Hacker News new | comments | show | ask | jobs | submit login

Ugh, I hate these P2P "CDNs". A few years back, CNN tried this for their streaming video with technology from a company called Octoshape. Users (including myself) were unwittingly conned into accepting the plugin in order to watch live video. This created a huge mess for big corporate IT departments, who suddenly had hundreds or thousands of desktop machines streaming out video whenever there was a major news event.

I realize that this is a server-side option now, however. Still, it's a crappy deal. A decently-sized deployment of public cloud boxes to support your private CDN is going to cost far, far more than an actual CDN. Public cloud bandwidth is obscenely priced compared to what you can get it for on the CDN market.

Author here:

>"Public cloud bandwidth is obscenely priced compared to what you can get it for on the CDN market"

Amen to that! I think where this comes in to play is when you've already got colo space and excess capacity (e.g. eBay etc) and/or you'd like to leverage other edge pop's outside of your provider (e.g. mainland China). But it also adds some level or protection against correlated backbone issues if you can add p2p edges along other providers (similar to Netflix's design). When we looked at the correlation across existing CDN providers we found it was ~95%[1].

Video streaming specifically is _especially_ bandwidth intensive and will definitely cause issues in corporate LANs. It's one of the reasons we add ASN categorized black listing (e.g. residential vs. hosting vs. corporate etc)

[1] https://blog.edgemesh.com/understanding-diversification-netw...

Hello, lead engineer here. Just to clarify, you don't need a plugin to enable Edgemesh as a user. Everything is 100% browser compliant. Your webmaster adds our one line of code and our one javascript file you are done. Your users will never even see a pop up.

Obviously the plugin isn't the issue, the fact that my browser will now be uploading X MB/sec, which I have no control over, to random peers. This sucks, especially because I have capped monthly bandwidth from my penny-pinching ISP.

Why should I host and seed your data for free?

We detect if you are on a metered connection and we disable all seeding functionality to ensure you are not playing for the bandwidth we use. We also have an opt out mechanism, but that is up to the installing site to implement. The reason you would want to host data is that you get a faster internet experience. We fill your cache with assets that YOU are likely to request in the future. Performance is our driving metric.

You and jloveless have been commendably open in this submission. Personally, I think that if you're not destroying someone's limited data then you're meeting what should be expected of you. Demanding that you deliver your content in a certain way is silly IMO.

Say I have a web application that displays a complex rendering of millions of constantly changing points, and for some reason it's very expensive for me to do computing. However it's easy to write some javascript that renders the millions of points on the user's computer. It's absurd to say I'm being unreasonable by streaming more data to the user instead of rendering frames and streaming video. Using my upload speed is annoying, but it's still stupid to pretend that using a website is entirely one-sided. It's like complaining about ad bandwidth.

Abuse is one thing, but this isn't categorically bad. Plus, it's really cool!

Thank you! We work _really_ hard to ensure we're staying off CPU, managing disk, and making every replication event count (generally intra-ASN). But it's also really valuable for our NGO clients (and other non profits). My personal favorite is an aide program where they literally bring a Supernode on a laptop, setup a WiFi[1] point in the middle of no-where and can support a fully interactive site for refugee's who have devices when they reach the camp. They can then find out where they are, and what's going on - and you can power a surprisingly large site from a single laptop . It's also really helpful in places like sub-Sahara Africa where in region bandwidth capacity _dramatically_ outstrips off country bandwidth.

[1] http://www.meshpoint.me/

That's fantastic! I have a personal vendetta against heavy websites specifically because of how unusable they are in remote countries, so that sounds just fucking awesome to me.

> Demanding that you deliver your content in a certain way is silly IMO.

Perhaps, but expecting that visiting a website implies that my computer is not transparently inserted into another companies CDN distribution scheme is not..

via: https://edgemesh.com/product

" ClientRecieve & Render

When a user visit's an edgemesh enabled site their browser begins to execute the client side Smart Mesh™ accelerator. This code uses our patent pending distribution method to transparently and seamlessly join the edgemesh overlay network. While the your web page assets are requested, the client side code analyzes the response time from your servers to the browser and will optimally decide when to request assets (images, videos, etc.) from the mesh network vs. fetching the assets from your server as normal. If the client obtains the assets from your servers, it alerts the Hub process to store these new assets on the mesh. Best of all, this dynamic crawling of your webpage means no more management of cache settings, even on dynamic content.

Smart Mesh™ ensures your users always have the most recent copies of the most requested assets, automagically. "

" HubMesh & Store

The Hub process is a client side Javascript engine which loads in parallel to the user's page load process. The Hub is the client side brains behind edgemesh, and allows the browser to effectively pre-cache content. The Hub communicates with the edgemesh signal servers and gets the optimal list of assets for this browser. Unlike simple peer enhanced solutions, the Hub allows for Cross Origin asset replication.

