This post originally appeared on Jason’s blog, Codeabout

Coming from Python, for the most part, I felt right at home in the Clojure REPL. However, one of my trustiest old tricks in the Python interpreter didn’t work nearly as well in Clojure.
Continue Reading…

A Note on the DDoS Attacks

Adam Kelly —  January 29, 2015 — 3 Comments

Recently, several sites have noticed DDoS attacks from torrent clients in China. These attacks are not originating in the torrent ecosystem, but are caused by DNS servers returning incorrect IP addresses for well-known BitTorrent trackers.

While the identity of the perpetrators and the motivation remain unclear, we here at BitTorrent would like to share some of our expertise that may help website operators mitigate these attacks.

Torrent Trackers work similarly to a normal HTTP server, but in a more limited fashion. Torrent clients contact the server, and ask it information about the torrent and the swarm.

Because of this, the misdirected torrent clients will contact the victim HTTP server, and see what looks like a valid HTTP response (although not a valid “scrape reply”).

If you follow the link to Jamie’s blog, you will notice that that he suggests a configuration change for Apache similar to the one below:

[Credit Jamie Zawinski]

In our example above, we’ve changed the response code from 404 to 410. uTorrent, Bittorrent, and torrent clients based on the excellent libtorrent library will interpret this HTTP response code as “do not attempt to contact this tracker again”. That will cause the request traffic to fall off much faster.

References:
http://furbo.org/2015/01/28/grass-mud-horse/
http://www.jwz.org/blog/2015/01/chinese-bittorrent-the-gift-that-keeps-on-giving/
http://blog.devops.co.il/post/108740168304/torrent-ddos-attack
http://www.bittorrent.org/beps/bep_0031.html

This is the first of two posts. To read the second, on metadata for BitTorrent Bundles, click here.

If you’ve followed the news lately, you’ll have noticed that BitTorrent is on its way up in the music world. When we’re not busy launching an album for Radiohead’s Thom Yorke or boosting a Madonna movie, we’re helping smaller artists knock down the castle walls that have excluded them from success in the music business.
Continue Reading…

Secure messaging client Bleep now allows for asynchronous chat.

Communicating privately with your friends, coworkers and family isn’t easy as you may think. While sending a “private” message may seem secure, the reality is that message still lives on a server somewhere, remaining vulnerable to third-party infiltration. In the past year alone, we have seen incidents of private photos and corporate emails being hacked and made public. This happens only because there is a honeypot, data stored in the cloud.
Continue Reading…

There are two central components in any secure communication: authentication and confidentiality. Authentication is the ability to be certain that the other end of a conversation is who you expect it to be. Confidentiality is your ability to communicate without an eavesdropper discerning what you are saying. In Bleep, we’ve also taken steps to obfuscate that you are talking to somebody, by not having a central repository of all metadata.
Continue Reading…

Every Test Automator’s dream is to slack off all day while their automation catches all the bugs.  Something that stands in the way of this paradise are visual bugs.  Though they are often minor, catching them involves an enormous amount of manual testing effort because:

  • Styling is usually shared across a project, so a change to make a button on screen A look better may make it look worse on screen B. This necessitates testing every screen individually.
  • UI-driven tests can not always catch the major ones, since tools may be able to find an element that’s been moved into a user-inaccessible area.
  • Testing is compounded by things like browser / OS compatibility, so you need to visually QA each environment individually.
  • You start having flashbacks to those awful “Find 5 Things Different About This Picture” newspaper puzzles.

Continue Reading…

At BitTorrent, our team of engineers are managing a complex set of tasks across many versions of our growing products. Perhaps no team feels the squeeze now than the engineers working on Sync as it transitions to 2.0. Sync Engineer and frequent blog contributor Richard Brooks recognized the difficulty of tracking the progress of Sync across Windows, Mac, Linux, and FreeBSD:
Continue Reading…

How Does Bleep Work?

Farid Fadaie —  September 17, 2014 — 21 Comments

We unveiled Bleep a few weeks ago, and we have received nothing but love from our users. We’ve also had many great questions that we will be gradually answering in blog posts, our forums and other social channels. And today we’ve taken a step further, bringing Bleep to Open Alpha and adding clients for Mac and Android. There’s more to Bleep than we can fit in a single blog post, but here’s an overview of the big picture, including some high level technical details and answers to some of the questions around how Bleep works.

Continue Reading…

Installing Mavericks inside a virtual machine is fairly easy, but there are a few tricks to be aware of if you’re on a newer Mac. Credit to Natsuki’s post for sharing how to get the Mavericks installer to run on Apple computers with Intel Haswell CPU’s. Natsuki also notes a workaround for Apple computers with ECC RAM that requires the removal of a kernel module from the install image using iesd.

Download and install the latest VirtualBox for OS X hosts from here. We’ll be using VirtualBox so that anybody can follow these steps.

Download the Mavericks Installer App through the App Store.The Mavericks installer is provided for free by Apple for users to upgrade their computers to the latest version of OS X. We’ll be making use of the install image provided by this application to install Mavericks within a virtual machine.

While we’re waiting for the Mavericks Installer to download, lets get started on configuring our new Virtual Machine.

Create a New Virtual Machine

2014-06-13_1303
Continue Reading…