INeedAttention.com

Years ago, MP3.com was one of the only sites to allow bands to create profiles and upload their music for global distribution. Today, a number of other clones have appeared, including Soundclick.com, Purevolume.com, and Myspace Bands. In the days of MP3.com, MP3 was veritably the lowest common denominator for music distribution. To protect artists, MP3.com would offer the option to “stream only”. This method became quickly defeated, however, when clever users discovered that there was a simple hack to download and save the entire song.

When MP3.com first launched, it was actually possible to right click download links, paste them back into the browser, and begin traversing folders, downloading as much music as desired. MP3.com quickly got wise to this and put basic HTTP protection on their file indexes (i.e. set up their site to provide a 403 error instead of a list of all uploaded files for an artist).

Another thing offered by MP3.com was the capability to allow listeners to stream a song without allowing them to download it. In this primitive era of the web, to create a “stream only” play system, MP3.com would allow users to download a play list file with the “pls” extension from the browser, which would contain information on the music’s source. The audio player would open the play list and load the song and subsequently stream the song as it played. When playing the song, however, a user could check the play list entry to determine the actual source of the MP3. In essence, MP3.com was publicly distributing only a pointer to the file, but not the actual file. However, if a user checked the play list entry and then pointed their browser to the source file being played, they would be able to download the file in its entirety.

Today, MP3.com no longer offers the services it did five years ago. That site changed ownership long ago, and when they did, bands changed to the other newer services to distribute their art. These services offered far better publicity, a more streamlined look, and what appeared to be a stronger system for DRM. All three of the sites still around today that were mentioned earlier use Flash players for their streaming. In this way, they likely figure, users will not be able to perpetrate the “view info” attack that was possible with play list files. However, as will be explained here, the new flash players may prevent people from simply right clicking and knowing the file source, but they certainly do not stop users from downloading the files in their entirety.

To start, we will need a copy of Ethereal, or any other kind of packet sniffer. If you don’t know what packet sniffing is, this is a great opportunity to learn! When information is transmitted over the internet, it is broken up into packets. Many computers can share the same physical connection, using a direct cable connection or a hub. In this way, one computer can send a packet when no other computer is, and also, if a packet is lost, it can be easily retransmitted. Ethereal allows you to analyze the traffic on your network connection, so that you can see each packet as it goes from computer to computer. Over wireless, this also can allow you to see network connections for anyone else connected as well.

Now, let’s say I am checking out this band called The Truth Is. Because the truth is, I was checking out The Truth Is as I wrote this. Click on “The author” to stream the song which will be used as an example here. Note that the download button is grayed and inactive. The flash player embedded in the page allows a seamless user experience, and in fact it seems that downloading is disabled. In order to actually play the sound, the flash player is actually downloading the MP3 and playing it inside the browser. So, while the listener can’t download the file, in a way, they already have. Because the flash player requests the MP3 file in the same way a web browser requests any other file, the address can still be determined. Once the file’s address is known, the address can be entered back into the browser and the file can be downloaded.

To obtain the address, start up Ethereal, and click “Capture” and “Interfaces”. Then, select the interface which you are using to connect to the internet and select “Prepare”. At this screen, make sure that “Capture packets in promiscuous mode” is not checked. This option instructs your network card to listen only for packets that are addressed to it, as opposed to listening to all traffic on the network (i.e. that of other computers sharing the same connection). Some network cards actually don’t support promiscuous mode anyway, to prevent illicit uses. Click “Start” to begin the packet capture.

There will likely be many packets arriving every second, at least. Switch back to the web browser window, and refresh the page. Then click “The author” again to being the streaming playback. Now switch back to Ethereal, and click the “Stop” button. Ethereal now lists every packet received during the capture period. Click the “Protocol” column to sort by the communication type, in this case, we are looking for HTTP. For someone that has no experience packet sniffing, this may seem completely alien. But, buried in there, is the request by the flash player for the MP3 file:

GET /streams3/ZEqOj24mbE7gn4CzPkQYZa4PN9nxuW1uVtqQuuwU1vVtYA HTTP/1.1

Believe it or not, this is the address of the MP3 file for the song that was just streaming. Right click on the packet that resembles this, and select “Follow TCP Stream”. From here, copy and paste the address from that line, not including the GET or the HTTP 1.1 at the end. Note also, below this line in the TCP stream is the host name. Take note of the server that was used to serve you the file. By putting the “/streams/…” portion of the address with the host name, you get something that looks approximately like this:

s8.purevolume.com/streams3/ZEqOj24mbE7gn4CzPkQYZa4PN9nxuW1uVtqQuuwU1vVtYA

By copying and pasting this address into the browser, the file can then be downloaded. The name may be wrong, but the content is correct. Rename the file something appropriate, such as “The Truth Is – The Author.mp3”. This song can now be played just like any other MP3 file.

