Grad Student Project Uses Wikis To Stash Data, Miffs Admins

Anonymous writes "Two graduate students at the Ivy League's Brown University built a P2P system to use abandoned wiki sites to store data. The students were stealing bandwidth from open MediaWiki sites to send data between users as an alternative to BitTorrent. There was immediate backlash as site operators quickly complained to the University. The project appears to be shutdown, but many of the pages still remain on the web. The project homepage was also taken down and the students posted an apology this afternoon." The same submitter links to two different forum discussions on the project.

What the Page Originally Said

[Anonymous Coward]

Google Cache still has the old data.

http://209.85.173.132/search?hl=en&q=cache%3Ahttp%3A//graffiti.cs.brown.edu/ [209.85.173.132]

C&P of page text (in case the cache updates quickly):

Graffiti Networks
A Subversive, Internet-Scale Peer-to-Peer File Sharing Model

Abstract:
The proliferation of peer-to-peer (P2P) file sharing protocols is due to their efficient and scalable methods for data dissemination to numerous users. But many of these networks have no provisions to provide users with long term access to filesafter the initial interest has diminished, nor are they able to protect users from malicious clients that wish to implicate them in incriminating activities. We present a new file sharing paradigm that harnesses the potentially unlimited storageof the Internet as a third-party intermediary for peers to indirectly transfer data with each other. We base our decentralized architecture on the premise that users trust file sharing coordinators, but do not trust any other user. Our key contributions in this paper include an overview of the design for a P2P system that implements our new model and a discussion ofthe challenges that such a system will likely encounter.

People:

        * Andrew Pavlo - Brown University
        * Ning Shi - Brown University

Re:What the Page Originally Said

[fractoid]

Next step; using Google Cache to stash data. :D

Or worse

[TheLink]

Next, using viruses to spread and stash data in humans.

Imagine when the relevant technologies involved get affordable and some kid thinks it would be cool/neat to do that.

Many people think that scientific progress requires allowing everyone to research whatever they want. To me certain research paths shouldn't be done _yet_, and left till later till humans and human societies are more ready to cope with the long term consequences and potential effects.

We are getting a bit close to the time when creating "Th

Re:What the Page Originally Said

[schmiddy]

Note from Bot #1536: Moderators, please mod to +5 so that all bots see this post.

• filename: X-Men.Origins.Wolverine.2009.WORKPRiNT.XviD-NoRar.avi
• chunk: 1050
• total chunks: 10342
• encoding: base64
• Post-Id: wADP1bX99oZfbC13udF

499Vm0C+Yq/ 8Tix8fxSTmuRLmVlhPkJ7oDVazbUpuoM2MR 4nf9RAidWI+Twy5tZeArnSZSm+f ikLjPW14Xw4N9f 5nZqFiQiVOcESYUHbwbod/ NBzGeJ6rAY6o+fikLjPW14 Xw4N9fSc0L4jbXI2AjGQKy Ftiimwe1cJ6LMMXCCnsyoVT PA2ZH95XQ1aeyN98/nerWrL tbiUPrnkbK3NJyLiN2j/OKp yR1Y7R1gZIzKYqBhUPiyITY L3f3AdXw1vflQpNOg2QbOeI nhLdu2AaJLXqX8VhV7MeTV58 IWePNlD+wUWKL0CS+6Wt+zG/ a0qbKvpTuKnoeyWp1UcvLlfEq iU1FOyjxaR5BA1hUcAeHaQG 0pPbGK74MTXe9NVYa0E2vtTP 5iNe3t76DLPjCM0P7r+KJJea SF6BQKBLhzpXPeZVCsmXHPHC hIAsOV4huZFE+fX5cAwwNpE+ Y8ZbNqNN/Drj/eRzXLIghkNl Wn1iEB7aEn7e brQ9MUGAYasx0Lx7WYzmwU1T k5GhYb4j5QNqi7nDMSeXuY1l FTJmbMKpPoTpn22aWPEEuVvO j2umDm+GWLk4kPU8ODRg1Uep Sifu72YkEpExpg

Anti-Slashcode text: had a very accurate perception of what was good for herself. So, she appropriated the greater part of the weekly stipend to her own use, and consigned the rising parochial generation to even a shorter allowance than was originally provided for them.

