Slashdot Mirror
Napster Server Protocol Has Been Published
C|Net is publishing a story about a Stanford University Senior who reversed-engineered the Napster server protocol. The story also mentions a Web page in SourceForge which gives links to various Napster clients for different OS's. I wonder how many new Napster servers clones we'll have soon.
Original text:
I hate to sound raw and bitter (i'm both, but we really shouldn't go into that here), but while your at it, why don't we all ask for unlimited bandwidth, world peace, and the end to all diseases. (None of which will happen. Ever.)
The RIAA or some form of it, whether it be in idea or literal form, will always be around.
The problem does not stem from the fact that some big, nasty association is on the prowl all the time, it comes from the fact that the values that our societies are built on are fundamentally flawed. Values such as greed, lack of honesty, and good, old-fashioned foulplay.
While Napster is a great program, and I fully intend to continue to use it, I am not going to wish for anything like not having the RIAA around. Why?
Just like I won't be wishing that people will start using the privelage of voting and booting the conservative nitwits from their high horses.
To when Pigs fly,
Cheers,
Rami James
http://w3.to/rjames/
--
rJames.org - illustration
No matter how you slice it, Napster included a license agreement IN THE INSTALLER that required the end-user to completely accept its terms, or not install the application. The license agreement that David Weekly accepted told him he could not reverse engineer.
I have only seen "YAY OPEN SOURCE FOREVER" threads, and no discussions on the legalities of this.
----------
"They misunderestimated me." --George W Bush, Nov. 6, 2000
I don't see how free, illegal distribution of music gets the artists money without the record companies taking a cut. Artists realize the power of internet distribution, and are trying to capitalize on it. Napster is most definitely not a way for them to do so. Napster is a way for their hard work to proliferate to a million ears without a single penny of income.
This is the most ignorant thing I have heard all day. The truth is that promotion is the bigest obstical to a bands success and band who have any clue ARE making money from mp3 promotion. It is really fucking easy to realease an mp3 to all the pirate sites and include a message asking them to visit your website in the comment (or maybe even in the audio). No,w once they visit your website you can sell them all sorts of shit like: shirts, stickers, CDs, mp3s of other mixes of your songs.
Now, you say "well people would just pirate the other mixes that the band sells." Well, this is no problem for the band because they can just keep producing newer diffrent things and rolling the old ones into promotional material. The people who want it will pay because some of it will never show up.
The truth is that the whole ideea of buying a CDs full of static music is STUPID. Music should be a service and not a product.. just like software. If you really liked music you would be willing to pay for the new shit. Hell, the fact that lissening tothe same thing over and over again is why we have a DJ club culture.
Piracy is no threat to ANY artist because the artists has the distribution advantage. Piracy is just free promotion of what you have done in the past.. just look at what thei nternet comics have done. Now, you could say that we should not pirate RIAA music because we souln't want to give those artists free promotion.
Plus, If we added the way to bundle a webpage with a song then it would give an artist a way to add all kinds of profit making material: visual art, links to the artists web page, advertisments.
Hell, If I was a recording studio equipment maker I would give studio equipment to good artists for free with the requirment that they mention that they used my equipment at the end of the songs they distribute on mp3. Just think of all the minor leage DJs who will hear it everytime they play the song!
Jeff
BTW> It will not be long before there are companies specialising in internet promotion of music, i.e. pay us to upload all you shit tot he pirate sites.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
There's also one at
http://opennap.sourceforge.net/napster.txt
which, although I dunno how accurate it is, is distinctly more readable and understandable.
-----------
"You can't shake the Devil's hand and say you're only kidding."
recently there have been many articles in our campus newspaper about the speed of the network being slowed by MP3 transfers (not really, but they have to make an excuse for the poor technology). They are apparently blocking all access to Napster servers (or ports I really don't know). I recieve a "no route to host" error when I try to connect now.