For example, if your users are viewing https://example.com the Hub process allows their browser to request cached assets from other active edgemesh users - even those currently viewing other sites! The Hub intelligently replicates the edge caches across geographies and networks, and in most cases ensures your visitors have a local copy of your content before they even know they need it. Best of all, the Hub ensures that your site joins the millions of other mesh enabled users - allowing you to tap into the colocated acceleration of peers across the entire community. "

Not quite sure how this isn't that much different than a JS based Bot client / trojan horse TBH, although the traffic isn't officially "malicious", but rather part of some 'innovative and disruptive new startup tech'..

I will look forward to see this go the way of the Bonzi Buddy and Clippy.

I'm talking about seeding though. Seeding data to random peers will make my internet slower, not faster. I don't want to seed. If your service makes my machine start seeding to random people because I accidentally visited a website that uses your malware, then that sucks!

Maybe implement some kind of blockchain solution so that I get paid for the data I seed? (/s)

I have no interest in having my storage or bandwidth abused for anything that is not being shown on my screen right that very moment. And even then, uploading this content to other people is ludicrous. I will be sure to block your assets.

Anyone know of a good way to detect sites that are rude enough to abuse my network connection for their own gain?

Probably the best way is to check the WebRTC stats [1] if using Chrome. We sit atop the WebRTC stack for p2p functionality.

[1] https://testrtc.com/find-webrtc-active-connection/

Bravo for your transparent and open approach to user feedback. The standard these days seems to have fallen low, with countless companies implementing sneaky ways to exploit users however they can, with sugar-coated, obfuscated language. It's refreshing to see such honest replies from this project, especially considering the question is about how to avoid participating unwittingly. I also would prefer not to share bandwidth in this way without knowing, but as you described in another comment, I see there are real positive benefits when used ethically.

> We detect if you are on a metered connection

How that? What makes you think that is even possible?

What we do it we have a mapping of ASNs that are flagged as metered. When your client comes online we take the IP, map to the ASN and determine if it is able to upload (e.g. on cellular/metered etc). We buy this data today and you can always drop an email to meter_notice@edgemesh.com with your IP and we will add it in. We also prioritize upload partners for known ASNs (e.g. you're more likely to be chosen for upload if you are on Verizon Business than Verizon Fios than Telstra).

Verizon's FIOS explicitly forbids this in section 4.3:

3. Restrictions on Use. The Service is a consumer grade service and is not designed for or intended to be used for any commercial purpose. Except as otherwise set forth in this Agreement, you may not resell, re-provision or rent the Service, (either for a fee or without charge) or allow third parties to use the Service via wired, wireless or other means. For example, you may not provide Internet access to third parties through a wired or wireless connection or use the Service to facilitate public Internet access (such as through a Wi-Fi hotspot), use it for high volume purposes, or engage in similar activities that constitute such use (commercial or non-commercial). If you subscribe to a Broadband Service, you may connect multiple computers/devices within a single home to your modem and/or router to access the Service through a single Verizon-issued IP address, and if available through the Service, you may permit guests to access the Internet through your Service’s Wi-Fi capabilities. You also may not exceed the bandwidth usage limitations that Verizon may establish from time to time for the Service, or use the Service to host any type of server. Violation of this Section may result in bandwidth restrictions on your Service or suspension or termination of your Service.

Source: http://www.verizon.com/about/sites/default/files/Verizon-Onl...

Let me first say ... IANAL. That being said this (like most legal language) is a broad as possible and by design. Having spoken with Verizon (Wholesale, Wireless and Edgecast teams) there seems to be a consensus that models that limit their (the telecoms) transit costs are encouraged and there's a number[1][2] of commercial examples where thats the case. Indeed - their own CDN offerings don't (yet) have the economics (today) to support more distributed caches, so something like this which is lightweight and requires no DNS/infrastructure changes is interesting. A place where this is getting a lot of discussion is where we'd least expect it: on the LTE networks. Since there isn't yet[3] a solution for mobile peering there's a lot of discussion around solutions to run low cost, light weight caches _inside_ the Radio Area network.

[1] Xbox One | https://www.nanog.org/sites/default/files/wed.general.palmer... [2] Spotify | https://community.spotify.com/t5/Desktop-Linux-Windows-Web-P... [3] http://datacenterfrontier.com/vapor-io-teams-with-tower-tita...

So you've blacklisted AT&T, CenturyLink, Cox, Exede, HughesNet, MediaCom, StarTouch, SuddenLink, and Comcast?

All of those have the majority of their subscribers paying extra fees once they cross an invisible usage line, AKA a "data cap".

Let me see if I'm understanding correctly.

You're using visitor's upload bandwidth and you see not notifying them as a feature? I'm not sure I can see the justification for that.

But will users their bandwidth get abused?


https://sig.edgeno.de/edgemesh.client.min.js is being added to my uBlock list.

