Topics relating to the Direct Connect network
April 14, 2008 Leave a comment
There’s a new release coming in a few days and the translations templates on launchpad have been updated – if you want your language to be complete please have a look…
In the future I’ll only post these updates to http://sourceforge.net/mailarchive/forum.php?forum_name=dcplusplus-devel, so please subscribe if you’re interested in keeping your translation up to date…it’s a low-traffic list, so you don’t have to worry…
April 14, 2008 Leave a comment
Ever since ADC has it’s first release, and the wiki for it was launched, everybody can post his/her own extension in there as a proposal for adding it into the specification.
My extension is called PING, and it offers the possibility of communication between pingers and hubs or hubs and hublists. This way , the pinger/hublist can find out a lot of information that cannot be found otherwise. The info I selected is about the hub restrictions, hub uptime, website, owners, user count, total share and more.
The first step was the actual implementation, which can be found now in DSHub and in the ADC hublists like Hubtracker or Adchublist.
The second step was to wait for some time to see if the extension had no issues with other developers, eg. reaching a consensus about the protocol specifications. That happened also, and now, PING has reached the status of a full-time extension. The actual specification for it can be found here.
This post is also a way to encourage you to make your own extension so that the ADC protocol evolves into a better protocol for each user on the network. Use your creativity and every day needs to make Direct Connect a better place.
One last thing, the place where to post your extensions is here, and the ADC wiki here.
March 29, 2008 4 Comments
The latest news about the developing of DC++ are about the change of the repository from Subversion to Bazaar.
How does this affect the normal DC++ user ? The answer is, with nothing at all. It just affects the more advanced users that can compile their own binaries from the latest source code, or the people that want to contribute with patches or something.
Bazaar is a new version control system similar to CVS and Subversion that presumably has more advantages than the other two. You can still use the old svn repository from sourceforge, because the new bazaar one and this one will be auto synchronized ( with some few days delay, the most ), the sole difference is that the commits are now made first to the bazaar and then they appear into the svn repository.
To have access to the bazaar, you need the bazaar client, available from here. Also , to install bzr you need Python 2.4 the least.
Once you have it installed and in your path, you can simply checkout the repository by :
bzr branch http://bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk dcplusplus
This will checkout the entire repository into the dcplusplus folder.
First difference from subversion : the initial checkout lasts much longer , because all the revisions are being downloaded ( diffs between them anyway ), so after the checkout you don’t need internet connection to update to any older revision or see the diffs . It took here about 5-8 minutes to complete, so be patient.
Don’t worry about the space this all thing is taking, even if it’s branching all the revisions, I heard it still uses less space than the svn checkout ( hi arne =).
If you had commit access to the repository or you are in the dcplusplus-team, I can explain how to gain ssh access to the repository.
If you use linux, you need a ssh tool that can create a key and use it as login ( standard ssh I think it works…)
For windows, I used PuTTY. You can get it from here. You need PuTTY.exe, Pageant.exe, Plink.exe and PuTTYgen.exe.
Start up PuTTYgen.exe and generate new key (Notice the nice randomness generation =).
Save both the public and private keys.
Go to the launchpad site and into your profile go to Add SSH key and paste the public key information from PuttyGen ( some strings that puttygen puts in some box where it says : “Public key for pasting into authorized files… “)
Now open up PuTTY.exe, and connect to bazaar.launchpad.net using SSH. You will be asked to add into Putty’s cache the server’s fingerprint. Pick “Yes” so that the fingerprint is being added permanently. ( This is required so that you can connect using plink, otherwise it can’t connect because it doesn’t recognize the fingerprint as “safe” ).
Open up pageant.exe and load your private key into it ( the one generated with puttygen ).
Now, add a new variable to your system ( Right click my computer, advanced, environment variables ) named BZR_SSH and set the value to plink.
Open up console and try
bzr branch bzr+ssh://<name>@bazaar.launchpad.net/~dcplusplus-team/dcplusplus/trunk dcplusplus
Where <name> is your launchpad nickname.
There you go.
What arne suggests about commiting : “then in the dcplusplus folder “bzr reconfigure –checkout”. That’ll configure bzr to work just like svn, committing each revision you make to the main repository when you do “bzr commit”. Alternatively, you don’t do the reconfigure thing, and all your “bzr commit” commits will be local until you do a bzr push”
I’ve been reluctant about this whole Bazaar since I don’t see any real advantage about it over svn. Maybe time will tell.
I’m also waiting for feedback or help requests if my post wasn’t explanatory enough.
March 15, 2008 3 Comments
Another version of DC++ has been released. This time, it’s even closer to being stable. If there will not be reported any serious bugs, in two weeks it will be moved to stable. So please have a check on it and report feedback on the launchpad page.
What are the changes in this release?
