Nullsoft's Waste: Encrypted, Distributed, Mesh Net

Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."

Gnutella

[Nermal6693]

Didn't they make Gnutella too?

Re:Gnutella

[terrox]

I dunno, I just hope shareaza will be compatible with it :-)

Re:Gnutella

[terrox]

oops now i realise it is for small secure/private networks - sounds good for VNC type stuff.

Re:Gnutella

[localghost]

No, Ferrero makes Nutella.

Re:Gnutella

[MacJedi]

Yes, they did. However, AOL didn't like it and got it shut down within the day. Then someone (Justin Frankel?) leaked the source and the rest is history.

/joeyo

Re:Gnutella

[Magila]

Indeed, here is the original slashdot story. Of course AOL quickly ended development at nullsoft, it lived on after the protocol had been reverse engineered and others picked up where nullsoft left off.

Re:Gnutella

As a matter of fact, Gnutella has nothing to do with Nutella, except for the similar name.

As you already pointed out in your links, Nutella is a chocalate spread. It is a FOOD item.

Gnutella is a SOFTWARE item. It is used for P2P (point-to-point) networking. Usually, Gnutella is used to distribute music, although it can be used to distribute any files.

I hope this comment has been helpful in clearing the matter.

Re:Gnutella

[bobibleyboo]

Yeah they did and they did. And they did it after they where bought by AOL. Strangeley the Gnutella down load site dissapeared pretty quickley ;) so grab it and mirror it while you can.

Re:Gnutella

[grung0r]

actully, Nuetella contains very little chocalate, it is mostly nutmeg.

Re:Gnutella

[fasuin]

No! Ferrero makes nutella !! :-)

Re:Gnutella

Nutella is a hazelnut spread, but comes in a chocolate flavor as well, I think.

Re:Gnutella

[The+Original+Yama]

It's hazelnut, not nutmeg.

Re:Gnutella

[JrTcoNrd]

thats...... disgusting.,.. don't tell us that

Re:Gnutella

[lucas_gonze]

This is just plain wrong. The source was never available, leaked or otherwise.

The protocol was reverse engineered, with a little assistance on IRC from deadbeef.

Re:Gnutella

+1 Informative? Huh??

Re:Gnutella

[bigberk]

Yes, here's a little background on gnutella and the protocol.

Re:Gnutella

The best thing about Nutella is that it's SPAM-free.

Re:Gnutella

For future reference, you should know that nutmeg is naturally a weak hallucinogen- it contains about 3-5% myristicin, or methoxysafrole (chemically quite similar to methylenedioxy-n-methylamphetamine, better known as Ecstasy). You'd have to consume a rather large amount to feel the effects- more than you'd ever want to use to season your food- but it clearly cannot be the major ingredient in a food product, especially a beloved sandwich spread. Also, it would be really expensive to do that. As one of the other posters stated, Nutella is mostly hazelnut, and most definitely not nutmeg.

Now, before the kids at home hit up their mom's spice rack for a nutmeg fix, I'd also like to point out that methoxysafrole, as well as several other compounds naturally present in nutmeg, are all mildly toxic, and that prolonged nutmeg abuse will probably lead to liver failure (this is another reason why it could not be the major component of a food). I wouldn't personally recommend it. Then again, since people do things like huffing paint or smoking "wet" for a high, I'm virtually certain there are people out there who use nutmeg as a recreational drug.

Re:Gnutella

[JeffSh]

deadbeef is justin frankel for anyone who is interested. same guy who did winamp, really a great software guy.

the reason why winamp 3 sucks so much, is because it's written by some other guy. justin isn't even in the credits of winamp3 .. sad

Re:Gnutella

[StrifeCX]

You are correct, sir. I do know it's kobe's favorite though.

Re:Gnutella

[vanbeast]

Wow. Way to totally lack a sense of humor.

Re:Gnutella

Or how about:
Ferrero and Nutella
or
Ferrero and Nutella
or
Ferrero and Nutella

I bet there are more

Re:Gnutella

[SubtleNuance]

ive noticed that winamp3 on xp doesnt have the same WOW that it did over other apps like it in the 1 & 2 series days... ive become disenchanted with it (a bit unstable/unweildly(sp?) -- what mp3/ogg/media player do you use on Windows? something without to much intrusion in the overall system && no adware/crap.. suggestions?

Re:Gnutella

[pompousjerk]

That's why Winamp 2.8x is still available.

Re:Gnutella

What exactly is "smoking 'wet'"?

Re:Gnutella

[FLaSh+SWT]

Actually, Justin IS in the credits for Winamp3.

He is listed under "Additional programming" which is the third set of credits.

Re:Gnutella

Winamp 2.9 just came out... it is the same base code as the old trusted winamp but now with video. It is stable, quick , and good.

Re:Gnutella

you'd have to consume the equiv. of 50 lbs of nutmeg to derive a usable high...not bloody likely

Re:Gnutella

"Wet," or "illy" refers to cigarettes or joints that have been soaked in embalming fluid (which is mostly formaldehyde, methanol, and ethanol) and often also PCP.

Re:Gnutella

I belive it's nutmpeg, sir!

Re:Gnutella

[dytin]

Use Winamp 2.9. It's the best media player around. It now has support for video and it has a decent media library that comes with it. If you really want a great media library though, use MEXP, a plugin for winamp 2.x. I have been using MEXP for the last 6 months and absolutely love it. (It is shareware, which kinda sucks, but there are no ads/spayware with it, and in 30 days you can just re-install it and start over.)

I've also heard rumors that they are going to release a winamp 5 (I don't know what happened to 4) that is based off of winamp 2, but has the skinning capabilities of winamp 3. Should be good.

Re:Gnutella

[daecabhir]

I thought that the reason why it was named "Gnutella" was because the author really dug "Nutella". S'truth, I swear... I heard it on the Internet.

Re:Gnutella

Yes, and like Gnutella, it appears that the link to their original page that was up just yesterday is now offline.

Re:Gnutella

[MrJones]

mmm, nuteeeeella

Re:Gnutella

Winamp 5 = Winamp 2 + Winamp 3

This version will integrate Winamp 3 skin and script support into the Winamp 2.x platform.
This will allow users who do not wish to have complex freeform skins to use classic
Winamp skin(s), with the full performance of Winamp 2.x. Those who wish to use more
advanced Winamp3 skins can do so as well. The integration will be seamless.

More Info at Winamp Forums

Re:Gnutella

[azav]

Did you even read the article before posting?

Re:Gnutella

[Superfreaker]

Why doesn't he just quit? I'm sure he got some $ when AOL acquired nullsoft, and now they are curbing a great mind.

He should go on his own again. He already founded one successful company and 3 great technologies.

p.s.- Yes, WA 3 does suck

Re:Gnutella

[Jon-o]

For low intrusion, the best I've seen is coolplayer. It's a tiny little player, released under GPL, and works very nicely, especially on old machines. For all that, it looks nice, is skinnable, and everything else you expect. Still under development, but very usable. The only thing I could really attempt using on an ancient computer I set up for a friend, but it's what I'd use all the time if I still used windows.

Re:Gnutella

OMG!

embalming fluid ?!

thats disturbing... like one I read somewhere on making some kind of homemade drug, I believe involving Drano fluid left to crystalize, and maybe battery acid too ? cant remember.. but quite horrific

but what can i say, I once chugged a bottle of Robotussin to see if it worked. unfortunately all that happened what I felt sorta drunk for about 5 minutes, then nauseated and upset stomach for the remainder of the evening.

then I was talking to the guy i used to score pot from, and the loser goes 'oh yeah? check this out'

and pulls out from under his bed, a box... full of about 30-50 empty robotussin max bottles.

Re:Gnutella

[tbradshaw]

You know, I was curious about this when you said it. So I fired up Winamp 3 and watched the credits.

Approximately 10 seconds into the movie there he is: Justin Frankel, credited with "Additional Programming".

Maybe you should check again?

Re:Gnutella

hey it's not worth smoking if it's not dusted.

Re:Gnutella

[zonker]

wa3 is way slooooow on my old 450mhz k6-2... sucks cuz 2 runs nice and fast. kinda kills the tradition of fast code they've had for a long time. i remember running winamp on my 100mhz machine several years ago sans problems. a shame really.

Re:Gnutella

yeah, but isn't that like listing the janitor in the credits of a film? i mean, 'additional programming' sounds akin to 'guys who wrote a few plugins', not guys who built the foundation and installed the fixtures and plumbing... the rest of these schmoes have just rearranged the furniture.

Re:Gnutella

[vample]

> Why doesn't he just quit? I'm sure he got some $ when AOL acquired nullsoft, and now they are curbing a great mind.
> He should go on his own again. He already founded one successful company and 3 great technologies.

You dont know the terms of his buyout.

I was at a company bought out by MSFT and there were terms for atleast one critical person that made sure they remained for 2 years to vest a large chunk of stock.

4 years seems like a long time, but maybe they viewed his programming of Nullsoft products as so essential to the company that terms were written requiring him to be there a number of years to full vest some large chunk of stock.

Good work

Happy to see the spirit of Free Software continues thrive. We've been seeing too many proprietary offerings of late. I'm glad that Nullsoft is "with the program". This is a great idea, and they deserve our support.

Re:Good work

[rulethirty]

Don't you just know AOL hated this aquisition... They saw it as a money pot when I am sure it has made them little.. I like their attitude and distaste for the corporate monster that is AOL..

Re:Good work

Of course they can be 'with the program'

they got bought by AOL. they can do whatever the fuck they want because thanks to daddy, they can support it.

In short? I refuse to give charity where it's not needed.

If it's cool software on the other hand, I'll bite regardless.

Hmmm....

[leviramsey]

AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

A cliche regarding:

• a left hand
• a right hand
• and a lack of knowledge

...comes to mind.

Re:Hmmm....

[glob]

"undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works"

uhh, waste is for small workgroups only ..

WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.

it's not about p2p file sharing, rather it's a colaborative tool.

sure, you could use to to share illegal stuff, but it's really no different in that respect to email, icq, whatever.

Re:Hmmm....

[leviramsey]

And does that fact necessarily matter to the *AA?

Re:Hmmm....

[Uart]

wasn't Gnutella also originally a nullsoft idea?

Re:Hmmm....

if you're not in encrypted communities for PIRATING, you're in it for TERRORISM.

Re:Hmmm....

[phyxeld]

I think it would (matter), since you can't very well use this tool to trade files with complete strangers or even large groups of people. This software simply isn't a problem for them (the *AA). Gnutella, OpenNAP, Kazaa, et al are a far bigger threat.

Lately XNap (xnap.sf.net) has been my p2p app of choice.

Re:Hmmm....

Isn't this open scource? Someone could modify it to allow as much sharing as the people wanted couldn't they?

Re:Hmmm....

sure, you could use to to share illegal stuff, but it's really no different in that respect to email, icq, whatever.

...Bittorrent, Kazaa, Gnutella...

Re:Hmmm....

I remember when Frankel (was it him?) made a plugin for winamp that would draw the oscilliscope over-top of the advert area in AIM's buddy list window.

That was the day I started seeing NullSoft ads appear in there... *HMMMM* ..

Re:Hmmm....

[dir-wizard]

Not entirely true.. I work for a small company, 5-6 people who work out of their homes. Because we cannot get static IP's to everyone communication becomes and issue and a hastle. I see a real need for this kind of software. The encryption is a bonus for companies who don't want their communications listened in on....

Re:Hmmm....

[Daniel+Phillips]

AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

That was a joke right? And the moderators who marked it "interesting" and "insightful" really meant to mark it "funny", they just hit the wrong button, right?

In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.

As for why AOL lets Nullsoft do things like this, I suppose the choice is either to let them work on what they want to or lose the talent. What Nullsoft is doing is the best thing for the net, and so is the best thing for AOL in the end.

Re:Hmmm....

[abulafia]

which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

There is no reason to call it that. It is a communication tool that tries not to leak information. I would encourage RIAA members to use it themselves, to better secure internal conversations against unintentional leakage. I'm sure "they" send files to each other via email from time to time. Isn't this better? What's not to like?

As a long time cypherpunk, I'm glad this is here. Way back in '94, I wrote out a model of this sort of thing, but with decent routing and key exchange, and then got busy working for money. I'm glad someone is doing this, even if it doesn't work on a larger scale.

Please flame the evil cypherpunk vision below.

Re:Hmmm....

[LiENUS]

I work on a lot of stuff that is private (i work on videos of various events, weddings and such, and i write software) this creates an excellent distribution medium for just that i can put the latest version of a cut of a video on this and my friends/co-workers can take a look and put input in or i can put up a beta release of my software i would write.

Re:Hmmm....

[DarkHelmet]

AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

*cough* *cough* Let me fix this for you:

AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which released a program CALLED WINAMP that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly PLAY copyrighted works....

Hmmmmmm.....

Re:Hmmm....

Uhh... he was talking about Winamp.

Re:Hmmm....

[Superfreaker]

"There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates."

And *you want to "communicate" with your associates using an MP3 player? Trillian anyone?

Re:Hmmm....

[Jucius+Maximus]

"uhh, waste is for small workgroups only .. "

"And does that fact necessarily matter to the *AA?"

Depends. If it becomes accessible to the regular joe, and it becomes widely used, say in campus dorms, then yes, the *AA will take notice. If it is such that it requires a little bit of technical skill to set up, then the bar to entry will be raised such that people who want to and do use it for piracy will be few and far between. The *AA will ignore it in that case. This is why Usenet file trading never seems to be attacked - the level of knowledge for entry is too high so it's not accessible to the average joe.

Re:Hmmm....

[AceM2]

Yes... A terrorist company perhaps!....... (kidding.. geeze)

Re:Hmmm....

[mgbastard]

if you're not in encrypted communities for PIRATING, you're in it for TERRORISM.

Yes your absolutely right - everybody who wants to collobarate in secret must be a terrorist! All those scientists and their future patents! Or those pharmaceutical researchers! Terrorists of the free world! Capitalist pigs!

If you can't detect the thick layer of sarcasm, please sod off.

Re:Hmmm....

[gurumeditationerror]

Its GPL'd ,someone will expand it if there is a demand/desire.

Re:Hmmm....

[gurumeditationerror]

This is why Usenet file trading never seems to be attacked - the level of knowledge for entry is too high so it's not accessible to the average joe.

Someone should write a FAQ on it then...

Re:Hmmm....

[caligulla]

Horsecrap, there are other reasons for encrypted communications. I use them when collaborating on software projects with other programmers. We exchange source via PGP so that if anyone intercepts our data stream our intellectual property is not compromised. Something like WASTE would have been perfect for this sort of thing. What's really annoying is that if they wrote it with GPL technology and source then they MUST release it with all the GPL components intact and in source format. Sure they could provide the proprietary stuff as a pre-compiled library, but they still have to provide it free if it uses GPL components.

Re:Hmmm....

[AntiOrganic]

You're forgetting one minor detail:

GPL + open source.

How long do you really think it's going to take before someone makes it able to work anywhere?

Re:Hmmm....

[sdibb]

sure, you could use to to share illegal stuff, but it's really no different in that respect to email, icq, whatever.

Which makes me think... why don't they ever go after IRC servers? P2P was practically *born* there. Or, at least, it's been there much much longer before it became mainstream popular.

Then again, maybe the *AA is the reason DAL.NET is always down ... Hmm.

Re:Hmmm....

Isn't it ironic that the recording and publishing industries have BECOME the thought police depicted in "Fahrenheit 451"?

Re:Hmmm....

Heh i thought that name sounded familiar.. what are you doing now since you've left crs?

-rcmodels

isn't this really...

skazaa (secure kazaa)?

Re:isn't this really...

[aweraw]

not really...

as far as I can tell, to trade you have to have traded your encryption key with the person you want to share with...

until when

[Vej]

Makes you wonder how long it will be until protocols/network designs are attacked on the same basis as the product derived from them. ie p2p/filesharing.

Considering nullsoft, might be a risky move.

Re:until when

One of the most common punctuation errors is in the abbreviations "i.e." and "e.g." the author of the above comment does not even know how to use punctuation as he has written
> from them. ie p2p/filesharing.
where he should have written
from them, i.e., p2p/filesharing.

Re:until when

Can anyone say, "Run-on sentence"?

Re:until when

Well, oftentimes, people also get those abbreviations confused. I forget the exact latin phrases (actually, I don't even want to know the exact latin phrases) but the abbreviations mean approximately:

i.e. "In other words"
e.g. "for example"

There are a few other abbreviated latin phrases in common use in American English today, but those two are the most common.

I say this because the grandparent should have used 'e.g.' instead of 'i.e.'.

Re:until when

[Vej]

Well, indeed you are correct. I do know the difference, but please overlook them as last night was not the best of times.

Rather sick myself and my mom just got put into the hospital for unknown bleeding. I suppose ie/eg wasn't my main concern.

Re:until when

i.e. : id est e.g. : exemplum gratia (not sure of spelling)

JabberIM does this

I think this is a waste of time.

We already have JabberIM which does this and at the same time provides tunnels to other IM networks.

Re:JabberIM does this

[wossName]

As much as I love Jabber, that's simply not true. Jabber has no widely implemented encryption between all links, and file transfer is not exactly its strong side.

Re:JabberIM does this

I think this is a waste of time.

We already have JabberIM which does this...

So choice is now a bad thing?

Re:JabberIM does this

That's strange, because I know for a fact that Jabber supports SSL encryption natively...

Re:JabberIM does this

This is true - the Jabber clients have been a little dissapointing in my tests so far. They also don't seem to handle the AOL network very well and have buggy installs. GAIM and its encryption plugin works a lot better.

More on Encrypted Chat

Interesting

[harikiri]

I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.

Going through the documentation, I found this:

From here

Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.

Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).

Re:Interesting

[mark_lybarger]

come on now. the gpl won't hinder it's use in other applications at all. qt is licensed under gpl. is it's use in applications hindered? (currently only in the non unix world, but at the rate the cygwin port is coming along, that might change). gpl will ensure that all other apps are under gpl as well, and that's a good thing. i want to see and want others to see the source for my encrypted im application. i want my boss to have access to the source. i want lots of people to see the source and scrutinize it all to hell and back.

besides gpl is only for distrubiuted apps. if IBM or someother large corporation wants to make an internal use application that's customized for their use, then so be it.

Re:Interesting

[kubrick]

... or maybe Nullsoft would like people who are going to make money from it to approach them for a commercial license.

I don't see anything wrong with that -- they're a business, after all.

Re:Interesting

[enigma971]

What would be really cool would be to have it support encryption plugins (or modules, pick your noun). If you don't trust the encryption they have built in, write your own and plug it in. I haven't looked at the source code yet, but it's on my todo list for some time today.

Re:Interesting

[Daniel+Phillips]

I think the GPL license will hinder its use in other applications as well. LGPL or BSD license would have been a much better selection.

That sounds remarkably like whining to me. If you don't like the GPL aspect of it, then learn from it and write your own.

And please explain to me exactly how the GPL limits your use of this software? Maybe it doesn't let you steal it and make a commercial product out of it, while not contributing back your changes?

Re:Interesting

[ichimunki]

You can think that all you want, but you'd still be full of it. To me this sounds more like anti-GPL trolling than anything else. BSD is under a BSD license-- indeed there are three main "flavors" to choose from. So why is it that companies like Suse, Red Hat, IBM, and others are all looking at using GPLed Linux? You'd think at least IBM would be smarter than that.

Re:Interesting

Which happens more often than you know.

Re:Interesting

Put down the ice pick, comrade! Closed source software isn't "stealing"!

Re:Interesting

Property is theft!

Re:Interesting

Moderated as Troll?

I have to ask..

[the+unbeliever]

What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing. If it was more "anonymous", I could see a reason behind it. As it stands, I'll be the only person in my circle of friends who'll "get this", and it'll just spend time wasting on my HD. To be completely honest, crypto on file sharing protocols won't be commonplace until AOL or Yahoo decides to put it in AIM/Pager.

Re:I have to ask..

[terrox]

that is the point. small secure networking, they don't seem to want to compete with the other 40 thousand P2P programs.

Re:I have to ask..

[ergonal]

You're right. But you have to remember that, by the brief look of it I got, makes PGP-style stuff a lot easier. And what do most people use IM's for anyway? To chat to their friends? You bet. It wouldn't take long to develop a web of trust of, say, your entire school or workplace. But you're also right, it won't gain wide acceptance unless there's easy way to connect to the "network".. I just opened the "Network status" dialog, and what do I type in? Nothing right now, until I can get someone else to load it up.

Re:I have to ask..

[mpxcz]

I'll have to agree with you on that...
seems like they're just bloating up winamp, although the security and technologies that have integrated into it are cool.
Maybe the secuity was mainly focused on the IM part.

Re:I have to ask..

[kliment]

I think this is meaningful, as it is an ad-hoc way of creating aa VPN. Also it would probably be faster if a few of the nodes have fast connections. If your friends don't see a reason behind this, then maybe it is not meant for your circle of friends. About the anonymous issue, note that Freenet already exists and works to handle that problem. This is meant to address a completely different issue

Re:I have to ask..

[Motherfucking+Shit]

What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing.

Exactly, privacy is what it's all about. People tend to forget (or not realize to begin with) that every bit of chatter they send to one another on AIM goes through AOL's servers, every message they send to their buddy on MSN Messenger passes through Microsoft's servers, etc. Waste gives you the ability to conduct reasonably secure conversations and chat. Sure, it's not as geeky as running your own private IRC server wrapped in stunnel, but hey, the easier crypto becomes, the better.

The next time you want to have a chat with a friend, but you don't exactly want the contents bouncing all over the internet in plaintext, this looks like the perfect application. Reminds me somewhat of a program called SIMP, which is a minimalistic Blowfish-ized IM program.

Re:I have to ask..

[junklight]

The problem that we have here is that this network is NOT for piracy and therefore a lot of slashdot readers cannot see the use for it. Think instead of people working together - a workgroup as it where. For example why pay rental fees on an office when you can have a virtual one using tools such as this? Now I am not sure how great this tool is for that right not (I'm guessing - first release - not very) but I am sure it will come if people start using it.

Re:I have to ask..

But you're also right, it won't gain wide acceptance unless there's easy way to connect to the "network".. I just opened the "Network status" dialog, and what do I type in?

There is no network. The goal isn't "wide acceptance". This isn't another way for you to get your mp3s, porn, whatever. Front page of the site, emphasis added:

WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.

WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology.

Re:I have to ask..

