ADCH++ 2.4 pushed out

Hi

Well a new version of ADCH++ is out due to the fact that we kinda messed up the 2.3 release so for all of you that are out there running 2.3 update to 2.4 and you will be fine.

We also added documentation from ADCH++ on the website for any developer wanting to help out by making plugins or lua scripts.

http://adchpp.sf.net/doc/

changelog:

• 222. By Pietry
  edited installer, changelog, version
• 221. By poy
  fix command dispatching
• 220. By poy
  fix ban reason
• 219. By poy
  add +topic (and aliases), shortcut to +cfg topic
• 218. By poy
  add history & motd to the default scripts list

ADCH++ (Windows Bin Zip File)

ADCH++ (Windows Installation)

ADCH++ (Source Windows/Linux)

ADCH++ now more then an empty shell

Hey people back again doing a monolog here on the blog this time its about ADCH++ 2.3

We all know that the last release wasn’t a big success but i wanna show of the new features in ADCH++ , it was more then a year ago since we had a release on ADCH++ and much new stuff has been added into it.

So what are the new features:

User Commands, ADCS (preliminary implementation), more scripts for the soft.

There is also a doxygen included in the BZR repo at launchpad for anyone that wants to make a plugin in C++ or make lua scripts or python script all you have to do is download Doxygen to make the documentation we will host the documentation at ADCH++ webspace on Sourceforge also.

I really wanna commend poy for his efforts put into this version of ADCH++ and listening to input and feedback with this version things can only get better in the future of ADCH++

We are still looking for a GUI maker so if your out there and think you got what it takes drop into DCDev Public and talk to us or drop the source of at launchpad.

and we hope that suggestions for ADCH++ will come up at our tracker on Launchpad so we can get your input for what your missing in ADCH++ or possible bugs thats giving your problems.

So people out there give it a go and say what you think about it

ADCH++ 2.3 Windows Installer

ADCH++ 2.3 Windows Zip File

ADCH++ 2.3 Source Code (both Windows and Linux)

ADCPortal the frontpage for Advanced Direct Connect

As some of you may know, ADCPortal is for some time a part of DCDev. ADCPortal provides the following for the normal user: latest news about the protocol and all the main software that is available on the market, ideas and comments about the future of the network ( what’s coming up and more ), information about all the protocol features including all the known extensions. One can also register and ask questions or propose his/her own extension.

ADCPortal also provides a full wiki that can be consulted to get all the required information about ADC.

The interested developer also has the opportunity to get in touch with the protocol designers and also people who worked around ADC, or created pieces of software for it.

We strongly encourage everybody interested in ADC to visit ADCPortal in order to get more information. Lately I heard that the main reason people are reticent about ADC is the lack of information. ADCPortal has been around for nearly two years, but people still wouldn’t come and ask. So please, come around, ask whatever question you like, don’t be shy, we will be very happy to answer you. We also hope you will find the site useful and we wait for you to join us.

DC++ pointing out the corrupted

One of the latest enhancements in DC++ is the hub referral on client-client connections, proposed by Jan Vidar Krey. The current bazaar trunk implements this mechanism and the next DC++ version that will be released soon will also have it. The purpose of this extension is to point out the corrupted hub that is sending the current client to a non DC client, with obvious malevolent purpose. This implies that the hub is either using exploitable software, or that it’s intentionally abusing the clients. Either way, the hubowners are solely responsible.

On connecting to the other party, DC++ will also send the hub URL that it used to connect to the hub sending out the CTM message. By packet inspection, an attacked party can figure out which is the corrupted hub (only a pointer is required, such that they have a point of reference ) . Another good part about this extension is that it works on both ADC and NMDC ( some workaround was found for NMDC: adding the url to the PK string since NMDC is not extensible nor flexible in this matter ) , with the least effort from the clients and it does not bother them in any way. A normal client should ignore the specific message ( I don’t find any particular usage for it ).

We strongly recommend all mods to inherit this extension and other clients out there to implement it so the CTM attacks impact on DC software will stop being so great.

Denial of service: I’d like one, please

Responses for searches for the most time is usually non-time consuming or difficult to perform. The techniques may vary from application to application, and depend on whoever wrote the code, what libraries were used etc. While simply a linear search of substrings may be fine, techniques such as regular expressions have made its way to ADC. However, there is a huge problem with regular expressions: they’re CPU consuming. A regular expression that is carefully constructed may, by design of course, force the CPU to spike and force the unsuspecting user’s computer to crash. Basically, anyone that is supporting regular expressions may be victims of a denial of service (DOS) attack.

I just know that some people are thinking “hey, let us restrict the length of the regular expression [hub/client side] and it can’t happen”. Well, that’d be pointless and shortsighted. The length of the command (well, any command for that matter) does not have a direct correlation to its possible damage vector. Additionally, the hub doesn’t really care in this matter. Since it’s as well difficult (impossible?) to parse the expression, evaluate if you really want to perform the expression and be completely guarded against an attacker.

(I’m not aware of any attempts of patching NMDC with regular expressions, but you’d probably end up with the same problem.)

Multiple shares in NMDC, revisited

Multiple shares in NMDC have been on topic for years, and will probably continue for years to come. Well, the current approach is simple; use a different port in each hub you’re in. So, if you’re in 5 hubs, the ports used will be (e.g.) 5000, 5001, 5002, 5003 and 5004 when using the CTM/RCM.

That this solution isn’t scalable haven’t bothered people to implement it. Patching a bad protocol does not make the protocol suddendly good. Oh well… People are free to implement away.