The procedure for Soundclick artists is roughly the same, except that Soundclick actually does not use machine readable file names, so it should be obvious when the MP3 file is requested. Use the same procedure after selecting that packet, right clicking, and choosing “Follow TCP Stream” as for Purevolume requests.

Myspace’s flash player is a bit tougher to crack. I was actually unable to figure it out in a few minutes, but that doesn’t mean it’s impossible. When it comes to downloading protected music, the general rule of thumb is that if it can be played it can be copied. After playing with Myspace for a bit, it’s my guess that there is either some type of challenge/response going on with the flash player, or that the server is looking at some other characteristic of the request (i.e. which MIME types are acceptable to the browser).

If anyone is able to crack it, let me know!

UPDATE September 18, 2006: When using this method, use a low numbered server like “s2.purevolume.com” and make sure your stream is “streams3” not “streams4”, as Purevolume seems to have updated its systems.

Politically, knowing when to quit is everything. I am not as good at managing my political image as someone such as George W Bush. This is not a political entry, however. I merely am not as good at being in the spotlight. It amazes me to no end that George W Bush lies through his teeth and has been for years, yet people believe in him as a leader. I argue that George W Bush is not a good leader.

Bush may be better at fitting in though, which is a frightening thought to me. Bush doesn’t have a website (that he maintains himself), and he likely rarely gets to give unrehearsed clips to the cameras. That’s wise on his part, for reasons two fold: first that he is a bumbling idiot, but also, that if he is a bumbling idiot in front of a camera, common sense dictates someone will use that footage against him. This however relates again to my situation: that due to frequent scrutiny, it’s difficult to get anything accomplished.

The scrutiny described here is the kind applied by others to others. Everyone universally is scrutinized by others, even in some situations where such questioning of a person can create major issues. Leaders should not have tarnished images. Leaders should be the diamonds of the system, placed prominently for all to see and held in the highest regard. Leaders like diamonds should deserve to be placed prominently and appreciated. Every morning, I wonder how I can earn the appreciation of my peers. The appreciation I seek is something different than conventional leaders, perhaps. I truly would like to change the world, and for the better at that.

But in the mean time, it’s hard to stay focused on why precisely I want to do that. Is leaving a legacy worth losing sleep (and hair)? If I wasn’t so sure that I could effect significant change throughout my lifetime, I would have killed myself by now. This however leaves me vulnerable to having to still effect change. I do not, however, limit the extent to which I could see myself effecting change. If tomorrow I were to wind up in prison or in a hospital, I would have time to write a book. My only wish is that I can leave something before I leave the world. American culture doesn’t seem to like things left behind from the past, however. Consider old folks, many of whom are brushed away into retirement homes or other places because their offspring choose not to directly care for them.

I want to leave such a significant impact on earth that my relatives don’t want to just put me into a retirement home. I want someone, at the end of my life, to treat me with dignity, and more importantly, I want to have earned that dignity. Also, though, I just want someone to be there. Lately, I’ve become especially discouraged in this department. A number of possibilities have come before me as to why I see myself as so lonely. The first possibility of course is that I am crazy, and that I am not alone at all. This possibility is only substantiated by the fact that if I did just disappear for a while, it wouldn’t take long for someone to notice I was out of contact unintentionally. A second possibility is that since I go to an engineering school, I’m exposed to an imbalanced group of people to be friends with. This of course is likely the frightening truth of the matter. A third possibility would be that I really am that weird to be around and that spending time with me is difficult.

A fourth possibility is that people perceive me to be desperate for the attention and therefore cut me off from it. This is the most intriguing to me. I need attention (dot com, baby). I get it, for sure. What I don’t get is how other people process that and why some people just really think that I’m that hard to get along with. Perhaps it’s because really I would tell them to their face that they don’t have to like me. I don’t believe people do have to like me. People do have to put up with it if they don’t like it though. I don’t like stupidity, material waste, emotional games, or high level math. I’ve put up with all of those to varying degrees. I do still put up with it.

