Author Topic: 2011, the year that was. (Read 19325 times)

MinersLantern · « **Reply #40 on:** January 23, 2012, 04:20:31 am »

As someone said before, a patch cannot deal with checking all the traffic, it eats the resources.
Is that any different than anything involving winmx eating all the resources to try to crash government sites? That is all my WinMX does. It just sits there, lagging my PC while trying to connect to the DoD 24/7/365. Do you think im worried if the thing is spending time filtering out the fake ips? I wish it would.
The DoD is not like a major P2P sharing location. There is no reason that WinMX, nor anything else, should be trying sites like that. If some guy at the DoD is sharing a porn file, lol, I doubt it. Maybe the DoD is sharing all video files of any kind available on the planet, I doubt that too. There is still no reason that WinMX should even try outgoing attempts, nor accept incomming attempts from places like the DoD, Mpaa, Riaa, North Korea, Africa, (insert any undesired ip here). Is it really critical to write an entire new client right now, this microsecond, above anything else?
Let Rome burn while we develop a new suburb?

MinersLantern · « **Reply #41 on:** January 23, 2012, 04:26:55 am »

I only seen that happen once, last night, while I was cooking and in the kitchen. I added the entire DoD to my fiirewall and the local blocklist I have here. It has not happened again. Maybe a fluke? Maybe running the bloclklist locally (including the DoD)? I dont know. Things are in the shits lately. Not talking just about WinMX.
One must be careful living in the land of the free these days.

silicon_toad2000 · « **Reply #42 on:** January 23, 2012, 04:55:52 am »

Leaving aside the situation where there is a daemon behind a port on a DoD IP which is able to accept and respond to the winmx traffic,

This is why we recommend users look into using peerblock on the main page.

GhostShip · « **Reply #43 on:** January 23, 2012, 03:04:00 pm »

I didnt want to be so blunt with you MinerLantern but look at it from our perspective for a second, we can waste all our time and resources trying to rebuild nearly half the client in a patch + all the new code and anti exploit mechanisms we can think of to keep matters as they used to be, sounds great on paper but is nigh on impossible to implement without major effort by seasoned coders.

Contructing the new client is faster and in the long run more effective as we dont have to keep patching a now vunerable static target, by repeatedly calling for work to be undertaken on the patch your simply disrupting the development of the new client, I know this because I'm working on it.

Our advice was to use open nap and if you have to use the WPN use a blocklist from a reputable src, I note no one has asked just what moron would spoof DOD connection to put the whole network and the peer caches at risk, something they have been doing for the last 10 months I'm suprised you have only just noticed.

The long and short is if you had followed our advice then you would not have seen this problem, I'm sorry some childish person is bent on abusing the network but there is little to no gain to be had by stopping the building of an new vessel to keep patching a hole in the titanic, if you would like to discuss matters at a more technical level to gain further insight into why this decision was deemed the right way to go please pm me a time and place I can catch up with you.

White Stripes · « **Reply #44 on:** January 23, 2012, 03:16:50 pm »

Quote from: silicon_toad2000 on January 23, 2012, 04:55:52 am

Leaving aside the situation where there is a daemon behind a port on a DoD IP which is able to accept and respond to the winmx traffic,

This is why we recommend users look into using peerblock on the main page.

hoesntly can see the logic here... if i were being ddosed by something that didnt look like a typical ddos and had the resources to work it out, id have some software running to 'watch' this new 'attack' too... ...possibly to try and find the C&C behind it...

GhostShip · « **Reply #45 on:** January 23, 2012, 05:08:38 pm »

Stripes say we did in fact locate such "C&C" and then used the blocklist to halt it, and then the attacker came crying to the rest of the community making multiple false claims and modifying his attacks to do further damage as well as generally lie to and mislead many in the community and enjoin with others who wanted simply to take down wmw, and further say the community got sucked in in some measure and demanded the attackers tor nodes be unblocked ...

Do you recognise any of the above, as thats what in fact happened.

White Stripes · « **Reply #46 on:** January 23, 2012, 05:34:01 pm »

considering the fake room name floods followed by that chatlog then now the attacks... yep... i agree thats what happened... what im waiting for is for the dod to go after the attackers now... ...its not the bots... its the herders that are the ones that get slammed in the end... *grins*

GhostShip · « **Reply #47 on:** January 23, 2012, 05:39:52 pm »

Let us hope so. Those behind the attacks are the lowest kind of scum I know of, cowardly bullies who seek simply to try to seize control of the network because no one trusts them at all to take care of it and they offer nothing except threats and censorship, I think you can tell I'm more than annoyed with Michael, I hope he regrets his actions and apologises to the networks users one day in the future when hes man enough.

