Slashdot Mirror
Napster Server Protocol Has Been Published
C|Net is publishing a story about a Stanford University Senior who reversed-engineered the Napster server protocol. The story also mentions a Web page in SourceForge which gives links to various Napster clients for different OS's. I wonder how many new Napster servers clones we'll have soon.
Original text:
I hate to sound raw and bitter (i'm both, but we really shouldn't go into that here), but while your at it, why don't we all ask for unlimited bandwidth, world peace, and the end to all diseases. (None of which will happen. Ever.)
The RIAA or some form of it, whether it be in idea or literal form, will always be around.
The problem does not stem from the fact that some big, nasty association is on the prowl all the time, it comes from the fact that the values that our societies are built on are fundamentally flawed. Values such as greed, lack of honesty, and good, old-fashioned foulplay.
While Napster is a great program, and I fully intend to continue to use it, I am not going to wish for anything like not having the RIAA around. Why?
Just like I won't be wishing that people will start using the privelage of voting and booting the conservative nitwits from their high horses.
To when Pigs fly,
Cheers,
Rami James
http://w3.to/rjames/
--
rJames.org - illustration
If people liked the music, the band should be able to get some concerts.
How often does the Orb tour? Orbital? Boston? King Crimson? I could name hundreds of bands, if I had the time.
Throwing out logic has nothing to do with it. You're just rationalizing not having to buy the music.
You'd think that true artists would care more about their music going around the world than making money selling CD's.
Further rationalization. While the "starving artist" cliche might sell a warehouse full of bad paintings, it's a pretty horrible life to live. Beethoven and other composers had "patrons," or people who commisioned them to compose pieces, often for specific events. The analogy doesn't fit. One patron has been replaced by thousands or million sof individuals, voting for music with their dollars. You're removing those dollars from the equation.
"True artists" need to make a living too. I know a lot of "true artists" who are waiting tables, washing dishes, or having to give up on their art because it's not paying the bills.
I apologize for replying to all the posts in this thread, but this "i want it for free and I'll get it for free" attitude is just plain wrong. I don't agree with the RIAA's reasoning, I know that it's just plain greed, but a lot of musicians are going to get screwed in the process.
If you're not willing to support the musicians, you don't deserve the music. Do you realize that you're bitching that the record execs are robbing the musicians while doing it yourself?
Which, by no means, excuses this.
Open Source. Closed Minds. We are Slashdot.
"There is no way that this can be construed as being the function of our Internet connection." I find this statement to be amazing. the internet is what it is. Just because it does't behave the way you want it to is your problem. You could 1. add more bandwith charge the students more for the addition. 2. stay offline... your policy reminds me of the chinease goverments policy...if you give the students the connection and u dont like what thier doing charge them for the extra bandwith.
This gets into that whole "educational use only" argument. I live on campus, and the internet net connection that I *pay* for here is the only one I get. Are you about to tell me that just because it is hooked up to the campus network directly that I'm not allowed to use it for anything non-eductional? That I'm not allowed to look at anything interesting on the Internet? I take great offense to that. This is my home. This is my Internet Connection. I have no other. I believe I have a right to download whatever the heck I want.
The problem is that you (both individually, and the larger collective "you" of the masses of college students downloading and trading mp3's) are on their physical network and using a network more than partly funded by various 3rd parties. The university is held accountable when its students use the network to break laws (we could get into a discussion about whether copyright law is outdated at this point -- but you'd probably find me on your side there). The universities don't generally have a moral concern here -- they are a business. They have to watch out about copyright violations just like they have to watch out about kids getting killed on top of elevators (universities could give a crap whether you elevator surf or not, but their insurers make them care about their bottom line...).
Additionally, if a sizeable percentage of their bandwidth (btw, you don't know their utilization unless you work for the network administrators -- and even then you only get one piece of the picture, believe me) is going to mp3z, the research being done elsewhere might well be suffering. While you are their livestock (the masses used to generate income), the researchers, and the occasional future benefactor (which may emerge from the herds), are their real priority. If the researchers complain that the bandwidth the University bought for them is unusable, the University will act. This is, again, all a part of being in the University business.
Finally, since the University is a business, and a PR-based business to a great degree at that, rampant news stories about college students "Breaking the law" do not look good for Universities. Parents don't want their children going away to become criminals. Alumni don't want their degree tarnished. Donors don't want to give to a cesspool. This may seem like exaggeration, but this is how most universities view these things.
Believe it or not, you don't have a right to download and trade mp3's (again, we could have a long discussion about the validity of the laws which prohibit this, but they are the same laws the universities are forced to live under). Eventually the ability of the university to insulate you from the disciplinary structure of the rest of society will break and you will have to be accountable for your actions. Believe me, I understand how university life is -- been there, done that.
I doubt the previous poster was jealous of your bandwidth (I have more bandwidth than I can generally use coming into my house). Many of us have used and/or administered networks on pipes that would boggle you. Penis envy of a 10/100 line on a university-size public use network with thousands of users is rarely in order. The fact that you have to pay for your bandwidth, however, is an unfortunate part of the unfairness of college life. The university can make you pay, even though you have no other choice. The fact that 9x% of college students are between 18 and 25 years old points to the fact that if you're going to raise a stink over not being able to download mp3z on your pipe you are going to have to get mommy&daddy involved. Guess what? The university knows that mommy&daddy don't want to get involved if they know it's about mp3z/warez/pr0n/etc. Anyway, they stick it to you and you can't do anything about it.