Re:What the Page Originally Said

[catmistake]

REQ: Star Trek (workprint) (AAC/mp4 2000kb/s)

TIA !!!!!

Theft?

[palegray.net]

The students were stealing bandwidth from open MediaWiki sites

The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft. I manage servers and write code for a living, and while I'd put a stop to such practices on any site I managed, the use of the term "theft" is laughable.

This is very much reminiscent of Microsoft crying to the media that all their security problems were due to evil hackers, and not their abject failure to follow long-accepted industry practices for code reviews and architecture. My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.

Re:Theft?

[Jurily]

The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft.

It's clearly abuse though, and if the site has any terms of use, this one's in there.

Re:Theft?

[palegray.net]

I deal with this stuff all day long, predominantly from IP connections far outside U.S. jurisdiction. These students were, in my rather experienced and measured opinion, doing the community a favor by pointing out exactly how easy this sort of feat is to pull off.

Their note about using reCAPTCHA is sound advice. Admins who depend on TOS policies and their nation's legal framework to defend against networked threats are negligent in their duties. I don't waste my time worrying about chasing people around for violations of my sites' terms of service. Instead, I focus my efforts on deploying technical solutions that fix the issue.

Re:Theft?

[Jurily]

Admins who depend on TOS policies and their nation's legal framework to defend against networked threats are negligent in their duties.

True. But if I don't lock my front door, that doesn't mean it's ok for you to take my stuff.

Re:Theft?

[palegray.net]

That depends entirely on your jurisdictional ability to prosecute me. By my personal code of ethics, I'd never engage in such behavior for commercial gain. Others aren't so picky (reference spammers, phishers, botnet operators, etc).

Add in the fact that wikis are specifically designed to allow open posting of content, and you've got yourself a problem if you're not competent enough to properly secure your site against even the most basic of threats.

Let me put it another way: if I own a gun and leave it on my front porch with a full magazine of ammo in it, I can't bitch when my weapon gets lifted and someone gets killed with it.

Re:Theft?

[MrMista_B]

You sir, are someone I'd trust with the internet.

Re:

[Angostura]

>That depends entirely on your jurisdictional ability to prosecute me.

Not at all. Whether it is OK or not does not depend on jurisdictional reach. It depends on whether you believe its OK to go and burgle someone's house simply because their house is unlocked. Whether the cops see you is neither here nor there.

Re:Theft?

[Chris Mattern]

On the contrary, societies live and die by their internalized code of ethics. Law cleans up the small minority that refuse to follow that code, and helps tidy up the corner cases where there is dispute as to the correct path, but it cannot revise or create that code of ethics by fiat.

Re:

[quickOnTheUptake]

No argument can say that that is true from the axioms of logic.

Have you taken a course in logic? You can never get content from the axioms of logic alone. It doesn't just apply to ethics. Try proving any of rules of physics from the axioms of logic.

Any social code of ethics is most likely derived from a leap of faith, and so should not be respected

This is such sweeping generalization I don't know where to start. Do you really deny that we have a sort of native sense of wrong? Is a five year old's sense of being wronged when a bully pushes him around, calls him names, and takes his lunch money based on a "leap of faith"?

That depends entirely

[wiredog]

So it's only unethical if you get caught?

Re:Theft?

[palegray.net]

I guess I should have secured that outlet to prevent unauthorized access. My property, my responsibility. There's an old saying that your freedoms are only valid to the extent that you're able to defend them.

Re:Theft?

[mea37]

What I find the most amazing about this thread, is that each participant seems to assume that one, but not both, of the following statements are true:

1) It is wrong to take what isn't yours even if it is easy (i.e. because nobody has put security mesaures in place that can stop you).

2) It is foolish not to have decent security measures in place.

Now, I agree that the use of the term "stealing" in TFS was a stretch; but that has everything to do with the fact that the offense was one completely different from theft and nothing to do with whether the sites' security was as it should be.

The thing is, what constitutes "decent security" depends on the society and the situation. There are many places in the world where even today it is considered normal not to lock the doors of your home. This does not magically mean those places don't have property rights.