White Stripes · « **Reply #48 on:** January 23, 2012, 05:49:58 pm »

i honestly... dont think you'll (or anyone) ever get an apology out of him... if the dod doesnt get him then the new client... being hardened against attacks... will just cause him to fade back into the background again...

GhostShip · « **Reply #49 on:** January 23, 2012, 08:11:54 pm »

That is one of the key benefits of a new client, having a code base that can remain agile against attackers as opposed to where we all sit atm its really a no brainer in my opinion.

Garryb · « **Reply #50 on:** January 24, 2012, 10:53:19 pm »

Hi Guys.

I have been a WinMX user for a number of years.

I am not a computer programmer or a tech head. Up until today I thought that SOPA was the Italian name for what I wash myself with in the shower!!

What I do know is that WinMX has been an awesome program that my young son introduced me too many years ago (he is now 26) and I have been using it on and off ever since.

I just read through this thread and, honestly, I have no idea what half of it meant. What I do know is that I am very thankfull to EVERYONE who have obviously committed a large chunk of their free time, their lives and their knowledge, to create a file sharing program that even a dum ass like me can use!!

Thanks guys. Whatever improvements you make is fine with me. Just please keep it simple and straight forward so that people like me can also use it.

I notice, with much happiness, that the search seems to be back working fine now. Again, thankyou.

Best regards

Garryb

MinersLantern · « **Reply #51 on:** January 25, 2012, 02:40:01 am »

Ghost,
Actually if you read back through the forums (or was it a pvt message to you, I dont remember) you will find that im not surprised at the news of attacks going after the DoD. It isnt new to me at all. I am in fact the first one to have mentioned that months ago. The very next day, you guys put up a special notice on the front page of this site.
Peerguardian is cute and all. I have known about that for eons as well. Entering such ports and ips into a plain old fashioned firewall is much faster and easier for myself and for the system.
Once in awhile I turn that stuff off and monitor every single connection along with its traffic in order to look for any information or patterns I can find.
I was just relaying what happened the last time I decided to go into 'spy' mode and open the connections regarding a successfull bidirectional connection to the DoD.
It has been the theory since any attacks happened at all that we only have to worry about incoming secondaries. I have thought that this idea was wrong the first time I read about it years ago.
If a multibillion dollar international cartel can attack via secondary, they can also go the primary route as well. It isnt rocket science.
I guess that everything is now set in concrete as far as a patch or new client is concerned and any outside information is to be not acceptable.
Go ahead as you see fit.
I'll just sit here like a stupid and ignorant winmx 'user' and mind my own business. Eating donuts and waiting for the next 1-2 years for something that is absolutely perfect and flawless in every possible way.
The clock is ticking, users are leaving.

MinersLantern · « **Reply #52 on:** January 25, 2012, 02:46:46 am »

BTW,
One tiny little change to the current patch would be to use the same block list to remove any outgoing attempts. Then update the list to eliminate Tor, strange ports as well as anything involving high speed remote servers which people subscribe to for mostly one reason... and that aint to share files.
The current patch only does incomming. It would be nice if it would also block and remove outgoing attempts in the first place. No need to mess about with firewalls and PG2. That alone would make everyones CPU much happier.

GhostShip · « **Reply #53 on:** January 25, 2012, 03:40:54 am »

You really are rather hard work MinersLantern.

Simply because we don't splash every single attack on the front page as has been our policy from the start of fighting network attackers, I'm pleased to hear your about at intervals suggesting to us what to do, however we here appreciate that delivering timely feedback to attackers to help them improve on their attack tactics is perhaps not the greatest of strategies.

You don't have to agree with anything that goes on here, like us you are fully free to go your own way and create a solution you feel benefits the community we after all have no monopoly on the users, what we do have is limited resources at hand and we have to look at the best strategy long term, is it to keep trying to repair something that needs major repair and will continue to need further major repairs due to its closed src construction or should we build just that bit further and make a client that can be upgraded trivially to face any new attacks or variations in how the network operates. This is not possible with the old client without enormous amounts of work and for all that work it will be virtually junk soon due to the introduction of IPv6.

