Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adeona Warns of Instability; OpenDHT Mothballed

kdawson posted more than 5 years ago | from the here's-to-you-my-rambling-laptop dept.

Security 82

gbickford writes "Adeona, the first open source system for tracking the location of your lost or stolen laptop, was featured on Slashdot last year. I was stoked when I read about how it worked and I installed it immediately. I just went to look for updates on the site and was greeted with a giant warning message stating, 'Adeona is currently not working.' It seems that OpenDHT, the distributed hash table that stores the location information and photos, has been fairly unstable lately. The developers claim that this is "largely because the back-end OpenDHT system is not able to tolerate the load imposed by Adeona. OpenDHT removed the need for a centralized database with tracking information, which in effect prevents a 3rd party from tracking a user's whereabouts. OpenDHT was Sean Rhea's Ph.D. project back in 2005 and he has decided to officially bow out of maintaining it as of July 1st, which has left the developers of Adeona looking for another back end to store location information and photos. The source code for Adeona is available and they are actively seeking developer contributions on the developer's list. Do any developers have ideas on where to put scads of information in a free, reliable, anonymous, and secure manner?"

cancel ×

82 comments

Sorry! There are no comments related to the filter you selected.

Here's an idea... (4, Funny)

Anonymous Coward | more than 5 years ago | (#28079675)

Post the information in anonymous Slashdot comments!

Re:Here's an idea... (3, Funny)

kdemetter (965669) | more than 5 years ago | (#28080175)

Actually , that could be done , however , the problem is that someone visiting slashdot with a browser , and posting on it, would be able to corrupt the data.

So we need to way to ensure that only the program can post , and nothing else.

Perhaps it can be done by storing the data in first posts : The program would be fast enough to put a post first , and if not , we know what 90% of the first posts will look like , so we can filter those out.

Re:Here's an idea... (4, Funny)

jonaskoelker (922170) | more than 5 years ago | (#28082111)

Actually, it wouldn't be such a horrible idea*.

Just come up with an RSA keypair and store it on all your machines. Encrypt and sign all data you want to store "in the cloud", and find someone who will store it for you.

* Slashdot might object to this and delete your post. I recommend using Reed-Solomon coding (or some other error-correcting code) and storing your data redundantly on several sites.

You could also do mirrored RAIF (Redudant Array of Indepedent Forums), though it might be rife for puns. And RAIP, where P=Posts, would be ripe for them. (Someone's gonna RAIP my karma for that, but the puns and anagrams form such a FAIR PAIR...)

Re:Here's an idea... (1)

drachenstern (160456) | more than 5 years ago | (#28085211)

You've been waiting a LOOOONG time for that haven't you?

Re:Here's an idea... (1)

jonaskoelker (922170) | more than 5 years ago | (#28086879)

Made it up on the spot :)

NO. NOT NOW. NOT EVER. I'M COMING FOR ALL OF YOU! (0)

Anonymous Coward | more than 5 years ago | (#28090673)

What if a conformist fascist thinks you are so bonkers, they lock your anonymous post "hidden"? And what if your post is part of the Original 5 Models that contain the sectors needed for Resurrection of the other Units?

Re:Here's an idea... (4, Funny)

RuBLed (995686) | more than 5 years ago | (#28080217)

I save my files in 127.0.0.1 and that site is fast. It's also secure btw, I asked my friend to access 127.0.0.1 and he cannot see my files. Also whenever I try to access 127.0.0.1, it's reliable and always there. I never leave my basement though.

Safe huh? (2, Funny)

benjymouse (756774) | more than 5 years ago | (#28080747)

Let's see about that. I'll just fire up my custom metasploit and we'll see about that. Ok. Now its probing 127.0.0.1. We'll see ho

Re:Here's an idea... (0)

Anonymous Coward | more than 5 years ago | (#28080651)

Let's see...

Free - Sure!
Reliable - Usually!
Anonymous - Probably!
Secure - Mostly!