[Hast]

People tend to forget (or not realize to begin with) that every bit of chatter they send to one another on AIM goes through AOL's servers,

Eh, no it doesn't. Even early versions of ICQ had direct communication between clients. Only if a client is offline does it go through a server. There is no way in hell that the servers could survive otherwise.

Although the messages are in clear text, so someone could sniff them. OTOH the same is true with email.

Re:I have to ask..

[GMC-jimmy]

If your not scared of Beta software, there's an IRC client that supports encryption for queries and even channel messages. You do have to share your key with whom ever you want to be able to read your messages however.

It's KVirc 3 over at www.kvirc.net.
It's primarily writen for KDE/Linux but they also have a pre-compiled Win32 stand-alone.

Re:I have to ask..

This isnt part of Winamp, its a seperate program from the makers of winamp

Re:I have to ask..

[spectral]

Eh, yes it does. Otherwise I'd have a lot more connections open while talking to people than just the one single connection to AOL's server. Hence the 'direct connect' button, which then DOES establish a direct connection to the server. Also, ICQ now uses modified versions of the AIM protocol(s) anyway (or at least, can run on them), so all ICQ traffic prolly goes through the servers too.

I bet the other networks are the same. MSN, Yahoo, etc. Direct connections are a bit slower to start up, and a bit more of a security risk, since you now know the other person's IP address.

Re:I have to ask..

[Commutative+Monoid]

I think you'll notice the grandparent has less than ten posts. It's a shill account for trolling.

Re:I have to ask..

[spectral]

I'm an idiot. I meant to say "which then DOES establish a direct connection to the other user."

Re:I have to ask..

[Hast]

Then it has to depend on the version you're using. Perhaps you're using the Lite version, that's operated through Java or something I think.

Because when I use ICQ 2001b and send a message, or even just browse a users "away message" then I also establish a connection to that user.

If you're using ICQ Lite then it's not starange that it goes through AOL/Mirabilis. A Java applet is not allowed to open connections besides the one to the server it comes from.

Re:I have to ask..

good thing they included the source then... to make it easier for someone to create one...

Re:I have to ask..

[daserver]

Well there is a whole network, silcnet, that builds upon irc but makes it safe. It not that far away from 1.0. http://www.silcnet.org/

Re:I have to ask..

You know.. Maybe because the messages are sent using udp??

Re:I have to ask..

posting anonymously for obvious reasons:

The unofficial amusing diversion (when things were slow) for members of the security team of the Fortune 100 organization I worked for was to read people's IM conversations that were logged by our IDS. Whether they're being routed through AOL or Microsoft or Yahoo, they're plaintext transmissions to and from a few very well-known port numbers. Think about that the next time you're telling John/Jane exactly which part of them you'd like them to insert in which part of you, and you bring the whipped cream and they'll supply the ball gag, etc. Do you really want the geek sitting at the firewall desk reading that?

Re:I have to ask..

I'll bite. It'd open at least one listening port, and it doesn't. Therefore, NO, you're wrong again, coward.

Re:I have to ask..

[liquidsin]

From the ICQ faq :

Q. I can send and receive messages, but am having trouble using some of the other ICQ features. Is this because I am behind a firewall? A. If you are behind a firewall, you should be able to send and receive messages, SMS, and URLs. However, you might not be able to use ICQ features that establish a direct peer-to-peer connection. The features that may not work include: File Transfer, Shared Files, ICQphone, ICQ Web Front, ICQ Voice Message, and ICQ Chat. Note: You may also have trouble launching or using ICQ's external applications, including sending and receiving game or IP telephony/voice chat requests.

So it would appear that normal messaging goes through the server but chat, file transfer, voice, and some other stuff is direct client to client.

Re:I have to ask..

[indead]

AIM traffic goes through a central server unless you directly connect or transfer a file, etc.

Re:I have to ask..

Well actually after downloading and installing the software I noticed a couple of features.

The first feature allows you to specify a network by name.

The 2nd feature is a checkbox that allows you to broadcast your public key over the network.

The 3rd is a setting that allows you to automatically accept broadcasted public keys.

Looks to me like you can simply join a WASTE network by typing in the network name and having your machine find other machines on the WASTE network specified.
I believe this would equate to secure p/p file sharing.

Re:I have to ask..

[xchino]

Sorry, you're just wrong, parent poster was correct. All this info is easily verifiable with a quick and simple google search. Also note that direct connection is an option, not a default.

Re:I have to ask..

[raynet]

Also Irssi and ircII have IDEA patches and they work really well too, been using them for year or two now.

Re:I have to ask..

[moncyb]

The guy you are replying to sounds more like an AOL luser than a "pyrate". "All my friends are on AIM, so why shouldn't everyone use AIM?"

Re:I have to ask..

[Commutative+Monoid]

Mod me offtopic some more. My karma is too high.

Re:I have to ask..

[Mal-2]

I can see a use for this, as it probably is a better way to implement what many people now use VPNs for. If all you really want is to be able to pull your home files from work and vice versa, it should be simple enough to fire up WASTE on both (or more) ends and go to it... no VPN routing to worry about, apparently no firewall hacking to worry about (I currently have to pinhole the company firewall with my cable IP, which does change once in a while), and I could set it up pretty easily for everyone in the company.

Not that everyone is taken by the concept that they could work from home at any hour... because they fear that they would be EXPECTED to. But since my boss really doesn't understand what capabilities this opens up, I doubt the people here have anything to worry about (except that I may not come in more than one or two days a week any more, choosing to stay home and save an hour and a half of daily commute).

I can also see this being very useful for companies that deal with a lot of paper documents going a lot of places. Now some $5.75/hr lackey can just dump them in a drum scanner (I know, I did exactly this for 3 months before they figured out I was more useful in a job that required two or more brain cells), and any business partners can view them on demand. Similar systems already exist, but this seems both simpler and more secure. Also, if the partner business adds an employee, or wishes to reassign one, they don't even have to consult you to give the new guy access. You just want to make sure you keep everything adequately compartmentalized so these partner businesses can't spy on each other through your documents.

What provisions are there for booting someone off your system even though another member considers them "trusted"? That's obviously a source of potential conflict in a business-to-business situation.

Re:I have to ask..

[DarkDigger]

I've installed WASTE and I'm connected with one of my friends already. Now I haven't been able to get anyone else to run it, but if you don't want somebody else to be able to get access to you, you can just disable broadcasting your public key so the person you don't want to be "trusted" can't get access to you. Of course, others that you might want to actually have your key broadcasted to wouldn't be able to get it as easily (you'd probably have to send it to them through email), but it is one workaround.

Re:I have to ask..

[Spider[DAC]]

I have to point out the Invisible Irc Project as well. It lets any IRC client connect to a secure IRC network, since it works as a proxy/relay system instead of patching the clients.

Re:I have to ask..

Downloading from where? i've spent the last hour trauling the nets for someone hosting a mirror, a google cache, SOMEthing... it just evaporated..

Five minutes later

[Jacer]

I read the article and immediately got excited. I downloaded all of the software and had it all setup and working within a few minutes. As of right now I'm living in an apartment and have no practical use, but on Monday I'm moving into my dorm room to start my summer class (bleh!) Anyway, I think this is so wonderful! I've been thinking about a secure network computing solution for my three computers when I'm at school. I have my server, workstation, and my laptop that I'd like to tie all together. The leading choice was vpn, but after playing around with this, I do think that running on my server and having the three of them connect to it, and maybe a few of my friends computers on campus, we can create a very nice, effective, small, and secure lan. Then again, after five minutes I haven't decided if the whole reinventing of the wheel is worth it. I'll probably try it out, and setup a vpn server too, and see which I like more.

Re:Five minutes later

[graveyhead]

VPN is better if you're a gamer...

Once you've set it up for a firewall, the f/w effectively vanishes inside the VPN. A friend and I struggled with firewall configs for years tweaking for the game of the day. Enter VPN, and now we have a private TCP network without firewalls. Any game supports that, no reconfiguration required.

The other thing is that it is built into w2k (my gaming platform of choice) and XP (friends platform). This means you can be up and running after reading some quick instructions on setting up the server, your shares (properly!), forward one TCP port (yes, only one) from your firewall to desktop, and that's it forever.

Add an uber-IM like Trillian, and that's all you will ever need.

Re:Five minutes later

[Jacer]

Yeah, I had a VPN setup from work to home before, and it didn't always take kindly to the network address translation. Certian things wouldn't function, and I'm hoping that's fixed here. Also, we have a whole chunk of public addresses on campus. I could easily configure the pool to assign some of them, and not worry about the nat, but then there is always a chance that there will be an address conflict. As a former net admin before coming back to school, I can tell you that I don't take too kindly to rouge DHCP servers messing with my address block. (I had a user bring in a access point that was also a residential gateway. The nerve!)

Re:Five minutes later

blah....
Real games use UDP. What game are you playing that uses TCP?

Re:Five minutes later

[tauntalum]

Must be a MUD :)

Re:Five minutes later

[graveyhead]

NAT is totally seamless in our VPN. When I fire up a browser with the VPN active, he is temporarily my ISP. All requests for hosts + DNS go through his machine. We ran into trouble early on in the setup, because he refuses to use manual IP addresses on his network, so I had to set mine manually to a high number that his DHCP server is unlikely to use, and he had to check a configuration that allowed me to do so. Also, there was a bit of DNS trouble until I put the address of the PPP server as DNS server.

Now, everything works fine when connected, just a bit slower. The only thing I wish was that I had the ability to control per application which IP address is used. It would be nice to say "for IE, Outlook and Trillian, use regular addr, for everything else, use VPN if available." If I could do that, life would be perfect :) Really it just means having to quit & restart apps when connecting, but that's about it. A minor inconvienience.

Re:Five minutes later

[Admiral+Lazzurs]

for /F "delims=: tokens=2" %%i in ('route print') DO SET GATEWAY=%%i
route delete 0.0.0.0 MASK 0.0.0.0 %GATEWAY% METRIC 1
route add 192.168.1.0 MASK 255.255.225.0 %GATEWAY% METRIC 1

Where 192.168.1.0 is the network that you would like to use for the VPN and 255.255.255.0 is the netmask.

Take care

Re:Five minutes later

Glad to have you aboard for the summer, Jacer. Looking forward to "seeing" you again. I and the other gays meet every Tuesday at 3:00 PM in the 3rd floor men's room of the library for a "round table" (heh heh heh). We look forward to your presence. It is a BYOL (bring your own lube) affair, and strictly bareback. Hope to be "seeing" you there. Yum.

-- Bruce

Re:Five minutes later

[.milfox]

*laugh* I think he wanted windows settings. *SMIRK*

I like your style. Hehehe

*points at message above - If you've got spare mod points, mod up!*

Re:Five minutes later

[Grizzlysmit]

Why bother this is just a total waste. :-)

Re:Five minutes later

Umm, looks like windows settings to me. Don't know any other OS's that have a shell that uses %VAR% for variables and such a broken shell loop contruct...

Download and mirror this

[scrod]

while you can. Remember what happened when they first released Gnutella? If I recall, AOL forced them to pull it within hours (though it was already completely reverse-engineered almost immediately afterward).

Re:Download and mirror this

[Farley+Mullet]

+4 RTFA! more like it.

And I blockquote:

WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.

So this isn't really a thing like gnutella. It's an enterprise product. As other posters have noted, it could conceivably be used to share (AOL-TW) copyrighted works, but that doesn't seem to be anywhere near it's main purpose. Heck, AOL is probably releasing the core technology as OSS to get the community to shake it down for bugs, in anticipation of releasing a commercial product built on top of the protocol. Kinda like how Apple has worked on open source technologies like zeroconf, and released commercial products like rendezvous built on the technology.

Re:Download and mirror this

[dimator]

Seems like "waste" is a "waste" of time.

Re:Download and mirror this

[Ed+Avis]

WASTE is a software product and protocol...

It's understandable for marketeers and Microsoft to say 'software product' as a euphemism for 'computer program', but do hackers have to start doing it as well?

Re:Download and mirror this

[comet_11]

If they want to be taken as seriously in the enterprise market as MS is, then yes, probably.

Re:Download and mirror this

[arvindn]

It's understandable for marketeers and Microsoft to say 'software product' as a euphemism for 'computer program', but do hackers have to start doing it as well?

euphemism n. The act or an example of substituting a mild, indirect, or vague term for one considered harsh, blunt, or offensive.

Excuse me, since when exactly has the term 'computer program' been considered harsh, blunt, or offensive?

Re:Download and mirror this

[Ed+Avis]

Well that's kinda my point. You wouldn't think that 'computer program' was too harsh to say to the customers, but marketing types seem to think so, hence 'software product'. Or 'solution'. Consider also the process by which a directory became a 'folder' in Win95.

Re:Download and mirror this

[Planesdragon]

It's understandable for marketeers and Microsoft to say 'software product' as a euphemism for 'computer program', but do hackers have to start doing it as well?

An OS is needed to run the computer.

A computer is used to run programs, that actually do directly useful stuff.

"middleware" exists, which helps the OS, programs, and other hardware get along.

All of the above are "software products." It may be slightly imprecise, but no more than the distinction between "truck," "car", and "van."

Re:Download and mirror this

[indead]

Consider also the process by which a directory became a 'folder' in Win95.

As I recall, the process was:

1. Apple called their directories folders.
2. MS 'innovated'.

Re:Download and mirror this

[Ed+Avis]

Yes but you say that trucks, cars and vans are vehicles. You do not call them 'vehicle products'.

Re:Download and mirror this

Excuse me, since when exactly has the term 'computer program' been considered harsh, blunt, or offensive?

since '95?

Re:Download and mirror this

[DoXaVG]

So this isn't really a thing like gnutella. It's an enterprise product.

10-50 users makes this an enterprise product??? I work in a SMALL enterprise that has 15,000 employees, the IS department alone is over 1000 of those, and the IS Support staff (the ones that handle all the user complaints - on the order of 100 employees worldwide) currently use an internal IRC server as our enterprise IM software (Sametime) didn't exist when they put out the IRC solution. We'll probably end up moving to use Sametimes meeting features instead of IRC in the future. My personal sametime address book has 40 or so people that I regularly communicate with at work; 10-50 wouldn't even begin to cut it. Now, I can see this being used to communicate with personal friends (assuming it can utilize HTTP proxy servers to get outside our firewalls).
--Dox

Re:Download and mirror this

[Farley+Mullet]

My personal sametime address book has 40 or so people that I regularly communicate with at work; 10-50 wouldn't even begin to cut it.

Really? Sounds just about perfect for you. I'm pretty sure that the idea isn't using waste to share info between everyone in an organization, just people within a workgroup. And I'd imagine that most workgroups are under 50 people in size. Anyway, I was replying to a guy who suggested that this would go the way of gnutella -- my point still holds -- this clearly isn't a P2P file sharing protocol in the napster/gnutella/kazaa sense of things.

Re:Download and mirror this

> since when exactly has the term 'computer program' been considered harsh, blunt, or offensive?

Depends on the program... just look at Agent Smith for an example of harsh and offensive.

Re:Download and mirror this

[devnull17]

As long as the word "solution" stays the hell out of there, I'm happy.

Interesting, not your usual peer to peer app.

[rmlane]

Designed for small groups of people (up to 50)

It allows easy colloboration across firewalls, and only one user inside the firewall is required to allow all users inside access to the mesh.

Each link is encrypted, but each message is decrypted and re-encrypted at each hop of the mesh, so you have to trust all of the nodes. It's also very hard to drop a node onc it is trusted, as each node shares public keys around to make sure all nodes have all public keys. Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure.

All network traffic is encrypted, it will flood each mesh link with a minimum amount of bandwidth to foil traffic analysis.

For readers of Pynchon. . .

[BitHive]

That's W A S T E, not 'Waste'.

Re:For readers of Pynchon. . .

[IntlHarvester]

Above post was not at all offtopic. Crying of Lot 49 is a good nerd book, so go read it.

In the book, W.A.S.T.E is an underground postal system that allowed people to exchange messages without the authorities finding out.

Re:For readers of Pynchon. . .

[Surak]

And I doubt that's a coincidence either considering that's exactly what the protocol seems to do.

Now I've never read the book, but I'd say in an underground postal system every person in the system has to be trusted. Much like this protocol -- each node in the network needs to be trusted.

You have to build your own little underground network with a few trusted friends. This reminds me a lot of the pirate BBS days ... if you wanted access to the 'private' or 'elite' (we didn't use such silliness as 31337 ;) file sections, you had to know the sysop.

This system allowed for only quality 'warez' files because everyone who was allowed to trade files had to be trusted, and therefore they weren't going to damage their reputation by sending crap like you get on P2P nowadays like incomplete packages or stuff that said it was one thing, but really was another thing. Back when trading pirated software was more like a gentlemen's agreement and not the 'o-D4Y \/\/4R3Z!!!!' crap pimply-faced teenagers with nothing better to do do today.

On the other hand, one has to think, 'Who needs it?' Most of us who were in that community back then have merged in with the Open Source community today and if we trade software at all it's with a CD burner over a cup of coffee. ;) OTOH, maybe this is just the thing for people like us.

Just a thought...

Re:For readers of Pynchon. . .

[benwb]

The people I interacted with back in the day even had a name for the gentleman's agreement: Programmer's Privilege.

Re:For readers of Pynchon. . .

[Surak]

Yep. That's the one! ;) (You have to bear in mind back when I was into this scene, you *had* to be something of a programmer to setup a BBS. We didn't have these "insta BBS" packages back then.

Re:For readers of Pynchon. . .

[elwinc]

Here's a little quote from The Crying of Lot 49 that might show how the software title pays homage to Pynchon:

"Last night, she might have wondered what undergrounds apart from the couple she knew of communicated by WASTE system. By sunrise she could legitimately ask what undergrounds didn't....[H]ere were God knew how many citizens, deliberately choosing not to communicate by U.S. Mail. It was not an act of treason, nor possibly even of defiance. But it was a calculated withdrawal, from the life of the Republic, from its machinery. Whatever else was being denied them out of hate, indifference to the power of their vote, loopholes, simple ignorance, this withdrawal was their own, unpublicized, private. Since they could not have withdrawn into a vacuum (could they?), there had to exist the separate, silent, unsuspected world."

Google silent tristero or trystero and you'll find plenty of hip references to private communications. There's even a sourcforge project called tristero.

Re:For readers of Pynchon. . .

[Captn+Pepe]

One of the cooler items in this year's Scavenger Hunt -- each team had to set up a WASTE-alike (physical, not electronic) with drop boxes all over the neighborhood and a maximum 7 hour delivery time (to basically anyone on campus). Since everyone was too busy to check their email very regularly, and the boxes were everywhere, it actually became a preferred way for people doing the Hunt to communicate.

Not so much encrypted, though. Reading the mail your team was delivering became a very funny pastime. I did briefly consider printing out an ascii-armored GPG message, but those things are a bitch to type in.

Re:For readers of Pynchon. . .

[Reziac]

In fact, my first thought was that finally here is a secure *limited-users* message system for "modern" users, ie. folk who wouldn't have the first notion how to set up a dialup BBS, let alone a QWK door and offline mail reader.

With a dialup or in-house BBS, email, file transfers, chat, etc. can be limited to just known users, and is never transmitted via the net, hence is out of the scope of gov't snooping, and very secure. (Wildcat is still in development, and aimed partly at the corp messaging market for this express reason.) WASTE appears to at least partially address this need wrt situations where a BBS isn't practical.

Anyway, it looks promising to me, and I think will be a nice alternative for small groups who aren't interested in trading files with everyone in the known universe.

nice name...

[boog3r]

best name yet for a p2p app. hope they polished it up a little bit more than gnutella was, because this is gonna get tossed by AOLTIMEWARNERNEWSCOPRATTetc PDQ and then we will have another MIA P2P APP.

Acronyms. The Breakfast of Champions.

Re:nice name...

[leviramsey]

If the VP is such a VIP, we ought to keep this on the QT...

License?

[harlows_monkeys]

I just download the source and took a look. No COPYING file. No README. The string "gpl" (case insensitive) does not appear in any of the files.

Worse, there is an "rsa" subdirectory, and the files in there all say they are copyright RSA Data Security, and all rights are reserved. Worse, the MD5 source files contain a license that is incompatible with the GPL.

I'd stay away from waste until they straighten this stuff out.

Re:License?

Well, the Windows version has the GPL in the 'Accept/Don't accept' stage of installing the app, if that means anything to you.

Re:License?

You can skip this if you build the source and run

Re:License?

[julesh]

Well, the Windows version has the GPL in the 'Accept/Don't accept' stage of installing the app, if that means anything to you.

Which is daft, seeing as you don't have to accept the GPL to use a GPL piece of software:

5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.

Therefore, you only need to accept the GPL if you want to modify or distribute the code. Installing & running it is not covered.

Waste?

[arvindn]

Why would anyone call their product waste? I thought it must be an acronym, since they've spelt it in all caps, but they haven't said what it stands for.

Re:Waste?

Oh, kinda clear. It's such waste to use encryption ;)

Re:Waste?

Probably the same company that made the PIMP (and afterwards the SuperPIMP) install system...

Is Groove doomed?

[misuba]

Resolved that: Gnutella aside, this technology is really a direct shot at Groove Networks, the company founded by Ray Ozzie of Lotus Notes fame to sell P2P-derived technology to small and large business.

Discuss.

Re:Is Groove doomed?

[reaper20]

If

a) Groove was actually used by anybody and
b) It wasn't such horrible software

then I would say yes. Unfortunately Groove is a solution looking for a problem, and how many people get excited when you hear "designed by the guy that designed Notes."

Re:Is Groove doomed?

Well, most people don't know that the WWW is just a text-based, non-proprietary copy of Notes.

Re:Is Groove doomed?

[misuba]

Well, that begs the question: what problem is Waste designed to solve? Who will use it?

It seems to me that secure instant messaging and peer-to-peer file transfer between members of a distributed workgroup serves a real need. I can't imagine that Nullsoft would have developed this unless they saw a need themselves. Other solutions might technically already exist, but they don't appear to be as easy to install. (In that respect I could be wrong about VPN; I haven't looked into it.)

It'll be interesting to see whether Waste follows the path of Groove in the respect of becoming a platform, and providing an API for others to develop new tools.

Re:Is Groove doomed?

[dpu]

that's because most people know that the HTTP protocol (and, for that matter, most other common Internet protocols) predate Notes by a few years.

Re:Is Groove doomed?

