On Tue, Dec 18, 2012 at 11:52 AM, Chris Rees <utis...@gmail.com> wrote: > On 18 Dec 2012 19:44, "Eitan Adler" <li...@eitanadler.com> wrote: >> >> On 18 December 2012 03:59, Willem Jan Withagen <w...@digiware.nl> wrote: >> >> > So what is the reason for this? >> >> The software used to seed the torrents was horribly insecure. This >> was found *prior* to the security incident. > > What software?
A hybrid of bnbt, xbnbt, xbtt, and something else that I don't recall the name of. We ran the seeders from py-bittornado in curses mode in about 15 screen sessions.. by hand. The tracker/indexer code had an open http connect proxy in it (!). The code was particularly difficult to work with and looked extremely light for defensive programming. (string buffer overflows, the works). The bottom line is the nice indexer / tracker / stats thing we had isn't something I feel we can trust. I do believe we can/should publish trackerless/dht torrent files to go with the release binaries. Perhaps an initial web-seed might work, otherwise we could have a few folks with good ftp connectivity do an initial seed from the ftp files. Another option is a no-frills tracker (eg: no gui). So, the old way: xbnbt + xbtt + bnbt provided a tracker, an index, downloads of the .torrent files. via screen, we ran a farm of py-bittornado (which particpated in utorrent-compatible pex/dht) very high maintenence and magic. New way: www.freebsd.org: provides an index and downloads of the .torrent files if required, a no-frills tracker. as required, run py-bittornado for a week or so, and/or well connected folks preload their clients via ftp. -- Peter Wemm - pe...@wemm.org; pe...@freebsd.org; pe...@yahoo-inc.com; KI6FJV "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