:)
I really think that in order for Napster to live on they are going to have either allow for random ports or a lot of people are going to have to start setting up servers
Nonsense. We already have governments to enforce existing laws against actual crimes -- the DOJ can hold its own just fine. All organizations like the RIAA do is the stuff we don't like such as:
Enforcing a cartel atmosphere where prices are constantly inflating ($18 for a cd, huh?) and quality hasn't much improved
Lobbying Congress for some more favorable-for-the-industry-but-at-the-expense-of-e veryone-else copyright laws
Beating up on the little guy who's properly trying to use his music under fair-use doctrine but in ways contrary to the $ interests of RIAA-member corporations.
I agree with your first assertion that it's futile for us to merely hope that the RIAA will just disappear, but don't delude yourself into thinking they're actually good for something good. We don't need the RIAA any more than we need OPEC or DeBeers.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Your argument is a bit naive, and I think you're fully aware of that.
There have always been studio bands that tour extremely rarely. Touring is an extremely grueling process, which can totally tear up the lives of musicians and their families. A lot of bands do not tour, and rely on studio album sales to keep their efforts going. They shouldn't be forced out on the road just so that you can save your $10-15 and listen to the tunes for free.
2. However, what they are really afraid is that artist can get big and earn big bucks without going through a record label. They are scared shit because once artists realize this, the industry will go in for a major overhaul.
I don't see how free, illegal distribution of music gets the artists money without the record companies taking a cut. Artists realize the power of internet distribution, and are trying to capitalize on it. Napster is most definitely not a way for them to do so. Napster is a way for their hard work to proliferate to a million ears without a single penny of income.
Really, the main reason the RIAA and the industry in general is scared of napster, MP3 and digital music in general is that the vast majority of their income comes from your purchase of actual physical media, which becomes obsolete every 4-8 years.
The main reason I worry about it is the artists loss of income. There are a lot of smaller record companies, especially now that pretty much anyone could start one for under $10k, that are getting screwed in the process. A lot of electronic bands are getting ripped off unimaginably, especially since a lot of them rarely, if ever, play live. They're on smaller labels, just getting started, and are losing a lot of income due to things like napster.
At some point, you're taking food out of a musician's mouth. Rationalize that with as much rhetoric as much as you like, it's the basic fact beneath all this.
OK, this may sound pretty naive, but have you considered implementing some kind of traffic shaping solution?
I'm a network admin myself, and I've encountered the same sort of thing that you have (MP3 sites being the worse culprits) but I think that port blocking is overkill.
In addition to port-based shaping (telnet gets highest priority, FTP lowest, etc..) dynamic load-based shaping is a possibility (lowering the priority of packets to/from bandwidth hogs).. so that the single user (in your example) would get their effective bandwidth lowered automatically, instead of having to wait a week/month for you to analyze the traffic logs.
I'm not saying that port/host blocking isn't necessary in some cases (if you pay by the packet, for instance,) just that if shared bandwidth is the main concern, that there are other solutions.
I'm not a hacker hotshot, either. Do I not state explicitly that others have done a better job?Neither did I claim myself as such a hotshot. Where do you get this from? Or did you already make up your mind about me without even considering who I really am?
Finally, I'm not running from anyone. The very first thing that I did when I completed the analysis was to notify Napster. My actions are here for all to see, judge them as you may.
David E. Weekly (dew, Think)
David E. Weekly
Code / Think / Teach / Learn
h4x0r for
>"c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
>[GASP!] Napster SENT the COMPLETE location of the
>file!!!! Does this mean that there is a
>way to coax the client to offer up ANY file?
>Uhm. Someone should check into this. If a file is
>not in the user's listed mp3's or their chosen
>directory, does the napster client still send it?
I just checked this. I hacked up the gnome-napster client to give me IPs, and then followed the protocol to ask for C:\MSDOS.SYS, and it responded "FILE NOT SHARED" with an abrupt disconnect. It wasn't a truly thorough test, but I believe the security is good enough to stop opportunistic file stealing. See log below
Connected to x.x.x.x.
Escape character is '^]'
1GET
NOBODY C:\MSDOS.SYS 1
FILE NOT SHAREDConnection closed by foreign host.
