have tech.
Speaking of which.. I wish P2P had been a little bit more organized when 9/11 happened.. Trying to watch the news online, download clips, or images for those few days following.. was nearly impossible. CNN/TimeWarner should recall that their entire cluster was destroyed and they had to move back to a simplified text only page that had nothing on it.. Likewise with Foxnews, but a little bit to a lesser extent. In the way Bittorrent works, that day would have been nothing to the normal people wanting access to the information.. In fact, to some degree, it would have been even better with the increased load to a point. If P2p was built upon a little bit, putting in protocols of trust (ala certificates/signed files, etc.) it could give F5 a run for its money and lower the cost drastically of certain network designs. </dream world>
Erik Parker wrote:
Speaking of which.. I wish P2P had been a little bit more organized when 9/11 happened.. Trying to watch the news online, download clips, or images for those few days following.. was nearly impossible. CNN/TimeWarner should recall that their entire cluster was destroyed and they had to move back to a simplified text only page that had nothing on it.. Likewise with Foxnews, but a little bit to a lesser extent.
This is an instance of the "good enough" or "best effort" phenomenan. When it works 99% or 99.9% of the time, there is hardly any incentive to make it work 99.99% of the time because the observed level of service is good enough and the next event might never come. Prepareness usually has a cost associated and unless other benefits can be realized, it's easy to just ride through the rough time.
If P2p was built upon a little bit, putting in protocols of trust (ala certificates/signed files, etc.) it could give F5 a run for its money and lower the cost drastically of certain network designs.
You don't need trust on the protocol level to disseminate information which has a verifiable source (hash). This was discussed to death just a few days ago. Pete
On Mon, 30 Aug 2004, Dan Hollis wrote:
On Mon, 30 Aug 2004, james edwards wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. Have you heard of MD5 sum ?
yep md5 made the news recently because it's been cracked:
http://techrepublic.com.com/5100-22-5314533.html http://www.rtfm.com/movabletype/archives/2004_08.html#001055
It hasn't actually but I guess the differences are to subtle some people to grasp. It is now possible to generate a collision [*] (ie two files with the same md5 hash) for a given hash. generating a file with a malicious payload that has the same hash as another file is left as an exercise to the reader. The implication of course is that it's time to switch hash Algorithms to sha-1 or sha-2(224,256,384,512), not that hash algorithms are a bad way to validate integrety of data. The other component of course is having the hash be signed in some fashion by a trusted third party, such at the package or ditribution maintainer or creator so you validate the hash then verfiy the file integrety. most linux distributions and freebsd images and macosX updates use such a scheme. * - http://eprint.iacr.org/2004/199.pdf
-Dan
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
I think you just tripped across the difference between a user and an SP. SPs don't generally have 28 KBPS dial links between them and their upstream, and folks that have 28 KBPS dial uplinks don't generally host Akamai servers. Assuming that just because you have effectively-infinite bandwidth and effectively-zero delay everyone perforce must enjoy that is a bit of a leap... This kind of a "you're different and therefore wrong" mismatch has made complete hash out of quite a variety of discussions concerning user experience and user requirements on the Internet. Please listen carefully when someone talks about having limited rate access. The assumptions that are obviously true in your (SP) world are completely irrelevant in theirs. If you want their opinions - and this opinion was explicitly requested - you have to respect them when they are offered, not just bash them as different from your experience. At 01:21 PM 08/30/04 -0600, Byron L. Hicks wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P.
-- Byron L. Hicks Network Engineer NMSU ICT
On 8/30/04 12:43 PM, "Jeff Wheeler" <jwheeler@usip.org> wrote:
My two cents: When Windows XP SP2 was released the only way to get it (for those of us not part of MSDN at least) was via P2P. The same has been true for countless other large but important software releases on various platforms (particularly ones like Linux that aren't backed by huge corporations with tons of bandwidth to host these sorts of files).
Point is? P2P is extremely valuable for the timely and cost-effective delivery of critical updates to the masses.
-- Jeff Wheeler Postmaster, Network Admin US Institute of Peace
On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
-Henry
On Mon, 30 Aug 2004, Fred Baker wrote:
This kind of a "you're different and therefore wrong" mismatch has made complete hash out of quite a variety of discussions concerning user experience and user requirements on the Internet. Please listen carefully when someone talks about having limited rate access. The assumptions that are obviously true in your (SP) world are completely irrelevant in theirs. If you want their opinions - and this opinion was explicitly requested - you have to respect them when they are offered, not just bash them as different from your experience.
