jameslee
12-07-2001, 05:40 PM
Note: Sorry for the post length, but i believe it's all relevant. Especially the sections on security and peer-2-peer technology.
I've been testing Morpheus for some time now, mainly because several of my clients have asked about it.
Unfortunately (or maybe fortunately -- more later), i don't know many people also using Morpheus. Most of my friends use Audiogalaxy for music, and several of them prefer 'old-school' means like usenet and mIRC for everything. This means i don't have a good user sample with which i can compare Morpheus' performance with respect to my computer.
Below is a listing of my observations using Morpheus, mainly concerning: resources, connectivity, bandwidth (speed), limitations, and security along with a short discussion about peer-2-peer technology & theory. Please respond to this thread with your observations and opinions.
1. Resources:
MusicCity advertises that Morpheus uses automatic throttling to keep network and CPU peer utilization under 10%, but i've seen it use as much as 33% of the CPU on my computer. Morpheus is a resource hog. The only other applications i use which beat it or come extremely close are Oracle Personal Edition (database) and Adobe Photoshop (image editing). I really don't think a file sharing application designed to be run 24/7 in the background should use so many resources.
2. Connectivity:
A lot of times i'll check Morpheus and have no downloads or uploads, although my download queue will contain multiple requests from multiple users. Disconnecting from the Morpheus/KaZaA network and then reconnecting almost always results in transfers (downloads & uploads) starting again within 30 seconds. Has anyone else experienced this?
Basically, it seems like a need to refresh/restart/reboot my Morpheus connection. Reconnecting seems to have the affect of re-'broadcast'-ing across the network, reminding everyone that i'm active and available.
3. Bandwidth (Speed):
I'm using a fairly fast DSL connection (1.5Mb down/384Kb up) and have noticed times where all my connections (downloads & uploads) are transferring at sub .50 Kb/s speeds. Disconnecting and reconnecting doesn't seem to have any affect on the speed.
I know it's possible that the bandwidth bottleneck is on the other side of the network (i.e. the users with which i'm trying to connect), but even requesting a popular song which many users are sharing results in slow transfer speeds. This just doesn't seem consistent with user reviews i've read about Morpheus.
There are also times that all transfer speeds are decent: most over 1 Kb/s, a lot over 5 Kb/s, several over 10 Kb/s, and even a few above that! It seems to me that the performance of the Morpheus/KaZaA network is highly erratic.
In addition, there are two main internet hits if you're looking for ways to speed up Morpheus: Marketscore and a bunch of utilities from 1st Software Downloads. Has anyone tried either of these and confirmed if they actually do work? Here's the skinny:
. Marketscore: Signing up and using Marketscore if free. They advertise not only to increase your Morpheus speed, but to increase your speed to almost anything on the internet. This is how is works (or is supposed to anyway): You essentially proxy your internet connection through their servers. They cache almost everything any user has requested and based on the theory that popular resources will be accessed by many users, if you connect to them and request something that someone else has requested (e.g. today's weather from weather.com), they'll already have a copy so your request only goes to them and they'll returned the cached copy. They advertise other features, but that seems to be the most interesting one.
My main problem with this: Big Brother. You are making all your requests through their servers, so they can tell exactly where you are going and what you are doing. Also, this theory only works if you connect to common resources. If you connect to something that's not common, they've just added their server to the list of computers you have to connect through. Result: at least two more hops before your request is returned to you.
Also, all the references (read: sites) i found supporting Marketscore could be run by them from different domains. All the hits i investigated were the same format and style. A simple web site with one page describing three different peer-2-peer sharing applications with a note on the top and bottom of the page recommending Marketscore because it can increase the speed of these applications by 100%. That's it; nothing else on the entire domain. Interesting.
. 1st Software Downloads: Registering is $10 and then any of the software is free. They have a whole suite of software aimed at 'assisting' Morpheus. Anything from speeding up downloads to protecting again Morpheus-acquired viruses to media codecs to read the files you've downloaded.
My main problem with this: $10. :) That and the fact that it all sounds either useless or something that either Morpheus or another program you probably have (e.g. AntiVirus) already does (i.e. splitting up downloads, resuming downloads, virus protection, etc.) I'm not sure how the download acceleration crap is supposed to work.
4. Limitations:
Has anyone verified if it's true that the Morpheus/KaZaA network doesn't allow the sharing of mp3 files above 128 KB/s? (Doesn't really matter since you can bypass this restriction in your Windows' registry, just curious if anyone has confirmed they imposed this.)
5. Security:
I'm not sure if this is as much a security issue as it is either a software bug or unavoidable consequence of peer-2-peer sharing. Note: the following is for informational and awareness purposes only.