The reason I say it wasn't a thorough test, even though 95% of napster users use the win32 client, and linux clients are just starting to come out, was that there's no way for me to check the client version from this end. It gets sent to the server upon connection, but never gets transmitted between clients. So, it's a distinct possibility that this person may have been using a different client, and that it simply responds with FILE NOT SHARED if the file either isn't shared or isn't accessible. I'll keep playing.
Jason
em: infi*at*sleepdep.net
If an injunction is served, they'd shutdown that server, effectively stranding *all* closed-source clients with no means of changing the connection address.
(If I'm wrong, tell me now and make my day!)
---
OK, you're an artist, trying to make a living playing music rather than selling your soul to some subicle-owning master.
You actually get a contract, get a CD out, and try to survive through the first couple of releases until you start making money yourself rather than the record company.
Meanwhile, 5 people buy your CD, rip it, and share it on napster. Eventually a million people have it, and never spent a cent to support the artists. The CD sales are low, so the label drops the band. The band, with no viable source of income, goes back to working day jobs.
Really, it's mighty sad. I mean, we've all seen a startup company go under at some point, I've been part of a couple, and it's a despairing moment. Multiply that by the factor of artistic expression and hopes and dreams of not having to become a mouse jockey to survive, and you've got some really sad shit.
It's no wonder the RIAA is up in arms. I hate the fat record execs as much as anyone else, but I worry about the artists too. Noone seems to even think about that anymore, which is just sad.
David E. Weekly (dew, Think)
David E. Weekly
Code / Think / Teach / Learn
h4x0r for
Most artists make their money going on tour. Napster is good, because it is their best promotional tool.
Why do big name bands and singers have to go on tour?
1. They like performing live
2. It's their bread and butter (income).
Why do artist need to sign on to record labels to grow?
1. They get a tiny fraction of the profit from CD sales.
2. The promotional activities that the label do aids their popularity especially when they go on tour.
Why is the RIAA scared of Napster?
1. Every 18 year old freshman can serve thousands and thousands of ripped songs on his own machine
2. However, what they are really afraid is that artist can get big and earn big bucks without going through a record label. They are scared shit because once artists realize this, the industry will go in for a major overhaul.
Naspter was not explicitly designed to pirate music, just as guns were not designed explicitly for murder. IANAGRA, however. What the RIAA and the DVD CCA is afraid of is that they will lose their iron grip on the industry, and that their cartel position would be challenged. Yes they are concerned about piracy, but they are more concerned about the common guy having access to tools which could revolutionalize music distribution and promotion.
It's like a totalitarian regime, in which the governement has control over the distribution of information because that's what keeps it in power. The same goes for these industry group. If they lose control over distribution, their days as cartels are limited.
:. Ultimate Control Dedicated/VM Servers
Ok I guess I can blow a couple of karma points right here and get this off my chest.
Why are mp3s so terribly popular? I mean all they are is basically a collection of electrnic bits representing a sound wave and such. It almost gets to the point where it's even more popular than porn and that's really a stretch for something to do. One would only see this type of thing in areas that involve narcotics and such. Why all this trying to get hundreds of terabytes of music on a computer? Aren't there more fascinating things than non-visual communication and data exchange?
Slashdot social engineering at it's finest
Everytime I see a music listener like you asking why they can't just cut out the middleman and pay the artist a couple bucks, I get a little bit of badly-needed hope. Keep it up- and keep new formats like mp3 and old formats like Red Book Audio CD alive for me, man. When you're just a musician doing everything yourself without help or money sometimes it can take a long time to get things done- I'm waiting on an ADAT repair and need to build some equipment to do the MP3 mastering I need to do. Delays, costs, there's never enough time and I'm scared my chance might dry up and blow away (or be stomped on by the RIAA) before I get to step up to the plate and take my swing. Keep the faith! There are people out there who need you as much as you need them.
Oh, the NT password hash file comes to mind as a valuable file to upload and then run l0phtcrack on ...
Or, say, certificate private keys from the netscape directory, or anything in the pgp directory...
Returned Peace Corps IT Volunteer
From http://david.weekly.org/code/napster.php3 :
"c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
[GASP!] Napster SENT the COMPLETE location of the file!!!! Does this mean that there is a way to coax the client to offer up ANY file?
