Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Software Privacy The Internet

MUTE: Simple, Private File Sharing 523

oohp writes "MUTE is a new file sharing network that provides easy search and download functionality while protecting your privacy. It does this by routing all messages through a network of neighbour connections, using virtual addresses and encrypting all the traffic (using RSA for public/private keys and AES for the actual encryption). MUTE's routing mechanism is inspired by ant behaviour. The program is available for Linux, Windows and Mac OS X."
This discussion has been archived. No new comments can be posted.

MUTE: Simple, Private File Sharing

Comments Filter:
  • by tcopeland ( 32225 ) * <{moc.dnalepoceelsamoht} {ta} {mot}> on Friday December 19, 2003 @03:14PM (#7767982) Homepage
    ...although CPD [sf.net] was able to find a few duplicate chunks [infoether.com].
    • This might be getting off-topic, but while CPD might be a nice tool, wouldn't a better plagiarism detector look for really similar code rather than identical chunks?
      • > really similar code rather
        > than identical chunks?

        Hm. Yup, I agree that identical dupes are rarer than similar bits. That's why CPD discards comments and whitespace - so that it doesn't get thrown off by an extra newline or a "// copied from foo.c". I kind of feel like there's a continuum here - for example, if you ignore the variable names, you might find a lot of "duplicate chunks" that look like this:

        for (int i = 0; i<n; i++) {
        // blah blah
        }

        But does that really qualify as a duplicate c

      • not plagiarism (Score:4, Informative)

        by tepples ( 727027 ) <tepplesNO@SPAMgmail.com> on Friday December 19, 2003 @03:28PM (#7768161) Homepage Journal

        Here, CPD isn't looking for plagiarism; instead, it's looking for opportunities for refactoring.

  • by corebreech ( 469871 ) on Friday December 19, 2003 @03:14PM (#7767987) Journal
    ...with the same strengths (privacy) and weaknesses (slow).

    My asymmetrical DSL connection just won't work well with a system like this. I don't have the bandwidth to act as a node that relays data for the sake of maintaining your anonymity. If we all had T3 connections in our home this would be great, but we don't.

    An A for effort though. Implementations on most of the major platforms, with source code, and a neat analogy to how ants work to make it all understandable to the lay audience. Nifty.

    (interesting that this story gets posted the day the federal appeals court forbids exactly the tactic by the RIAA this software attempts to work around.)
    • by gid13 ( 620803 ) on Friday December 19, 2003 @03:21PM (#7768063)
      I could be wrong, but I think you may be reaching here.

      I've never heard the ant analogy used to describe Freenet. Also, it seems likely to me that you haven't tried it and are just assuming that privacy implies slowness (you may be right, but maybe not). Lastly, if a p2p network is just beginning, it's very likely to be slow due to a lack of users rather than inherent technical limitations of the network itself.
      • by Adolph_Hitler ( 713286 ) on Friday December 19, 2003 @03:23PM (#7768098)
        actually Ian Clarke in his first paper stated he was inspired by ants.
      • by corebreech ( 469871 ) on Friday December 19, 2003 @03:37PM (#7768282) Journal
        True, I haven't tried it, but I've read the spec. You should do the same before commenting further.

        The privacy arises from the fact that the file you request isn't sent directly to you but through a chain of other systems running MUTE on the Net. This means that for every file delivered, more than one node is labored with the uploading of this file, and given that, for most people, upstream bandwidth is a rather limited resource, the ultimate consequence will be that the system will be slow as compared to one where the files are sent directly, e.g., FastTrack or gnutella.
        • by Doomdark ( 136619 ) on Friday December 19, 2003 @03:55PM (#7768478) Homepage Journal
          This means that for every file delivered, more than one node is labored with the uploading of this file, and given that, for most people, upstream bandwidth is a rather limited resource, the ultimate consequence will be that the system will be slow as compared to one where the files are sent directly, e.g., FastTrack or gnutella.

          Not necessarily, in theory (in practice, probably). If routing is done in a way similar to wireless ad hoc routing is supposed to be done, it could just mean that routing decisions are not done end-to-end, but by independent routing (and encrypting) nodes. Thus, there need not necessarily be additional unnecessary nodes; theoretically it could even reach better routing decisions, since it's not (just) your ISPs router trying to optimize based on financial reasons ("we have deal with MCI and thus we'll go from NY to LA and then back to Boston, instead of using direct route"). Your other point (asymmetric connections) is still valid though...

          In practice it is likely that optimal behaviour won't be achieved, esp. in cases where endpoints are reasonably close to each other (in which case guaranteeing anonymity prevents best shortcuts). However, it really comes down to how well implementation works, not that specification dictates bad performance; and also in your usage patterns. If you want to swap files with your neighbour, this would be pretty suboptimal; but that's probably not very common use case. Inter-continental transfer, on the other hand, may not be much less efficient than "direct" connections.

          • Ok, I'm asking this here because y'all seem to know this stuff. I don't know anything really about P2P networks, secure or not, but what I'm wondering is this...

