[OS X TeX] [OT] All about P2P

Thomas Bohn thomas at bohnomat.de
Thu Sep 4 16:59:12 CEST 2008


On 4 Sep 2008, at 16:41, Adam R. Maxwell wrote:

> Be that as it may, you are explicitly allowing traffic through your  
> firewall in order for other persons to access some portion of your  
> computer, right?

At one port. At one well defined file or directory. Defined not by the  
software but by the BiTorrent file, misconfiguration is not really  
possible. The file includes the hashes for the files in question and  
only those can be downloaded or uploaded.

> I'd guess that most Mac users are running under an admin account all  
> the time; I certainly run as admin at home.  Many of us are probably  
> conditioned to enter our password every time it's requested, also...

I don't. I don't even have my personal account in the sudoers file.

> My point is this: if it is possible to misconfigure the software / 
> or/ it contains an exploitable bug, your risk increases.


This is true for every single software package on your Mac, including  
MacTeX.

> Google [1] indicates that such vulnerabilities have been found in  
> bittorrent software [2].  The user (or owner of the computer/data)  
> needs to decide if that risk is acceptable.

In one client, well two. Software can have vulnerabilities, P2P  
software is no exception. Important is the protocol, does the protocol  
have vulnerabilities or not.

> Yes, it has some benefits, and can be a useful tool.  If it's worth  
> the risk to you, by all means use it; it may not be acceptable for  
> everyone on this list, though.

I really don't think the risks are any higher than using an FTP client.

Thomas



More information about the macostex-archives mailing list