In retrospect, I don’t know where I was going with this. You should tell people in your life you care about them. I particularly should tell girls that they look good more often. Girls should tell me back they are glad to hear someone thinks so. It is not special for a man to compliment a woman anymore, and it’s either clich� or creepy to give compliments sometimes.

I would like to be able to do something special for someone. The fact that I know I will do something special given enough time is what keeps me going. Tomorrow I will wake up and do and think about doing things that some people will only dream of, and the day after that, I’ll wonder what I could have done different. That is, after all, where I am: that constant meta-analysis and second-guessing has brought me to an inflection point. Fortunately inflection points can indicate an approaching upswing. Want to give me a hug now or what?

Yes, we have updates for McDonald’s Monopoly 2008

Better prizes, bigger numbers… No, it’s not a Japanese game show, it’s everyone’s perennial favorite – McDonalds Monopoly. The promotion started today, and visitors can expect a full and comprehensive analysis of odds & actual game piece statistics again this year. Here is the official INeedAttention.com analysis of the 2004 McDonalds Monopoly game. So far, I haven’t had as much of a chance to analyze things with this game as I did last year (although like last year, my coverage of this year’s game will be comprehensive and updated frequently).

Here’s what I noticed so far: first, they’ve done away with the massive Best Buy Bucks coupons in favor of many smaller coupons. Whereas last year virtually no one got Best Buy Bucks with face values in excess of $1, this year, it’s apparently just above a 1 in 3 chance that you can actually win a $3 Best Buy Bucks coupon. Clearly, this significantly raises the potential for hell-raising and profit as a result of creative participation in the contest. Next, the online prize redemption structure has slightly changed. Last year, the best prize that was realistically attainable was the free photo developing by Snapfish.com. This year, Snapfish prizes will only be available online during the first week of play! Redeem those online codes at PlayAtMcD.com quickly, or they’ll be worthless. Of course, the second the Snapfish.com giveaway is over, all the other low level online prizes are complete garbage, making them practically worthless anyway. In fact, all the other low level online prizes are gimmicks anyway. The other low level online prizes, for the record, are MIDI Ringtones (Realistic Retail Value, or RRV: $0), iTunes downloads (RRV: $0), and computer games made by JAMDAT (RRV: $0). iTunes is garbage in my opinion, so that’s debatable, but JAMDAT really is indisputably garbage. JAMDAT is a crapware peddler so the fact they’d use the “you just won!” angle to get you to download something is not surprising.

But I’m rambling. I haven’t even gotten a chance to crunch the numbers on this new promotion yet. With that in mind, so far, here are my counts for this year (this will change as I get more game piece data): Stats last updated 10/17/2005 @ 15:30 EDT

Mediterranean Ave – 0 (0%)
Baltic Ave – 6 (10.2%)

Oriental Ave – 3 (5.1%)
Connecticut Ave – 0 (0%)
Vermont Ave – 0 (0%)

St. Charles Pl – 5 (8.5%)
States Ave – 5 (6.8%)
Virginia Ave – 0 (0%)

St. James Pl – 3 (5.1%)
Tennessee Ave – 0 (0%)
New York Ave – 2 (3.4%)

Kentucky Ave – 0 (0%)
Indiana Ave – 2 (3.4%)
Illinois Ave – 2 (3.4%)

Atlantic Ave – 4 (6.8%)
Ventnor Ave – 0 (0%)
Marvin Gardens – 4 (6.8%)

North Carolina Ave – 2 (3,4%)
Pacific Ave – 2 (3.4%) ** This incorrectly said “Pennsylvania Ave” earlier, but this was a data entry error
Pennsylvania Ave – 0 (0%)

Reading Railroad – 3 (5.1%)
Pennsylvania Railroad – 4 (6.8%)
B&O Railroad – 4 (6.8%)
Short Line Railroad – 0 (0%)

Instant Win:
Small Soft Drink – 1 (1.7%)
Medium Fries – 2 (3.4%)
Small McFlurry – 1 (1.7%)
Breakfast Sandwich – 1 (1.7%)

Total pieces: 59

Best Buy Bucks:
$1 Off – 8 (66.6%)
$3 Off – 4 (33.3%)

Total Best Buy Bucks: 12 pieces, $20

There is quite a bit going on ‘behind the scenes’ right now. First of all, if you haven’t already heard, SLAPM is almost ready. SLAPM is going to be the leader in Sub-profile technology, and will easily blow away IMChaos in terms of quality and reliability. Expect it to be public very, very shortly. (Update 2006: AOL changed a lot about the AIM client, and there were a lot of issues surrounding our total integration into AIM (i.e., AOL repeatedly killed our bots), so this never became what I hoped it would be).