When 3rd party harm is a concern (securing a gun, etc.), the standards are different -- but even then the guy who takes the unsecured gun and abuses it is not blameless even if the gun owner also isn't blameless. With the world of botnets, etc., networked computers belong in a category somewhere more sensitive than an electrical outlet on your porch but less sensitive than a gun.

"There's an old saying that your freedoms are only valid to the extent that you're able to defend them"

One of the principle means by which we defend our freedoms is by organizing into a society of laws.

Re:Theft?

[palegray.net]

Since you referenced TS/SCI I'm going to assume you have a military or defense contracting background. In light of that, if you'd read the entire thread, you really should know better than this. The first sentence of my GP reply was mostly in jest. The second and third sentences were serious.

This entire story stinks of a distinct lack of personal responsiblity. As far as analogies go, think of it as someone who abandons a property for months on end, allowing the grass to grow high, paint to begin peeling off the siding, and animals to take up residence in the living room. The owner returns to said derelict property and is shocked to find a family of raccoons nesting in his lounger.

This is why we actively maintain property, according to the very real tenet that you only own property to the extent that you can defend it against assault.

Re:

[palegray.net]

Incidentally, you and I both know that "TS/SCI security" doesn't mean shit if you've got physical access to the machine. In many cases, it doesn't mean diddly under other circumstances, either.

Re:Theft?

[Duradin]

Yup, A-OK since they probably neglected to construct their walls out of reinforced concrete (and of a sufficient thickness).

The "you only have the rights you can defend -- and I defend mine very well crowd" tend to talk big about personal responsibility and rights until a superior force decides to pay attention to them and proves that no, they really couldn't defend those rights.

Don't get me wrong, I support individual rights. I just don't have the delusion that I alone can defend them. I could devote all my resources to creating a fortified enclave for myself and it would easily all come to naught. The best defense for individual rights and property is being part of a society that accepts, embraces and defends those concepts. Unfortunately that in itself requires a high degree of personal responsibility and restraint which is why we're slowly sliding towards little points of light hidden in a vast sea of darkness.

Re:Theft?

[tagno25]

True. But if I don't lock my front door, that doesn't mean it's ok for you to take my stuff.

But if you are in the UK I can come in and watch the TV if it is on.

Re:

[perryizgr8]

and if you are in Scandinavia, i can go into any house and use the washroom.

Re:

[palegray.net]

Considering the fact that it's Scandinavia we're talking about, what if there's already an attractive young lady in the washroom? Furthermore, what if my wife is the one who needs to use the washroom? May I legally occupy it when both women are present?

Re:Theft?

[fractoid]

Only if you document the entire incident on video and upload it so that we can verify that no breaches of justice took place. :P

Re:

[palegray.net]

I assure you, more than justice is going to be breached. Better get the handcuffs ready.

Re:

[mzs]

I have family in Norway. They would let someone sleep on their front lawn without being asked, but only let them into the house under circumstances that made sense. No someone just walking in to use the bathroom would not qualify, but if they knocked and asked and felt safe, sure. Norwegians value hospitality and when I was going to visit once the family gave me a phone number of an organization in Norway that arranges cheap safe places to sleep for students. I slept on the couch in some couple's flat in Os

Re:

[Faylone]

Perhaps, but if you don't lock your door, it's not breaking and entering, just entering. Theft is another matter.

Re:Theft?

[aliquis]

Don't ask me how you're supposed to know this...

Common sense? Works for most of us ..

Re:

[palegray.net]

I've decided to take a personal interest in your posts.

Re:

[andy.ruddock]

Ah, but trespass is a tort, not a criminal offence (which is why all "trespassers will be prosecuted" signs can safely be ignored).
OTOH "Trespassers will be shot and fed to the dogs" signs should ALWAYS be heeded.

Re:Theft?

[mlts]

Depends on the country you live in. Here in the US, criminal trespass is a crime, and can result in 6 months to a year in jail. Repeated offenses, or trespass with a weapon doubles that.

Re:

[Chris Mattern]

Here in the US, criminal trespass is a crime, and can result in 6 months to a year in jail. Repeated offenses, or trespass with a weapon doubles that.