I've always wondered what really makes P2P different from anything else on the Internet? From the service provider's point of view, users accessing CNN.COM is a peer-to-peer activity between the user and CNN. From the service provider's point of view, Microsoft and Akamai are peer-to-peer activities. Freedom of the press belongs to those that can afford to buy a press.
p2p is different due to its decentralization. in other words, what once required a server to do can now be done by anyone sitting in front of their home computer. it in a way revitalized the idea of every computer on the 'net being it's own host - capable of serving up whatever the user wishes to whomever wishes to view it. the problem is that while in the 'real world' this wasn't a big issue (a user giving away copies of the latest CD they bought from their front porch wasn't likely able to distribute it to too many people, and it cost them money to do it) on the 'net it is an issue (user has no noticeable costs, and the distribution is world-wide). the various industries in question have realized that controlling distribution is impossible, the only thing they can control is the content itself (thus the various copy protection mechanisms, and legislation to implement the copy-protect flag) except that breaks fair use rights of the consumer. I hate to say it, but the *AA may need to look to Microsoft's Windows/Office activation scheme for guidance - while a bit of a nuisance, it actually allows customers to make fair use of their software while protecting MS from some of the piracy issues. Not that I have any idea of MS's software activation can translate in to protection of CDs and DVDs and whatnot, but it's something to think about (it's certainly better than the current mechanisms: copy once and never again, or copy only digital files that are of a degraded quality, or only playable on certain players to prevent copying via a computer, among I'm sure many others). -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Aug 30, 2004, at 5:03 PM, Sean Donelan wrote:
On Mon, 30 Aug 2004, Fred Baker wrote:
This kind of a "you're different and therefore wrong" mismatch has made complete hash out of quite a variety of discussions concerning user experience and user requirements on the Internet. Please listen carefully when someone talks about having limited rate access. The assumptions that are obviously true in your (SP) world are completely irrelevant in theirs. If you want their opinions - and this opinion was explicitly requested - you have to respect them when they are offered, not just bash them as different from your experience.
I've always wondered what really makes P2P different from anything else on the Internet? From the service provider's point of view, users accessing CNN.COM is a peer-to-peer activity between the user and CNN. From the service provider's point of view, Microsoft and Akamai are peer-to-peer activities.
Freedom of the press belongs to those that can afford to buy a press.
On 30-aug-04, at 23:31, Jeff Wheeler wrote:
the problem is that while in the 'real world' this wasn't a big issue (a user giving away copies of the latest CD they bought from their front porch wasn't likely able to distribute it to too many people, and it cost them money to do it) on the 'net it is an issue (user has no noticeable costs, and the distribution is world-wide).
New technology only allows people to do more efficiently what they were already doing. Home copying didn't kill the content industry before and it isn't going to do it now either. People still buy books, they still go to the movies, they still buy and rent DVDs. And yes, they even buy CDs from time to time, despite the generally very low value for money. Now the content industry assumes that people will buy more if they can't get it for free. I'm sure this is true to a small degree, but most people who copy content do it because it's impossible for them to buy the content, either because it's not available or because they don't have the money, or because they find the content in question of too low value to actually buy it. (Of course "available" means NOW, people don't want to wait.) In none of these three cases making the copying impossible leads to increased sales. I think the content industry knows this very well, but they just can't stand not being in full control over their stuff. Remember, these are the same people that force you to go through their stupid DVD menus rather than being able to press "play". Without the pressure of home copying they wouldn't have any incentive at all to behave reasonably.
On Mon, 30 Aug 2004 17:31:12 -0400, Jeff Wheeler <jwheeler@usip.org> writes:
p2p is different due to its decentralization. in other words, what once required a server to do can now be done by anyone sitting in front of their home computer. it in a way revitalized the idea of every computer on the 'net being it's own host - capable of serving up whatever the user wishes to whomever wishes to view it.