With regard to cost issues, you should know that 5 years ago only the most cutting-edge and/or affluent universities had wired dorms. The fact that it's a "selling point" now is an indication of how much things have changed. The ubiquity of campus connectivity, however, belies the cost of this infrastructure. The universities (hell, the society at large as we subsidize the bulk of this infrastructure) will be paying for this upgrade for years to come. To assume that this is some sort of grift job to squeeze a quick profit out of students, or that wiring campus was cheap and easy (and therefore a right) is just plain ignorant. The problem with being in college is that, as the individual student in this day and age, you are the least important and least influential part of the university business plan; however, it may take 5-10 years after graduation to figure this out (truthfully most college grads never figure it out). Yet, we are generally sent to college at our most arrogant and idiotic phase of development, so we prattle on about our rights, our importance, and How It Really Is.
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
No matter how you slice it, Napster included a license agreement IN THE INSTALLER that required the end-user to completely accept its terms, or not install the application. The license agreement that David Weekly accepted told him he could not reverse engineer.
I have only seen "YAY OPEN SOURCE FOREVER" threads, and no discussions on the legalities of this.
----------
"They misunderestimated me." --George W Bush, Nov. 6, 2000
I only noticed the problem the first time, after I *ahem* dumped a batch of 2,000 mp3s onto my box. First connection took minutes, after that it seems back to normal (a few seconds).
Open Source. Closed Minds. We are Slashdot.
In my opinion, anything that's sending/recieving the full local pathnames of files is BAD.k \something.mp3"
Why doesn't napster use logical shares like an http server? It's obviously much safer to send something like
"//clientname/soundtrack/something.mp3"
as opposed to
"C:\private\pr0n\kiddiepr0n\other\mp3\soundtrac
Now that this is being talked about, it shouldn't be long before somebody comes up with a hacked client that peruses through unsuspecting Napster PC's.
-CausticPuppy "Of all the people I know, you're certainly one of them." -Somebody I don't know
He said that he had done so. He said that he "didn't have to, he could have chosen to have packet monitored", but he was using the client.
Open Source. Closed Minds. We are Slashdot.
I actually DO think it is a publicity stunt. Here's one perspective to think about -- look at the history, and question the motives:
1. runs a huge pirated mp3 site at stanford, shut down
Almost 100% illegal content, which he was solely responsible for making available to the entire Internet, at the expense of his university. They soon discovered the site and shut his illegal website down.
Curiously, a Playboy.com article spotlights him as a victim of his university (laugh) and as the self-proclaimed leader and evangelist of the "MP3 Consortium", whatever the hell that is.
During a period when more than just a few colleges are cracking down on their irresponsible students, I wonder what brings the focus on this person alone? Suspicious..
2. discovers napster, champions it as a way to continue his habits while likely shirking liability
For whatever reason, spends a night re-inventing the wheel and reverse engineers the napster protocol (again), which is clearly in violation of the EULA distributed with the client.
When notified of his apparent inattention to the questionable legal nature of his activities and asked to take it down, he immediately sends an email to the open source napster developer's list explaining that he's under attack from Napster, Inc., saying "I'm not going to let them bully me!"
Amazingly enough, though much more significant and thorough reverse engineering has been posted and made publically available, a major news organization somehow finds this self-proclaimed evangelist of illegal activity and spotlights him, yet again.
No, folks, this person has a verifiable history of illegal activity, and maintains a juvenile attitude towards breaking the law, while painting himself as some hacker hotshot whose "horrible plight" everyone should empathize with.
Further, it seems clear that he has a strong thirst for media attention (hooray for vanity websites), coupled with (and made much worse by) actual intelligence. This reminds me of Agent Steal. Anyone remember him? If you do, then you know what I'm getting at.
Question the motives.
--The ability to uniquely identify files (which would enable split downloads where you get parts of a file from different hosts)
--The ability to deal with other types of files (well, not really a protocol issue but controlled by Napster)
--The ability to continue after a legal attack on the "Server"
--Load balancing of the transfers
--...
The only real advantage is that they use a central server and are willing to take the heat for hosting that server.
Making a reliable transfer protocol is not difficult--look at GetRight. The trick is in communicating and hosting the databases. As long as there is a need of a central repository there is a vulnerability. It's not only that you could take out that one server site and shut down the whole network, but that there are a limited number of subnets that could be "Sniffed" to find out who was serving what.
Is there anyone out there who thinks that the files they "Host" for napster downloads aren't tracked?
What we really need is a more amorphous system where a list of IP's and files is hosted on each system and is synchronized constantly in the background. When you start your computer it would try to contact all the IPs it had before. If you are lucky, one will connect and you'll get a new list. If you're unlucky, you download a text file from any of hundreds of places where the latest lists would be stashed.
It could even be implemented as a BADFS (Big Ass Distributed File System). You would just "Mount" what you wish to share somewhere into the system and load any files you want from other areas.
Having different "Groups" to connect to might solve the problems that will occur because of the size of the directory.
Here's a cute little project that shouldn't take very long to do:
A Napster proxy.
Run a server on one of the common ports, say, 80, and reroute requests to the real Napster servers.
What's that saying about routing around censorship, etc.?
...j
Correct me if I'm wrong, but don't the people running Napster have a "see-no-evil, hear-no-evil" attitude about pirate MP3's? (They're just providing a service for users to trade MP3's and can't be held responsible for content, etc.) Granted, Napster themselves aren't the ones pirating music. However, if ISPs can be held responsible for allowing spammers to freely send spam off their mail server, why can't the music industry hold Napster responsible for allowing users to distrubute pirated music as far as they possible can? Even though spam is quite annoying, there's no laws (yet, unfortunately) against it, yet distrubuting pirated music breaks copyright laws. Are you supporting Napster just because you don't mind pirate music, thus you don't mind services that aid in distrubuting pirated music? (Not that I don't have a bunch of MP3s myself. I'm not trying to argue against pirate MP3s; my gripe is against Napster.)
