I don’t do much with BitTorrent other than download Linux isos. What’s the advantage to Deluge over Transmission? (which is what I’ve always used since the whole uTorrent controversy)
The biggest difference to me is that the UI is different and more closely aligned to uTorrent which IMO is less good looking but a little more practical.
Personally I use transmission, but I’m not a heavy torrent user.
Rtorrent on a Linux or bsd cli running inside screen or tmux on a server also works excellently for the purpose of persistently seeding things from a system that isn't your main workstation that hibernates and moves around.
Transmission does not support BitTorrent v2 so there is a growing subset of torrents that Transmission can't download but, say, Deluge or qBittorrent can.
Plugins, not sure why nobody mentions them so far here but it's the main reason why I haven't switched to anything else.
I use:
- autoextract plugin to extract files inside the torrents
- autoremove plugin to remove torrents after x days, x seed time, with exceptions to trackers, labels etc
- LabelPlus improves on top of Deluge label system and adds a lot of different options that you can apply to the torrents with certain label plus you can make sub labels.
- RSS plugin with lot of custom filtering with regex etc.
- AutoAdd, an improvement over the tipical blackhole/autoadd of torrent files with the possibility to set settings like bandwidth limits, label it, etc based on the folder it was found.
Some of that maybe is included in some clients but the main point it's that if I wanted I could implement a plugin myself more or less easily in python to add my needed feature without bothering anybody else. Or I could modify an existing plugin.
The other that other people already mentioned is the thin client/ server daemon system, which is 100% better than any web ui because literally you are using the native ui which is the first thing to receive any changes. The web UIs are nice but usually are second priority in general, don't receive all the changes, some settings or features are missing compared with the main ui etc.
And in any case Deluge also has a web-ui if needed, which emulates most of the main UI, plugins need to add a custom code for it, and some don't so that is missing but in any case as I said all that is available in the thin client.
Also handles a lot of torrents nicely which although I don't have a name I remember having issues with some other torrent clients didn't handle it too good. That said nowadays my number of torrents is around 70~100, I used to have a lot more than that.
I especially like the feature to download something sequentially, so that you can stream it via a media player, much like how Netflix or Popcorn Time works.
qBittorrent is indeed nice. Been using it for many years and couldn't be happier. Demise of uTorrent was a boon for open source clients in a way, otherwise I'd never look for replacement. qBittorrent is also written in Qt, so fits very well with Plasma desktop in general.
I agree with this. I use it on both Mac and Windows. The Windows version works pretty well: no major problems. But the Mac version has all kinds of quirks. The most annoying is that somehow it gets into a bad state where it won't even launch, and the only way to fix it is to find its hidden configuration file and delete it.
Even more brilliant that any Russian speaker can realize exactly same without a dictionary, it is just a rare form of делить word which means "to share".
that seems more like a coincidence. the original meaning of deluge/torrent has no relation to sharing if i understand it correctly. unless someones idea of sharing is burying you in stuff.
Back in my private torrent site days when I had to maintain a good ratio I would run deluge on a seedbox and auto download and seed new releases. From my experience deluge was the only client that could saturate a 1gbit/s connection when seeding hundreds of different torrents.
However this was a long-time ago so things have probably changed since then.
What's really cool about Deluge is that it can run in a client/server mode where the Deluge can act as a thinclient. This way you can set up a server, and install Deluge on all your machines, and have them all connect to the same server. As with many other torrent clients, there is of course also a web ui, as well as various thinclient apps.
Having said that, if you don't need a good client/server model, my personal preference is qBittorent, which, for me having grown up with uTorrent, is a lot nicer to use.
qBittorrent has webUI too, and works more or less identical to that of native client. Some day I'll get its NixOS module in abetter shape and just use that.
there is even a mobile client. sometimes when i am outside and i discover something that i want to get like a new linux distribution i want to try, i can then use the mobile client to load it into my server at home so i won't forget to do it later.