That would be the law in whatever state you're in. Criminal trespass is not a federal crime, so the law on it will vary from state to state. It's probably broadly similar everywhere in the US, though.

Re:

[palegray.net]

Just to reinforce the old saying that you only truly have the freedoms that you can actually defend yourself, anyone who enters my home on an unauthorized basis is likely to get a .40 caliber answer to their silent question. Screw prosecuting for trespass.

Re:

[balloonhead]

It would be more like leaving a sign saying that it was OK to come in and write cool stuff on your wall, then getting pissy because some douchebag came along and wrote a bunch of encoded hex instead.

Re:

[fractoid]

Actually it's more like you leave your shed unlocked, I use your shed to *stash* my stuff in.

Re:

[palegray.net]

Does it contain recyclable content such as bottles and cans that I can redeem for cash upon my next trip to Publix? If so, absolutely! I would appreciate it if you'd remove any infectious material prior to dropping it off on my porch, however. I've seen a lot of weird stuff in garbage as a consequence of military service, but I'm not really cool with things like used needles anymore. Please, give me goods equivalent to cash, I'm not gonna stand in your way.

Re:

[Gordonjcp]

but I'm not really cool with things like used needles anymore

Depending on where you are, there's a bounty on discarded infectious waste - presumably it's cheaper to bribe people to dispose of insulin syringes etc. than it is to deal with them being pitched into normal rubbish.

Re:

[Schemat1c]

I don't waste my time worrying about chasing people around for violations of my sites' terms of service. Instead, I focus my efforts on deploying technical solutions that fix the issue.

Shouldn't that be how we solve all social issues instead of just writing more laws?

Re:

[palegray.net]

Yes, it should absolutely be how we solve social issues. Technical fixes apply to more than just networks and computing platforms; they're equally applicable to most social problems if people are willing to approach the issues from a rational perspective.

Re:

[CarpetShark]

It's clearly abuse though, and if the site has any terms of use, this one's in there.

Really? You've seen a lot of sites saying "You agree not to use this site's pages to store P2P data for you uni project"? I agree with you in principle, that this is abuse, but unfortunately, the spirit of rules are quite detached from the wording of them sometimes.

It may not be theft...

[erayd]

...but it's far from ethical.

Most open wikis are left that way to encourage collaberation, and usually have a TOS somewhere that prohibits spamming. And even if the TOS doesn't prohibit this, it's bloody obvious that whoever runs the target site doesn't want a pile of meaningless content that isn't relevant and they can't use.

I say good on the university for pulling this project down, and whichever ethics committee approved this project should be replaced - they clearly haven't done their job properly!

Re:

[palegray.net]

Ethical or not, if these students hadn't done it someone else would have, perhaps someone with far less respect for others. Reference my earlier reply [slashdot.org] in this thread for my opinion on the TOS angle.

Re:

[nyctopterus]

"If I didn't do it, somebody else would" is one of the lamest defenses invented by man.

Re:It may not be theft...

[palegray.net]

You couldn't be more wrong. When it comes to proof-of-concept research that illustrates a vulnerability, "If I didn't do it, somebody else would" is one of the noblest defenses known to man.

Re:It may not be theft...

[Volante3192]

Except being "unethical" doesn't get you put in jail. Only being "illegal."

Re:Theft?

[caffeinemessiah]

My response: cry me a river, and congrats to the grad students for their innovative work in the field of distributed communications.

I'd pause before calling this innovative. It doesn't really take much to encrypt data, chop it up and stash it on MediaWiki sites -- either in theory or in practice. If you want something "innovative" in the same vein, I'd vote for the guy who wrote the device driver that lets you use GMail as a drive (spawning many copies [sizlopedia.com]). Sure it isn't "distributed", but you could set up multiple GMail accounts to handle the contents of your drive. Clogging up other people's wikis is d**k at worst (and possibly a violation of the CFAA), and really not too much of a security threat at best ("oh? my disk is full? hmm...just dump this spammy user account, or restore the last backup, and password protect the whole business.").

What these grad students have done is demonstrate that open mediawiki setups can be spammed. Whee.

Re:Theft?

[palegray.net]

Hey, I agree it was a dick move on the students' part, but I still respect the research. Everything is obvious in hindsight, by the way.

