Slashdot Mirror

I used to contribute to this project, and enjoyed learning about the protocol this way. Today, I have little time to give in this area, but wanted to share with those who haven't come across:

Gnucleus

Yeah, it's possible... you could use GnucDNA to make a browser plug-in that would request contents of a webpage not only to its server, but also by querying the p2p network for it.

I've tought about doing it several times, but couldn't find the time. It would not only help slashdotted websites, but anyone with large files (images, music or video).

And if you could setup a system where the server, while saving bandwidth, compensated an user who upload the content, it would be a success.

umm... yeah spyware isn't on the network.
it's on the frontend that you download.
And doing that is stupid.

There's Gnucleus
Open source and delicious.

And WinMx
No spyware. No bullshit.

the list continues...don't be dumb read the fine print

Gnucleus has been a solid Gnutella client for me.

They are also working on GnucDNA a component for building your own P2P applications.

How does the gnutella client start to build a host cache without connecting to a well-known source? Or rather, how does it connect to this source without making it possible for the ISP to MITM.

Some clients connect to a server operated by the client maintainer the first time they're installed. Others use a web-based host caching mechanism to get started. Some have regularly updated host cache files that come with the software. Once a client gets connected for the first time, it sends out a ping packet over gnet (not ICMP ping, gnet ping). Any hosts that need more entries in their host caches respond to the ping with a pong packet containing their IP address and listening port. From that point on, the host has (or can get) as many other ip:port pairs as it wants.

Anyway, I'd love an URL or two with more information about the future direction of gnutella.

Sadly, there's not a great deal of direction in terms of the future of the gnutella network; however, there are a couple of sites worth visiting. The Gnucleus home page has a forum component that's usually pretty lively. It's not exactly developers only, though, so expect to see a lot of posts from people who have "Great Ideas!" about what the developer should do next but don't know anything about programming or gnet. There's also the RFC-Gnutella project on sourceforge that aims to (obviously) produce an RFC on the gnutella protocol, or at least get it standardized to the point where all developers can agree on how servents should pass around data.

Now what do I do?
Well, at least in my opinion, the first thing you should do is recognise that UCI is doing the second best thing they could possibly do in this situation. The only better option would be to give p2p third priority after web traffic (first) and general traffic (second) but not restrict it to a max of 10mbps (out of 60) no matter what else is going on. Congratulate them for being honest and openly allowing p2p to boot.

What can you do?
Well, from a networking point of view, not much. The UC controls your connection and can throttle it as much as they want. Currently, your system sorts traffic into three categories:
Favored (packets get priority): HTTP for web access
Neutral (packes are routed as usual): General traffic, e.g. games, ftp, telnet, etc...
Unfavored (packets are throttled regardless of available bandwidth): p2p

If your goal is to speed up file transfers, your only easy and immediate option is to start trading ftp logins with others, as ftp traffic falls into the second (mostly unrestricted) category, or use some other File Transfer Protocol. There is another solution to the throttling/snooping problem that would prevent ISPs and universities from being able to single out p2p traffic, but it would require reworking the protocol used by the p2p network of your choice. As it happens, I just posted more info on this exact topic earlier today in another story. You may find some of it informative if you're interested in the future/development of p2p.

What should you do?
Well, it's obvious that UCI cares more about bandwidth than legal threats from the abusive and overbearing ??AA. Try starting up a LAN-only file sharing network. You won't be subject to any throtling, the speeds will be _much_ better than downloading off of some ADSL user with 128kbps of upstream bandwidth, and there's a p2p client that's already written and available for download that meets your exact needs. It's also stable, fast, spy/ad/crapware-free, and GPL'd to boot. In case you're struck with a craving to learn more, you can find the program author's site here.

Happy trading.

The GPL-licensed gnucleus gnutella P2P client has a version specifically for this.

From the site: "Gnucleus LAN - If your college blocks gnutella use this to create an internal network for you and your friends. General rule is if you can play network games over your school network, gnucleus will also work. This version can be run on the same computer as the internet version."