            If the packets eventually end up at the same place, then what does it matter how many hops they take? I mean, wouldn't it be more anonymous if the packets kept on going after hitting the intended recipient, and just 'faded out' somewhere, or were forced to make the max number of hops allowed(isn't it 255)? Does this happen with any of these 'sec
      • by cavemanf16 ( 303184 ) on Friday December 19, 2003 @04:04PM (#7768576) Homepage Journal
        The "ant analogy" that MUTE is referring to is actually a rather well-known AI programming algorithm technique known as the ANT Algorithm. So although Freenet may be routing stuff through everyone, I don't think it's doing any optimization of the routing, thereby slowing the "travel time" to a crawl over long distances (i.e. lots of nodes). Although I think it would be possible for MUTE to be circumvented, at this time that would be a really difficult task given the following two benefits of MUTE:

        1) randomized initialization of the 'virtual IP' as they call it. This will effectively KILL current companies tracking abilities who are in league with the RIAA.

        2) RSA encryption of the traffic in and out of each node. I wouldn't be surprised if John Ashcroft finds out about this one and really gets pissed, because a native file transfer encryption scheme over a real-time random path through constantly changing nodes makes it REAL hard to track traffic.

        Mind you, I haven't tried MUTE out yet, but I will be this weekend for SURE!!! This tech looks like a real gold-mine for finally moving files around the internet much more securely than current P2P systems. And using an AI optimization system for the file transfers. Nice!
    • by __aagmrb7289 ( 652113 ) on Friday December 19, 2003 @03:22PM (#7768081) Journal
      Actually, the software features have nothing to do with what was actually ruled upon today - the RIAA can still get your name and information if the ISP knows your IP address, they just have to file a lawsuit first.

      So, this IS still useful.

    • Well, thats a good point: sites with crappy upload speeds will not be valuable participants in P2P networks.

      This may actually benefit the network by weeding out those nodes which are asymmetric leech-only types.

      I have DSL too, and it sucks hard not being able to use my inroute to help my downroute (Bittorrent), or to lose download capacity whenever someone hits my website.

      If a decent ISP shows up with non extortionist pricing for symmetric connections, and static adressing (v4 or v6) then Im definitely s
    • by BrookHarty ( 9119 ) on Friday December 19, 2003 @03:30PM (#7768184) Journal
      With a HASH being calculated for each file, they need to allow multi-part downloads. This would speed up like bittorrent. Freenet doesnt have search results, you need an external freenet search engine.

      MUTE returns search results. The only protection is Virtual Address that is randomly generated on startup.

      The only weakness I noticed, is the "Hints" on which nodes to use, over time, keep a list of "Hints", you could in theory, do packet tracing to the hosts. You could spider, and try to map Virtual addresses. You could limit or block noisy hosts, that might be a simple solution.

      The RIAA would have to go after the high bandwidth NODES, or hosts that site directly next to you. Simple port scan for a MUTE response would validate the user. They would assume you are guilty just for using the program. People need to use legtimate files to make seperate it from piracy only p2p networks. Maybe torrent style downloads with hash checking would do the trick.

      Also, nice to see multiple clients and opensource, and GPL license.
      • Assuming you're guilty for using the program wouldn't work simply because p2p programs have been deemed legal applications in and of themselves. Any copyright holder would need to prove that you obtained and were distributing illegal copies of their copyrighted material before they could attack you legally.

        Even if they did use the approach that "we noticed this illegal file going to his IP address" they would need to prove that you were the one willfully hosting and distributing the file, not your neighbo

    • by Kludge ( 13653 ) on Friday December 19, 2003 @04:46PM (#7768980)
      Maybe you should ask why your DSL is so asymmetric.

      Why are asymmetric connections so much cheaper and more common? Data flow is not more expensive one way than the other. Is it the man trying to keep the masses consuming what he dishes out, and keep them from distributing their own content?

      • Asymmetric connections are so much cheaper and more common because they slice the available bandwidth disproportionately.

        That is, they literally allocate more of the physical line to the downstream channel. At least on ADSL.

        This is because people (generally) care much more about how fast their download is than they care about their upload.

        They are giving people what they want.

  • by garcia ( 6573 ) * on Friday December 19, 2003 @03:15PM (#7767999)
    The way they explain things shows that the single reason for this software is to trade files that belong to the RIAA.

    They might have wanted to think twice before doing that.
    • by corebreech ( 469871 ) on Friday December 19, 2003 @03:19PM (#7768045) Journal
      Yeah, I was struck by that too.

      They should've taken a page out of Bram's book, representing the software as a way to let businesses scale their upstream capacity by exploiting the unused capacity held by their customers, etc.

      Or Freenet, which likes to talk about working to ensure the anonymity of a political dissident in a authoritarian state.

      To just come right out and use downloading a Metallica MP3 as an example of how the software works is asking for grief I think.
      • The thing that has saved other P2P apps in court is the fact that they weren't designed for illegal purposes. Now with these guys saying right on their site that its sole intent is for grabbing MP3's they could possibly find themselves in trouble with the law. Lets hope they don't live in the states.
      • Those engaged in file shareing are political dissidents in an authoritarian state.
    • by chatooya ( 718043 ) on Friday December 19, 2003 @04:01PM (#7768552)
      You know, we do have free speech in this country (most of the time). There's no reason to shy away from saying that this software is designed to avoid getting spied on by the RIAA. It's perfectly legal to code it and to use it.
  • Ants? (Score:5, Funny)

    by mopslik ( 688435 ) on Friday December 19, 2003 @03:16PM (#7768009)

    MUTE's routing mechanism is inspired by ant behaviour.

    Rumour has it that the RIAA is secretly developing software that emulates a giant maginfying glass...

