open source bitcomet

[wyuenho]

In the year of 2006, I don't understand why there are still sharewares that's free for personal use but closed source. The case of bitcomet is especially perplexing to me since bitcomet neither charges fees for personal use nor provides any support to business users. My guess would be that bitcomet's own revenue is commercial licensing. But then again, why can't you open source bitcomet and still charge business users licensing fees? In bitcomet's case, I can only see the advantages of making it open-sourced to improve bitcomet's features and stability, without losing anything. If you open up your bug tracker, millions of users will be potential testers and bug reporters. If you open up the source code, hundreds of thousands of developers/users will submit patches and enhancements to bitcomet. So there's really no reason to not open source bitcomet unless you absolutely have to use some proprietary library with very strict limitations on redistribution. But then again, what library could it be that you can't replace with an open sourced one?

I'm an advocate of open source software and it's frustrating for me to not be able to contribute to a project which its product is something that I use on a daily basis. Therefore I am here petitioning for an open source bitcomet project.

[Dark_Shroud]

Your post makes me laugh, "millions of users" & "hundreds of thousands'"

You may want to contribute, but most people just want to make hacks that cheat. Giving out the source would cause a lot of trouble in that sense. And BitComet doesn't need more hacks floating around out there.

[wyuenho]

according to the download count on download.com, yes bitcomet does have millions of users. hacks? so u are saying azereus is full of hacks? emule, dc++, sheraza, gnutella and all other open source p2p programs are full of hacks? that's completely opposite to the reality. from the experience of so many open source projects out there, most contributers are only acting as testers and bug reviewers. most people are not developers and even if they are, in the case of a windows app, they don't necessarily have a copy of visual studio. those programmer who can understand and write the code for bitcomet are the real contributers to the code base. as experience has shown, for every exploit or hack discovered, there are always more fixes to patch the problem by the same community. by open sourcing the project, instead of having only a handful of developers working on the project, you suddenly have thousands of developers doing security auditing for you and other improvements. a closed source bitcomet has so many hacks. a hacker will go to any length to find security holes and exploits of the program, but if the program is closed source, good users can't help and the project developers don't have the time to fix it. so the result is slow response time to critical bugs and unhappy users. haven't we learnt enough from IE6?

[Archmaster936]

I would have to agree with Dark_Shroud. Open Source would be really bad for BitComet. Most of the people that would use the source would only use it to embed hacks into it so people that download the third party "patches" people would get virus/adware/spyware and blame it on BitComet. Thiswould mean less people use it and the BitComet team would have to get fixes out and have to deal with more than bugs.

[aimee]

Dark_Shroud and Archmaster936, thank you for your understanding. wyuenho, we will never open source and we do not charge anybody for commercial use of BitCometClient.

[Dark_Shroud]

so u are saying azereus is full of hacks? emule, dc++, sheraza, gnutella and all other open source p2p programs are full of hacks?

Where have you been? Azureus does have some nasty cheating plug-ins. There are also a number of emule hacks out there as well. Gnutella, I don't care enough about to read up on, same for dc++. Sheraza is a POS bittorrent client that is banned on a number of private trackers so its a moot point anyway.

haven't we learnt enough from IE6?

Yes, its called IE 7, where they removed a lot of the old code. And that's what an error report is for.

I'm not trying to be mean or rude. :mellow: But the cons out weigh the pros here. Thanks to all the little cheating sobs on the net. :angry:

[wyuenho]

It's true that azereus and emule both have cheating mods, and shareza by nature is a hack and is banned by most other eDonkey2000 clients, but according to Wikipedia, "BitComet's upload slot limit is known not to work. BitComet has also been accused of favoring other BitComet users on uploads, hammering trackers, dropping piece requests, and other similar unfair techniques." It's also true that it took MS more then 5 years to come up with IE7 thats still at least 1 year behind current state of the art browser technology. My point is close source development model leads to slow security fix response time, and when it comes to defending against accusations, there really is very little you can do without opening up the source code for verification. You may publish data gathered from some network experiment, but people can always say you can manipulate data anyway you want, so you really have no way to prove otherwise.

I'm curious tho, how do these cheats on BT clients generally work? Is it possible to build in some default counter measures against some of the popular cheating schemes?

[Soraiya]

Ok, without spilling anything about our code and such. C++ practically every programmer knows this basic language, in fact this is one of the first languages taught to students in high school or uni in their first computing courses. I'm going really general here: because the code is so openly known, it can also be easily manipulated for personal means.

