Now that MoleSter has been golfed to death, what would be the best way make it secure? SSH encryption? Challenge-reply logins? Public-key logins? Thoughts?

Replies are listed 'Best First'.
Re: MoleSec?
by davido (Cardinal) on Dec 22, 2004 at 05:51 UTC

    For those of you who, like me, must have missed an earlier discussion, I thought I'd post a link to what .havoc is talking about.

    Google searching was useless, since MoleSter mostly just turned up crime statistics. A search here in the monastery turned up this recent and relevant thread: P2P Golf: MoleSter.


    Dave

[reply]
      I'm sorry. That's what I get for making assumptions. Thanks, Dave.
[reply]
Re: MoleSec?
by dragonchild (Archbishop) on Dec 22, 2004 at 15:05 UTC
    Part of the problem is in the P2P protocol. Most of the changes you're suggesting would require changes to the protocol itself. That's out of scope for a client.

    However, changes were been made (and golfed) that improved the security in a few ways, including

    • Using the 3-arg form of open (prevents using the filename to execute shell commands)
    • Closing all network sockets as soon as possible (this allows peers to reduce their open socket count, which may help their security)
    • Some extra network activity after sending a file to make sure the peer's file is closed and written. (Again, helping peers with their security.)

    *shrugs* The only further improvement I can think of would be to add taint-checking, but that would increase the character count by at least 60 characters.

    Being right, does not endow the right to be rude; politeness costs nothing.
    Being unknowing, is not the same as being stupid.
    Expressing a contrary opinion, whether to the individual or the group, is more often a sign of deeper thought than of cantankerous belligerence.
    Do not mistake your goals as the only goals; your opinion as the only opinion; your confidence as correctness. Saying you know better is not the same as explaining you know better.

[reply]
Re: MoleSec?
by hardburn (Abbot) on Dec 22, 2004 at 14:54 UTC

    Just what do you want to be secure against? Someone sniffing traffic? A man-in-the-middle attack? Censorship?

    I used to spend a lot of time around Freenet (which tries to be secure against all of the above), and I can tell you that being secure against a broad range of attacks is highly non-trivial, and certainly isn't golf material. However, most P2P applications don't need all that to be useful.

    "There is no shame in being self-taught, only in not trying to learn in the first place." -- Atrus, Myst: The Book of D'ni.

[reply]
Re: MoleSec?
by perrin (Chancellor) on Dec 22, 2004 at 18:53 UTC
    I don't think the point of MoleSter is to actually run it. It's a demonstration, and basically unusable compared to any other P2P app in existence. Why not just run something more complete instead?
[reply]

Back to Meditations