P2P has other advantages. It allows a group of people to collaboratively develop or deploy a service that would have been out of reach before. (eg, an individual distributing their own knoppix image.) Thats the active research topic and there are a quite a few prototypes coming out. Quoting Professor Druschel's P2P introduction: P2P is also ideally decentralized, self-organizing, symmetric (nodes can perform any role) no infrastrucure beyond connectivitity, self-scaling, and robust. P2P allows incremental organic growth, and a very diverse distributed system with a large resource diversity (architecture, location, ownership, rule of law) increasing fault tolerance and robustness to attacks. [taken from http://www.cs.rice.edu/%7Edruschel/comp420/lectures/p2p.ppt] <offtopic Followup-To="email">
I hate to say it, but the *AA may need to look to Microsoft's Windows/Office activation scheme for guidance - while a bit of a nuisance, it actually allows customers to make fair use of their software while protecting MS from some of the piracy issues. Not that I have any idea of MS's software activation can translate in to protection of CDs and DVDs and whatnot, but it's something to think
Any service requiring activation is held hostage to the financial health and self-interest of the service provider. If the provider does not or can not continue the remote activation service, then any media becomes instantly unusable. Thus, what you buy isn't under your control. As an example, if, vinyl LP's required 'activation' to play, anyone want to take a bet whether the activation servers would still be running this 50 years later, especially when they want you to purchase new CD's? Its not like this hasn't already happened. Anyone remember Circuit City's DIVX format about 8 years ago? DIVX was a competing standard to DVD. It failed 5 years ago and when the servers were taken down 3 years ago.[1] AFAIK, all of the disc's and players disabled themselves.[2] </offtopic> Scott [1] http://zdnet.com.com/2100-11-514913.html http://www.geocities.com/TelevisionCity/Studio/8884/divx2.htm [2] ''Divx customers will be able to watch their discs until June 30, 2001 '' http://www.findarticles.com/p/articles/mi_m0FXG/is_8_12/ai_55610557
At 05:03 PM 08/30/04 -0400, Sean Donelan wrote:
I've always wondered what really makes P2P different from anything else on the Internet? From the service provider's point of view, users accessing CNN.COM is a peer-to-peer activity between the user and CNN. From the service provider's point of view, Microsoft and Akamai are peer-to-peer activities.
From an internet-layer SP viewpoint, you're absolutely correct - p2p traffic is just that, traffic. If you are an ISP that offers specific application services (for example, you market a VoIP service), you have just walked into the world that enterprise managers have lived in for quite some time. Suddenly it is not about "can the packet cross my network"; it is about "does the application I market behave as specified, and if not, what do I need to do to make it do so." At that point, you lump applications into a few buckets that you care about and one you don't, and think about their various implications. And then there is the question of an ISP or enterprise that pays by the pound for its upstream service. It needs to be able to correlate its costs with its incomes. I have had a number of ISPs approach me for solutions that will allow them to do so, either by figuring out who is originating traffic to bill and send them a bill, or figuring out who is originating traffic they can't bill for and make it be less - without completely enraging the customer and making them change providers. I have been approached by some providers who think p2p might be a service they want to offer, and therefore be able to manage, so that they can both bill for it and offer other services in a cost-effective manner. For them, it's part of the stuff they want to treat in a friendly manner... It all depends on what kind of provider you are...
Traffic patterns is one thing for sure. P2P should be lopsided the other way around. More outbound, than inbound. or at best symetric. Regular browsing is asymmetric with more inbound than outbound. Have people been tracking changes in the traffic patterns since the advent of P2P. Bora
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Sean Donelan Sent: Monday, August 30, 2004 2:04 PM To: Fred Baker Cc: Henry Linneweh; nanog@merit.edu Subject: Re: Senator Diane Feinstein Wants to know about the Benefits of P2P
This kind of a "you're different and therefore wrong" mismatch has made complete hash out of quite a variety of discussions concerning user experience and user requirements on the Internet. Please
On Mon, 30 Aug 2004, Fred Baker wrote: listen carefully
when someone talks about having limited rate access. The assumptions that are obviously true in your (SP) world are completely irrelevant in theirs. If you want their opinions - and this opinion was explicitly requested - you have to respect them when they are offered, not just bash them as different from your experience.
I've always wondered what really makes P2P different from anything else on the Internet? From the service provider's point of view, users accessing CNN.COM is a peer-to-peer activity between the user and CNN. From the service provider's point of view, Microsoft and Akamai are peer-to-peer activities.
Freedom of the press belongs to those that can afford to buy a press.
On Mon, 30 Aug 2004, Bora Akyol wrote:
Traffic patterns is one thing for sure. P2P should be lopsided the other way around. More outbound, than inbound. or at best symetric. Regular browsing is asymmetric with more inbound than outbound.
