Sunday, March 22, 2009

Away for a while

The guy who maintains this blog (that's me) is going away for a while, so we won't be replying to stuff during that time.

Saturday, March 21, 2009

Update

All the guns are trained on this site and this team now.

Suddenly, everyone’s wants us to disband the team. “You’ve lost reputation, so just disband and start anew!”, or “Nobody knows who’s been hacked in the team anymore, so just ban the whole team and start afresh!”. Well i sure wish nobody tries to sabotage your teams, else everyone would be urging you to disband your own teams.

Another thing. I think it’s absolutely disgusting that people say “As long as they fold for anonymous under the default team 0, it’s okay, but if an “illegal” team overtakes us, then it’s not!”, or “OMG they’re going to overtake us, and since they have a few illegal accounts, they should be disbanded!”. It just brings out the ugly side of the competition in Folding@Home.

 

I hope everyone would put some serious thinking into everything before they post anything. Most of all, put yourselves in our shoes, and don’t see the wronged as the wrong.

Wednesday, March 18, 2009

Debunking myths

This is the Team FTL Folding@Home Blog. We'd like to start by introducing ourselves and debunking all rumors about us.


Team FTL

Team FTL (Faster Than Light) consists of people from various countries who came together online to spread the use of Folding@Home to the wider online community at large by debunking myths, thorough engagement and user-friendly installers.

We are NOT affiliated to any warez or illegal group, nor do we create trojans, viruses, "automatic installers" or any form of malware. We only serve to spread the message of Folding@Home to the masses, and to encourage them to join the project. No user installs our Folding@home installer and folds for our team without fully understanding the benefits and consequences of joining the Folding@Home project. It is known that some of our members are interested in distributing the installer through P2P channels, however it has been determined to be within EULA requirements.


The Scandal
However, due to some of our channels of communications (which include p2p and its forums), p2p groups have been sabotaging us (though we’re not sure whether its sabotage or over-enthusiasm), spreading the Folding@Home client in our team name, resulting in the loss of 106 million points from the entire team. We cannot affirm whether this is a malicious act to tarnish the reputation of the team, but we believe the problem is that they were enthusiastic about getting people to run Folding@Home, but were doing so in the wrong ways, and were breaking the EULA.  One reason for this is that we didn't have a proper website till now, which we will now rectify. All legit members' points were zeroed, while two of the sabotaged accounts, FTLSpeed and FTLTravel (both of which were originally team-members’) were both banned, a move which we applaud. We would like to maintain that the founding and legit members of Team FTL condemn ALL forms of behavior which put the team and the Folding@Home project in a bad light. ONLY A FEW ACCOUNTS HAVE BEEN AFFECTED. The installer used in these cases were MSI installers (believed to be derived from the OCAU MSI Installer: http://www.overclockers.com.au/folding/fah_installer.htm), or the direct console client with instructions to fold for the 2 users. As far as we know, THEIR installer does NOT contain any trojans or malware. It merely asks users to run a normal MSI installer. It is NOT the installer that we have designed.

In addition, we request the following users to be banned from the Folding@Home project as well, as it is the last of the sabotaged accounts that have not been banned, and was probably installed by users who were (we believe) manipulated by this external group:

 

