Author Topic: Is this project really that difficult? (Read 15406 times)

MinersLantern · « **on:** July 30, 2011, 05:13:13 am »

From what I can see the patch is at a dead stand still. Intercept all traffic using ws2 or whatever dll is convenient. Modify the key exchange. It doesnt matter how way ya do it. Base it on every first letter of each word in the Koran if you want or use tweaked (less strong) PGP algorithm. As long as its not out in the wild, KM or whatever hacker is going to be denied access. Unpatched peeps will also be denied access. No great loss since WinMX is already about as screwed up as it can be. If peeps want backwards compatability, too bad. Patch it or go to BT. And these little packets that indicate the source is for a request of a chat list, a search, etc, etc... Change that as well. Is there a law that says it must be the current number of bytes and using the same number to indicate the function of the request? As long as that stuff is unknown to KM and/or whoever may be interested, problem solved. It seems to me that ones in 'control' of the fix are being far too conservative. Make major changes to the protocol, then bury the source code under a rock in Nevada. The code in the dll can modify and allow or deny access then translating it to make the interface to the server/cliet called WinMX happy. Peeps who refuse to update can continue to suffer. Patched peeps can once again enjoy WinMX. No need to totally rewrite a new WinMX. And please no silly comments like Joshes that I have no idea what im talking about. You can try brute force (aka flood faster than the flooders flood) all you wish, someone else is going to flood faster. Where does that stop? As far as I know the cartel among others have infinitely faster access and more money to attack than anyone else on earth (including Joshes server in Germany). Sorry, but this stagnation and basically giving up until the attackers feel kind enough to be nice is unacceptable. Time for those involved to make major changes. Dont worry, it isnt going to break WinMX. Its already broken. Its like a doctor worrying about a dead corpse having a wart on his big toe. No doubt certain peeps will moan and complain about my comments. Oh well, too bad. If ya hate it, then ban me from the site. It isnt going to help WinMX.

DaBees-Knees · « **Reply #1 on:** July 30, 2011, 05:39:38 am »

Having got that off your chest what's your point? We all know that what we need are some good programmers with lots of spare time that are prepared to help.

silicon_toad2000 · « **Reply #2 on:** July 30, 2011, 05:40:16 am »

I'd have to take point with your comments:

Quote

Sorry, but this stagnation and basically giving up until the attackers feel kind enough to be nice is unacceptable.

I know first hand that noone has given up, despite selfish and ill informed comments similar to your own.
Sometimes I wonder why they continue when faced with such gratitude for the selfless donation of their time and effort, but they do.

I'm sure those involved in the project will take that portion of your post which is somewhat constructive on board and treat the remainder as it deserves.

achilles · « **Reply #3 on:** July 30, 2011, 05:48:29 am »

I feel the same way MinersLantern. Trying to make sure the protocols are completely compatible with the old client is a waste of time! The old client does not work anymore, and it is way past its life cycle. Those that refuse to upgrade to the new patch, and eventually the new client can just suffer the consequences. Refusing to update to the new patch or new client would just be an idiotic thing to do. Quite frankly, it would just be plain stupid! Anyone still using the old patch will only hurt the network, and put themselves in danger. The network is not safe at all to use right now. I myself am afraid to continue to run WinMx anymore due to the amount of bandwidth being eaten up by the attacks, and it requires too much care to slow down the attacks. I feel like i'm in a sinking ship, and as soon as i plug one hole ten more holes pop up in its place. I will run WinMx 24/7 again when it is fixed, but I can't continue to risk running an exploited application on my machines. I wish I was a master coder, but i'm not so I will continue to wait patently for a fix.

achilles · « **Reply #4 on:** July 30, 2011, 06:31:30 am »

I would still like to say Thank You so much to the coder working so hard on a new patch!! I'm not frustrated with the coder or his or her ability. I'm frustrated with the reasons I commonly hear from others for keeping outdated protocols in the client. One of the comments i often hear is that users want the familiar, and if we don't have an exact clone of the old client we will loss many users. Due to the attacks we have already lost almost all the users so it seems to me that now we have nothing to loss, and everything to gain by updating the protocols. We could keep that same body or GUI, and have all the same features & options as the old client. Some protocols are just way over due updating. I'm getting way ahead of myself for even speaking about a new client. Anyways.. I would like to say to the coder that don't let reasons such as I mentioned keep you from doing whatever you need to do to fix the problem. You don't have to worry about breaking it or losing the users because all that has already happened now. Do what ever you deem necessary to fix the problem even if it required major protocol changes. If it's fixed a year from now or two years from now i will be here waiting to use it, and I will do everything I can to get the word out that WinMx is working again & better than ever. Almost all the users have left the network, but they will come back once this has been fixed. I'm confident that the WPN will once again become the most secure, and safest P2P network on the net.