A lot of stability improvement, starting from crashes to bugs and so on.
Also, some visual improvements like new menu types.
Segmented downloading new separate window for each downloading file, and a new connection window for each chunk.
Language files now use gettext and they are included in the distribution for the major languages.
Tabs drag& dropping and tooltips.
Updated links so that you have any problem, you can easily find the answers you seek now.
You can download DC++ 0.705 from here.
March 5, 2008 6 Comments
The next release is drawing near and if you speak any language apart from English you can help by translating DC++ into your language. All old language files have now been imported (well, at least those that could be salvaged), so all you need to do is to go over to launchpad and start translating! If you don’t like the web interface, I suggest you download the language template and use an app such as poEdit to edit the translations (remember to import the existing translations to your language from launchpad before starting!). There’s a nice introduction to translation using gettext here.
January 23, 2008 2 Comments
The next version of DC++ will feature a change in its structure for internationalization (i18n).
This all is possible thanks to gettext, which is a tool for allowing applications i18n in a very standardized manner, and is available on a multitude of platforms.
Before, all visible strings in DC++ had to be written and stored in a specific manner, where we used XML files to use the texts. This could be annoying, as you needed to constantly check what a string was called when you wanted to use it.
In the next version all text are going to be written directly as the code is lined up. This does not change the fact that DC++ will still support i18n. However, all of the XML files are going to render useless, as DC++ will drop its support for it.
The new format is .pot or .po, and our Launchpad translation site will allow you to translate strings in a much faster way; Strings that also exist in other applications are crosslinked to the DC++ project as suggestions, so for some stuff you don’t even need to input anything. It’s just to click on a particular field.
There’s as of yet no tool to convert the XML files to .pot (or .po) files. So if anyone’s up to some work, we’ll publish your tool, allowing people to do the conversion.
Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”
January 23, 2008 4 Comments
It’s been a while since we had a working support forum. Or a bug tracker. or a feature tracker. But we’re now announcing our projectspace at Launchpad!
You find that the bug and feature tracker is in the same place, so just note that it’s a feature request and not a bug per se.
The forum, or as they call it “answers”, is also available for people to use.
Beyond that, we’re also going to use Launchpad’s language features for internationalization.
You need to register with the site if you wish to post in any of the places, so go ahead and do that.
(Note: No, we’re not going to move the SVN to Launchpad. It’s just a mirror.)
Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”
January 17, 2008 10 Comments
In a previous post, I (sort of) said that there were 650000 people who used DC++. PC Pitstop doesn’t really agree, but oh well… And I said in the interview with Robert Lemos that that figure was probably around 300000. So… Which is it? How many people are using DC++ and DC?
Well, we don’t know. It’s not possible for us to see and I certainly wouldn’t trust a report coming from a potential spyware company.
DC have declined in users, I don’t think anyone involved in DC can miss that. The question is how much. I believe my assertion that around 300000 users is still valid, but I can’t prove it.
However, perhaps instead of asking “how many people are using DC?”, we should be asking “what can we do to improve the current users’ experience?” and “what can we do to at least keep the current users?”. Most hubs are madly in love with the notion that the more users a hub has, the better it is. What people have come to understand the past years is that it’s more about content and not the amount of users the hub has.
Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”
January 17, 2008 Leave a comment
PC Pitstop recently released a report regarding P2P-applications that they had encountered while their spyware application had been running on their “customers'” computers. Go and download their relevant stats (.xls).
A couple of comments and things I noticed regarding it;
(1) The total amount of DC market share dropped from 0.94% to 0.43% over a period of a year.
(2) The total amount of PCs scanned were from 174000 to 103000 per month.
(3) The total amount of DC users per month is something you need to calculate, as it’s not noted…
(4) Sweden and Romania are two countries where DC is quite prevalent; The report had a very small number of customers in those countries.
(5) Windows XP and Vista are the operating systems that were recorded. Other systems are lumped together as “other”. Presumably are non-Windows systems not tested.
(6) DC++ was among the top 10 of applications that had dropped users.
(7) All applications that are able to connect to a given network are listed in the report. Eg, mIRC is listed as a P2P-application where “IRC” is the network, while IRC isn’t even a P2P-network.
(8) There were 8640 users reported that had DC++ installed.
(9) The reported DC++ versions were “DC++ 0.6”, “DC++”, “DC++ 0.4” and “Acadia DC++ 1.5”, where “DC++ 0.6” had over 8000 users.
(10) The reported NeoModus Direct Connect versions were “DC 2”, “DC1” and even “DC hub”, which I didn’t really get… (Where “DC” is elongated…)
(11) StrongDC++ had “SDC++ 1”, “SDC++”, “SDC 2” and “SDC++ 2″… (Where “S” in SDC is elongated.)
The only thing I can get in this report is the drop in market share. The rest is… Pointless and gibberish.
Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”
January 17, 2008 Leave a comment
There were some press coverage regarding my Denying distributed attacks post. Actually, I was interviewed by Robert Lemos. The following is the mail correspondance we had;
He wrote;
1) From your data, it looke like there is at least 650,000 people using the latest version of DC++ is that correct? How many users do you think you have? What do people typically use dc++ for?
2) Prolexic, an anti-DDoS firm, has used dc++ as an example of a new style of attack (link: http://www.prolexic.com/news/20070514-alert.php) that uses the directory servers of p2p software to direct the clients to DOS a particular IP address or network. Are these attacks common? Can you name an instance in particular where you observed such an attack and give me some concrete details on what happened?
3) How do attackers get control of the dc++ network or directory server to direct such attacks? Are there countermeasures that can be implemented in the software to determine when such an attack is happening?
I wrote;
1) No, I don’t think there’s 650,000 people. We currently have no real way of knowing how many people are using DC++, or even the latest version. We can calculate how many people are starting their clients, but that would require us to look at the logs on how many people connect to the DC++ website. SourceForge, which is hosting the website, does not provide us with those logs, so we can’t say for sure how many are using DC++.
At one point in time, we were able to see how many were using DC++, and it was somewhere around 300,000. But that figure may be misleading, as it’s incremented when someone open a particular window in DC++ as well as on the upstart. If people are then also using multiple instances of DC++, the number will also increase as there’s no lookup on indiviual IPs.
The vast majority of DC++ users (and generally Direct Connect users) use the network to trade files with each other. The major difference between Direct Connect and other P2P networks is the community; The ability to communicate with whoever you’re trading your files with (and of course other people). I personally mostly use Direct Connect for the community aspect. I believe one might compare Direct Connect with good old Napster, with a built in Instant Messenger.2) These attacks are unfortunately getting more common. I think this phenomenom can be traced back to late 2005, early 2006. (Although, not in such a scale as Prolexic has experienced.)
The most public attack was against http://www.hublist.org, which was the largest hub list in DC (and the most influencial – DC++ had Hublist.org’s hub list as the single default list, until about a year back.) I say was because the site has been down and up since the attacks started.
Basically, the administrators of the hub list and a group of rogue Direct Connect users had a dispute that escalated beond common sense, and has ended up as a massive DDoS. The latter had created tools to ‘destroy’ hubs (eg, a tool to cause a flood in a hub – a different type of DoS) or cripple them. The administrators of Hublist.org responded by removing the hubs that the rogue group commanded, from the hub list Hublist.org provided. In return, the rogue group responded by attacking Hublist.org to show their dismay. Reportedly, the site had experienced a constant 10-90% bandwidth usage (on a 100 Mbit/s line), during about a year’s worth of time.
I mentioned that Hublist.org had been the only default hub list in DC++, since a year back. By that I mean that other hub lists were added at that time. The reason was because the rogue group (that had attacked previously) had launched a massive attack at Hublist.org, rending the site useless and unresponding. The site had been able to work, yet the heavy usage before. However, after the massive attack, the site was down for about six months before it was able to get back up.
Meanwhile, dcpp.net (an address that Todd Pederzani had bought) and the server it was on, was also getting hit, which is the reason the site was moved back to SourceForge, and other parts have been removed. DirectConnect.se, which is a Swedish oriented DC community site, was also taken down with dcpp.net as they were on the same server. YnHub.org, which serve the most popular hub for Windows, was also hit in the storm of attacks (though I don’t know if it was on the same computer as the other two sites).
You should contact the administrators of hublist.org concerning their DDoS. They have reportedly been in contact with Finnish police (their site is .fi based), Scotland Yard, FBI, UK authorities and Romanian authorities. (There may be more; I don’t remember more currently.)
Disclaimer: I have no idea if this is the same group as have been reported by Prolexic.3) The attackers are able to take control over servers by two ways; [1] By exploiting the victim’s operating system, and gaining access to the hub and making the hub render as part of a bot net. And [2] by exploiting the victim’s hub software.
The former can of course be avoided by good firewall protection, but that’s quite difficult for anyone involved in DC to enforce.
The latter can be avoided by upgrading hub software that are known to have exploits. I don’t think there are any public hub softwares today that have these flaws; As I’ve written, the attackers take advantage of people’s reluctance to upgrade. (Out of lazyness or whatever.)
The attackers also have the possibility, as anyone else, to register a new hub on a hub list, which they are in complete control over. It’s difficult to impossible to restrict this. I think the majority of DDoS initiating hubs are in this category.
Lemos published his article on SecurityFocus. There are other sites he published on, too, but as far as I can tell, it’s all the identical article.
Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”
Direct Connect: Just These Guys, Ya Know? 
You must be logged in to post a comment.