Deluge still hasn't had an official Windows release for 2.x, and it's been that way since 2019. Been using qBittorrent for a while now and like it far more than the (currently outdated) version of Deluge I had been using. Not really sure why this was posted here to be honest.
I'm in the same boat as you. Used Deluge for years and was a huge fan, continued to use it for a couple years after the Windows version stopped getting updates, but last year ended up switching to qBitorrent and I'm very happy with it.
> Deluge still hasn't had an official Windows release for 2.x, and it's been that way since 2019.
This is GPL software made by people in their free time, for free. Apparently, the intersection of "people who want a Windows release", "people who have the skill to do it" and "people who want to do it for free" is empty. If you belong to all 3 groups, then please go ahead and provide a Windows release. If you don't then I'm not sure what you are complaining about. That nobody is providing something to you for free that you need?
I'm not saying it's an invalid complaint. But it's not particularly helpful or meaningful. It's not like the maintainers are not aware of the issue. It's just that they've so far had other priorities in life. To keep complaining won't change that. (Well, maybe it will, but that would actually be pretty sad.)
It's a different story when some issue is brought up the very first time because somebody wasn't aware who would like to be aware and also willing to do something about it. But to just keep complaining beyond a certain point is just a waste of energy. (Especially for an issue that clearly many people don't care about, including users.)
P.S.: I'm not sure why you need to "learn GUIs" for this. This is clearly an issue in the server part of the client/server model that Deluge has. Which is a very nice design choice, if you ask me. Not just for users, but also for developers -- you don't need to have any clue about GUIs to fiddle with the network-related part of the program. EDIT: Sorry, confused this with the parallel subthread about the proxy issue. Yes, for a Windows port you may need to know some GUI aspects.
And because it's someone's free time project that doesn't bother to make releases for the most popular computing platform on Earth, it is somehow immune from criticism? Everything OP said is correct.
It's raining outside right now and I don't like it. That's also a correct statement. Just because it comes from the sky doesn't make it "somehow immune from criticism". But that's not a very meaningful complaint. I can complain about the rain all day. Will it change anything? No.
In contrast to the rain, some feature missing in some open source project can be fixed. Put your energy into complaining or into fixing. Your choice.
In a proprietary system, your only option is to complain. Sadly, it's common to see this mentality for open source projects too.
"I don't like A because the authors don't care about my platform I prefer B"
Suddenly five thousand voices of open source zealots appear from nowhere, writing paragraphs and paragraphs about how it is morally outrageous to even suggest any sort of shortcoming, and you should immediately drop everything you're doing and contribute to the codebase yourself.
I know I'm getting a little flamebaity for HN standards, but this is what it genuinely feels like to me.
> Suddenly five thousand voices of open source zealots appear from nowhere
The image that presented itself to me was: An article about an open source project was linked and the two top HN comments were 1. complaints that proxy use doesn't work for 10 years and 2. complaints that there is no official Windows port.
Now, who is the one complaining here? The "open source zealots"?
I find it legitimate to respond to such complaints by pointing out the nature of the criticized project.
It is indeed free, and so those the competition out there, like Transmission and qBittorrent.
Sure they won't lose any money, but they'll lose their userbase and the potential interest of contributors if they don't make any progress. It's a vicious circle.
I currently run 1.3.x on my home server with the Windows client in "thin client" mode, but if the 2.x version doesn't come out soon for Windows I'll likely drop it in favor of qBittorrent when I'll rebuild my home server with a newer Ubuntu LTS version.
It looks like a cool piece of software with lots of nice features, but I mean.. I don't need, as far as I know, a client-server stack for downloading stuff.
But as a client, you have to pay somewhat for that server. And by the way it is one of coolest pieces of software ever. I wish client-server stack to be dead in favor of all kinds of torrents and blockchains.