Realistic? (1)

Brian Gordon (987471) | more than 5 years ago | (#28079689)

scads of information

free, reliable, anonymous, and secure

Why do you assume there is such a thing? The only way I can think of is a distributed network, which as the summary says, runs into serious scaling issues.

Re:Realistic? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28079771)

BitTorrent to the rescue?

Re:Realistic? (4, Informative)

Daengbo (523424) | more than 5 years ago | (#28079871)

"Distributed hashing tables are a class of decentralized distributed systems that provide a lookup service similar to a hash table: (key, value) pairs are stored in the DHT, and any participating node can efficiently retrieve the value associated with a given key." [1] [wikipedia.org]

They should look at Bamboo DHT [bamboo-dht.org] .

Re:Realistic? (1)

vegetasaiyajin (701824) | more than 5 years ago | (#28081351)

Bamboo and OpenDHT are the same.
Bamboo is the software/algorithm/protocol and OpenDHT is a specific deployment of it on the PlanetLab research network.

Re:Realistic? (1)

Daengbo (523424) | more than 5 years ago | (#28081591)

You rock and I suck!

Because there is always an answer (2, Interesting)

symbolset (646467) | more than 5 years ago | (#28080141)

In this case you store the data in the other clients. If you want to use the software you have to agree to store a gig or so of encrypted data. Your laptop connects to the grid periodically and uploads your data and downloads someone else's. Cooperative cloud computing at its finest, and the developers don't have to ask for help from anybody.

Re:Because there is always an answer (1)

kdemetter (965669) | more than 5 years ago | (#28080205)

Not only that , the storage wouldn't be an entire waste : it would be encrypted , so not directly accesible , but the part that is already stored on your pc , could be retrieved locally, as they are actually already available.

Only problem is that in this case you sharing doesn't grow exponentially, like it does with bittorrent : every user would share 1 gb of information , regardless of whether they downloaded 20gb , or 10mb .

Re:Because there is always an answer (1)

SlashWombat (1227578) | more than 5 years ago | (#28080423)

I'm sure the Russian Mafia" would be willing to host the database for free!

Adeona (1)

megrims (839585) | more than 5 years ago | (#28079707)

First time I've heard of this software: it sounds interesting.

I'm curious about how it works: i.e why the attacker wouldn't either disable the networking interfaces or re-install the software (depending on their intent), but I suppose it would be quite useful in the case of casual theft.

Surely it would be more useful for the service to send the location data directly to one of the owner's servers, rather than OpenDHT?

Re:Adeona (1)

navyjeff (900138) | more than 5 years ago | (#28079847)

I'm curious about how it works: i.e why the attacker wouldn't either disable the networking interfaces or re-install the software (depending on their intent), but I suppose it would be quite useful in the case of casual theft.

There is nothing to stop a thief from removing the software once they either have root access to your machine or have wiped the OS. If you need something that integrated, you might just have to put it in the BIOS or EFI or some kind of firmware. If I ever stole a laptop, I would surely keep it isolated from any networks until I had a chance to replace the OS.

Surely it would be more useful for the service to send the location data directly to one of the owner's servers, rather than OpenDHT?

That's the issue I've run into. I've been using Adeona for almost 6 months now. I've never been able to retrieve *any* pictures the software has supposedly taken and put on DHT.

I think the problem is that most places I work from (a University) have such firewalls that prohibit it from working properly.

I'm just going to find or make a program that takes the pictures and IP data, encrypts them, and uploads them automatically to one of several locations I control. There just doesn't seem to be a more reliable way to do it.

Re:Adeona (5, Interesting)

davester666 (731373) | more than 5 years ago | (#28080095)

There's two types of thieves for laptops/small electronic devices.

One type (drug users, thieves with little technical knowledge, people who just want very quick cash) generally just try to pawn the device ASAP and get less than 10% of the retail value. The person who purchases the device from the pawn shop may or may not be that knowledgeable or have install disks to wipe the installed system.

The other type will try to maximize the money they get from the system. These people tend to be more technically knowledgeable and are more likely to wipe the computer and install a new system on it and then ebay or craigslist it, or they may even try to ransom it back to the original owner.

