Wednesday, March 18, 2009

Debunking myths

This is the Team FTL Folding@Home Blog. We'd like to start by introducing ourselves and debunking all rumors about us.


Team FTL

Team FTL (Faster Than Light) consists of people from various countries who came together online to spread the use of Folding@Home to the wider online community at large by debunking myths, thorough engagement and user-friendly installers.

We are NOT affiliated to any warez or illegal group, nor do we create trojans, viruses, "automatic installers" or any form of malware. We only serve to spread the message of Folding@Home to the masses, and to encourage them to join the project. No user installs our Folding@home installer and folds for our team without fully understanding the benefits and consequences of joining the Folding@Home project. It is known that some of our members are interested in distributing the installer through P2P channels, however it has been determined to be within EULA requirements.


The Scandal
However, due to some of our channels of communications (which include p2p and its forums), p2p groups have been sabotaging us (though we’re not sure whether its sabotage or over-enthusiasm), spreading the Folding@Home client in our team name, resulting in the loss of 106 million points from the entire team. We cannot affirm whether this is a malicious act to tarnish the reputation of the team, but we believe the problem is that they were enthusiastic about getting people to run Folding@Home, but were doing so in the wrong ways, and were breaking the EULA.  One reason for this is that we didn't have a proper website till now, which we will now rectify. All legit members' points were zeroed, while two of the sabotaged accounts, FTLSpeed and FTLTravel (both of which were originally team-members’) were both banned, a move which we applaud. We would like to maintain that the founding and legit members of Team FTL condemn ALL forms of behavior which put the team and the Folding@Home project in a bad light. ONLY A FEW ACCOUNTS HAVE BEEN AFFECTED. The installer used in these cases were MSI installers (believed to be derived from the OCAU MSI Installer: http://www.overclockers.com.au/folding/fah_installer.htm), or the direct console client with instructions to fold for the 2 users. As far as we know, THEIR installer does NOT contain any trojans or malware. It merely asks users to run a normal MSI installer. It is NOT the installer that we have designed.

In addition, we request the following users to be banned from the Folding@Home project as well, as it is the last of the sabotaged accounts that have not been banned, and was probably installed by users who were (we believe) manipulated by this external group:

 

  1. FTLExtreme
  2. FTLExttreme
  3. FTLExtrme
  4. FTLextream
  5. FTLEstreme
  6. FTLExtreme_(Or_any_username_you_like)
  7. FTLExreme
  8. FTLExtreme_
  9. FTLExtreme_[Or_any_username_you_like]
  10. FTLExtreme_Adam
  11. ftlextrem
  12. FTLEExtreme
  13. FTLExtrema
  14. _FTLExtreme_hero01
  15. FTLExtrreme
  16. FTLRxtreme
  17. FTLExtreame
  18. FTLxtreme
  19. FTLExtreme2
  20. FTLExtre
  21. FTLExtrime
  22. FTLExtreme(Or_any_username_you_like)
  23. FTLExtrene
  24. Username:FTLExtreme
  25. FTLExtereme
  26. \\FTLExtereme
  27. FTLExtreme(Or_any_usernme_you_like)
  28. FTLetreme
  29. FTLExtreme_
  30. _FTLEXTREME
  31. FTLEetreme
  32. FLTEtreme
  33. FLExtreme
  34. FLTExreme
  35. Any_username_you_like
  36. any_username
  37. anyuserulike
  38. any_user_name_you_like
  39. Any_username_ypu_like
  40. Any_username_you
  41. Any_username_kou_like
  42. any_username_you_luke
  43. Any_username_like
  44. any_usernamelike
  45. _Any_username_you_like
  46. Any_username_you_like_
  47. Any_username_yoou_like
  48. any_usermane_you_like
  49. any_name
  50. FasterThanLight_(Or_any_username_you_like)
  51. any_usename_you_like
  52. anyusernameyou_like
  53. anyusername
  54. Any_username_u_like
  55. ANY_USERNAME__YOU_LOKE
  56. Any_usarname_you_like
  57. Any_usernamre_you_like
  58. any_usernam_you_like
  59. Any_username_yuo_like
  60. Any_usernameyou_like
  61. Any_usernamer_you_like
  62. Any_uzername_you_like
  63. Any_unsername_you_like
  64. any_username_i_like
  65. Any_user_you_like
  66. any_username_tou_like
  67. anyusername_you_like
  68. any_username_you_lik
  69. Any_ussername_you_like
  70. any_user_name
  71. any_user_name_you_lake
  72. FasterThenLight
  73. fasterlights
  74. fasterthanlicht
  75. fastethanlight
  76. FasterThanligt
  77. FastherThanLight
  78. FasterThantLight
  79. FasterThanligth
  80. FasterThanlingt
  81. FasterThanLigh
  82. FasterTenLight
  83. FasterThanLighet
  84. FasterThamLight
  85. FasterThanLght
  86. FastarThanLight
  87. fasterthanlightt
  88. fasterthanlightning
  89. fasterthenligght
  90. Fastthananylight
  91. FFasterThanLight
  92. FasterThanLihgt
  93. FasterThatLight
  94. FasterThanLightR
  95. Fasterthalight
  96. FastThanLight
  97. FasterThanLigft
  98. FasterThanlight_gyuresanyi
  99. FasterThanKight
  100. username:_fasterthanlight
  101. fasterthsnlight
  102. FasterThanLigght
  103. FasterThanLiqht
  104. FasterToLight
  105. FastrerTHanLIGht
  106. Fasterthanthunder
  107. FasterThanLiht
  108. FasterThan_Light
  109. ___________________FasterThanLight
  110. FasterThanLinght
  111. FastrThanLight
  112. `fasterthanlight
  113. FsterThanLight
  114. festerthanlight
  115. xlcePhoenix
  116. xIcePhonix
  117. xicephenix
  118. XLCPHOENIX
  119. xIcePheonix
  120. xIcePhienix
  121. xicephoenixomran
  122. xIcePhoenix_
  123. xIcePhonenix
  124. user_name_xIcephonix
  125. xIceOhoenix
  126. icephoenix
  127. xIcePhonixx
  128. xIcePhoenixx
  129. xIcePheoenix
  130. xIcePhoinix
  131. xIcePhoenix_149135
  132. xPhoenix
  133. _xIcePhoenix