One reason (probably the main reason) to use Deluge, with its client-server stack, is you can run the server on a “seed box” which will allow you to manage your torrents on a server which is always up (and always seeding, when needed) from a client which is not always online (your laptop, for example). This is extremely useful if you are part of a private tracker community where users are required to seed the things that they leech.
Downloading something from a server is a single point of failure. Power outage, cease and desist, any amount of infrastructure failure or human error, etc. What doesn't go away are a whole bunch of people around the world. Want something wacky from 2 decades ago? Your options are usually either hoping it's on archive.org, or some random guy still seeding the torrent from Uzbekistan that you now have a silent bond with.
They are indeed still a thing. In my region there are lots of good movies that are simply not available for streaming. Even fairly mainstream movies, like The Spanish Prisoner for example. One could buy those movies on DVD, but that does not feel like a good option to me.
Among my generation? Very much so.
I'm not sure about younger people. With phones being the main way of consuming endless content, having to put in any effort into staying in a private tracker or not getting wannacry'd from a public one seems less enticing.
Have you found a service that can provide you with any movie/series/music/game ever made? Please share with everyone else, since the popular services like Netflix/Spotify/Steam don't really measure up to that standard.
Nothing against it but I always wonder what leads to posting a link to a website out of the blue sky. No news, no releases, just a link to a frontpage.
I often think it's a program or set of docs that someone happened upon for the first time themselves, but that can't explain all of them; regardless, I love these kinds of posts, for the opportunity to encounter something that others might have assumed to be obvious and the spontaneous discussions that occur
There are ton of junk posts like that every day. The more interesting question is what makes some of these occasionally gain traction and upvotes seemingly at random.
Bittorrent is reliable peer-to-peer file transfers by chopping up the entire payload into tiny bits that can be shared directly amongst all users.
Dapps are decentralized systems to run complex logic (aka smart contracts) without a single point of failure and with whatever consensus mechanism is used by the underlying chain.
There is no "benefit" over one or the other because they're completely different things.
The main reason I switched to Deluge is that it has great support for Socks proxies. Surprisingly, the support is terrible or non-existent in other clients that I tested (Transmission).
If you use a proxy that's only available through your VPN, you'll be protected if the VPN connection goes down.
Unfortunately downloading over SOCKS proxy also means inability to download from swarms where all peers can't accept an incoming connection, which matters for obscure torrents. I'd suggest running your VPN-only applications in a separate network namespace https://www.wireguard.com/netns/ . This will also prevent, for example, WebRTC or https://www.theregister.com/2015/11/30/port_fail_vpn/ style leaks as the application won't see other interfaces.
It's been open since 10 years, and this is not a great situation for a torrent client. Where torrents are concerned, proxies are explicitly used to protect privacy.
Even in this very topic, someone said they were happy with the SOCKS proxy option in Deluge, when this option (edit: possibly) does nothing.
That's pretty harsh for the client just not supporting one non-essential feature. Many power users of Deluge or other torrent clients run it on seedboxes where a proxy isn't needed and would also negatively impact the speed.
> It's about a project that silently ignores a privacy-related setting, which then exposes the fact that people download something.
Which means that everybody who either doesn't use a proxy or does not care whether it's exposed what they are downloading can happily use Deluge. Using the term "nobody" you are exaggerating quite a bit, don't you think?
Instead of complaining and demanding that others fix something for you for free who are not affected by it, please consider contributing a fix yourself.
You can route a BitTorrent client through a VPN. I do this with Docker + rtorrent + Wireguard. I agree silently ignoring proxy setting is not cool but assuming it is used for privacy reasons is a stretch. I'm glad it avoids people route Deluge data through Tor though that also would not be the sole purpose.
Thanks for pointing it out — yes, using “nobody” is exaggerating and I’ve edited it.
Note that I’m not demanding anything. Or complaining that it isn’t fixed. How could I? The person developing it, may have their reasons which I don’t know about.
However I am pointing out the issue, because there are more secure alternatives out there, if privacy is what you value.
