DC++ can see all hidden files

November 19, 2007 by Leave a comment

When you have “Share hidden files” in DC++’s settings checked, DC++ will obviously share all of your hidden files. DC++ consider a hidden file as such if the file name is starting with “.” or if the “hidden” attribute exist in the file’s properties.

In Windows (Vista), you can see and hide the hidden files with the setting “Show hidden files and folders” (or similarly named in other flavors of Windows). Even if you don’t have this option selected (and the DC++ setting selected), DC++ will still be able to see your files and share them.

However, there’s an instance where you might not catch that you are infact sharing hidden files; If they’re “protected operating system files”. Windows have, yet another, setting to toggle the visibility of those files. And even if you don’t want to see those files in Explorer et al, DC++ will be able to see them and the files will be shared.

It’s a wise choice to constantly view your file list if you are indeed sharing the hidden files, so you aren’t sharing unwanted material. I recently found a system where unwanted images were shared, because DC++’s setting was on, and ITunes had (somehow) set that the files were protected operating system files.

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under Clients, General

ADC 0.14

November 11, 2007 by 4 Comments

Ok, so 0.13 wasn’t the last one but 0.14 hopefully will be. Changes can be seen here.

Highlights include separation of Tiger as hash algorithm (old peers that add TIGR to their SUP should be compatible with the new spec) and the specification of a file listing xsl schema (which need review) . Let me know if you find any mistake, otherwise it’s release time soon =)

Filed under ADC

Eliminating Tiger dependencies in ADC

November 11, 2007 by Leave a comment

A previous post describes how ADC depends on the Tiger hash algorithm and suggests that such a rigid dependency should not exist. ADC refers to one specific hash algorithm that, despite current integrity, could lose such and would currently leave the broader protocol unacceptably broken. Other protocols, such as SSH and TLS, tend to parameterize over available cryptographic primitives, negotiating which to use during handshaking. By contrast, if Tiger is broken with ADC in its current state, it will likely be attacked, thus undermining the integrity of the DC network even more than Mediasentry has already attempted. To avoid this, one should change the hash primitive, for example to SHA2 or a future SHA3, depending on breakage timeline.

Most of the dependencies, which largely lie in encoded hash length and areas constrained by namespaces, trivially coexist: for a few versions, ADC clients would support both, maintaining the old one for hash compatibility and the new one going forward, for future clients which would support only the new hash. Password verification and hashing PID to CID, by contrast, pose the most substantial barriers to such modification due to their occurring before any negotiation between hub and client save SUP can occur. Thus, adapting ADC to non-Tiger hashes would most felicitously involve adding explicit SUP strings for hash primitives.

Until the latest ADC specification change, BASE implied support for both the handshaking and message transfer as well as the Tiger hash primitive. It now solves the problem described by splitting out the latter as TIGR support. Thus, if Tiger must be depreciated, just as the dual namespaces would allow filelist addressing and other command parameters to support a transition period between hashes, so would support for TIGR and, for example, SHA2 smoothly support such a change.

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under ADC, Developers, Security

Coral network coming to a DC++ near you

November 8, 2007 by Leave a comment

The upcoming version of DC++ will include more hub list addresses than it already does. However, while these additions are technically pointing to different addresses, they reference the same hub lists as the current set does.

What DC++ is going to utilize is the Coral distributed network to download hub lists. It does that by appending “nyud.net” to the hub list host. What Coral will do is that it will download the hub list, cache it in the distributed network and when you try to use the hub list, you’re using the cached one. This will mean that hub list owners will be able to have a lower upload bandwidth to distrubute their file.

Coral will be able to catch newly updated material within 5 minutes. Beyond that, there’s an automatic expiry limit before the file will be discarded in the network, which is set to 12 hours.

(I don’t think it’s possibly to set the expiry limit if the lists are in .bz2. You might be able to pull it off in the XML file, but I don’t know if Coral will treat it properly. Use the HTTP directive HTTP-EQUIV=”EXPIRES” to set the expiry limit.)

(Yes, this update was intentionally timed after the 0.703 release.)

Note that this is just a testing phase. If successful, the Coral:d lists will completely replace the others.

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under Clients, Documentation, General, Source code

Bug out 0.703

November 8, 2007 by 8 Comments

With the release of DC++ 0.703, we hope that most bugs have been erradicated. The release pretty much only fixes bugs present in the other 0.70* releases. A lot of work has gone into fixing GUI bugs, and as such, features have been (mostly) been put on hold for this release.