While we do not have an installer or file that directly implicates these users, we believe it’s pretty obvious. Some of these users may have already been banned since many of them have not returned any WUs since the last zero-ing of points. We are searching for the original installer or instructions that created these accounts. Pande Group does not ban users without sufficient evidence. We have attempted to remove the offending files from P2P sites by liaising with P2P forum administrators, and most of them have indeed been removed. We hope the team will be able to tide over this humiliating attack. We will be liaising with the the Folding Forum to get the above accounts banned soon. As far as we know, all other accounts are legit.


Comments

We've been monitoring online forums about this issue.

-------------------------------------------------------------------------------------------

"They place their folding clients just anywhere, without asking the owner of the machine.", "a new tactic by hackers"

Our (legit) installer is NOT embedded into any other program, not does it automatically install. In all our channels of communication (i.e. this blog and this blog only), it is available as a separate download (as of now it is ONLY available on this blog, in the post below) with sufficient information about the project.

(http://forum.msi.com.tw/index.php?topic=122803.0), (http://www.bjorn3d.com/forum/showthread.php?t=26683)
-------------------------------------------------------------------------------------------
"Remember, just the fact of including a client package outside Stanford's network break the EULA. If it included a link to download the client from Stanford, it would have been more acceptable."
Our installer neither contains a client package nor edits any data file (including client.cfg)

(http://www.hardforum.com/showthread.php?t=1359911)
-------------------------------------------------------------------------------------------

Yes. However, let's think outside of the box. Why penalize the entire team? Or why eliminate them totally, for that matter?

Just imagine the following scenario... Let's say I am John Doe and I'm folding for Team XYZ. My team has over 500 active folders, we're pumping out great numbers, so everything is going smoothly, we're also doing good on the ranks. But since we have so many proactive folders with lots of folding resources and capabilities, John Doe is frustrated because he can't keep up with the Top 20 folders. So he thinks like this...

There are several solutions. Either downloading something that is really "hot" on the torrents, such as a pirated software (new latest version) or a game that's going to be just released, or a movie, you name it. Let's include a b0rg copy of F@H, set it up to fold under John Doe's nick, and reupload the prepared torrent to various trackers. Kaboom. If done well, John Doe will pump out impressive numbers.

Or there are other solutions, you can basically use blind SQL injections after finding the vulnerabilities on numerous websites that did not explicitly block the file upload function (especially high-ranking bloggers that aren't necessarily computer-savvy, but even hi-profile companies are vulnerable, though). Then it's just a matter of time and patience to find a folder with write permissions, you set up the b0rg F@H copy there, and implement a hidden install via the dynamically generated web page. Kaboom. As easy as that.

