Live Spins

[Nicolas Canepa]

Sorry, the SHA1SUM

Sincerely,
Nicolás Cánepa
ncanepa at fcen.uba.ar
www.ccc.fcen.uba.ar
Teléfono - 4576-3382
CCC - Centro de Comunicación Científica
UBA - Facultad de Ciencias Exactas y Naturales


Nicolas Canepa escribió:
> Did you check the MD5SUM of the downloaded ISO?
> 
> Regards,
> Nicolás Cánepa
> ncanepa at fcen.uba.ar
> www.ccc.fcen.uba.ar
> Teléfono - 4576-3382
> CCC - Centro de Comunicación Científica
> UBA - Facultad de Ciencias Exactas y Naturales
> 
> 
> R A Jon Hamelin escribió:
>> Bill Davidsen wrote:
>>> R A Jon Hamelin wrote:
>>>> Frank Cox wrote:
>>>>> On Sun, 11 Nov 2007 11:34:57 -0800
>>>>> R A Jon Hamelin <jon_hamelin at shaw.ca> wrote:
>>>>>
>>>>>> I have had bad experiences with torrents and will not use them again.
>>>>>
>>>>> What's wrong with the torrents?  I downloaded F8 that way the other 
>>>>> day at a
>>>>> very healthy pace.
>>>>>
>>>>  Hi Frank:
>>>>
>>>> A little over a year ago I downloaded a file - 4.3 GB - from what I 
>>>> thought was a safe site. After installing the program, my computer 
>>>> rebooted by itself and all hell broke loose. I no longer had a 
>>>> functioning BIOS. In addition it wiped my hard drives. Checking with 
>>>> the site in question, I discovered that the file should have been 
>>>> 3.8 GB.
>>>
>>> Obviously the fault of torrent, because if you downloaded that same 
>>> 4.3GB file by ftp... wait, it still would have done the same thing, 
>>> because the problem was the content not the delivery system. Blaming 
>>> torrent for the effects of bad content is like blaming UPS because 
>>> you ordered one thing and got another.
>>>
>>> You didn't get 4.3GB instead of 3.8GB because of torrent, you got it 
>>> because it started out bad at the original source (including the 
>>> possibility of having a bad .torrent file to start with). And you 
>>> didn't do the check for size and checksum *before* you used the file, 
>>> and probably let something run as root or actually booted it, or it 
>>> couldn't have reached the BIOS or rebooted the machine... In other 
>>> words you didn't follow best practices and as a result something bad 
>>> happened, and you didn't have a backup of critical data.
>>>>
>>>> In my opinion bit torrents are a security issue. Having lost 3 days 
>>>> worth of irreplaceable photos from a commercial shoot and the 
>>>> contract, it was an expensive lesson for me.
>>>>
>>> Torrent is safer than any download from a single site, because any 
>>> one site can only corrupt a fraction of the overall content, and 
>>> because there is a crc on every small part of the download. That 
>>> makes it very hard for any undetected problems to get through, 
>>> assuming you check the sum of the files, etc.
>>>
>>> The "expensive lesson" involves backups, verifying anything you 
>>> download before use, and other best practice issues.
>> 1) The torrent was started from a https site, which I assumed to be 
>> secure. When I contacted the site owner, they had their security look 
>> into the problem and the conclusion was that one of the seeders 
>> managed to maliciously  alter the torrent. This affected  in the 
>> neighborhood of 18 people/companies .
>> 2) It was downloaded to a XP box. Had I been on my Fedora or Solaris 
>> box, such damage would not have happened. The torrent was zipped and 
>> everything started happening when I unzipped the file, not on install. 
>> I misspoke.
>>
>> 3) I had just transfered the photos from the SD cards and had not had 
>> time to back them up. My boxes are all backed up to my server at 3 AM 
>> every day.
>>
>> 4) My original post was to inquire if the Developer spin was available 
>> via a straight download, not to discuss the pros and cons of torrents. 
>> I downloaded the F8 DVD as a regular download in 42 minutes. Why would 
>> I want some insecure software exposing me to who knows what risks for 
>> 12 or so hours? No Thank you.
>>
>> So once again I will try to inquire if the spin is available as a 
>> straight download and if so, could I be pointed in the right 
>> direction. I presently use OpenSolaris Developer Edition and would be 
>> very interested in comparing it to the Fedora Developer Spin.
>>
>> Sincerely,
>> Jon
>>
>