As per the main website, this release is also marked “unstable”. And let us look at the license, before people start whining; “This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.” (Emphasis not mine.)

(We’re aware of the finished download/uploads windows perhaps being ‘spammed’. This will (hopefully) be fixed in an upcoming version.)

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under Clients, General

Tiger dependencies in ADC

November 2, 2007 by Leave a comment

ADC 0.13 would have issues were Tiger, the hash primitive it uses, to be intentionally collided. Such an event, in general, regularly occurs, as attested to by the Hash Function Lounge listing effective attacks on many commonly-used cryptographic hashing functions. A reduced-round form of Tiger has been successfully attacked, so its future security is a plausible concern. With that in mind, this blog post simply lists areas the current ADC specification which contain a dependency on Tiger and associated constants.

  • Safe; in namespaces amenable to new creation, dual support, & gradual obsolescence
    • 3.1. File names and structure”TTH/<root-base32>”, for example, </nowiki>locates a file in the share by TTH root rather than filename.3.3. File list”TTH” is the base32-encoded TTH root of the file.
    • 4.3.4. INFID base32 The CID of the client. Mandatory for C-C connections.
      PD base32 The PID of the client. Hubs must check that the Tiger(PID) == CID and then discard the field before broadcasting it to other clients. Must not be sent in C-C connections.
    • 4.3.6. SCHTR Tiger tree hash root, encoded with base32.
    • 4.3.7. RESClients must provide filename, TTH root, size and token
      TR Tiger tree hash root, encoded with base32.
      TD Tiger tree depth, index of the highest level of tree data available, root-only = 0, first level (2 leaves) = 1, second level = 2, etc…
    • 4.3.13. GETGET type identifier start_pos bytes
      BASE requires that clients recognize the types “file”, “tthl” and “list”

      “file” transfers transfer the file data in binary, starting at <start_pos> and sending <bytes> bytes.

      Identifier must be a TTH root value from the “TTH/” root. (twice)

  • Nonideal (not trivially updateable, but not per se security-related.
    These generally are just aesthetic issues, where certain algorithms and constant values have been chosen for consistency with the hashes in use. Change the hash and they become ugly.

    • 2.1. GeneralSIDs, PIDs, CIDs and short binary data are sent as base32-encoded strings. Long binary data transfers should use the file transfer mechanism with named roots.
    • 2.4.1 Session IDThe hub may choose any SID for a connecting client apart from “0” (“AAAA” in base32). “0” represents the hub itself. SIDs are 20 bits and encoded using a 4-byte base32 encoded string.
    • 2.4.2. Private IDPIDs are 192 bits and encoded using a 39 byte base32 encoded string.
  • Other
    Entries here are less easily adaptable via extension or other namespace mechanisms and are important to ADC security. These are the primary issues.

    • 2.2. Message syntaxencoded_cid ::= base32_character{39}
    • 2.4.3. Client IDClient IDs globally and publicly identify a unique client and underlie client to client communication. They are generated by hashing the 192 bit, unencoded PID with the Tiger hash algorithm. Hubs should register clients by CID. CIDs are 192 bits and encoded using a 39 byte base32 encoded string.
    • 3.2. HashesADC clients must share only files hashed using Merkle Hash trees, as defined by http://www.open-content.net/specs/draft-jchapweske-thex-02.html. The Tiger algorithm, as specified by http://www.cs.technion.ac.il/~biham/Reports/Tiger/ functions as the hash algorithm. A base segment size of 1024 bytes must be used when generating the tree, but clients may then discard parts of the tree as long as at least 7 levels are kept or a block granularity of 64 KiB is achieved. … The root must be encoded using base32 encoding when converted to text.
    • 4.3.10. GPAGet Password. The data parameter is at least 24 random bytes (base32 encoded), used to avoid replay attacks on the password.
    • 4.3.11. PASPassword. The password (utf-8 encoded bytes), followed by the random data (binary), passed through the Tiger hash algorithm (not TTH) then converted to base32. When validated, this transitions the server into NORMAL state.

    Before being finalized, especially the last category should be explicitly handled.

    Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under ADC, Security

Managing releases of DC++

October 29, 2007 by 3 Comments

While I’m sure arne could’ve posted here as well (as he did in the dev-mailing list, but didn’t here), I’ll just go ahead and do that.

