> > 6 - I spent the $170 or so bucks to become a silver club member, but not > once have I received an answer from Mandrake when I found myself stuck. > I was also forced to install Bit Torrent to download the new ISO's after > have waited for over 2 weeks (in vain) after my request for FTP access. > (I *hate* peer to peer networks and I didn't appreciate being forced to > use one, even though it did turn out to be pretty fast. I consider peer > to peer a security risk.) >
I didn't catch the beginning of this thread but I really wanted to address this part right here. Your concern with as you put it "peer to peer" software is indicative of mainstream feelings that certain trade union groups encourage. However, the main point that really needs to be stressed is that Bit Torrent operates so differently from most peer to peer networks that it's really misleading to put it in the same catagory, and on top of that, for linux there are several utilities that will make it EASY to prevent the kind of kruft that slips into windows software. Some of this may be over simplified for you, but I want it to hit all the main topics to the point where people searching over questions like these will find it by any of the points. For starters, a peer to peer (p2p) network is named that because it uses distributed source files on many nodes to serve files to other nodes requesting them. The two main versions of this are the Napster / Kazaa style networks where any node serves files they own to anyone who requests them and the other is the freenet style network where the network itself distributes files out and nodes may not know what files they are serving. On top of that, there are different ways of finding files. Kazaa, for example, simply passes the request along and any node can answer it. Napster, on the other hand, had (I believe, if napster didn't others did) a central database that kept track of where things are on the network and directed requests. The reason people like you are wary of these types of peer 2 peer networks is because people introduce either misnamed or infected files and put them out. People download these trojans (in the classical, and perhaps viral sense of the word) and discover they either got the wrong files, files of low quality, or perhaps a virus or adware program bundled in. In fact, it became commonplace for software producers to directly bundle the spyware into their programs. The Kazaa desktop itself is full of crap. So how is Bittorrent different? Well, for starters bittorrent isn't a network for distributing many files. It's more like a protocol designed to set up impromptu networks for quickly distributing SINGLE files. You never have to worry about a bittorrent download resulting in something other than what you tried to download, because with bittorrent you already KNOW what you are trying to get, you just don't know where you might get each peice from. Here's a simplified, although hopefully fairly accurate, description of how it works. Pretend you want to make a copy of a thesis in the library. You put your stack of papers (it's a very very long thesis) in the copier and start copying. If you are stuck at the speed one copier can copy, it takes a fixed amount of time to copy the paper. However, if the library has additional copiers, you can take peices of your paper to each copier and start them working as well. You can reduce YOUR time by distributing the COPY time to the maximum bandwidth available, here the number of copiers. When you're done, you look at your copy and compare it the copy you started with. If it isn't the same, you can determine which copier malfunctioned and only recopy those peices. Bittorrent works the same way. Mandrakesoft only has to upload to you at a certain rate, but very likely you can download far faster than that. So you download from Mandrakesoft AND from H.J.Bathoorn AND from Amy AND from JoeHill AND from Anne Wilson AND from whoever because they are very nice people willing to upload to you. In exchange, you upload the peices you've already downloaded to David Cormier, Greg Meyer, and me. In this way, you are fully using your upload and download capacity (making sure you set reasonable limits to not completely hog the pipe for your whole home network!) to download as fast as possible. When you're done, everyone has a copy exactly the same as everyone else's, and Mandrakesoft has a much much lower bandwidth bill. This probably brings you to the "but how do I know" part of the download. Sure, I'm TELLING you it just works, but it's not like there's some magic program that uses very complicated math to determine if a file, to a reasonable certainty, is exactly the same as another file in a different location using well known advance hash algorithms that can express the contents of a file digest in a single string, up to 128 bits? Ahem. Well of course there is. Linux isn't about just blindly trusting people to do good in the world! No! We believe that if you are REALLY a good person you wouldn't mind PROVING it once in a while. Put your cards on the table! Show us what you're made of! Give us your md5sum! Say what? md5sum I'd actually be surprised if any modern distrobution would let you get by without installing md5sum probably without even asking. Check your system now ( man md5sum). That's what that long weird letter/number mix next to the download for a LOT of Linux software is. It's telling you that this file is okay no matter WHERE you get it, even from a hooker's computer in the redlight district, as long as you check the md5sum and it turns out the same. Little demonstration. $ ls --version ls (coreutils) 5.1.2 Written by Richard Stallman and David MacKenzie. Copyright (C) 2004 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $md5sum /bin/ls 9041116cf91ba61bb3408cc8625a707c /bin/ls Anyone with that version of coreutils installed from rpm coreutils-5.1.2-1mdk get a different md5sum? If so, one of us has a problem! Many Linux software providers will give you this number to check against. Bittorrent uses checksums like these to make sure each chunk you get is perfectly copied. It simply refuses to give you a file that isn't perfect, at least compared against the source. And lookie here! What do we find on Mandrakelinux's very own website? Last modified: Fri Nov 12 18:36:52 2004 MD5 checksum: 1ea7433e24eb6a3d9491128708a8e0e3 Mandrakelinux-10.1-Community-Download-CD1.i586.iso 5b66d05d03ed2830ce6d09a7e4930b24 Mandrakelinux-10.1-Community-Download-CD2.i586.iso 4815820ca0ff6a5c91525363889bc7bb Mandrakelinux-10.1-Community-Download-CD3.i586.iso d41d8cd98f00b204e9800998ecf8427e Mandrakelinux-10.1-Community-Download.md5 9bbc6e07fcfc75dfef935e8673d3a5b1 Mandrakelinux-10.1-Community-Download.md5.asc So what I'm saying is, Bittorrent is completely 100% as reliable and trustworthy as the source of the files, just like Kazaa. Wait - isn't that the opposite of what I've been trying to prove? Nope. Kazaa is as reliable as the source of the files - You have no idea who the source is, therefore the files are completely unreliable. Bittorrent downloads start by going to a file provided to you, the .torrent file. If you trust Mandrakelinux well enough to click on their webpage to start an ftp transfer, then you can equally trust them to click on a link to the .torrent file. Either way, you have to decide how much you trust the people serving you the files. I hope I kept that...er...short enough.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
