Re: [Sursound] Bittorrent responses--thanks!

Wed, 06 Jun 2012 01:36:40 -0700 

On 06/06/2012 05:39 AM, Eric Carmichel wrote:

...  everyone's friendly advice made me feel more at ease regarding
bittorrent downloads.



one thing to put you even more at ease: the idea behind bittorrent is 
that you can download little snippets of a file from several torrent 
"seeders", to maximise the download speed.



each snippet is therefore checksummed after download to ensure it has no 
bit errors. the same mechanism makes it very hard for malicious seeders 
to slip you a corrupted snippet. so if you have reason to believe the 
original file (and its meta-information) is trustworthy, there should be 
very little additional risk from the torrent download as such. [1]



so if you always initiate your download from ambisonia.com, all should 
be well unless a) the server has been compromised, or b) a malicious 
ambisonia contributor has uploaded a file containing malware.



given the small size of our community and the fact that everybody jumps 
on new uploads within a few hours of their arrival on ambisonia, a 
malware upload would hardly go unnoticed.



furthermore, for malware to actually become effective on your system, it 
has to exploit a hole in the player you are using, which, given the 
diversity of players and the quite arcane setups necessary for ambi 
playback, is highly unlikely. the other option would be to include an 
executable, and the user being stupid enough to actually execute it. 
similarly unlikely, since you appear to be a security-conscious person 
without a 
double-click-on-any-exe-and-ok-all-warnings-to-make-them-go-away pattern :)



best,


jörn




[1] iirc, the hash algo is sha-1, which has demonstrable weaknesses and 
might be broken in the very near future, but the effort to create a hash 
collision is still big enough for any malicious seeder to seek softer 
targets elsewhere.


--
Jörn Nettingsmeier
Lortzingstr. 11, 45128 Essen, Tel. +49 177 7937487

Meister für Veranstaltungstechnik (Bühne/Studio)
Tonmeister VDT

http://stackingdwarves.net

_______________________________________________
Sursound mailing list
[email protected]
https://mail.music.vt.edu/mailman/listinfo/sursound






















					Reply via email to