Slashdot Mirror
Morpheus DOS'd and Moving to Gnutella
wackysootroom writes "According to a message from the CEO of Music City, a group of individuals has launched a DOS attack and tampered with the morpheus network in order to disallow logons to the FastTrack P2P filesharing network through the client.
According to the CEO's note, the hack involves changing registry settings on the client's machine (ouch) and rerouting the messages destined for their ad servers.
The good news in all of this is that morpheus will be giving up the proprietary FastTrack network for a Gnutella based filsharing system." It's
an icky framed page and you have to click through to read the really interesting
parts, but it looks to be true. Wonder how Gnutella will handle the growth
spike.
This move to Gnutella allows them to survive and to purport to offer a distinct file sharing product. Perhaps this will lead to some enhancements that make it back to Gnutella, since without the central login servers, they have no reason to repeat their forcing out of open source clients.
Gnutella + bandwidth aggregation = good.
who writes like this?? was it gross and cootie-filled too?
What about the other programs that use the FastTrack network? They all look the same, and aside from using a diffrent plugin for the ads, I would thing that the networking protocol would be similer so this could affect them also.
Also can anyone confirm that it does change the registry settings? Seems kinda farfetched even for just a file sharing program unless there were huge undisclosed security holes.
For the many people (myself included) who are now looking for a different FastTrack client check out this execellent page on how to install Grokster without spyware.
Kind thoughts do not change the world
Click here for the unframed version. After a very brief introduction, the main story is here.
Better still, Gnuclues doesn't have banner adverts, let alone (ick) popups.
As a longtime Gnugella user, I will be happy to see Morpheus users join the network. Per Metcalfe's law, this should make our network much more valuable. The past few revisions of the Limewire client in particular have made the service much more responsive. Although the experience has not yet surpassed Napster's brightest hour, given a few more months there will be no reason for that original fileshareing service to return. The limewire folks have even opensourced their client. Now, if only half the people reading this comment could pitch in...
"...What is good for General Motors is good for America." -Charles Wilson, Secretary of Defense and fmr President of GM
Stating the obvious Having the userbase from Morpheus off FastTrack will cut the ammout of files available to oter FastTrack clients like KaZaa, thus decreasing their popularity, and possibly forcing them to move to a new network. If Gnutella scales well, it would be a good thing, if it doesn't...
rooooar
"This unprovoked attack is being carefully investigated, as it appears that federal laws may have been violated. We are still attempting to discover who would want to eliminate the community of millions of consumers who are using the Morpheus software product to connect with other users around the world."
the RIAA anyone?
interesting that prior to this teir start page was
assuring users that "rumours" of a security hole in Morpehus was false. appaerntly it allowed others to change your registry settings...
Stop being a bunch of doubting Thomases. Gnutella works. Those who don't contribute, doubt. Ritter's been discounted numerously, so don't bother bootstrapping from that.
Gene
I got the new Morpehus client and it does seem to be a less "polished" client (proabably as it is a knocked off version of Gnutella shipped out in a hurry). The system seems quite good (as I have not used Gnutella much) but I think it will take a few days for traffic to pick up to its usual levels. The UI needs to be changed a wee bit as it is slightly confusing. I'm sure multi-source downloads are in (although you can't tell what each source is doing like before) but I'm not sure if their supernode feature is still there. They need the quick filter system in where you can select what media to search for (e.g. music, video, documents).
One thing that is lacking in Gnutella is metadata - when downloading songs you can't tell how long they are, what album they are from (important when there are many different versions of a song - radio/street/2 step edits etc.), and comments about this. Hopefully this can be added to a new spec of the Gnutella network so all companies using the standard can have a common format.
I think this will be good for p2p and gnutella: an open standard, which will (hopefully) become better over time. If musiccity really GPLs their work with Gnucleus, everyone should be a winner.
I don't think that Morpheus is telling the whole story.
Last week they wrote something like, "one of our software providers made updates without telling us that made Morpheus software unable to connect to the network."
It sounds to me like FastTrack upgraded protocol versions, or something?