The devices stolen by those of the first type of thief generally will get booted up and plugged into the internet with tracking software intact and ready to report.

Now, it's not enough just to get a report, like an IP address and possibly a photo of the person using the device, because the police may not be interested in tracking down the device. Recently, I read a story about a stolen Mac with tracking software installed, where the owner went to the police with the info, and they were brushing him off except a member of their drug enforcement department happened to see the picture and recognized a drug dealer they were looking for, so they did track down the location and arrested the guy/returned the computer intact.

Re:Adeona (1)

mysidia (191772) | more than 5 years ago | (#28080177)

With a boot order of Hard-Drive first and a passworded BIOS, with boot-from-CD disabled, they won't easily be using install media to wipe the OS install.

Esp. on laptops that don't allow a password BIOS reset.

They'd literally have to pull the hard drive and use another system to format and install an OS on the drive.

This becomes even harder if ATA security was setup in the BIOS. The hard drive is a brick without it being plugged into THAT laptop or without knowing the ATA password to unlock the hard drive.

Result = they have to use a different drive for the laptop

Re:Adeona (1)

sy5t3m (1349857) | more than 5 years ago | (#28080429)

You're overlooking something just a little bit obvious.
All the bios passwords in the world wont prevent anything when the battery can just be pulled.

So the correction should read:

They'd literally have to pull the battery before doing anything they want with your system.

Re:Adeona (1)

Terrasque (796014) | more than 5 years ago | (#28080565)

Except that most laptop BIOS'es cannot be casually reset. To reset the BIOS password for those, you'll have to send them to the manufacturer..

So I think your briliant plan for world domination won't work quite as you expect.

Re:Adeona (0)

Anonymous Coward | more than 5 years ago | (#28080717)

Turn in your geek card.

It takes no more than 10 minutes of careful work to remove a laptop's outer-most case, less if you are familiar with the model. The battery is rather easy to spot, unplug it for 30 seconds and you're good to go.

Re:Adeona (1, Informative)

Anonymous Coward | more than 5 years ago | (#28080907)

Wrong. I tried this on a newer model Dell laptop and it did clear the BIOS settings, all EXCEPT the password.

Laptop BIOS passwords are no longer stored in volatile storage, as far as I know. Clearing them probably requires reprogramming the chip on specialized hardware, or just replacing the whole BIOS chip itself.

Re:Adeona (1)

DDLKermit007 (911046) | more than 5 years ago | (#28088381)

Actually you just have to short the bios chip on the motherboard for a moment, and password goes away. I only know this because I get asked to fix this issue once a week, and wondered about other ways one day. None the less, at our shop, we turn down bios password issues on laptops and refer to the manufacturer no matter who brings it in. Stupidity has a cost, and thievery should not be aided.

Re:Adeona (2, Informative)

indiechild (541156) | more than 5 years ago | (#28080611)

Something similar happened to my friend last year in London. Some scumbags got a copy of the key to his apartment -- most likely during an apartment inspection with the real estate agent. They swiped all 4 laptops in the apartment plus a few hundred in cash, but strangely enough left a bunch of digital cameras etc untouched.

My friend had Adeona installed on his MBP and managed to get a couple of good webcam captures of a suspect and IP address, which he sent to the cops. The cops weren't interested in recovering the stolen goods -- not enough police resources to devote to cases like this, apparently.

So much for that. I think it's almost better just to form your own P-P-P-Powerbook goon squad and go knocking heads once you've figured out a physical address for the IP.

Re:Adeona (1)

mysidia (191772) | more than 5 years ago | (#28081997)

I think it helps that if in addition to an IP, you have a built-in GPS transceiver, and you can track (literally) the precise location of the laptop, not just the network it's plugged into.

Re:Adeona (1)

autocracy (192714) | more than 5 years ago | (#28082713)

But how often do you have a laptop running with a clear view of the sky?

GPS and WiFi sniffing (1)

SEWilco (27983) | more than 5 years ago | (#28083169)

But how often do you have a laptop running with a clear view of the sky?

