Two bloggers on using Bitzi.

Neil Turner recommends “Wonderful Life” by Ordinary People feat. Tina Cousins. Apparently the track is hard to find. Having lost a copy once due to disk troubles, Neil submitted the file to Bitzi. Now others can use the Bitzi ticket to find the file he recommends (and Neil will have an easier time in the event of another storage failure). I was pleasantly surprised to find that after a few tries I could download the exact file from two Gnutella hosts. Unfortunately dance music and electronica aren’t my thing.

Fareed of Cairo and “survivor of a car crash” writes about checking file integrity:

Have you ever downloaded files and you were not sure of it’s integrity. Now their is a way to be sure, a site called Bitzi allows you to check file integrity. Users can submit using a program called Bit Collider file hashes to the site or verify that the integrity is ok.

So Bitzi can help identify good and bad files. Good luck avoiding future hard disk and car crashes!

Morpheus, a popular filesharing client at version 4.5:

Includes free Bitzi anti-spoofing look-ups to download only the files you want.

That’s an accurate description (and has been true since at least Morpheus 4.1.1). If you see something you’re interested in downloading in search results, you’re a right-click away from a Bitzi lookup. If Bitzi users have judged the file to be spam, virus-laden, or corrupted, you’ll get a response similar to this:

Thirty Bitzi users have judged this file as dangerous or misleading (one bozo recommended the file). A few of the judgement notes tell the story:

Every time I write something,it will come up in my searching files. The size is 105,2 kb every time.

and

stupid isaveclub.com spam, coming from 69.44.152.159:255….discuises itself under many wma files

If Bitzi users have judged the file you’re interested in to be worthy, you’d see something similar to this:

That file happens to be the current release for Windows of Bitzi’s bitcollider file metadata collection tool.

Derek Slater notes that Bitzi metadata is itself subject to spoofing, and

even if Bitzi helps people sort out spoofs, the technological arms race will continue.

Very true. Bitzi is dependent upon community policing, and a concerted effort to create dangerous files and submit fraudulent judgements to Bitzi would work, at least for awhile. There are steps Bitzi can take to militate against such attacks should they become a problem. Unfortunately, as I noted recently, development proceeds at a bear in winter’s pace.

It should also be noted that Morpheus is just one of several applications that enable Bitzi lookups or submissions, though most of these send users to a Bitzi web page rather than integrating raw data from Bitzi lookups into their user interface as Morpheus has (see screenshots above).

After over three and a half years I am finally the best bitizen, as defined by a formula that takes into account the amount of file metadata contributed to Bitzi and the quality of that metadata, as rated by other “bitizens” (Bitzi users):

How did I obtain this dubious (as a Bitzi cofounder) honor?

I’ve more or less consistently reported some of the random junk I may have encountered (though around 30 Bitzi users have reported more, all over a shorter active period) and more importantly, have occasionally taken care to add accurate metadata to reports.

On the negative side, I’ve more or less consistently failed to put much effort into adding new features since Bitzi went into hibernation. If I had, doubtless many more prolific than I (nearly everything I download is from the web — file sharing networks, especially post-Napster (really post-AudioGalaxy), are still practically useless in my estimation, unless you have lots of time to kill, i.e., you’re a bored teenager) would’ve stuck around and I’d be nowhere near numero uno.

Download the bitcollider (file metadata reporting tool) and knock me off my throne!

Ed Felter spreads a SHA-1 hash collision rumor.

Eric Rescorla does a good job of explaining that even if true, a collision is not of great practical import.

Why? Most uses of SHA-1, including Bitzi, rely on the practical impossibility of finding content that will generate a specific hash.

A collision merely means that two pieces of content (“messages” in crypto-speak) have been found that generate the same arbitrary hash.

For reasons that aren’t all that intuitive, it is much harder to find a specific match than an arbitrary collision.

I think in day-to-day experience a good analogue would be this: it’s pretty easy to find odd coincidences if you look. If you know how to conjure up specific odd coincidences on demand, tell me.

All that said, Bitzi also uses the Tiger hash, which is not from the same family as SHA-1, as an insurance policy among other things.

Disclaimer: I am not a crypto expert. If true this rumor may be huge news for crypto theorists.

Slyck reports on a major DirectConnect upgrade. DirectConnect hasn’t seen much interest from the press or technologists, but it does have a significant userbase, with 215,880 users currently online according to the Slyck home page, slightly smaller than Gnutella’s 234,618. I have no idea how Slyck obtains those numbers.

Anyhow, it is good to see that DirectConnect has adopted file hashing, specifically THEX (Tree Hash EXchange) using the Tiger hash. This allows DirectConnect clients to find exact alternate download sources and to verify downloads as they progress and opens to door to future MAGNET and Bitzi lookup support.

Here’s a MAGNET link that includes the tiger tree root (second component of the bitprint) and a corresponding Bitzi info lookup by urn:tree:tiger.

Jay-Z_Construction_Set.zip (631.9MB)