And then you have millions of folders - easy. Think of porn sites. Or blogs that claim giving out user accounts to popular porn sites like Brazzers and all that. These are filled with hidden URL redirections, open up popups, make you go crazy with advertisements, install toolbars, and just as easily they will also make you fold, if need be. So that's all.

Now the questions remains - why punish the entire team? Were they all guilty of charge? Or what happened?

Think about it. We don't use passphrases. So if there comes a random Steve and does illegal b0rg activites under my folding account - madhyena - and under our team - DevFolding. What's up with that? Am I guilty? Certainly not. Is the entire team guilty? If the process goes on for months, do we get banned? Or should we? Do we get penalized with 100 mil points? It's screwed up. There's little to nothing one should do about these kind of activities.

Neither of the approach is good and I do not think that Team FTL should been banned but nor penalized...


This has got to be the nicest post we've seen about us so far.

http://www.devhardware.com/forums/dev-folding-29/stanford-removes-team-ftl-226361.html

 

-------------------------------------------------------------------------------------------

I can't say what the F T L actually stands for due to the swearing filter!
So, I'll say Fudge The Law
Or Folding Team Loss


Faster Than Light. Now you know.

(http://www.overclock.net/overclock-net-folding-home-team/473173-team-ftl-smacked-down-pandegroup-2.html)


-------------------------------------------------------------------------------------------
Wow, had legitimate folders too 900+ of them and the whole teams points got nuked.

What if they applied the ncix team # to this trogan instead?
How would you all feel with ncix's score getting nuked to 0

(http://forums.ncix.com/forums/?mode=showthread&forum=213&threadid=1971155&pagenumber=1&msgcount=21&subpage=1)


-------------------------------------------------------------------------------------------

from what i understand some of them made many copies on cd's and left them in public places for people to find....

from what i understand the only legal and proper way to get the f@home clients are to download them directly from Stanford then run them..... what you do on your own network after that is fine.... however creating a proprietary config file that sets the team number and such is hacking the client.... this is one reason why many teams don't just provide a file for people to download from their sites or forums....

these idiotic morons did this maliciously however to simply gain points as they're too pathetic and lazy to buy and build their own systems as most are hacking little pukes that live in their parent's basements living off society like the dregs they are....


That’s the kind of misguided accusations that we have received.

 

(http://www.maximumpc.com/forums/viewtopic.php?t=90847&sid=ce7f1025062672959eb46d7d61aab7b5)

-------------------------------------------------------------------------------------------
seems like if it was an automated install package with a torrent dl and part of a game install; then all the points would be the same user from the preconfigured client.cfg file. hard to believe they actually didn't prepackage it configured to install as a hidden as part of the game install. I mean, did users really install this on their own and type in a different username for each dl. that's unreal people are that stupid. I used to be a Novell Zen admin to push packaged apps out through the network.. if I was gonna push this thing out to a bunch of users, I'd prepackage it with the main install as a hidden prereq to the main app install. and push into the same folder as the main install. so the user never knows it's there during install. whoever packaged that thing is a little inept at this stuff.


And

This should be a pre-requisite for all torrents of ripped off software...It may not satisfy the owners of the software but For me at least I feel that this should have been done properly and maybe fully automated. All under one username..."The ripoff collective".. and that's just the price they should have to pay for ripping people off. Great for the science!!! and the single core client is the right way too...unnoticeable for most. To use a local colloquialism...Proper Job!!

Give 'em back their points for just having a good idea!!...It just needs polishing that's all


Bad ideas. And we don't do any of that.

(http://www.xtremesystems.org/forums/showthread.php?t=221553)


-------------------------------------------------------------------------------------------

3 comments:

alan2308 said...

You need to look at this through the eyes of Stanford and though the eyes of the rest of the F@H community. This is not about you, your team, or your team's point standing. Zeroing points is not punishment for the team, its a deterrent against anyone else trying to pad their stats through this sort of means again. What's sad is that this isn't the first time someone has tried this very thing. HardOCP and OCAU have both had a significant number of points zeroed in the past, and MaximumPC has had accusations made against one of its members. It happens.

And I can't speak for MaxPC, OCF, MSI and others, but your quoting of our forum is completely out of context. So I do take offense to it being labeled as misguided or merely accusation.

And yes, the project does support a Passkey, though it is not mandatory thus far.

Team FTL said...

You're right, some of them are more statements to help than accusations. changed the title to "comments".

Anonymous said...

I am wondering just what Paul will change about this!?!