ADCPortal the frontpage for Advanced Direct Connect

As some of you may know, ADCPortal is for some time a part of DCDev. ADCPortal provides the following for the normal user: latest news about the protocol and all the main software that is available on the market, ideas and comments about the future of the network ( what’s coming up and more ), information about all the protocol features including all the known extensions. One can also register and ask questions or propose his/her own extension.

ADCPortal also provides a full wiki that can be consulted to get all the required information about ADC.

The interested developer also has the opportunity to get in touch with the protocol designers and also people who worked around ADC, or created pieces of software for it.

We strongly encourage everybody interested in ADC to visit ADCPortal in order to get more information. Lately I heard that the main reason people are reticent about ADC is the lack of information. ADCPortal has been around for nearly two years, but people still wouldn’t come and ask. So please, come around, ask whatever question you like, don’t be shy, we will be very happy to answer you. We also hope you will find the site useful and we wait for you to join us.

ADCS Deadline

In an effort to get a draft out on ADCS me and Ullner (Pretorian) has agreed to set a deadline for the extension since there has been so much talk about how to implement it along with features with using TLS like cert logins etc so we thought that an open discussion would be in order so we can actually have an official draft on the extension

The question i got for the lurking developers working on ADC is where to have the discussions ?

Forum or Wiki

The deadline for ADCS is in November that is ample time to get the job done if everyone pitches in.

Network of the future, next level filesharing

Today, file sharing it’s not just about you, me, or friends and the rest of the world. Files are not just streams of bytes anymore. They are representing us, in a way. Ever since telnet was used back in the old ages of networking, the need for sending files from one computer to another has increased exponentially.

DC++ offers a simple, plain way to keep your personal files available over the network. Some may say too simple, some may say it’s perfect this way. There are people who use DC++ and are happy with it, and some people who want more.

Let’s say I’m in both categories, I like using DC++ but also want more from it.

The current trending in file sharing is about social networking and metafiles. How can this be integrated into DC++? Well, I have some ideasand I want to point them out a little.

Files aren’t streams anymore, some are personal, like photos and movies, some are educational or informative, like documents , some are general purpose programs like a linux distribution. Each file could have a metafile attached to it. This way one could add basic information into tags, except the hash which is the sole metadata for now, like keywords or a picture. Size, description can be valuable information about a file, not counting it’s name.

Like this, one could search for keywords, can look at the descriptive picture and decide whether to download or not the file. In DC++, the file list could support this kind of feature. The list could be divided into categories ( pictures, video and so on ), each file could have a thumbnail, a description attached to it and some keywords, how many other people were interested in the file ( number of downloads ), or even a ranking system created by DC++ about the file. Searching can also evolve in this manner.

Social networking can be implemented more lively and can make file sharing an easy and pleasurable way of interacting with people and spending a nice time.

I certainly hope that DC++ will grow in this kind of features but also to support basic file sharing as it always did, simple, and easy to use.

DCDev goes ADCS

Since today, our public hub has moved from simple ADC to ADCS, aka ADC Secure. If you connected today and noticed that your client just printed out “Connected…” and that’s it, it’s because of that. You need to go to your favorites and change the address from adc:// to adcs:// , this means the DNS is the same, just the protocol handler changed.

So the hub address is now adcs://devpublic.adcportal.com:16591
You are welcome with suggestions, questions or whatever springs to your mind.

DC++ pointing out the corrupted

One of the latest enhancements in DC++ is the hub referral on client-client connections, proposed by Jan Vidar Krey. The current bazaar trunk implements this mechanism and the next DC++ version that will be released soon will also have it. The purpose of this extension is to point out the corrupted hub that is sending the current client to a non DC client, with obvious malevolent purpose. This implies that the hub is either using exploitable software, or that it’s intentionally abusing the clients. Either way, the hubowners are solely responsible.

On connecting to the other party, DC++ will also send the hub URL that it used to connect to the hub sending out the CTM message. By packet inspection, an attacked party can figure out which is the corrupted hub (only a pointer is required, such that they have a point of reference ) . Another good part about this extension is that it works on both ADC and NMDC ( some workaround was found for NMDC: adding the url to the PK string since NMDC is not extensible nor flexible in this matter ) , with the least effort from the clients and it does not bother them in any way. A normal client should ignore the specific message ( I don’t find any particular usage for it ).