Seems to me Napster is a company that wants to make a quick buck off questionably legal content that users provide (i.e. the MP3's they swap). This bothers me. It's one thing to swap music between friends, its a totally different thing to try to make money off it. Personally, I'd like to see Napster sink on principle. There'll always be ftp or hotline servers to trade MP3's on that are run by people not trying to make money off the servers.
George Lee
Yeah.. On a Linux box you could use rdir to redirect traffic on localip:80/napsterport to napsterserver:napsterport, then ensure that napsterserver has an implicit route. No actual proxy would be needed.
:-)
Don't know much about routing do you?
Unless I have misread what you stated, your linux box *still* needs to get through my router to get on to napster. And if I block all outgoing traffic to port 6969 you won't get there, no matter how many redirs you have going because that implicit route still needs to get through my router.
Now something you could do is have an outside box do the redirection. Unfortunately all traffic would be going through that box so you wouldn't want to proxy too many people.
I don't see how free, illegal distribution of music gets the artists money without the record companies taking a cut. Artists realize the power of internet distribution, and are trying to capitalize on it. Napster is most definitely not a way for them to do so. Napster is a way for their hard work to proliferate to a million ears without a single penny of income.
This is the most ignorant thing I have heard all day. The truth is that promotion is the bigest obstical to a bands success and band who have any clue ARE making money from mp3 promotion. It is really fucking easy to realease an mp3 to all the pirate sites and include a message asking them to visit your website in the comment (or maybe even in the audio). No,w once they visit your website you can sell them all sorts of shit like: shirts, stickers, CDs, mp3s of other mixes of your songs.
Now, you say "well people would just pirate the other mixes that the band sells." Well, this is no problem for the band because they can just keep producing newer diffrent things and rolling the old ones into promotional material. The people who want it will pay because some of it will never show up.
The truth is that the whole ideea of buying a CDs full of static music is STUPID. Music should be a service and not a product.. just like software. If you really liked music you would be willing to pay for the new shit. Hell, the fact that lissening tothe same thing over and over again is why we have a DJ club culture.
Piracy is no threat to ANY artist because the artists has the distribution advantage. Piracy is just free promotion of what you have done in the past.. just look at what thei nternet comics have done. Now, you could say that we should not pirate RIAA music because we souln't want to give those artists free promotion.
Plus, If we added the way to bundle a webpage with a song then it would give an artist a way to add all kinds of profit making material: visual art, links to the artists web page, advertisments.
Hell, If I was a recording studio equipment maker I would give studio equipment to good artists for free with the requirment that they mention that they used my equipment at the end of the songs they distribute on mp3. Just think of all the minor leage DJs who will hear it everytime they play the song!
Jeff
BTW> It will not be long before there are companies specialising in internet promotion of music, i.e. pay us to upload all you shit tot he pirate sites.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
So let's do the math... $1/cd for $250k... Now let's see a couple hundred thousand people pulling in the tunes off of napster instead, there goes another $200k. Watch the internet grow, watch the growth rate of Napster, and watch the numbers pile up...
You example fits a lot of record companies, (Geffen almost killed God Street Wine), but there are a lot of smaller labels putting out good music. I've seen a lot of Rhino releases (I mean, they continue to print Zappa, MST3K, all kinds of shit that would never see the light of day otherwise) getting posted all over the place.
I don't work for Rhino, or any other record company, I'm just a musician. Whoever called me a "shill" or whatever this morning couldn't be more wrong. I'm in a similar situation, playing fusion that isn't "commercially viable" either.
I like to give fugazi, mmw, mr bungle and a lot of other bands outside the mainstream money. The most direct way for me to do it is by buying a CD. Downloading the mp3 without paying for it is in no way going to support the band.
he vast majority of their income comes from your purchase of actual physical media, which becomes obsolete every 4-8 years.
While I agree with most of your arguement, I have to point out that most bands obsolete much faster than the media that their music is distributed on.
And media lasts much longer than 4-8 years. Records were here for 4 or 5 decades. Cassettes were here for 2 or 3 decades. CD's have been here for 15 years. DVD isn't even here yet, and when it arrives it will probably be the smoothest transition yet, since it won't obsolete your music collection. You'll just need a new player if you want to take advantage of the new format (probably either longer songs or higher quality).
Will anything be proprietary anymore? Are we heading to Open Source everything?
Am I being paranoid?
Is the Truth out there?
Where's Scully?
There's the little green men!
There's also one at
http://opennap.sourceforge.net/napster.txt
which, although I dunno how accurate it is, is distinctly more readable and understandable.
An outside box is what I had in mind.. The company firewall can be, er, restrictive sometimes, so I use a combination of rdir and IP masquerading on my private (outside) boxen to get what I need. I've run AIM, ICQ, Napster, use it to check my POP3 box and also use it to peruse the grey hat web circuit. (banned; the network people are using a dialup and a 'free' ISP cus they got sick of arguing with the powers-that-be)
And I do know a thing or two about routing. I'm not godlike, but I get by..
.sig: Now legally binding!
-----------
"You can't shake the Devil's hand and say you're only kidding."
Now napster servers will become as common as your average Warez FTP server. There is no stopping the power of distributed computing
As soon as the RIAA shuts down one server, two more will pop up. Haven't we seen something like this before?
I have been wondering, Napster was created by a small Californian (?) firm. Why? How do they plan to make some $$$ out of it. Have they planned to make napster a commercial (licensed) program after the beta period (changing something in the servers, so the beta wouldnt be able to acces again?).
// Fraxinus
recently there have been many articles in our campus newspaper about the speed of the network being slowed by MP3 transfers (not really, but they have to make an excuse for the poor technology). They are apparently blocking all access to Napster servers (or ports I really don't know). I recieve a "no route to host" error when I try to connect now.