If that reason is not alone. Think by this example, why are multimedia programs i.e. Dvd media players like VLC are open sourced? Answer: Because if the user tweaks around with it, any harm that comes out of that 'tweaked software' will only harm that user, unless he/she distributes it. Though, the only reason why the user would tweak it, is because they only want to make the software better.

On the other hand, with P2P software like Azureus, by having an open-source, users also want to make the software better...but again, what for? Only for their personal use, so 'hacked'bt clients will only serve to provide better download usages for that user alone, but that 'hacked' client will not share its benefits with other users, only it will harm the entire swarm of that torrent.

Hence, this is the reason why you're not seeing alot of torrent clients like Azureus being open-coded. The most of what we can do is listen to BitComet users' suggestions, and put them into place for the next version to be released. I suppose this is also the reason why BitComet was banned before on private servers. I won't disclose why it was banned, because users can simply just download our old version, and continue cheating. Thus...we released newer versions which fixed that accidental 'cheating' feature.

In conclusion, as Aimee stated, we will most likely never release this code, unless if the benefits outweight the consequences.

Here...for those who have checked out utorrent, you may realize that it's also a closed source. http://www.utorrent.com/faq.php#Is_.C2.B5T..._open_source.3F

Kind Regards

BitComet Team

[wyuenho]

Actually, according to this Wikipedia page, about 2/3 of the BT clients are open sourced, even if you only count the Windows clients. uTorrent is close sourced, but for reasons unspecified, unlike BitComet, which closed its source for security reasons; and Azereus is open sourced.

C++ is a popular language, but not everyone knows how to deal with network protocols. In order to cheat, you must lie in the messages you send to other clients, but then if you lie, you must lie consistently or you can be caught and banned (basic theory of computation). So my point is, all you have to do is to force the client to lie all the way and eventually they'll get caught. For other so called cheats, like having fake upload slots that never uploads, or fake bandwidth reports... can all be solved by doing a few more simple arithmetic calculations when assigning scores and priorities in the scheduling algorithm. I don't see why security can be a reason for closing the source. For a client with a huge user base like BitComet, any cheat countermeasure algorithm will have an adverse effect on the whole community and makes cheating mods a lot less likely to succeed in whatever they are hoping to achieve.

By using a open source development model, your accidental cheating feature could get a chance to be reviewed , bugs filed and avoided the whole "accidentally cheating" fiasco. So open source model actually improves the quality of the software. Same goes with the cheating mod, for everytime a new cheating mod comes out, someone else always will come up with a new countermeasure algorithm and that can be incorporated into the official client's source immediately, throw in an automatic update system like Azereus', noweveryone connected will get patched almost in no time, what's wrong with this?

[Dark_Shroud]

Since this thread is linked to listing our reasons as to why BC is not and will not go Open source. I will add onto this as I somehow missed that last post.

Azureus has a patcher because it is module based using the Java language. BitComet & µTorrent use the same methoed of just replaceing the program .exe file.

Most of the other "open source" clients have been mass banned for two reasons. A) They are no longer being developed. or B) They have cheating features/tendencies. And they are not worked on as much as BC is now and µTorrent.

Furthermore its modified versions of Azureus that the RIAA/MPAA are using to posion swarms and host fakes. Azureus is also banned in a lot of large scale private trackers as there are groups that release cheating plug-ins for every new release. So as you can see the cons out weigh the pros thus source cannot be released.

[ingeralhaosului]

wyuenho if you want to have a open source bitorrent client and you have the C/C++ programing experience or know people that have, try libtorrent and start your one project.

p.s.

fore as much as its worth try REC Decompiler

[disco-legend-zeke]

wyuenho if you want to have a open source bitorrent client and you have the C/C++ programing experience or know people that have, try libtorrent and start your one project.

the potential for abuse of peers by spammers, or simply greedy content hoarders swings my vote toward a closed model.

if a product, even a free one, is to compete for "average" movie watchers, there needs to be a closed source. this will restrict hacking to only the richest.

the availability of an open source tree, on the other hand can speed development, and there is such a long way to go.

the advent of 500 meg channels for the one time admission price of $149 (list for an 802.11 draft (the greedy carriers will never let it be final) N wireless router) will result in the formation of a TELCO-free infosphere.

the new routing technologies required (a thread ill start next) involve concepts like content based URL, closest source response, cascade routing, and gps routing.