We strongly recommend all mods to inherit this extension and other clients out there to implement it so the CTM attacks impact on DC software will stop being so great.

DC++ CTM Proof

In a previous post I was wondering if the whole concept of centralization is obsolete or has major flaws. The problem that is bothering everybody in the last years is that clients can be used ( unwillingly ) as tools in distributed denial of service attacks. Jan Vidar Krey is proposing a hub refferal on c-c connections that can point to a source of CTM attacks via the messages that the client sends on first connection attempt. In this case an attacked entity can see the hub with problems/intentional flooding that is causing the attacks.

As a first step to prevent this kind of abuses in DC++, poy added a static IP protection for the major hublists that were attacked via the client. This kind of measure is just temporary since hublists can change IP anytime and it protects only them, not everybody else that can be attacked ( Also the fun part is that the hublist server is actually running a DC client and wants to download from other users, it can’t ! ) .  A second step was to dynamically resolve the hublist ip’s and block them for c-c connections.

The main idea that I considered is to practically check all the users on a specific hub to see if they actually are real. On CTM receive the client should not connect but send another CTM to see if that IP actually connects to them . This will make sure that the user is the actual owner of that specific IP address. Of course the biggest problem is if the user is passive, in which case it can’t send a CTM back. This could be against the protocol principles but it’s a solution to see if the other peer really exists. I don’t know if a RCM would do something good in this situation but it’s a start.

Another thing that should be done ( if not implemented already ) is that on c-c connections if the first attempt was unsuccessful then no further attempts should be done until the user at least reconnects or changes state ( passive/active ). Also the hubs should be trustworthy. In a previous post I suggested a way to make hubs trustful via a CA authority system, but most people were quite reticent about it. Perhaps this could be the only way to make hubs trustful. Warning messages will not help too much ( Strong DC implements such messages ) since most of the users either don’t read them or don’t care. We shouldn’t let users question this problem, but solve it for them. Continuous problems from the Direct Connect network might be a cause to mark DC software ( and DC++ ) as badware, which will definitely take down the network. It’s time to do something about it.

I’m hoping for more ideas how to make DC++ proof against CTM abuses and I’m waiting for opinions from you as well.

Are centralized networks doomed from the start ?

Recently I heard bad rumors around the DC network. Some malevolent person ( unknown ) has written several scripts for the most known DC hub software, that allow the hub owners to use their users in abusive forms of flooding, using the CTM feature of the protocol. These scripts have started to spread around and now “script kiddies” use it for flame wars and endless childish attacks.

Also, important sites that currently hold on the DC community like the major hublists OpenHublist or DCHublist and the ADC counterpart ADCHublist were attacked and were down for a long time. The major community for ADC , ADCPortal was also attacked ( ADCPortal also provide an alternative wiki to the one on the ADC Project ).

My first concern is that this problem can spread up to the centralized networks principle. In this case, the central node ( hub ) has the power to absolutely control the leaves that are connected, thus it can abusively send them in possible attacks at wish. This might be a serious problem for the centralized networks.

Secure policies have to be enabled in clients and hubs so that this kind of flaws do not affect the community. I don’t know yet if it’s possible in this current situation or the whole concept of centralization is flawed. I hope not, because the Direct Connect community has it’s advantages and there are a lot of people involved and which benefit from it every day.

My advice from the users: make sure you actually know what hubs you are using, and how your client can be abusively used for other purposes than the ones designed, and make sure you are using a proper firewall and perhaps package inspection to see if your computer is not part of a BotNet or similar flooding network.

And one last thing, Happy new year and all the best from the DC++ team.

Translation update

There’s a new release coming in a few days and the translations templates on launchpad have been updated – if you want your language to be complete please have a look…

In the future I’ll only post these updates to http://sourceforge.net/mailarchive/forum.php?forum_name=dcplusplus-devel, so please subscribe if you’re interested in keeping your translation up to date…it’s a low-traffic list, so you don’t have to worry…

Ping Extension the first to go wild

Ever since ADC has it’s first release, and the wiki for it was launched, everybody can post his/her own extension in there as a proposal for adding it into the specification.