The Internet pre-dates the Web. In 1992, FTP was the biggest protocol using 45% of NSFNET backbone. There were lots of FTP mirrors around. Every Sun workstation could have a Anonymous FTP. Of course, the problem was every Sun workstation could be an Anonymous FTP :-) Usenet was number 2, using about 10% of the NSFNET backbone. E-mail, the original killer-ap, remained pretty constant throughout the changes.
Have people been tracking changes in the traffic patterns since the advent of P2P.
Depends when you decide P2P was born. People have been studying traffic on the ARPANET, NSFNET, various commercial Internet(s). Is the problem P2P? Or is the problem copyright infringement?
Sean,
There were lots of FTP mirrors around. Every Sun workstation could have a Anonymous FTP. Of course, the problem was every Sun workstation could be an Anonymous FTP :-)
... but you forgot to mention that filtering and firewalls and NAT were not in common use, hence everywhere was accessible from everywhere. P2P was all there was. Martin
I think we need to define what P2P is before we can address this. IMHO, P2P started with NAPSTER, yes before that there was WWW, gopher, ftp, files by email, bitnet, x/y/z modem, bbs (dating myself here), but the large scale bandwidth usage that is seen started with NAPSTER. P2P I would define as distributed file sharing with database like search capabilities. If you define it in this context, the bandwidth characteristics of P2P is a lot closer (but on a higher scale) than the bandwidth characteristics of a traditional web surfer. Hence, ADSL in particular and asymmetric data comm in general hamper P2P. Bora
-----Original Message----- From: Martin J. Levy [mailto:mahtin@mahtin.com] Sent: Monday, August 30, 2004 4:13 PM To: Sean Donelan Cc: Bora Akyol; nanog@merit.edu Subject: RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
Sean,
There were lots of FTP mirrors around. Every Sun workstation could have a Anonymous FTP. Of course, the problem was every Sun workstation could be an Anonymous FTP :-)
... but you forgot to mention that filtering and firewalls and NAT were not in common use, hence everywhere was accessible from everywhere. P2P was all there was.
Martin
/dcc send <nick> filename peer to peer sharing, on irc, since 1991. Napster simply implemented the IRC protocol's DCC function, with a better command set / GUI. +------------------------- + Dave Dennis + Seattle, WA + dmd@speakeasy.org + http://www.dmdennis.com +------------------------- On Mon, 30 Aug 2004, Bora Akyol wrote:
I think we need to define what P2P is before we can address this.
IMHO, P2P started with NAPSTER, yes before that there was WWW, gopher, ftp, files by email, bitnet, x/y/z modem, bbs (dating myself here), but the large scale bandwidth usage that is seen started with NAPSTER.
P2P I would define as distributed file sharing with database like search capabilities. If you define it in this context, the bandwidth characteristics of P2P is a lot closer (but on a higher scale) than the bandwidth characteristics of a traditional web surfer. Hence, ADSL in particular and asymmetric data comm in general hamper P2P.
Bora
-----Original Message----- From: Martin J. Levy [mailto:mahtin@mahtin.com] Sent: Monday, August 30, 2004 4:13 PM To: Sean Donelan Cc: Bora Akyol; nanog@merit.edu Subject: RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
Sean,
There were lots of FTP mirrors around. Every Sun workstation could have a Anonymous FTP. Of course, the problem was every Sun workstation could be an Anonymous FTP :-)
... but you forgot to mention that filtering and firewalls and NAT were not in common use, hence everywhere was accessible from everywhere. P2P was all there was.
Martin
Sorry, was it possible to search for a file from > millions of storage nodes in IRC? Bora
-----Original Message----- From: Dave Dennis [mailto:dmd@speakeasy.org] Sent: Monday, August 30, 2004 5:04 PM To: Bora Akyol Cc: 'Martin J. Levy'; 'Sean Donelan'; nanog@merit.edu Subject: RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
/dcc send <nick> filename
peer to peer sharing, on irc, since 1991.
Napster simply implemented the IRC protocol's DCC function, with a better command set / GUI.
+------------------------- + Dave Dennis + Seattle, WA + dmd@speakeasy.org + http://www.dmdennis.com +-------------------------
On Mon, 30 Aug 2004, Bora Akyol wrote:
I think we need to define what P2P is before we can address this.