[Capablanca]

groove has hundreds of employees and funding from the borg. and some have suggested they have no real sales. could groove be a component of the halloween memo strategy (rich, proprietary protcools)? like the new structured file system that is part of longhorn?

Re:Is Groove doomed?

[rkz]

Its for terrorists to plan attacks!

Re:Is Groove doomed?

HTTP was invented before 1985?

Re:Is Groove doomed?

...except that the web works as designed, whereas notes is a pile of shit that causes more problems than it solves.

Re:Is Groove doomed?

unfortunately your comment is entirely useless, as the parent's usage is sensical. now stop wasting me bits.

Re:Is Groove doomed?

Groove has thousands of users. At my office (only a few dozen people), we use it all the time for communication and collaboration with clients. The voice over ip stuff in it kinda sucks, but the shared filespaces and whiteboard features are great.
The DoD uses it extensively, as does/will the Dept. of Homeland Security. It's a great tool. The only down side that I see is that it's windows only.

Re:Is Groove doomed?

[Vaughn+Anderson]

HELP! PLEASE SAVE ME FROM GROOVE!!!

My client _insists_ we use groove and it takes _forever_ to load up, _forever_ to close down, when it crashes (all the time) it takes, yes, _forever_ to die. It sucks up memory like there is no tomorrow, it it has a cluttered and hideously bloated interface, it has to update itself every time you open it, it's SLOOOOOOOWWW! ARARHHRAHAHGG!

Yet, Winamp 3 is amazingly annoying and slow as well... I just hope WASTE runs on winamp 2...

Re:Is Groove doomed?

[lucas_gonze]

Agreed. The difference is that Groove has proxying to make sure that offline nodes can still communicate, which makes a huge difference, and about ten million lines more code.

W.A.S.T.E. gets big points for style and simplicity, but doesn't break any new ground.

Re:Is Groove doomed?

[dpu]

ok, IIRC, HTTP was accepted as an actual RFC in 1990 or 1991. knowing how long it takes for a popular protocol to get standardized sometimes, it was probably realistically in use (or active development at least) since 1987 or 1988. perhaps even longer, although i could not find documentation to support or disprove that assumption (though it seems reasonable).

source: http://www.w3.org/Protocols/HTTP/AsImplemented.htm l

on the other hand, Lotus Notes 1.0 was released in 1989, after being in active development for close to 4 years.

consequently, it's difficult to say which came first, since the argument could go either way (assuming, of course, that my previous assumption about the length of time it takes the W3C to ratify a protocol with an RFC). but in your case, Lotus Notes was based originally on Plato Notes, which dates back to 1976 or thereabouts.

Re:Is Groove doomed?

[dpu]

oh, and they're called "DocLinks" in Notes (or used to be), not hyperlinks :) if you really want to argue this, i could probably find that sort of hypertext linking in use earlier than Notes.

Beep!

[BladeMelbourne]

Thanks for the link!

On their site I found a program called Beep. It makes noises on keyboard/mouse input :-)

http://www.nullsoft.com/free/nbeep

It gets annoying after a while, but it is 'cute' enough to impress my girlfriend. And that matters as much as keeping my RedHat system up2date. LOL

Re:Beep!

[millwall]

"[...] It makes noises on keyboard/mouse input :-) [...] it is 'cute' enough to impress my girlfriend."

Where do you find a girl that could be impressed that easily? No need for fancy restaurants or expensive gifts, just type on your keyboard and she goes mental.... nice!

Re:Beep!

[Debian+Troll]

It gets annoying after a while, but it is 'cute' enough to impress my girlfriend. And that matters as much as keeping my RedHat system up2date. LOL

If you were using Debian and its fantastic apt-get package management system, you wouldn't need to worry about that (using up2date or having a girlfriend).

apt-get zealotry makes life simple in more ways than one!

Re:Beep!

[BladeMelbourne]

RedHat has apt-get support, although not out of the box.

http://shrike.freshrpms.net/rpm.html?id=393

Don't worry DebianTroll, I will try Debian soon... I have heard many great things about it. My modem connection only achieves 50.6 kbps maximum. I will try to get a copy of Debian 3.0r1 at the next Melbourne Linux User Group meeting.
http://www.mlug.org.au/

Mike

Re:Beep!

[leviramsey]

Debian Troll, I salute you.

May I subscribe to your newsletter?

Re:Beep!

[Debian+Troll]

Dear levinramsey,

I've just gotten off the phone with Bruce Perens, talking about that very topic! At the moment, both Bruce and I are too busy to devote much time to our Debian-focused e-newsletter, Elitist Open Source Zealot Virgin. As you may be aware, I am totally consumed with my current Windows port of apt-get, and Bruce has a full time job just keeping the hobos and crack junkies out of his cardboard box underneath the 23rd Street rail bridge.

Sincerely,
Debian Troll.

Re:Beep!

man thats rich... I am sitting in my govt job cube crying laughing... phew....

Re:Thats Nice

[DrPascal]

I believe they backported the Media Library into 2.9x. Just get that.

It's kinda First Class. . .

on steroids?

first class

maybe, maybe not.

Re:Gnutella - YES

Yes, Nullsoft originally created Gnutella then parent company AOL forced them to stop development, but the cat was out of the back and code was leaked/reverse engineered.

Re:fix what needs fixing

[misuba]

Winamp 2.9 is the latest release of the Winamp 2.x codebase, which takes most of the good ideas that went into Winamp 3 and codes them back to an API free of excessive abstraction. It's been out for weeks, if not months. Check your facts before posting.

Cool!

Its about time that we got something like this! Way to go guys!

Re:License? GPL

This is in the asyncdns.h file, and most of the other files in the .gz file.

WASTE - asyncdns.h (asynchronous DNS class)
Copyright (C) 2003 Nullsoft, Inc.

WASTE is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Seems like conflicting information to me.

well...

[inkedmn]

as long as it has those uber-bitchin' skins, i'm in.

GPL Licences

[rmlane]

Quoting from the source:

Copyright (C) 2003 Nullsoft, Inc.

WASTE is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

They already fixed Winamp, whiner

Firstly, the WA2 group backported the two major features of WA3 (video support and the media library) to WA2 and released it as WA 2.9. Development continues on a hybrid tree under the working title WA5 (2 + 3 == 5).

Secondly, not everyone shares your idea of "what they need to do". Winamp is a nice media player, but nevertheless just a media player; to many people, a protocol that facilitates cryptographically secure collaboration is infinitely more useful.

Thirdly, I'm not clear on what obligation you think Nullsoft owes you even when they're on company time, but I wouldn't be surprised if WASTE was written in spare time--you know, for fun.

Re:They already fixed Winamp, whiner

[UniverseIsADoughnut]

Hey good their working on the old series, which would show they accept the issues of the 3x series.

I know many people do feel the way I do, talk to most people who have tried 3.0 or even go to their website and see people bitching about it. Winamp is the most used player in windows, second only to WMP, though I wouldn't be surprised if more used. To stop trying to make a decent product and ignore the problems will cause them to loose their marketshare and thus make them worthless, not a very good business model if you want to be around to do other things like protocols.

Also I don't think many people care about this protocol, sure the paranoid types might, but this is very much something most people could care less about.

Also I in no way have said they are obligated to do anything. I was just pointing out how they have gone from something good to complete crap. I don't belive companies own anyone anything unless there was some deal which requires them to.

I doubt it was done in spare time, if it was employees doing something it was during work time, and if there are things that need to be done to your product you don't have "free time" . Free time is when there is nothing you should be doing.

Nullsoft is a company. Time is money for them. Users are money for them. Being a company that gives product away for free, the balance of keaping them is huge. If no one goes to your sight and clicks on ads and so forth they are done.

One last thing, they haven't fixed jake shit. winamp 3 is broken, go to their sight, winamp 3 is what they are advertising. Making updates to an older product is not fixing. To be fixed means they got all the issues sorta out with 3.0 .

Re:They already fixed Winamp, whiner

Hey good their working on the old series, which would show they accept the issues of the 3x series.

Nullsoft has said from the release of WA3 that it was AOL's spec and AOL's decision to release it in that state.

I know many people do feel the way I do, talk to most people who have tried 3.0 or even go to their website and see people bitching about it.

That's really not relevant to anything I wrote.

Winamp is the most used player in windows, second only to WMP, though I wouldn't be surprised if more used.

Hardly. WA is popular among those 'in the know', but it doesn't have anywhere near the installed base of e.g. RealPlayer.

To stop trying to make a decent product and ignore the problems will cause them to loose their marketshare and thus make them worthless, not a very good business model if you want to be around to do other things like protocols.

Nullsoft's "business model" is that of a wholly-owned subsidiary of AOL. Its purpose is to provide the media player component of the AOL client software. As for "other things like protocols", this is a side project, much like Gnutella. [quote]Also I don't think many people care about this protocol, sure the paranoid types might, but this is very much something most people could care less about.[/quote] Visit the business world sometime. Secure collaboration isn't paranoia; it's a necessity.

Also I in no way have said they are obligated to do anything.

Yes, my mistake. I didn't realize that you presumed to know Nullsoft's business better than Nullsoft.

I doubt it was done in spare time, if it was employees doing something it was during work time, and if there are things that need to be done to your product you don't have "free time" . Free time is when there is nothing you should be doing.

Employees are also people, capable of undertaking projects on their own. Most of the Nullsoft side projects are things that were done on the coder's own initiative and time. Justin, whose project this is, isn't even part of the WA3 group.

Nullsoft is a company. Time is money for them. Users are money for them. Being a company that gives product away for free, the balance of keaping them is huge. If no one goes to your sight and clicks on ads and so forth they are done.

Is the dotcom bubble still intact on your planet? Users who don't pay aren't money, and ads are a tool to alleviate operating expenses, not a profit source.

One last thing, they haven't fixed jake shit.

Is he any relation to Jack?

winamp 3 is broken, go to their sight, winamp 3 is what they are advertising.

The Winamp site calls WA3 "almost as new as Winamp 2". Some advertisement.

Making updates to an older product is not fixing.

It is when the older product is now functionally equivalent and wasn't broken in the first place.

Re:They already fixed Winamp, whiner

[awakened+tech]

To a certain extent this protocol is probably far more important than winamp will ever be. We keep hearing predictions of how IM is the next big thing in business, however no buiness is going to touch current IM technologies for two main reasons, security and accessibility (if I have MSN installed I will spend more time chatting to my mates than collaborating with my colleagues). WASTE solves those two problems and therefore enables businesses to seriously look at using IM type technologies in the work place.

Re:They already fixed Winamp, whiner

[UniverseIsADoughnut]

" Hardly. WA is popular among those 'in the know', but it doesn't have anywhere near the installed base of e.g. RealPlayer."

Find me someone who uses real player! anyone! WA is not a "in the know" thing. Every freaking person who has MP3's knows about it and uses it or WMP . My most non computer knowledged friends won't touch real player.

Re:They already fixed Winamp, whiner

Waste _was_ written in their spare time. And though this is the first 1.0 release, it's been in quite a stable, workable state for about 6 months now.

- `jars

Re:They already fixed Winamp, whiner

Nullsoft has said from the release of WA3 that it was AOL's spec and AOL's decision to release it in that state.

Err... no. For a long time they were blaming it on the user's computer being "slow" or "outdated". In fact, I'm pretty sure that's still in their FAQ.

Right. My Athlon MP supposedly isn't "fast" enough to run a damned music player.

(posting anon, after seeing the other guy get modded "flamebait" for telling the truth)

Re:They already fixed Winamp, whiner

[TheTick21]

You lost be about the time your spelling and grammar degenerated to the 3rd grade level.

believe, lose, keeping, site, jack, site (again...pointing out it isn't just a typo)

These are just simple misspellings and wrong word usages. To point all the poor grammar I would need a new box of red pens.
Learn the language you're attempting to argue in and people might take you more seriously. To your credit you didn't use you for u etc.

1337

[houston_pt]

Listen port
Listening on port 1337

Somehow I think this is a very well chosen port... ;-)

Re:1337

[blibbleblobble]

Listening on port 1337
Somehow I think this is a very well chosen port...

Is that a BackOrifice reference? (Port 31337)

Re:1337

[Fweeky]

1337 = l337 = leet = elite

Somewhat commonly used to refer to something as good; as in:

"l337, this WASTE thing does exactly what I want"

4 years later May 28th

[Isosonys]

Did nullsoft do this to thumb its nose at Aol? It was released May 28th 4 years after Aol paid a nice sum to buy Nullsoft.

Yes, it's GPL and it says so...

[malakai]

I don't know, are you a troll?

Try searching on 'GNU General Public License' Einstein.

/*
WASTE - connection.cpp (Secured TCP connection class)
Copyright (C) 2003 Nullsoft, Inc.

WASTE is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

WASTE is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with WASTE; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

Re:Yes, it's GPL and it says so...

[MisterFancypants]

Yeah but the original poster's question about md5/RSA code still stands...That code is incompatible with the GPL.

Re:Yes, it's GPL and it says so...

[harlows_monkeys]

Oops. I should have grepped for GNU in addition to GPL. I also see they've got a license.txt file, which includes the text of the GPL.

Now if you can just explain away the RSA code that has the license that is incompatible with the GPL, everything will be fine.

Re:Yes, it's GPL and it says so...

Because the patent expired.

Re:Yes, it's GPL and it says so...

[lmfr]

But not the copyright.

Go read Pynchon

[billstewart]

In "The Crying of Lot 49", which is a nice short fast spacy read, there's a plot thread about competing mail services and a conspiracy that conducts its private communications in a way that, if you refer to the name of the product as "waste" rather than "W A S T E", indicates you're clearly not part of their group. There are also email systems called "Trystero" for similar reasons, and it makes looking at post office boxes in Scandinavia quite silly even without sampling the local agricultural products.

Re:Go read Pynchon

[ChrisCampbell47]

I spent a WHOLE YEAR in 1992-1993 reading Gravity's Rainbow and I'd do it again in a heartbeat.

At the time it was just a mind-blowing coincidence with my life in general since A) I'm half-German and B) I'd just finished an aerospace engineering degree and C) I have a disgusted fascination with the entirety of the human race and D) I'm drawn to the absurd.

To this day, I still regularly recall the image of those underground factories in the shape of double integrals echoing the parabolic arc of the missiles ...

"A screaming comes across the sky"

I'll waste you...

Its now common to say "I'll PM you"... If this is a success we are soon going to hear things like "i'll waste you"

As for the "What's the point" question...

[malakai]

put on your conspiracy hats...

Think of it this way, these guys know probably better than anyone else NOT on the AOL IM team, just how much of IM conversations are monitored, logged, mined for information, media metrics...etc.

Not to mention, they work in that environment, they prolly want to be able to say "god damn, our executive VP is a bitch" and not have some network engineer provide a log documenting that conversation later.

Yeah, i wish it scalled, but wtf, its opensource. Go make it scale. For now, 10-50 is plenty for most groups of online friends.

Personally, I'd loved to see technology like Pastry get hacked into it.

-malakai

Re:As for the "What's the point" question...

[TeddyR]

AOL sells a product that is meant to log AIM traffic going through the enterprise network...


http://www.aim.com/get_aim/enterprise/enterprise .a dp

"AIM Enterprise Gateway
Now available, AIM Enterprise Gateway increases the value and manageability of AIM for organizations. Deployed onsite, AIM Enterprise Gateway acts as a proxy between users inside the corporate firewall and those on the public AIM network, enabling enterprises to manage and control employee usage of AIM services. AIM Enterprise Gateway provides Identity Management Services that enable administrators to control access, routing, and permissions. AIM Enterprise Gateway also features Archive and Audit Services that monitor AIM usage, log and audit messages, and create reports. "

Re:As for the "What's the point" question...

[Suidae]

For now, 10-50 is plenty for most groups of online friends.

It would be except that my 10 friends each have 10 friends who are not my friends and with whom I have no desire to communicate. And they each have 10 friends...

I haven't used it, but it would be useful to be able to use the same system to connect to multiple independent sets of people, like maintaining multiple connections to IRC servers.

Re:As for the "What's the point" question...

[$carab]

I remember watching on Dateline a couple years back about a murder trial, and apparently one of the major pieces of eveidence was a saved AIM conversation. They got one the AOL execs to testify that there was no way of verifying if it was a real transcript because AOL doesnt keep logs.

I think theres an sf project do do AIM sniffing though, but still, AOL doesnt log your conversations.

Re:As for the "What's the point" question...

"Short Summary (please don't cite)"

Oh, now you've done it.

Re:As for the "What's the point" question...

[Molz]

As I read the documentation about WASTE it seems it has a Network Name/ID function that is intended to keep networks seperate; which I took to mean exactly what you are asking for. One WASTE network is setup for my 10 friends using one name and then they can use a different name for the WASTE network they use with their 10 friends that I don't want to talk to.

Sounds like it would work pretty well, assuming you don't all want to use the same name.

Full description of WASTE

[mrklin]

Fresh from http://www.nullsoft.com/free/waste/:

WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.

WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology.

Some bits of information about WASTE:

• WASTE is currently available for 32-bit Windows operating systems, and as a limited functionality server for FreeBSD and MacOS X. Porting to other operating systems should be a breeze, as the source is provided (and the network code itself is pretty portable).
• WASTE is licensed under the GPL.
• WASTE currently provides the following services:
  • Instant Messaging (with presence)
  • Group Chat
  • File browsing/searching
  • File transfer (upload and download)
• Network architecture: WASTE uses a distributed architecture that allows for nodes to connect in a partial mesh type network. Nodes on the network can broadcast and route traffic. Nodes that are not publicly accessible or on slow links can choose not to route traffic. This network is built such that all services utilize the network, so firewall issues become moot. more information.
• Security: WASTE uses link-level encryption to secure links, and public keys for authentication. RSA is used for session key exchange and authentication, and the links are encrypted using Blowfish in PCBC mode. The automatic key distribution security model is very primitive at the moment, and may not lend itself well to some social situations. more information.

hope that AOL

[KingRamsis]

...wont pull the plug on them.

Re:hope that AOL

[Eminence]

It's already irrelevant whether AOL would pull the plug on them. The source is out. GPL-ed.

Linux port ?

[theefer]

How many minutes before we can see the first Linux port (it works under W$, FreeBSD and MacOS X) ?

Re:Linux port ?

Makefile.posix is included, so forget about "minutes".

Re:Linux port ?

[Kompressor]

Closer than you think...

I haven't used C in 3 years and I managed to get it to compile with a bit of hacking. As for stability, your guess is as good as mine...

diff -r waste/Makefile.posix waste_port/Makefile.posix
4c4
< RSAOBJS = md5c.o nn.o prime.o r_random.o rsa.o
---
> RSAOBJS = rsa/md5c.o rsa/nn.o rsa/prime.o rsa/r_random.o rsa/rsa.o
7,8c7,8
< CXXFLAGS = -O2 $(DEBUGFLAG) -pipe -march=pentiumpro
< CFLAGS = -O2 $(DEBUGFLAG) -pipe -march=pentiumpro
---
> CXXFLAGS = -O2 $(DEBUGFLAG) -pipe
> CFLAGS = -O2 $(DEBUGFLAG) -pipe
diff -r waste/connection.cpp waste_port/connection.cpp
771c771
< if (::getsockname(m_socket,(struct sockaddr *)&sin,(socklen_t *)&len)) return 0;
---
> if (::getsockname(m_socket,(struct sockaddr *)&sin,(unsigned socklen_t *)&len)) return 0;
diff -r waste/listen.cpp waste_port/listen.cpp
85c85
< int s = accept(m_socket, (struct sockaddr *) &saddr, (socklen_t *)&length);
---
> int s = accept(m_socket, (struct sockaddr *) &saddr, (unsigned socklen_t *)&length);
diff -r waste/srvmain.cpp waste_port/srvmain.cpp
31c31
< #include "md5.h"
---
> #include "rsa/md5.h"
diff -r waste/xfers.cpp waste_port/xfers.cpp
812c812,814
< if (!RemoveDirectory(s)) break;
---
> // The below seems to be from the win32 API. I'll just comment it out and hope it doesn't break anything.
> // Jordan R. Urie
> // if (!RemoveDirectory(s)) break;

Re:Linux port ?

[Kompressor]

I suppose I should also mention:

jurie@gibson:~$ uname -a; cat /etc/debian_version; gcc -v
Linux gibson 2.4.18 #1 Sun Jun 9 00:54:56 MDT 2002 i586 unknown
3.0
Reading specs from /usr/lib/gcc-lib/i386-linux/2.95.4/specs
gcc version 2.95.4 20011002 (Debian prerelease)

Re:Linux port ?

[grazzy]

it crashes when run for me.. any clue? :)

Re:Linux port ?

[Kompressor]

Not sure why it would be crashing for you. Does it not compile or is it crashing when you run it? Can you post an error?

I can get it to run, and I've figgured out how to load the private key, but beond that I'm stumped. I'll post as to my success should it happen.

Re:Linux port ?

[grazzy]

[grazzy@mircosoft waste]$ ./wastesrv
WASTE server 1.0a0 starting up...
initializing RNG
done
loading config from ./default.pr0
Illegal instruction (core dumped)

--- strace output : ...

gettimeofday({1054213105, 239469}, NULL) = 0
gettimeofday({1054213105, 240923}, NULL) = 0
write(1, "loading config from ./default.pr"..., 34loading config from ./default.pr0
) = 34
write(1, "damp\n", 5damp
) = 5
open("./default.pr0", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0744, st_size=349, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40018000
read(3, "[profile]\ndownloadpath=\nnick=gra"..., 4096) = 349
--- SIGILL (Illegal instruction) ---
+++ killed by SIGILL +++

---

Looks like it crashes at line 590 in srvmain.cpp

g_config = new C_Config(tmp);

Not sure thought..

It also looks like it could be something strange about the format of my default.pr0, look at the straceoutput.. i tried fiddeling around a bit with it (changing from ansi->dos->unix->oem) in ultraedit etc.. but it doesnt seem to make any diffrence.

Btw, after you got it running i suppose you start giving away yuour public key and ip to friends so they can connect ...?

Re:Linux port ?

[Kompressor]

Did you try running it without any .pr* files in the directory? The first time I ran wastesrv it generated default.pr0 and that seemed to work fine (other than the warning due to a the private key (default.pr4) missing)

I notice that your download path isn't set in the strace output. Perhaps this is what's causing the crash? The auto-generated one that I first used had the download path and the clientid set.