Encryption in NMDC, revisited

While cologic exhausted the encryption topic, I want to give a heads up in regards to TLS in NMDC. There are more and more clients that have implemented TLS in NMDC. The current technique is by specifying an ‘S’ in the end of the CTM (after the port, that is). Apparantly, YnHub and Ptokax (if I remember correctly, Verlihub, too) will not block this information and DC++ should be able to operate nicely when specified (even if it doesn’t support it).

Do note that NMDC encryption will not appear in DC++ (unless Jacek changes his mind, which is highly unlikely).

BitTorrent file like functionality with magnet links

One of the competitors of DC is BitTorrent. With BT, one is able to supply torrent files that contain links to multiple files or sets (among other things). (Yeah, over simplification perhaps.)

As torrent files contain knowledge about multiple files, people have been discussing the possiblity to do similar things in DC, and especially with magnet links. However, there is a huge problem; magnet links point to content, rather than “files”. That is, you cannot say “this magnet link point to file a, file b and file c”, but instead you say “this magnet link point to content a”. However, “content a” is not specific to one file, but it can also mean an entire set of files. E.g., the entire selection of vacation photos or the entire Ubuntu source code collection. The “only” problem with that is that clients need to be able to know how such collections’ hashes are calculated (by combination of hashes or whatever that is the protocol).

One might of course also take the BT approach; have an intermediate storage facility (magnet files) that contain a multitude of content pointers (magnet links). (And/Or whatever the storage facility shall have in terms of features.)

Decentralization in its inception?

An important part of the DC community is its ability to change and the ability of the developers to think of new and interesting ways to improve the experience that is Direct Connect. One important section of change is the posibility to take an existing program, like DC++, and change it to ones own liking. One of these clients is StrongDC++, which have features that are not in e.g. DC++ and some features that have migrated its way back to DC++.

A new exiting approach that can only be described as a way to extend Direct Connect is the ability to create a decentralized version of DC, using commands and functionality similar to ADC (and NMDC, albeit only insofar as the initial startup). The proposal have been made by, as can be noted by the page title, the StrongDC++ client and its authors (other people are as well involved).

Basically, the new protocol will be able to operate without a hub, and where one might still be able to share and download with others. However, it should be noted that to get a list of users, one need to connect to a hub and ask for other clients’ support for this feature.

(Note that I’m not saying that this will or will not be a feature incorporated in DC++.)

DC++ at the local Bazaar

The latest news about the developing of DC++ are about the change of the repository from Subversion to Bazaar.

How does this affect the normal DC++ user ? The answer is, with nothing at all. It just affects the more advanced users that can compile their own binaries from the latest source code, or the people that want to contribute with patches or something.

Bazaar is a new version control system similar to CVS and Subversion that presumably has more advantages than the other two. You can still use the old svn repository from sourceforge, because the new bazaar one and this one will be auto synchronized ( with some few days delay, the most ), the sole difference is that the commits are now made first to the bazaar and then they appear into the svn repository.

To have access to the bazaar, you need the bazaar client, available from here. Also , to install bzr you need Python 2.4 the least.
Once you have it installed and in your path, you can simply checkout the repository by :
bzr branch http://bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk dcplusplus
This will checkout the entire repository into the dcplusplus folder.
First difference from subversion : the initial checkout lasts much longer , because all the revisions are being downloaded ( diffs between them anyway ), so after the checkout you don’t need internet connection to update to any older revision or see the diffs . It took here about 5-8 minutes to complete, so be patient.
Don’t worry about the space this all thing is taking, even if it’s branching all the revisions, I heard it still uses less space than the svn checkout ( hi arne =).

If you had commit access to the repository or you are in the dcplusplus-team, I can explain how to gain ssh access to the repository.
If you use linux, you need a ssh tool that can create a key and use it as login ( standard ssh I think it works…)
For windows, I used PuTTY. You can get it from here. You need PuTTY.exe, Pageant.exe, Plink.exe and PuTTYgen.exe.

Start up PuTTYgen.exe and generate new key (Notice the nice randomness generation =).
Save both the public and private keys.
Go to the launchpad site and into your profile go to Add SSH key and paste the public key information from PuttyGen ( some strings that puttygen puts in some box where it says : “Public key for pasting into authorized files… “)

Now open up PuTTY.exe, and connect to bazaar.launchpad.net using SSH. You will be asked to add into Putty’s cache the server’s fingerprint. Pick “Yes” so that the fingerprint is being added permanently. ( This is required so that you can connect using plink, otherwise it can’t connect because it doesn’t recognize the fingerprint as “safe” ).

Open up pageant.exe and load your private key into it ( the one generated with puttygen ).

Now, add a new variable to your system ( Right click my computer, advanced, environment variables ) named BZR_SSH and set the value to plink.

Open up console and try
bzr branch bzr+ssh://<name>@bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk dcplusplus
Where <name> is your launchpad nickname.
There you go.

What arne suggests about commiting : “then in the dcplusplus folder “bzr reconfigure –checkout”. That’ll configure bzr to work just like svn, committing each revision you make to the main repository when you do “bzr commit”. Alternatively, you don’t do the reconfigure thing, and all your “bzr commit” commits will be local until you do a bzr push”

I’ve been reluctant about this whole Bazaar since I don’t see any real advantage about it over svn. Maybe time will tell.
I’m also waiting for feedback or help requests if my post wasn’t explanatory enough.