I don't see why Morpheus would voluntarily move to gnutella, since gnutella is quite inferior and their new software is pretty crummy. I've been looking around their forums and everything, but I can't seem to figure out what's actually going on. Anyone know any more info?
The benifits to using gnutella vs fasttrack are what?
Gnutella is non-proprietary. That's it.
Gnutella in order to be faster would have to be more centralized.
This can easily be done, you just have to make sure that more people use software like Clip2 Reflector that makes Gnutella more scaleable. I could easily see Morpheus creating there own version of Reflector that's bolted onto a Gnutella client so that unsuspecting broadband users will turn their computers into "superpeers".
I dont know, i like decentralized technology but Gnutella is horrible, theres no security (or maybe they finally fixed this?) meaning anyone can see your IP.
If you're worried about this, use FreeNet.
Its slow as hell, the design makes it difficult if not impossible to scale.
Much of the scalability problems of gnutella have been solved- it's just that not enough people are running gnutella software with these improvements. Since Morpheus has such a large user base, they could easily dump software with more advanced capabilities onto the unbathed masses, making the gnutellanet bigger and faster. Better yet, if their using GPL'd software as their initial codebase, the improvements that they implement will be given back to the community so that an intrepid group of coders can remove any adware or spyware "features".
pi = 3.141592653589793helpimtrappedinauniversefactory7
I just tried the new version... Morpheus Preview Edition is basically an old version of the GPL'ed program Gnucleus. When you install it even displays the GPL as the click-through license.
They're however not providing the source, not yet at least. The Gnucleus developers claim that Morpheus didn't even bother contacting them before doing this.
MusicCity used Sharman's network and was recently locked out for some reason. One has to wonder why.
Like most others here, I'm very curious about what really happened to Streamcast's Morpheus network. But in practical terms, I settled for trying for the new "Preview Edition". The Musiccity web site last night said that it would be available "in two hours" and indeed after that page was unchanged for more than two hours, the new edition was on Download.com. I had been thinking about rebooting into Linux but this gave me another reason to stay in Windows. That and my kids' wanting to play more Jimmy Neutron this morning.... The new client is really Gnucleus -- if you mouse over the "M" logo in the Tray, that's what it shows. The client is much more primitive than the old FastTrack one. It doesn't include an integral player, so you can't listen to files as they upload, unless maybe you have WinAmp or something running. It gives no clue about who the other end of a file is, so you can't choose one that's more likely to work, and it doesn't report the MP3 bit rate or ID3 info that you can usually see inside the FastTrack client. The failure rate is high -- most attempts to download just quit after ten seconds, though some wait and Retry and a few actually work. FastTrack was much more reliable in that regard. It also keeps popping up Internet Exploder windows. That's really annoying; I rarely use IE (only for "IE only" sites). It's mostly ads, I'm sure, but the current popups don't even work, causing another annoying distraction. Being Gnutella based, it probably has scaling problems. I'm on a broadband link, which helps, but I know about the basic math problem with Gnutella's original architecture and I don't know what has been done to fix it, in Gnucleus, Limewire or whatever. Again, FastTrack worked really well, and I hope they can merge its best concepts with Gnutella. I realize they had to get this out in a hurry. It's only a "Preview" so it shouldn't be viewed as a finished product. But it does weaken the competitive position of Morpheus.
Off had I would suspect chaos agents of the music industry, who have been doing things the wrong way for a long time.
But this is just idle, unfounded speculation
Right.
Since it appears that the attack on your computers came from the closed proprietary FastTrack-Kazaa software, we have opted not to continue with this p2p kernel.
Which is just as well. I do note this article in newsbytes, and wonder if someone got an inside edge to fasttrack someplace.
cloak and dagger operations indeed.
"It is a greater offense to steal men's labor, than their clothes"
I believe that Morpheus is telling the truth, since my personal experiences back them up. I will ramble now:
Okay, silly man that I am, I had both Morpheus and Kazaa installed on my machine (even though, until recently, they were exactly the same.)