Right now I'm using default.pr0 as generated by the windows version, and it seems to be working fine as well. I still can't get the windows desktop to connect to the linux server, however, I can cause the windows desktop to connect to itself (try running 2 coppies of the windows version, each told to listen to a different IP. Try not to drag the windows over each other, it gets confusing fast ;-)

Re:Linux port ?

[Kompressor]

btw, you can catch me on ICQ at 270283531 if you want to work this in realtime.

Re:Linux port ?

[enigma971]

It might say something when they port it to FreeBSD before Linux ... you would think that Linux would be at the top of the port list. Maybe there's some nasty problem they've run into.

Re:Linux port ?

[dschuetz]

Okay, I've got it compiled, but I can't get it to actually listen at all. Anyone else playing with this?

Re:Linux port ?

[grazzy]

this patch is incorporated in http://grazzy.mjoelkbar.net/waste-linux.tar.gz

this source compiles on:
quake:~/public_html$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-slackware-linux/egcs-2.91.66 /specs
gcc version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release)

but NOT on:
[grazzy@mircosoft grazzy]$ gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.96/specs
gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-81)

(take a guess why :)) ....

however it doesnt seem to work very good, no connecting can be done, thus you can temporarily connect to my host at 130.236.227.49:1337

my public key is:
WASTE_PUBLIC_KEY 20 1536 grazzy
9F564C80F1DC66AEAE566DBB5DF2523D3502D6A412 24997034 944FC1A66A
CCFE3327801557EE6F0BEFC7D245D25BCD083C 16F53AA42571 AE9B4D1375
EF95452E69E84BA9A31FCC58210AFD404D2DD1 43EA9D1197D2 EF33218DF9
8BF60FBB36EBC01AFA8494A123FD47AF852187 752651CBEB80 D9FB846843
E0D9C9D9490C1102E6892DC042452FE09DA360 5242978F2644 82A2E1CABC
08F4FC0A7C06C97D6254FE2C33CF1FFAB1C198 38CFF1250399 80755DF06C
E0556AF4C4E7BF21994C70070003010001
WA STE_PUBLIC_KEY_END

Re:Linux port ?

[dschuetz]

Alright, I think I'm figuring this out. Lack of documentation is something of a hinderance here... It really boils down to there not being any kind of initial configuration system on the server side, so you do all the keygen and profile creation on windows and copy stuff back and forth. Ugly. But, I guess it *is* alpha (though maybe it should be 0.1 rather than 1.0...)

It's compiled (I just made the changes shown elsewhere in this thread). Start up the windows version, create a private/public key pair (using a *server* passphrase, as this will be moved to the server). Oh, also copy the profile (default.pr0) from the windows box to the wastesrv folder, modifying and deleting stuff as appropriate within the file (like I deleted my nickname, etc.)

Export the private key to a file. Move that file to "default.pr4" in the wasteserv folder. Copy the public key to the clipboard, paste that into a file called "default.pr3" in the wasteserv folder (I changed the nick on that line to "server").

Go back to your windows client, and create a *new* private/public key pair, then copy that public key, via the clipboard, to the default.pr3 file, leaving your nick intact.

Copy the public key for the server to the windows client, importing it via the preferences panel. (this was the public half of the first key pair you created, which is now the server key).

Hit the network button, enter your server's IP in the drop-down field at the top, hit connect, and, maybe, it'll work. Maybe.

'course, I'm the only person on my server, so I'm not seeing anything. Gotta get someone else to try this too.

Hope this helps....

Re:Linux port ?

[mdew]

I get a bunch of errors :/ and it wont compile..
(using that file..)
tried both g++ 2.95 and 3.3, same prob.

cc -O2 -s -pipe -c -o blowfish.o blowfish.c
In file included from blowfish.c:28:
blowfish.h:43:7: warning: no newline at end of file
g++ -O2 -s -pipe -c -o m_lcaps.o m_lcaps.cpp
cc -s -pthread -o wastesrv asyncdns.o config.o connection.o filedb.o listen.o m_chat.o m_file.o m_keydist.o m_ping.o m_search.o m_upload.o mqueue.o mqueuelist.o netkern.o sha.o util.o xfers.o xferwnd.o srchwnd.o srvmain.o blowfish.o m_lcaps.o rsa/md5c.o rsa/nn.o rsa/prime.o rsa/r_random.o rsa/rsa.o
asyncdns.o(.text+0xa8): In function `C_AsyncDNS::~C_AsyncDNS(void)':
: undefined reference to `__builtin_delete'
config.o(.text+0x11e): In function `C_Config::~C_Config(void)':
: undefined reference to `__builtin_delete'
config.o(.text+0x2c9): In function `C_Config::ReadInt(char *, int)':
: undefined reference to `__throw'
config.o(.text+0x2d1): In function `C_Config::ReadInt(char *, int)':
: undefined reference to `__start_cp_handler'
config.o(.text+0x2de): In function `C_Config::ReadInt(char *, int)':
: undefined reference to `__check_eh_spec'
[..]
: undefined reference to `__builtin_delete'
filedb.o(.text+0xc0a): In function `C_FileDB::Search(char *, C_MessageSearchReply *, C_MessageQueueList *, T_Message *, void (*)(T_Message *, C_MessageQueueList *, C_Connection *))':
: undefined reference to `__builtin_delete'
filedb.o(.text+0xfaa): In function `C_FileDB::Search(char *, C_MessageSearchReply *, C_MessageQueueList *, T_Message *, void (*)(T_Message *, C_MessageQueueList *, C_Connection *))':
: undefined reference to `__builtin_delete'
filedb.o(.text+0x1293): In function `C_FileDB::Search(char *, C_MessageSearchReply *, C_MessageQueueList *, T_Message *, void (*)(T_Message *, C_MessageQueueList *, C_Connection *))':
: undefined reference to `__builtin_delete'
filedb.o(.text+0x15b0): more undefined references to `__builtin_delete' follow
filedb.o(.text+0x1a39): In function `C_FileDB::DoScan(int, C_FileDB *)':
: undefined reference to `__throw'
[..]
srvmain.o(.text+0x24a6): In function `main':
: undefined reference to `__builtin_delete'
srvmain.o(.text+0x24c4): In function `main':
: undefined reference to `__builtin_delete'
srvmain.o(.text+0x24e2): In function `main':
: undefined reference to `__builtin_delete'
srvmain.o(.text+0x2502): more undefined references to `__builtin_delete' follow
srvmain.o(.text+0x2511): In function `main':
: undefined reference to `terminate(void)'
m_lcaps.o(.text+0x27): In function `C_MessageLocalCaps::~C_MessageLocalCaps(void)':
: undefined reference to `__builtin_delete'
m_lcaps.o(.text+0x152): In function `C_MessageLocalCaps::Make(void)':
: undefined reference to `__builtin_new'
m_lcaps.o(.text+0x181): In function `C_MessageLocalCaps::Make(void)':
: undefined reference to `__throw'
m_lcaps.o(.text+0x1eb): In function `C_MessageLocalCaps::Make(void)':
: undefined reference to `__builtin_delete'
m_lcaps.o(.text+0x1f5): In function `C_MessageLocalCaps::Make(void)':
: undefined reference to `terminate(void)'
collect2: ld returned 1 exit status
make: *** [wastesrv] Error 1

Re:Linux port ?

[|<amikaze]

Hahaha, you named your machine gibson :). HACK THE GIBSON!!!

Re:Linux port ?

[harmonics]

How about posting a binary version? My gcc is far too new (3.3)...

Thanks!

H

Re:Linux port ?

[Bob+Uhl]

According to Microsoft, RemoveDirectory() removes the directory specifed in a C string. The directory must be empty, exactly as with the POSIX rmdir(). The return value is 0 if unsuccessful, non-zero otherwise; this is the opposite of rmdir(). So, it's better to replace that snippet with:

if (rmdir(s)) break;

Re:Linux port ?

[grazzy]

i basiclly did this, first i created a private set off keys, i moved them to another folder, made a new set of keys that i copied to my serverfolder..

it doesnt seem to want to connect though..

Re:Linux port ?

[grazzy]

This code actually does work, with this patch you are able to both transfer files, connect, and chat.

The tricky thing is to set up the server properly.

The easiest way is like someone else pointed out to make a new profile in waste, (copy your own default.pr* files out of the way first).

Then, add your public SERVER key to your public-key list in the windows-client. And add your public-windows-client-key to the list of keys of the server.. (default.pr3).

Dont forget to NOT use a network name ( or make sure they are the same in your default.pr0 files).

If you want to join my server contact me on icq: 706826, or see http://waste.mjoelkbar.net/ which will be online soon.

Re:Linux port ?

[kyoorius]

I believe to successfully handshake you need to also import the connecting party's public key.
So, just posting your key+ip isn't going to cut it.

Re:Linux port ?

[grazzy]

see tutorial on: http://grazzy.mjoelkbar.net/waste/

Re:Linux port ?

[grazzy]

Wrong url:
http://grazzy.mjoelkbar.net/waste/

Re:Linux port ?

[Kompressor]

Oddly enough, my other machines are fender and peavy. Can you guess the naming scheme?

At the time I hadn't read any of William's stuff, although I own all his books now. Go figgure, eh?

Re:Linux port ?

[silence535]

Triesd to do this, but it segfaults for me after I enter the password.

Hmmm...

-j

Re:Linux port ?

[uid8472]

You're trying to link C++ object files with cc instead of c++ or g++; thus libstdc++ isn't linked in and you get lots of undefined symbol errors for things like new and delete and throw. The Makefile needs to be poked at, it seems.

Re:Linux port ?

[gurumeditationerror]

someone open up a sourceforge.net account for this and get it on cvs so we can all work together on making it work on linux asap...

Re:Linux port ?

[StarKruzr]

Grazzy, do you know where there is a mirror of the program up?

Re:Linux port ?

[Kompressor]

I'm already in the process of doing that. I'll post here when it's alive.

Re:Linux port ?

[grazzy]

Binary mirrors:
http://130.236.227.49/waste.zip
http:// grazzy.mjoelkbar.net/waste/waste.zip

Source mirrors:
http://grazzy.mjoelkbar.net/waste/waste- source.tar .gz

Re:Linux port ?

I have got it to work. However it seems, that before connection can be made, both sides must import public key of opposite side. So publishing of keys anywhere makes no sense, until the people who want to connect to your server will send you their public keys. You import their keys, they import your key and then it works. I don't know if it was ment to do so, but it does.

Off-topic: your sig

[Osty]

Come play good old-fashioned Team Fortress Classic @ chase.bithive.net.

What a sad day it is when TeamFortress Classic is called "old-fashioned". Back in my day, we played the original TeamFortress, the modification for Quake 1. We played on modems, and if we had a 300ms ping, we liked it! Bah, new-fangled TFC. The Holy Hand Grenade server (24/7 canalzon, may it rest in peace) was the place to play.

And don't even get me started on the butchering of TF that TFC did. (HWguy can walk and shoot? and what was that monstrosity cz2 that was supposed to be a follow-up to the venerable and perfect canalzon? And the scout must've put on 30 pounds, because he sure slowed down. Ack!) I guess I'm showing my age (mid-20s, and already ancient).

Re:Off-topic: your sig

[Cecil]

Back in the beta1f days, I always found Quake 3 Fortress to be a much more accurate conversion of Team Fortress than I did Team Fortress Classic. I can't speak for it now, as I've lost my CD of Quake 3 somewhere.

I used to have faith in the TeamFortress team, even after they "sold out" to Valve as everyone called it at the time. The more products they create -- something which appears to have come to a stop given the speed of development on Team Fortress 2 -- the more I realize that it must have been purely by accident that Team Fortress was as good as it was, and more a function of the community of mapmakers and server admins than it was of the developers.

And yes, the ridiculously fast scout rocked :)

Re:Off-topic: your sig

[Osty]

Back in the beta1f days, I always found Quake 3 Fortress to be a much more accurate conversion of Team Fortress than I did Team Fortress Classic.

Pretty sad that a clone of TeamFortress is more TeamFortress-like than a port of TeamFortress by the TeamFortress team, isn't it? I'd put part of the blame on the Half-Life engine, because I don't think it was ever meant to have the faster-paced action of Quake 1 or Quake 3 (nevermind that it was based on Quake 1, it was so modified that it's almost an entirely new engine). Q3F was definitely fun, though I never really found the community to be as tightly knit as the original TF1 community (mostly due to the fact that the idiot population in public online games really exploded in the late 90s/early 00s, and that I don't have time to dedicate to a clan).

used to have faith in the TeamFortress team, even after they "sold out" to Valve as everyone called it at the time. The more products they create -- something which appears to have come to a stop given the speed of development on Team Fortress 2 -- the more I realize that it must have been purely by accident that Team Fortress was as good as it was, and more a function of the community of mapmakers and server admins than it was of the developers.

The original TF was definitely great because of the excellent maps (not the standard CTF maps like the 2forts, though 2forts was a decent fallback, but the innovative ones like canalzon and hunted and rock), great servers, and fun players. However, I'm still enough of a TF fanboy that I still hope TeamFortress Software can pull it out of their ass and give a good showing with TF2. Judging by the suddenness of Half-Life 2 (who really knew they were going to show it at E3 until only a few weeks before? and who knew that it was so close to being done?), I'd expect TF2 is probably only a year and a half away (uh-oh, I just set myself up. come back in two years and I'll eat those words). We can hope, anyway.

In the meantime, I have my RTCW on XBox Live to satisfy my arcadey team-based multiplayer needs (Day of Defeat is too simmy for my tastes, I don't like dying in one or two shots; I haven't played BF1942; and though I have RTCW on PC and there's a free new expansion for it, I'm hooked on the XBox Live Communicator).

SSH!

ssh, now!

AOL Time Warner...

[tolarianacademy]

...owns Nullsoft, (as already mentioned by leviramsy) but an interesting theory had been presented to me, suggesting that AOL Time Warner has for some time been planning to trump Apple's iTunes store. Maybe they are planning to power such a service with peer networking? I have never beleived this personally because AOL Time Warner would just as soon want to have everyone surfing from the same servers anyhow, and a decentralized system would only tax their bandwidth more. Maybe...maybe they will release such a service that utilizes both p2p transfers in combination with traditional server-to-client transfers, and maybe use it as an advertising platform for AOL, giving AOL users better functionality, or maybe even restricting server-to-client transfers to AOL users once the service becomes popular. Does anyone else think this idea is bogus? I find it hard to beleive, but I can't figure out how else Nullsoft could be /allowed/ to create this new service.

Re:AOL Time Warner...

[Isosonys]

what service? I see software, Free software at that with code. Maybe someone got bored at the office?

Re:AOL Time Warner...

[compubomb]

I believe, that this software was designed to give the public a private place to hold conversation, without worrying about possible RIAA or MPAA threats to aim for conversation logs. This software gives freedom to share to those we know, without being spotted via some moron wo forgot to turn off logging. It gives people a chance to stay anonymous, atleast for me anyways, i talk about stuff like how big my johnson is, that way if any agency ever wanted to look me up, they would just say, he's a sick perv, whothef*** cares about him.

Re:AOL Time Warner...

[afidel]

If I remember correctly Justin's contract basically gave him complete freedom from luser management as long as he didn't do anything illegal. Besides he got so much dough from AOL that he could just work on it at home and release it, though it would lack the Nullsoft name that obviously gets it more press. This would be pretty worthless from AOL/TW's perspective, for that they would probably want something like BitTorrent with user authentication.

Re:AOL Time Warner...

[Cyno]

AOLTW? They're not that smart.

Re:AOL Time Warner...

[devnull17]

I think AOL bought Nullsoft almost exclusively for Winamp. Its members were probably guaranteed employment by AOL for a certain amount of time, and are most likely allowed a good deal of freedom in what they work on, as they've demonstrated that they can produce good things when working autonomously.

Here is the full source

[infonography]

Here is the source for those who are wondering what it's all about.

---

WE AWAIT SILENT TRISTERO'S EMPIRE.

Waste

[Heartz]

What a WASTE of my time :D

Why didn't they call it "Idiot"?

[Futurepower(R)]

"Waste" is such a user-friendly name. NOT!

Another example of the marketing skill of technically minded people?

Re:Why didn't they call it "Idiot"?

[driftingwalrus]

Beleive it or not, but they're not trying to sell it. You only need marketing if you plan on selling it.

Re:Why didn't they call it "Idiot"?

[catbutt]

I don't think that comment was a troll. He made a very good point -- why in the world would someone name their product/project/whatever a name like "Waste"? I guess its supposed to have some sort of amusing irony or something (like the band "Garbage"), but to me it just gives an instant negative impression.

Re:The USA is Dying

Woohoo! Will Canada give me refugee status? I heard they had JOBS and free health care up there!

Packin' my bags!

Re:Grammar Nazi, alive and kicking

[matttastic]

ahem, it's Messaging.. no N

Thank you, have a good day/evening

You begin sentences with a capital letter.
Ho ho.

Re:fix what needs fixing

[UniverseIsADoughnut]

" Winamp 2.9 is the latest release of the Winamp 2.x codebase, which takes most of the good ideas that went into Winamp 3 and codes them back to an API free of excessive abstraction. It's been out for weeks, if not months. Check your facts before posting."

How about you read my post again before you tell me what to do. I said "2.81 or whatever the latest 2x version is" . so that's 2.9 I never carved my answer in stone, I made it clear that I was not sure what the latest version was.

Revolution of Filesharing?

[cyberm_acc]

I'm suprised no one has mentioned the obvious. This is a terrible blow to the RIAA and the all the people who have been trying to sue filesharers into oblivion.

There are two uses I see for this:
There are going to be groups of people dedicated to one theme, for example, Horror Movies, or Horror Movies with mutant bees, sharing all their Horror Movies, you will need a certain ammount of Horror Movie Uploads for Downloads and noone will ever be to know you had Queen Bee 1-3.

If you replace Horror with new release you get lots of small miniDonkeys, many interconnected and unstoppable.

I'm convinced this is a revolution in filesharing because it solves the two biggest Problems filesharing has, crappy downloads and getting sued.
The downloads will be of really good quality beacause you will be sharing with friends of people you know from chatting and if the put crap in their upload directory they won't be one of your cirle of friends much longer.

Getting sued is obvious, noone will be able to tell what you are doing (the might be able to guess that all those people on cable are not running a vpn yet) as just your circle of friends know. There is still the possibility that one of your friends is a traitor but i would call that a rare chance.

Re:Revolution of Filesharing?

[SiW]

You mean just like Direct Connect?

The enforced ratios (e.g. you must be sharing 10gb of Dave Matthews sets) are what makes DC so annoying and elitist.

Re:Revolution of Filesharing?

[cyberm_acc]

there was filesharing before napster, there was peer-to-peer before gnutella, so what. I'm not talking about enforced ratios here, since I would like to see it solved through social interaction.
i imagine a world where there are going to be waste networks in dorms, at workplaces, schools wherever and it is going to be terribly hard to cut it off.
Anyway waste or not waste, I believe this going to be the future, community based small networks of filesharers, based on specialties whereby groups are looseley connected to a bigger net.
Just look at things like sharereactor, maybe i should not have written minidonkeys but minireactors (you know they are going to power your ipod, one day)

Re:Revolution of Filesharing?

Especially if you are trying to GET 10gb of Dave Mathhews. I used to try to get warez off of friend of mine. He had hundreds of gigs of EVERYTHING you could ever want. So, you'd ask for something and he'd ask -- "so what do you have to trade?". If I had something to trade -- I wouldn't be asking you for warez! It's a vicious circle.

Re:Revolution of Filesharing?

[MyHair]

I'm convinced this is a revolution in filesharing because it solves the two biggest Problems filesharing has, crappy downloads and getting sued.

I couldn't read the artilcle (link wouldn't resolve), but from what the others are saying you have to trust every node.

You'd really have to trust your "friends", and I don't see how finding new friends would be made easier with Waste as opposed to real life CD swapping or whatever.

Re:Revolution of Filesharing?

[ryanwright]

The enforced ratios (e.g. you must be sharing 10gb of Dave Matthews sets) are what makes DC so annoying and elitist.

Not to mention cool. DC hubs generally have high quality goods. If they let any ass connect, they'd be no different than Kazaa.

I get my Enterprise episodes from DC hubs. Sure, it took awhile to build up a decent collection elsewhere before I could connect to the better hubs, but that's a sacrifice I was willing to make for high quality, early releases of new episodes.

Re:Revolution of Filesharing?

[Ryan+Amos]

Yes, except all you really have to do is creat 10 GB of zeroed files, which also makes DC annoying, because people will have shit like "MATRIX REVOLUTIONS OMG.AVI" and it's a 700 meg file that contains nothing but zeros (or /dev/random.) Download a couple of these thinking they're legit and you'll realize how fucking worthless DC is.

Re:Revolution of Filesharing?

Because all the pear shaped nerds wouldn't have to get up out of their chairs to walk down the hall to give a friend a burned CD. This way, they can grow around their chairs and NEVER HAVE TO WALK AGAIN. Of course, they're gonna need a forklift when they have to move...

Re:Revolution of Filesharing?

[ryanwright]

Download a couple of these thinking they're legit and you'll realize how fucking worthless DC is.

Boy, you've been hanging out on the wrong hubs. I've found plenty of heavily moderated hubs, and people who pull this shit are banned quickly. I accidentally left my download folder shared, and was kicked for sharing incomplete files (because I was in the process of downloading them!). I unshared the folder and logged back on. No harm done. In fact, I enjoy that hub even more now that I know I won't spend several hours downloading a broken file.

Getting it to work.

[commonchaos]

Looks like you not only have to trade public keys with your friend, but somebody needs to have WASTE on a public IP with port 1337 open.

Re:Gnutella - YES

the code wasn't "leaked" or "reverse engineered" the code was released under the GPL on nullsofts website at the same time as the executable.. exactly the same way as this program has been handled.

They most likely knew aol wouldn't like gnutella at all.

Re:License? GPL

[harlows_monkeys]

Seems like conflicting information to me.

I goofed, and grepped for "gpl". "gnu" would have been a better grep term.

However, there's still the rsa directory, which contains stuff not compatible with GPL. (Which puzzles me...since waste is GPL'ed, why didn't they use gmp for the math, or whatever gpg uses?)

By their calculations

[LiquidCoooled]

To the MPAA, 50 nodes running on a fast network means there are really 300 wicked infidel filetraders!!!!