:)
I really think that in order for Napster to live on they are going to have either allow for random ports or a lot of people are going to have to start setting up servers
Ahhh... the oracle of South Park!
You mean, the same way DeCSS is in the public domain, dontcha? ;-)
Meesa thinks napster.com wouldn't agree with that statement.
---
If they did have 30-50 people working for them, I what the heck they do all day? They don't have any advertising, and their web site doesn't change much. I don't see much PR going on other than word of mouth. Their "jobs" page hasn't changed in several months indicating they haven't filled any positions (which indicates they don't have any money). hmm. I suspect napster is a tiny company - if it is more than one person.
-- Virtual Windows Project
Nonsense. We already have governments to enforce existing laws against actual crimes -- the DOJ can hold its own just fine. All organizations like the RIAA do is the stuff we don't like such as:
Enforcing a cartel atmosphere where prices are constantly inflating ($18 for a cd, huh?) and quality hasn't much improved
Lobbying Congress for some more favorable-for-the-industry-but-at-the-expense-of-e veryone-else copyright laws
Beating up on the little guy who's properly trying to use his music under fair-use doctrine but in ways contrary to the $ interests of RIAA-member corporations.
I agree with your first assertion that it's futile for us to merely hope that the RIAA will just disappear, but don't delude yourself into thinking they're actually good for something good. We don't need the RIAA any more than we need OPEC or DeBeers.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Here's an idea to implement:
A file sharing system like Napster, but it shares arbitrary files, using a heirarchical directory structure.
* Its pseudonymous and anonymous, and uses multiple-bounce remailer-style protocols to guarantee an untraceable data stream from file provider to recipient. Traffic analysis is irrelevant, so it can operate at full normal speed. Pseudonyms are unique but are destroyed again at log-off.
* The entire data stream is encrypted (and re-encrypted in wrappers for each remailer-type bounce).
* It uses a serverless protocol, Jabber would be ideal, leaving no main server to shut down. Also by piggybacking on Jabber, it would be impossible to block just this file server protocol from within Jabber, and it would be commercial suicide for the ISPs to agree to block Jabber altogether.
* When you share a diectory full of files, you can merge it into the category heirarchy under an existing category, or under new categories, subcategories, etc. If you create a category, others will then see it as an option to merge their directories with. Directories can be shared under multiple categories.
* Searches are "search in category" and "search category and sub categories".
Should be do-able. Would be Fed-proof. Any takers?
First off, there are many insecurities in napster. The port is opened when the program starts, and it stays open. Anyone with the correct knowledge can access your computer. I have seen it done. Second, in reply to an early comment about Napster being responsible for much of a Universities traffic... VERY TRUE, I know here (unnamed college) that Napster was specifically responsible for 60% of the traffic on the network in the first semester. The University got smart and is actually cutting Network throughput completely to anyone who trasfers data across Napster. It is very easy for them to track since Napster leaves its port open. I have had several friends lose there entire connection because of this, to get it back they have to write an essay! What a crock. PS Keep your eyes open for a program that will rock Napsters world. www.absolutepc.net
jNapster: cmdline java
gNAP, Gnapster: Gnome
kNapster: KDE
beNapster, Crapster: BeOS
jNap: Swing GUI Java (really good!)
apster for MacOSX (MacXter?)
Funny, coz I've been tweaking on jNapster for a couple of weeks now and just now does it make it onto the /. radar.
---
OK, you're an artist, trying to make a living playing music rather than selling your soul to some subicle-owning master.
What exactly is a "subsicle-owning master" I must have missed that reference. Trying to make money from art is extremely difficult. Many people in this world favor job security and being able to know that they will be able to pay the bills instead of living in a homeless shelter. I would rather do a job that I hate and still get paid then not to get paid. Or I could just jump off a tall building and remove myself from the public scene. Even that choice I think would be better than uncertainty and instability from being an artist.
You actually get a contract, get a CD out, and try to survive through the first couple of releases until you start making money yourself rather than the record company.
Noble work. I salute you sir.
Meanwhile, 5 people buy your CD, rip it, and share it on napster. Eventually a million people have it, and never spent a cent to support the artists. The CD sales are low, so the label drops the band. The band, with no viable source
of income, goes back to working day jobs.
Why does everyone think that the entire earth has PCs now? Even more people assume that those people are proficient enough using their new found power to get and support a massive distributed effort at revolution and espionage. Come on people we don't have the whole earth wired and probably never will at the rate we are going.
As far as working day jobs people have to do 'real' work eventually. What strikes me as odd is why no one even thought that working is still done. You know there are a whole class of people who are working on jobs that don't have the ability to do something that they get mass fame for you know.
Really, it's mighty sad. I mean, we've all seen a startup company go under at some point, I've been part of a couple, and it's a despairing moment. Multiply that by the factor of artistic expression and hopes and dreams of not having
to become a mouse jockey to survive, and you've got some really sad shit.
Well to use that colorful vernacular I have seen more depressing shit than that. People who are wealthy or self important enough to take high risk ventures are people for the most part are a little batty or are just not thinking about future probabilities. Every day I think about the probabilities (informally because not even mathmetics allows for all the really interesting things that the human brain can do) that will arise. These probabilities work on the factor of the path of least resistance. Taking the path of most resistance will have a higher likelyhood of creating bad things and should therefore be avoided. You see events like you describe because we have the ability to artificially increase the age of people beyond what most individuals can mentally calculate in reasobable terms. What will become aparent in the next 20 years is that living will become really quite sour from many people's perspectives and will therefore mutate into increasing use of euthansia as a cure. And it's all because of people's thinking that risk = good for many things.
