D.i.N.S. v1.0B

[01000101]

Hello once again.

Tonight the state of my OS is strong.

I have finally done enough testing and tweaking to declare this version 1.0B stable. I had an issue with the RTL8139 Tx underrunning thus basically halting the card, but I corrected the issues, and also added damage control if the issue ever arose again. Actually, I ended up adding ALOT of damage control/correction throughout most major aspects of my OS.

ARES, Bittorrent, Limewire, WinMX, and KaZaA are officially abled to be blocked and a few can be throttled if need be. In Bittorrent and Limewire I have added a feature to block outgoing requests for peers, thus rendering the client stupid. This method also cuts down on connection/searching overhead by half as the other peers never get a request to reply to. I am working on methods for KaZaA as we speak. Azureus/Vuze is up next as I have the decryption structures setup to pinpoint encrypted bittorrent traffic from Azureus.

I had to take out two experimental bittorrent signatures yesterday as they were not as unique as I had origionally thought, but then again, I labled them experimental for a reason I guess.

My OS is now fully Polling based, and no longer supports external interrupts of any kind for security reasons. Timestamps are manually acquired from the RTC when need be.

After my meeting with the attourny mentioned in my previous release post, I am a bit more ambitious about this idea, and its livelyhood. I found out that the person I met up with is not only an attourny, but also an angel investor and was eager to aid me financially with things like code/binary protection and travelling expenses to pitch my idea to others. I have another meeting with 3 more of his associates who are a mixture of entreprenuers, tech startup aids, attournys, venture capitolists, and angel investors to see what needs to be done to get this off of the ground. Also, very soon I shall be an official company and if the meeting goes well, hopefully have consultants.

With this release, I am also supplying a poll as to which Administration method you would prefer is you were to be in charge of administering a D.i.N.S. box, and the outcome will weigh my final decision on which method to implement.

[pcmattman]

Admin via a router-style interface is much easier (and you can also open it up with a username and password to the internet, which allows you to do remote administration when you aren't around).

Hope it all goes well, I look forward to hearing about the future of D.i.N.S!

[piranha]

Wow, you're moving ahead!

I would prefer all computers having access (with a password, or something) because it's more accessible.

-JL

[ucosty]

I vote for IOS style command line over SSH or as a fallback Telnet.

[os64dev]

I voted serial UI. The reason is that it seems that you are really making a nice product and though a wbeservice is very nice an easy maintainable the serial UI makes it less vonurable to trojans and other things. Configuring with a laptop is quite easy i guess..

[dizcoder]

The administrator should be able to make decision wether the administration interface is exposed to full network or just to the serial/parallel port. In a security-relevant environment the admin would decide wisely for the latter, as in many other situations it is more comfortable to have many access points spread over the net.

Command Line vs. Web-GUI:
CLIs are accessible through old hardware/software
CLIs allow more complex tasks which admins often have to perform
Once your CLI works you can easily add a Web-GUI on top of it
Web-GUIs are more intuitive and easily operated by inexperienced users

[01000101]

Just a little bit of a sub-update (not worthy of a DiNS.ver += .01):

I have added blocking (fully tested) functions for µTorrent, Transmission, and (finally) Azureus/Vuze.
Encryption was not much of a challenge...

I also improved the algorithms that preform RTL8139 sanity checks and auto-correction. I'm about to look into eDonkey/Mule and some other 'less popular' clients. If you personally have used other (not listed) clients, please feel free to blurt them out so I can visciously examine them.

[JamesM]

Limewire gets used pretty heavily over here (UK).

[Combuster]

The ED2K network is pretty much the standard here (or KAD when it comes to Emule). Or was - I haven't really used it the past years. The occasional download usually goes via bittorrent as it works a lot faster.

There was WinMX but after 3 years not updating it kindof stopped working... I recall there were attempts to shut it down. I had a quick google and the community built a RIAA-proof patch (effectively decentralizing the network) which I don't have as of yet.

[lukem95]

Limewire and Bearshare are the two biggest download programs i hear about people of my age using (UK)... i personally use uTorrent, but you've already got that covered

[01000101]

Ok, replying to the above three posts, it looks like I need to look into the eDonkey/Mule and BearShare clients and how they work. So as of now, the current blocked list is as follows:

BitTorrent
uTorrent
ARES
LimeWire
Azureus (blocked with encryption for both versions of Azureus)
Vuze
Transmission
KaZaA
WinMX

If there are anymore that you can think of that are being used frequently, let me know.. also if you hear about any new 'encryption' or 'protection' schemes used in p2p or bittorrent, let me know so i can look into it.

[suthers]

shareaza (http://www.shareaza.com/) was used a lot when I lived in Belgium and my friends there still use it (as do I).
Jules

[Combuster]

Well, to foil practically everything you can always SSH out to a remote proxy, tunnel VPN over a SSH link, or some other bla-bla-SSH-bla-bla-circumvention-bla-bla-something trick. The key problem is, SSH may of itself be no proof of bad intent or even necessary for dailiy work.

I use it to circumvent university's firewall (only allows ssh+(secure) http ports) in order to access my stuff outside. I know people who do it over port 443 when the ssh port is blocked too.

Oh well, use it to your advantage

[01000101]

ok, mark sharezaa down on the old 'to do' list. Thanks

As for SSH tunelling, DiNS is a gateway, therefor couldn't I just intercept the pre-encrypted data and use it to decrypt the stream? If not, would it be wise to add a configurable SSH (on/off) utility?

[Brynet-Inc]

I remain firm on my position, it's people like 69'er here that will end it all..

And eventually, we'll all have numerical names too.

Please end this freedom crushing project 'e', you're helping nobody but big corporations that want to control the flow of information on the Internet.

As for your plans to filter SSH, good luck with that, large corporations utilize the protocol.. and, if it's available it can be used for tunnelling. (Btw, nothing in the pre-encrypted handshake will allow you to differentiate.. or decrypt anything. ).