Re:By their calculations

[anonymous+loser]

Yes, and at least $34 trillion in lost movie ticket revenues for every copy of Waterworld or Earnest Goes to Camp they find on the network.

daemons name

Is it called wasted ?

Re:daemons name

[wronskyMan]

I can't use it on my network-it's a WASTE of bandwidth..

Re:daemons name

[tweakt]

It's PEER to PEER... there is no server ;-)

Everyone invented Gnutella

[CrazyJim0]

I think hundreds or thousands of coders thought of this shit, especially when Napster got shutdown.

I personally came across it when removing a section of my P2P anti hacking designed for Diablo 1 to be secure even without a central server.

Interestingly enough, I was going to call my Gnutella: Dumpster

Which is cool they're naming their software: Waste

Lets see how it turns out

It's a really useful tool for business too

[Eminence]

WASTE is something that is indeed very useful for small company or teams (especially dispersed teams) in larger organizations. In many places one or another IM system is being used to communicate with team members. Over ICQ or AOL contracts and employment conditions are discussed, remarks about contractors and clients are passed etc. That is a huge security leak if you look at it from a certain prospective, especially for some profiles of companies like small consulting firms with employees regularly using clients networks. WASTE is a simple to use and free method of closing that leak.

I know at least two small companies that should adopt WASTE immediately and I would advise them to do so. One is a PR company with 2-10 people offices around Europe, where ICQ is frequently used as a discussion medium. Other is a small consulting company. Someone eavesdropping on their ICQ chats could seriously damage both of them.

Re:It's a really useful tool for business too

They could use AIM on Trillian with SecureIM set.

Re:It's a really useful tool for business too

[Eminence]

Why use AIM - and have to rely on their servers as well as network to those servers - when you can have your own, independent and secure network that is even resistant to traffic analysis?

And if SecureIM in Trillian is the same as a Miranda plug-in I know then I don't trust it that much as I don't have the source.

Re:It's a really useful tool for business too

SecureIM on Trillian isn't really that secure. Someone analyzed it quite a while back and found that it was fairly trivial to crack... With the requisite knowledge, anyhow. I wouldn't be able to do it myself, but I could learn enough to do this if I were so inclined.

It arguably is worse than plaintext, as it gives people the impression that the conversations are secure when the truth is that they are nothing of the sort ... And never mind the plaintext logs that (I'm sure at least) 90% of Trillain users keep on their own computers.

Re:It's a really useful tool for business too

[javatips]

SecureIM only do encryption. There is NO way with SecureIM to be sure that you are talking to the right person.

It would be very easy for some network admin to do a man in the middle attack by intercepting all the trafic between you and your buddy (with the initial key exchange) without you knowing anything about it.

Having a false sense of security is worse that knowing that your communication is NOT secure.

A better way, would be to use PGP to enrypt your communication with your buddy. At least, if your are confident you obtained your buddy real public key, you know you are talking to the right person.

Re:It's a really useful tool for business too

How about Jabber? They can set up their own server and chat with that. If all the offices are linked with VPN links, then the traffic is as secure as the VPN itself is. Otherwise Jabber clients do exist that have integrated encryption.

On top of this, you can install gateways on the server for other chat networks, should those clients need that connectivity.

Moderators?

[dubstop]

How the heck did this get moderated as informative and insightful? It's full of links to slashdot pages that don't exist.

If somebody's embedded false links in their post, doesn't that cast some doubt on the rest of the information that they've provided?

Re:Moderators?

[Tim+C]

Because people moderate that sort of post without bothering to check to see if it's accurate or correct?

Besides, posts are frequently moderated up, then back down again as other people realise that they're not as good as people initially thought...

Re:Moderators?

[watzinaneihm]

I'm sure it was most probably an innocent mistake. Something about relative URLs.

Re:Moderators?

[br0ck]

Ignoring the fact that he just posted the text from one of the links in the original article.. if you go to his first WASTE Description link, you'll find that he just neglected to use full paths.

download available
download source
GPL license
more information about network architecture
more information about security

What no LibTomMath for bignum RSA?

[tomstdenis]

Oh darn. Looks like they used some homebrew crap for their bignum stuff.

Common LibTomMath is like a billion times faster [not to mention very well tested]....

Plug plug plug!

http://math.libtomcrypt.org

Tom

Re:What no LibTomMath for bignum RSA?

[Troed]

Moderators that don't know what "bignum" is and how it's realated to WASTE shouldn't mod informative comments "offtopic".

Re:What no LibTomMath for bignum RSA?

"oh, they didn't use this [library that implements really common and well-studied but, in the scale of things, unimportant, functionality] that I wrote, which of course everyone should know about, for their software. this of course means that their software is bad and slower [space where actual evidence to back up this assertion would go in a meaningful comment here]. anyone who even considers doing task X without my [library that implements really common math function] is doomed to have horribly slow [since all the software does is run this functionality over and over again] and untested software!"

Re:What no LibTomMath for bignum RSA?

[tomstdenis]

Hey I'm allowed to plug my TOTALLY OPEN AND FREE library which people seem to use [otherwise they wouldn't download version x, then version x+1 when it comes out, etc...]

Sure I admit it was a bit of a shameless plug but quite frankly my math lib is a HECK OF A LOT faster than the bignum code in WASTE.

Point in case, I offer Comba multipliers and optimal sliding window exponentiation. Those two alone will make my lib [which is pure ISO C] considerably faster.

Not only that but did I mention my lib IS FREE AND TOTALLY OPEN SOURCE?

Tom

Re:What no LibTomMath for bignum RSA?

[cobar]

Why not post a message to their mailing list advocating your lib or better yet a patch to use it. Moaning on slashdot seems unlikely to get their attention.

Re:What no LibTomMath for bignum RSA?

[tomstdenis]

Meh, I'm far too busy [writing a book] to patch their software. Plus I scored 3000 hits to the site today. All in all cool.

Tom

Re:What no LibTomMath for bignum RSA?

[Luminair]

Telling Slashdotters won't help.

Here, tell the WASTE folks instead: http://forums.winamp.com/forumdisplay.php?forumid= 154

Re:downloaded, now what?

Same problem here - does it require some sort of server?

Re:Grammar Nazi, alive and kicking

Haha, nice work.

AC
www.utmostmusic.com

Another thing that's built into Win2k's VPN

Another thing that's built into win2k's VPN is a host of security problems. I know I personally will setting one of those up myself!

Re:downloaded, now what?

[zonix]

okay i've downloaded it. now how the hell do I connect to someone else and start talking?

You need to have friends, dude! :-)

z

Looks great but...

[randomErr]

The software looks great and installed like a dream but How can I test it?

How can I point it at a node that will allow me to try it out? I ask this because what if someone is on the internet and needs to connect to me network. How do I point them to my network?

Re:Looks great but...

[tamagen]

You need at least one other client running somewhere.

You both need to enter each other's public key into your client to get started. This step shows that you "trust" one another.

Anyone else who wants to join your "network" must also enter one of your existing network members' public key into their client and have that existing member enter the new user's public key into *their* client. This step automatically makes the new person "trusted" by all the other members of the network - the important part is that you don't have to explicitly swap public keys with EVERYONE - just with one member of the network. The client does the rest once you connect to the network - see below.

Now, to get started and initially connect to someone's machine, enter their hostname or IP address (not their "username") into the "Network" window. This primes your client - it will then discover all it needs to know about the other members of the network, since by default, each client will be broadcasting discovery information (usernames, hostnames, public keys).

The "Browser" window shows all the users in the network, but currently ONLY if they are sharing one or more files. So, get each person who joins the network to share at least a test file so that they will always appear in everyone's "Browser" window.

Right-click on any names in the browser window to start interacting with them.

HTH

Did anyone else read what this was and go "huh?" ?

I read the description of what this software is supposed to do and I still don't get what it is supposed to do. I read about how it said that your friends could spy on you. Does that mean it creates a virtual hub that anyone can start packet sniffing on who is part of the inner circle? What's so cool about that?

Re:downloaded, now what?

[dpu]

i'm going to bite my tongue about "leeches" and actually help a bit here.

reading the docs, it becomes apparent that in order to connect to other people, you need to know their public key, and vice versa. i'm paraphrasing, but that's essentially it :) good luck!

OS X

[Dashmon]

Can anyone tell me how to build this thing on OS X?

Re:OS X

Or explain why the dist posix makefile has this obnoxious option set?

-march=pentiumpro

Re:OS X

I'd love to know as well! Can't figure out how to build!!

Re:OS X

[tamen]

Change the name of the "Makefile.darwin" to "Makefile". and cd to the directory which hold the Makefile and run "sudo make". (Not sure if it needs a sudo).

The process fails though :(
With the following errors:

xfers.cpp: In member function `void XferSend::onGotMsg(C_FileSendRequest*)':
xfers.cp p:350: warning: passing negative value `-1' for argument 1 of `void
C_FileSendReply::set_index(unsigned int)'
xfers.cpp: In destructor `XferRecv::~XferRecv()':
xfers.cpp:812: `RemoveDirectory' undeclared (first use this function)
xfers.cpp:812: (Each undeclared identifier is reported only once for each
function it appears in.)

I have no idea how to get on from here. It was pure luck I found out how to get the building going ;)

Re:OS X

Step one: Buy a PC.
Step two: download program
Step three: use program
Step four: post on /. and laugh at gay Mac users who can't find software for their stupid platform
Step five: get rid of over-priced Mac

Re:OS X

[teridon]

Edit xfers.cpp -- comment out the line with RemoveDirectory (place "//" in front of it)
There's still a bunch of warnings, but "wastesrv" compiles and runs.

Re:OS X

[Dashmon]

Better yet: in platform.h, under the #define CreateDirectory(x,y) mkdir(x,y); (at least, that's where I did it), add a line:

#define RemoveDirectory(x) rmdir(x)

I think they did write an rmdir function, but they just forgot to define RemoveDirectory as rmdir. :)

Re:OS X

[tamen]

Ive got it running now. But wastesrv wants to know the password at startup. Which I dont know. Asfar as I can see the window version starts out by making a new key. No such luck here I guess.

Re:OS X

[Dashmon]

Same problem here. I'll see if I can come up with something. shouldn't be too hard, all the functions are cross platform, I think.

Re:OS X

[headhot]

dl the windows client to a windows machine, make the keys and move the defaul.pr3 and default.pr4 files. put all your public keys in the .pr3

thats all i have sofar and it doent work.
Tom

Re:OS X

you left out the step where you are a moron

Re:OS X

[crymsan]

The program is built, but has anyone had luck getting it to connect to another client? I got a private and public key from a windows client, however the program doens't appear to bind to a port and other clients cannot connect to it.

Trillian?

[iion_tichy]

I thought Trillian also encrypts messaging with other Trillian users. I don't think I have grasped the whole point of waste yet? Perhaps that it adds Filesharing as well? Also, how does it find the other hosts without a centralized server?

Re:Trillian?

Trillian doesn't encrypt messages. However, you can run it through an encrypting proxy like SIMP and that'll encrypt all but file transfers provided that a) the mate to whom you're talking has SIMP too and b) the key-swap goes OK. SIMP's kinda cool, and pretty stable.

Re:Trillian?

[jmanning2k]

Um, yes it does. It encrypts IM traffic with other Trillian users through both the AIM and ICQ protocols. They call it SecureIM.
Next time, check your facts before you just dismiss someone like that.

Key exchange

[yem]

"Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure."

IIRC, key exchange is where most encryption schemes fall down. If this ever takes off I'd guess 99% of users will trade keys over plain ol unencrypted SMTP.

Nice summary though - this really does look interesting.

Re:Key exchange

[DeltaSigma]

But if I've trained my friends in the use of PGP/GPG I could send them my public WASTE key encrypted with their public PGP/GPG key and have a secure exchange right?

Re:Key exchange

[CrypticOutsider]

IIRC, key exchange is where most encryption schemes fall down. If this ever takes off I'd guess 99% of users will trade keys over plain ol unencrypted SMTP.

And what's wrong with that? You're exchanging your public keys.

From the Waste setup guide:

8. At this point you should copy your public key to the clipboard using the button labeled "Copy my public key to the clipboard" and then paste it into an email/IM/whatever to give it to the person(s) you wish to connect to.

9. You should also acquire the PUBLIC key of the person(s) you wish to connect to via some means, and then click the "Import public keys..." button in order to import their PUBLIC keys. Once you import their PUBLIC keys, there should be a message in the setup wizard telling you how many keys are loaded total.

Re:Key exchange

There is nothing insecure about exchanging public keys in, well, public. If someone is listening in on the exchange, there is nothing they can do with that information. They can't decrypt messages on either side with the public key.

A real risk is accidentally accepting a key from someone you think you know. The whole system is only as trustworthy as the people using it.

Re:Key exchange

[zemkai]

And what's wrong with that? You're exchanging your public keys.

Nothing's wrong with it, so long as you get on the phone or similar and confirm the validity of the key's fingerprint.

-ZK

Re:Key exchange

[DeltaSigma]

So on a WASTE system you accept public keys from applicants to your network? Well if that's the case then just a general discerning eye should be acceptable, as long as you trust everyone on the network to scrutinize as you do, which I would. Thanks a lot for the info.

Re:Key exchange

[mr_burns]

My friends and I have set up gpg encrypted/signed chat using fire on OS X. What we did was create local chat only keypairs on our machines, then exported armored pubkeys and uploaded them to a directory on a server for which we all have access via ssh -2.

So we know that our means of acquiring keys is relatively resistant to MITM. To be more secure, we could chgrp the keys for just us and chmod them 640.

Of course, we have to trust the integrity of the machine, but it's better than the automatic key exchanges that trillian and fire offer and more convenient than burning cd-r's of your pubkey for every member of the group and then meeting up with every person you add for a face to face exchange.

We Await Silently Torvalds' Empire?

[phr2]

slightly different from Pynchon version...

good name...

[fok]

. "I waste you when I get home"
. "Have you been wasted today?"
. "Be right there... just let me waste someone..."

and so on and so forth...

i want a miniDonkey

imagine the new minidonky shows! "...many interconnected and unstoppable."

too much fun!

W.A.S.T.E.

[nutznboltz]

http://tinyurl.com/cy1z

W.A.S.T.E.

[nutznboltz]

We Await Silent Tristero's Empire

linux?

[demmer]

g++ -O2 -s -pipe -march=pentiumpro -c -o connection.o connection.cpp connection.cpp: In method `C_Connection::C_Connection(int, sockaddr_in * = 0)': connection.cpp:41: warning: converting NULL to non-pointer type connection.cpp: In method `long unsigned int C_Connection::get_interface()': connection.cpp:771: passing `int *' as argument 3 of `getsockname(int, sockaddr *, socklen_t *)' changes signedness make: *** [connection.o] Error 1 any ideas?

Re:linux?

[JakusMinimus]

yeah, the root of this is a #define for socklen_t in the non-win32 code (which is already typedef'd in system headers). my solution was to put a #ifdef POSIX around the define.

Re:linux?

[JakusMinimus]

ahh crap, i forgot to mention where the offending #define was. its in platform.h

slighly OT: Jabber communication encryption

[Ahaldra]

*sigh* so many jabber clients - so many implementations. It seems as if noone developing a jabber client actually cared to look into the official proposals.

So, if you are a jabber client developer or intend to become one, see this article for a proposed handling of Open PGP -type encryption.

Re:slighly OT: Jabber communication encryption

..if noone developing a jabber client..

Who is this Noone guy? I keep asking, but no one seems to know.

Everything needs to be marketed.

[Futurepower(R)]

I don't agree. Everything needs to be marketed. Giving something a name with negative connotations slows acceptance, or may even stop it. They want users don't they?

Re:Everything needs to be marketed.

as said overand over and over again, it's a reference to Pynchon's "Crying of Lot 49".

And, presumably, they don't care if retarded yuppies like yourself don't like the name. And, actually, i would bet that they don't really care about getting users; this has the hallmarks of a project that was developed for internal use and released because it was cool.

Re:Everything needs to be marketed.

[SubtleNuance]

I don't agree. Everything needs to be marketed. Giving something a name with negative connotations slows acceptance, or may even stop it. They want users don't they?

I dont agree, giving "marketing" too much weight is folly -- *I* dont consider it, actually, I am repulsed by Advertising and Marketing as intentional manipulation -- if you must resort to attempting to manipulate(lie) about something you are not honest enough for me to have a relationship (..like use your product for example.)

Things (ideas/products/works/art/whatever) either stand on their merit or they do not, no amount of marketing changes that. Unless, of course, you are irrational and easily influenced...

New poll:

[An+Onerous+Coward]

How long after release will somebody post the first Linux port?

- 24 hours
- 48 hours
- 72 hours
- 1 week
- The developers will spend the first month arguing whether to use GTK, QT, or wxWindows.
- It will be done when CowboyNeal says it's done.

Re:New poll:

[tunabomber]

I'd like to complain about the lack of options. How about negative 2 hours?

A trojan distributors wet dream... or a terrorists

My fear is how long would it be before this becomes the replacement "in" software for trojan and backdoor installers.... they are already using serv u and placing download/upload dirs in c:\recycler ...

Oh and the other question is how long before the US shuts this down using "al caida" and encrypted terrorrist communications as excuses...

Maybe because it's for work, not pleasure

[edxwelch]

I got the impression that it was aimed for small groups of people working on a common project, at least it could be very useful for that purpose

Re:Maybe because it's for work, not pleasure

[MikeVx]

I got the impression that it was aimed for small groups of people working on a common project, at least it could be very useful for that purpose

I'd been hoping that someone would write something like this for a while. A friend and I have assorted projects we tinker with and this would be a less-complicated means of swapping web page files, software logs, source code, core dumps, etc than we are currently using.

Re:What's better?

[mareshagger]

well im afraid i cant say....not having ever 'had' nullsofts waste!!

American McGee's Waste

[suso]

Now that's what I'd like to see. Well, wait, maybe not.

MOD PARENT UP

[dreamchaser]

That certainly was both ontopic and informative. As the other poster replied, just because you don't understand something doesn't mean it is offtopic. The parent post has a direct relation to encryption and how it was implemented in WASTE.

uh

[smoothPorn]

Since the security in WASTE relies on encrypted links, and messages are not encrypted point to point, a node on the trusted network could easily sniff or spoof messages. So yes, your friends can spy on you. But you were not really worried about them, were you?

I guess not..??..

please.

[indead]

"Uh... yeah... Duuuuude - wouldn't it be cool if I, like, wrote something like NAPSTER? Yeaaaah..." is not the same as actually creating a piece of software that works.

Hundreds of thousands of coders may have had a similar idea, but Nullsoft invented Gnutella.

Re:License? GPL

rsa = in public domain. so it's all on the up n up.

It could work.

[HanzoSan]

50 people can share files and even if just one of those 50 has access to files, they all do.

Re:It could work.

[jd142]

Hmm. What if I'm a member of two groups? Would it be possible to have one node act as a "trust broker" intermediary between two disparate groups of trusted individuals. If so, then this could even be a way to help eliminate spam.

Say Harold wants to send me a message. Harold is in the same group as Mary, who is in the same group as John who is in the same group as April, who is in my group. So I trust Harold through that chain of trust and so I can collaborate/accept e-mail from him through that chain.

I don't know enough people or have enough computers to test out how a long chain would work with this software.

Re:It could work.

[AceM2]

Seems like overlapping groups would mean...One big group..

Re:It could work.

[Suppafly]

it's just like friendster.com

Time well spent

[fooguy]

We all know what happened when they released Gnutella, this should be gone in the day.

In the mean time, the playlist editor in Winamp3 shits everytime it meets my MP3 folder...

You're missing the point of the tool

[nhavar]

It's not about anonymous P2P'ing it's about small colaborative networks (think BUSINESS). For example it would be great for a small OSS team to use to collaborate, share files, etc without needing to rely on the commercial (AIM, YAHOO, MSN, ICQ) messaging. Plus it adds a level of security not found in other products.

Not everything on the internet is about anonymity. As I remember it there's no constitutional guarantee of anonymity, why people keep assuming that if they're on the net they're entitled to that right I don't know.

Re:You're missing the point of the tool

[banzai51]

There is no Constitutional guarantee about having clean air to breathe, yet everyone keeps clamoring about it. Maybe the Constitution is more about the spirit of the law rather than the letter? Hmmmmmmm.

Re:You're missing the point of the tool

[zemkai]

As I remember it there's no constitutional guarantee of anonymity, why people keep assuming that if they're on the net they're entitled to that right I don't know.

The short answer is "History and Case Law." But don't take my word for it... peruse some of the info on the following page(s).

CyberSpace Law Center

-ZK

Re:You're missing the point of the tool

[timeOday]

As I remember it there's no constitutional guarantee of anonymity, why people keep assuming that if they're on the net they're entitled to that right I don't know.

I really bothers me that people think the Constitution is an attempt to enumerate each of our rights. That's a horribly destructive assumption.

Re:You're missing the point of the tool

Right, this was one of the key arguments during the ratification of the constitution. One group was opposed to it because there was no enumeration of rights, the other group was opposed to any enumeration of rights for this very reason, that by not putting some important right in the list, (accidental omision, oversight whatever) we would lose that right.
Just because it is not in the Constitution does not mean it is not a right, in fact the only thing you can say for sure is that the constitution forbids certain rights,(private citizens can't declare war, etc) It protects ALL others, mentioned or not.

Re:You're missing the point of the tool

[Suppafly]

The constitution doesn't enumerate rights, people that think so are stupid. The constitution lays out what the gov't can do and says that everything else is reserved for the people.

Not to mention the fact that Roe v Wade established a constitutional right to privacy atleast for women.

Re:You're missing the point of the tool

roe v. wade? how do you fit that into a conversation about internet privacy? "not to mention the fact..." i mean really... i dont understand how roe v wade has anything to do with the topic at hand... and its not even "a constitutional right to privacy atleast for women".... its not even a constitutional admendment... its not in the constitution... its just a precedent set by the courts... and now ive thrown this off topic... people like you piss me off

Impressive

[hafree]

Wow nice going inventing a P2P network that finds other nodes via broadcast. Nullsoft invented something that already existed 20 years ago. Nice job!

support?

[marcushnk]

Anyone one know if there is a forum for user user support??

Did you see what I saw?

They released it under the GPL, not the BSD license.

Suck it down.

hotline?

hotline?

off-topic mod

[Steve+Cowan]

I'm browsing with a few mod points, and while I never touched that comment, I would have metamodded an off-topic mod as 'fair' on it because...