Uhm. Someone should check into this. If a file is not in the user's listed mp3's or their chosen directory, does the napster client still send it?
Also, the article shows that when requesting a file, the client sends the full path name, but no info is given when SENDING a file. I wonder if something like "SEND
This could be really bad.
You are so totally wrong that anyone can expect to be a studio band in this day and age and be signed to a major label. Try it, just try it. Hell, even bands that _lip-synch_ tour now! You're making this up. How is a band supposed to self-promote except through touring? You don't seriously think the label does promotion? They only do that for about 3 albums a year for which they're prepared to do tonnage. They'll do it for the Spice Girls. They won't do it for you and they won't sign your band unless you agree to tour and promote the album for them. The tour may be written into the contract. You pay for it yourself out of the advance that is taken out of your supposed royalties.
There's no such thing as losing income that was never there in the first place. That's like saying that bands lose huge amounts of income because there aren't coin slots on every radio. That's like saying recording acts traditionally make money instead of losing it. That's totally flat wrong...
Do you have any fscking idea how much a band has to PAY to get a gig at certain well-placed clubs? How much a band would have to PAY to get radio airplay, to get a video in even light rotation on MTV? You're so off base it isn't even funny. Music has _never_ been a sensible job, and in recent years (the last twenty or so) it has become even worse, and it is the record labels who have done the most damage. Have you ever read a music industry contract? Did you know that jotted down notes on a memo pad (seemingly innocuous) routinely become a legal straightjacket for acts, forcing them to accept a deal whether they like it or not, or to quit the business entirely ('deal memos', in other words, that force the band into an unspecified deal, at which point all the leverage is on the label's side and the band takes a really BAD deal because they have no choice- in effect they have already signed without seeing the terms).
That's not even getting into the fact that large numbers of 'indie' labels are in fact wholly owned subsidaries of major labels, kept for their 'image', or semi-independent indies kept on a very short leash. You didn't know this? Let's see a list of the labels you're thinking of, so we can look up whether they are actually run by BMG or EMI or Sony.
I don't know who you are, AugstWest, but either you have a lot to learn about the way this industry works, or you're just a label flack busily fighting for your side. And that's cool, fight away if such things please you. But the picture you're painting is a damned lie. You're trying to induce guilt by suggesting that not supporting the industry is depriving musicians of money. It would be more accurate to induce guilt by suggesting that _supporting_ the industry is supporting a system in which musicians are routinely screwed with mind-bendingly nasty deals whose implications they don't even guess at until it's too late, in which musicians are routinely broken and left to have their bands break up, twisting in the wind with no label support, in debt to the record company from failure to recoup even modest advances, contractually bound to not play or record a note except with the record label that is now no longer interested.
If you want to support that, be my guest. I think that turning the acts loose with whatever mp3 popularity they can get is probably a lot more likely to result in some sort of income for the band. That becomes a question of business, and whether the band can charge much for a gig, can sell CDs out of their kitchen, can print up posters or have T-Shirts made.
At any rate, if you're worrying about artist income or artist rights or artists' welfare, you're worrying about the wrong things. Start figuring out how you can destroy the major labels if you want to do some real good. Things were out of hand even as early as the '80s, but now they are just ridiculous. Don't even support it.
These guys have several million dollars from a round or two of venture capital financing, from forward-looking investors in Silicon Valley and/or San Francisco.
My guess is that they are going to try to get bought out by someone like MP3.com or one of the Big Five (Four with EMI bought-out?) music groups.
The 30 or 50 people who run Napster are in this for the money. Big time. And who can blame them for that?
But lets make sure that the open source servers are fully operational before they decide that they need to strong-arm them into nonexistence. At some point, Napster, will be demanding control over all the client software. They have to do this or its game-over for the next tier of investment opportunity. Its not a matter of if; its a matter of when.
They have already shown that they are _extremely_ sensitive to PR issues. If you want proof, see how they handled the whole Linux napster client fiasco in December. So it will be interesting to see how they respond to such an open threat to any perceived proprietary nature of their technology.
Please moderate this up so people will realize that Napster is a larger company than they would have you believe. Their web site is a ploy to make them look tiny.