Live Spins
Nicolas Canepa
ncanepa at fcen.uba.ar
Thu Nov 15 16:20:09 UTC 2007
Sorry, the SHA1SUM
Sincerely,
Nicolás Cánepa
ncanepa at fcen.uba.ar
www.ccc.fcen.uba.ar
Teléfono - 4576-3382
CCC - Centro de Comunicación Científica
UBA - Facultad de Ciencias Exactas y Naturales
Nicolas Canepa escribió:
> Did you check the MD5SUM of the downloaded ISO?
>
> Regards,
> Nicolás Cánepa
> ncanepa at fcen.uba.ar
> www.ccc.fcen.uba.ar
> Teléfono - 4576-3382
> CCC - Centro de Comunicación Científica
> UBA - Facultad de Ciencias Exactas y Naturales
>
>
> R A Jon Hamelin escribió:
>> Bill Davidsen wrote:
>>> R A Jon Hamelin wrote:
>>>> Frank Cox wrote:
>>>>> On Sun, 11 Nov 2007 11:34:57 -0800
>>>>> R A Jon Hamelin <jon_hamelin at shaw.ca> wrote:
>>>>>
>>>>>> I have had bad experiences with torrents and will not use them again.
>>>>>
>>>>> What's wrong with the torrents? I downloaded F8 that way the other
>>>>> day at a
>>>>> very healthy pace.
>>>>>
>>>> Hi Frank:
>>>>
>>>> A little over a year ago I downloaded a file - 4.3 GB - from what I
>>>> thought was a safe site. After installing the program, my computer
>>>> rebooted by itself and all hell broke loose. I no longer had a
>>>> functioning BIOS. In addition it wiped my hard drives. Checking with
>>>> the site in question, I discovered that the file should have been
>>>> 3.8 GB.
>>>
>>> Obviously the fault of torrent, because if you downloaded that same
>>> 4.3GB file by ftp... wait, it still would have done the same thing,
>>> because the problem was the content not the delivery system. Blaming
>>> torrent for the effects of bad content is like blaming UPS because
>>> you ordered one thing and got another.
>>>
>>> You didn't get 4.3GB instead of 3.8GB because of torrent, you got it
>>> because it started out bad at the original source (including the
>>> possibility of having a bad .torrent file to start with). And you
>>> didn't do the check for size and checksum *before* you used the file,
>>> and probably let something run as root or actually booted it, or it
>>> couldn't have reached the BIOS or rebooted the machine... In other
>>> words you didn't follow best practices and as a result something bad
>>> happened, and you didn't have a backup of critical data.
>>>>
>>>> In my opinion bit torrents are a security issue. Having lost 3 days
>>>> worth of irreplaceable photos from a commercial shoot and the
>>>> contract, it was an expensive lesson for me.
>>>>
>>> Torrent is safer than any download from a single site, because any
>>> one site can only corrupt a fraction of the overall content, and
>>> because there is a crc on every small part of the download. That
>>> makes it very hard for any undetected problems to get through,
>>> assuming you check the sum of the files, etc.
>>>
>>> The "expensive lesson" involves backups, verifying anything you
>>> download before use, and other best practice issues.
>> 1) The torrent was started from a https site, which I assumed to be
>> secure. When I contacted the site owner, they had their security look
>> into the problem and the conclusion was that one of the seeders
>> managed to maliciously alter the torrent. This affected in the
>> neighborhood of 18 people/companies .
>> 2) It was downloaded to a XP box. Had I been on my Fedora or Solaris
>> box, such damage would not have happened. The torrent was zipped and
>> everything started happening when I unzipped the file, not on install.
>> I misspoke.
>>
>> 3) I had just transfered the photos from the SD cards and had not had
>> time to back them up. My boxes are all backed up to my server at 3 AM
>> every day.
>>
>> 4) My original post was to inquire if the Developer spin was available
>> via a straight download, not to discuss the pros and cons of torrents.
>> I downloaded the F8 DVD as a regular download in 42 minutes. Why would
>> I want some insecure software exposing me to who knows what risks for
>> 12 or so hours? No Thank you.
>>
>> So once again I will try to inquire if the spin is available as a
>> straight download and if so, could I be pointed in the right
>> direction. I presently use OpenSolaris Developer Edition and would be
>> very interested in comparing it to the Fedora Developer Spin.
>>
>> Sincerely,
>> Jon
>>
>
More information about the fedora-list
mailing list