Oh yes I expected this... the standard exuse...

They are checked by default right? And you know the most people install what is checked because they think they NEED these progs, and if you start now to tell me something that this is mentioned... you know exatly that the most people don´t read the terms, so you provide these Spyware crap to a large number of user...

And I have read your plans to FORCE the people to buy the PRO version:

http://www.bearshare.com/forum/showt...0&pagenumber=1

And now tell me why the people should use your advertising client, if they can better clients for free - like Gnucleus, Shareaza or soon Xolox!

This really sounds to me like you planed it well and for a long time, like I said it several times! So you want to leech from the Gnutella net as long as possible and if the net is destroyed you switch to your private net... Vinnie this sucks hard!

Morgwen

to give it a name.

Zeropaid has it too:

BearShare Blocks other Gnutella Clients
After months of badmouthing and disadvantaging other clients here is it finally. From Bearshare.Net: "You can choose to receive all query replies, downloads and uploads only from other BearShare clients". In clear works again: Bearshare is splitting the network! Remember the words from hackmaster Dr. Damn: Be nice and play fair. Uninstall BearShare.

http://www.zeropaid.com/news/article.../06272002g.php

I have Gnotella 1.05 and can't find any skins or information on it, what happened to Gnotella and how come it is no longer supported?

And now tell me why the people should use your advertising client, if they can better clients for free - like Gnucleus, Shareaza or soon Xolox!

You shouldn't use anything, unless you want to; no one is forcing you. Like you said, their are other clients out there. Use the one you like and get on with your life (or get a life), instead of argueing about trivial things.

So you want to leech from the Gnutella net as long as possible and if the net is destroyed you switch to your private net...

BearShare can upload and connect to every other client, so it isn't leeching off of anything. The only difference is if the rest of gnutella dies, BearShare users would have something to fall back on.

Of course ssh, SSL, PGP and all good commonly used secure protocols or hashs are available as open source. So why security by obscurity?

Even though the source to generate the encrypted data is available (ssh, SSL, PGP), the encryption algorithms are soo strong that it would take a LONG time for anyone sniffing the traffic to figure out what the data is. By the time they could crack the encrypted data, the encryption system would probably be changed and they have to start all over. You would need the special key to decrypt the data immediately.

This is the problem faced on gnutella when using a key-pair (private/public key) system. If you have an open source client that contains the keys needed to decrypt/encrypt the data... anybody can take the source, rip the keys and then decrypt/encrypt whatever they want. This is where security through obscurity comes into play. If others don't know the keys, don't know how the security works... it will be hard for them to crack. Otherwise you just go on blocking hundreds of IPs, or develop a centralised control system. This is not good.

These secure channels aren't the best solution, nor are they an absolute form of protection... but it's something! Does anyone else (Morgwen, Moak) have a better (non-proprietary) solution that everyone could use? No? That's what I thought.

"Security through obscurity" is a phrase being tossed around by those who don't really understand much of anything.

There is nothing obscure about the techniques that BearShare uses to digitally sign query hits or require challenge/response authentication in host connections - they are all built from sound, proven cryptographic primitives that are published and well documented.

If we were using obscurity, we would have made up our own cryptographic algorithm - this would be a poor choice.

So when you hear someone say "security through obscurity" in the context of BearShare, this is clear sign that they don't know what they are talking about.

that's an obvious lie. Vinnie, we are not all unskilled users. Your encryption sheme is proprietray and undocumented, no other GDF member does use it. Commonly known as security through obscurity.

you need a little bit more then insulting or badmouthing open source software. Please read the thread on Zeropaid (link above). It explains why so called secure channels can not work, why it's a pure marketing gag.

I know Vinnie tries to give himself an übercoder attitude. He likes to talk about multithreading, completition ports and encryption. All sounds great for unskilled users but after a closer look it's marketing most times. The so called secure channels provide no security in real world, they split Gnutella.

LOL Vinnie, I'm sure any server without internet connection can get a great NSCA firewall certification. Oh wait I have a even better idea, switch off the server, it's totally secure then and can not be attacked.

yes, this is not even ONE solution, "secure channels" do not work! The Zeropaid thread explains why Vinnie's "secure channels" are an illusion.

I wonder what Vinnie has thought, if he did consult a lawyer before? I have the suspicion that "secure channels" have nothing to do with security, they are a secret attempt to split Gnutella into smaller proprietary network$.

Money not security.

Actually, despite the various breaches possible with different encryption schemes that thread brought up none of them. The only thing relevant that was shown there was some **** anonymous poster jumping to the conclusion that everything was dependent on the EULA alone. Talk about insecurity



[No insults please]

insulting is low, moderators please have a look on it.