That Unanswered Morpheus Question - P2P-Zone

JackSpratts · 26-02-02, 10:00 PM

Since April, Morpheus users have been trying without success to get an answer to the Fasttrack network vulnerability question because Morpheus never seemed all that secure. Those mulling over a new app didn't really feel like repeating the Napster disaster. Opennap or not, if the network could be shut down by a court, it probably would at some point, and probably sooner than later. So, people were looking for a much more secure system to invest their time. Asked directly or indirectly, nicely or not, however, they never got a straight answer. I took an upfront approach, as in this simple question posed to MC2 at the MusicCity forum almost a year ago: “can morpheus be shut down - yes or no?”- 4/'01. I received yards of boilerplate but no answers. Later on, according to Fasttrack contract programmer jaan (who has not responded to several recent emails seeking comment), we finally heard that regardless of what the companies do with their updates, the same versions would still connect to each other. That means if you couldn't connect vertically to the next level up (the newest version) because the company (or the gov't) was blocking your older version, you should still be able to connect laterally, with the same users of the older version. Remember, in Morpheus' case, that would be about 60,000,000 people. No problem there, right?

As a matter of fact this happened once before, when v1.3 came out (who remembers that weekend?) with Morpheus doing the blocking that time. During that episode, on the public forum, jaan told me directly that older versions would ”always be able to connect with each other even if they could not connect to the newer ones”. He said this to reassure the 10s of thousands of users who were not installing the update. “Don't worry about the new version” he said, “you can always go back to the old one”.

This went to the heart of the issue. If Morpheus could block the entire network then so could the courts! But, if older versions still worked in spite of any attempts to shut down newer ones, the public network would survive.

With the first court date scheduled in less than a week, it's a bad time to find out the network may be as vulnerable as we had thought all along.

- js.

Mowzer · 27-02-02, 07:05 AM

KaZaA and Morpheus, and Grokster use centralized servers since versions 1.3.3

Only sporadically have they switched back to the old decentralized method. FastTrack switched the network over to being centralized, in order to lock out gift, and any other rouge decentralized clients. The record companies know this and that is the reasoning behind the decision for them to laucnh the suits a few months ago.

If you have old version of Morph or KaZaA around, and one day you try them for fun and connecte they might work, the next time they wont. Thats only the real way to tell if FastTrack has things on a centralized network or not. As of today, eventhough its now Shermna networks, it is still central. They can change the protocol and language the clients use to talk to each other at will, through keys. gIFT was blocked out once, and then tried transversing the keys, and was able to get back in. However cause the keys can change at any sec, it was pointless for gIFT to keep developing in that direction, hence the reason gift has remained locked out.

The way the network is today, the clients need the central servers in order to work with each other, so there is no true decentralization.

Here's the full story...

Users of KaZaA found that the KaZaA client had introduced a new update. Version 1.3.3 The update box read "We have just released an important security patch (version 1.3.3) this version contains an important security patch and it is highly recommended to update. Apart from that it has no new features."

and one by one users across the net began applying the patch. Same went for grokster, and morph.

The new security update was simply just away for Fast Track to change the protocol and push the new clients on the users in a transparent manner. With one simple update to KaZaA, Fast Track attempted to send the gift project on hiatus.

(The following applies to morph and gork as they acess same network)

The FT network is one that is blurry as to it status of being decentralized (no main server) But as things stand now, it does have a central server which when you first start up your kazaa, it connects to a central server on the FT Network, and gets a list of super nodes for your kazaa to hook up too. (When you connect users will automatically upload a small list of files they are sharing to you. When they are searching they will send the search request to you as a Super Node.) It also contacts the central server in order to get the Registration and Login info as well as sending out advertisements. You know what I mean those big flashy, colorful (in a 70's) pictures that annoy the hell out of you while your downloading.

The layout of the network flows like this; basically there are 2 levels. Depending if your kazaa is acting like a super node or not decides what level your kazaa is running on. When you first log on, you're just a node to the fast track network. If your connection is high speed, and running smoothly, your kazaa client can be instantly given the status of a super node. So out of all the users using kazaa, there are a few super nodes and a bunch users who weren't up to super node status. Its all lumped into little networks, a bunch of nodes all talking to a super node, You type in a search request, and your client talks to a super node, which has a list of all the files the other users who are also in contact with that super node, are sharing. It's all-automatic, and runs silently.

All the communication between nodes and super nodes is encrypted, a cypher stream consisting of keys in varying bytes. Kind of a secret computer language.

Basically that's the jist of how things work. It all sums up into one thing, the fast track Protocol. Gift allowed the creation of clients that could work on the Fast Track network.

With the new update Fast Track changed the protocol, as away to lock out non fast track clients. The nodes were no longer reporting the super nodes they were interlocked with.

That wasn't enough though...

FastTrack as of Saturday 29, 2001, basically totally changed the way in which nodes and super nodes communicate.

KaZaA, Morpheus and gorkster all because of the latest change, now relies on a central server in order to keep the network intact.

Fast Track has now opened themselves up to the same possible vulnerability napster had. (Central servers)

And right around the same time, the RIAA bit into fast track.

Why fast track didn't flip the magic switch and turn it all totally de centralized in order for it all to live on is a mystery.

fogelbise · 27-02-02, 11:39 AM

thank you both for the great info!!

it makes since that older versions would be able to connect to each other.

Hey indianajones, you spoke to this jaan guy before the forums were shut down i believe, can you add anything?

