this post was submitted on 10 Mar 2024
200 points (92.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54655 readers
584 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Are y'all actually torrenting Linux ISOs. Cus I recommend. Its way faster and fun to have a collection of like 30 distros and try and new branch of the larger Linux tree. I just assume its a joke but I only started torrenting Linux ISO because of seeing it replied so much lol.

all 46 comments
sorted by: hot top controversial new old
[–] Tattorack@lemmy.world 96 points 8 months ago (2 children)

I always torrent large FOSS projects where possible. It's faster and doesn't tax the servers of the project.

That's not piracy, though, so I'm not sure why it's being talked about here...

[–] xlash123@sh.itjust.works 8 points 8 months ago

People sometimes say "torrenting Linux ISOs" to mean pirating without outright saying it.

[–] mp3@lemmy.ca 74 points 8 months ago (3 children)

I wish that most distros offered an RSS feed with magnet links for their releases. I'd just drop that in my torrent client and let it grab+ seed the latest version without any manual intervention.

[–] CriticalMiss@lemmy.world 15 points 8 months ago

They have mailing lists where they announce releases. Since it’s not that common for distros like Debian I don’t mind the manual labor once in a while. I only seed 3 ISOs anyway as I don’t think the rest contribute that much anyway. (Debian, Arch and Mint)

[–] demesisx@infosec.pub 12 points 8 months ago (1 children)

Try NixOS. It eliminates that ISO centric paradigm and trades it for one config file that defines everything and builds it from scratch.

[–] mp3@lemmy.ca 3 points 8 months ago

I need to give it a shot, thanks.

[–] FrostyCaveman@lemm.ee 33 points 8 months ago (2 children)

I always torrent Linux ISOs. Built in checksumming, I’m lazy

[–] pedroapero@lemmy.ml 6 points 8 months ago (3 children)

Insecure checksumming though (sha-1)

[–] NightAuthor@lemmy.world 9 points 8 months ago (1 children)

What’s the risk here? Isn’t the chance of collision so low that it’s virtually impossible for someone to create a malicious payload that has the same hash as the original file?

[–] pedroapero@lemmy.ml 2 points 8 months ago (1 children)

Last published attack estimated the prefix generation (not random collision) to less than 100k$.

[–] NightAuthor@lemmy.world 6 points 8 months ago (1 children)

Ok, definitely something to worry about when I’m that valuable of a target.

[–] cecilkorik@lemmy.ca 5 points 8 months ago* (last edited 8 months ago)

To be fair, in the case of something like a Linux ISO, you are only a tiny fraction of the target or you may not even need to be the target at all to become collateral damage. You only need to be worth $1 to the attacker if there's 99,999 other people downloading it too, or if there's one other guy who is worth $99,999 and you don't need to be worth anything if the guy/organization they're targeting is worth $10 million. Obviously there are other challenges that would be involved in attacking the torrent swarm like the fact that you're not likely to have a sole seeder with corrupted checksums, and a naive implementation will almost certainly end up with a corrupted file instead of a working attack, but to someone with the resources and motivation to plan something like this it could get dangerous pretty quickly.

Supply chain attacks are increasingly becoming a serious risk, and we do need to start looking at upgrading security on things like the checksums we're using to harden them against attackers, who are realizing that this can be a very effective and relatively cheap way to widely distribute malware.

[–] heisenbug4242@lemmy.world 5 points 8 months ago

Verify the SHA-256 or SHA-512 hash after downloading. Most Linux distros publish such hashes.

[–] cobra89@beehaw.org 3 points 8 months ago

If you can orchestrate an hash conflict attack across many seeders for a file the size of an ISO then you've earned it lol. That's like government agency levels of complexity and even then it's still a bit of a stretch cuz there are easier ways.

[–] Vendetta9076@sh.itjust.works 26 points 8 months ago

Yes. Its way faster. If a download has bittorrent available, I'll always test its speed

[–] redcalcium@lemmy.institute 15 points 8 months ago* (last edited 8 months ago)

I always torrent Linux ISO when I'm trying new distros. Can confirm it's blazing fast to download with torrent. Distro ISO torrents are usually setup with webseed, so they'll both download from the distros' mirror servers AND the torrent swarm at the same time, so they'll always be faster than the standalone http downloads.

[–] StrawberryPigtails@lemmy.sdf.org 12 points 8 months ago

Yes actually. I know it’s usually said as a meme, but I actually do have a drive that is nothing but Linux ISOs. Generally it’s a far faster download that way. Really wish more things would give me that option.

[–] survivalmachine@beehaw.org 8 points 8 months ago

Yes, I torrent Linux ISOs for any version or distro I want to install, and then I seed them until I download an updated version of whichever distro (and occasionally I'll clean up old ones if I stopped using that distro but the version I have is ancient).