What these students have really done is make a very public demonstration of something that's possible before less ethical parties got a crack at doing it on a large scale. For that, they should be commended. Would you condemn those who release proof-of-concept code for security exploits just because a vendor sat on their ass for months, refusing to care about the problem?

Re:

[pdbaby]

This isn't particularly original research, though. I forget the specifics a long time ago (and also the sources, I'm afraid!) but I remember seeing a piece of research years ago talking about how you could treat various systems as short-to-long term storage (a TCP packet aimed at a refusing source can let you store a tiny amount of information for a very short period of time, a url shortening service can store some data for you, a wiki, a guestbook, a slashdot comment, an image hosting site (steganographic

Re:

[pdbaby]

I think it was at a similar time to http://michaeldaw.org/news/news-221206 [michaeldaw.org] this, using TinyURL for storage (although I don't think tinyurl had the preview functionality back then?)

Re:

[palegray.net]

I do in fact recall the research you're describing; it was several years ago if I'm not mistaken, and pretty cool stuff. That said, there is a huge difference here; having chunks of data available for retrieval for anywhere from a day to several months is a far cry from the hours I recall from the past research you're describing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[palegray.net]

I'm beginning to suspect you've been drinking. Heaven knows I have.

Re:

[nog_lorp]

Innovation isn't always necessarily super difficult or technical. It seems like a cool idea to me, especially if you think about replacing the trackers with "compromised wikis".

You can then have 'wiki sites' as fronts for P2P providers, with plausible deniability. TPB should experiment with this.

Re:Theft?

[shentino]

It's not quite an invitation...

In real life, you can also REVOKE your invitation by

1) telling your guest they are no longer welcome
2) order them to leave, and tell them they are not to return
3) have the police escort them away and give them a trespass warning.
4) have them arrested if they refuse to leave, or return in spite of an official trespass warning
5) Watch them get clapped in irons if they come back again.
6) Repeat step 5 as needed

With spam, it's more like your guest

1) Found your hide-a-key (harvested your address, possibly by decrypting an image)
2) Barged in through an unlocked door (that they unlocked thmselves)
3) Increasingly, disable your security system (aka getting past your filters)
4) Threw a messy party
5) (the possible worst part) Bribed the police so they don't get escorted away (aka signed a pink contract)
6) Has an extensive collection of disguises that protects them from being dinged twice in the same face (botnets and address forgeries)
7) Possibly got tipped off to your address through the slip of the tongue of one of your buddies through the grapevine (sleazy companies that leak your address or sell it)

So anyone who calls spam the natural result of negligence on the part of the account holder is either high and doesn't have a clue what's going on, or is a woefully apathetic approver of the "survival of the fittest" arms race between spammers, providers, and subscribers.

Re:

[Anonymous Coward]

The fact that some "admin" abandoned a site, with open privileges to post on it, does not constitute theft.

Indeed. That's just foolishness on their parts. Perhaps they were a bit naive. However, this does in no way excuse or ameliorate the fact that the usage was clearly not authorized, and that doing so does constitute an offense.

You can quibble over calling it theft if you want. It's still not appropriate.

These grad students made a mistake. Exploring the idea? Sure. Pointing out the vulnerability? Fine. Doing it? I'm not surprised it ended up backfiring on them.

Re:Theft?

[palegray.net]

I agree with your points in principle, and would like to offer an alternative means by which the students could have demonstrated their methodology.

These days, $300 will buy you a whitebox computer (assembled yourself, of course) that is capable of running 20 virtual machines. By analyzing the version numbers of common target platforms in the wild, you could conceivably build a virtual network of "real world class" servers with which to demonstrate your technique. Scale this to three or four servers running various wiki platforms, and you've got yourself a virtualized software ecosystem that you can do whatever you want to without fear of repercussions.

Hey, that's what I would have done, but I only have a GED and 15 years of network administration and programming experience ;).

Re:

[palegray.net]

I am in your debt.

Re:

[palegray.net]

You really should have reviewed my other posts in this thread before replying. I've already addressed the points you raised here.

Forget the wikis...

[fucket]

...I want to hear more about these MILF admins.

Kobayashi Maru

[retech]

Does no one appreciate outside the box thinking anymore? What a shame!