  1. FTLExtreme
  2. FTLExttreme
  3. FTLExtrme
  4. FTLextream
  5. FTLEstreme
  6. FTLExtreme_(Or_any_username_you_like)
  7. FTLExreme
  8. FTLExtreme_
  9. FTLExtreme_[Or_any_username_you_like]
  10. FTLExtreme_Adam
  11. ftlextrem
  12. FTLEExtreme
  13. FTLExtrema
  14. _FTLExtreme_hero01
  15. FTLExtrreme
  16. FTLRxtreme
  17. FTLExtreame
  18. FTLxtreme
  19. FTLExtreme2
  20. FTLExtre
  21. FTLExtrime
  22. FTLExtreme(Or_any_username_you_like)
  23. FTLExtrene
  24. Username:FTLExtreme
  25. FTLExtereme
  26. \\FTLExtereme
  27. FTLExtreme(Or_any_usernme_you_like)
  28. FTLetreme
  29. FTLExtreme_
  30. _FTLEXTREME
  31. FTLEetreme
  32. FLTEtreme
  33. FLExtreme
  34. FLTExreme
  35. Any_username_you_like
  36. any_username
  37. anyuserulike
  38. any_user_name_you_like
  39. Any_username_ypu_like
  40. Any_username_you
  41. Any_username_kou_like
  42. any_username_you_luke
  43. Any_username_like
  44. any_usernamelike
  45. _Any_username_you_like
  46. Any_username_you_like_
  47. Any_username_yoou_like
  48. any_usermane_you_like
  49. any_name
  50. FasterThanLight_(Or_any_username_you_like)
  51. any_usename_you_like
  52. anyusernameyou_like
  53. anyusername
  54. Any_username_u_like
  55. ANY_USERNAME__YOU_LOKE
  56. Any_usarname_you_like
  57. Any_usernamre_you_like
  58. any_usernam_you_like
  59. Any_username_yuo_like
  60. Any_usernameyou_like
  61. Any_usernamer_you_like
  62. Any_uzername_you_like
  63. Any_unsername_you_like
  64. any_username_i_like
  65. Any_user_you_like
  66. any_username_tou_like
  67. anyusername_you_like
  68. any_username_you_lik
  69. Any_ussername_you_like
  70. any_user_name
  71. any_user_name_you_lake
  72. FasterThenLight
  73. fasterlights
  74. fasterthanlicht
  75. fastethanlight
  76. FasterThanligt
  77. FastherThanLight
  78. FasterThantLight
  79. FasterThanligth
  80. FasterThanlingt
  81. FasterThanLigh
  82. FasterTenLight
  83. FasterThanLighet
  84. FasterThamLight
  85. FasterThanLght
  86. FastarThanLight
  87. fasterthanlightt
  88. fasterthanlightning
  89. fasterthenligght
  90. Fastthananylight
  91. FFasterThanLight
  92. FasterThanLihgt
  93. FasterThatLight
  94. FasterThanLightR
  95. Fasterthalight
  96. FastThanLight
  97. FasterThanLigft
  98. FasterThanlight_gyuresanyi
  99. FasterThanKight
  100. username:_fasterthanlight
  101. fasterthsnlight
  102. FasterThanLigght
  103. FasterThanLiqht
  104. FasterToLight
  105. FastrerTHanLIGht
  106. Fasterthanthunder
  107. FasterThanLiht
  108. FasterThan_Light
  109. ___________________FasterThanLight
  110. FasterThanLinght
  111. FastrThanLight
  112. `fasterthanlight
  113. FsterThanLight
  114. festerthanlight
  115. xlcePhoenix
  116. xIcePhonix
  117. xicephenix
  118. XLCPHOENIX
  119. xIcePheonix
  120. xIcePhienix
  121. xicephoenixomran
  122. xIcePhoenix_
  123. xIcePhonenix
  124. user_name_xIcephonix
  125. xIceOhoenix
  126. icephoenix
  127. xIcePhonixx
  128. xIcePhoenixx
  129. xIcePheoenix
  130. xIcePhoinix
  131. xIcePhoenix_149135
  132. xPhoenix
  133. _xIcePhoenix

While we do not have an installer or file that directly implicates these users, we believe it’s pretty obvious. Some of these users may have already been banned since many of them have not returned any WUs since the last zero-ing of points. We are searching for the original installer or instructions that created these accounts. Pande Group does not ban users without sufficient evidence. We have attempted to remove the offending files from P2P sites by liaising with P2P forum administrators, and most of them have indeed been removed. We hope the team will be able to tide over this humiliating attack. We will be liaising with the the Folding Forum to get the above accounts banned soon. As far as we know, all other accounts are legit.


Comments

We've been monitoring online forums about this issue.

-------------------------------------------------------------------------------------------

"They place their folding clients just anywhere, without asking the owner of the machine.", "a new tactic by hackers"

Our (legit) installer is NOT embedded into any other program, not does it automatically install. In all our channels of communication (i.e. this blog and this blog only), it is available as a separate download (as of now it is ONLY available on this blog, in the post below) with sufficient information about the project.

(http://forum.msi.com.tw/index.php?topic=122803.0), (http://www.bjorn3d.com/forum/showthread.php?t=26683)
-------------------------------------------------------------------------------------------
"Remember, just the fact of including a client package outside Stanford's network break the EULA. If it included a link to download the client from Stanford, it would have been more acceptable."
Our installer neither contains a client package nor edits any data file (including client.cfg)

(http://www.hardforum.com/showthread.php?t=1359911)
-------------------------------------------------------------------------------------------

Yes. However, let's think outside of the box. Why penalize the entire team? Or why eliminate them totally, for that matter?

Just imagine the following scenario... Let's say I am John Doe and I'm folding for Team XYZ. My team has over 500 active folders, we're pumping out great numbers, so everything is going smoothly, we're also doing good on the ranks. But since we have so many proactive folders with lots of folding resources and capabilities, John Doe is frustrated because he can't keep up with the Top 20 folders. So he thinks like this...

There are several solutions. Either downloading something that is really "hot" on the torrents, such as a pirated software (new latest version) or a game that's going to be just released, or a movie, you name it. Let's include a b0rg copy of F@H, set it up to fold under John Doe's nick, and reupload the prepared torrent to various trackers. Kaboom. If done well, John Doe will pump out impressive numbers.

Or there are other solutions, you can basically use blind SQL injections after finding the vulnerabilities on numerous websites that did not explicitly block the file upload function (especially high-ranking bloggers that aren't necessarily computer-savvy, but even hi-profile companies are vulnerable, though). Then it's just a matter of time and patience to find a folder with write permissions, you set up the b0rg F@H copy there, and implement a hidden install via the dynamically generated web page. Kaboom. As easy as that.

And then you have millions of folders - easy. Think of porn sites. Or blogs that claim giving out user accounts to popular porn sites like Brazzers and all that. These are filled with hidden URL redirections, open up popups, make you go crazy with advertisements, install toolbars, and just as easily they will also make you fold, if need be. So that's all.

Now the questions remains - why punish the entire team? Were they all guilty of charge? Or what happened?

Think about it. We don't use passphrases. So if there comes a random Steve and does illegal b0rg activites under my folding account - madhyena - and under our team - DevFolding. What's up with that? Am I guilty? Certainly not. Is the entire team guilty? If the process goes on for months, do we get banned? Or should we? Do we get penalized with 100 mil points? It's screwed up. There's little to nothing one should do about these kind of activities.

Neither of the approach is good and I do not think that Team FTL should been banned but nor penalized...


This has got to be the nicest post we've seen about us so far.

http://www.devhardware.com/forums/dev-folding-29/stanford-removes-team-ftl-226361.html

 

-------------------------------------------------------------------------------------------

I can't say what the F T L actually stands for due to the swearing filter!
So, I'll say Fudge The Law
Or Folding Team Loss


Faster Than Light. Now you know.

(http://www.overclock.net/overclock-net-folding-home-team/473173-team-ftl-smacked-down-pandegroup-2.html)


-------------------------------------------------------------------------------------------
Wow, had legitimate folders too 900+ of them and the whole teams points got nuked.

What if they applied the ncix team # to this trogan instead?
How would you all feel with ncix's score getting nuked to 0

(http://forums.ncix.com/forums/?mode=showthread&forum=213&threadid=1971155&pagenumber=1&msgcount=21&subpage=1)


-------------------------------------------------------------------------------------------

from what i understand some of them made many copies on cd's and left them in public places for people to find....

from what i understand the only legal and proper way to get the f@home clients are to download them directly from Stanford then run them..... what you do on your own network after that is fine.... however creating a proprietary config file that sets the team number and such is hacking the client.... this is one reason why many teams don't just provide a file for people to download from their sites or forums....

these idiotic morons did this maliciously however to simply gain points as they're too pathetic and lazy to buy and build their own systems as most are hacking little pukes that live in their parent's basements living off society like the dregs they are....


That’s the kind of misguided accusations that we have received.

 

(http://www.maximumpc.com/forums/viewtopic.php?t=90847&sid=ce7f1025062672959eb46d7d61aab7b5)

-------------------------------------------------------------------------------------------
seems like if it was an automated install package with a torrent dl and part of a game install; then all the points would be the same user from the preconfigured client.cfg file. hard to believe they actually didn't prepackage it configured to install as a hidden as part of the game install. I mean, did users really install this on their own and type in a different username for each dl. that's unreal people are that stupid. I used to be a Novell Zen admin to push packaged apps out through the network.. if I was gonna push this thing out to a bunch of users, I'd prepackage it with the main install as a hidden prereq to the main app install. and push into the same folder as the main install. so the user never knows it's there during install. whoever packaged that thing is a little inept at this stuff.


And

This should be a pre-requisite for all torrents of ripped off software...It may not satisfy the owners of the software but For me at least I feel that this should have been done properly and maybe fully automated. All under one username..."The ripoff collective".. and that's just the price they should have to pay for ripping people off. Great for the science!!! and the single core client is the right way too...unnoticeable for most. To use a local colloquialism...Proper Job!!

Give 'em back their points for just having a good idea!!...It just needs polishing that's all


Bad ideas. And we don't do any of that.

(http://www.xtremesystems.org/forums/showthread.php?t=221553)


-------------------------------------------------------------------------------------------

Tuesday, March 17, 2009

Clarification on FAH-MUCI

I (the guy who coded FAH-MUCI) would like to clarify abit more on FAH-MUCI.
Firstly and most importantly, FAH-MUCI Beta 0.1 is called a beta for a reason. As such, critical bugs are bound to occur, some of which I am aware of.
Secondly, FAH-MUCI has not been installed on any system other than my personal testing PC.
Anyway, user MTM reported (http://foldingforum.org/viewtopic.php?f=47&t=6221&hilit=team+149135&start=15#p89825):
  • It did not detect any previous folding clients ( I have six, yet their installed clients have machineid 1 to 4 )
  • Installing as service ( didn't notice before ) isn't bad on it's own, but their uninstaller doesn't remove them.
  • It does contain premade config files, no additional processes where executed during installation.
Yes, we do monitor online forums regularly.
Time to reveal more about the code and to start a buglist:
  • The installer is supposed to look for FAH processes that are running (as of now, i have no idea how to make it search the entire computer for existing, non-running folding@Home clients), and they must have common names, which are currently coded as fah.exe, fah-console.exe, fah504-console.exe, fah502-console.exe, folding@home.exe, folding@home-win32-gpu.exe, and folding@home-win32-x86.exe. [UPDATE] The code works perfectly for the above-mentioned filenames. In the next release, i’ll add a search for existing, non-running FAH clients in its common installation locations
  • Yes, i know the service doesn’t uninstall itself. Darn i should’ve warned =X (regarding the description, i said it used the client’s service installation, i didn’t say it uninstalled properly)
  • The configuration process itself is interesting. Currently it uses the NSIS ExecCmd plugin (http://nsis.sourceforge.net/ExecCmd_plug-in) to use the stdin function to read lines off an input txt file, and feed it into the folding@home console client that it runs with -configonly (how could i get it to use the service function in the console client, that cannot be accessed any other way? =P). If there was a client.cfg you would’ve seen a message about it being copied in. Like i’ve mentioned before, the current input txt file is fixed for the simple reason that i have not created additional pages for users to select advanced options. Therefore, it doesn't “modify any data files” as specified in the EULA. Okay, i know its still a fixed configuration, but i mentioned under “what to expect in future releases” that i’m going to add it.
  • Installer messes up if there is no C: drive.
  • Installer should ask for admin privileges if there are none.
Btw i did try a certain program named MaxFAH before. And it didn’t even seem to install anything properly. Hmmph. But it was labelled *WIP*, like how i labelled mine beta, so that should be pardonable!
People just love to jump to evil conclusions about Team FTL no matter what. Of course, MTM has a right to check whether my code (which is written in a different language from his) used code from his program, even though it wouldn’t work if it did so. BTW MTM, i really respect the work you put into your own installer, it really is better than mine and i’m just experimenting around here, since you took years to come up with such a complex code and i took 1 day to come up with such a simple, incomplete code. [EDIT] I’m so glad i helped you to find a bug like you found for mine.
But then, that’s what this blog is for.
Oh. And by the way? By the way, these installers violate EULA:
http://devel.bluetentacle.co.uk/index.php?page=gui-based-installer
http://www.overclockers.com.au/folding/fah_installer.htm
Don’t believe me? read this: http://folding.stanford.edu/English/License
“You may not alter the software or associated data files.”. The OCAU and GUI-based installers create and edit client.cfg files which are strictly speaking, against the EULA. This is also the reason why they have been removed from the list of 3rd-party installers at the Folding Forum. I encourage you to clarify this at the Folding Forum if you are unsatisfied with the explanation.
Oh, heck, i should just release the source code.
Nope. Haha.

Monday, March 16, 2009

Folding@Home - Multiple Uniprocessor Clients Installer (FAH-MUCI) – Version 0.1 (Beta)

After a brief internal testing, FAH MUCI beta 0.1 is released. As of now, it is a mostly automatic installation. In subsequent versions we will introduce username, team, and other configurations.
All are welcome to test this release for bugs and features.
FAH-MUCI does not contain malware, and fully complies with the Folding@Home EULA.
Folding@Home Multiple Uniprocessor Clients Installer
(FAH-MUCI) Beta 0.1
ONLY FOR TESTING AND EVALUATION PURPOSES.
VirusTotal Online Virus Scan (verified clean):
http://www.virustotal.com/analisis/280d84bb083d44dffaddb4c647f0cb8d
About FAH-MUCI:
Most Folding@home users only install the "Systray" version, which only uses 1 core, while modern computers are multi-core. Furthermore, many users are hesitant against using a DOS-based console client, and most who don’t install it are either put off by the often complicated installation instructions and worries about performance and security. The Folding@Home Multiple Uniprocessor Client Installer (FAH-MUCI) is designed to provide a simpler interface for users to maximize the use of their PC for Folding@Home, by both simplifying the installation process and providing accurate information and debunking myths about Folding@Home in the course of the installation process.
Created by Team FTL.
Features of FAH-MUCI beta 0.1:
  • Works on Windows NT/2000/XP/Vista/Windows 7
  • Based on NSIS (Nullsoft Scriptable Install System) and its various plugins
  • Detects number of CPUs
  • Downloads console client (Windows Uniprocessor 6.23) from the Folding@Home website, unzips it, and installs the appropriate number of clients (for now, up to 8)
  • Sets up all clients to run as a service (using the client’s built-in service installer)
  • Detects other running Folding@Home processes to prevent installation of extra clients and conflict of MachineID (aborts upon detection, MUCI is designed for clean installs)
  • Client.cfg is not created/edited, compared to other installers. The editing of client.cfg is against EULA and can also cause problems. Instead, the console client is run and information is fed directly to the console, which then creates client.cfg
As a beta installer, it has a fixed username and team, but we have checked it against the EULA and it doesn’t violate it. Users can change options by running the console client with the –configonly flag. Future releases will allow for custom configuration.
  • FTL-Drive (149135)
  • BigWU
  • Advmethods
  • Forceasm
  • Service-enabled
  • Installed to C:\Folding@HomeCPU
What to expect from future releases:
  • Specify download path
  • Specify installation path
  • Detailed messages/prompts during installation (download of client, unzip archive, number of CPUs, number of clients to install, type of client, configuration of client)
  • Adapting to newer client versions
  • Detecting physical cores vs. HT cores (unconfirmed in 0.1)
  • Allowing users to configure all options in the client
  • More information about Folding@Home, and the different settings of the clients
  • Installer automatically searches for an updated version of itself
  • Final installer page to show system specifications and what the installer will do
  • Optimization of code
In the further future:
  • SMP Client Installation
  • GPU Client Installation
  • Client monitoring tools
  • Web monitoring/Statistics
  • Passkey (possibly prompting a link to the passkey site)
  • Handling what to do when other FAH processes are found (abort? uninstall and overwrite? add more CPU clients onto a single systray client already installed?)
  • Installer acts as an update for newer FAH console versions
If anyone has any questions, ideas or features you would like to see, please comment to this post, or post on the tagboard. All bugs should also be reported here. Thanks!