  • by Black Parrot ( 19622 ) on Friday December 19, 2003 @03:16PM (#7768014)


    ...with the text scattered through 100 different letters.

  • by Anonymous Coward on Friday December 19, 2003 @03:17PM (#7768018)
    CDs from RIAA labels : "What a crappy present!" [whatacrappypresent.com]

  • hmm.. (Score:3, Informative)

    by grub ( 11606 ) <slashdot@grub.net> on Friday December 19, 2003 @03:17PM (#7768021) Homepage Journal

    Well, I just installed it at home (thanks, VNC!) and did a search for "mp3" assuming that would generate a lot of hits but haven't seen anything happen. The docs are sparse, to say the least. "Is this thing on?"
  • Strike II (Score:5, Interesting)

    by Doesn't_Comment_Code ( 692510 ) on Friday December 19, 2003 @03:17PM (#7768026)
    This is a much better approach than Legal or Court based ones. You can always count a crazy judge to screw things up. But good hard encryption and hidden internet paths are a much larger stumbling block to the likes of the RIAA, which is on the whole, technically incompetant.

    Even IF they win the court battle with ISP's (they just took a hard knock in the last court case) there won't me much left for them to do if their ability to track is lost.
    • Re:Strike II (Score:2, Interesting)

      by LostCluster ( 625375 )
      Which in translation says that this program's killer app is in evading law enforcement... copyright and homeland security implications be damned.
      • Re:Strike II (Score:5, Insightful)

        by knobmaker ( 523595 ) on Friday December 19, 2003 @07:06PM (#7770171) Homepage Journal

        this program's killer app is in evading law enforcement... copyright and homeland security implications be damned.

        Oh for heaven's sake. Do you really believe that terrorists are using P2P to transmit secret plans? Why in the world would they do this? The thing about P2P is that you can't really control who gets your files. Does that really sound like something that would appeal to a terrorist?

  • ... though from the top-level technical pages, the author(s) seem to think the idea is novel. Can someone explain how this compares to onion routing [onion-router.net]?
  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) * on Friday December 19, 2003 @03:18PM (#7768033)
    Comment removed based on user account deletion
    • Re:Freenet. (Score:5, Insightful)

      by corebreech ( 469871 ) on Friday December 19, 2003 @03:23PM (#7768102) Journal
      I think the big difference is that Freenet lets you push content out into the net, whereas MUTE still works with the standard client/server model where the data must first be requested before being transmitted.

      It's good to have the alternative. It's been awhile since I've checked out Freenet, but one of the fears I had for the system was that it would be susceptible to spam. If everybody took to trading their MP3's using it, for instance, the remedy on the part of the RIAA would be to simply publish terabytes of nonsensical data. MUTE doesn't seem to suffer from this weakness.

      (although there still is the problem of the file you downloaded actually being the file you requested.)
    • Freenet Vs MUTE:

      Upside: Freenet has distributed caching, which may help with bandwidth distribution.

      Downside: freenet uses Java as its primary development platform, and it has been the cause of numerous development problems. It probably would have been more portable had it been written in C/C++.


      • That's an odd statment. "X uses Java, but should have used C/C++ so it could have been portable."

        Aren't portability and system-independence some of the major benefits of using Java over compiled languages?

  • by tuxette ( 731067 ) * <.moc.liamg. .ta. .ettexut.> on Friday December 19, 2003 @03:18PM (#7768036) Homepage Journal
    All I got was a 404 when I tried to find the Crowds homepage (AT&T research labs), but it was one of the privacy-enhancing technologies I looked at while doing my thesis. It's a similar concept with connecting to many different nodes than directly with who you want to communicate with, download files from, etc.
  • by cluge ( 114877 ) on Friday December 19, 2003 @03:19PM (#7768054) Homepage

    The RIAA hasn't learned that necessity is the mother of invention. While they try hard to shove substandard products down our throats (oh yeah I'm sorry, the last Brittany album is a "work of art", my bad") we try hard to pick the weat from teh chaff. Lets face it, if I could by an album with at least 5 good cuts on it, I woulnd't be spending my time taking the albums I own and making MP3 version of just he "good songs". If the Recording industry even paid the artists what they agreed to I might feel guilty about the occasional MP3 download. Since the recording industry has a regular habit of screwing their "artists", I don't.

    PS: RIAA - can you prove that I didn't by that PIL album back in 1986, and am now just D/L ing a legitimate eletronique copy? If the encryption on mute is any good, the answer is no. Thankfully I still have my PIL vinyl in case I get dragged into court.

    AngryPeopleRule [angrypeoplerule.com]
  • by scovetta ( 632629 ) on Friday December 19, 2003 @03:20PM (#7768057) Homepage
    No matter what, you can ALWAYS see who you are connected to. If A gives a file to B, but it actually goes through C, D, and E, then if it is determines that the content is infringing, then C, D, and E are all responsible too. Ingnorance is no excuse. Of course, IANAL, but I think this would be great for the RIAA, since they could theoretically sue just about anyone who RUNS this, since they're essentially ALL uploaders.
    • by melete ( 640855 ) on Friday December 19, 2003 @03:34PM (#7768240)
      RTFA -- the contents of the packets you are passing are encrypted. The only way to get around it would be for the RIAA to run the node hosting the file AND watch the packets reach your machine.

      But if the RIAA is uploading the file, are you infringing if you download it?
    • ...Ingnorance is no excuse. Of course, IANAL, but I think this would be great for the RIAA...