It's no wonder the RIAA is up in arms. I hate the fat record execs as much as anyone else, but I worry about the artists too. Noone seems to even think about that anymore, which is just sad.
What a bunch of crock shit. If I am an executive I can hire anyone I want. Suppose a band is removed from a record label. So what I probably can choose any band from at least 1,000 or so in the USA and abroad. The RIAA dosn't care if people die or even worse suffer. They want money so they can be comfortable and never have to wory about anything. This is not altruism it's greed plain and simple. And that dear Watson is the reason why your reasoning is completely baseless.
Slashdot social engineering at it's finest
I've been informed by people who've analyzed the packet stream that Napster sends that it's horribly insecure - frighteningly so, in fact.
It would really not surprise me if something similar to your scenario were allowed to happen, though by current standards, I consider the sending of autoexec.bat to be pretty tame. In my opinion, it's pretty pointless to try to "hack" any box that still uses an autoexec.bat, but just think - the blackmail possibilities are endless!
Things like this coupled with the sheer instability of Napster (I have to reboot my box, a 500 Celeron with 128 megs of ram, every time I use it), made me just decide to delete the entire install and mooch off of my friends who have 60+ gig mp3 archives.
"During your times of trial and suffering, when you see only one set of footprints, it was then that I was riding the pogostick."
A good traveller has no fixed plans and is not intent on arriving.
I think it is a prefrence of listening. Using mp3's allows you to listen to a wide variety of songs, without haveing to change cd's, or buy cd's. If you get a good player, it will pick songs for you based on your prefrences, and then you
can listen to any given time's worth of random mixed up music. It is basically like listening to the radio, but being sure that only the kinds of music you like is going to be played, and there are no comercials...
A while back radio was dieing out as a medium that most people reall cared about. I am just wondering why people have such a fascination with music when most of the future is becoming based on highly visual interactive formats. I realize convience is nice but why sound? Is this the direction human society is taking?
Slashdot social engineering at it's finest
Your argument is a bit naive, and I think you're fully aware of that.
There have always been studio bands that tour extremely rarely. Touring is an extremely grueling process, which can totally tear up the lives of musicians and their families. A lot of bands do not tour, and rely on studio album sales to keep their efforts going. They shouldn't be forced out on the road just so that you can save your $10-15 and listen to the tunes for free.
2. However, what they are really afraid is that artist can get big and earn big bucks without going through a record label. They are scared shit because once artists realize this, the industry will go in for a major overhaul.
I don't see how free, illegal distribution of music gets the artists money without the record companies taking a cut. Artists realize the power of internet distribution, and are trying to capitalize on it. Napster is most definitely not a way for them to do so. Napster is a way for their hard work to proliferate to a million ears without a single penny of income.
Really, the main reason the RIAA and the industry in general is scared of napster, MP3 and digital music in general is that the vast majority of their income comes from your purchase of actual physical media, which becomes obsolete every 4-8 years.
The main reason I worry about it is the artists loss of income. There are a lot of smaller record companies, especially now that pretty much anyone could start one for under $10k, that are getting screwed in the process. A lot of electronic bands are getting ripped off unimaginably, especially since a lot of them rarely, if ever, play live. They're on smaller labels, just getting started, and are losing a lot of income due to things like napster.
At some point, you're taking food out of a musician's mouth. Rationalize that with as much rhetoric as much as you like, it's the basic fact beneath all this.
Actually, I personally know next to nothing about what's involved in network traffic shaping: does it happen at the router level? Do you put some software on your firewall? Most importantly, if it's software, are there any open-source traffic-shaping programs out there?
I'd appreciate learning more about this.
-----
The real meaning of the GNU GPL:
The real meaning of the GNU GPL:
"The Source will be with you... Always."
OK, this may sound pretty naive, but have you considered implementing some kind of traffic shaping solution?
I'm a network admin myself, and I've encountered the same sort of thing that you have (MP3 sites being the worse culprits) but I think that port blocking is overkill.
In addition to port-based shaping (telnet gets highest priority, FTP lowest, etc..) dynamic load-based shaping is a possibility (lowering the priority of packets to/from bandwidth hogs).. so that the single user (in your example) would get their effective bandwidth lowered automatically, instead of having to wait a week/month for you to analyze the traffic logs.
I'm not saying that port/host blocking isn't necessary in some cases (if you pay by the packet, for instance,) just that if shared bandwidth is the main concern, that there are other solutions.
I'm not a hacker hotshot, either. Do I not state explicitly that others have done a better job?Neither did I claim myself as such a hotshot. Where do you get this from? Or did you already make up your mind about me without even considering who I really am?
Finally, I'm not running from anyone. The very first thing that I did when I completed the analysis was to notify Napster. My actions are here for all to see, judge them as you may.
David E. Weekly (dew, Think)
David E. Weekly
Code / Think / Teach / Learn
h4x0r for
>"c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
>[GASP!] Napster SENT the COMPLETE location of the
>file!!!! Does this mean that there is a
>way to coax the client to offer up ANY file?
>Uhm. Someone should check into this. If a file is
>not in the user's listed mp3's or their chosen
>directory, does the napster client still send it?
I just checked this. I hacked up the gnome-napster client to give me IPs, and then followed the protocol to ask for C:\MSDOS.SYS, and it responded "FILE NOT SHARED" with an abrupt disconnect. It wasn't a truly thorough test, but I believe the security is good enough to stop opportunistic file stealing. See log below
Connected to x.x.x.x.
Escape character is '^]'
1GET
NOBODY C:\MSDOS.SYS 1
FILE NOT SHAREDConnection closed by foreign host.