Next is the joint INeedAttention.com & Voltsamps.com venture — YouMayBeAtRisk.com (Update 2006, also never happened, and of course someone bought the domain name and is now squatting it). Slava and I are both extremely prolific and are respected by peers within our own fields. We are launching a website that will merge some of the functions of our individual sites. This new site will allow us to focus on publicizing our ideas, which we often lack the resources to fully flesh out. We are more concerned with global innovation and the advancement of science and knowledge then we are about protecting our intellectual property. Due to our own circumstances, we merely lack the funding to completely develop some of our ideas. Topics discussed will include science & technology, systems analysis, security advisories, & technology law. Expect this site to rock, and rock hard.

Moving on, I’d like to address Hurricane Katrina a little bit. Hurricane Katrina left devastation in the south that is virtually unparalleled in American history. People across the country will bear the burden of paying for recovery and rebuilding. There is an old saying that where there are winners, there are losers. The inverse of this is also true: where there are losers, there are winners. Along the Gulf coast right now, there are tons of losers. Individuals, businesses, and municipalities will be left to start over from virtually nothing. Halliburton, for example, was left with millions of dollars of reconstruction contracts already. Interestingly enough, the Bush administration didn’t seem to move as quickly about evacuating the Superdome. The federal government really dropped the ball here and demonstrated something that I’ve been saying for years: we just can’t nation build. We can’t even nation build one of our own cities, let alone another country. There are over 100,000 servicemen and women in Iraq right now, and who even knows how many billions of dollars worth of HMMVs, helicopters, planes, and supplies are there as well.

Around 9/11, also, it’s good to mention this isn’t the first time the federal government has demonstrated its incompetence in crisis. The Center for Cooperative Research has a well-cited timeline of the events of 9/11. Most of the sources cited are mainstream media including names like CBS, ABC, NBC, and Fox. It makes it hard to brush this “conspiracy theory” off when it’s merely a compilation of the “official stories” propagated by the media. The worst thing to do, when confronted with the possibility that the government has lied, is ignore the available information. You don’t have to agree that the federal government is starting to choke on the smog of its own exhaust — but you should agree that it’s important to find truth and consensus both in current events and historical accounts of events. People in New Orleans have and will continue to die just like people on 9/11 — needlessly, when someone had the power to prevent it.

It would seem that no one in the federal government understands the broken window fallacy. People very close to the Bush administration, including Halliburton, the Carlyle Group, GE, Lockheed, and many other defense contractors all benefit from global suffering, energy shortages, and conflict in general. If a window breaks, we create jobs trying to fix it, according to the current executive paradigm. Unfortunately for the 299.9 million people in America that aren’t closely tied to the Bush administration, we have to pay the price. And of course, lately, everyone may have noticed that we are ‘paying the price’ in the form of higher gasoline prices — but I’ll touch upon that in my next entry.

Cheer up though; life isn’t so bad, even if people in our government that administer our lives are bad at running their own lives. Here’s an amusing photo of me riding on an asphalt cutting machine.

First and foremost, I just put up some photos of my trip to Letchworth Village from the other day. Click the photo below or click here to see the photos of exploring Letchworth Village in Theills/Stony Point, NY.

Now, also, as some of you know, I am a semi-professional survey taker. My most recent survey was about restrictions on the media and whether or not I think there should be more or less restrictions. As you could imagine, I had alot to say. Here’s an excerpt of my comments from the conclusion of the survey.

“In this country, news media certainly enforces the status quo. How easily are we distracted? A news medium is a powerful instrument — more powerful than any military. The American Media should stand up and grow a pair of balls. It’s time to start asking some questions and holding our leaders accountable. No WMDs, Karl Rove, Halliburton, do the people that write and edit national news intentionally avoid these kind of stories? It is not dissent when one questions their leadership — it is the ultimate form of patriotism. TV media especially cares not about news but about advertisers. Do the right thing for once and do your jobs — get to the real stories. Natalee Halloway, the Runaway Bride, Tom Cruise & Katie Holmes, shark attacks, etc., are not news stories, they’re simply fillers when there are other, better things to talk about.”

Also, ironically, the more I write over the top answers like this, the more paid surveys they send me. It pays to have an opinion.