Morpheus uses the open source Gnutella client Gnucleus.
Earnings: $0
Costs: $0
Net Gain/Loss: $0

Morpheus installs spyware.
Earnings: a lot
Costs: $0
Net Gain: a lot

Morpheus installs stealware.
Earnings: even more
Costs: $0
Net Gain: way too much for a company that hasn't done anything worth a damn.

There's already an open source sharing file, which used the gnutella network. It is called Gnucleus.

Why do people still use this crapware? Try Gnucleus -- it's open source, so they (presumably) can't hide any nasty stuff in it.

I believe you are thinking of Kazaa Lite.

He supposedly strips Kazaa of spyware. Yes, you can't be sure of that.

However, this shouldn't be confused with Gnucleus which is an open source Gnutella client (that Morpheus ripped off awhile ago and ADDED spyware to it).

• See a new client? Check it out. Improved networks can't take off without a user base. If it sucks, uninstall it - but send a bug report/feature request. C'mon. If you can spend 2 minutes writing a slashdot post you can fire off a quick email.
  
• Share files. People think that if they share files it will unavoidably clog their upstream link and slow their downloads (and web browsing) to a crawl. Not true! Simply limit how much upstream bandwidth the client will use to (just a rough estimate) 60-70% of your upstream bandwidth. You'll be amazed at the difference. If the client lacks a bandwidth throttle, a serious problem for tcp-based networks, send a bug report.
  
• Get involved politically. Write your congresscritters and tell them you don't want to see competition in the home broadband arena killed by deregulation. Write your cable/phone company and tell them you oppose monthly transfer caps. Call your friends and make sure they're aware of the issues. Vote.
  

• If you're a programmer, join an open source project and develop. Your time and skills are needed.
  
• If you're a logical thinker and like analyzing networks and complex node relationships, join a p2p protocol discussion forum. I suggest lurking for a while, though - there's a lot to learn if you're new to p2p protocol design.
  
• Whether you develop, research, or both, recognise that other people are going to have ideas that seem stupid to you and your ideas may seem stupid to other people. Don't waste time arguing. Think before you open your mouth (or put your hands on the keyboard) and recognise that the people making the actual coding decisions have an in-depth understanding of what's going on. Really bad ideas are shot down before they make it into the code -- flame wars are never necessary.
  

There really are some gems on the download.com pagethat guy points to for neonapsters ripping player, these are from the "only positive" remarks option for their CD ripper (old?), i didnt dare read the "only negative"

"Superb! Just like CDex, but with spyware"
I love this program. I used to use CDex, but I was annoyed at the lack of useless spyware included in the download. Since I switched to NeoAudio, all those troubles have gone away. I now have way more spyware and adware than I know what to do with. Thanks, NeoNapster! "

and

"Best spyware I've seen in years!!!"
I've been using NeoAudio anally since it was first released. Forget CDex!!! CDex doesn't invade your privacy and solicit like NeoAudio does... NeoAudio is the BEST spyware out there, BAR NONE!!!

even cmdrTaco gets in on the action with...

"Wow! The best of its kind I have seen!"
This is an incredibly well made piece of software. It completely outperforms CDEX and the SpyWare is only enabled if you request it, and in return, you get 100+ free songs. This completely rocks. Don't use anything but this!

Thing is props for giving out the source code as GPL but is this just another morpheus type company who get GPL code change a few words and brand it their own, and give it away with spyware contributing nothing to open source ,

or

are they a honest company only wanting to advance the concept of filesharing further by contributing something worthy to P2P other than "free spyware" and a fancy GUI ?

__ _ _ _ _ _ _ _ _ _ _ __ _ __ _

NeoNapster has been around for quite a while, amazing it took so long for Slashdot to notice. All they have ever been is a rip off of the GPLed Gnucleus client, just like Morpheus and the whole series of other clones.