So, last week, Kazaa, which is what I ordinarily used since I have a sick attraction to the color yellow, stops working well. The number of hits I get for searches drops by about a quarter, when I search successfully at all; for some reason I keep getting booted from the network and having to reconnect. "That's odd" I say to myself. Also, it proceeds to ignore the "maximum uploads" setting in my preferences, which I keep low so that other broadband users can get my files in reasonable time. Personally, I suspect that Kazaa installed some "upgrades" for itself without prompting me (or I clicked through the prompt without noticing, always a possibility); I should probably check timestamps and see. I have it set to prompt before auto-updates, but since it's ignoring some of my preferences I don't know how much I trust that.
Out of curiosity, I start Morpheus; and I get the message about being unable to connect to the network. So, Morpheus' failure to connect seems to coincide with Kazaa's service collapse - which is exactly what I'd expect given that 90% of the users within four hops of me (New York City) use Morpheus instead of Kazaa.
Now, I don't know about these DOS attacks / advertisement hacks. I tried to connect to Morpheus several times during this period, and none of my regsitry keys have been fiddled with, at least as far as I can tell. Ad-aware doesn't find anything wrong.
Okay, back to the conspiracy theory. I assume that the Aussie company that bought Kazaa is trying to crowd Morpheus out. While you and I know this is stupid, to them this must make sense; they think they can get all of Morpheus' old users to switch to Kazaa, boosting their add revenues.
Given this sort of despicable behavior on their part, I am willing to give Morpheus' the benefit of the doubt: the implication of Morpheus' comments is that someone involved in the Kazaa stack - that is to say, this Australian company that bought Kazaa - is behind whatever attacks occured.
Personally, I want to see the contract that Morpheus entered into with Kazaa for use of their network/software.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
It's doing fine so far.
If you go to the limewire site, click on the "network size" menu option and than the "historical", you will get a nice graph of the gnutella network size. You will notice two significant increases in network size over the past few months.
The first one occured when limewire released their 2.0 client with super peer functionality. Essentially this eliminated most of the scalability issues. The second little bump occured when morpheus released their gnutella client yesterday.
Right now the graph indicates over 200K nodes in the network. I'm connected to it using the limewire client. I consider this to be one of the best gnutella GUIs but luckily there's plenty of alternatives for those who don't like it.
Two notable features are missing however (also in the new morpheus client): Browsing someone else's files (like napster used to be able to do, morpheus consistently crashed if I tried to use this feature) and displaying/searching meta information (like album or song name).
The first feature would require a change to the protocol. Limewire tried to implement it using download slots but generally there are not enough available for this to work. The second feature requires some standard way of handling queries (right now it is unspecified what a gnutella client should do with a query).
Jilles
I agree completely. I've attempted to use Gnutella before, with many other clients, and all I've ever met with was frustration with the network. I mean, really, my average download speed was about 3K/sec. Looks like I'll have to figure out a way to use KaZaa without them spying on me.
Try this page
Moderate that post up!
:). All credit due to the guy I'm responding to.
Just in case no-one does moderate him up, I'm reposting his link with my bonus. I can't be whoring because I'm capped
Excellent journalism here.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
from news.zdnet.co.uk, October 2001: "A copy of the legislation proposed by the RIAA last week would appear to have given the group broad latitude to attack file-swappers' computers without suffering any civil liability. No civil liability would result from "any impairment of the availability of data, a program, a system or information, resulting from measures taken by an owner of copyright," the proposed text read. " Speaking of hacking a computer's registry...
Why yes I am paranoid! Thanks for asking!
From the technology section of the FAQ:
Q: Why is it better than other distributed networks such as Gnutella?
A: With Gnutella and similar networks, all connected computers acts as search servers on the networks. When a search query is initiated, it is sent to 2 to 4 other computers, which in turn passes the query to more computers, and so on. Effectively, each search query traverses the entire network. This creates a huge amount of traffic. Clients on slower connections (such as modem dial-ups) cannot keep up with this amount of traffic, which slows down the entire search process.
Seriously, I'm a fan of Morpheus, I just thought this was kinda finny...
(email addr is at acm, not mca)
We are Number One. All others are Number Two, or lower.
--The Sphinx
What's really happening (probably).