There's 10 comments by the main developer (Cas) on that specific issue. I wouldn't call that "silently ignores".
I support him on Patreon (https://www.patreon.com/deluge_cas) where he sometimes posts updates but it's clear that he's very busy with other things (Including going through an illness) so I'm not blaming some open source maintainer for picking up a 10 year old, apparently hard to reproduce issue with a total of 45 comments.
The client can be used just fine, except for a small buggy behaviour in case if you are using a proxy which likely isn't used by the majority of users.
The application lets you configure a proxy, and then does not use the proxy. It ignores the proxy configuration without informing you. It silently ignores it. No amount of comments in a bug tracker changes that.
Oh but I don’t blame him either, it’s not a question of pointing fingers.
Saying it’s “likely isn’t used by the majority“ is bad form, in my opinion. You don’t know that. I don’t know either, to be sure, but it makes me personally lose faith in the security aspects of the project.
Some time ago, there was a Russian developer(s) who built a database that logged all IP addresses connecting to swarms. They then built a nice web frontend for it, to make it searchable. That’s how I found my IP address.
If you think that’s not much of an issue, that’s okay but I definitely didn’t like it.
For you and everybody else complaining about this aspect: This is open source software. GPL licensed. It's provided as-is. You are free to use it and express what you think about it, and the maintainers are equally free to do with your opinion whatever they like, which includes ignoring it.
Clearly, none of the maintainers found this to be a problem. They likely don't need proxy settings for themselves. And they apparently also don't want to spend the time and energy to fix an issue that they don't have. That doesn't mean it's not an issue. It's just not an issue for them and they choose to do other things in life than fix it for you. Do you really demand somebody who already gave something to you for free to do even more work for free to implement something that they don't need themselves? Why would they do it? To get you to stop complain?
It's open source, you are free to go fix it yourself. This is Hacker News, lots of people on here should have the competence to fix this. Yet, in the last 10 years, apparently nobody found it so bad that they fixed it. It is clearly not impacting as many people as you make it sound like.
"Nobody should use Deluge" is an unsuitable statement, just because it has an issue in your use case. Many people don't have that use case, and of those who do, nobody bothered to fix it yet. Complaining doesn't fix anything.
What needs just as much fixing as the raised issue is your attitude towards open source.
I hate this philosophy of yours with all my might.
When you put something out there, you should strive to do right by your users. It is fine if you do not have time to fix a particular bug, but communication and asking for help should then be your priorities as maintainer. If 10 years of mostly silence on your part have passed, IMHO you have failed to be an effective open source maintainer.
I understand that open source doesn't offer you any rights or guarantees, but it does not have to be written in a contract to care about your software and its particular shortcomings.
Lastly, if you say a maintainer can do whatever they want with their software, I say that users should be free to be critical of it. There is no attitude in OP, they pointed out that a possibly major security bug still exists and people should be very careful about using it. Being open source doesn't mean nobody should dare criticise you.
> When you put something out there, you should strive to do right by your users.
We clearly disagree here.
I also like when some open source author is responsive after they put something out there. And I myself try to be helpful as well. After all, one of the reasons for me publishing things as open source is to attract a community that directly (through patches) or indirectly (through issue reports) helps me to improve the thing I made. Win-win!
But demanding this is actually actively hurtful to the ecosystem. To put it bluntly, would you prefer that somebody just doesn't publish some nice piece of software they wrote to scratch some itch they had just because they have no time/energy/desire to then provide support for users? I don't. I want them to publish it anyway. Maybe somebody else can pick up the maintenance. Or not, but at least it's out there.