26-02-02, 10:00 PM	#1
JackSpratts Join Date: May 2001 Location: New England Posts: 10,017	The Unanswered Question Since April, Morpheus users have been trying without success to get an answer to the Fasttrack network vulnerability question because Morpheus never seemed all that secure. Those mulling over a new app didn't really feel like repeating the Napster disaster. Opennap or not, if the network could be shut down by a court, it probably would at some point, and probably sooner than later. So, people were looking for a much more secure system to invest their time. Asked directly or indirectly, nicely or not, however, they never got a straight answer. I took an upfront approach, as in this simple question posed to MC2 at the MusicCity forum almost a year ago: “can morpheus be shut down - yes or no?”- 4/'01. I received yards of boilerplate but no answers. Later on, according to Fasttrack contract programmer jaan (who has not responded to several recent emails seeking comment), we finally heard that regardless of what the companies do with their updates, the same versions would still connect to each other. That means if you couldn't connect vertically to the next level up (the newest version) because the company (or the gov't) was blocking your older version, you should still be able to connect laterally, with the same users of the older version. Remember, in Morpheus' case, that would be about 60,000,000 people. No problem there, right? As a matter of fact this happened once before, when v1.3 came out (who remembers that weekend?) with Morpheus doing the blocking that time. During that episode, on the public forum, jaan told me directly that older versions would ”always be able to connect with each other even if they could not connect to the newer ones”. He said this to reassure the 10s of thousands of users who were not installing the update. “Don't worry about the new version” he said, “you can always go back to the old one”. This went to the heart of the issue. If Morpheus could block the entire network then so could the courts! But, if older versions still worked in spite of any attempts to shut down newer ones, the public network would survive. With the first court date scheduled in less than a week, it's a bad time to find out the network may be as vulnerable as we had thought all along. - js.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

27-02-02, 07:05 AM	#2
Mowzer ' Join Date: Jan 2002 Posts: 209	KaZaA and Morpheus, and Grokster use centralized servers since versions 1.3.3 Only sporadically have they switched back to the old decentralized method. FastTrack switched the network over to being centralized, in order to lock out gift, and any other rouge decentralized clients. The record companies know this and that is the reasoning behind the decision for them to laucnh the suits a few months ago. If you have old version of Morph or KaZaA around, and one day you try them for fun and connecte they might work, the next time they wont. Thats only the real way to tell if FastTrack has things on a centralized network or not. As of today, eventhough its now Shermna networks, it is still central. They can change the protocol and language the clients use to talk to each other at will, through keys. gIFT was blocked out once, and then tried transversing the keys, and was able to get back in. However cause the keys can change at any sec, it was pointless for gIFT to keep developing in that direction, hence the reason gift has remained locked out. The way the network is today, the clients need the central servers in order to work with each other, so there is no true decentralization. Here's the full story... Users of KaZaA found that the KaZaA client had introduced a new update. Version 1.3.3 The update box read "We have just released an important security patch (version 1.3.3) this version contains an important security patch and it is highly recommended to update. Apart from that it has no new features." and one by one users across the net began applying the patch. Same went for grokster, and morph. The new security update was simply just away for Fast Track to change the protocol and push the new clients on the users in a transparent manner. With one simple update to KaZaA, Fast Track attempted to send the gift project on hiatus. (The following applies to morph and gork as they acess same network) The FT network is one that is blurry as to it status of being decentralized (no main server) But as things stand now, it does have a central server which when you first start up your kazaa, it connects to a central server on the FT Network, and gets a list of super nodes for your kazaa to hook up too. (When you connect users will automatically upload a small list of files they are sharing to you. When they are searching they will send the search request to you as a Super Node.) It also contacts the central server in order to get the Registration and Login info as well as sending out advertisements. You know what I mean those big flashy, colorful (in a 70's) pictures that annoy the hell out of you while your downloading. The layout of the network flows like this; basically there are 2 levels. Depending if your kazaa is acting like a super node or not decides what level your kazaa is running on. When you first log on, you're just a node to the fast track network. If your connection is high speed, and running smoothly, your kazaa client can be instantly given the status of a super node. So out of all the users using kazaa, there are a few super nodes and a bunch users who weren't up to super node status. Its all lumped into little networks, a bunch of nodes all talking to a super node, You type in a search request, and your client talks to a super node, which has a list of all the files the other users who are also in contact with that super node, are sharing. It's all-automatic, and runs silently. All the communication between nodes and super nodes is encrypted, a cypher stream consisting of keys in varying bytes. Kind of a secret computer language. Basically that's the jist of how things work. It all sums up into one thing, the fast track Protocol. Gift allowed the creation of clients that could work on the Fast Track network. With the new update Fast Track changed the protocol, as away to lock out non fast track clients. The nodes were no longer reporting the super nodes they were interlocked with. That wasn't enough though... FastTrack as of Saturday 29, 2001, basically totally changed the way in which nodes and super nodes communicate. KaZaA, Morpheus and gorkster all because of the latest change, now relies on a central server in order to keep the network intact. Fast Track has now opened themselves up to the same possible vulnerability napster had. (Central servers) And right around the same time, the RIAA bit into fast track. Why fast track didn't flip the magic switch and turn it all totally de centralized in order for it all to live on is a mystery.

27-02-02, 11:39 AM	#3
fogelbise Registered User Join Date: Feb 2002 Location: NGC 6826 Posts: 58	thank you both for the great info!! it makes since that older versions would be able to connect to each other. Hey indianajones, you spoke to this jaan guy before the forums were shut down i believe, can you add anything?