The issue here is that this is GPLed software linked with non-free libraries (spyware) and riddled with other GPL violations (missing copyright notices, incomplete source distibutions, etc.). Most of the above mentioned clones do this, some going as far as linking their clones to obviuosly commerical libraries while at the same time pretending to "embrace" the GPL. The Gnucleus author, John Marshall, has been extremely tolerant on the issue, mostly because his interest lies in coding, but if you wanted to, this could be a huge legal case.

NeoNapster has been around for quite a while, amazing it took so long for Slashdot to notice. All they have ever been is a rip off of the GPLed Gnucleus client, just like Morpheus and the whole series of other clones.

The issue here is that this is GPLed software linked with non-free libraries (spyware) and riddled with other GPL violations (missing copyright notices, incomplete source distibutions, etc.). Most of the above mentioned clones do this, some going as far as linking their clones to obviuosly commerical libraries while at the same time pretending to "embrace" the GPL. The Gnucleus author, John Marshall, has been extremely tolerant on the issue, mostly because his interest lies in coding, but if you wanted to, this could be a huge legal case.

This kind of technology has already been implemented in many gnutella clients. Gnucleus (my favorite one) can be configured to use random ports.

I was was working on a custom tailored compression algorithm for gnutella search traffic that would reduce search network traffic bandwidth usage to (a rough guess) 20% of what it is now, but that got shelved for a while when real life (tm) suddenly became a priority. I will undoubtedly resume work on it soon, but while I was toying with a few different ideas regarding the gnutella protocol I came up with an idea for a completely unrecognisable (from the ISP's point of view) communication system for p2p. Briefly:

Step 1: Use the current system of random port assignments using gping/gpong/GWebCache to spread node data.
Step 2: Upon connecting to another node, before any handshaking of any kind is done, exchange public keys (generated by each instance of the node software upon install) and use them to set up an OpenPGP compliant encrypted tunnel.
Step 3: Use the standard gnutella three way handshake to exchange node data and negotiate options (e.g. QRP support, compression, etc...)
Step 4: Begin normal network operations.

It's undetectable because there is no distinguishable pattern even if the ISP decides to sniff packets.
-The ports and IP addresses are random.
-The first 2 kbits (or whatever length) of the connection are random (public keys would be generated randomly by the node software on install). Especially paranoid nodes could generate a new key pair for each connection.
-All the data following that would be encrypted (random).

Since everything (IPs, ports, data) would be random (not to mention protected from snoops!) ISPs would have no way of blocking it. Their only option would be to execute a man in the middle attack, but that would require modifying the data stream which, while undetectable & successful in the event that the connection in question is in fact a gnutella connection, would really confuse anything else.

In short, an ISP would not be able to check a connection without destroying it in the case that it's not p2p.

Helpful users have been finding out the IP address blocks owned by the "bad guys" and submitting them to create a "ban list" for search results.

The new version of Gnucleus has a feature that allows users to simply click and filter hosts that they suspect to be sharing bogus files (and spam etc.).

There are plans to expand the distributed web-based host cache system in use in Gnucleus and a few other clients to also serve blacklists. Possibly there will even be a "vote" system that would allow users to dynamically change these ban lists to propagate information on "bad" hosts automatically.

I think that using hash information is pretty useless, it's easy to stick the right hash on the wrong file. What you'd need is a PGP-like public-key encryption system with signatures and trust structures and the like, but that'd be going to the extreme.

Not quite correct. Many clients such as BearShare (at least, last I tried it, I find the open-source Gnucleus far superior) support "gnutella websites".

That is, you can visit the IP address of the host in question in a web browser, and if they have the option configured, you are handed a nice HTMLified list of all shared files sorted alphabetically.

One thinks the xxAA and similar organisations could find a use for this... it shouldn't be too dissimilar to their successful legals pursuit of AudioGalaxy/MP3Board and other similar web-based-MP3-linking sites.