      You are right, you are not a lawyer. For starters, ignorance and lack of control over the content is an excuse. It's a valid excuse if you have a good lawyer. Read the news and take some law classes...

  • by twoslice ( 457793 ) on Friday December 19, 2003 @03:24PM (#7768108)
    MUTE - a song sharing system for deaf people...
  • by Argyle ( 25623 ) * on Friday December 19, 2003 @03:28PM (#7768165) Homepage Journal
    I've played Waste [sourceforge.net] the encrypted private network tool started by Justin Frankel.

    MUTE sounds similar. Has anyone tried both? How do they compare?
    • Waste doesn't try to hide IPs to keep people pseudo-anonymous. All traffic is encrypted, but you know who is sending it pretty much.
    • by exhilaration ( 587191 ) on Friday December 19, 2003 @04:16PM (#7768721)
      MUTE appears to be for large, public networks - networks in which users don't necessarily trust or know each other. Its goal is to mask both the sender and recipient of data, thereby preventing RIAA/MPAA-like organization from cracking down on either. This privacy comes at the cost of bandwidth and performance as data must be routed through various users to remain anonymous.

      WASTE, on the other hand, is for small, private networks in which users know or trust each other. Both the sender and recipient know each other's IP addresses. This is far more efficient as users can download files directly from each other.

      Both MUTE and WASTE encrypt data, thereby making it far more difficult for ISP's to determine exactly what is being transferred. WASTE has the additional benefit of being a "by invitation only" system - you can't get in unless your public key has been accepted by other users.

    • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Friday December 19, 2003 @05:46PM (#7769529) Homepage Journal

      Only I have more specific questions. The major problems with WASTE are as follows, in no particular order:

      • No access control.
        This is the big one. I cannot specify (by public key) who can access an individual shared directory. Since it already doesn't have any anonymity between users of the network, you don't lose anything by implementing this.
      • Poor encryption scheme. Encryption is at the level of links between nodes on the network, so traffic is not encrypted when it is flowing through a WASTE node. Encryption should be personalized to a specific user. (It appears to be done this way in MUTE.)
      • No collaborative uploading. Since files already have unique hashes it is silly for the network to not automatically search all other nodes (permissions, well, permitting - of course WASTE has no perms, see above) and let you download pieces of files from individual hosts, thus making the network inherently more powerful.
      • Caching is very stupid. When someone rescans their shared directories, I should not have to quit and restart WASTE just because I have caching turned on.

      WASTE was designed to be used without centralized management, but has no access control. This is dumb. It means that anyone on the network can add people who can then download your files and suck up your bandwidth when you would rather give priority to people you actually know and care about. As such it is only useful amongst very small groups of people who are all good friends.

      I plan to test MUTE very soon, perhaps as soon as this evening, but it would be nice to know if any of these problems with WASTE are addressed in MUTE.

  • I can't find any mentions of seed nodes here, I guess they don't plan on hosting one. That makes it kind of hard to use until you get some of your friends to use it too... Anybody feel like throwing out some MUTE node IP addresses so we can test this bitch?
    • Re:seed node? (Score:2, Informative)

      by rende ( 674827 )
      From the log files it seems it wants to connect to monolith.2y.net. At first attempt, this failed to connect to any hosts because I had not setup my router to forward port 4900. Once I did this and manually entered monolith.2y.net under the connections tab, I have 5 hosts listed and a search for mp3 yields some results.

      The software seems a little buggy tho. It has crashed twice on me once it is connected to a host and I have only been playing around with it for a few minutes.
  • by Anonymous Coward on Friday December 19, 2003 @03:29PM (#7768174)
    Dear File-Swapping Pricks,

    You may try to avoid us as much as you like. However, we have other means to discover who you are and sue you into oblivion. We have already employed Miss Cleo and we are willing to unleash her fury whenever we want to! Yes, Yes! Oh god, yes! You cannot hide from Miss Cleo when she picks your name randomly from a phone book.

    We are also aware that there is a great deal of high-speed file sharing going on at your "LAN Parties". We will begin to infiltrate your so-called "LAN Parties", so that you cannot hide from us even from there! So, please ignore the balding lawyer taking pictures of your computer screens.

    FEAR US!

    The RIAA grows stronger by the day. No longer do we just sue people about music, but we have teamed up with SCO to protect their copyrighted information as well. Today, we are officially launching lawsuits against all those that dare share Linux Distros through Bit-Torrent, at "LAN Parties" or over any other sharing method!

    We will continue to sue you until you learn that you cannot live without buying every CD that comes out, even if its not music that you like! Yes! You will give us all your money or you will suffer our wrath!