Considering that Morpheus (and KaZaA) use the same port (1214) for transferring files between users, on Windows NT/2K/XP you can easily identify all computers connected to your workstation via a simple command-line utility. On other operating systems you can easily download a plethora of simple utilities to identify all your computer's open ports and the remote computers connected to them. Heck, if you wanted to you can even identify if any computer is running Morpheus/KaZaA by using a network security port scanning tool; it's a little more involved, but easily accomplished.
Using the returned IP addresses of the computers connected to you (or any computer running Morpheus/KaZaA) and knowing that these applications always use port 1214, you can easily connect to any of these computers (read only) and list all the files they are sharing. Not much of a big deal considering i believe you can accomplish essentially the same thing in Morpheus by choosing a user and selecting 'Find more of same' -> 'user' from the popup menus. Also, since you choose what you want to share and you can even choose not to share anything, this really isn't anything groundbreaking.
But, all the discredits above involve the Morpheus interface and its settings (e.g. simultaneous download/upload limits, download/upload bandwidth used limits, etc.) With a direct connection to the computer, outside the Morpheus interface but using the Morpheus-made connection, you can easily have direct download access to any Morpheus-shared file. No waiting in queues, etc.
What does this mean to you, a Morpheus user? Since 'Joe Common' can only simply connect to your computer with read-only access, he really can't do major damage like delete/alter any important files. But he can directly download a lot of your shared files, quickly eating up your bandwidth. How easy is it? Acting as a 'white hat' (aka. good guy) and only knowing that Morpheus connects on port 1214, i was able to use the above vulnerability and connect directly to three different computers and download test files, all in fewer than five minutes.
6. Peer-2-Peer Technology:
MusicCity advertises Morpheus is the best peer-2-peer sharing application because their distributed (decentralized) network is self organizing and any outages a MusicCity have no affect on the rest of the network. You can read about their technology at: http://musiccity.streamcastnetworks.com/technology.htm and http://musiccity.streamcastnetworks.com/helpfaq.htm.
My question: can a peer-2-peer distributed network really be completely decentralized and independent from, in this case, MusicCity? Consider this: without some type of centralized main server, when your Morpheus client attempts to connect and authenticate, how does it know where it go?
Checking my router and using a little packet-sniffing (still white hat :)), i've concluded that Morpheus clients attempt to connect to the central server 206.142.53.0 on port 24 (KaZaA clients use a different server). I believe these computers uniquely authenticate users and index the addresses of the infamous "SuperNodes".
I'll have to include the true decentralized peer-2-peer theory discussion in later -- i gotta eat something.
Please let me know what you think,
James
I've been testing Morpheus for some time now, mainly because several of my clients have asked about it.
Unfortunately (or maybe fortunately -- more later), i don't know many people also using Morpheus. Most of my friends use Audiogalaxy for music, and several of them prefer 'old-school' means like usenet and mIRC for everything. This means i don't have a good user sample with which i can compare Morpheus' performance with respect to my computer.
Below is a listing of my observations using Morpheus, mainly concerning: resources, connectivity, bandwidth (speed), limitations, and security along with a short discussion about peer-2-peer technology & theory. Please respond to this thread with your observations and opinions.
1. Resources:
MusicCity advertises that Morpheus uses automatic throttling to keep network and CPU peer utilization under 10%, but i've seen it use as much as 33% of the CPU on my computer. Morpheus is a resource hog. The only other applications i use which beat it or come extremely close are Oracle Personal Edition (database) and Adobe Photoshop (image editing). I really don't think a file sharing application designed to be run 24/7 in the background should use so many resources.
2. Connectivity:
A lot of times i'll check Morpheus and have no downloads or uploads, although my download queue will contain multiple requests from multiple users. Disconnecting from the Morpheus/KaZaA network and then reconnecting almost always results in transfers (downloads & uploads) starting again within 30 seconds. Has anyone else experienced this?
Basically, it seems like a need to refresh/restart/reboot my Morpheus connection. Reconnecting seems to have the affect of re-'broadcast'-ing across the network, reminding everyone that i'm active and available.
3. Bandwidth (Speed):
I'm using a fairly fast DSL connection (1.5Mb down/384Kb up) and have noticed times where all my connections (downloads & uploads) are transferring at sub .50 Kb/s speeds. Disconnecting and reconnecting doesn't seem to have any affect on the speed.
I know it's possible that the bandwidth bottleneck is on the other side of the network (i.e. the users with which i'm trying to connect), but even requesting a popular song which many users are sharing results in slow transfer speeds. This just doesn't seem consistent with user reviews i've read about Morpheus.
There are also times that all transfer speeds are decent: most over 1 Kb/s, a lot over 5 Kb/s, several over 10 Kb/s, and even a few above that! It seems to me that the performance of the Morpheus/KaZaA network is highly erratic.