IMHO, P2P started with NAPSTER, yes before that there was
WWW, gopher,
ftp, files by email, bitnet, x/y/z modem, bbs (dating myself here), but the large scale bandwidth usage that is seen started with NAPSTER.
P2P I would define as distributed file sharing with database like search capabilities. If you define it in this context, the bandwidth characteristics of P2P is a lot closer (but on a higher scale) than the bandwidth characteristics of a traditional web surfer. Hence, ADSL in particular and asymmetric data comm in general hamper P2P.
Bora
-----Original Message----- From: Martin J. Levy [mailto:mahtin@mahtin.com] Sent: Monday, August 30, 2004 4:13 PM To: Sean Donelan Cc: Bora Akyol; nanog@merit.edu Subject: RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
Sean,
There were lots of FTP mirrors around. Every Sun workstation could have a Anonymous FTP. Of course, the problem was every Sun workstation could be an Anonymous FTP :-)
... but you forgot to mention that filtering and firewalls and NAT were not in common use, hence everywhere was accessible from everywhere. P2P was all there was.
Martin
With bots that were widely available at the time, yes. +------------------------- + Dave Dennis + Seattle, WA + dmd@speakeasy.org + http://www.dmdennis.com +------------------------- On Mon, 30 Aug 2004, Bora Akyol wrote:
Sorry, was it possible to search for a file from > millions of storage nodes in IRC?
Bora
-----Original Message----- From: Dave Dennis [mailto:dmd@speakeasy.org] Sent: Monday, August 30, 2004 5:04 PM To: Bora Akyol Cc: 'Martin J. Levy'; 'Sean Donelan'; nanog@merit.edu Subject: RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
/dcc send <nick> filename
peer to peer sharing, on irc, since 1991.
Napster simply implemented the IRC protocol's DCC function, with a better command set / GUI.
+------------------------- + Dave Dennis + Seattle, WA + dmd@speakeasy.org + http://www.dmdennis.com +-------------------------
On Mon, 30 Aug 2004, Bora Akyol wrote:
I think we need to define what P2P is before we can address this.
IMHO, P2P started with NAPSTER, yes before that there was
WWW, gopher,
ftp, files by email, bitnet, x/y/z modem, bbs (dating myself here), but the large scale bandwidth usage that is seen started with NAPSTER.
P2P I would define as distributed file sharing with database like search capabilities. If you define it in this context, the bandwidth characteristics of P2P is a lot closer (but on a higher scale) than the bandwidth characteristics of a traditional web surfer. Hence, ADSL in particular and asymmetric data comm in general hamper P2P.
Bora
-----Original Message----- From: Martin J. Levy [mailto:mahtin@mahtin.com] Sent: Monday, August 30, 2004 4:13 PM To: Sean Donelan Cc: Bora Akyol; nanog@merit.edu Subject: RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
Sean,
There were lots of FTP mirrors around. Every Sun workstation could have a Anonymous FTP. Of course, the problem was every Sun workstation could be an Anonymous FTP :-)
... but you forgot to mention that filtering and firewalls and NAT were not in common use, hence everywhere was accessible from everywhere. P2P was all there was.
Martin
<quote who="Bora Akyol">
Sorry, was it possible to search for a file from > millions of storage nodes in IRC?
Yes, not that millions of storage nodes were connected... Napster was more or less a glorified version of IRC w/DCC, that's why it was centralized for searching. Anyways, we all know the biggest P2P bit movers are the routers... -davidu ---------------------------------------------------- David A. Ulevitch - Founder, EveryDNS.Net http://david.ulevitch.com -- http://everydns.net ----------------------------------------------------
Kazaa, Gnutella, ... Without getting stuck in the specifics, is there a change in usage patterns and bandwidth requirements with the current gen P2P services? If not, then Sean's point is valid/
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of David A. Ulevitch Sent: Monday, August 30, 2004 5:32 PM To: nanog@merit.edu Subject: Re: Definition of P2P (was Feinstein)
<quote who="Bora Akyol">
Sorry, was it possible to search for a file from > millions
of storage
nodes in IRC?
Yes, not that millions of storage nodes were connected...
Napster was more or less a glorified version of IRC w/DCC, that's why it was centralized for searching.
Anyways, we all know the biggest P2P bit movers are the routers...
-davidu
---------------------------------------------------- David A. Ulevitch - Founder, EveryDNS.Net http://david.ulevitch.com -- http://everydns.net ----------------------------------------------------
Bora Akyol wrote:
Kazaa, Gnutella, ...