    Sincerely,
    David Bowie
    and the RIAA
  • And its purpose? (Score:2, Interesting)

    by stealth.c ( 724419 )
    Not to draw flames, but what use does anyone put these p2p networks to other than pirating copyrighted media? If there was a p2p network where you could be assured that the only available music/video available were by indie artists who WANTED to share, then that would be terrific. Unfortunately, the behaviors of p2p users have only strengthened the case for DRM. The architecture of this one is obviously meant to thumb its nose at the RIAA.
  • Pseudo-anonymous (Score:2, Informative)

    by Anonymous Coward
    As their Sourceforge page says, it only aspires to pseudo anonymous P2P.
  • Re: Bandwdth (Score:5, Interesting)

    by doublebackslash ( 702979 ) <doublebackslash@gmail.com> on Friday December 19, 2003 @03:33PM (#7768220)
    One user mentioned a bandwidth concern, I would like a adress it.
    I was working on a project like this, and am now looking into contributing to GNUNet [gnu.org], a similar project. My framework had peers moving data in a similar way as these ants. The way I looked at it was that most of the time I select some files, let them download, and come back later. I'm sure the downloading takes only ten or twentey minues, but I'm at work or busy otherwise. Once I'm done downlaoding my computer just sits there folding [stanford.edu]. The bandwidth is going un-used!
    There is plenty of bandwith sitting idle out there, so long as the ants are clever enough to avoid busy relays noone will really notice the drop in their performance. I think that they would have a similar approach (it seems it would work this way as a concequene of their ant design).
    I sincerely hope that one of these true P2P private networks takes off in a big way, till then I will support them in every way I can.
    • Re: Bandwdth (Score:3, Insightful)

      by nate nice ( 672391 )
      If you want your idle bandwith to be used, try using Bit Torrent. It generally works well and you upload as you download. Honestly, the fact that more systems don't have this approach is sad. People don't seem to understand the ideas behind a paged, data multiplexing system.
  • Didn't Banyan VINES use a similar method of discovering routes to a remote node via this kind of nearest-neighbor arrangment? Been a while, but this rings a bell.

    This looks pretty cool, but it seems like there will be problems when nodes go on and offline, since broadcasts get used to find nodes. Won't nodes that come and go periodically cause problems -- or is this a non-issue?

  • Couldn't the RIAA just subpoena (theoretically) all the ISPs to find out which IP addresses are accessing this program? From what I gather, this program might be able to mask the actual downloads, but the RIAA could still prove that someone's computer was attached to the network (vs. the RIAA currently being able to state the actual music files being shared). I think the other concern would be that since each user is helping to transmit data files between users, it is probable that users will be hitting t
  • by Anonymous Coward on Friday December 19, 2003 @03:38PM (#7768288)
    Server1: Protect the Queen!
    Server2: Server 2 thinks it's the master browser and is calling for an election. Which one's the queen?
    Server3: I'm the Queen.
    Server2: No you're not.
    Freedom! Horrible, horrible freedom!

    Server log ends.
  • by ThosLives ( 686517 ) on Friday December 19, 2003 @03:58PM (#7768516) Journal
    This reminds me of an interesting bit of educated fiction I read about information passing methods used in intelligence communities (i.e., spy rings). The problem with this type of system is that you will always know the source of the (in this case) file. So, if you want to get the person sharing the file, you just back up the tree from anywhere. For instance - once you knoa a packet has stuff that you don't want sent, you can just back up the "sent from" arrow-tree and arrive at the sender, then send your cops or whatever to the point of entry. However, you have no way to locate the recipient quickly. This is NOT a Good Thing in some peoples' books, to be sure. The most secure information trasportation mechanism is the double-blind drop: the info source drops the [message] at some location, then the recipient picks it up from that spot. The recipient and sender do not know each other. (In spy rings, that means if one of them gets captured, the other one can't give info about them - the only weak point is the drop-point).

    For computers, if you really want anonymity, you use encrypted files, broadcast everywhere always, and always listen to every packet (which you have to do anyway to select out yours) and see if it's yours. If it is, you keep it, otherwise ignore it and pass it on. Granted, this will not find the "most direct" route from source to target, but it is the most secure.

    Network speed / anonymity are conflicting tradeoffs with the current implementation of the infrastructure.

    Observation: if everyone always captures the whole file - like what if you just copied and stored every single packet that came your way, and everyone did this - then how could "ownership" be enforced? Would this (assuming it's technically feasible) be a Good Thing? I'm not sure I know how to answer that one...

  • by i_r_sensitive ( 697893 ) on Friday December 19, 2003 @04:09PM (#7768630)
    But, this is the wrong (expletive deleted) approach.

    More importantly, I can't believe how many people seem to think this is a valid approach to the problem.

    First of all, anyone who writes FOSS should not be involved in developing these projects. Quite simply, this project is aimed at abrogating the rights of the copyright holder. If you develop FOSS, you too rely on copyright to protect your rights to distribute your code as you see fit. Why are you helping people to obviate the rights of other copyright holders? Doesn't this seem just a little antithetical?

    Now, before the argument about how developers aren't responsible for how their software is used, well to a point I agree. But, I don't think that you can hide behind this with a clear conscience. Joe Sixpack can't write this software on his own, so if you aren't legally an accomplice, you are ethically and morally. As for the software being used for legal mechanisms, well and good, but that doesn't mean that you could not have built in safeguards to prevent it from being used for unlawful purposes...

    Next, this is not the way to make the point to RIAA. For Joe Sixpack, the complaint is generally about the cost of music and so on and so forth. Well if Sears charges too much for _insert product here_ you buy it somewhere else. You don't go into Sears and steal it. Apparently this is simply because to do so means running a high risk of getting caught. So because the chance of getting caught is lower, that somehow justifies theft? Because that is what it is in the end. Rather than steal from RIAA, deprive them of income by lawful means, spend your money elsewhere. With all the artists in the world, I guarantee you can find some what create music you like, without having to resort to theft.