I was one of the people who installed kazaa, and after readnig that, it is getting immediately uninstalled.
Joseph?
Perhaps so, but if Morpheus had access to the FastTrack source, they could easily work around the problems that Sharman networks introduced. Instead, they have to throw away their whole system and start over with Gnutella. An excellent demonstration of the dangers of depending on closed source software, IMHO.
I don't care if it's 90,000 hectares. That lake was not my doing.
The released it, here it is:
http://start.musiccity.com/source/mpesrc1.zip
Well, the flaimbait tag is there, and I don't want to start anything. But I have to respond to a little of the FUD...
Gnutella is horrible. The design just sucks and honestly i could have come up with a better design for a network.
That's classic negative argumentation for you there, and I for one am tired of hearing that kind of comments from everyone (this extends out of the tech realm and into all walks of life, BTW). "Product XXX is bad. I could do better in my garage." I encourage you to do so then. Join a development list and contribute your comments on better network design. These efforts need all the help they can get.
Gnutella is horrible, theres no security (or maybe they finally fixed this?) meaning anyone can see your IP.
That's not really a "security hole" in my estimation. Anyone serving you a webpage can see your IP. That information is out there. Remember the mantra: "Security through obscruity is no security at all." Rather than trying to hide your IP address, it's incumbent on you not to leave that IP wide open to exploitation. That's security. Just my $0.02.
Howard Dean for president
I'm not sure it really bothers me that they were using a proprietary network protocol on Morpheus. Having used both Morpheus and Limewire I found Morpheus was significantly faster.
I'm not some Anti-Java Troll either, I believe the difference was in the network protocol and search efficiency.
This isn't to say Limewire was bad though, and with the Sun JVM 1.4 the mousewheel works right on Win32 systems (at last). So farewell Morpheus, I guess?
Didn't Morpheus recently post that the reports of a security hole in their product were false? Now apparently they are admitting to a security hole of massive proporations. I mean, having anybody on the Internet change the *registry* settings on my computer is a huge flaw. Doesn't this concern anyone?
Life is like a web application. Sometime you need cookies just to get by.
Even when the computer's doing nothing.
I highly recommend Xolox to anyone that can run Windows applications and uses GNUtella (haven't tried using it with Wine yet, could work). Xolox supports swarming, segmented downloading, resuming, automatic mirror searching, etc...
Xolox makes GNUtella useful! Trust me, you will find what you are looking for with Xolox, and you will be able to download it very quickly. Other clients lack swarming, which causes downloads to be a slow unreliable gamble, but with swarming, when you select to download a file, Xolox automatically searches for other peers that are sharing the same file - then Xolox downloads parts of the file concurrently from several peers. This allows for you to get maximum use of your broadband net connection. Furthermore, if you are downloading a file, and for some reason all of the peers that you were downloading from disconnect, Xolox searches for new peers with the file and resume the download were it left off. All of this is automatic, transparent, and very user-friendly.
While the company that made Xolox went under due to legal issues, a cracked version is available from the popular P2P site Zeropaid. Check it out! It's free, and it's useful.
Lets face it, Gnutella is a bandwidth hog & its as slow as all buggery
The hacked-in ad server is "ads.riaa.org"
"All art is quite useless." -- Oscar Wilde
First off they have spyware anyway.
Second off it seems that they utilized the nature of the fasttrack network to basically kick all Morpheus users off and try and make them switch to Kazaa. Rat bastards.
Personally I think instead of switching to Gnutella Morpheus should have come out with a new version that isn't affected by the attack from Kazaa, and fucks over Kazaa clients too.
They could have got into a war coming out with new versions that would screw over the other company's client.
But I guess they didn't want a fight so they're leaving the FastTrack network.
Personally I wonder what the creators of the FastTrack network have to do with this...
Anyway, don't use Kazaa. Spyware, and DOS attack.
Tim
Omnia vestra castrorum habetur nobis.
info@kazaa.net
press@kazaa.net
If you haven't read any other comments or articles, Kazaa is responsible for taking Morpheus off the network they shared through some sort of semi-viral attack. Let them know how you feel.