My extension is called PING, and it offers the possibility of communication between pingers and hubs or hubs and hublists. This way , the pinger/hublist can find out a lot of information that cannot be found otherwise. The info I selected is about the hub restrictions, hub uptime, website, owners, user count, total share and more.

The first step was the actual implementation, which can be found now in DSHub and in the ADC hublists like Hubtracker or Adchublist.

The second step was to wait for some time to see if the extension had no issues with other developers, eg. reaching a consensus about the protocol specifications. That happened also, and now, PING has reached the status of a full-time extension. The actual specification for it can be found here.

This post is also a way to encourage you to make your own extension so that the ADC protocol evolves into a better protocol for each user on the network. Use your creativity and every day needs to make Direct Connect a better place.
One last thing, the place where to post your extensions is here, and the ADC wiki here.

DC++ at the local Bazaar

The latest news about the developing of DC++ are about the change of the repository from Subversion to Bazaar.

How does this affect the normal DC++ user ? The answer is, with nothing at all. It just affects the more advanced users that can compile their own binaries from the latest source code, or the people that want to contribute with patches or something.

Bazaar is a new version control system similar to CVS and Subversion that presumably has more advantages than the other two. You can still use the old svn repository from sourceforge, because the new bazaar one and this one will be auto synchronized ( with some few days delay, the most ), the sole difference is that the commits are now made first to the bazaar and then they appear into the svn repository.

To have access to the bazaar, you need the bazaar client, available from here. Also , to install bzr you need Python 2.4 the least.
Once you have it installed and in your path, you can simply checkout the repository by :
bzr branch http://bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk dcplusplus
This will checkout the entire repository into the dcplusplus folder.
First difference from subversion : the initial checkout lasts much longer , because all the revisions are being downloaded ( diffs between them anyway ), so after the checkout you don’t need internet connection to update to any older revision or see the diffs . It took here about 5-8 minutes to complete, so be patient.
Don’t worry about the space this all thing is taking, even if it’s branching all the revisions, I heard it still uses less space than the svn checkout ( hi arne =).

If you had commit access to the repository or you are in the dcplusplus-team, I can explain how to gain ssh access to the repository.
If you use linux, you need a ssh tool that can create a key and use it as login ( standard ssh I think it works…)
For windows, I used PuTTY. You can get it from here. You need PuTTY.exe, Pageant.exe, Plink.exe and PuTTYgen.exe.

Start up PuTTYgen.exe and generate new key (Notice the nice randomness generation =).
Save both the public and private keys.
Go to the launchpad site and into your profile go to Add SSH key and paste the public key information from PuttyGen ( some strings that puttygen puts in some box where it says : “Public key for pasting into authorized files… “)

Now open up PuTTY.exe, and connect to bazaar.launchpad.net using SSH. You will be asked to add into Putty’s cache the server’s fingerprint. Pick “Yes” so that the fingerprint is being added permanently. ( This is required so that you can connect using plink, otherwise it can’t connect because it doesn’t recognize the fingerprint as “safe” ).

Open up pageant.exe and load your private key into it ( the one generated with puttygen ).

Now, add a new variable to your system ( Right click my computer, advanced, environment variables ) named BZR_SSH and set the value to plink.

Open up console and try
bzr branch bzr+ssh://<name>@bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk dcplusplus
Where <name> is your launchpad nickname.
There you go.

What arne suggests about commiting : “then in the dcplusplus folder “bzr reconfigure –checkout”. That’ll configure bzr to work just like svn, committing each revision you make to the main repository when you do “bzr commit”. Alternatively, you don’t do the reconfigure thing, and all your “bzr commit” commits will be local until you do a bzr push”

I’ve been reluctant about this whole Bazaar since I don’t see any real advantage about it over svn. Maybe time will tell.
I’m also waiting for feedback or help requests if my post wasn’t explanatory enough.