    RIAA has proven that they will resort to the courts and legislation as their first considered reaction. Since most folk seem to abhor the legislation RIAA has had there hand in to date, why are you fueling that fire? Do you really think RIAA is going to relent? As long as you continue to abbrogate their rights, they will continue to lobby for more and more legislation. If you choose other alternatives, RIAA does not have a leg to stand on, what are they going to do, get Congress to pass a law forcing you to buy music only from their members? Not likely. If you vote with your dollar instead of voting by compromising your morals, perhaps some of those member organizations will reconsider their membership. But as long as people circumvent their rights, and deprive them of revenues thereby they will continue as they have to this point. If people vote to deprive them of income by exercising their other options, RIAA members will have little recourse but to reconsider their policies, which is what you all purport to desire.

    Lastly, I _KNOW_ why I dislike RIAA, and why I won't conduct business with their members. My problems stem more from being a creator as opposed to being a consumer. For those of you who are only consumers, when you choose options that give RIAA grounds to complain, you are quite succinctly stating that you make your choices based on greed, just like RIAA does. It all comes down to the old adage, two wrongs do not make right.

    P.S. Doesn't anyone realize that SCO can point to these software projects as anecdotal "proof" that FOSS developers seek to undermine copy and property rights? Why give them more ammunition in their FUD campaign?

    • by WNight ( 23683 ) on Friday December 19, 2003 @06:07PM (#7769704) Homepage
      Do you really think the RIAA would change, even if all unauthorized copying stopped overnight?

      DVD region codes were added to protect a business model, not to stop piracy. (I know that's the MPAA not the RIAA.) They didn't pay for laws like the DMCA to stop people copying, that was already actionable. They paid for these laws to force people to watch commercials at the beginning of disks, and keep from importing movies from North America to other regions before the theatrical release. In other words, they wanted the government to pass laws protecting their lazy business models. "We don't want to spend to money to make the product available in a timely fashion - please prevent anyone from filling this niche before we get to it."

      The RIAA is just as scuzzy in different ways. They pay the radio stations to play their music, but they also provide extra incentives for stations that only play RIAA content. They're actively involved in shutting out any competition, they complain about how expensive their business is and how they can't afford to pay artists much, yet the music industry is fantastically profitable - they complain when the industry doesn't keep growing at the expected rate. They use accounting tricks to make it appear that they lost money, yet if you believe their figures they should be billions in the hole, not incredibly rich.

      That's why I don't feel sorry for the effects of this - they could have played fair and they'd have gotten much more respect and cooperation for everyone.

      As to why I feel it's fair to use a copyright (the GPL for instance) to protect code designed to break copyright it two-fold.

      First, we must be free to break the law, or uphold it, or we have no freedoms. Many times, the actions seen as 'right' in a historical context have been illegal. The Boston tea party, the American revolution, the underground railroad, the underground railroad in Nazi Germany, the French Revolution. Some of these were undertaken for no more than financial concerns - the American revolution for example, but it ended up allowing a nation to self-govern.

      The point is that freedom requires the freedom to do the wrong thing, and that that wrong thing may end up being right in retrospect. We can't allow a circumstance where people aren't allowed to tinker with their belongings, as is currently the case with DVDs. To tolerate this is to tolerate much greater future injustice.

      Second, while I respect the stated intention of copyrights, "to encourage creators to create by providing a financial incentive", I see that this isn't free to society. Providing an unnatural monopoly (Unnatural in that it's natural to see what someone is doing or saying and incorporate those actions or words into your own. Ideas flow naturally.) costs society. We're intended to get "paid" for this by the new works being created which will eventually enter into the public domain.

      Copyright law as it stands today is untrue to those stated goals and unfair to one half of the equation - the citizens who pay for these protections and yet see absolutely no benefit. Current copyrights last so long that nobody who is alive today's children will be alive when the copyright on this post expires. How is this supposed to "give back" when you could be slapped down in court for quoting more than a line, even in direct response to me? The protections are too long, the punishments for violation are unreasonble, and the agreement is getting even more lop-sided.

      For these reasons I fight against the modern view of copyright as the divine right of big corporations to borrow any pre-existing content, yet forbid everyone from even thinking of basing anything on their content.

      I'm not anti-copyright, nor are most people, but we are anti-overboard-american-copyright-and-dmca.

      I'm not rich, so my voice on this issue is worthless in Hollywood and in government. I'm one person, and one vote (unless I get a job at Diebold), so nobody cares what I have to say. I have to act, and if that req
    • At first, this was a hard decision to make, to mod parent down, or to give up my mods to reply (I'm sure you'll figure out what I decided). I've been researching software piracy on the internet for the last 10 years. My research has shown conclusively that complaining on Slashdot isn't going to stop this network from sharing copyrighted materials nor would any safeguards built into the program... they would be circumvented almost immediately just like people used to wrap files up in fake mp3 files to get th
    • You don't go into Sears and steal it. Apparently this is simply because to do so means running a high risk of getting caught.

      No. It's because most people have a gut feeling that taking a physical object from someone else deprives the owner of the object, but making a copy of an intangible thing, at zero marginal cost, leaves the original untouched, and doesn't appear to deprive anyone of anything. Fear of punishment doesn't really factor in, because if I could make near-free molecular copies of Sears' pro

  • Netstat (Score:5, Insightful)

    by visgoth ( 613861 ) on Friday December 19, 2003 @04:12PM (#7768659)
    Say for instance I have a Metallica mp3 being shared out. What's to stop the RIAA from just downloading said mp3 and then using netstat to see who is sending them pieces of it? After that they could try to sue everyone who's providing even a small part of the whole mp3, couldn't they?
    • Re:Netstat (Score:5, Insightful)

      by SydShamino ( 547793 ) on Friday December 19, 2003 @05:02PM (#7769137)
      Well, they could sue their own ISP, since it provided all the bits to them.