You only need it once. Hmm. I'd need to replace my USB-charged Bluetooth GPS with one with solar recharging, and I haven't seen one where the computer could control whether the GPS is running. A GPS unit takes more power than a solar panel can supply, so the computer would have to turn on GPS briefly (mapping software would, of course, keep it on). Another possibility is to also do WiFi sniffing, and report all detected devices in case one is in a WiFi location database. With a WiFi sniffing report, it also would be possible for a person to check their neighborhood for those WiFi units.

Re:GPS and WiFi sniffing (1)

mysidia (191772) | more than 5 years ago | (#28088811)

I would also suggest optionally transmitting a 'beacon' when connected to a WAP. Essentially a packet disguised as normal windows traffic, but meaningful to any other Adeona clients that might be connected to the same AP or on the same network.

The Adeona clients can report on (in their tracking info) beacons received, as well.

And any GPS info the owner of other Adeona clients chooses to publish.. essentially "cooperative assistance" to tracking.

Other laptop owners running Adeona might opt-in to anonymously provide location information as an aid, in case a local GPS signal cannot be achieved.

a WiFi operator might opt to have Adeona installed on a desktop and include physical location info in their beacon.

Or possibly in the Wireless AP itself.....

"Do any developers have ideas on where to put (3, Funny)

circletimessquare (444983) | more than 5 years ago | (#28079725)

scads of information in a free, reliable, anonymous, and secure manner?"

there's 4 criteria there. take away free, and you can get the other 3 criteria. leave in the word "free," and you can only have 1 of the other 3 criteria

Re:"Do any developers have ideas on where to put (2, Insightful)

MichaelSmith (789609) | more than 5 years ago | (#28079787)

Encrypt it and post it literally anywhere. Only the owner will have the decryption key.

Re:"Do any developers have ideas on where to put (1)

rs79 (71822) | more than 5 years ago | (#28081709)

Exactly. But if you post cryptographically signed data to usenet it'll both be available quickly and will be stored forever (through google).

Or use TXT records in the dns to do the decentralized db part. Of course I'd suggest using a new tld for this but of course this sort of thing is blocked by the government and scientologists.

Either way it's easy to store cryptographically signed data in "archived public streams".

"Cryptographically signed" is the key though.

And yes I worked damn hard to get that pun in.

Re:"Do any developers have ideas on where to put (1)

Wonko the Sane (25252) | more than 5 years ago | (#28079791)

You could upload the information to Freenet.

Might be a little weak on the "reliable" criteria, though.

Re:"Do any developers have ideas on where to put (2, Funny)

SEWilco (27983) | more than 5 years ago | (#28079979)

How many Libraries of Congress are there in a scads?

Re:"Do any developers have ideas on where to put (1)

drachenstern (160456) | more than 5 years ago | (#28085287)

~.00001

I'm just surprised nobody has yet said "ask google to host it"...

The assuumed fifth criterion is invisible (1)

symbolset (646467) | more than 5 years ago | (#28080193)

Legal. Leave that one off and the other four are easy. I'm sure there are far more highly scaled secure apps running in the top five botnets.

But I answered this above. I don't even know why they had to ask such an obvious question. Even legal it's a no brainer.

Re:"Do any developers have ideas on where to put (1)

tar (2527) | more than 5 years ago | (#28086165)

I'm curious: how do you propose to have "anonymous" without "free"?

Re:"Do any developers have ideas on where to put (1)

mathman47 (1535533) | more than 5 years ago | (#28092399)

NSA. I'm sure they'd do it. They would probably pay to get their hands on all that data.

Woko (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28079727)

sloshdot. nows for nords, stoff thot mottors.

Freenet? (2, Informative)

evanbd (210358) | more than 5 years ago | (#28079803)

Freenet [freenetproject.org] is an option that *might* meet your needs. Unfortunately, it won't work well unless you're willing to run a node a large fraction of the time (might be hard for a laptop). And that implies a nontrivial bandwidth and disk commitment.