RebelMX · « **Reply #5 on:** July 30, 2011, 02:55:40 pm »

Actually, there have been radical propositions made in order to arrange a fix. The problems with what you suggest are pretty obvious.

WinMX and the WPN are closed source. However to date the majority of the network and how the protocol works has been documented. Therefore what makes you think that a closed source patch will stop KM or anyone else figuring out how it works? All that needs to be done is a packet sniffer run on the same machine as a winmx running the new patch. Therefore look at the input and outputs and figure out how it works. So the idea that a closed source patch that entirely breaks the current network will last more than say a month is actually ridiculous.

The only way to stop the attacks is to create a technical measure that is so thorough that even knowing how it works cannot allow circumvention. That fix is what is being worked on and so far has been elusive. I have recently offered my assistance and even suggested a very radical and possibly a complete fix for this issue. That said it MAY cause higher individual bandwidth in the long term compared to before the attacks, however i believe that it would entirely or at least significantly reduce the attacks and their effectiveness. My suggestion allows compatibility with the current network, and actually a very minor change to the current patch, but will sacrifice a small amount of bandwidth. At some point we need to decide whether internet and bandwidth limits are more or less of a sacrifice than the entire network. Nowdays the limits imposed and the connection types and sizes are pretty far on from the 2000/2001 time when WinMX first came out!

achilles · « **Reply #6 on:** July 30, 2011, 03:47:25 pm »

I hope they figure out a fix with the patch, but at some point in the near future the protocols will have to be updated if we are to have a secure network. There's already plenty of open source code out there that can be used. Sometimes it's best to use someone else's hard work, and add to or improve what's already out there. Its a common practice in academia. If nothing else study the code for your own innovative ideals. I'm sure this has already been considered anyways. No reason to reinvent the wheel lol The inner workings of the network want function the same, but we will have the same user base and that's what really counts. I want to interact with the same community that i've been interacting with all these years, and see WinMx have more to offer to bring in valuable new users. Good luck to the coder or coders!! Thank You for all your hard work!!

GhostShip · « **Reply #7 on:** July 30, 2011, 07:15:33 pm »

Quote

I'm sure this has already been considered anyways. No reason to reinvent the wheel lol

I can attest to the fact that nearly all angles have been looked at even the whackier sounding arrangements, whilst is is truly frustrating for the users its no pinic for the developers either as some of the techniques required for the solution are unknown and require study even to implement, with Richy and Eagle both adding their combined coding talents to the new patch support pool hope is still alive here, only our own lack of faith in a solution will cause us to fall by the wayside and I dont see anyone suggesting we give up, We have as a community weathered strong storms as this and survived and I feel the tide is turning now in our favour with so much help now tasked to delivering the network from harm, the WinMX network shall prevail.

Real Red · « **Reply #8 on:** July 30, 2011, 08:49:28 pm »

Is this the same Richy you were calling a lisr just a few months ago GS?? The same guy who left a backdoor in his server ???

Real Red · « **Reply #9 on:** July 30, 2011, 08:50:50 pm »

*Liar

GhostShip · « **Reply #10 on:** July 30, 2011, 09:25:17 pm »

Yes this is the same guy, is that a problem for you ?

The project src is in the hands of another coder who is running the whole project so we can and will all sleep safely in our beds and if Ritchy has done some good as KM did in 2005 then I can forgive a few historical blemishes.

We cannot be fussy who helps us when there are so few folks with the key talents we require, like it or lump it

Btw why are you posting this from a Norweigan mobile phone ? One of the attackers is based in Norway and would like to see people fighting amongst themselves instead of uniting to fix the network I hope your not that attacker ...

Real Red · « **Reply #11 on:** July 31, 2011, 01:06:47 am »

I have no problem with who works on the project,just so long as it gets sorted out quickly,and properly,i was referring to some of your own quotes earlier,and NO i am definitely Not one of the attackers,far from it ,and i'm not in Norway ,or on a mobile phone ,or a proxy,i'm just another room host (have been for 10 yrs)wanting this mess cleared up !