      Of course, the ISP didn't know that it was transferring Metallica.

      It could sue every ISP that delivered a bit.

      Of course, those ISPs didn't know that they were transferring Metallica.

      It could sue every user that passed a bit.

      Of course, those users didn't know that they were transferring Metallica.

      ---

      There really isn't a difference between any of the above examples, legally, unless any layer KNOWS that they are transferring material illegally. And the users can claim that THEY only trade bootlegs of Pearl Jam live sessions, which are just fine. It's not their fault that others use the system for other songs.
    • Re:Netstat (Score:4, Insightful)

      by elviscious ( 681985 ) on Friday December 19, 2003 @05:21PM (#7769324)
      The same thing that stops the Post Office, UPS, or FedEx from being sued when someone mails anthrax.

      First of all the packets are encrypted (or wrapped up in a box if you will). The node doesn't know what it is. He's just doing his job. Would the RIAA try to sue the node.... maybe. But who is responsible for me downloading mp3s over a vpn from work? Yeah, me. I find it hard to believe that my ISP, my works provider, and anybody in between is responsible.

      2nd, this medium will be presumed innocent for transfering anything. Can you transfer the new Lord of the Rings movie? Yes. Lots of mp3s? All you want, and more. Can I transfer just about anything?! Absolutely, and this is the catch. I can transfer anything. Good or bad. Legal or not. Once that is established, the RIAA or whoever else can only concentrate on the two endpoints, and them only.
  • by dave_n ( 414085 ) <dnovosel@gmail.com> on Friday December 19, 2003 @04:32PM (#7768869) Homepage Journal
    I found it interesting that mere days after Clay Shirky article was posted on slashdot, a program that essentially describes his solution is posted.

    If you haven't read the article, you can find it here:

    The Article [shirky.com]

    It's a pretty solid concept as far as defeating the RIAA for another round. I find it interesting that no matter what the RIAA does, someone always counters it. You figure they would adopt a new strategy, instead of just wasting enormous amounts of money on annoying everyone.
  • by henrypijames ( 669281 ) on Friday December 19, 2003 @05:16PM (#7769278) Homepage
    This is interesting. MUTE is created and coded by Jason Rohrer, the same Jason Rohrer who created and coded konspire2b. Now what is the relationship of these two programs, particularly from the view of their common author? Is he "dumping" k2b in favor of this all-new MUTE?

    konspire2b came with a very intersting idea, but the implementation was less impressive. Especially the inability to deal with a "passive" Internet connection (behind NAT and/or firewall) is the reason that it hasn't gained a user base as large as it promised. It is simply a fact that many (if not most) private Internet users are using a passive Internet connection nowaday, and the procentage is even growing.

    Now MUTE comes again with a very intersting idea, but as we know, problems of technical details can kill good ideas quite often. Obviously, the concept is in some points similar to Freenet. One of Freenet's biggest problem is, just like k2b, it's inability to deal with pass internet connection. I think this issue may be the corner stone for MUTE, too.

    I am negatively biased against Jason, mainly because the "failure" of his k2b, and especially because of the document he published comparing his own k2b to BitTorrent, which earned quite some protests because many factual "findings" in the comparison seem wrong. To be fair, I must admit that since I am a member of the BitTorrent dev team, my opinion in this matter is biased from the start, although it has not prevent me to try out k2b, and will certainly not prevent me from trying out MUTE now.
  • ISP logging (Score:5, Insightful)

    by Arch-out ( 710539 ) on Friday December 19, 2003 @05:22PM (#7769338) Homepage
    I am not sure, but is there a reason that ISP's have to keep logs of who used what IP address? If they did'nt then it could make the whole issue dissapear.
    • Re:ISP logging (Score:5, Informative)

      by shostiru ( 708862 ) on Friday December 19, 2003 @08:47PM (#7770816)
      Just a few reasons:

      1. Because if we don't, we can be fined, shut down, or go to jail. Yes, really.
      2. To stop people from spamming you (intentionally or as zombies).
      3. To identify viruses and inform customers (some of them, e.g. Welchia, wreak havoc with an extremely common brand of routers).
      4. So our upstream providers don't drop us like a rock when we can't handle abuse reports.
      5. For bandwidth metered billing (we don't, some do).
      6. So when customer X calls and says "why can't I connect/get a DHCP lease/get to the web/etc" we can actually help them.
      7. So we can catch and resolve problems with RADIUS or dhcpd.

      If none of the above applied I wouldn't waste the disk space, because it's just not that thrilling to know that user jsmith had IP 1.2.3.4 yesterday at 15:00GMT. Of course, if you're paranoid, feel free to use Freenet, MUTE, or whatever.

  • WTF? (Score:3, Interesting)

    by minus_273 ( 174041 ) <aaaaa&SPAM,yahoo,com> on Friday December 19, 2003 @05:35PM (#7769431) Journal
    from the page:
    "your identity available to spies from the RIAA and other unscrupulous organizations."