> I hate this philosophy of yours with all my might.
i hate this philosophy of yours with all my might. (ok, not really, but i do dislike it)
when i put something out there, i do it to share what i build for myself and for my own needs. i may be asking for help in general, but i won't ask for help for every specific issue unless that issue is a priority for my self and i can't fix it. time is to short to worry about every single low priority problem.
and how dare you judge someone elses effectiveness as a maintainer!
that, my friend, is quite an insult. you have no idea how effective they are. you don't live their life. you don't know what other responsibilities they have. what's next? asking that they commit a minimum number of hours each week for the project? demanding that they respond to any request within a day?
users should be free to be critical of it
absolutely not. you can say: "unfortunately, i have this problem, so i can't use this, i am going to go use something else". but that's about it.
criticism is the bane of our society. criticism hurts peoples feelings. criticism causes burnout. FOSS maintainers are volunteers and absolutely do not deserve that kind of criticism for just developing software. (that doesn't make them above any criticism. if they are rude or mean to their users, then that may well be criticized. but not if they ignore a problem or are unresponsive. they may well have other things in their life that are more important than to care about your software issue) (and if the developer is paid, direct any criticism at the company, but don't beat up the employee who may not have the freedom to choose what issues to work on)
Being open source doesn't mean nobody should dare criticise you
This is a really bad look, but I would think that if opsec is important to you, you won't have your proxy configuration in application level settings of a Python app. I think the people who would be concerned about this use system wide VPNs or seed boxes.
SOCKS is sometimes used as an additional layer to privacy. Stock system level VPN will continue without VPN if the VPN server somehow drops the connection.
If you are limiting the discussion to included stock VPN implementations, doesn’t that basically just include IPsec? Most secure third-party options will drop packets that aren’t destined for an encrypted tunnel, even while not running.
a system wide vpn doesn't always work. in some countries there are apps/websites that only work if they are accessed locally because they block access from outside.
Welp, it's open source, you've had 10 years to contribute a fix.
If you're going to downvote my comment, please explain in a subsequent comment why it's unreasonable to expect that if this is such an egregious bug, someone would've contributed a fix for it? Or at least, a reproducible test case?
Given they haven't, it's either not that egregious, or the people complaining are people who feel entitled to take without giving.
Which, tbh, probably describes a majority of users of torrent software.
it looks like people are misreading your comment. at least i did, at first. i thought you were piling on, addressing the maintainer, but on closer reading i realized that you were addressing the parent poster.
for what it's worth, i think you are absolutely right.
I've been running deluge in Linux since 2019 (version 2.0+, so considerably newer than the bug report) and it appeared to have been using my SOCKS5 proxy settings correctly; I had applied some extra hardening such as disabling natpmp etc, although I'm not sure if those are required.
However I don't doubt that these kind of leaks could have happened depending on configuration / bugs etc.
Eventually I ended up changing my configuration to run deluge in a VPN container (docker) network namespace so that I could use VPN port forwarding for better speeds (supported by Mullvad).
It should be removed as an option, but in-application proxy leaks are also common. Application developers are typically not security experts, and built-in proxy implementations are frequently ancient or poorly implemented. Anyone very worried about privacy should be encouraged to use an audited modern alternative that tunnels all traffic from an interface or VM.
On macOS qBitorrent is unusable if you hit a certain bug that regularly freezes the whole app. In my case, maybe due to that bug, it was also corrupting the downloaded data (which I didn't think was possible due to integrity checks).
I've switched to Transmission and never had any issues with corrupted data or freezes again.
Agreed, I also switched from rTorrent -> Deluge -> QBittorrent. It has a surprisingly clean interface and works with a lot of torrents without any issues. Deluge always had load issues pretty quickly, especially after coming from rTorrent.
Did you know that you can script the behavior of any torrent of any size of any tracker and many privacy features along with extensible plugins - PicoTorrent, BiglyBT and Tixati.
123 comments
[ 4.9 ms ] story [ 197 ms ] threadPersonally I use transmission, but I’m not a heavy torrent user.
No need to worry if you can suspend your laptop or go away, the torrents will download and/or uninetrrupted.
This is also great if you want to seed the iso images and lower your distros' hosting bills, and not just "hit and run" (download and stop).
Last time I looked (many, many, years ago) I believe Transmission didn't have client-server support. It's good to know they now have that option.