Given the recent fuss over unstable release being uhm…unstable, here’s a possible way to ensure minimal release testing…

Instead of releasing, I create a branch in svn named something like 0.701-rc. The release manager (yet to be appointed, not me) builds this branch, offers it to a group of dedicated testers (or on the web in some obscure place where whiners do not go) and then releases the version to the public (as unstable) adding a tag in the tags svn folder as is done now. If there are problems with the release, the problems may either be solved in trunk and then merged to the branch by the release manager, or fixed in the branch if they no longer apply to trunk because of further developments.

This of course requires that someone becomes release manager (something that I’m not willing to do), so if anyone feels inspired and wants to help out, this is the golden chance.

I’m also open to other suggestions that require little management effort on my part.

/J

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under General

Public DC Dev hub changes domain

October 26, 2007 by Leave a comment

The public DC dev hub has been using no-ip.com for its domain. However, a few days ago they removed the domain because someone had reported that it was being used for “sharing illicit material” or “being part of a botnet or being the host of an IRC server” (none of which are of course true). (I’m also confused as to why, as they don’t even seem to know the reason they terminated the domain.) Since then, I’ve been in contact with them and they’re refusing to let go of the domain.

So instead, we’ve switched the domain from adc://dcdev.no-ip.org:16591 to adc://devpublic.myhub.org:16591. (Note that it’s the same port.)

Sorry for the switch, but there isn’t anything more we can do.

I hope people update their bookmarks/favorites, and that hub list owners can fix this nicely.

Don’t forget that you can make topic suggestions for blog posts in our “Blog Topic Suggestion Box!”

Filed under General

Why you won’t need 0.702

October 24, 2007 by 16 Comments

As you may already noticed, DC++ 0.702 has already released. And I’m just writing a new post which cause Arne to kill me. But I have to inform you that DC++ 0.702 is still inappropriate for using. Or anything.

However, instead of blaming, I post here some bugs, which could be already known if we knew what the word “testing” means.

Take a look at your client. Open Public Hubs. Ah.. there’s a “Video” column. No problem, try to enter a hub with some videos (users) in it.. Let’s see the userlist: “350 Users, 9,46 Time“. So that 350 Users are sharing more than 9 “Time”? Ok, it can be solved easily: it seems the strings has some offset, which can be easily fixed in the upcoming version.

Go further. Close the Public Hubs window. Open it again. There’s no hubs in it. You need to refresh it to get the hublist again.

Do you have a fresh client? Enter to an ADC-hub then try to chat. You will fail. You can’t enter anything to the chat. Close your client then restart it. It will work. The trick? Delete DCPlusPlus.xml then start your client again. Enter some nick then connect to an ADC hub. Chatting will fail again.

Try to enable timestamps.. /ts.. the answer: [11:21] *** More data was sent than was expected.. Two characters is more than expected? Ok, just kidding, this is the same string-offset-bug which probably will be fixed soon.

As you may remember, the toolbar was quite ugly in previous versions of DC++ 0.7x. Now it’s pretty cool, which is definitely an improvement. However, some other windows looks ugly.. See this screenshot:

Open Finished Downloads or Finished Uploads. There are two files in it. file1.txt, file2.txt.

As an improvement, you can order the public hubs and the userlist now, however, there are no little triangles on the column headers, so you won’t see the direction of ordering and you will have no idea which column is it ordered from.

And still, the tooltips on the toolbar won’t work for you, neither the userlist or public hub filtering.

You don’t have to agree with me, but I found all those bugs just with a 10-15 minutes testing process. Everyone could done the same before releasing.

Filed under Clients Tagged with ,

ADC 0.13

October 23, 2007 by 5 Comments

I just posted what I expect to become the final version of ADC 1.0. If you have anything to add, now is the time and the DC++ devel mailing list and this blog are the places.

Changes that I remember:

  • DSC removed (use usercommands if you want to disconnect your users)
  • Bytes instead of bits everywhere
  • Token in CTM/RCM is mandatory and therefore unnamed
  • Reserved SID 0 for the hub. This  is rarely needed since the hub sends most messages with type I, but there are a few corner cases are easier to solve when the hub is assigned 0 (hub-implemented group chat for example). I might have forgotten some good argument against this, so refresh my memory if you feel this is unneeded.
  • PAS hash generation no longer includes CID
  • Reformatted using asciidoc

Since the spec is now essentially a fancy text file, please don’t hesitate to send in patches for typos etc in patch format.

You’ll find previous versions of the specs by adding -0.xx to the link above (ADC-0.12.html for example).

Filed under ADC

Older posts

Newer posts

Design a site like this with WordPress.com
Get started