It *LOOKS* like it's off topic. It's a fact of life on /. - as mods we try to make things easier to read by weeding out the crap. To those of us who don't recognize the reference(excuuuuuuuuuuuse me) it looks like crap... the 'n' side of s/n.

Advice: if you post an obscure reference you run the risk of being modded down unless you explain yourself. Accept it, it's a fact of life. A quality post of this nature should provide at least subtle clues that it is relevant. It's just a product of the self-moderating slashdot society.

Try browsing flat at -1 and see the crap that gets modded 'off topic' and 'troll'.

Re:off-topic mod

Oh boy. A n00b with a 500000+ ID pontificating on the Zen of Slashdot. Now I've seen everything.

~~~

Re:off-topic mod

[ahrenritter]

And this anonymous comment is so much better because?

Re:off-topic mod

[The+Bungi]

It's just a product of the self-moderating slashdot society

So I suppose you've never come across the terms "thread bitchslap" and "blacklist", eh?

I don't know if I speak for anyone else, but as far as I'm concerned I'd rather you people just stick to moderating without clueing us dregs as to what motivates you to decide if something is "crap". Ignorance is really bliss in this case.

Thanks!

Re:off-topic mod

Hi, it's me Steve again, as ac to save my karma. Look, personally I don't use my points on stuff I don't know anything about, which is why I said I "didn't touch" the original comment.

And I said that I probably would have meta-modded the "offtopic" mod as "fair" only because it *looks* offtopic. I agree, however, that it didn't deserve the "offtopic" mod, which I reiterate is *NOT FROM ME*. I would never mod something down just because I didn't know what it meant.

BTW sure I'm a noob, whatever, but I do have a clue about the purposes of moderation -- it's like being given a few coloured highlighter markers to help people find the types of comments that interest them. And as posters we have to remember that some people are more skilled with those highlighters than others, so we have to be careful how we word stuff sometimes so that we don't mislead an uninformed moderator.

Re:off-topic mod

[John+Harrison]

If a post is about things you don't understand, then you should simply LEAVE IT ALONE in M2, rather than applying your ignorance destructively.

When I M2 I regularly leave 2, 3, or sometimes even 4 or the 10 moderations untouched because I don't have the time to investigate them to see if the comment really is moderated fairly or not.

A Letter to control about the Big Brother

[olijenkins]

Just noticed this in the connection negotiation. 26. A sends B the constant 16 byte signature ("MUGWHUMPJISMSYN2") Is this a subtle reference to the fact that this program provides secure communication (Mugwhump Jism)? Do I need to use a Clark Nova to write the reports on? Are NullSoft out sourcing there development work to Interzone? Me I`m just off to do the old William Tell Routine. Sorry for the abstraction in this post I've just given up smoking. Having tried the will power method, and patches. I'm using Bug powder dust.

What about a sourceforge project

[ag3n7]

Has anyone started a sourceforge product? If there is enough interest, I would take care of it (though I am not a coder at all).

email me at serverdude@hotmail.com if anyone is interested in further development...

Excellent name.

The WASTE system itself is related to attempts to communicate outside the culture. Since the traditional methods of ordering society have failed to provide the democratic freedom of the American Dream, the narrative proposes, the majority of people have withdrawn from the mainstream into alternative underground worlds. "Last night, she might have wondered what undergrounds apart from the couple she knew of communicated by WASTE system. By sunrise she could legitimately ask what undergrounds didn't." (The Crying of Lot 49 p.86)

-- from The Art of Narrative: An essay exploring the narrative techniques used in novels by Charlotte Brontë, Henry James and Thomas Pynchon, by Michelle Chapman

-- Dan Kegel

Missing one important feature

[maunleon]

Why not have it run as a service?

Let me explain: I would like to have a tool like this through which I can make the documents on all our public shares available for searching by users. We have documents and files spread over maybe 10-15 servers. There is no need to chat from those servers, all I need is have files shared.

I am not going to leave the servers logged in and have the app running all the time, for obvious security reasons.. but also because a remote reboot would bring the machine off the network.

Re:Missing one important feature

Have you considered installing a webserver (eg Apache or IIS) onto those 10-15 machines?

Re:Missing one important feature

[efficacymanUM]

Why not have it run as a service?

Assuming you are using windows as your platform of choice, a little program called firedaemon: FireDaemon will do the trick. Its free for noncommercial use, and there is a fully enabled professionaly verion. In my expierience i've found it works well for Folding At Home and SETI At Home before.

Re:Missing one important feature

[maunleon]

How would that help me? Wouldn't I have to set up a search engine that would index them? Besides, it's a lot more headache (page design, etc)

Re:Missing one important feature

Yes, but such kludges work best with non-UI programs.

where is the obligatory ...

screenshot ?

insert brain

Join the Slashdot First Post Club !! Details coming soon !

Re:name "Waste" -- Pynchon's The Crying of Lot 49

[elwinc]

I believe the name "Waste" is a references to Thomas Pynchon's novel "The Crying of Lot 49." In the novel, W.A.S.T.E is either a hoax or a secret system for communication, and (might) stand for "We Await Silent Tristero's Empire." Here's a little quote:

"Last night, she might have wondered what undergrounds apart from the couple she knew of communicated by WASTE system. By sunrise she could legitimately ask what undergrounds didn't....[H]ere were God knew how many citizens, deliberately choosing not to communicate by U.S. Mail. It was not an act of treason, nor possibly even of defiance. But it was a calculated withdrawal, from the life of the Republic, from its machinery. Whatever else was being denied them out of hate, indifference to the power of their vote, loopholes, simple ignorance, this withdrawal was their own, unpublicized, private. Since they could not have withdrawn into a vacuum (could they?), there had to exist the separate, silent, unsuspected world."

love 'em for the names

[Kircle]

"Waste" is such a user-friendly name. NOT!

My favorite name of theirs is NSIS, which I've heard is an acronym for Nullsoft Super PIMP Installation System. I mean, that name is just plain pimpin'. :)

Strange title

[Baloo+Ursidae]

Nullsof's Waset: Encrypted, Distributed, Mesh Net

How many other people saw the title of this article and immediately thought, "Oh, no! JonKatz wrote a technical review!"

The Right Hand Knows

[fm6]

In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.

Besides which, this software isn't particularly useful for illicit file sharing. For that you need a way to get into contact with strangers who happen to have a copy of the file you want to download. The encryption features would actually seem to work against that.

Also, this is technology that might be very useful to AOL. AIM's big drawback is that it's not very secure, and really shouldn't be used for sensitive corporate communication. (Though the engineers at my last employer used it anyway.) AOL could persuade people that are already using AIM for free to upgrade to WASTE in order to secure their communications. Not to mention the other features.

We Await Silent Trystero's Empire!

Re:The Right Hand Knows

[L7_]

Yes, it seems to be more of a client where you already have a trusted group of users either from real life (Say, a whole dorm hall or a bunch of co-workers) or from a presence online (Say, a whole gaming guild or software collaborators or even a little message board community) to open some of your system files to. It is a trusted way to get recommended files, be they legal or illegal.

You don't need to be in contact with strangers if all your friends have GBs upon GBs of "shared source".

Re:The Right Hand Knows

[jafuser]

Your post just made me realize how useful it actually is.

I run a small network in my apartment with my roommates, and we all have various versions of windows, and some computers are "homed" on a different domain, especially if a friend brings his work laptop over during a lan party.

In these kind of environments, windows file sharing seems to be much more hassle than it's worth. On Win2k, it seems like it's a 10 step process just to share a folder. Even after that, it can take one or two minutes just to navigate the windows network to get to the other computer (why is this so slow anyway?).

Sometimes I've gotten so frustrated with it that I'll skip all the windows sharing BS and just upload the files to an FTP site hosted somewhere else on the internet, then have my friend, who is only 10 meters away from me and on the same private network as me, ftp it back down.

Sure, I could put my own ftp server on my machine, but that is too much hassle for a one-time use.

With something like this, it looks like it might be a quick and easy way to do file sharing that sounds a lot safer than most of the the simple alternatives...

Re:The Right Hand Knows

[fm6]

Even after that, it can take one or two minutes just to navigate the windows network to get to the other computer (why is this so slow anyway?).

On Windows 2K, you always want to used mapped drives to access shared folders. For whatever reason (buffering? haven't the foggiest), this speeds things up drastically. Seems to be less of an issue with XP.

Re:The Right Hand Knows

The Network Neighborhood is shit because of the suck-ass broadcast protocol. Hook up all those machines with different workgroups and it's a fucking shitstorm of elections and serverlists and server dicksizing and so on. (The upside is that it sorta works without a directory server.)

Solution is to just type Start+Run \\SERVERNAME. Totally bypasses the suck.

Re:The Right Hand Knows

[stickyc]

Couldn't you just transfer the file(s) via your favorite IM program? Since you're both inside the same firewall, you should be able to direct connect, bypassing the IM servers and such, no? Since it's for LAN gaming, you're not transferring terrible secure documents, right?

nullsoft rocks

[hetairoi]

I've been using winamp forever, gnutella was a great idea, I can't remember the name but they made a program that would replace the ads in AIM with visualizations from winamp and now this.

I believe AOL has an outstanding opportunity here. Imagine AOL letting the nullsoft team wreak havoc on the AOL interface. Imagine AOL users with secure communications, a real email client and the ability to share anything with a trusted node. Hell, imagine if AOL/TimeWarner would open up there content so users could browse the catalog and download for a small fee (just like itunes, but not just music).

Would you be willing to pay for an AOL account if you had a secure platform that was infinitely customizable (think winamp skins) and access to huge amounts of content and the ability to share content with friends? Yeah, I'm sure there would be some DRM involved, but maybe not, maybe if you could only share with other people who had aol accounts they could just make money from the monthly fee (I know there are lots of problems in that area, but I'm dreaming ok).

Still not convinced. Ok, how about a partnership between AOL and Lindows? Bring AOL to linux via lindows. Cheap pc's with AOL accounts to make sure mom & pop can use the pc and get online.

Maybe I've got delusions of grandeur here, but don't you think this idea would make bill g soil his pants?

Re:nullsoft rocks

[ryanwright]

Imagine AOL users with secure communications, a real email client and the ability to share anything with a trusted node. Hell, imagine if AOL/TimeWarner would open up there content so users could browse the catalog and download for a small fee (just like itunes, but not just music).

BWAAHAHAHAHAHAHAAAAHAHAHAHAHAHAHHHAAA!!!!!

Dude, pass the bowl. I'm hurtin' over here...

Still beats plain-text by far

[Kjella]

IIRC, key exchange is where most encryption schemes fall down. If this ever takes off I'd guess 99% of users will trade keys over plain ol unencrypted SMTP.

As long as you're dealing in public/private key pairs, you must intercept the public key and replace it with a public key of your own, on-the-fly, transparent to any protocol (SMTP, phone, ICQ, whatever). A "formal" exchange system by the client would be easy to detect "hey here comes the key" and replace. But this system is in fact quite hard to break, and something passive (a la Echelon/Carnivore/TIA would not work).

Not to mention if you get a key fingerprint that you can verify over some other medium, then they'd have to intercept and fake that one too. Just call him or her up and ask them for it, unless you think the government will intercept the phone connection and fake their voice in real-time...

Kjella

Re:Still beats plain-text by far

The trick is, you not only have to replace the key, but have to take control of the conversation after that. Depending on how the secure connection is being used, this may or may not be easy. If you're trying to convince J. Random Hacker that you're his best friend Steve, your first chat session is going to be an interesting version of the Turing test.

"So, Steve. How's Wolfie?"

"Wolfie? Oh, he's doing fine. Really good doggie."

"Steve, you don't have a dog. Wolfie is your wife's nickname."

"Oh, I knew that. BTW, can I get your credit card number?"

Transmission ends, key is deleted.

Re:Still beats plain-text by far

[Elwood+P+Dowd]

No, you let Steve answer. That's why they call it a man-in-the-middle attack.

up and running on linux

[JakusMinimus]

a link to the cleaned up code i am running: http://www.entheal.com/users/dweomer/waste-source- clean.tgz

my server's public key

WASTE_PUBLIC_KEY 20 2048 entheal.com
ABB44E9339FC6CE16A3C04A9D828AD3F6C78A 308FF66442E35B3F69C2CFC
7AAF98FFFCE94A95E074C6B8F B8F46105A7575A5AB9CFBF9112E1AE13C02
B7CFDA578CD7B 114A64E6B18D9F857BD982E741D2A214EE52878580B51DA
4 081980FA0923244FA59D05FE314347384D23DBD58C736D71D6 D490EFD4D
E3587D463D351236280BCAD18DD40F12D9F0DAF 6C3C88CAB2243A21B7A8D
B0C89075685E12052263C6DD9EA 6809967A7D354037EF00F078E5E298DFC
2E89E43AF161FCF B30B2B41873F0BB34706B4C8EF749B6A3E45135F9F08D
FAF 6F684E29787ECE5FB0DFEBABF904C11327CE085F735C0D7E08 DE811B3
04CEC56742090AA7A714497B9CEF1C35000301000 1
WASTE_PUBLIC_KEY_END

server name is entheal.com (you may have guessed from the public key ... )

Re:up and running on linux

[JakusMinimus]

forgot to mention, public keys: if you want to access this server post your public key here and i will load it up

Re:up and running on linux

[leftyfb]

how do you compile from your code? I tried make, make all, and make waste.

Re:up and running on linux

[JakusMinimus]

you tried make -f Makefile.posix ?

if so and it didnt work can you post the output please.

Re:up and running on linux

You have some spaces in your public key that prevent it from being imported, at least by the windows client. It imports once they have been removed.

Re:up and running on linux

[JakusMinimus]

thanks. lame-ass filters killing what i post.

Re:up and running on linux

When I try to import your public key it tells me
Error: No key(s) found in text

And btw, here's mine

WASTE_PUBLIC_KEY 20 1536 rince
C4C195C773ADFD764609DB3EEFB0169CCD81D5F13FE E583ADD 14134B1F0A
5BE4D1A2C384FB355861BE4026159D2DD367CD 8E1DD3E3071B 76825C0610
866A4F897EC70870482ECADC0B6DC306CCB33C E378A1C55E9C 24F51BA5A5
B926F38D1BB4E293525468BF6F880B73FBC709 6887B6232EA9 A0FFD12EC3
3564814CD0CE1E9699BD309D031CC01874D6EF A8D967091F97 FA256D03A9
23DCE51726DA05940DA72DAEAA000A38D4D93E A46BF6AA97DE 8AD46D9C2E
BB9608126B7266C01433D8630003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[JakusMinimus]

i'll import your key into the server momentarily. the aolution is to remove the whitespaces (in the actual hex part of the key) inserted by slashdot *boggle*

Re:up and running on linux

[leftyfb]

ok, I got it to compile. Now i tried copying over the Default.pr0 and pr4 to default.pr* on linux. Changed the private key in pr4 and locations in pr0, but it still doesn't seem to like pr0: ./wastesrv
WASTE server 1.0a0 starting up...
initializing RNG
done
loading config from ./default.pr0
Illegal instruction

Re:up and running on linux

[JakusMinimus]

delete the default.pr0 and try running the server again. if it doesn't find this file it is supposed to create it (did for me) albeit quite minimaly. something that ought to help, is that after your server generates its default.pr0 file, kill it and add nick=<your server name>, debuglog=1 entries and try again.

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 JediJawa
DAF325E9901E356D92E182CC976B3A393614540D F2797606DD 571F269D08
72D714C5D56D2004B81F070392353EC87B9391 797FCC696BE8 4D8461BFC2
56F2BEA7B714CBA7AE85DBAA85C861478C5296 CA032BEC44E9 61794C72EF
8E620370135541522A64A3A4877DB65C059671 EEC22B7C5E6F 45ACAA72D9
3D175F5D81FA70D258983E4A08BEE47924C099 F068D189D9BE F43CA40C2D
3F93ADA3BF4AFE67AC00A53966A49A2784C892 2F3DB72F5D89 5E9E86B820
43429F9351DD133E35276EAF0003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[notbob]

Here's my key, my aim is notdabob, shoot me a msg to try it out.

WASTE_PUBLIC_KEY 20 1536 NotBob
D49A61E74937BED412DE219E4B61B7BA8988E08816 F279C261 270F42456D
96A8F0986B63ACC472F5BFB5F7F0161C2405AC 4D2FA82F629E 1C501DE20B
FE703D411170613486ABE33C5D439267A90C1E 5DD82DB9DD7B 3E4C9ADB96
1885F87263B26955CE9BEE0E0523D24D5EC047 391E0EBE3310 21E16096C1
D1FA65C19AFA1C44C0D9454CCE33EB1F78AD4B 50E44E6B8EBB 79E7613FB1
6A63EDE223738E7508763A8DDAECE70F0C681B 8EA33801EC97 6C007DC63B
179EAC93D70955AE8650FD710003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

I'm ready to connect.

WASTE_PUBLIC_KEY 20 1536 proj
A46C02DD67FD9E518DFEABB7C352A9EC1BD3DC91356C 9D340C 86F22022378D483FFBF194D5464EF5A9371C69492C050A08EE 751C515069F305742FC0ECF291D12CC553636B907E90408AD9 C8B4C745F3C6EAA8752CFACFF4378E2C312ACEAE46C5ECD90B 13D758C30F7856AD1EBBF6E903787C2F8924D615707F0B7AD3 33A89C7E21D57A07428CB3D4C81713DDFFEDC1D5D4F652CF7C
AB1C9217D3DC504BFE19E7CF7AA568CFFA937E0E0BFC8AD9 54 48D2767455161FAA59CBFF0CE23F20D2850003010001
WAST E_PUBLIC_KEY_END

Re:up and running on linux

[JakusMinimus]

NotBob, JediJawa, and proj: your keys have been imported.

Re:up and running on linux

[DarkBlack]

If you are using gcc 3.2 as I am on Debian Unstable, you will probably need this patch:

--- waste/Makefile.posix 2003-05-29 11:58:45.000000000 -0400
+++ waste/Makefile.posix.new 2003-05-29 14:00:34.000000000 -0400
@@ -8,7 +8,7 @@

wastesrv: $(OBJS) $(RSAOBJS)
- $(CC) $(DEBUGFLAG) -pthread -o wastesrv $(OBJS) $(RSAOBJS)
+ $(CC) $(DEBUGFLAG) -pthread -o wastesrv $(OBJS) $(RSAOBJS) -lstdc++

clean:
rm -f $(OBJS) $(RSAOBJS) wastesrv

Re:up and running on linux

[leftyfb]

I deleted the default.pr0 file and still get the same error: ./wastesrv
WASTE server 1.0a0 starting up...
initializing RNG
done
loading config from ./default.pr0
Illegal instruction

Re:up and running on linux

[Sleepyguy]

how does one import a public key?

Re:up and running on linux

[JakusMinimus]

I was away from my computer for an hour, but beforte I left and now after I am back I am noticing much "Could not connect to host: failed connect!" messages in the debug output. I've noticed the waste software attempts to setup 2 sockets per connection (client -> server then server -> client) which isn't going to work too well if you're behind a firewall with unidirectional translation (assuming NAT here).