I do understand your annoyance but you need to understand the facts that I see clearly, I too love our trusted friend but without the src code it is plainly not feasible to continue to resuscitate it, the protocols need changing to protect the users from numbskulls and criminals and new facilities and upgrades can be placed in the new client at a whim, I know what I'm telling you will offend you but you really do have to face reality and that reality is we need to launch the liferaft and save as many hands as we can and ensure that by learning from the lessons of failure rebuild and improve and make sure we will have facilities in hand prior rather than after any impending disasters.

This strategy wasnt taken lightly, but doing nothing or allowing an attacker to drive away the entire userbase by continually attacking what is now a weak target is simply playing into the hands of these lowlives, just how many patch releases would you suggest are necessary to protect the folks as I can speak with some authority about such matters, I believe your answer wouldnt be anywhere near the amount that would in reality become necessary and your assuming all network users would take up such patches, if you believe that they will I feel you would be swiftly disappointed, having been here and having to have undertaken multiple patch roll-outs of some sort or another many times over many years its known that folks will still remain unpatched for up to 2 years in some cases, even if the connection is poor and the network is crap they will continue to use their old friend, misguidedly thinking it will continue to help them but unwittingly at the expense of the rest of us, this is the road I feel your heading, please have trust and lift your head up out of the sand, this isnt a personal matter but its a necessary one and if you feel we are on the wrong path then please accept its the path we have confidence in, no one here has a crystal ball but we believe this is the best strategy at this time and for the long term future, thats all there is to be said.

Einsteinus · « **Reply #54 on:** January 27, 2012, 03:27:57 am »

I have been a Slavanap operator (and before that opennap in the days when we had to write our own config files) it has been fun and in some ways alot more personal then the Winmx Peer world, however I have also been a member of this universe for just as long (celebrated our 10th year as a network last year). The things said about this network are all true in the open nap world. Unfortunately it takes having to actually run a computer for a bunch of people that are not compensating you for the money, time, bandwidth, equipment that we as server operators have dedicated to our users for many years. The admins on our networks have unselfishly given of themselves to police our own users and ban those who share child porn or other objectionable files. I suppose with block lists one could even abide by the RIAA and MPAA requests to make sure that no artists who DONT want their material to be shared are honored. On the other hand many artists actually DO NOT object to their material being shared and in order for a Cease and Desist order (or subpoena) to be issued for file sharing someone has to bring charges In the first place. Even when that is the case all the ISP's in the United States ( I have worked for 4 of them LOL) will give up to 5 levels of warnings before you get fined (that's because they want you to stop rather then go to court for $3000 per pop most 15 year old don't have that kind of cash).....my point being that open nap is alive and well ... and as we all argue about the small stuff I have had wonderful traffic on my network. These idiots that have made life hard on people by causing massive search returns and jamming chat listings are really only going to hell anyways and not stopping anything. It's sad that this year I lost 2 great admins to cancer and they were real people dedicated to the cause and a part of our collective family...it's a shame that something as simple as someone wanting to say farewell to fellow friends that they have only know by being on this network and from all corners of the world has been thwarted by a bunch of disgruntled people that were once a part of that family...it's kind of like kicking your mother out of your house into the cold.....shame on you

silicon_toad2000 · « **Reply #55 on:** January 27, 2012, 04:27:23 am »

Sorry to hear of the loss of your friends and admins.

GhostShip · « **Reply #56 on:** January 28, 2012, 01:22:02 am »

Thank you for sharing your sad news Einsteinus, the personal cost of mindless activities such as attacking the network is often overlooked, and in some cases scorned by the attackers, when the attacks first started up one of our partially blind community members contacted me and was very distressed as he was having trouble reaching his chat friends who he speaks to every day, when I mentioned this to the attackers they scoffed and laughed and tbh I felt pretty low and depressed that folks would enjoy hurting others in this way, my condolences go out to you and I hope its not wrong to say that your friends sounded like good people who took the time to make a difference , my utmost respect goes out to them and yourself, once again thank you for sharing your words here, it does make a difference to know that people will still fight to hold their friendships together despite overwhelming odds.

Garryb · « **Reply #57 on:** January 28, 2012, 10:58:06 pm »

BTW: I don't recall the exact year my son introduced me to WinMX but it would have been around the mid 1990's.

It's been a great program, and still is.

GarryB

achilles · « **Reply #58 on:** January 29, 2012, 09:16:43 am »

You must be thinking of Napster. WinMx wasn't around then. According to Wiki WinMx didnt arrive until 2001 though I was thinking it was more like 99 or 2000.

silicon_toad2000 · « **Reply #59 on:** January 29, 2012, 11:38:35 am »

Wasn't winmx released before then, but operated primarily as an opennap client?