Without getting stuck in the specifics, is there a change in usage patterns and bandwidth requirements with the current gen P2P services?
The late developments seem to favour BitTorrent at the expense of KaZaa and eDonkey, while DC/DC++ keeps it's user base. Pete
Well there is another that I have noticed as well that is JXTA, originally from SUN Micro http://www.jxta.org/ Not to be raining on anyone else's parade here -Henry --- Petri Helenius <pete@he.iki.fi> wrote:
Bora Akyol wrote:
Kazaa, Gnutella, ...
Without getting stuck in the specifics, is there a change in usage patterns and bandwidth requirements with the current gen P2P services?
The late developments seem to favour BitTorrent at the expense of KaZaa and eDonkey, while DC/DC++ keeps it's user base.
Pete
Henry Linneweh wrote:
Well there is another that I have noticed as well that is JXTA, originally from SUN Micro http://www.jxta.org/
Not to be raining on anyone else's parade here
Are you saying JXTA actually has noticeable user population? (beyond a small blip) Pete
Sorry, was it possible to search for a file from > millions of storage nodes in IRC?
You could search from what was on the node you were querying. The difference, IMO, between DCC and P2P is that P2P allows all those people who were hitting the DCC bots, to be used as more storage. In other words, you have a Network of Peers, and a system to keep track of and grow that network, rather than Peers on a Network, where there was no overall system to manage it. You're also, with Napster, talking about *one system*, rather than having to find the dccbot on irc server X.Y.Z that has your file. Of course, once the others (Kazaa, E-Donkey) got into it, you started having a few systems, and now Direct Connect is more similar to IRC than to Napster in distribution. I think "Modern P2P" has little to do with the GUI and everything to do with whether it's Peer to Peer, or Client to Peer. Rob Nelson ronelson@vt.edu
On 2004-08-30T16:33-0700, Bora Akyol wrote: ) I think we need to define what P2P is before we can address this. I don't know that such authority exists. "Peer to peer networking" has existed as a term for a lot longer than your post seems to imply. ) P2P I would define as distributed file sharing with database like search ) capabilities. If you define it in this context, the bandwidth I would be slightly more comfortable with this discussion if it used terminology other than the unqualified "P2P" or "peer to peer" for this meaning. The discussion may forever be plagued by side-discussions about meaning otherwise. -- Daniel Reed <n@ml.org> http://people.redhat.com/djr/ http://naim.n.ml.org/ There is a lot of food in a supermarket, too, but a supermarket isn't the best place to hold a dinner party. -- Christopher Faylor
Is the problem P2P? Or is the problem copyright infringement?
The problem is the U.S. Congress thinking it has control or authority to legislate anything on the Internet. At some point, the law is going to have to recognize that the Internet is an international phenomenon, and, that localized or national regulations are counterproductive. In general, I think attempts to legislate the behavior of the internet are unlikely to have much effect on it's operation other than to make certain US companies less competitive and to make certain basic activities more difficult for the average user. Owen -- If it wasn't crypto-signed, it probably didn't come from me.
Owen DeLong wrote:
In general, I think attempts to legislate the behavior of the internet are unlikely to have much effect on it's operation other than to make certain US companies less competitive and to make certain basic activities more difficult for the average user.
However, there is going to be huge market for terabit firewalls filtering content which crosses US borders. Pete
On 31-aug-04, at 13:02, Petri Helenius wrote:
In general, I think attempts to legislate the behavior of the internet are unlikely to have much effect on it's operation other than to make certain US companies less competitive and to make certain basic activities more difficult for the average user.
However, there is going to be huge market for terabit firewalls filtering content which crosses US borders.
Now lets hope that all these foreign types properly support RFC 3514 because it's pretty hard to brute force IPsec ESP at terabit speeds.
Big Snip ...
At 07:03 PM 8/30/2004, Sean Donlan postualted: Is the problem P2P? Or is the problem copyright infringement?