anyone else having the same sort of issues? people trying to connected to me, speak up =)

Re:up and running on linux

[JakusMinimus]

if you mean into the server you need to append it to the default.pr3 file. if you mean the client then you save a key into a text file and save it somewhere handy, open up your waste client click File->Preferences and then Public Keys on the left hand menu then Add. pick the file with the key and you are done

Re:up and running on linux

[Sleepyguy]

thanks, i meant on the server, is there some kind of docs for this, or are you just browsing the code?

_

Re:up and running on linux

[JakusMinimus]

reading the code + trial and error = the win

Re:up and running on linux

[Sleepyguy]

I'm with you.

So i seem to have some of the same problems as you.

I went ahead and generated two users on my windows client ... "server" and "client"
i moved the keypair of "server" to my linux box private key into default.pr4 and public to default.pr3.

I then went ahead and appended the "client" public key to default.pr3.

I go ahead and set networkname= in the default.pr0 file on the linux box to match the client box (windows) and set the name= as well on the linux box (to "server")

i then try and connect the client (windows, behind a firewall) to the server (linux, in the clear) and get :
Could not connect to host: failed connect!

my whole log here:
[brett@caligula waste]$ ./wastesrv
WASTE server 1.0a0 starting up...
initializing RNG
done
loading config from ./default.pr0

Password: wow nice cleartext password field!
DB: reinitializing database
DB: making scanning db live
[main] creating listen object on 1337
DB: removing temp database reference, scanning done
Could not connect to host: failed connect!
Could not connect to host: failed connect!
Could not connect to host: failed connect!
Could not connect to host: failed connect!
Could not connect to host: failed connect!
Could not connect to host: failed connect!
got SIGINT, setting global exit flag!
cleaning up
flushing db

ideas .. the docs claim that it works if some clients are in the clear and some are behind firewalls....

_

Re:up and running on linux

gcc 3.2, Mandrake 9.0
I post the full output but slashdot won't let me.

reference to `operator delete(void*)'
srvmain.o: In function `update_set_port()': /home/user/tmp/waste/srvmain.cpp:511: undefined reference to `operator new(unsigned)' /home/user/tmp/waste/srvmain.cpp:511: undefined reference to `operator delete(void*)' /home/user/tmp/waste/srvmain.cpp:511: undefined reference to `operator delete(void*)'
srvmain.o: In function `doDatabaseRescan()': /home/user/tmp/waste/srvmain.cpp:524: undefined reference to `operator new(unsigned)' /home/user/tmp/waste/srvmain.cpp:538: undefined reference to `operator delete(void*)' /home/user/tmp/waste/srvmain.cpp:522: undefined reference to `operator delete(void*)' /home/user/tmp/waste/srvmain.cpp:522: undefined reference to `operator delete(void*)'
srvmain.o: In function `main': /home/user/tmp/waste/srvmain.cpp:591: undefined reference to `operator new(unsigned)' /home/user/tmp/waste/srvmain.cpp:657: undefined reference to `operator new(unsigned)' /home/user/tmp/waste/srvmain.cpp:658: undefined reference to `operator new(unsigned)' /home/user/tmp/waste/srvmain.cpp:739: undefined reference to `operator new(unsigned)'
srvmain.o: In function `main': /home/user/tmp/waste/itemlist.h:48: undefined reference to `operator delete(void*)' /home/user/tmp/waste/itemlist.h:48: undefined reference to `operator delete(void*)' /home/user/tmp/waste/itemlist.h:48: undefined reference to `operator delete(void*)'
srvmain.o: In function `main': /home/user/tmp/waste/srvmain.cpp:805: undefined reference to `operator delete(void*)' /home/user/tmp/waste/srvmain.cpp:805: undefined reference to `operator delete(void*)'
srvmain.o:/home/user/tmp/waste/srv main.cpp:805: more undefined references to `operator delete(void*)' follow
srvmain.o: In function `main': /home/user/tmp/waste/srvmain.cpp:624: undefined reference to `operator new(unsigned)' /home/user/tmp/waste/srvmain.cpp:603: undefined reference to `operator delete(void*)'
srvmain.o: In function `main_BroadcastPublicKey(T_Message*)': /home/user/tmp/waste/srvmain.cpp:108: undefined reference to `__gxx_personality_v0'
m_lcaps.o: In function `C_MessageLocalCaps::Make()': /home/user/tmp/waste/m_lcaps.cpp:66: undefined reference to `operator new(unsigned)'
m_lcaps.o:/home/user/tmp/waste/m_l caps.cpp:26: undefined reference to `__gxx_personality_v0'
collect2: ld returned 1 exit status
make: *** [wastesrv] Error 1

Re:up and running on linux

[JakusMinimus]

try removing the networkname=somenetname from both machines. i doubt its the problem but hey might be.

barring the above suggestion working, all i can do is discuss my setup:

2 windows clients, one using 1536 key length, other using 2048. both on the same subnet.
linux server, using 2048 length key and on same subnet as the client machines (this machine also serves as the NAT box aka gateway for my intranet). before i even dicked with the linux server i made sure i could get WASTE to work with the 2 windows clients. if waste CAN work across a NAT'd firewall (anecdotal evidence anyone?) then barring some forgotten pixie dust dropped in my setup i don't know what the problem is (from my reading of your description you are attempting to connect your client which is behind a firewall to your server, correct?)

as far as the docs claiming it should work seemelessy even if some nodes are behind firewalls, i think that is true if and only if WASTE nodes exist at the boundaries (aka firewalls) of the various subnets you wish to bridge.

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 ah1337
C6349AA93EF433D300B63C3B0CB4687028367F25E1 506B11FE 40D98A152E
5631040F21487948B6D4CD052B48D592A4BB81 91F51E84A635 E3C753891A
F43AA6825E0F3CAD924E682EC82434719C923A B73744D3795E E25A8FFF20
98D3E488BA8691BD63CF8CCD07508496512443 1FDC1575D994 419EB1781E
A129855BCEFDA76EF3EB03118299401B03B3FF 07D5F68347A8 207B6FA173
4DB647E29467BB1378021232D1AFA71729CD96 89846F9FC018 3B842EEFDC
54B8CE8173A207534BD3E23B0003010001
WA STE_PUBLIC_KEY_END

aim: ah1337

thanks

Re:up and running on linux

WASTE_PUBLIC_KEY 20 2048 angryjohn
CCBB061F5D4B964417E350C213D9B16232797DC 78812BDCDA1464FB5D252
30E4143E1D641FFFE347F219960 35685658C1568F5251163B176D1663103
5CF684ED6EEAB1D 2AB8A469277CE7CCD83FA76517620ECBCF7C211B9DC10
011 5BDFC84AA455286F5494E68516AF8BAC266411AC6F77B59472 D4B5D29
810A0D9AE23A6B6FC7A20191E5C242BEF342FB221 155A0C8466702250BB9
CF9738EC5BE519420D7E58DDBB173 0C6E2121B689AFD12E65004C6CFA6B7
F832DABAD2E9ACA68 6C6D290B85FBF622C54D83E498E15D06498D814418F
64AF8 97DA704EFD7E5804C6CD4F646FA3961060C40855F8B0132DBA E5CCC
B23E9713846A16F5CF655C82ED9310890003010001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

As long as there is one machine that can be accessed directly, any other machines connecting to it can connect to eachother. When two nodes behind opposite firewalls communicate, they do so via the accessible machine, and all communication is decrypted and reencrypted by this machine. Other that this peculiar feature, chatting and file transfer work flawlessly. I am impressed.

Hopefully, someone will develope the code so that no middle nodes have access to communications between end nodes, by all nodes having public keys, and center nodes forwarding communications, but not decrypting first.

Re:up and running on linux

[Hal-9001]

Here's my public key:

WASTE_PUBLIC_KEY 20 2048 Hal-9001
B76693DB88A6DB34E9EF05D691C47488F1C000BF B64172B0B3 3AC2DCA6EB
D8DA1D01D2F666ACCABF6EECFE081DDFD27075 561D4D972527 FBA384C883
B2632C947045B6A858D41DF242EC3B207BBBE6 6E38D91D1389 E4E3534287
38B4034A9BEB71784FB721188DA53861DE28F1 6E4AEAAA4FE3 C0B90B5FE4
BA07AD6A3AA94A7A1588549558C00E7143808B 582C6BA6DA13 6B84C711A3
0B248A35FC2BA97754C63123CD6BD279489ED9 7F8B00031E6D 9986555D71
6E4800CD9F62081AE3893E54B18F9DB7266FC8 E9BCBDD0760E 8E022C963C
4AA8F747F7172646DCD42D0AE5AE9CC8E13571 6A27E892E2B4 C771DEB391
34DA3523801F18298F5A37D59C928103000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

[TermAnnex]

Here's my key. Thanks. :)

WASTE_PUBLIC_KEY 20 1536 term
BAFDFAFA736E2BDF06E6B6F57336700BADE92A6E68E0 A6E24AB32258FE62
1DF0856528D7F233E01977F5A6E9B265 8DF35D9531B85DE32CFC0D0FEAB8
82C7CB46ED325F497C30 3891CA75768FCE79CDABE3E8FC25AC155D52EA19
0B12C583 87AF0E64CF4F9D6AF4BC5570FEC5367BFFFA10BF7C1636B456 7C
40229AC801531B5ACCC0860B0E3E1CC20AD812DF663B1D C675B0DDE01CB0
0FBDF4D37BCE6738709A4424CEF2F38E01 5242997E9177044D5916BA4062
6ABE8569F265D0EF25A943 6D0003010001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 Budlove96
B37DA3348257702375EAED15F8FF8A141D9657C A41BD32C84F E4DE459CF7
49F78C43AAD2B7FD2228FEE8C145A451DF62F7 C85393AF246E F29186EC71
22AC989F2756FCEA385135A05447BEE98B1F92 4291E3C98047 3CEDAAD5EC
A51182BE678D878A17F75550C47CC93F512FD4 096B9F81258D 37C224D4FD
0F6514C37A1F63FEFF4E7F44D1BA50D942C13A 80F24219A214 05C6E6DDF5
A4F924421DABCA3A704191E438A0079775695B FA2476A382DD DEED6A9614
F4482236F3E148797DA7299D0003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[JakusMinimus]

you need to apply the patch to Makefile.posix mentioned here.

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 MartYr
CBAFB213AA87ED3CBC0A4165E83E66E52F46FF3968 F769A0D1B3EC11904F
09E20370CBC3AF3662490A3815758B 7E9F87B1E580E4905F3EDC2F26563B
4F4F3D069C4DA8C22E CEDB76437209D3F4BA68AD48FAAD2CCFA436C618F3
65089C 5B31AD1506D0BBD9E524629F835FF81C16364C7867AD51C43E 5CC0
D06F7C26B22AE7AF8E960D2891A5F066DFE728413B17 0E14A98B793B2575
FBA2A93806AAC93090EB6E93FA7823A6 6CBCB4F929C139C1927906543713
B986D6EC6C1628AA2BBD 351D0003010001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

My pub key..

WASTE_PUBLIC_KEY 20 2048 Johnny_Walker
AD5CDD7988A1C66DCF6C5527500640BD533 BE7B7C003CC3DA2 741CCD7BA4
3F62324AC4798FEA1947B23E83607E158DB7EE A9F078FF9EAD BA428F1A32
2D08D6CB27BA3AA75EDDC6AECF8F0A7B3AF189 5340846D0CAB 74DB6EE51C
7AC45F60C84151A090F9E6A68AA05DE5A7BACA 356E54585D7C CE3AD86EF3
89C903C39E271B83E34C3ABB2F0EE25487C08D C3A2A7B7BC72 002288DA39
6AC25AACFB3E103BC5CE012F70EBDE63EFA817 8182666BF286 3474F5FF5C
8B0F14384409FFF1748FF52368E60C76F5B29A AA88AEAFD3E5 10BA9EB2A4
6A0FF4FD6E6967320C17E3C82296446250802E 05057C92D1F0 6E37128CB2
E28FBB3DD2A8B2F3C248ED26F6773605000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

[throwaway18]

WASTE_PUBLIC_KEY 20 1024 Throwaway18
E29A094E7E3D5C85FF1A145C38B134E6BEDD2 45ABE25118CBA 3B5B071656
0357CA29FDE2CBE2B9B143CB638578615295DD 3D8F878C43B8 606B77406F
F984DB513A72CE0F7B7A80DC3DF6E633907712 6E31C15F2F15 62F7CE1AD3
455208F5CEC43DEFF4782624794A12A36FBE4B 3798EB8FBCCB A4621EE811
10684BE68E1ECCAB0003010001
WASTE_PUBL IC_KEY_END

Re:up and running on linux

thanks

WASTE_PUBLIC_KEY 20 1536 Afbc0m
EC3B18B44C81017CB6E4E155871180FBEEE09F3E21 3F31D810 3ACE56AF49
99BE691470A8A71B288DF04ABC82283D71C5EA 3DA029334F36 F5F5BE2940
E62559EC6DFE07490210D6698EFF0EA70669E1 5CB43FA11359 FCF6748623
8723B8D8B140EBC9379C9AD1A85A4D627E4193 598221F78563 112458F5FD
2643EBA7688E272F35A5F6F0CEBA5FA5C185F2 9EA54DF6CEC6 DE4BCE72FE
CA2EDED367A78A564E622D986B8546F77F3E22 A0F10BAB8D70 3C418AC2E0
E17B6B2735A463325B5FB48B0003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 BrNDmG
C37E2C1DB094F57A161BF8D87906C44053BEABF7AF 29870B9E 8A8C1CE9BE
02DEEC4921CE8640F542E24EB52FFA6D7960CB 09D6B7595E77 0D8960F709
412ECF8E867FADC6C4EE31CE5F3CAAC1239D20 185EAD0F9F29 BD08707885
B8A3287A8682645CE00308E602561E5DF762AE 2C5897B85180 B69B9F4FD2
745F4BBAEAD6EA5018B84DDA39067AB99926D0 7C6A0B41D160 46315660BC
2EC7DF82D9766CA4F16790E493E1E7638F5D2D E1B18957F62C 41CBBF7FE8
DF892DC055CC5E4D3AF352830003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[headhot]

I get 3 lines in my debug, the last one say the temp data base refference has been removed.. then it just sits there..
nothing will connect to it.

Re:up and running on linux

It has been done, actually, though not in public code. Google for "onion router". Waste appears to be a marvelous first cut at a public source base for an onion router network. It doesn't quite qualify because of the decrypt/crypt sequence at every hop, but the moment that's patched, it's full fledged onion routing.

Re:up and running on linux

[throwaway18]

Slashdot has inserted some spaces into the key I posted in the parent message, to import my key please remove the spaces, including any whitespace in front of WASTE_PUBLIC_KEY

I posted it in my journal as well here

Re:up and running on linux

Waste users from slashdot are currently split between users who have joined via me and users who have joined via JakusMinimus.

We need somone from each group to exchange keys and connect to each other.

Re:up and running on linux

[matresstester]

WASTE_PUBLIC_KEY 20 1536 wasteful
C57889A814EFF2AD7311EC77D0F125D66FC82A7C A29A93C1D3 363E4CBEAA
645DDB7C6EC030126DCC79E77CB5CAC13F4CA3 1E2E311EA498 EC18F091EB
2520231E9B5F8242DDBCAA196A41C4434D5497 74109852A05E 8A6847591B
C11867D7FB24748BBAD55BBBAE3BB7F29F845D 9B089E18EA62 DCF1B10459
3F721EEBA121222751D7E4329B68945F30014C 8224FF894AB5 5A6229C40F
B9856DE9126C624155FD01EA48038553B8246B 1357C3FC13E0 C8ED6D699D
25A5BBE3B1BE5A3C70781BB90003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

It's right here.

Thanks in advance!

Re:up and running on linux

[baka_boy]

WASTE_PUBLIC_KEY 20 1536 baka_boy
CFCCBFDE4C297EB05F705721BC606A1E4FAA408B 45B34CD34A 7860C9048E
D1665C4791CDEEB3B676DDEE8109E4BF0E2FA5 9D5623041E23 99D7AF393F
29F3BD73B0AE3FC32B4713C5D1837F8003B2FC EC213736FDD0 ECC7BB132E
5450557B37730D9F8F9B853617E043891C3141 0032ADE97819 93A9D64E1A
2A4CAFF29CD69BEE9E05373C96ED8B37C0E873 CFBEBCED1440 86C8286CE6
2A5251A348A6027C6675159C029D2BEEAA2745 C643C6541F34 629CCD3D9A
6D952FCB8A62291FDE3CD9870003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

Please add the following key to your pub key list

WASTE_PUBLIC_KEY 20 1536 Anon
B3EE40F5B23D7E26F627279E1B85AE1FE4ECC6A1B3CC C1C615 0638602869
B871FFD5BC3D31257161C4BDC12B8E3B6885E4 B413B1B0BA8A 87110BEC58
1ACED596160C5B7B965026693687A0396CD7DD 5FE991510D2A 2BFF1A9196
F400B7AF7119AC8189A4C01E7A9892879151D5 C9B7A701945C FE42F3990D
56D38C4C2B1EDC322C46E11EE72422991BE887 6C02EF966CBE 72F9565069
FD09215A3F58C31802CC10C70829570CE7EB57 413D28F9CA6D 2B2C2BD784
25D83AFE6F753877E9CAE2DD0003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 Anon
B3EE40F5B23D7E26F627279E1B85AE1FE4ECC6A1B3CC C1C615 0638602869
B871FFD5BC3D31257161C4BDC12B8E3B6885E4 B413B1B0BA8A 87110BEC58
1ACED596160C5B7B965026693687A0396CD7DD 5FE991510D2A 2BFF1A9196
F400B7AF7119AC8189A4C01E7A9892879151D5 C9B7A701945C FE42F3990D
56D38C4C2B1EDC322C46E11EE72422991BE887 6C02EF966CBE 72F9565069
FD09215A3F58C31802CC10C70829570CE7EB57 413D28F9CA6D 2B2C2BD784
25D83AFE6F753877E9CAE2DD0003010001
WA STE_PUBLIC_KEY_END

Thanks

Re:up and running on linux

Isn't it obviously cleaner to replace CC with CXX instead of manually added the Standard C++ library.

Re:up and running on linux

[JakusMinimus]

yeah, unless the "speed" number you specify is greater than 64 the "node" will not act as a full peer on the network (aka itll connect to other nodes but wont listen for connections to itself and therefore cannot route traffic). the config variables for this are conspeed (>64), listen (non-zero, defaults to 1), port (non-zero, defaults to 1337)

Re:up and running on linux

[JakusMinimus]

actually i've read about this before, and like you, myself and many others are looking forward to this feature.

Re:up and running on linux

[JakusMinimus]

yeah that would be nifty. ive already gone through and snagged all the keys posted in this thread. all we need is someone known to both "server" nodes to connect to both and remain connected for a bit. once that happens and people keep connecting the pub keys should really start flying

as a note: my server isnt on the speediest of connections but that shouldnt be much of an issue the way WASTE is designed.

Re:up and running on linux

hey we started a community on www.ratiatum.com

can you plz add my key to your server ?

WASTE_PUBLIC_KEY 20 1536 Napool
EB8D8981FBA69964CD6EBBB7541ADDCCA2CE55D9F7 A4ABFBFD F778A452F1
E9C1778F1A53C992F1BF8353AF97719CEFE876 9640651CBD4C A73A626ACC
981AC44FEFA24F86F463D556967D4023F2E001 05E36879974B 2FFEDD2F6C
8F48F86CE6867247440A7A3558FDD45A7719A9 0428F15F357F A0AD3E9854
1348FAB8B963896147808C8D9D251D044F0BDB 6983167CEC62 F349520306
BADCF606654DF1FF12320E1E071843C913F854 172F06F4EB76 FF7C0186E2
22363321E19D397892C69ABB0003010001
WA STE_PUBLIC_KEY_END

thks

Re:up and running on linux

WASTE_PUBLIC_KEY 20 2048 masterman
BC230FF5493C97768EBA94350B5CEE3709FE8E7 4B55D490370 EEFAD49043
0ADB74A40194BFF9E730DCF9D4194249E98594 8442EB82AB32 511B9F9EF8
34807EB6A0ACBF1D34217C2EB2088E15C1DB30 0057855346CD FBF376E4B3
B7024A93B13B59C6BC529AFCB06F409F57C94B 8AC5F3390F3E EAF1DCDDA8
659234C981E0F7FAD805BEBAFC7DF0BDF4CBA1 E812C669A915 4ED5395CB9
50D2A62EE3F30074FA0944DFB26C61D7D5F845 22F75E4879C5 858C3D7A4B
3F0FFB6823C863296FFEF063B9A2BB5C0E7A21 286445C80C11 F537900664
CD7AA864B6B2B80300AF811271E262A63B9387 AFA855C7F0A4 737ADA02B7
A13800AC6BEE0C22847CA874A8653545000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

[putino]

It gives me this:

collect2: ld returned 1 exit status
make: *** [wastesrv] Error 1

Re:up and running on linux

[putino]

How can I apply this patch ? I use LINUX SuSE 8.2

Re:up and running on linux

[pr1000]

Does anyone have any suggestions on how to get the client and server to talk to each other? I'm using JakusMinimus' code and am able to run the server, but I've been unable to get it to communicate with clients.

I've made a short write-up of my situation here. Any suggestions would be appreciated.

Re:up and running on linux

WASTE_PUBLIC_KEY 20 2048 M#_leases_my_soul
BB80BD3384259F410125B1004413695 F50890470FE72EBE5BB E391974A1D
C9A68019775C06627E0F14BA86D6E823164CCE 6133362F0366 E3BCA74EC9
5AD0D21948A96CAC7C3AFF99808566B92DAEAE 2E005F98BD67 9A7E368B38
26FBED6BFA1A9E60FEDC7DB6C145B1A32A7658 DCB9B0BC3067 961C339182
55E7B53FFBC81C3BBF474A40C71EE212C10572 9EBC6D087073 4946A9A392
7E829C246AA7117DCBF52B036F7F90072A075E E7B7B3A453E6 1764609416
E47D850C91FFC504A69984527294BB2CA6FE00 9C2FEDB891FE CBA7BA497F
5E714F233144091FC13902AC9FD662994C4467 BA0FB3C490BD 84B0AFF8D8
529C1A376A64ACB2FBC9ADFDA2024439000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 LouCypher
B8EEE15E02E3D2A93B8D6ACF66A33999458BDAB 5AF8FDA9453 2316AFDED8
B72EA043BDDBF6BAB8CB00D0358EE5F15C2F7B 96C986F8A765 952E559E54
618EE241A6E9A2E1C7F37A7CB230F246A35CD1 3567DB5FEE0A 523AD8795C
E29F8F3E5402F5645DEFBB939C94B2DA43A170 79238CC5F4C7 DABA95C66E
7C861DA7A15988225EF60BED6F69749949865A 0DBEF788FF40 91D09613BC
6A4B80C4A489B9E88CB72BE9A089992633A82B 343FB40EFDF8 D3F4A91C66
8A83E0F561A89F3DD44A72F10003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

Okay, I'm game.

WASTE_PUBLIC_KEY 20 1536 retrosteve
ADE5A16FDD933DAF54197E6DD17253344084D6 901B6484EBA1 C7536A320B
B5A8BE9E9E0E1AC2E8BAA566677FFFE0EA6559 4613E3FD5587 EBA93F32D4
2133C3DABDEEEDEF0E32266E6D53C3607808C7 56F8787D44A8 9989FFCADE
D239A01F527A8818A269B5DF6EDA2094004756 1F86D71974DF 12314F7229
2675A39D4BCEC4BF33315A04AEFF551D416C8D 7B04ECD40AB1 D27A14B633
C27297361F15281CA6C3C103F1482754964753 7790482136BE 1B132635A0
AA223EC44F1AD48E8E252D3D0003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 Tristero
BF0FCDFB525016529CF5B477AA4C8FE7CC33E11B 7C7E6A61EA 078251C235
C27BF1549280519545AB4532BAAD53B4707F75 1CEC568E6454 501F29C55A
F3CFACE25194D00E564AE6F22B2E536ED904B5 0FA9C1A8F3D4 20613B6E8B
0B7BC0E127F5FB59DDDCC6DE85A375FF42560F 122AA785E0B3 EBD33E0185
63F43B5F71279B9208C4EB5268025C440B9F98 43551BBC17F5 341F9A61ED
65F48004532230344685A442CD90DEBB80A278 36A3B8E1FF9B 5F35A95C2A
D74C6F850047552A5EA49C370003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