I use:
- autoextract plugin to extract files inside the torrents
- autoremove plugin to remove torrents after x days, x seed time, with exceptions to trackers, labels etc
- LabelPlus improves on top of Deluge label system and adds a lot of different options that you can apply to the torrents with certain label plus you can make sub labels.
- RSS plugin with lot of custom filtering with regex etc.
- AutoAdd, an improvement over the tipical blackhole/autoadd of torrent files with the possibility to set settings like bandwidth limits, label it, etc based on the folder it was found.
Some of that maybe is included in some clients but the main point it's that if I wanted I could implement a plugin myself more or less easily in python to add my needed feature without bothering anybody else. Or I could modify an existing plugin.
The other that other people already mentioned is the thin client/ server daemon system, which is 100% better than any web ui because literally you are using the native ui which is the first thing to receive any changes. The web UIs are nice but usually are second priority in general, don't receive all the changes, some settings or features are missing compared with the main ui etc.
And in any case Deluge also has a web-ui if needed, which emulates most of the main UI, plugins need to add a custom code for it, and some don't so that is missing but in any case as I said all that is available in the thin client.
Also handles a lot of torrents nicely which although I don't have a name I remember having issues with some other torrent clients didn't handle it too good. That said nowadays my number of torrents is around 70~100, I used to have a lot more than that.
I especially like the feature to download something sequentially, so that you can stream it via a media player, much like how Netflix or Popcorn Time works.
BiglyBT is also great if you used Azureus back in the day.
Why do you think that? Deluge is a synonym for torrent.
However this was a long-time ago so things have probably changed since then.
PS: I also think deluge is a great name..
Otherwise its cool.
Having said that, if you don't need a good client/server model, my personal preference is qBittorent, which, for me having grown up with uTorrent, is a lot nicer to use.
This is GPL software made by people in their free time, for free. Apparently, the intersection of "people who want a Windows release", "people who have the skill to do it" and "people who want to do it for free" is empty. If you belong to all 3 groups, then please go ahead and provide a Windows release. If you don't then I'm not sure what you are complaining about. That nobody is providing something to you for free that you need?
It's a different story when some issue is brought up the very first time because somebody wasn't aware who would like to be aware and also willing to do something about it. But to just keep complaining beyond a certain point is just a waste of energy. (Especially for an issue that clearly many people don't care about, including users.)
P.S.: I'm not sure why you need to "learn GUIs" for this. This is clearly an issue in the server part of the client/server model that Deluge has. Which is a very nice design choice, if you ask me. Not just for users, but also for developers -- you don't need to have any clue about GUIs to fiddle with the network-related part of the program. EDIT: Sorry, confused this with the parallel subthread about the proxy issue. Yes, for a Windows port you may need to know some GUI aspects.
It's raining outside right now and I don't like it. That's also a correct statement. Just because it comes from the sky doesn't make it "somehow immune from criticism". But that's not a very meaningful complaint. I can complain about the rain all day. Will it change anything? No.
In contrast to the rain, some feature missing in some open source project can be fixed. Put your energy into complaining or into fixing. Your choice.
In a proprietary system, your only option is to complain. Sadly, it's common to see this mentality for open source projects too.
Suddenly five thousand voices of open source zealots appear from nowhere, writing paragraphs and paragraphs about how it is morally outrageous to even suggest any sort of shortcoming, and you should immediately drop everything you're doing and contribute to the codebase yourself.
I know I'm getting a little flamebaity for HN standards, but this is what it genuinely feels like to me.
The image that presented itself to me was: An article about an open source project was linked and the two top HN comments were 1. complaints that proxy use doesn't work for 10 years and 2. complaints that there is no official Windows port.
Now, who is the one complaining here? The "open source zealots"?
I find it legitimate to respond to such complaints by pointing out the nature of the criticized project.
