A Note on the DDoS Attacks

Adam Kelly —  January 29, 2015 — 2 Comments

Recently, several sites have noticed DDoS attacks from torrent clients in China. These attacks are not originating in the torrent ecosystem, but are caused by DNS servers returning incorrect IP addresses for well-known BitTorrent trackers.

While the identity of the perpetrators and the motivation remain unclear, we here at BitTorrent would like to share some of our expertise that may help website operators mitigate these attacks.

Torrent Trackers work similarly to a normal HTTP server, but in a more limited fashion. Torrent clients contact the server, and ask it information about the torrent and the swarm.

Because of this, the misdirected torrent clients will contact the victim HTTP server, and see what looks like a valid HTTP response (although not a valid “scrape reply”).

If you follow the link to Jamie’s blog, you will notice that that he suggests a configuration change for Apache similar to the one below:

[Credit Jamie Zawinski]

In our example above, we’ve changed the response code from 404 to 410. uTorrent, Bittorrent, and torrent clients based on the excellent libtorrent library will interpret this HTTP response code as “do not attempt to contact this tracker again”. That will cause the request traffic to fall off much faster.

References:
http://furbo.org/2015/01/28/grass-mud-horse/
http://www.jwz.org/blog/2015/01/chinese-bittorrent-the-gift-that-keeps-on-giving/
http://blog.devops.co.il/post/108740168304/torrent-ddos-attack
http://www.bittorrent.org/beps/bep_0031.html

This piece is the first of a two-part series on optimizing your work for BitTorrent Bundle

If you’ve followed the news lately, you’ll have noticed that BitTorrent is on its way up in the music world. When we’re not busy launching an album for Radiohead’s Thom Yorke or boosting a Madonna movie, we’re helping smaller artists knock down the castle walls that have excluded them from success in the music business.
Continue Reading…

Secure messaging client Bleep now allows for asynchronous chat.

Communicating privately with your friends, coworkers and family isn’t easy as you may think. While sending a “private” message may seem secure, the reality is that message still lives on a server somewhere, remaining vulnerable to third-party infiltration. In the past year alone, we have seen incidents of private photos and corporate emails being hacked and made public. This happens only because there is a honeypot, data stored in the cloud.
Continue Reading…

There are two central components in any secure communication: authentication and confidentiality. Authentication is the ability to be certain that the other end of a conversation is who you expect it to be. Confidentiality is your ability to communicate without an eavesdropper discerning what you are saying. In Bleep, we’ve also taken steps to obfuscate that you are talking to somebody, by not having a central repository of all metadata.
Continue Reading…

Every Test Automator’s dream is to slack off all day while their automation catches all the bugs.  Something that stands in the way of this paradise are visual bugs.  Though they are often minor, catching them involves an enormous amount of manual testing effort because:

  • Styling is usually shared across a project, so a change to make a button on screen A look better may make it look worse on screen B. This necessitates testing every screen individually.
  • UI-driven tests can not always catch the major ones, since tools may be able to find an element that’s been moved into a user-inaccessible area.
  • Testing is compounded by things like browser / OS compatibility, so you need to visually QA each environment individually.
  • You start having flashbacks to those awful “Find 5 Things Different About This Picture” newspaper puzzles.

Continue Reading…

At BitTorrent, our team of engineers are managing a complex set of tasks across many versions of our growing products. Perhaps no team feels the squeeze now than the engineers working on Sync as it transitions to 2.0. Sync Engineer and frequent blog contributor Richard Brooks recognized the difficulty of tracking the progress of Sync across Windows, Mac, Linux, and FreeBSD:
Continue Reading…

How Does Bleep Work?

Farid Fadaie —  September 17, 2014 — 13 Comments

We unveiled Bleep a few weeks ago, and we have received nothing but love from our users. We’ve also had many great questions that we will be gradually answering in blog posts, our forums and other social channels. And today we’ve taken a step further, bringing Bleep to Open Alpha and adding clients for Mac and Android. There’s more to Bleep than we can fit in a single blog post, but here’s an overview of the big picture, including some high level technical details and answers to some of the questions around how Bleep works.

Continue Reading…

Installing Mavericks inside a virtual machine is fairly easy, but there are a few tricks to be aware of if you’re on a newer Mac. Credit to Natsuki’s post for sharing how to get the Mavericks installer to run on Apple computers with Intel Haswell CPU’s. Natsuki also notes a workaround for Apple computers with ECC RAM that requires the removal of a kernel module from the install image using iesd.

Download and install the latest VirtualBox for OS X hosts from here. We’ll be using VirtualBox so that anybody can follow these steps.

Download the Mavericks Installer App through the App Store.The Mavericks installer is provided for free by Apple for users to upgrade their computers to the latest version of OS X. We’ll be making use of the install image provided by this application to install Mavericks within a virtual machine.

While we’re waiting for the Mavericks Installer to download, lets get started on configuring our new Virtual Machine.

Create a New Virtual Machine

2014-06-13_1303
Continue Reading…

uTorrent

Our flagship torrent clients, uTorrent and BitTorrent, do many different things in the course of downloading content onto your computer faster than what’s physically possible with other protocols. There is a lot of functionality going on under the hood in the course of a download, which fall into three broad categories: networking, disk IO and user interface. We have written before about enhancements in the first two categories (uTP, DHT and multithreaded disk IO, for instance) and are now pleased to announce new improvements in how the user interface interacts with the rest of the system.

In addition to requesting and sharing pieces of files on the network and assembling them on disk, the client needs to convey these activities to the user by showing them on the screen. The logic which displays this information often interacted with the rest of the program in a coarse and intrusive way, requiring networking and/or disk IO to briefly halt while the information was gathered. For example, while viewing the list of files contained in a torrent and their relative download progress, the networking subsystem would be halted several times a second. However brief these pauses were, when multiplied by several UI elements and possibly large lists of torrents and their files, it was enough to slow overall performance.

As an analogy, consider a car’s speedometer as the user interface and the engine, transmission and wheels as the core subsystem doing the work. If the engine had to pause several times a second to update the state of the speedometer, performance would suffer.

To avoid these pauses, the layer between the UI and the rest of the system was made richer and less synchronous. Instead of pausing the subsystem to interrogate values, the UI first conveys broadly what it is interested in (which tab is visible, which torrent is selected), and the subsystem then asynchronously presents only the updated information relative to that state. The user interface layer is then free to present this information without holding up the other layers.

This is an exciting update for us to issue, as the entire engineering team is constantly refining products to try and provide the best user experience.

There’s always more to come on this front, so do stay tuned!