Live Spins

[Nicolas Canepa]

Did you check the MD5SUM of the downloaded ISO?

Regards,
Nicolás Cánepa
ncanepa at fcen.uba.ar
www.ccc.fcen.uba.ar
Teléfono - 4576-3382
CCC - Centro de Comunicación Científica
UBA - Facultad de Ciencias Exactas y Naturales


R A Jon Hamelin escribió:
> Bill Davidsen wrote:
>> R A Jon Hamelin wrote:
>>> Frank Cox wrote:
>>>> On Sun, 11 Nov 2007 11:34:57 -0800
>>>> R A Jon Hamelin <jon_hamelin at shaw.ca> wrote:
>>>>
>>>>> I have had bad experiences with torrents and will not use them again.
>>>>
>>>> What's wrong with the torrents?  I downloaded F8 that way the other 
>>>> day at a
>>>> very healthy pace.
>>>>
>>>  Hi Frank:
>>>
>>> A little over a year ago I downloaded a file - 4.3 GB - from what I 
>>> thought was a safe site. After installing the program, my computer 
>>> rebooted by itself and all hell broke loose. I no longer had a 
>>> functioning BIOS. In addition it wiped my hard drives. Checking with 
>>> the site in question, I discovered that the file should have been 3.8 
>>> GB.
>>
>> Obviously the fault of torrent, because if you downloaded that same 
>> 4.3GB file by ftp... wait, it still would have done the same thing, 
>> because the problem was the content not the delivery system. Blaming 
>> torrent for the effects of bad content is like blaming UPS because you 
>> ordered one thing and got another.
>>
>> You didn't get 4.3GB instead of 3.8GB because of torrent, you got it 
>> because it started out bad at the original source (including the 
>> possibility of having a bad .torrent file to start with). And you 
>> didn't do the check for size and checksum *before* you used the file, 
>> and probably let something run as root or actually booted it, or it 
>> couldn't have reached the BIOS or rebooted the machine... In other 
>> words you didn't follow best practices and as a result something bad 
>> happened, and you didn't have a backup of critical data.
>>>
>>> In my opinion bit torrents are a security issue. Having lost 3 days 
>>> worth of irreplaceable photos from a commercial shoot and the 
>>> contract, it was an expensive lesson for me.
>>>
>> Torrent is safer than any download from a single site, because any one 
>> site can only corrupt a fraction of the overall content, and because 
>> there is a crc on every small part of the download. That makes it very 
>> hard for any undetected problems to get through, assuming you check 
>> the sum of the files, etc.
>>
>> The "expensive lesson" involves backups, verifying anything you 
>> download before use, and other best practice issues.
> 1) The torrent was started from a https site, which I assumed to be 
> secure. When I contacted the site owner, they had their security look 
> into the problem and the conclusion was that one of the seeders managed 
> to maliciously  alter the torrent. This affected  in the neighborhood of 
> 18 people/companies .
> 2) It was downloaded to a XP box. Had I been on my Fedora or Solaris 
> box, such damage would not have happened. The torrent was zipped and 
> everything started happening when I unzipped the file, not on install. I 
> misspoke.
> 
> 3) I had just transfered the photos from the SD cards and had not had 
> time to back them up. My boxes are all backed up to my server at 3 AM 
> every day.
> 
> 4) My original post was to inquire if the Developer spin was available 
> via a straight download, not to discuss the pros and cons of torrents. I 
> downloaded the F8 DVD as a regular download in 42 minutes. Why would I 
> want some insecure software exposing me to who knows what risks for 12 
> or so hours? No Thank you.
> 
> So once again I will try to inquire if the spin is available as a 
> straight download and if so, could I be pointed in the right direction. 
> I presently use OpenSolaris Developer Edition and would be very 
> interested in comparing it to the Fedora Developer Spin.
> 
> Sincerely,
> Jon
>