On Sunday 26 December 2010 18:19:22 S Mathias wrote:
No port forwarding is needed in p2p (no need for open ports [?
fixme]):
http://samy.pl/pwnat/
While I find these ideas of NAT and firewall-piercing quite interesting, there
is always a "but" somewhere --- in the pwnat case, it is a "but what if the
ICMP is filtered?" (as it actually is for most NAT'd networks I've seen).
The only permanent solution to usability of p2p in general is IPv6, where all
addresses will be public and thus accessible from outside. And IPv6 would fix
other protocols broken by introduction of NAT, not just p2p stuff.
But until then, p2p can never be completely reliable/available to everyone, as
http is now.
Common sense: if i need to spread lot's of files no matter small
or big, to
many-many-many-many pc's, then i would give a 10 Mbit line to the master
server, and the remaining job is done by the people, so that in this way,
they could contribute to the project.
Not everyone needs every file to update, so this will not scale as well as you
might imagine. Also, with all the mirrors out there, I don't see much benefit
in using p2p for updating.
The Fedora installer could contain a question: how would you like to
receive updates? [if e.g.: GNOME is installed, the updates would be
"forced*", because it's likely not a server, just a desktop pc]
Forced? Why? I generally do a "yum update" only manually, and even then I
inspect what is to be installed before I agree to proceed. And I'm a desktop
user. No, you never want to *force* updates on people, it might break some 3rd
party software they are maybe using. Think kernel updates and nVidia closed
source drivers, as the most common example.
- and the
answers would be: by http or by p2p (or p2p with encryption)
Whereas only http is the protocol that can be assumed to be available
everywhere and to everyone. The p2p solutions always rely on other ports being
open, UDP/ICMP availability, etc.
+ if i go to the main website, and click "Get Fedora"
https://fedoraproject.org/en/get-fedora
it would need to accentuate the ISO download by torrent, not http, the
servers would be way more "relieved", and ready for any expected, or
unexpected loads (ddos, a version of Fedora is out, growing number of
Fedora users).
Oh, my...
You surely missed an *insanely* big thread on this list, devoted precisely and
exclusively to the *bitching* about removal of bittorent links from the then-
newly-designed "get fedora" website...
IIRC, Mairin Duffy was nearly crucified for removing the torrent link from the
page. In a nutshell, the argument was that (according to statistics) only
every fifth Fedora user actually uses torrent to download the .iso. The
counterargument was that (again according to statistics) since there are cca 1
million Fedora users out there, 200 thousand people just got screwed. The
counter-counterargument was that people who know how to use torrent typically
know how to use google to find the .torrent of the .iso, so no need for a link.
The ccc-argument was that anyone with a clue what is an operating system could
use google to find a Fedora .iso, so no need for a "get Fedora" page in the
first place, which defeats the purpose... And so on and on, with a lot of
tangent discussions and even more unrelated bitching about list ettiquette
etc... Look it up in the archives, if you are interested.
The whole thing was eventually resolved when Mairin gave in (based on some
sound and friendly advice of other Fedora devs) and created a link for "other
download methods, including torrents" and updated the website...
My point --- you don't want to open that topic again. ;-)
I'm sure there would be many Fedora or other RPM based
distribution users,
who would happily seed the packages. Broadband connections, HDD's are
cheap in 2011.
There are mirrors who happily do that right now via http, so I don't see any
serious benefit.
*by forcing i meant it should install updates without asking, the
primary
security relies on that the packages are up-to-date or not.
No, the primary security relies in the brain of the person using the computer.
Automatic updates that leave the user out of the loop are known to be a Very
Bad Idea (tm).
I've seen automatic updates breaking my own and other people's systems more
often than I want to remember, and the whole thing can get pretty bad
occasionally. Just think of a new kernel update which breaks the closed nVidia
drivers (or sometimes open radeon drivers ;-) ), and similar problems that pop
up every now and then. Really, you *don't* want enforced updates. The user
*must* be given a choice whether to accept or not accept any individual
package update, including security updates.
HTH, :-)
Marko