Thank you, Sean. What does Peer-to-Peer mean, anyway. Unfortunately, lots of things. One could argue (I've seen a few replies re this subject hinting around this definition) that the entire Internet works because of the Peer-to-Peer concept. After all, if I am on a 100MBs Ethernet and want to communicate directly with another NIC on MY ethernet, then we must be Peer at Layer 1. Is the Peer-to-Peer ethernet network a danger? I would tell her that the benefits of Peer-to-Peer is that this concept allows us to communicate on networks using computers ... Including allowing Senator Feinstein to receive E-Mail replies to her question (after all, isn't SMTP (or X.400 for that matter) Peer-to-Peer at Layer 7?). Until Senator Feinstein asks a meaningful question, the result will be GIGO. Ted Fischer
* sean@donelan.com (Sean Donelan) [Tue 31 Aug 2004, 01:06 CEST]:
Is the problem P2P? Or is the problem copyright infringement?
Is traffic the problem? Whose anyway? Isn't the point of building a network to facilitate the exchange of data? -- Niels. -- Today's subliminal thought is:
On Mon, 30 Aug 2004, Fred Baker wrote:
I think you just tripped across the difference between a user and an SP. SPs don't generally have 28 KBPS dial links between them and their upstream, and folks that have 28 KBPS dial uplinks don't generally host Akamai servers. Assuming that just because you have effectively-infinite bandwidth and effectively-zero delay everyone perforce must enjoy that is a bit of a leap...
How is this dealt with in parts of the Internet where 'big pipes' are < ds3 rate? or even < ds1 rate? Does Akamai or <other content provider/cacher> put machines in places like: Afghanistan, Pakistan, Guam, New Guinea ? (some of those might not be completely dependent upon sat shots for Internet access) How can large patch providers improve delivery to small-piped peoples of the world? (or pockets of peoples)
This kind of a "you're different and therefore wrong" mismatch has made complete hash out of quite a variety of discussions concerning user experience and user requirements on the Internet. Please listen carefully when someone talks about having limited rate access. The assumptions that
It's tough to remember always that there are parts of the Internet serviced by very small links, entire countries even. Perhaps PCH has some data about this? Maybe even experience in how these challenges are met in these areas?
are obviously true in your (SP) world are completely irrelevant in theirs. If you want their opinions - and this opinion was explicitly requested - you have to respect them when they are offered, not just bash them as different from your experience.
Additionally, is Ms. Feinstein looking for 'US Centric' views on P2P, or 'global' uses/usage? I believe there were some research institutes (CAIDA/ISC/Merit?) that were doing usage studies of P2P software across the Internet, perhaps they can shed light on usage patterns or uses of P2P software across the global Internet?
At 01:21 PM 08/30/04 -0600, Byron L. Hicks wrote:
Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P.
-- Byron L. Hicks Network Engineer NMSU ICT
On 30-aug-04, at 20:27, Henry Linneweh wrote:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
Peer to peer technology has the potential to allow individuals and organizations with modest means to reach a very large audience with substantial amounts of data. The example of software updates has already been discussed. Companies like Microsoft and Apple can afford to buy very large amounts of bandwidth so they can deliver these files to everyone who wants them individually. However, the same isn't true for free operating systems such as Linux and the BSD family. The technology is also very well suited for distributing free movies digitally, which would otherwise be prohibitively slow or expensive. As such, peer to peer has the potential to be a great asset to audiovisual free speech. And that's just the obvious examples. Peer to peer technology allows for extremely robust distribution mechanisms, that are very hard to create in other ways. I'm sure in time, there will be more applications for it. For instance, peer to peer would be a great way to distribute large amounts of data to hospitals, fire stations and so on in case of wide-scale emergencies.