In addition, there are two main internet hits if you're looking for ways to speed up Morpheus: Marketscore and a bunch of utilities from 1st Software Downloads. Has anyone tried either of these and confirmed if they actually do work? Here's the skinny:
. Marketscore: Signing up and using Marketscore if free. They advertise not only to increase your Morpheus speed, but to increase your speed to almost anything on the internet. This is how is works (or is supposed to anyway): You essentially proxy your internet connection through their servers. They cache almost everything any user has requested and based on the theory that popular resources will be accessed by many users, if you connect to them and request something that someone else has requested (e.g. today's weather from weather.com), they'll already have a copy so your request only goes to them and they'll returned the cached copy. They advertise other features, but that seems to be the most interesting one.
My main problem with this: Big Brother. You are making all your requests through their servers, so they can tell exactly where you are going and what you are doing. Also, this theory only works if you connect to common resources. If you connect to something that's not common, they've just added their server to the list of computers you have to connect through. Result: at least two more hops before your request is returned to you.
Also, all the references (read: sites) i found supporting Marketscore could be run by them from different domains. All the hits i investigated were the same format and style. A simple web site with one page describing three different peer-2-peer sharing applications with a note on the top and bottom of the page recommending Marketscore because it can increase the speed of these applications by 100%. That's it; nothing else on the entire domain. Interesting.
. 1st Software Downloads: Registering is $10 and then any of the software is free. They have a whole suite of software aimed at 'assisting' Morpheus. Anything from speeding up downloads to protecting again Morpheus-acquired viruses to media codecs to read the files you've downloaded.
My main problem with this: $10. :) That and the fact that it all sounds either useless or something that either Morpheus or another program you probably have (e.g. AntiVirus) already does (i.e. splitting up downloads, resuming downloads, virus protection, etc.) I'm not sure how the download acceleration crap is supposed to work.
4. Limitations:
Has anyone verified if it's true that the Morpheus/KaZaA network doesn't allow the sharing of mp3 files above 128 KB/s? (Doesn't really matter since you can bypass this restriction in your Windows' registry, just curious if anyone has confirmed they imposed this.)
5. Security:
I'm not sure if this is as much a security issue as it is either a software bug or unavoidable consequence of peer-2-peer sharing. Note: the following is for informational and awareness purposes only.
Considering that Morpheus (and KaZaA) use the same port (1214) for transferring files between users, on Windows NT/2K/XP you can easily identify all computers connected to your workstation via a simple command-line utility. On other operating systems you can easily download a plethora of simple utilities to identify all your computer's open ports and the remote computers connected to them. Heck, if you wanted to you can even identify if any computer is running Morpheus/KaZaA by using a network security port scanning tool; it's a little more involved, but easily accomplished.
Using the returned IP addresses of the computers connected to you (or any computer running Morpheus/KaZaA) and knowing that these applications always use port 1214, you can easily connect to any of these computers (read only) and list all the files they are sharing. Not much of a big deal considering i believe you can accomplish essentially the same thing in Morpheus by choosing a user and selecting 'Find more of same' -> 'user' from the popup menus. Also, since you choose what you want to share and you can even choose not to share anything, this really isn't anything groundbreaking.
But, all the discredits above involve the Morpheus interface and its settings (e.g. simultaneous download/upload limits, download/upload bandwidth used limits, etc.) With a direct connection to the computer, outside the Morpheus interface but using the Morpheus-made connection, you can easily have direct download access to any Morpheus-shared file. No waiting in queues, etc.
What does this mean to you, a Morpheus user? Since 'Joe Common' can only simply connect to your computer with read-only access, he really can't do major damage like delete/alter any important files. But he can directly download a lot of your shared files, quickly eating up your bandwidth. How easy is it? Acting as a 'white hat' (aka. good guy) and only knowing that Morpheus connects on port 1214, i was able to use the above vulnerability and connect directly to three different computers and download test files, all in fewer than five minutes.
6. Peer-2-Peer Technology:
MusicCity advertises Morpheus is the best peer-2-peer sharing application because their distributed (decentralized) network is self organizing and any outages a MusicCity have no affect on the rest of the network. You can read about their technology at: http://musiccity.streamcastnetworks.com/technology.htm and http://musiccity.streamcastnetworks.com/helpfaq.htm.
My question: can a peer-2-peer distributed network really be completely decentralized and independent from, in this case, MusicCity? Consider this: without some type of centralized main server, when your Morpheus client attempts to connect and authenticate, how does it know where it go?
Checking my router and using a little packet-sniffing (still white hat :)), i've concluded that Morpheus clients attempt to connect to the central server 206.142.53.0 on port 24 (KaZaA clients use a different server). I believe these computers uniquely authenticate users and index the addresses of the infamous "SuperNodes".
I'll have to include the true decentralized peer-2-peer theory discussion in later -- i gotta eat something.
Please let me know what you think,
James