Well, not the lawsuits, but the lawsuit threats, which are just as effective. See this link to a Gnucleus Forum post regarding an incident of this taking place over a month ago. Just to clarify how it works (straight from the DMCA rules), the copyright holder hires a company like Ranger which has custom-made software that spiders all the major P2P networks. They will index the copyrighted work to a list of IPs, then generate form letters which are sent to the ISP threatening a lawsuit. The ISP then forwards the letter to the user, who has the opportunity to dispute the claim or comply with the 'request' to remove the copyrighted material from the network. Needless to say, if you want to keep your internet access, you must comply. The latest version of Gnucleus already comes with a list of known spidering site IPs blocked, but this is clearly not a solution. IMO, nothing short of the capabilities of Freenet will succeed against this.

Why do people keep these song shared?

It's not necessarily individual users keeping these songs shared. Certain hosts are set up to distribute nothing but fake files -- even ones who look for words being searched and rename files after them (194.213.194.37 does this with a 28kb spam .mpg/.asf file that launches a website when viewed). If you're on gnutella and are using Gnucleus, you can filter out specific hosts.

I know someone has this. I also know that nobody is sharing this. Please get Gnucleus if you are using Win32. Gnucleus is open source, no spyware, gnutella, decentralised, peer-to-peer, free, no ads, works, fast, multi-source downloads, file hashing, not audiogalaxy.

For Windows, check out Gnucleus. It supports downloading from multiple sources. It also supports SuperNodes and is open source.

I agree though that Kazaa beats out Gnutella right now for selection. I have a much easier time finding stuff on Kazaa and the downloads tend to be faster and more reliable. Things are getting better though.

Ooops.

Ad-aware removes some files that are part of KaZaA Lite that are meant to fool the modified KaZaA into thinking that the spyware is still there. You probably removed the "dummy files" that need to be in place to fool the KaZaA in KaZaA Lite.

You probably didn't have spyware afterall, but ended up crippling KaZaA Lite with Ad-Aware :-)

Anyway, why are you using that proprietary, closed source P2P tool anyway? Check out Gnucleus for Windows, a GPLed Gnutella client with swarming and SuperNode support, and tons of users without spyware, limits, or the RIAA on its tail: (http://www.gnucleus.net)

In a similar (although completely different) vein, might I recommend Gnucleus, which is an open source fileshare program (whose code was recently appropriated by the well-known Morpheus).

Even if you don't install their spyware you're still helping Sharman Networks (way more evil than M$ - just not as powerful yet) to expand their user base and the files shared over FastTrack. Not installing the spyware costs them like a few pennies at most, but you being on their network improves it and helps them attract like 50-100 more users. The only solution we have is to boycott KaZaA/FastTrack altogether.

I've switched over to Gnutella (open, cross-platform, multi-vendor network), and been using FreeWire recently (GPL'ed ad-free LimeWire fork), Gnucleus is pretty good too and getting better fast (it's like one hardcore hacker so development is a bit slow), hell even use BearShare if you want but fsck KaZaA.

Do stripped versions of Windows support ActiveX? As far as I know, it's part of IE.

Many applications use it and probably break without it, for example Eclipse. Also, som apps even use IE for rendering HTML, for example Winamp's minibrowser and Gnucleus. If these programs will break with a stripped version of Windows, then IE & ActiveX really are part of the OS.

You mean gnucleus.net.

BDE (Brilliant Digital's Engine) is listed separately on the list of programs installed and may be deinstalled. It leaves some very suspicious crap around in the %WINDIR%\SYSTEM32 directory, so after deinstalling and rebooting it is a good idea to remove this as well before continuing (and before you connect to the network).

Regrettably the Gnucleus network still doesn't provide the accessibility to material that Fast-track does. I run both clients and can see the difference, particularly with regards to queuing.

Somewhat disturbing is the fact that MusicCity didn't even bother to contact the Gnucleus developers about this in advance. They just picked up the code, rebranded it, end of story. No credit beyond the "incorporates Gnucleus technology" in the About dialog. No source code as of yet, and frankly if it is released it will be an embarassement because all you will see if you diff it with the original code is a bunch of advertising crap thrown in, and s/Gnucleus/Morpheus

MC's 'programmers' are of rather dubious merit. The original Morpheus took little or no programming effort on MC's part - they took the same FastTrack skeleton client that the others use and 'skinned' it. The only programming involved here was making the ad window and startup window point to MC's servers. That's it. The rest was all FT's work.