Tell her to kiss my white ass. She can ask the FBI. Since they are the experts when it comes to P2P. ----- Original Message ----- From: "Henry Linneweh" <hrlinneweh@sbcglobal.net> To: <> Sent: Monday, August 30, 2004 2:27 PM Subject: Senator Diane Feinstein Wants to know about the Benefits of P2P
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
-Henry
On Mon, 30 Aug 2004 11:27:12 -0700 (PDT), Henry Linneweh <hrlinneweh@sbcglobal.net> writes:
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
In my opinion, P2P distribibuted systems are still an active research area and the more interesting applications aren't out of the academic research phase yet. Current prototype p2p systems include a storage-accounted remote backup systems (SCRIVENER) and a webcache (SQUIRREL). I know of at least two other prototype applications at Rice that are as yet unpublished. http://www.cs.rice.edu/CS/Systems/SQUIRREL/default.htm http://www.cs.rice.edu/CS/Systems/Scrivener/default.htm We won't know how many of these will turn into production systems for another few years. Of course, if INDUCE passes, then an unknown portion of this research area would be made legally questionable. Any consideration such a far-reaching legal change is at the minimum, very premature. Scott
Henry,
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
I'm sure you'll hear this from many other people, but one thing that I always try to discuss when talking about "P2P" is the difference between general peer-to-peer applications and "illegal music downloads". For example, Voice over IP systems and the regular PSTN telephone system (same application but a different network) are peer-to-peer applications running over electronic networks (sometimes even the same ones). The PSTN is routinely used to commit all sorts of criminal activity, though I think it's easy to see how using the peer-to-peer application (i.e. "calling someone on the telephone") is distinct from committing a criminal act. Regardless, my guess is that the real interest relates to music trading via Internet-based "peer-to-peer" networks (Fastrack, gnutella, IRC, etc), so I'll limit the rest of my thoughts to that. My band is a small, independant band. We don't have a recording contract nor are we interested in one. We're not interested in making money by selling CDs (do any artists really make money selling CDs?) but rather by performing. We want people to listen to our music, to have easy access to it, and we see this goal one of the best ways to generate interest in our band and interest in attending our shows. To accomplish this, we definitely intend to seed the various file-sharing networks with our MP3s as soon as we're done mastering them. We own the copyright to our music and view this as the best avenue to distribute our music and, in the process, generate interest in our band. All other mechanisms for distributing our music will cost us something, usually money, as well as cost our fans. The truth is that if someone has to pay to download our music, then it's likely that they won't since we aren't an established band. Even if some fans were willing to pay to download our songs, we'd rather that they saved the money to spend at our shows and we see giving away our digital recordings as a good way to drive attendence. If this sort of distribution is made illegal, then we'd be forced to go through a third party to distribute our music and this would likely require either signing away certain rights to our music, costing us money, or both. It would also drive up the cost of our music to our fans and hinder our ability to perform. Stretching things a little, I'm also worried that other means for distributing our music would be impacted if music-sharing via peer-to-peer networks is made illegal. For example, if a friend IM's me over AIM and asks for a copy of our MP3s, would that also be illegal? If I run a web server from my home computer, use dynamic DNS to keep my hostname and IP mapping current, register the location of my MP3 with Google and Yahoo so that people will download it from me, will that also be illegal? Would Google, my cable-modem provider, and my dynamic DNS providers be somehow liable for providing a potentially inducing technology and, as such, prevent us from doing it? If neither of these distribution mechanisms would be illegal, what is it about our approach to using Fastrack or gnutella that makes it illegal? Some people are using these networks to distribute content illegally and I'm against that. Just because my band wants to distribute its music this way, doesn't mean that every band has to or should be forced to. However, we see free and simple access to our music over the Internet as a way to generate interest in our band and drive people to our local shows without having to go through an intermediary and without costing us and our fans money. Eric :) Network Engineer, data plumber, and Drummer for The Amazing Poundcakes (http://www.amazingpoundcakes.com)
So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology.
We have no idea what the benefits of P2P are going to be or what the technology is ultimately going to look like. It will be at least a decade before anyone has a clue and maybe much longer. And, btw, IMO the MD5 collision is sufficient to judge MD5 unsuitable for checking file authenticity in a P2P application. A denial of service attack could, potentially, be launched by anyone who could create a block with the same MD5 checksum as any block in the application. To do this, they need only create a collision for the first chunk of that block, which now seems doable. (Yes, I know the difference between producing a collision and producing a collision for a given block. It's just that this difference is all that's left.) MD5 is still perfectly suitable for any number of applications where the ability for a hacker to produce a collision to a given block is not sufficient to destroy the security of the scheme. DS
participants (29)
-
Bora Akyol
-
Byron L. Hicks
-
Christopher L. Morrow
-
Crist Clark
-
Dan Hollis
-
Daniel Reed
-
Dave Dennis
-
David A. Ulevitch
-
David Schwartz
-
Eric Gauthier
-
Erik Parker
-
Fred Baker
-
Henry Linneweh
-
Iljitsch van Beijnum
-
james edwards
-
Jared Mauch
-
Jeff Wheeler
-
Joel Jaeggli
-
Martin J. Levy
-
Matthew McGehrin
-
Mike Tancsa
-
Niels Bakker
-
Owen DeLong
-
Petri Helenius
-
Rob Nelson
-
Scott A Crosby
-
Scott Call
-
Sean Donelan
-
Ted Fischer