Khaaaaaan! [khaaan.com]

Re:

[palegray.net]

There's actually a military practice scenario in which part of the scenario name is "Kobayashi Maru." Fun times.

Re:

[__aaclcg7560]

You would think creative thinking would get extra credit.

Originality could get you anything...from A to F

[ciderVisor]

He experimented further. In one class he had everyone write all hour about the back of his thumb. Everyone gave him funny looks at the beginning of the hour, but everyone did it, and there wasn't a single complaint about "nothing to say."

In another class he changed the subject from the thumb to a coin, and got a full hour's writing from every student. In other classes it was the same. Some asked, "Do you have to write about both sides?" Once they got into the idea of seeing directly for themselves they also saw there was no limit to the amount they could say. It was a confidence-building assignment too, because what they wrote, even though seemingly trivial, was nevertheless their own thing, not a mimicking of someone else's. Classes where he used that coin exercise were always less balky and more interested.

As a result of his experiments he concluded that imitation was a real evil that had to be broken before real rhetoric teaching could begin. This imitation seemed to be an external compulsion. Little children didn't have it. It seemed to come later on, possibly as a result of school itself.

That sounded right, and the more he thought about it the more right it sounded. Schools teach you to imitate. If you don't imitate what the teacher wants you get a bad grade. Here, in college, it was more sophisticated, of course; you were supposed to imitate the teacher in such a way as to convince the teacher you were not imitating, but taking the essence of the instruction and going ahead with it on your own. That got you A's. Originality on the other hand could get you anything...from A to F. The whole grading system cautioned against it.

He discussed this with a professor of psychology who lived next door to him, an extremely imaginative teacher, who said, "Right. Eliminate the whole degree-and-grading system and then you'll get real education."

From Zen and the Art of Motorcycle Maintenance [virtualschool.edu] by Robert M. Pirsig

Why????

[Pinckney]

It's even less ethical than sending your BT traffic over Tor, and strikes me as much less safe. It doesn't seem like it would take many pissed off admins before someone thinks to forward their logs to the appropriate **AA.

Re:

[physicsphairy]

While I doubt it was the authors' intent, this could actually be useful for creating 'plausible deniability', e.g., you want to provide resources to host legally questionable content, but do not want to open yourself up to any liabilities.

The fact that the content is split between many sites in unrecognizable pieces would also provide legal cover to those wishing to plead ignorant victim rather than willful enabler.

It's sort of like steganography for bandwidth.

Re:

[David Gerard]

They could call it ... Freenet!

Re:

[rdebath]

When the chunks are encrypted there is no way of knowing who the appropriate AA is. As all you have is a little chunk it's impossible to decrypt because the underlying compression layer is missing important data and so you cannot even check your decryption.

You may be able to identify a piece of gzip by frequency analysis as there's a tiny bit of entropy left but a modern compression (7z, rar) will probably leave nothing to distinguish the particular chunk you have.

Re:Why????

[Cyberax]

You're abusing TOR network, it was NOT meant to be used for high-bandwidth applications.

Please, stop doing it. Exit nodes do not have unlimited bandwidth.

Re:

[Lehk228]

because if you fill the onion tubes with torrents how are the pedos going to trade their child porn?

This Isn't Thinking Outside The Box

[Anonymous Coward]

It's just stupid. "Hey, we noticed that three quarters of that privately owned parking garage over there isn't being used at any given time. Why don't we open up a car salvage business and store all the derelict junkers that we're parting out in their unused parking spaces?"

These are graduate students?!?

Re:

[jonbryce]

Like a supermarket carpark for example?

Re:

[scotsghost]

Certainly, some of these sites are active. I contribute to one sporadic site that got "volunteered"; a couple of our contributors actually welcomed the experiment. (No idea how the site's admin staff feels about it, though.)

Congrats for prooving him wrong, and coming up with a creative way to use the parking lot he hadn't anticipated... now cut it out.

To their credit, the grad students in charge were completely open about what they were doing. Not in the sense of requesting permission beforehand, but in the sense of providing contact information and some explanation of the experiment. And they were indeed asked to cut it out, and

SlashdotFS

[goombah99]

Apparently they don't know about SlashdotFS. This system uses an english hidden markov model sentence constructor to generate plausible comment text and save it as reply's on slashdot. The path through the markov model is variable having multiple word choices at each node so it can encode arbitrary data and can be decoded by replaying the message through the same network model.

It was just a toy till 2003 when a pair of graduate students realized the information density could be dramatically enhanced by introducing spelling, gramatical errors, typo's and l337-speak into the model.

Comments encoding these are usually late posts in the discussion threat and frequently replied to by grammar nazi's.

It's now one of the major Warez dumping sites since it is particularly useful for immutable data of low value.

Re:SlashdotFS

[adavies42]

this is terrifyingly plausible

Re:

[Fallingcow]

A while back I remember seeing frequent gibberish posts that were just similar enough that they seemed to be coming from the same source. They always had the same subject, IIRC.

I figured they were someone's attempt at what the parent mentioned, though far less hidden.

Re:

[Anonymous Coward]

'SlashdotFS' coments encodin in sohveet russsia, but duz it runn 0n lunix?

Re:

[Voyager529]

But can it run crysis?

Perhaps, but you'd need a Beowulf cluster of them to run Crysis and Vista. Problem is, the Beowulf cluster is too easily Slashdotted.

Re:

[Compholio]

Apparently they don't know about SlashdotFS. ...

Project page?

More seriously, since slashdot comments are never deleted (like many news sites) you could conceivably make a pretty good system to take advantage of encoding data and posting it anonymously to such sites. Doing so would allow you to hide downloading/uploading in the background of normal posting. The real trick would be coming up with a "good" system for locating desired resources.

Re:

[failedlogic]

There is one. Its stashed on a bunch of wiki pages as well ... the irony. It does, seriously, compare well to some academic paper generators. Some MIT students made one.

Re:

[Tumbleweed]

Apparently they don't know about SlashdotFS.

Sure. Most people don't seem to realize that 'First Post' is part of the meta data of the file system. That's why it seems like nonsense - it really has nothing to do with anything, and the 'people' posting them seem like morons. Artificial stupidity was achieved years ago!

Re:SlashdotFS

[David Gerard]

yes, it was [today.com].

"LOLbot, how do we reverse entropy?"
i dunno lol

I have a friend who seriously tried to tell me that 4chan was a CIA entrapment operation for online activists. I'm not sure even an AI could reach that level of WHAT.

Re:SlashdotFS

[joe_bruin]

I did some research into this a number of years ago (before torrents were around). I found that you can store 64 KB (if I recall correctly) in a slashdot comment. Now, the idea was not to to use slashdot as storage, they'd quickly put a stop to that. The trick is using slashdot and other forums and wikis as a way to get your data into the Google cache, where it will be served rapidly for everyone who wants it. There should also be forward correction data uploaded (like parity files) so that if some segments get lost, they can be recovered. Then what you need is an index file (kind of like a torrent file) that tells you what Google keywords you need to search for to find any given segment of the file, and software that will parse this file, download, and assemble the chunks into the completed data.

I wrote a little bit of code for it. It's all very straightforward, I just never got the time to get enough of it implemented to release anything. With torrents, it seems somewhat worthless to pursue now.

Re:SlashdotFS

[dangitman]

Comments encoding these are usually late posts in the discussion threat and frequently replied to by grammar nazi's.

Replied to by the grammar Nazi's what?

Re:

[Eythian]

Be nice. Clearly before he could finish, he was got to by the grammar nazi's

Re:

[SmlFreshwaterBuffalo]

So I take it all the duplicate articles are a form of RAID?

To think, all this time the editors were simply trying to protect the data.

at least they used abandoned sites...

[Hungus]

Unlike ninjavideo who hides files on donation funded sites like archive.org

Big difference between virtual and real worlds...

[fuzzyfuzzyfungus]

In the real world, good old meatspace, there are actually "abandoned" things and properties. Things that, save for a few extremists of the no-srsly-guys-property-rights-are-eternally-laid-down-by-god-no-matter-what school, we can agree don't actually have owners in any meaningful way. Various peculiar exigencies create them; but they do exist. Taking them over, and bringing them back into productive use, is a clear good.