The reason I say it wasn't a thorough test, even though 95% of napster users use the win32 client, and linux clients are just starting to come out, was that there's no way for me to check the client version from this end. It gets sent to the server upon connection, but never gets transmitted between clients. So, it's a distinct possibility that this person may have been using a different client, and that it simply responds with FILE NOT SHARED if the file either isn't shared or isn't accessible. I'll keep playing.
Jason
em: infi*at*sleepdep.net
If an injunction is served, they'd shutdown that server, effectively stranding *all* closed-source clients with no means of changing the connection address.
(If I'm wrong, tell me now and make my day!)
---
OK, you're an artist, trying to make a living playing music rather than selling your soul to some subicle-owning master.
You actually get a contract, get a CD out, and try to survive through the first couple of releases until you start making money yourself rather than the record company.
Meanwhile, 5 people buy your CD, rip it, and share it on napster. Eventually a million people have it, and never spent a cent to support the artists. The CD sales are low, so the label drops the band. The band, with no viable source of income, goes back to working day jobs.
Really, it's mighty sad. I mean, we've all seen a startup company go under at some point, I've been part of a couple, and it's a despairing moment. Multiply that by the factor of artistic expression and hopes and dreams of not having to become a mouse jockey to survive, and you've got some really sad shit.
It's no wonder the RIAA is up in arms. I hate the fat record execs as much as anyone else, but I worry about the artists too. Noone seems to even think about that anymore, which is just sad.
What we need is a general purpose protocol in which the server helps clients to search contents in them. Instead of trying to emulate what napster does, we can start from scratch and design a secure protocol. This does not need to be specific to sharing MP3 files. This can be used for sharing any type of files including program binaries and other multimedia contents. Once this protocol stabilizes and is published as an RFC, it just becomes one more internet protocol like ftp and http. And then, we can have meta servers (like Archie of yester years). We can have servers and meta servers specific to content type, etc. :-( ]
Let us see who can block a standard internet protocol. [Of course, we may then have filters which block specific sites, etc.
-Siva
"subcle" was a typo. It should be "cubicle."
/sarcasm
So you don't understand artists or the drive to be one. Fine. Don't be one. We really don't care. You've obviously never felt the drive.
Why does everyone think that the entire earth has PCs now? Even more people assume that those people are proficient enough using their new found power to get and support a massive distributed effort at revolution and espionage. Come on people we don't have the whole earth wired and probably never will at the rate we are going.
Extremely valid point, but we're still looking at a growing hemmorhage of income for musicians.
People who are wealthy or self important enough to take high risk ventures are people for the most part are a little batty or are just not thinking about future probabilities.
True, very true. Mozart was a bitch to be around. Liszt was very abusive to the people around him. Artists are often temperamental and a little batty. Doesn't make them or what they produce any less valid.
Wealth and self-importance aren't the basis for becoming an artist. A lot of poor artists exist too. The path of least resistance is not very fulfilling, and frequently leads to depression, or feelings of having wasted your life. If I gave up my instruments, I'd have no reason to live. Apparently in your world-view this would be a good thing.
What a bunch of crock shit. If I am an executive I can hire anyone I want. Suppose a band is removed from a record label. So what I probably can choose any band from at least 1,000 or so in the USA and abroad. The RIAA dosn't care if people die or even worse suffer. They want money so they can be comfortable and never have to wory about anything. This is not altruism it's greed plain and simple. And that dear Watson is the reason why your reasoning is completely baseless.
This is enforcing my point, not arguing against it. Don't forget, my point is about Napster taking away from musician income. In a scenario in which Napster delivers music to 30,000 people who would have otherwise bought the music, the record company sees slumping sales and axes the musicians. The musicians lose out. I'm not defending the record companies, I'm defending the musicians. They have to go through the record companies to make money, that's the system in place right now. If Napster and MP3 transmissions rob their sales, they rob their careers as well.
And that dear Watson is the reason why your reasoning is completely baseless.
That's good for discourse, it shows that you're open to new ideas and that you're actually listening to others.
I think one flaw in your thinking, and an attitude to which I can't relate, is in your statement, "...why people have such a fascination with music..." Music is a very powerful force in many people's lives, it's not just a "fascination." My wife likes some music, but she can take or leave it. I, on the other hand, am PASSIONATE about music and am very aware of how it affects me.
Radio is fairly useless to me, because it panders to a certain mass-market. CDs are OK if I want to listen to a specific artist or type of music. But at work, I want to have a wide diversity of music available. Thus, over time, I've ripped a number of my CDs and put them on my workstation. I then set this large music list on "random" and I end up with quality music that keeps me entertained.
Yes the future will contain more "visual interactive formats," but music will always be around for those of us who love it.
I'm Peggy.
Did someone say Reverse Engineering ? I smell lawsuit ,
Well need an injuction to stop people doing this, Ow wait that will mean stop using Napster as well, Ow well
Someday, we'll look back on this, laugh nervously and change the subject.
David E. Weekly (dew, Think)
David E. Weekly
Code / Think / Teach / Learn
h4x0r for
Voting is the privilege of citizens. If you are not a citizen, you dont get to vote.
Voting is neither a right (convicted felons cannot vote, not just noncitizens) nor a privilege, but rather a duty of the citizenry. The citizenry, of course, shirks its duties any chance it can.
Which in itself I consider partially a violation of my rights, in that I am being "taxed without adequate representation".
Oh, cry me a river, liberal. You want representation? Move back to the country you hold citizenship in.
Dont give me any "just become a citizen" crap. That doesn't address the injustice that I pay thousands of dollars a year in taxes, but I dont get any say in what gets done with them.
Well boo fucking hoo. You want a say, become a citizen. You don't want to become a citizen? Sorry, no say. You want to keep your original citizenship while leeching off government services (police, firefighting, highways, courts) without having to pay taxes to maintain them? Not here, buddy.