I think Deluge runs on MINIX just fine. /jk
Just saying Windows is nowhere the most popular computing platform although it's the most popular laptop/desktop OS.
They're simply saying that it doesn't have a windows release and so they use a different client.
As for their comment on why, I agree. This doesn't link to any news.
People do provide unofficial Windows builds in the forums.
Sure they won't lose any money, but they'll lose their userbase and the potential interest of contributors if they don't make any progress. It's a vicious circle.
It looks like a cool piece of software with lots of nice features, but I mean.. I don't need, as far as I know, a client-server stack for downloading stuff.
The Linux ISO crowd has kept Usenet alive. I feel like torrents will be around for a while yet.
Why is this bad if this happens in the background while appearing to you as a normal app?
Have you found a service that can provide you with any movie/series/music/game ever made? Please share with everyone else, since the popular services like Netflix/Spotify/Steam don't really measure up to that standard.
https://blog.malwarebytes.com/threat-analysis/2016/09/transm...
https://news.ycombinator.com/item?id=11234589
some organic, some brigading laundered into organic
but some people coordinate elsewhere and send a post here
Dapps are decentralized systems to run complex logic (aka smart contracts) without a single point of failure and with whatever consensus mechanism is used by the underlying chain.
There is no "benefit" over one or the other because they're completely different things.
Of course, the idea has been used with other clients, but I have yet to find a more complete solution.
If you use a proxy that's only available through your VPN, you'll be protected if the VPN connection goes down.
Deluge has a bug that's open since 10 years or so, and it's about ignoring proxy settings.
https://dev.deluge-torrent.org/ticket/2149#comment:43
It's been open since 10 years, and this is not a great situation for a torrent client. Where torrents are concerned, proxies are explicitly used to protect privacy.
Even in this very topic, someone said they were happy with the SOCKS proxy option in Deluge, when this option (edit: possibly) does nothing.
That's pretty harsh for the client just not supporting one non-essential feature. Many power users of Deluge or other torrent clients run it on seedboxes where a proxy isn't needed and would also negatively impact the speed.
It's about a project that silently ignores a privacy-related setting, which then exposes the fact that people download something.
Which means that everybody who either doesn't use a proxy or does not care whether it's exposed what they are downloading can happily use Deluge. Using the term "nobody" you are exaggerating quite a bit, don't you think?
Instead of complaining and demanding that others fix something for you for free who are not affected by it, please consider contributing a fix yourself.
Note that I’m not demanding anything. Or complaining that it isn’t fixed. How could I? The person developing it, may have their reasons which I don’t know about.
However I am pointing out the issue, because there are more secure alternatives out there, if privacy is what you value.
I support him on Patreon (https://www.patreon.com/deluge_cas) where he sometimes posts updates but it's clear that he's very busy with other things (Including going through an illness) so I'm not blaming some open source maintainer for picking up a 10 year old, apparently hard to reproduce issue with a total of 45 comments.
The client can be used just fine, except for a small buggy behaviour in case if you are using a proxy which likely isn't used by the majority of users.
Saying it’s “likely isn’t used by the majority“ is bad form, in my opinion. You don’t know that. I don’t know either, to be sure, but it makes me personally lose faith in the security aspects of the project.
If you think that’s not much of an issue, that’s okay but I definitely didn’t like it.
I thought BitTorrent was a protocol on top of e.g. TCP, is it carried inside HTTP by some clients?
Clearly, none of the maintainers found this to be a problem. They likely don't need proxy settings for themselves. And they apparently also don't want to spend the time and energy to fix an issue that they don't have. That doesn't mean it's not an issue. It's just not an issue for them and they choose to do other things in life than fix it for you. Do you really demand somebody who already gave something to you for free to do even more work for free to implement something that they don't need themselves? Why would they do it? To get you to stop complain?
It's open source, you are free to go fix it yourself. This is Hacker News, lots of people on here should have the competence to fix this. Yet, in the last 10 years, apparently nobody found it so bad that they fixed it. It is clearly not impacting as many people as you make it sound like.