But of course when we talk about torrenting in public forums, it's funny to only mention all the Linux distros we are torrenting and remaining hush-hush about other things we may be sharing.

[–] iliketrains@kbin.social 7 points 8 months ago* (last edited 8 months ago)

Recently needed to try a few distros. Downloading from direct mirrors was way slower than torrenting. So I just torrented the rest of the distros.

[–] owen@lemmy.ca 7 points 8 months ago

Of course. Torrenting is my favourite

[–] Bristle1744@lemmy.today 5 points 8 months ago
[–] JoeKrogan@lemmy.world 4 points 8 months ago
[–] safesyrup@feddit.ch 4 points 8 months ago (1 children)

Just this week wanted to install ubuntu to a stick and, as you said, because it is everywhere metioned, i torrented it and it was pretty fast at around 160 mbit/s. Worked like a charm, now seeding.

[–] pedroapero@lemmy.ml 2 points 8 months ago (1 children)

I'm able to max out my 1gb/s card easily most of the time.

[–] safesyrup@feddit.ch 1 points 8 months ago

Oh yeah, makes sense, my shitty hdd can‘t handle my gb/s connection lol

[–] narc0tic_bird@lemm.ee 3 points 8 months ago (1 children)

I download netinstall images most of the time. These are in the hundreds of megabytes, do I usually just download them via HTTP in a matter of seconds.

[–] SomeBoyo@feddit.de 0 points 8 months ago (2 children)

Is there any difference in using a netinstall compared to a normal iso?

[–] narc0tic_bird@lemm.ee 1 points 8 months ago

It downloads the packages you need during installation, instead of using the contents of the ISO as a kind of "offline repository". Depending on the distro and installer, it often downloads more up-to-date packages compared to a full ISO, so you don't have to update the system instantly after installation.

[–] cecilkorik@lemmy.ca -1 points 8 months ago* (last edited 8 months ago)

The end result is exactly the same.

The difference is that you can install an iso on a computer without an internet connection. The normal iso contains copies of most or all relevant packages. Although maybe not all of the latest and most up to date ones, the bulk are enough to get you started. The net install, like the name suggests, requires an internet connection to download packages for anything except the most minimal, bare-bones configuration. The connection would hopefully be nearly as fast if not faster than the iso and be guaranteed to have the latest updates available which the iso may not. While such a fast connection is usually taken for granted nowadays, it is not always available in some situations and locations, it is not always convenient, and some hardware may have difficulty with the network stack that may be difficult to resolve before a full system is installed or may require specialized tools to configure or diagnose that are only available as packages.

In almost all cases, the netinst works great and is a more efficient and sensible way to install. However, if it doesn't work well in your particular situation, the iso will be more reliable, with some downsides and redundancy that wastes disk space and time.

Things like windows updates and some large and complex software programs and systems often come with similar "web" and "offline" installers that make the same distinctions for the same reasons. The tradeoff is the same, as both options have valid use cases.

[–] monstoor@lemmy.dbzer0.com 2 points 8 months ago

I used to torrent Linux ISOs, but lately I have been using the network image of Tumbleweed on a USB stick and installing over t'internet.

[–] PoliticallyIncorrect@lemmy.world 2 points 8 months ago

Supporting something WO anything at exchange gives you a great satisfaction, people should do it more often.

[–] sleepybisexual@beehaw.org 1 points 8 months ago (1 children)

I used to seed but lost them in a reinstall after a partition fuckup

What do I seed?

And is there an automated way to update?

[–] Lemongrab@lemmy.one 1 points 8 months ago (1 children)

Idk, I'm a novice. I recommend seeding QubesOS, OpenSUSE ISOs, Linux Mint Debian Ed, NixOS, Tails, Debian, and whatever else you want.

[–] sleepybisexual@beehaw.org 2 points 8 months ago (1 children)

Yea, I'll seed the privacy ones and mint

Fuck standard Debian,

Also you should seed any emualtor torrents you get your hands on

[–] Lemongrab@lemmy.one 1 points 8 months ago* (last edited 8 months ago) (1 children)

Why fuck standard Debian. Its the OS base for kick secure (which is the base of Whonix) and makes for a great server. As a desktop, I have found it very unintuitive at times, but its ol' reliable.

[–] sleepybisexual@beehaw.org 1 points 8 months ago

Its a good base but have you ever used it for desktop use?

Its kinda bad

[–] itsnotits@lemmy.world 1 points 8 months ago (1 children)
  • It's* way faster
  • assumed it's* a joke
[–] jjlinux@lemmy.ml -3 points 8 months ago

You forgot to sign: "Grammar Nazi".

[–] bruhduh@lemmy.world 1 points 8 months ago* (last edited 8 months ago)

I download most files and .iso included with aria2c console app, it's way faster than torrenting and aria2c also supports torrent too