On the interwebs, the situation is quite different. Since any "location" on the internet corresponds to an active server, actively sucking power and depreciating somewhere, there are no "abandoned" locations on the internet. There are locations that don't change much, or aren't visited much; but they all correspond to real hardware that real people are paying real bills for(though, it is conceivable that, for a short time, a piece of hardware might be lost between the cracks and unpaid for until it dies or the situation is straightened out and it is disconnected). Thus, any scheme that involves making use of "abandoned" location son the internet is a load of crap. At best, it is an obnoxious creative interpretation of a bunch of TOSes. At worst, it is arguably theft of poorly secured server resources. Most of the time, as in this case, it is probably just spam.

Now, on a slightly different topic, it could well be argued that, on the internet, abandoned data can and do exist. Here a more interesting case could be made for the ethical utility of salvage projects, "abandonware" websites probably being the best known example.

Re:

[Archimonde]

Just to sum up: this is similar to some guy you don't know storing materials in the empty space of your back yard.

"Abandoned" my pasty white ass

[GuruBuckaroo]

I found their garbage on my site yesterday. It's not a high-volume site, but it sure as hell isn't abandoned. And after all this apologizing, one of the students still has the complete list of wikis they used available on his student page. This was a serious case of lack of oversight and/or bad judgment.

Re:"Abandoned" my pasty white ass

[physicsphairy]

It's not a high-volume site, but it sure as hell isn't abandoned.

I see you are still in denial about how much time you spend posting at Slashdot.

Re:

[Browzer]

Criteria:

Once we found a site, our crawler inspected it by probing certain URLs to determine whether it allowed for anonymous edits, or whether it was protected by CAPTCHAs or the lame puzzle authentication plugin.

Why go external to begin with?

[tinkertim]

This could be demonstrated just as well on sites that they own / control. For instance, with a single domain name, 100 pastebin clones, 100 wikis could be set up and configured differently (i.e. subdomains).

Some of them could have active SPAM policing, captchas, etc .. others could behave as though they had a lazy / dead admin. Others could just mysteriously vanish (i.e. domain expired, no longer hosted, etc).

The results are the same, either way. I wonder why they bothered going for external sites to begin with? All they needed was a cheap p4 and some scripts to automate mediawiki installs.

Why didn't they just stay in the sandbox?

Some say rubbish, I say Brilliant

[ZeroNullVoid]

This is the best school project I have heard of since I was at university....

Apologize?

[Talisman]

"...the students posted an apology this afternoon."

In the words of Vince Vaughn, "Apologize for what, baby? Being awesome?"

Its NOT stealing

[Raisey-raison]

"The students were stealing bandwidth from open MediaWiki sites"

There were NOT stealing anything. They were merely using an abandoned resource. That is NOT stealing.

Re:

[Carbon016]

No, they weren't using "abandoned resources", they were using wikis with anonymous editing enabled so that they could experiment with what amounts to decentralized bandwidth leeching.

Ass coverage status: failure

[Carbon016]

Pretty easy to see through the whole "durr we are helping site owners secure their wikis" crap considering the original page said nothing about security, only a possible way of distributing files. The garbage about "abandoned" wikis is also transparently false, as the site makes no reference [brown.edu] to even checking when the last edit(s) were made to the wiki through Recent Changes, as well as my own personal experience and several others. It's also a hilarious rationale considering wikis have pages-by-views counte

Re:

[Carbon016]

Oh, and the second forum link's second page makes a good point as well:

Pavlo claims that he wasn't aware of eventual ethical implications of his doing. He was. This quotation was present yesterday as footer in the FAQs, now deleted.
Quote:
"I found this paper completely outrageous." -- IPTPS'09 Reviewer.
Yesterday the original project aim was "A Subversive, Internet-Scale File Sharing Model". Today is to exploit wiki weaknesses.

It's pretty clear if you're gloating about the reactions to how unethical your "pro

Fuck these guys.

[ymgve]

Fuck these guys.

They didn't hit just abandoned wikis. In fact, when they first started doing this back in January, they didn't leave any information about what they were doing, and they used proxy servers to hide where they came from.

Evidence [untergrund.net], my wiki was hit and I had no clue what was going on.