"Nobody should use Deluge" is an unsuitable statement, just because it has an issue in your use case. Many people don't have that use case, and of those who do, nobody bothered to fix it yet. Complaining doesn't fix anything.
What needs just as much fixing as the raised issue is your attitude towards open source.
When you put something out there, you should strive to do right by your users. It is fine if you do not have time to fix a particular bug, but communication and asking for help should then be your priorities as maintainer. If 10 years of mostly silence on your part have passed, IMHO you have failed to be an effective open source maintainer.
I understand that open source doesn't offer you any rights or guarantees, but it does not have to be written in a contract to care about your software and its particular shortcomings.
Lastly, if you say a maintainer can do whatever they want with their software, I say that users should be free to be critical of it. There is no attitude in OP, they pointed out that a possibly major security bug still exists and people should be very careful about using it. Being open source doesn't mean nobody should dare criticise you.
At least, I don't see any in that bug report.
We clearly disagree here.
I also like when some open source author is responsive after they put something out there. And I myself try to be helpful as well. After all, one of the reasons for me publishing things as open source is to attract a community that directly (through patches) or indirectly (through issue reports) helps me to improve the thing I made. Win-win!
But demanding this is actually actively hurtful to the ecosystem. To put it bluntly, would you prefer that somebody just doesn't publish some nice piece of software they wrote to scratch some itch they had just because they have no time/energy/desire to then provide support for users? I don't. I want them to publish it anyway. Maybe somebody else can pick up the maintenance. Or not, but at least it's out there.
> I hate this philosophy of yours with all my might.
"Hate" is a strong word. This is pretty sad.
i hate this philosophy of yours with all my might. (ok, not really, but i do dislike it)
when i put something out there, i do it to share what i build for myself and for my own needs. i may be asking for help in general, but i won't ask for help for every specific issue unless that issue is a priority for my self and i can't fix it. time is to short to worry about every single low priority problem.
and how dare you judge someone elses effectiveness as a maintainer!
that, my friend, is quite an insult. you have no idea how effective they are. you don't live their life. you don't know what other responsibilities they have. what's next? asking that they commit a minimum number of hours each week for the project? demanding that they respond to any request within a day?
users should be free to be critical of it
absolutely not. you can say: "unfortunately, i have this problem, so i can't use this, i am going to go use something else". but that's about it.
criticism is the bane of our society. criticism hurts peoples feelings. criticism causes burnout. FOSS maintainers are volunteers and absolutely do not deserve that kind of criticism for just developing software. (that doesn't make them above any criticism. if they are rude or mean to their users, then that may well be criticized. but not if they ignore a problem or are unresponsive. they may well have other things in their life that are more important than to care about your software issue) (and if the developer is paid, direct any criticism at the company, but don't beat up the employee who may not have the freedom to choose what issues to work on)
Being open source doesn't mean nobody should dare criticise you
if you didn't pay for it, it means exactly that.
Nowadays I follow your advice and use a third-party option.
If you're going to downvote my comment, please explain in a subsequent comment why it's unreasonable to expect that if this is such an egregious bug, someone would've contributed a fix for it? Or at least, a reproducible test case?
Given they haven't, it's either not that egregious, or the people complaining are people who feel entitled to take without giving.
Which, tbh, probably describes a majority of users of torrent software.
for what it's worth, i think you are absolutely right.
However I don't doubt that these kind of leaks could have happened depending on configuration / bugs etc.
Eventually I ended up changing my configuration to run deluge in a VPN container (docker) network namespace so that I could use VPN port forwarding for better speeds (supported by Mullvad).
I've switched to Transmission and never had any issues with corrupted data or freezes again.
So is Deluge.
They are highly advanced clients even incorporating features of Tribler, https://torrentfreak.com/academic-torrent-client-hopes-to-sh...
So only those with a chunk of familiarity should use these, but as always these things entice HN crowd.