Whether it's reliable enough is another matter. Data that isn't accessed at all will become unavailable after a week or three; shorter term than that, or for data that's accessed at least occasionally, reliability is quite good. Speed isn't exciting, but a few seconds (maybe 15-30 if you don't access at all, maybe a lot longer if it's almost but not quite completely gone) latency and a few kB/s should be plenty here.

On the plus side, it is Free, anonymous, and secure. Of course, all of Adeona switching to it might represent a rather larger load than it's ever seen before -- and would probably be disastrous if those nodes didn't have a decent uptime percentage.

I don't know what they were thinking... (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28079827)

I always thought it was strange that Adeona worked on the back of an academic project to store its data. OpenDHT was actually pretty cool- I hadnt heard of it until I started reading how Adeona worked.

openDHT was a kind of anonymous, communal hard drive... seems someone could just modify OpenDHT to use FTP, WebDAV, or even CalDAV on their own web server to do the same basic thing. Since Adeona already encrypts everything on openDHT (which was the point-- anyone could grab the info anyway), so you could basically stick the info anywhere you have a bit of storage. Someone suggested slashdot comments, but something like a Google-based server might be able to handle the load. Isnt' this the kind of thing their Google App program is made for?

Re:I don't know what they were thinking... (2, Informative)

asavage (548758) | more than 5 years ago | (#28080029)

What I was thinking was just create a spreadsheet with Google docs. Google docs lets you create a webform to let anyone submit data to your spreadsheet. You could have your tracking software fill out the form with the IP address. The spreadsheet by default can only be viewed by your google account but it you want additional security, encrypt the entries.

Re:I don't know what they were thinking... (1)

foniksonik (573572) | more than 5 years ago | (#28082853)

Google Base [google.com] Free Database... specifically setup for storing this type of information (you'll definitely need to encrypt it). Not sure if the TOS restrict this type of usage though...

Re:I don't know what they were thinking... (1)

maxume (22995) | more than 5 years ago | (#28081797)

Adeona was an academic project. That makes using an academic project a little less surprising.

Open-source (0, Troll)

kkandnathan (1560885) | more than 5 years ago | (#28079891)

Open-source system is the largest change of the world in this century,G-Phone ,Linux and so on.As long as there is open source, our lives will be more convenient http://www.nowgoal.com/17.shtml [nowgoal.com]

Over-reaching (5, Interesting)

Bruce Perens (3872) | more than 5 years ago | (#28079911)

The reason for using OpenDHT, I think, was that Adeona didn't want it to be possible to trace user's movements using their system until the laptop was reported as stolen. Not that I am entirely clear on this. Perhaps the best thing to do for the time being would be to back off on the unbreakable-privacy goal until a reliable system arises, and use a database like the rest of us.

Yes, this is dangerous, in that it centralizes in one place the call-in data regarding some large number of laptops. And it makes it tempting for some government to subpoena the data, use it for eavesdropping, etc. So it should not be allowed to stand forever. But it seems kind of silly to just fold up tents until some reasonably blue-sky software meets production goals.

Bruce

Re:Over-reaching (2, Insightful)

Anonymous Coward | more than 5 years ago | (#28080001)

They're not saying that their folding up tents. Just that they are actively seeking contributions to help resolve this technical issue. Seems to me, a post on Slashdot is the perfect place to make this plea.

Re:Over-reaching (1)

danboarder (773630) | more than 5 years ago | (#28080047)

Or, let people specify their own sFTP or other hosted storage for themselves. Shared hosting is very cheap or free these days, so I suggest letting users set where data is stored. No need to rely one a central database in this case, let people use their own storage. Make sense?http://slashdot.org/comments.pl?sid=1243923# - Dan Lundmark

Re:Over-reaching (0)

Anonymous Coward | more than 5 years ago | (#28080103)

You could even integrate it with Amazon's S3 storage to provide the reliability factor.

An open DHT is a highly valuable resource (3, Interesting)

Morgaine (4316) | more than 5 years ago | (#28080221)

But it seems kind of silly to just fold up tents until some reasonably blue-sky software meets production goals.

That's pragmatic advice to safeguard Adeona (I agree), but most of the responses here seem to have interpreted your advice to also mean dropping any interest in OpenDHT, because you called it "blue-sky"(which possibly suggests that "it's not gonna happen").

I think that a working Distributed Hash Table that is also scalable would be an immensely valuable resource to the community, and would end up underpinning many other projects besides Adeona. The legions of FOSS comprise not only coders but also many visionary designers and competent researchers as well, so I think we can do better than just leave OpenDHT to sink or swim without help.

How about fostering some more research-oriented work on OpenDHT (if the current design isn't a viable one) instead of abandoning it as the mood seems to be at the moment?

Re:An open DHT is a highly valuable resource (2, Insightful)

Bruce Perens (3872) | more than 5 years ago | (#28080337)

OK, I should state clearly that OpenDHT's capability should not be abandoned.

But IMO it's sort of a big job to make this scale. It takes people with a pretty strong mathematical computer science background, and a lot of testing, and long-term support. Hopefully the right folks will step up (and don't look at me, I don't have the math).

Re:I don't have the math (1)

symbolset (646467) | more than 5 years ago | (#28080725)

This is going to sound like fangeek adoration because it is. You intuit better math than most of the math geeks I've ever known, and I've known a good number.

But... I disagree. We can do this if we try, and if you think about how to solve this problem the answer will become obvious to you.

Re:An open DHT is a highly valuable resource (1)

debatem1 (1087307) | more than 5 years ago | (#28081509)

Not really- bamboo, the actual software that opendht ran, works fine- the question is having the resources to actually build and maintain the network. You have some serious connections- if you want to get something started, let me know.

This way lies madness (1)

symbolset (646467) | more than 5 years ago | (#28080271)

Break the unbreakable security commitment? NO!

Bruce, I repectfully disagree.

It would be wiser to accept 1-3 days latency from reported theft to recovery data. With that much lag and the requirement that the clients themselves store some redundant multiple of the data they send in encrypted format the problem becomes trivial.

Surrendering privacy or security is NEVER a valid option in a distributed application.

Re:This way lies madness (1)

Bruce Perens (3872) | more than 5 years ago | (#28080359)

"symbolset" wrote:

It would be wiser to accept 1-3 days latency from reported theft to recovery data.

Sure, if that's the cost. But you are assuming a 1-3 day fixed backlog length, rather than a forever increasing one. I'm not yet clear this is a justified assumption.

Re:This way lies madness (1)

symbolset (646467) | more than 5 years ago | (#28080615)

With 4-6 multiples per client of storage this is a good metric. With 10x and VI distribution it's safe at 5 9's. The backlog length and intelligence of distribution are implementation details. It's all about Recovery Time Objective and those metrics are well established. My post implied fixed backlog lengths, it's true, but that was for a different audience than you and that paradigm isn't required to solve this problem.

It's their client and they're well equipped to implement our discussion so we've done good work here.

Re:This way lies madness (1)

drachenstern (160456) | more than 5 years ago | (#28085345)

wtf? We're you trying to win buzzword bingo? zomg, try again.

Yeah yeah yeah, I understood what you wrote, but now my brain hurts... time to go read the poll and let it recover...

Re:This way lies madness (1)

jonaskoelker (922170) | more than 5 years ago | (#28082139)

Surrendering privacy or security is NEVER a valid option in a distributed application.

If you have more than one computer, have your stolen laptop talk to your home server via an encrypted channel. Then you get both.

Re:This way lies madness (1)

symbolset (646467) | more than 5 years ago | (#28084901)

This is another grand option. Many of the folk who use this service will have a server with fixed IP address. They might also offer a service like dynamic dns for the people who suffer with dynamic IP address.

Re:Over-reaching (1)

ShakaUVM (157947) | more than 5 years ago | (#28080363)

>>Perhaps the best thing to do for the time being would be to back off on the unbreakable-privacy goal until a reliable system arises, and use a database like the rest of us.

Yeah, it seems to me that having heat-entropy-death-of-the-universe encryption on a frail system - that is apparently so dependent on a central server that even before it becomes well known by people on the internet it dies under the load - seems to be rather silly.

A system is no better than its weakest link, and having a distributed anything run through a weak central point is simply not going to work.

Since they're already in the field of "cloud computing", they really don't have an excuse not have a distributed server architecture.

Re:Over-reaching (0)

Anonymous Coward | more than 5 years ago | (#28080495)

Sadly its a typical "tragedy of the commons" result. A useful program came out making use of a freely available common resource (the OpenDHT system), each user incrementally put more of a load on the system, collectively none of them put back enough resources to support their use. A free public resource can only take so many individuals helping themselves to "their bit" without something giving way.

Found a site just waiting to be spammed (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#28079919)

The Open Web Directory [sitelist.ca] ...Spam this site.

And this is what comes from.... (0)

Anonymous Coward | more than 5 years ago | (#28079957)

relying on somebody who has no interest in remaining reliable.

Eventually something will happen and you'll be up the creek without a paddle.

Store it in DNS caches or NNTP posting(Eternity ne (1, Interesting)

Anonymous Coward | more than 5 years ago | (#28080057)

in the eternity network the data was stored in NNTP postings that were encrypted and posted via anonymous remailer.. other temp storage schemes have used DNS caches to great effect. DNS would get my vote plenty of built in caches and infrastructure

      re adam back (eternity network)

Great example of some of the pitfalls of F/OSS (0)

Anonymous Coward | more than 5 years ago | (#28080073)

Yeah, great service... if they decide to keep it up.

And not that this doesn't happen with closed source but normally there is repercussions. Here they just get to walk away scot free.

You guys never give up, do you? (1)

symbolset (646467) | more than 5 years ago | (#28080307)

With closed source the loss of service is guaranteed after some period, usually 3-7 years. It's called end-of life.

Simple Solution (1)

arthurpaliden (939626) | more than 5 years ago | (#28080079)

If it is that useful charge a small subscription fee and use the money to get the resources required to run the project. If you cannot raise funds that way then people must not really see the benifit of the service.

Why does it have to be free? (1)

93 Escort Wagon (326346) | more than 5 years ago | (#28080087)

The subject line pretty much says it all, but - why continue to expect something for nothing? Storage costs money, whether it's in one place or distributed. So does the bandwidth, no matter how small it is. So why not be willing to pay at least the cost of providing the service?

If you eliminate the demand that it be without cost, could you come up with a solution to the rest - reliable, anonymous, and secure?

Re:Why does it have to be free? (2, Insightful)

mysidia (191772) | more than 5 years ago | (#28080189)

Let users specify a server of their own, and either FTP the data or send it to them with a HTTP post form.

HTTP post forms are perhaps the most reliable way to transfer data.

Other methods that involve different TCP/UDP ports, or custom protocols like RPC are prone to failure when firewalls on a foreign network block the traffic in the name of security.

It would be very difficult to accidentally block Adeona if its outbound traffic looked like ordinary web traffic and wasn't to a small list of servers (that thieves could easily research and block traffic to).

Re:Why does it have to be free? (1)

Meshach (578918) | more than 5 years ago | (#28080225)

I agree. While free is good and is often the preferred method of distribution it is not always plausible, especially if your project has a limited scope or audience and free will not put food on your table.

Many companies change and are still well respective members of the software and, yes even the open source industries.

2 proposals (1)

ghetto2ivy (1228580) | more than 5 years ago | (#28080127)

1) Use math. Store only X number of connections. Distribute enough copies that statistically speaking all parts (with parity data) are always available. Distribute it on Adeona installs, where the storage requirements would be # of copies * size of entries * redunancy. If you only keep say the last 30 entries, that shouldn't be much of a table. The data should just be encrypted to a pgp key. users can either keep a copy of the key or pay to have adeona create a key pair and store it for them.

2) Use the cloud, or a personal server. Dump into an amazon s3 account or a user specified server. The user pays for any s3 storage (pennies), if it goes to s3, nothing for their own.

You can't have both (1)

davmoo (63521) | more than 5 years ago | (#28080257)

Projects like this have to make a choice. It can scale hugely and be 99.9999 (nothing is 100) percent reliable, or it can be free. It can't be both, unless you have a really supportive multimillionaire as part of your project. Its a basic fact of life that large amounts of bandwidth and large amounts of storage cost real money.

This is, in my opinion, the basic stumbling block of free projects that require lots of resources of one form or another. I don't know that a serious study has actually been done, but I'd be willing to bet that the majority of people who use FOSS use it not because they hate Microsoft or because they support "open", but because they get it for free.

Google AppEngine (3, Interesting)

cerberusss (660701) | more than 5 years ago | (#28080631)

Google's AppEngine is massively distributed. Be sure to encrypt the information written there, and you'll be done.

Re:Google AppEngine (3, Informative)

CrashandDie (1114135) | more than 5 years ago | (#28080927)

Yup, exactly my thoughts. I've been using the AppEngine's Data Store for some time and can't complain. 1Gig of data isn't a lot, but it's cheap to get more. Just get people to donate and you'll have all the storage you need. Just write a simple class that will convert stored objects to XML and it's a done deal. For upload? Simple POST to one of the servlets

Oh, and for people who don't see how they could encrypt the data from Google: PKI.

If nobody needs to be able to access the data excepted for one person, where's the problem? What's the fuss all about?

I'm not convinced about net-based tracking system (2, Interesting)

badzilla (50355) | more than 5 years ago | (#28081221)

The functionality depends upon the thief being unaware that information from the laptop is being transmitted somewhere and thus could give away information revealing the theft. If the thief knew about the client then they would of course find a way to disable it before attaching to a network.

With the current state of technology it's credible that a thief would steal the laptop, connect to the internet, then hopefully get caught. But what if laptops routinely had a GPS receiver onboard, and possibly also a GSM/UMTS modem? At that point it would become widely known by even the dumbest thieves that "laptops are trackable when you turn them on" and an arms race would ensue. The distributed tracking system would no longer be any good though

I already have a mobile phone with onboard GPS and there is an app which at power-on can auto-send a GSM text message containing the phone's detail to a pre-specified number. This is not defeated by changing the SIM card.

Re:I'm not convinced about net-based tracking syst (1)

davmoo (63521) | more than 5 years ago | (#28081461)

But what if laptops routinely had a GPS receiver onboard

The tinfoil hat crowd would cry privacy invasion.

and possibly also a GSM/UMTS modem?

The cost of the laptop would increase, and we'd all have to buy monthly data packages from a cellular provider.

Re:I'm not convinced about net-based tracking syst (1)

badzilla (50355) | more than 5 years ago | (#28082163)

A bit of a digression but I don't know anyone anyone who owns a laptop without a USB 3G data gadget to go with it. These are quite cheap to run with no contract required.

Available free in UK
http://www.3dongle4free.co.uk/ [3dongle4free.co.uk]

also everything you need to unlock it for use in other countries
http://rapidshare.com/files/235523732/ZTE2.rar.html [rapidshare.com]

Re:I'm not convinced about net-based tracking syst (1)

jimicus (737525) | more than 5 years ago | (#28081729)

It should be widely known by the dumbest thieves (at least in the UK) that stolen mobile phones don't work because their IMEI gets blacklisted as soon as they're reported stolen.

This doesn't appear to have reduced mobile phone thefts to zero.

Dynamic DNS... (0)

Anonymous Coward | more than 5 years ago | (#28081441)

A simple solution would be to make an easy server program which people could install to another computer.

If the client used a dynamic DNS-address I would even be possible to set up the server after the laptop gets stolen, and just redirect the pre-set address to the new IP.

Flud looks good for this... (1)

batdragon (16691) | more than 5 years ago | (#28081531)

http://www.flud.org [flud.org] ...but it seems to have been sleeping since March 2008. :(

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>