Omnia vestra castrorum habetur nobis.
There's more reasons to avoid spyware than the simple invasion of privacy.
Spyware will make your system unstable. Any small program that patches into Windows or Internet Explorer is always a bad idea. Products from Microsoft are notoriously unstable as is; the last thing they need is even more instability from hack patches like spyware. Has your browser been freezing up? Having unexplained system crashes? Spyware is a prime suspect for these outrages.
The fact that it's even possible for unknown software to patch and corrupt Windows is ultimately, of course, yet another sin of Microsoft, just as Microsoft must ultimately bear responsibility for all Outlook and IIS viruses.
Further, spyware is hidden. It typically won't show up in your lists of programs and only a sophisticated user can even tell that it's there.
Spyware remains in your computer even if you uninstall the software that originally infected your system. You won't get rid of it unless you sweep your registry (bad idea for most people) or run some software produced by virtuous programmers to remove it, like Ad Aware.
Spyware also represents a security risk. Think of your typical marketing type, hiring some low budget programmer to write software they don't expect a normal user to ever see. Do you think they're going to worry much about making their code secure?
There's already been exploits of people using spyware to download executables into your computer (typically by giving the malicious file the same name as the spyware executable).
Now what do I do with these gig's of files that I was downloading before the network went offline.
Seriously gigs of Bang Bus.
Get your Unix fortune now!
How exactly is this good news? Have you used the Gnutella network recently? The larger it gets, the more it sucks. It does not scale well at all. Gnutella often sucks down more of my bandwidth just dealing with other peoples' searches than it does downloading the files I want. And finding the files I want is another matter altogether -- even if I do find a file named "Funk Soul Brother.mp3", I have absolutely no way of knowing whether it's really Fatboy Slim or just some renamed Enya track.
I love the FastTrack network, proprietary or not. It's got all the good bits of Gnutella without most of the bad bits. My bandwidth isn't sucked up by searches, and I can almost always find exactly what I want with one search. Furthermore, the amount of information it gives me on each file enables me to be pretty certain that I'm getting what I want before I start downloading it.
I think this is sad. I liked Morpheus. Now I'll be switching to Kazaa. Oh well.
It's always worked fine through the Linux-based firewalls I set up, though a smaller group of files will be available than if you can forward the appropriate port (I think it's 1214) to the machine that's running the client.
20 January 2017: the End of an Error.
I just tried Gnucleus and the new Morpheus. After that I spent about half an hour in the Morpheus channel fighting with the operators. I used to recommend Morpheus to everyone but I have totally turned against them now. Morpheus can fuck right off as far as I'm concerned.
What they did is they took an open source program at http://www.gnucleus.com and basically "stole" it, though it's legal to do so under the license it was released. They took the source code for the program, without even informing the gnucleus guys, put their own branding info on it, added popup ads, and released it as the "new" Morpheus. They added NOTHING, they just made it worse with ads, There is not a single reason to run the new Morpheus. Go with Gnucleus -- it's precisely the same program, but with the ads removed.
Also, since the people that did Gnucleus actually are able to write their own software, Gnucleus will be the source of improvements and updates, not Morpheus.
The channel operators on Music City are very afraid of people learning this fact. They kicked me several times for mentioning Gnucleus. Somehow they think they can supress the fact that they entirely ripped off other people's work. It's not going to happen, though, you can't hide lameness of this magnitude.
Morpheus has discredited themselves forever as far as I'm concerned.
Once again: go to http://www.gnucleus.com and use their software. Delete Morpheus at once.
should do is rerelease a version of Morpheus that uses the technology that was state of the art when the engine was reversed by OpenFT. In exactly that period of time i got the best transfer rates, the fastest searches, the most results. That way they could take advantage of their protocol benefits (metadata and such), have an existing net to jump on and lure their followers into and a app that will whip Sharman all the wy to Tazmania and back.
...(list incomplete and some items probably redundant)
Well... it was fun while it lasted. Let's see what's next. I am still waiting for the client that incorporates them all - OpenFT, gnutella, limewire, edonkey,
+++ath0