Blog of the Bittorrent Applet

Saturday, September 29, 2007


You can find online the new upload section!
Basically it is a web page that lets you generate and directly upload the torrent metafile.

Currently the upload puts the generated metafile on mininova, but you can link the web page with different parameters in order to post the metafile to other servers: soon there will be an option to use the upload with fenopy, for instance.

How to use it

The user should go to
to generate the .torrent metafile, that will be directly posted to the postUrl address and then the user will be asked to go to doneUrl.

After the user clicks the create button and chooses the file or directory, the applet generates the metafile and posts it (to postUrl) directly from the browser.
The post is a simple http post with Content-Type: multipart/form-data and it contains a single parameter named torrent with the torrent metafile in binary form, I guess if you're using php you can just access $_FILES['torrent']. The applet expects a text/plain response with the hash of the info dictionary of the posted metafile in ASCII (e.g:

Then the user will be asked to go to doneUrl with the hash parameter (doneUrl?hash=d901895bc378d0b6ffcb87a4f9503bf51664d475) where the user should complete the file submission.

Should you provide a download with BitLet after the torrent submission, the applet will try to guess the correct path to start seeding the file.

Please ask the user to start seeding the files, after the submission is completed.

Usually I'm quite cryptic when I write, so don't hesitate to contact me if there's something I didn't explain well.

Thursday, September 27, 2007

peer_id and announce-list

BitLet has been updated!
The new version now supports the announce-list extension, and follows the specification that can be found here.

The applet generates also a new peer_id using the Azureus convention, so the new applet peer_id starts with "-WT-0001"

Note that the previous version of BitLet used the prefix "BitLet01", but since it is an applet (and therefore the update is, somehow, granted) you should not see the old peer_id anymore.


Tuesday, September 18, 2007


If you are bored of copying and pasting torrent urls, this bookmarklet should help you out.

I coded this simple bookmarklet after seeing this grease monkey script by iisonly.

Here is a small description on how to install it and how to use it.

As usual, feedbacks are very appreciated.


Tuesday, September 11, 2007

UPnP and incoming connection port

We have just updated the bitlet applet.

Now, if you are behind an UPnP enabled gateway and you are natted, bitlet tries automatically to forward the incoming connection port of your router to your local machine.

Another interesting improvement is that now all the bitlet downloads share a single incoming connetion port. (Previously each download window had its own incoming port.)

As usual, please contact us if you encounter any problem.

Psss: soon we will publish another interesting tool related to UPnP!

Sunday, September 2, 2007

The point about certificates and signing

If you ever tried to use BitLet, you should have encountered a window that says you that the signature of the applet cannot be verified (see the screenshot below).

Since some users appear to be quite puzzled about what is the exact meaning of that message, we will try to shed some light on this issue.

Let's start from the beginning...
In order to protect users from malicious applets, the JVM (Java Virtual Machine) considers the code of applets that are embedded in web pages to be untrusted, and it is executed in a sort of sandbox, which prevents it from executing any action that could (possibly) harm the client system.

This means that, by default, common Java applets are not allowed to perform some tasks, including opening network connections to other servers or to access the filesystem of the client machine on which they are running.

Obviously, any bittorrent client (including BitLet) needs to perform both those operations to be of some use, even without intending to do any harm.

In order to overcome this problem, the applet is digitally signed, i.e. it is signed using a digital certificate that ensures that the applet comes from the certificate holder.

This brings us back to the first line of this post. You are seeing that annoying message because the certificate used to sign BitLet is not issued by a trusted Certificate Authority. Actually, it was generated on a common development box. Why?

Because code signing certificates cost. And they cost a lot of money, too.

If you know any CA that issues that kind of certificates without charging outrageously high prices, don't hesitate to let us know or drop us a line in the comments.