[patcat88]

I think BC should make certain proprietory protocol code open source to embed/reverse engineer into other clients. For example the NAT traversal is pretty useless since there are few BC users, and alot of BC users arent firewalled. And I think there maybe a incompatibility between .6* and .8* NAT traversal implimentations. Also if BC uses any extended messaging, that should be made open-source, just enough to reimpliment in other clients, or a really well writen wiki article, but I have higher hopes for code. There needs to be more colaberation, or else the BT world will fragment even more into the UT and AZ duopoly.

[ttxxx]

patcat88 says it all.

It is true that now BitComet implements its own proprietary protocol code, as well as its own torrent format modification (e.g. the >1MB aligning feature, quite annoying in to other clients). For other clients, they don't have DHEv2, BCTP and other undocumented features, it would hinder the BitTorrent community altogether.

But hey, there is sure one reason why BitComet must stay in closed source, it is because of all those "recommendations".

[Dark_Shroud]

For example the NAT traversal is pretty useless since there are few BC users, and a lot of BC users aren't firewalled.

If a firewalled user sends out the NAT Traversal signal non-firewalled clients can and will respond with NAT Traversal.

And I think there maybe a incompatibility between .6* and .8* NAT traversal implementations.

Wrong, the new NAT Traversal is backwards compatible with the previous version.

[kluelos]

wyuenho, the first thing you should understand is that Wikipedia strives to be a tertiary source. That's their goal and their criterion.

Well, that's their business, but tertiary sources are NOT definitive, nor do they try to be. Wikipedia's mantra is "somebody said it", and not "it's true". A great deal of what Wikipedia says is not true. As a source, it should never be trusted for more than guideposts for further exploration. Specifically, much of what you've read about BitComet is not true, and some of it is sheer garbage, demonstrably false for anyone who cares to try. But Wikipedia must tend their own garden.

The second thing is that it is quite easy to cheat on bittorrent, just as it is quite easy to falsify the origin of email messages, and for much the same reason: security/authentication was not designed into the protocol, and it's too late now.

Given a base platform, you can easily create such a cheat, that is extremely difficulty to positively identify. Azureus has provided such a base platform. People have done so. (Though this is at least as much due to stretching the protocol to purposes it was never designed for.

The FOSS basis of Azureus has also not shown the virtues you want to claim for it, as witness the DHT incompatibility. Azureus vs. everybody else.

And finally, it's been done before. BitTorrent started out as FOSS, and as you note, there are several still out there. None of them are as advanced or as powerful apart from Azureus, while some, like BitTornado, have stumbled down blind alleys towards uselessness. Azureus has, for many, become lost to bloatware. FOSS had its chance, and blew it on several levels. It had a huge head start, but rapidly lost ground to closed-source clients that were smaller, faster, more efficient and more innovative.

[ttxxx]

However kluelos, you may have missed my point.

One of the major reason why some people prefer a OSS (not necessary free of charge) programming model for everyday programs is that, it would not be haunted by adware and spyware. It is just impossible.

And for the cheating bit, it should be prevent by design, not by obfuscating. It is not BitComet to be blamed for that, since this is not the party who developed the protocol. There are also other ways, such as using opensourced apps to cheat, but in BT if you don't upload, you hardly get any downloaded. And uploading hash-failing bits doesn't help either.

But for me the biggest pain is to see a good program starting to degrade. To compare the cutting-edge and 0.70 version of BitComet, despite many design differences such as newer categorizing systems (with lots of unfixed bugs) and non-saving prefs, the most obvious one is the "recommend window". Seriously, I don't want to use a program looking like this, it just looks like another Kazza to me. If that is the trend of BitTorrent programs, I guess people would only use old clients and never update.

[Reaper2k3]

Yes, its called IE 7, where they removed a lot of the old code. And that's what an error report is for.

Quoting an a much older post but I have a point. The difference between IE and BitComet is IE is improving (well sort of). And that is where the underlying framework for a call for open source is laid.

What happened to the ability to open a different link with different trackers to a task already in BitComet and have the current task's property window pop up and get the extra trackers added? Where did all these pointless bloat sections come from? I don't need a "search" bar, or any of these other new sections. Hopefully this versions isn't retaining the .85 bug that didn't let you add duplicate trackers of tasks you already deleted. And have you people never heard of minimize to tray (not close to tray, when I press the X, I want it to close)?