Not having representation (suffrage) is the cost of keeping your original citizenship. When you live in a country and use its public services, you pay taxes to maintain them. That's the deal. You want to alter or abolish those services, you have to vote -- and to that, you have to be a citizen. That's a separate, unrelated deal.
Of course, the government shouldn't be in the business of doing many, many of the things it does, and taxation levels at home (USA) and abroad are atrocious bordering on ludicrous, but hey, that's the welfare-state for you. I'm waiting for the Boomers to destroy Social Security so we can finally freaking get rid of it.
gomi
This from http://www.onelist.com/messages/napdevMessage: 2
e .txt
Date: Tue, 25 Jan 2000 11:37:30 -0500
From: Brian Ristuccia
Subject: Re: WARNING!
On Tue, Jan 25, 2000 at 03:27:49AM -0800, David E. Weekly wrote:
> From: "David E. Weekly"
>
> I was just contacted by Napster and asked to take my protocol documentation
> off of my servers. At any rate, I'd encourage you all to make copies of Dr.
> Scholl's document (and mine, if you so desire) since Napster may start
> cracking down on these documents. I'm not going to let them bully me! And
> remember: linking to documents is perfectly kosher. Looks like someone's
> already made a copy at http://lovenapster.tripod.com/
>
What were their grounds for requesting removal? I got a threat letter from
the MPAA asking me to remove DVD related software and documentation from my
web site a few weeks ago. I sent them a strongly worded response and haven't
heard from them since.
The threat letter:
http://osiris.978.org/~brianr/css/demand.txt
My response:
http://osiris.978.org/~brianr/css/draft-respons
Good luck.
--
Brian Ristuccia
brianr@xxxxxx.xxx.xxx
bristucc@xxxxxxxxxxxxxx.xxx
bristucc@xx.xxx.xxx
Someday, we'll look back on this, laugh nervously and change the subject.
Most artists make their money going on tour. Napster is good, because it is their best promotional tool.
Why do big name bands and singers have to go on tour?
1. They like performing live
2. It's their bread and butter (income).
Why do artist need to sign on to record labels to grow?
1. They get a tiny fraction of the profit from CD sales.
2. The promotional activities that the label do aids their popularity especially when they go on tour.
Why is the RIAA scared of Napster?
1. Every 18 year old freshman can serve thousands and thousands of ripped songs on his own machine
2. However, what they are really afraid is that artist can get big and earn big bucks without going through a record label. They are scared shit because once artists realize this, the industry will go in for a major overhaul.
Naspter was not explicitly designed to pirate music, just as guns were not designed explicitly for murder. IANAGRA, however. What the RIAA and the DVD CCA is afraid of is that they will lose their iron grip on the industry, and that their cartel position would be challenged. Yes they are concerned about piracy, but they are more concerned about the common guy having access to tools which could revolutionalize music distribution and promotion.
It's like a totalitarian regime, in which the governement has control over the distribution of information because that's what keeps it in power. The same goes for these industry group. If they lose control over distribution, their days as cartels are limited.
:. Ultimate Control Dedicated/VM Servers
Ok I guess I can blow a couple of karma points right here and get this off my chest.
Why are mp3s so terribly popular? I mean all they are is basically a collection of electrnic bits representing a sound wave and such. It almost gets to the point where it's even more popular than porn and that's really a stretch for something to do. One would only see this type of thing in areas that involve narcotics and such. Why all this trying to get hundreds of terabytes of music on a computer? Aren't there more fascinating things than non-visual communication and data exchange?
Slashdot social engineering at it's finest
Wow, short sighted and bitter.
why don't we all ask for unlimited bandwidth, world peace, and the end to all diseases.
These things you mention we cannot control or create because of the laws of physics, world peace might be an exception someday. The RIAA is an organization exerting artificial control over a technology. This technology is egalitarian, it levels the playing field (removes their distribution channels), and that is unacceptable to them.
I don't know about you, but I like any technology that puts me on the same level as anyone else.
On some levels, we actually need associations like the RIAA to keep the really bad people (not us poor intellectuals (hehe)) from harming the industry.
1. Why can't I pay the artists a few bucks directly instead of paying 18 to a corporation who markets shitty music and spoon feeds it to the masses? Why can't we develop this model? All the terchnology is there, we just need to implement it.
2. The RIAA is a corporate representative. Corporations are fascist. You have no rights within a corporation. They'd control us externally as well if they could, the only thing that stops them is our government (which vaguely represents us). At least our government has some resemblance of democracy. I'd rather let them do the "protecting".
We can get rid of anything we want in society including the RIAA. All we have to do is say so. The only problem is getting everyone organized to do it, and prevent everyone from getting indoctrinated by the media. You know exactly what I'm talking about.
Everytime I see a music listener like you asking why they can't just cut out the middleman and pay the artist a couple bucks, I get a little bit of badly-needed hope. Keep it up- and keep new formats like mp3 and old formats like Red Book Audio CD alive for me, man. When you're just a musician doing everything yourself without help or money sometimes it can take a long time to get things done- I'm waiting on an ADAT repair and need to build some equipment to do the MP3 mastering I need to do. Delays, costs, there's never enough time and I'm scared my chance might dry up and blow away (or be stomped on by the RIAA) before I get to step up to the plate and take my swing. Keep the faith! There are people out there who need you as much as you need them.
Oh, the NT password hash file comes to mind as a valuable file to upload and then run l0phtcrack on ...
Or, say, certificate private keys from the netscape directory, or anything in the pgp directory...
Returned Peace Corps IT Volunteer
Alright, what we need next is support for different file types by Napster. Like .mpegs and .rms. So that er... new music groups can put up their own music videos without having to go through the tyrannical music industry. Yeah, that's right.