Good call. I just submitted an issue to UBlock to get their JS client added to the block lists:


Sorry Edgemesh team, but this kind of activity without user opt-in is not okay.

No worries - that's exactly what uBlock is there for! :) We've struggled to find the best way to add opt out on the client side without effecting the actual page itself (e.g. pop-up etc) and would love to get some thoughts on this - please PM me if you have any. Alternatively we went with a more aggressive approach on network based detection (e.g. metered connections, replication across ASN vs intra-ASN etc).

A little notification does seem like the best idea to me. Obviously it would need to be zero-effort, way unobtrusive, and nice and reassuring. "Hey- on unmetered connections, this page may balance network load with your unused bandwidth. You shouldn't notice any difference in speed! [Learn More][Edgemesh CDN]" Maybe even the slightly more aggressive "Your unused bandwidth is helping to speed up other people's connections!" Pop a neat little box in the lower right hand corner on the first visit, and have it minimize/disappear after a couple seconds.

I think it's a little skeevy to have it be completely silent. That doesn't mean it has to be super loud though.

We've added this to 1.7.2 [1] That will roll into production tomorrow evening.

Thanks for all the feedback HN community!

[1] https://github.com/edgemesh/edgemesh/releases

Man, you guys are awesome and endlessly tolerant of the slightly fanatical hyperbole being directed at you.

Although i am not at all affiliated w Edgemesh as a company, I can tell you (first/second? hand) the personality and good-naturedness in this team is through the roof.

Plus its just a killer product made by killer devs, pretty sure Spotify does P2P cache-sharing too btw.

I think it should be a browser-level feature, just like allowing notifications or location access.

Browsers should have an option to follow one of four behaviors: a) allow all P2P connections, b) always ask, c) allow a low-volume (say, <32kbps) P2P traffic, but throttle and ask if the rate tries to go beyond the safe threshold and d) deny all P2P connections. With b) or c) being a sane default, and a JS API to check permissions programmatically.

While this doesn't solve the problem right now (and would probably take a long while to happen), as a long-term solution, I think that would be the best way for everyone, providers and consumers.

I just think if you'll raise an issue with the mainstream vendors (Mozilla, Google, Opera, Vivaldi) you (as a company) this idea may have slightly better chances to be heard than just some random end-user suggestions.

If this idea fits your vision, of course.


As a short term, I guess maybe you can implement some proprietary API and suggest your users (webmasters) to show a confirmation panel that fits their site look-and-feel. With some readily-available sample implementation that they can just use if they don't want to spend time at all (besides adding a line of code).

We've documented it here [1] and also put an example footer implementation on our homepage[2] as well. Thanks for the feedback!

[1] https://edgemesh.com/docs/getting-started/opt-out [2] https://edgemesh.com

I like the idea of a browser level feature for opt in to WebRTC (on a per Origin basis) - and it was proposed circa 2011 web WebRTC was coming of age. It's probably worth revisiting that discussion.

Also with regards to detecting metering client side you're 100% correct - you can't reliably do it in any way on the client side (although for mobile there are some APIs to detect cellular vs. wifi [1]). What we do it we have a mapping of ASNs that are flagged as metered. When your client comes online we take the IP, map to the ASN and determine if it is able to upload. We buy this data today and you can always drop an email to meter_notice@edgemesh.com with your IP and we will add it in.

[1] https://developer.mozilla.org/en-US/docs/Web/API/Navigator/c...

how can you even know if a connection is metered from within a browser?!

thats crazy talk rigth there. there are so many variations that all happen completely outside of the browser domain and/or the connection destination.

Aside from the connection API - What we do it we have a mapping of ASNs that are flagged as metered. When your client comes online we take the IP, map to the ASN and determine if it is able to upload (e.g. on cellular/metered etc). We buy this data today and you can always drop an email to meter_notice@edgemesh.com with your IP and we will add it in. We also prioritize upload partners for known ASNs (e.g. you're more likely to be chosen for upload if you are on Verizon Business than Verizon Fios than Telstra).

that's noble. really. but by far deterministic.

via the Network Information API.


Connections start metered and are then upgraded when an unmetered connection is successfully detected.

Yes, I've seen the phrase "seeding to random peers" pop up a few times. Peer selection is actually extremely smart and is by no means "random".

It's in the official uBlock filters list now. https://github.com/uBlockOrigin/uAssets/commit/7a32aa2efb033...

welcome to the future

Yes, and this is utter shit. You want to push CDN bandwidth constraints onto consumer networks in some p2p model and trust the content coming out of it? The idea is ridiculous in every aspect except for those who don't know anything that are buying this paradigm.

The DOS possibilities are endless and the MD5 + layered approach already has chinks in the armor. Come on. You filter every participant through some ddos filter provider you don't own, filter good content from bad based on some persistent hash database state and take a look at the content you are introducing in some heuristic (probably comparative) profile.

Garbage, move along.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact