Are y’all actually torrenting Linux ISOs. Cus I recommend. Its way faster and fun to have a collection of like 30 distros and try and new branch of the larger Linux tree. I just assume its a joke but I only started torrenting Linux ISO because of seeing it replied so much lol.
You must log in or register to comment.
I always torrent large FOSS projects where possible. It’s faster and doesn’t tax the servers of the project.
That’s not piracy, though, so I’m not sure why it’s being talked about here…
I once mentioned “the joys of torrenting” to a friend and they immediately assumed piracy. I mean he wasn’t wrong, but the lack of love for more standard use of P2P is saddening.
The launcher for War Thunder was a p2p client for sharing game files. It worked really well and was essentially it’s own CDN. Not sure if it still is.
Steam can do that now but first gotta enable it for friends. Works great for multiple computers on a slower internet connection. One downloads it then shares to the rest.
doesn’t that only work on local connections?
Well yes but that’s the whole point. If there’s no one local it’ll be downloading from a CDN regardless.
People sometimes say “torrenting Linux ISOs” to mean pirating without outright saying it.
I wish that most distros offered an RSS feed with magnet links for their releases. I’d just drop that in my torrent client and let it grab+ seed the latest version without any manual intervention.
Try NixOS. It eliminates that ISO centric paradigm and trades it for one config file that defines everything and builds it from scratch.
I need to give it a shot, thanks.
They have mailing lists where they announce releases. Since it’s not that common for distros like Debian I don’t mind the manual labor once in a while. I only seed 3 ISOs anyway as I don’t think the rest contribute that much anyway. (Debian, Arch and Mint)
I always torrent Linux ISOs. Built in checksumming, I’m lazy
Insecure checksumming though (sha-1)
If you can orchestrate an hash conflict attack across many seeders for a file the size of an ISO then you’ve earned it lol. That’s like government agency levels of complexity and even then it’s still a bit of a stretch cuz there are easier ways.
Verify the SHA-256 or SHA-512 hash after downloading. Most Linux distros publish such hashes.
What’s the risk here? Isn’t the chance of collision so low that it’s virtually impossible for someone to create a malicious payload that has the same hash as the original file?
Last published attack estimated the prefix generation (not random collision) to less than 100k$.
Ok, definitely something to worry about when I’m that valuable of a target.
To be fair, in the case of something like a Linux ISO, you are only a tiny fraction of the target or you may not even need to be the target at all to become collateral damage. You only need to be worth $1 to the attacker if there’s 99,999 other people downloading it too, or if there’s one other guy who is worth $99,999 and you don’t need to be worth anything if the guy/organization they’re targeting is worth $10 million. Obviously there are other challenges that would be involved in attacking the torrent swarm like the fact that you’re not likely to have a sole seeder with corrupted checksums, and a naive implementation will almost certainly end up with a corrupted file instead of a working attack, but to someone with the resources and motivation to plan something like this it could get dangerous pretty quickly.
Supply chain attacks are increasingly becoming a serious risk, and we do need to start looking at upgrading security on things like the checksums we’re using to harden them against attackers, who are realizing that this can be a very effective and relatively cheap way to widely distribute malware.
I used to seed but lost them in a reinstall after a partition fuckup
What do I seed?
And is there an automated way to update?
Idk, I’m a novice. I recommend seeding QubesOS, OpenSUSE ISOs, Linux Mint Debian Ed, NixOS, Tails, Debian, and whatever else you want.
Yea, I’ll seed the privacy ones and mint
Fuck standard Debian,
Also you should seed any emualtor torrents you get your hands on
Why fuck standard Debian. Its the OS base for kick secure (which is the base of Whonix) and makes for a great server. As a desktop, I have found it very unintuitive at times, but its ol’ reliable.
Its a good base but have you ever used it for desktop use?
Its kinda bad
Supporting something WO anything at exchange gives you a great satisfaction, people should do it more often.
Yes. Its way faster. If a download has bittorrent available, I’ll always test its speed
Yes
Yes actually. I know it’s usually said as a meme, but I actually do have a drive that is nothing but Linux ISOs. Generally it’s a far faster download that way. Really wish more things would give me that option.
I always torrent Linux ISO when I’m trying new distros. Can confirm it’s blazing fast to download with torrent. Distro ISO torrents are usually setup with webseed, so they’ll both download from the distros’ mirror servers AND the torrent swarm at the same time, so they’ll always be faster than the standalone http downloads.