[kluelos]

I suspect the issue is just not really understanding Bittorrent, which would not make you unique at all, trust me! The problem about cheating it lies with ratio-tracking sites. They rely on the client to tell the tracker how much they uploaded, but there's no way in the world to verify that report. (This is the part many do not get.)

Thus, there exists a "client" that swipes the tracker every 20 minutes and claims that it has uploaded a whole bunch, but hasn't really uploaded anything at all to anyone. Nor has it downloaded. Its sole purpose and function is to plausibly lie to the tracker, in order to boost the user's ratio. It doesn't necessarily even communicate with other peers. It's built on the Azureus frame, but can identify itself as any client at all -- even has a user-modifiable ID string, IMSMR, so it can identify itself as pretty much any client, including those not yet written.

One of these in the world is more than enough. Unlike most other applications then, Bittorrent is just ripe for this sort of abuse, and private ratio-counting trackers provide an incentive for programmers to create them. This is quite different, and it's not self-correcting in the way that adware would be, since negative impact on the community is very indirect and temporally offset. There's even a certain amount of ill-will toward such trackers, and diminished sympathy for the issue since most of the material they track is probably illegal in the first place.

I agree with you as far as this last crop of releases goes, but that is a process issue -- none of them should have been released yet until proven far more stable. Yet there is nothing inherent in the FOSS process that prevents this either. You still get really buggy new releases with a flurry of fixes afterwards. It shouldn't be that way, on either side, but it is. Following, one may infer, the example of certain major commercial software companies...

[Reaper2k3]

The "random idiots and people with p**** envy have access to the code" problem with open source is always there, with every program - bit torrent is not unique in that regard. And pretending that it is some sort of ego problem I'm guessing. The thing about open source is make it popular, or keep your friends close and enemies closer and therefore try to keep the crap in check. And, I'm pretty sure people can create hacks without direct access to the code that do this kind of crap, the stuff you describe doesn't suddenly appear out of thin air when stuff becomes open source.

[joshm]

I accept your decision to keep it closed source, but your argument to keep the integrity of the net is IMHO not valid for the official/documented BitTorrent protocol. There are lots of open source clients that can be modified and I doubt there are trackers that ban all of them. And even if one tracker tries to do so, the malicious user just needs to hack the peer ID and HTTP User-Agent as well to make it look like he is using BitComet.

Your argument may be true for your additions to the protocol. Imagine there existed a command to force a BitComet client to unchoke a connection and send data at full bandwidth. In that case I wouldn't want to document that command as well.

Do you have something similar to hide? ;)

I think BC should make certain proprietory protocol code open source to embed/reverse engineer into other clients.

[...]

There needs to be more colaberation, or else the BT world will fragment even more into the UT and AZ duopoly.

I second that. Please contribute to http://wiki.theory.org/BitTorrentSpecification. You could start with the "reserved" bits in handshake.

[Polymorpher]

From what i read around the forums i'd say that the developers of BC have nothing but security fears in their mind. Ever considered that in a good amount of networks out there have no usage of scores and accuracy so nobody realy cares is theres some lame a** out there cheating. And there are enough smart ppl out there to counter flooders and spamers. Keeping an official project will always be one step ahead. So private trackers will limit to using whatever client they wish - big deal. Besides unlike i see swarms of users posting in this forum to be able to say development moving well forward... h*** if you care so much for the source modify it rip some part of it and release a hybrid - ppl will still wish to build on it even if its half of what BC is now ... If you are so obsesed with not releasing it - h***, think of expanding the project, even the smalest community can find ppl to work with and relate to if you like ... The source aside, you dont even have a interface capable of taking full benefit of the program. So you cant realy say development has gone way ahead so far ... I would spare a fair amount of cash on a JUST stable client with a good interface and its not only me.

[pdt8]

With due respect to the BC developers, I also have to say I think that the reasoning to keep it closed is faulty. As long as there is ANY open source BT client out there - or even just if the BT protocol is a known quantity - there will be cheaters and RIAA/MPAA bastards corrupting the network. Open sourcing BC might mean they would decide to use BC to cheat too, which could seem like a headache to you, but I doubt it means much will change from status quo except that you now get the advantage of hundreds of people who want to help you improve your code. Maybe the BC team is just settled into their development paradigm and don't want to go to the trouble to open source their efforts. Or maybe they are worried about how embarrassed they'll be when everyone sees their crappy code. ;) :lol: :P :D Don't worry, there is a lot of crappy code burried in most FOSS projects. ;)