Bluey_412 · « **Reply #12 on:** July 31, 2011, 04:59:35 am »

And for those who insist on saying that WinMX is dead, noooo, it may be in ICU, but's far from dead....
and if the users have all left, why is my queue so busy?

achilles · « **Reply #13 on:** July 31, 2011, 04:48:21 pm »

Is it possible to add encryption to the File exchange protocols at this point? I was informed by someone the old protocols would not allow this.

White Stripes · « **Reply #14 on:** July 31, 2011, 05:34:22 pm »

it would break opennap (which seems to be coming in quite usefull atm)

Will · « **Reply #15 on:** July 31, 2011, 06:51:20 pm »

File transfers could be encrypted without breaking opennap, the request that mx sends and the opennap one are slightly different so a check could be added to detect which one is which. Either that or add a setting to enable and disable it so you could use one or the other.

GhostShip · « **Reply #16 on:** July 31, 2011, 07:13:44 pm »

Fair play Real Red, My apologies

achilles · « **Reply #17 on:** July 31, 2011, 09:06:06 pm »

Encryption would be a great addition to the client! I would think it would even eliminate some possible future attacks. The primary reason I used WinMx all these years was I felt the WPN was the safest option for P2P. Security is my #1 priority, and then everything else comes after. The second reason was I usually found what I was looking for on the WPN. The other networks had faster downloads, but I rarely found older media. Other networks tend to share only what they have recently downloaded, but WinMx users tend to share most of their files even if its something they obtained 10 years ago. The WPN had a much lager collection to chose from.

Lagerlout666 · « **Reply #18 on:** July 31, 2011, 09:14:51 pm »

ill download the lager anyday

@ typo

MinersLantern · « **Reply #19 on:** August 01, 2011, 04:17:14 am »

WinMX is already encrypted. Unfortunately, the method is known. Im just suggesting that changing the protocols from search to chat to connect and negotiate to something unknown (to the outside world).
Has anyone heard of the 'Beale Code' ? Its very simple. It descibes the location and quantity of an ungodly amount of money. (gold/silver) and to date the first two documents have been cracked. Those told of what the treasure is and how much is to be found. The third is the location. The third has never been decoded. At $1600/once of todays gold value, it would be scary to imagine an individual decoding that successfully. Not that people have not been spending money, time and using the latest computer technology to figure it out for many years. Still no joy.
The cartel, government and not even the almighty KM can crack it and its still a very simple code.
Find some document, doesnt matter what document really as long as its unknown. The first letter of each word is assigned a number, this number varies not only by different first letters but also by where they occur in the document. The only way to decode a thing like that is to find the original document that the table is based on.
Software that works by using frequency of word usage in the english language is of no help. There is no pattern to deduce. It could be based on the constitution (insecure, too famous) or some guys daughters wish list for christmas (very secure). To be even more evil, one could just randomly select words and string them together as a document (would take all the computer power on earth a billion years to solve).
How far do the 'hackers' want to go? Do they have limitless money and time to solve the problem? One could further be annoying by using typical, for these days, encryption methods using source and destination ips to mathematically mess the original crypto up further in real time.
It really wouldnt matter if someone attempts to read packets being send back and forth to figure it out, that all would change from one connection to another. Im not saying that this is the correct or most optimal path, but at least it does look like I have poked a hornets nest and got some discussion going about the matter.
How much money and time does KM want to spend to regain his 'status' as absolute power on WinMX? Major change is a good idea. Let him try to hack it until he dies of old age. Maybe he will find something more interesting to do. Hell, KM isnt even prolly doing it now.
There are too many others that want to see WinMX and any other P2P software vanish from the face of the earth. I just use 'KM' and 'Hackers' to descibe the ones who are screwing us all up since it WAS KM who decided, in his infinite wisdom, to release the source code. Anyway, change it this way, that way, any way. As long as its unknown how it works, problem solved for a good long time. Im not trying to be negative or drive away anyone and certainly not the guys/gals spending their time for free trying to get the patch going.
Some argument and discussion is a good thing. Without that, any subject or issue will become stagnant and nobody is going to do a thing, including WinMX.
There is no need to perfect everything about the patch right now before its release. The greatest major problems can be tweaked to reduce them in a new patch. Greater functionality and perfection can be added later through time.
Even Microsoft didnt wait for years to release Windows. Corrections are made in time via updates.
Nothing is perfect with the first release and it wont be after 100 updates, each improves upon the last.

[Edited by Bluey to help readability...]