And now, what is it their 'programmers' were 'working hard' to accomplish over the past few weeks? Take a GPL gnutella client and rebrand it. Wow. All that MusicCity is going to bring to the gnutella network is alot more traffic. I wouldn't expect 'programmers' who only know how to toss in ads and logos to help improve gnutellanet itself, or come up with original ideas about how to use the current infrastructure more effectively.

It's great that MusicCity doesn't use spyware as a revenue stream like the Kazaa/Grokster slimeballs (Kazaa allows you to deselect about five different 'value-added' components on installation, but then goes ahead and silently installs cydoor anyhow. It also offers a nice Bonzi Buddy button in the client itself.. I don't know how much more polluted and ugly a p2p client could get) .. but that's about the only good thing you can say about them.

If this page is at all correct, MusicCity are lying through their teeth.

Apparently the FastTrack protocol was upgraded a little more than two weeks ago. A grace period of two weeks was given, to allow users to upgrade their clients. Remember what the Morpheus requester said? "Your program is to old to connect the network."

Grokster, the third (and smallest) FastTrack licensee upgraded their client, Morpheus for some unimaginable reason did not.

Apparently this is a question of politics... Kazaa/FastTrack and Morpheus have had some sort of falling out. Morpheus have long been working on their 2.0 version. Gnucleus say that they have felt for some time that Morpheus is moving toward gnutella.

<speculation>
For some reason, Morpheus became pissed of with Kazaa, and to decided to devote a few man-years to constructing a new client + protocol upgrades which would let them move to the gnutella network without the users even noticing. Kazaa pulled a fast one and changed the protocol, without notifying (perhaps even keeping the docs from) Morpheus, and here we are...
</speculation>

For those of you who are interested in where those juicy 3.500.000 users are going, I have followed the IRC at MusicCity. At first, everyone was in a state of complete panic. Seriously, some of the reactions were quite unbelievable... My life is over! My life is over!!! or how about this one The FBI are at my door!!! Delete your files!!! Delete you files ***NOW***!!!!! :-) Then, about half defected to Kazaa/Grokster, while the other half waited for the new version.

The new version arived, 1.500.000 persons installed it. Unfortunately, 95%+ thinked it utterly sucked and most of them are currently seeking desperately for a new system.

Note: numbers are based on dl stats at download.com. Currently 1,998,910 downloads of Kazaa this week, and 1,394,331 for the new Morpheus.

I just tried the new version... Morpheus Preview Edition is basically an old version of the GPL'ed program Gnucleus. When you install it even displays the GPL as the click-through license.

They're however not providing the source, not yet at least. The Gnucleus developers claim that Morpheus didn't even bother contacting them before doing this.

Better still, Gnuclues doesn't have banner adverts, let alone (ick) popups.

One word: Gnucleus!

it's for Windows, and if you want, you can compile it yourself! :)

For Windows users:

There's an Open Source project hosted on Sourceforge called Gnucleus. Here is the project page.

It supports multiple hosts download, so if you were an user of Xolox, but want a client that development still continues and you want to get those large files using multiple connections, get it now. Sadly, download of partial files from other hosts is still not possible (since there's no consensus from the Gnutella protocol developers about how this should work).

Gnucleus even has a LAN mode, so you may run it to share files over your network that has locked ports or net access blocked (great for colleges!).

I used to use LimeWire, but I actually switched to Gnucleus. It's open source, very streamlined, and it updates automatically. Apparently it also supports multiple source downloading (at least the beta) though I haven't seen much of that in action...

Gnucleus (Win/MFC, GPLd) also got swarm-downloads in its latest beta versions.

I use Gnucleus 1.4.5

quite faster than limewire, no spyware/banners, and GPL'd.
Kazza and Morpheus are on a different network than Gnutella.

Brian