From http://david.weekly.org/code/napster.php3 :
"c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
[GASP!] Napster SENT the COMPLETE location of the file!!!! Does this mean that there is a way to coax the client to offer up ANY file?
Uhm. Someone should check into this. If a file is not in the user's listed mp3's or their chosen directory, does the napster client still send it?
Also, the article shows that when requesting a file, the client sends the full path name, but no info is given when SENDING a file. I wonder if something like "SEND
This could be really bad.
jodio is slang for 'jodido,' tense of 'joder,' the verb 'to fuck' in Castilian ('proper' Spanish, like from Spain -- rich and varied regional slang abounds throughout South and Central America, for example: 'chucha,' a large, weasel-like rat in Colombia with no naughty overtones, means 'a woman's pudendum' just 100 miles south in neighboring Ecuador). 'Jodio' could also stand for the past tense of 'joder' if there's an accent over the second o. If you're omitting the second 'd' in 'jodido,' it should be spelt "jodi'o" if you're trying to represent the vernacular -- just like writing "don'" for the slurred "don't".
"Ramera" means "whore."
"Pendejo" is actually a more complicated translation than just "asshole." It occupies a similar linguistic niche, but is at more of a 'damn' level of naughtiness -- you could get away with it in the more relaxed workplaces, or with relatives you're pretty close to, but not in front of Great Grandmother Carmen or in a job interview. Literal translation is tricky -- closest sense (from context) is 'dweeb,' 'loser,' 'suckwad,' 'pusmaggot,' and similar denigrations of eptitude or capacity.
In the same vein, "no tengo tiempo para tus pendejadas" scans to "I don't have time for your crap/shit", but that doesn't mean 'pendejo' means 'shit,' just that it fills the same linguistic niche.
gomi
mr. pedant today
You are so totally wrong that anyone can expect to be a studio band in this day and age and be signed to a major label. Try it, just try it. Hell, even bands that _lip-synch_ tour now! You're making this up. How is a band supposed to self-promote except through touring? You don't seriously think the label does promotion? They only do that for about 3 albums a year for which they're prepared to do tonnage. They'll do it for the Spice Girls. They won't do it for you and they won't sign your band unless you agree to tour and promote the album for them. The tour may be written into the contract. You pay for it yourself out of the advance that is taken out of your supposed royalties.
There's no such thing as losing income that was never there in the first place. That's like saying that bands lose huge amounts of income because there aren't coin slots on every radio. That's like saying recording acts traditionally make money instead of losing it. That's totally flat wrong...
Do you have any fscking idea how much a band has to PAY to get a gig at certain well-placed clubs? How much a band would have to PAY to get radio airplay, to get a video in even light rotation on MTV? You're so off base it isn't even funny. Music has _never_ been a sensible job, and in recent years (the last twenty or so) it has become even worse, and it is the record labels who have done the most damage. Have you ever read a music industry contract? Did you know that jotted down notes on a memo pad (seemingly innocuous) routinely become a legal straightjacket for acts, forcing them to accept a deal whether they like it or not, or to quit the business entirely ('deal memos', in other words, that force the band into an unspecified deal, at which point all the leverage is on the label's side and the band takes a really BAD deal because they have no choice- in effect they have already signed without seeing the terms).
That's not even getting into the fact that large numbers of 'indie' labels are in fact wholly owned subsidaries of major labels, kept for their 'image', or semi-independent indies kept on a very short leash. You didn't know this? Let's see a list of the labels you're thinking of, so we can look up whether they are actually run by BMG or EMI or Sony.
I don't know who you are, AugstWest, but either you have a lot to learn about the way this industry works, or you're just a label flack busily fighting for your side. And that's cool, fight away if such things please you. But the picture you're painting is a damned lie. You're trying to induce guilt by suggesting that not supporting the industry is depriving musicians of money. It would be more accurate to induce guilt by suggesting that _supporting_ the industry is supporting a system in which musicians are routinely screwed with mind-bendingly nasty deals whose implications they don't even guess at until it's too late, in which musicians are routinely broken and left to have their bands break up, twisting in the wind with no label support, in debt to the record company from failure to recoup even modest advances, contractually bound to not play or record a note except with the record label that is now no longer interested.
If you want to support that, be my guest. I think that turning the acts loose with whatever mp3 popularity they can get is probably a lot more likely to result in some sort of income for the band. That becomes a question of business, and whether the band can charge much for a gig, can sell CDs out of their kitchen, can print up posters or have T-Shirts made.
At any rate, if you're worrying about artist income or artist rights or artists' welfare, you're worrying about the wrong things. Start figuring out how you can destroy the major labels if you want to do some real good. Things were out of hand even as early as the '80s, but now they are just ridiculous. Don't even support it.
These guys have several million dollars from a round or two of venture capital financing, from forward-looking investors in Silicon Valley and/or San Francisco.
My guess is that they are going to try to get bought out by someone like MP3.com or one of the Big Five (Four with EMI bought-out?) music groups.
The 30 or 50 people who run Napster are in this for the money. Big time. And who can blame them for that?
But lets make sure that the open source servers are fully operational before they decide that they need to strong-arm them into nonexistence. At some point, Napster, will be demanding control over all the client software. They have to do this or its game-over for the next tier of investment opportunity. Its not a matter of if; its a matter of when.
They have already shown that they are _extremely_ sensitive to PR issues. If you want proof, see how they handled the whole Linux napster client fiasco in December. So it will be interesting to see how they respond to such an open threat to any perceived proprietary nature of their technology.
Please moderate this up so people will realize that Napster is a larger company than they would have you believe. Their web site is a ploy to make them look tiny.