    If you are the one breaking copyright laws, i dont see how the RIIA could be the "unscrupulous" one. I mean if what everyone wants is to legally share legal files, gnutella would work just fine.
  • by retro128 ( 318602 ) on Friday December 19, 2003 @06:35PM (#7769936)
    Hmm...Downloaded it and installed it, but the seed hosts included with the program, katcher.2y.net and monolith.2y.net are not active on port 4900, which seems to be the default port this protocol uses.

    The katcher.2y.net address resolves to 128.114.51.108, and monolith doesn't resolve at all. Reverse DNS lookup indicates that everything in that class C netblock belongs to UC Santa Cruz and nothing in there is talking on 4900. Seeing as how the seeders are not talking on port 4900 and there's no reference on the web pages for more of them, I'm going to guess that this program is more about a proof of concept than a serious contender on the p2p field.
  • by YOU LIKEWISE FAIL IT ( 651184 ) on Friday December 19, 2003 @08:01PM (#7770577) Homepage Journal

    P2P systems that rely on the users manually bootstrapping to a second connection aren't going to catch on until a well known list of stable master servers is provided. This is too hard for the average p2p user when compared to the almost zero intellectual cost of entry to something like the fasttrack network. I remember edonkey2000 having some teething problems in this regard also.

    YLFI
  • trust (Score:3, Insightful)

    by mr_burns ( 13129 ) on Friday December 19, 2003 @09:32PM (#7771022)
    In theory, mute beats the problem of using queries and traffic analysis to see who's sharing what.

    However, since we no longer have a way of identifying those we download from and blacklisting malicious hosts, we are more vulnerable to an old problem:

    The file you think you're downloading could actually be a trojan that scans your shared directory and reports back to 'mama'. This along with a traceroute report to a known server and whatever it could conjecture are your personal details from productivity software, registration info, web autocomplete etc.

    So some form of pseudonymous reputation management system could be built in to mitigate that problem.

    OR, there can be an anti-malware app out there tuned to the kinds of nasties you'd find on p2p.

    Ideally both should be used, as each results in an arms race.
    • Problems with MUTE (Score:4, Insightful)

      by 0x0d0a ( 568518 ) on Saturday December 20, 2003 @12:18AM (#7771749) Journal
      In theory, mute beats the problem of using queries and traffic analysis to see who's sharing what.

      Mmmf. I'm dubious.

      This sounds like a really neat project to play with (I like to bat around P2P ideas as well.).

      However, I'm going to assume (I can't tell from the routing document) that something here is incorrect.

      The TTL mechanism is UtilityCounter. You attempt to obscure the real TTL by randomly moving it around. However, it's still pretty easy to simply send a number of messages until a TTL range 20 apart is reached. The host distance is then identified. Thus, a map of the MUTE network may be built, though it will take more packets than the GnutellaNet.

      The main concerns I have with the MUTE protocol relate to flooding vulnerability. This is the same problem that GnutellaNet suffers from (and I have been working on in my own time). MUTE, however, is *extremely* vulnerable to flooding, far more so than GnutellaNet, for a number of reasons:

      * MUTE shoves data packets through the MUTE network. GnutellaNet sends them directly.

      * MUTE has phenomenally large TTLs, averaging 100.

      One can probably destroy a massive MUTE network (unless I'm missing something in the routing protocol) with no more than a modem by flooding the network with data transfer packets of 32KiB (the largest the MUTE protocol allows) and bogus to virtual addresses.

      I'd be interested in knowing whether there's an IRC channel for MUTE, since I'd be interested in poking at the design a bit. If any MUTE developers read this, would you point me in the right direction?
  • by Merrin ( 734299 ) on Friday December 19, 2003 @09:52PM (#7771148)
    Well, what with lack of seed IP's to get this whole thing started a few of us got together on efnet and setup a channel to try and get the whole thing moving. We have suceeded in transferring files amongst our selves at reasonable speeds now (we've seen 40-50K which ain't bad). SO come along and join us if you're interested in this new network. efnet #mute-net
    • by throwaway18 ( 521472 ) on Saturday December 20, 2003 @01:31AM (#7772011) Journal
      >efnet #mute-net

      The conclusion of everyone who is talking in the channel is that this version is not usable due to frequent crashing. We can't tell if the routing works because the mesh constantly changes as clients crash.

      Files are only shared if they are actually in the files directory, it does not search subdirectorys.

      The connection list in the program often shows fewer connections than are actually open.

      To compile on FreeBSD 5.1, you have to change all 'make' to 'gmake' and remove "typedef int socklen_t" and change the path of bash to /usr/local/bin/bash for MUTE/configure.

      This uses broadcst search. It is disapointing that people keep reinventing the horribly inefficient original gnutella. Broadcast search will severely limit the search horizon (and probably overall size) of a mesh. We need a filesharing program that combines anonymity with an efficient search function, the state of the art is a distributed hash table with querys and results sent by UDP.

      It is a pity that this ended up on slashdot now. If this had been announced when a working version is available slashdot might have given it the critical mass of users to get it rolling.

      This has lots of potential and will be worth another look when it is stable
  • seedHosts.ini File (Score:3, Informative)

    by Anonymous Coward on Friday December 19, 2003 @09:54PM (#7771155)
    These contents may be more useful than the defaults

    202.52.36.144 4900
    68.61.112.22 4900
    24.208.214.50 4900
    150.101.30.106 4900
    65.71.169.148 4900
    68.111.211.154 4900

Promising costs nothing, it's the delivering that kills you.

Working...