Here's mine...

WASTE_PUBLIC_KEY 20 1536 wasteful
C57889A814EFF2AD7311EC77D0F125D66FC82A7C A29A93C1D3 363E4CBEAA
645DDB7C6EC030126DCC79E77CB5CAC13F4CA3 1E2E311EA498 EC18F091EB
2520231E9B5F8242DDBCAA196A41C4434D5497 74109852A05E 8A6847591B
C11867D7FB24748BBAD55BBBAE3BB7F29F845D 9B089E18EA62 DCF1B10459
3F721EEBA121222751D7E4329B68945F30014C 8224FF894AB5 5A6229C40F
B9856DE9126C624155FD01EA48038553B8246B 1357C3FC13E0 C8ED6D699D
25A5BBE3B1BE5A3C70781BB90003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 dek
97014910E40E37DAD62DAE068665CEFCB4EEAAE93F8AA AB023 2649D4AC24
096D964869D8272D739743D872931391181C56 BE7DB7209F58 FD390230F1
B3975B29F4B44A2A17DB9FA1CE245207D6A03C C05376E60965 CF0B3BD803
3319B2D85C26F27FC52B073CCD7F0F02688D2C 53824D8A8081 34EAC6A053
66ACF36E4BE4DE46263172E5CE513DE8679812 22AFC1ECD954 4DABA21312
A925A8BCBAA0E5C48B2DC88D45685DC8600610 420345452420 30ED80DE66
A1284C7A7E8A0608319E95870003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

Please add my key when you get a chance. Thanks.

http://lagreca.no-ip.com/waste_public_key.txt

Re:up and running on linux

[ozric99]

WASTE_PUBLIC_KEY 20 1536 Paul
D5624C3B02CE653A3DF5242B2396EFA42703DA6562F5 1AE485 056DF11A3F
54628435466BAE9962F376701E713FAB969FC6 9455576173CD F07E3F0516
1C1916C2C4A0DF2A5A4F009A5FDE16DC2C8DBD EEECFC8E9BE7 1AE4483E1F
A59CC54F4AB1B222EAD489AB5844E5659F1641 A4C4E5FF6267 2A0567C286
DB88B01E580FD5C69FD38050A1581CB80005F7 8595D577C68E AB7E053C91
1CBA049AD05FDA553CF776A6AC9E5BB0843DE8 2A04CC56C42B D79C071A31
B2E8ACD02D1AEE01A6DEFD330003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[DarkBlack]

1. Copy this patch into a text file.
2. In a shell, change to the just above the waste directory.
3. use patch -p0 -i name-of-patch-file.
4. Change to the waste directory.
5. Make -f Makefile.posix

Re:up and running on linux

WASTE_PUBLIC_KEY 20 2048 Sky
B9E2A3F63F1B00C2FF0AD393EAF0140F3695D7145A369 43342 5D9ED3AE50
4C353412986152268584A643AED5FD857A0951 86DD815FE71D 7A32809DA4
1B408D2167F1B78C2A22FCBC354458DD6F9AD2 67592B963F01 16AE58DC35
B46410E0479C58C20F525C55575876A9513462 B3687EF9F66A B88389802B
BBBA6A616F72F89BC900D2AA679302CF5761B5 D07451610DD2 EEF1485F36
97060EC1EAE1AD1FACAE12B4113FEF06C2B4C5 0AD68FA6FF7F 53279F71D7
B25B5639B68BB33F7A2A692C8753772C7DA6D1 4F26F02E921D 1B47FE256C
26ECBB72AEE5E93E788421470CB5A1A82506FD 13F972B1BD55 2AEF2526BB
3DB0E3B428F8CBCFA9415E3939A7A72D000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

[bruns]

Hello, could you add my two keys:

WASTE_PUBLIC_KEY 20 1536 Brian
DEA65F9DC2D4B09257A1B78143F857EF5E9DCCCB2C9 5AD112E 7BED57A58C
C6FAC14A3092D60D1C71D48B23686B173F5914 EC545A82F3B1 1DC0D949BF
B7E0245140834ABDADED318FD226F1F2C16AB1 164C6297950B 4D58A293A1
DE37977F54CC3812D007E947A6CEAA6013E940 7D526C9DD842 D7CE9A81E4
C0AD2CACDDA04CCAE43262CB8BDD304099428D A2639C94DDE6 8DDF16DC51
1D17500A59AB526FF8C2CCA418AF23E9604771 DDF69D93B1DF C8B83DEA1D
A9533E9B460E8A45AF298A230003010001
WA STE_PUBLIC_KEY_END

Thanks

Stupid lameness filters getting in the way. ARGH. Second key is in the next posting.

Re:up and running on linux

[bruns]

Here is the second key (from my last posting)

WASTE_PUBLIC_KEY 20 1536 SOSDG Server
EC45895B437B28ADC391973BCDB40BCF66C0799973 44A4FC3B C12C497917
49358159FD1933273375F80C57192B7F6192C9 345D35391D91 F8573DBB35
AA9DC66ABDBBE00A1997413F5B184F7DE8E821 1C48E1802833 EE5FE417C3
39A1ECFCFF6B11EB8F36769A31D3FD7610D80B DBFFC04FA195 4101D49BBC
53905BFDB91FF5857A007EFCB05440603ADC4C 266A234A9514 7D58238E91
8645F8AB9BF173B1E259BC49C0C5E4F11429B7 70C2CE78206E 963282B57F
ADC0647B7B904E10DA8EFB090003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 AZTEK
C85EB250B2049F2F1C0782CA3B2AB22F18986622334 578720F F9D6AEC182
1CE725BA03C475AB05B8660A2C1838B0298478 5E63AB640CB8 3230E1A20B
2B0B7B69071BD4A326893184BFE6466EB693A1 0DA5AC25BF6C 53CDBC714F
081C8C1E05BBFF4A58893646A116B0C614F791 2EB1237CC6D8 026ECD54DF
CAAAEC897A0170FF65E4B13F8317027AD1DF02 076741DC875F 9EE480AE6D
87A36020C731C46B954039EA6CB4E77C7F5559 A625D9B019B2 4B1C6C624F
65F99AE1ED91BFFCE639CA0D0003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

my public key:

WASTE_PUBLIC_KEY 20 2048 Norit
CB32D45CE6FA3497A4B9EE54885543D5DE2F80A389A A9928D1 3E1A4D7B52
5A3B79AB9C1E1B0FC0D9EE2B63095B4364496F ACF0ED0673A5 83E18499D4
AC3F668BE3FE2CE9E19EF23E29135A8513D672 8EBE16E2E7E7 D0B3AEAF7C
5E68AD2694D737981D8E6449BAE2A8BCFA6CE2 E041493DB8F3 B7F675CC1B
01C415B8C369E5C90DE0D3A04F6E6CED1728F2 89B737DC1CD0 426E31C8EB
8DB7F923E005730D870B55EE600316628DBC92 862C729E5A08 2F93CA94B6
04464042400E79D7859A2D4D31BA073E7D5630 B43B6A5A65B7 1B843E3628
73C8D64E741B670F4CF63FE3B81611958F8D18 4A6FA2488E6B 22FBC72826
96EABCCC094AABF3CDB3707569804047000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

hi could you please add my pub key???

thx norit

WASTE_PUBLIC_KEY 20 2048 Norit
CB32D45CE6FA3497A4B9EE54885543D5DE2F80A389A A9928D1 3E1A4D7B52
5A3B79AB9C1E1B0FC0D9EE2B63095B4364496F ACF0ED0673A5 83E18499D4
AC3F668BE3FE2CE9E19EF23E29135A8513D672 8EBE16E2E7E7 D0B3AEAF7C
5E68AD2694D737981D8E6449BAE2A8BCFA6CE2 E041493DB8F3 B7F675CC1B
01C415B8C369E5C90DE0D3A04F6E6CED1728F2 89B737DC1CD0 426E31C8EB
8DB7F923E005730D870B55EE600316628DBC92 862C729E5A08 2F93CA94B6
04464042400E79D7859A2D4D31BA073E7D5630 B43B6A5A65B7 1B843E3628
73C8D64E741B670F4CF63FE3B81611958F8D18 4A6FA2488E6B 22FBC72826
96EABCCC094AABF3CDB3707569804047000301 0001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

[Wanderer]

Here's mine:
WASTE_PUBLIC_KEY 20 1536 kyote
B348C07725FF3D9BF967496A95F7A560F29CE66B777 AC5AAFA 76C9FF7EA9
60933B1E0699D82854793526AE8B5451153223 600760361C07 2F43FAB6E9
4BC23E009FD8FA5C06B32EBBFD86F2E010FE9B E7A5912B2B19 C768E28D27
5056D6DF703354609483F74D691C064E203DDA B6E902CFE193 68108E4727
3650FF0ECD50512B1C555A7B5B38D5BEE26DA2 41690F4D931C CE707322E8
1F9B6A06C643151F4B0A2D37421E39EAE4424A 44BB29A9BF11 AEC6BC4B7D
3A3FCF61F6A8F7A89A0797310003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

My privat Key:

WASTE_PUBLIC_KEY 20 1536 Who Cares
A17B571F55386E93CDF6C988D93CA36ABAFFF68C22E B311E26 CCF7D1C833
29A5FF6C6E2B3147272E15957EC0AF3CCC1CBF D2F4A318573B 322065DE9C
16C914F623EFA90E6D18AB711D0D3FDF315D88 5D751459FF92 A54261036A
58968932796212356BAE6AFFFB9730C861AAC6 BA954A46FCC6 8C10CDB6BF
8C7A18D451968CD1BAC11C3759DB24E183C13F 0C1E95693B88 3CBEDF0BC7
56541A9ED9CF9A4948B03AE333D94F8E5FEFBA 7189EF1A2CBB 014973AAA0
09E1F1DEB7F0ACCD58FF49110003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[nonickfree]

WASTE_PUBLIC_KEY 20 1536 gr1ff1n
E161DD8D4138E3AE42621BD60A1F5B161C6254D0C 25781FE3B714B8AE4E1
6CA6318DD05027252BBABFC8BB9F0 2741118FE9585FC12F3655EF5DE2D3C
CEB2ED272D1D29415 76CB8AB365436D8FE7064991433D3BAE35DD0C34301
E12B2 64F72986317DA82965D4A1A3C3CCB816E899B343F79BFCE60B 28AE9
C60D472255EF348B06C9CBBCA584064ECC63276773C B7DC93EE8E7650C9D
8E01D61D4416582729FE3C03069086D F5CCB488284B71A18DF1E98BDA3AB
3C29715519916F50703 A37C10003010001
WASTE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 supahaq
E2AA86107B794A005B68D2DFC52B9220ABFFCE136 E2CEA52AF 43DDB0C72B
7EDDEC35CF5AF6C002E4B1C80381A120ED7427 44A9DD471D34 6636C1C870
4500EA5F67DBB29241D507F92AB43E9B01D865 6728A22DE04E 03AC3BD0CB
8D2DBF8076B4601CBE8C95CFA8F56F8509CAC1 C89F7FB6E227 7A1FED8B76
EB0429AE68FE79DC624B6BDE6C022DFFFE0EB1 D09D60AF24BB D85720C633
980AC69514F9FA902C033545C944D1548E2970 354421F7BDCC 97C976F0B7
CA3A25D61FA8137F4B9B15930003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

Please add me to your lists. I have a tons of VCDs and DIVX waiting to share :)

WASTE_PUBLIC_KEY 20 1536 supahaq
E2AA86107B794A005B68D2DFC52B9220ABFFCE136 E2CEA52AF 43DDB0C72B
7EDDEC35CF5AF6C002E4B1C80381A120ED7427 44A9DD471D34 6636C1C870
4500EA5F67DBB29241D507F92AB43E9B01D865 6728A22DE04E 03AC3BD0CB
8D2DBF8076B4601CBE8C95CFA8F56F8509CAC1 C89F7FB6E227 7A1FED8B76
EB0429AE68FE79DC624B6BDE6C022DFFFE0EB1 D09D60AF24BB D85720C633
980AC69514F9FA902C033545C944D1548E2970 354421F7BDCC 97C976F0B7
CA3A25D61FA8137F4B9B15930003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

WASTE_PUBLIC_KEY 20 1536 Roka
E0E7045078799B1D9D83CD7CA740CFFA6DFE3A64B407 437862 AA651B4E1F
F264A8F145CB316AA4242F4B544AEBD93C29DD 282B990F2FE2 EFB9F1E8DD
A46FC67AAE67A868262995878A98612DFCACAE 759452AE494D 8CA444BBA6
D2862C9AFEE4655E7EE6422FDBC4A9F8071B04 93C308054D0C 237B0BCB9A
06CC8B7F07954869F87737AF65445B3E6089CB 34CA4E14186D 6DD5D97CC5
DDB81DE82174138500FF58E560850E0CEF3831 A0726324D553 22E1FC359F
822BDD3D21CC3EEBDEB3A1310003010001
WA STE_PUBLIC_KEY_END

Re:up and running on linux

[phatsphere]

WASTE_PUBLIC_KEY 20 2048 phatsphere
A4903E0C190668515830B3D1A80BBD8DBBAC95 7EB5944A55F2 7298B6D42B
74CBBA8DDEDB02C45A77BBB38EABB671F66A48 73570AA85709 912FE8BD9C
7B19C45811060D06BB093A48A77E43A00F367A 5E9B2C5E1A07 388890C410
5ABEDE75C30C20128C0AE023AE89F93510E215 CC92FDFE9DE5 3A6C743C8F
85AEE54BF190AA5FEBD51D654F3A193901F94E 5A0D31BB6651 96E32CC94F
7BED58DFFFF8AE29422E71BB1A03DAD4FB370A 228233280EE8 5C75718E17
0021D828C455BB0D4B2EC8BE4A61AC44673B45 A5181289AB30 4ECA0CB510
B5C3FC957356863088AEC59870386B74CB66F1 F809A1BA0135 505384E778
ED4B675B015C79E7BBF28B29458375DF000301 0001
WASTE_PUBLIC_KEY_END

Why

[StarKruzr]

would a company spend money on an employee to *read people's IMs*? Doesn't that sound like an absurd way to spend resources to anyone else?

Re:Why

[IMarvinTPA]

Depends on the company,
If you have corporate secrets that you don't want going out, you might want to know they are chatting them out to somebody and stop them.
Loosing that contract because your competetor knew sensitive information about your bid and creatively worded theirs to seem innocent but some-how slamming would be bad.
So, one geek's salary to potentially land that multi-million dollar contract is a small price to pay. This could be complicated by the fact that there may be a business reason to use such software (morale?).

Just a possibility.
IMarv

Re:Why

This wasn't an official policy. This is just what the geeks in the security dept. did when they were bored.

But this particular employer was very concerned (with good reason -- they worked on some sensitive stuff) with employees leaking organizational secrets to the outside world via email, IRC, P2P, etc.

mac os x binary

can someone post a like to a mac os x binary. i tried make -f Makefile.darwin, but it fails with this:

fers.cpp: In member function `void XferSend::onGotMsg(C_FileSendRequest*)': xfers.cpp:350: warning: passing negative value `-1' for argument 1 of `void C_FileSendReply::set_index(unsigned int)' xfers.cpp: In destructor `XferRecv::~XferRecv()': xfers.cpp:812: `RemoveDirectory' undeclared (first use this function) xfers.cpp:812: (Each undeclared identifier is reported only once for each function it appears in.) make: *** [xfers.o] Error 1

Re:mac os x binary

Download: sigma.netbsd.se/macosx_waste.tgz

there are three files modified:

platform.h to fix the problem you were posting
Makefile to make it compile as it should one a apple platform (-no-precompile flag)
xfers.cpp to add a cast so that it wont make warnings.

Re:mac os x binary

[caligulla]

Can someone eMail me a copy of the source??.... Send it to caligula@pbth.com please.... I would like to take a look at their embedded routing mechanism as I am planning on using something similar for a massively multiplayer online games games library.... It would help to look at their implementation to see where it might be improved.

Thanks in advance!

Former Smoker...Can't help it

1.5 packs a day...
8 months free...

Try Lifesign
I haven't even thought of going back.

(I know it's offtopic, but it does work miracles, and I gotta preach at least occasionally!)

The good, and the bad....

[NerveGas]

While on the surface, this might seem like a reinvention of IP tunnelling and VPN's, there are a couple of important features bundled in that set it apart:

1. It turns each node into a router. While you can establish a VPN with other tool kits, you still have to enable and configure the routing manually.

2. It's entirely user-land - it's a standalone program that a user can plop on their machine and be on their way.

The best part about it is that you can get through firewalls. The worst part about it is that you can get through firewalls.

Most people are pretty polar in their opinions of firewalls, with most of those people seeing them a fascist mechanism to control what they can see. In some (perhaps most) cases, that can be true. However, firewalls are much more than that: They can (and often are) used to protect YOU, the clueless end-user, from the other bad people on the Internet.

After I clear out counters on firewall rules, it's not uncommon to see 10-20 (sometimes more) incoming attacks within 5 seconds.

So, this will be great for letting people browse the web from work. On the other hand, it will expose them to propagation of worms and attacks which would have otherwise been caught by the firewall.

Is this a good program? Overall, I think that it's a good thing that NullSoft created it. We simply need to realize that with all of the benefits it brings, it will also bring a few negatvies with it.

steve

Re:The good, and the bad....

[evilviper]

Firewalls are the maginot line of computer security. It may help, but if you are depending on it, you are screwing yourself over even more than you would be by not having it there at all.

Waste Public Node List

[Str8Dog]

I threw up a forum for people who would like to list their public nodes here

Re:Waste Public Node List

[Technician]

It's been recalled. See the download link in the story. It was not to be released.

A cut and paste from the ex-download page;

NOTICE OF UNAUTHORIZED SOFTWARE

An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.

Thank you.

Nullsoft

Key negotiation .. hmm .. needs work

[apankrat]

I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.

Appealing or not, but according to the document bundled with source distribution their key exchange takes 8 messages to complete. SSL does it with 4 packets (with multiple messages per packet), IKE - with 3 (in aggressive mode).

They also seem to impose extra load on CPU with unneccessary crypto operations (step 1 and 2), derive keys in funky way, do not provide (or do not document) rekeying mechanisms, do not provide a replay protection, etc, etc.

With all due respect, this stuff needs a major facelift and a cleanup.

Re:Key negotiation .. hmm .. needs work

[Moofie]

So get on it. That's what Open Source is for, right?

ICQ protocol

[1of0]

I have studied ICQ protocol about a year and a half ago in some detail.

At the time the clients would try to estabilish a direct TCP connection amongst themselves as best they could, even for a single message, only resorting to a using the server for relay if: a) both of the clients are behind a firewall b) One of the clients disabled this feature not to reviel his/her IP address.

Of course in my expirience a) is very often the case these days.

BTW: Trillian Is an excellent ICQ/AIM/MSN/Yahoo client which supports Blowfish encryptions on any of these protocols if the other client is also using Trillian.

Err ..

[apankrat]

...forward one TCP port (yes, only one) from your firewall to desktop, and that's it forever.

That's "one IP protocol", not "one TCP port".
Just nitpicking :)

Re:Err ..

[graveyhead]

Err, no. One TCP port.

All other packet types are converted. Including UDP as some other moron AC pointed out.

Re:Err ..

[apankrat]

Well, you implied you were using built-in Windows VPN, which is a standard IPsec, which is an IP layer protocol. If it happens to run over TCP, it's - as some purists may say - not a VPN and it's definetly not a native Windows component.

Still nitpicking :)
What's that you run anyways ?

Re:Err ..

[jshare]

Did they change stuff when I wasn't looking? I thought win2k still used PPTP to do their "trivial" VPNs. Sure win2k has support for IPSec, but the most common "VPN" that anyone will ever do is the PPTP style. Which would be 1 TCP connection (port 1723) that you run PPP over.

Using the IPSec stuff is way nicer though, since you don't have to do any special "connect" stuff after you configure it (i.e. you don't have to "dial up" before you can use the VPN). It all just works based on the rulesets you specify.

If you want to set up a real IPSec VPN with FreeS/WAN and win2k, they have some fairly mature tools available. Head on over to http://www.freeswan.ca to check them out.

Nullsoft's Product Names

[Midajo]

Probably the same company that made the PIMP (and afterwards the SuperPIMP) install system...

And let's not forget the program packass.exe, which creates a big .ASS archive, similar to a tarball. No, I'm not kidding. Check it out.
Buncha hooligans.

Re:Nullsoft's Product Names

Heh, the url is http://www.nullsoft.com/free/ass/

Put that on the front page and it'll get slashdotted quick.

Re:A trojan distributors wet dream... or a terrori

That is why we need "critical mass". The bigger the network grows the harder it is to stop.

Re:fix what needs fixing

[Midajo]

Oh, quitcher whining. No one is forcing you to use the latest release of Winamp. Hell, as far as I'm concerned, v2.23 was the last decent release. Guess which version I use? Sure, I try out the new releases, but I don't burst into tears when they fail to measure up to 2.23. I just delete them. There's a few hundred other audio players out there as well. Blast, this is offtopic.

Slashdot waste network

[throwaway18]

I'd like to play with Waste and see how well it works with a group of people spread across the internet. Would anyone like to form
a waste network of random slashdotters?
I'm busy now so this will probably not start rolling until the
coming weekend.

Leave a message in my slashdot journal or use my current
throwaway email address zaphodbond@yahoo.com

I suspect the thing we need most is someone with a static
ip or domain name to announce thier public key and leave
waste running continuously for a few days.

I'm not using a network name in waste.

Re:Slashdot waste network

[Tijgerhaai]

Does anyone have a copy of this app? I would love to mirror this until enough people have it!

Re:Slashdot waste network

Knock yourself out:

http://www.dhorrocks2003.pwp.blueyonder.co.uk/wa st e-setup.exe

Re:Slashdot waste network

WASTE_PUBLIC_KEY 20 2048 kdigitized
C90DBB3F0CFE3FC64B933DB3E57A88B6B2795D AA7DD652820B E0AC5D90DE
75B478DAE297BD9F14CE9C0229D2E6DE92D53D C73AAEE0C6AE 770515AF1D
CC15FF39028206CEDDDF01150CBAD713E5EBA2 D8CA50BF9B2B 98A991729C
37FFD0B4D759B5A46765E334892465069F36BE B70DD00779B5 43F7FEE613
8CF6A9AE4609C18706FB4D8F9F2C223FBC85F2 879E5F9A5645 2C983AF2DD
C2AA0287B52F754CE685C2149F90D79A80D68C 4194A4AD7C05 969F8B77E7
D0FA9C22FFBE46A683FB562C63150411068232 276E063BB85C AEE65AC326
BCAC57B762B2EEE499C43F563442E3E4A74C0A CC111D50C2A5 7AA5C72504
07AA75710AACD2534DB3042D09C5AF6D000301 0001
WASTE_PUBLIC_KEY_END

Apples/oranges, etc

[Sven+The+Space+Monke]

I work for a small *company*

Ay, there's the rub. Of course a COMPANY needs to comunicate in a secure fashion. But a person? Why would a person need privacy? Don't you realize that if we let people talk without the government being able to listen in, they might plan a bombing?

Turning down the sarcasm (but not the jaded cynisism) a bit, it doesn't take alot for me to image an **AA-type organization getting pissy about this. They've demonstrated in the past how they feel they have not only the right, but the obligation to police us (the public). Should there be a widely-available, free system where people can trade information (be it text messages, files, etc.) without being snooped, then there will be those what wonder what these people have to hide. I think we can all agree that the current political/corporate climate is "those who do nothing wrong have nothing to hide". There's nothing wrong makin' time with my girlfriend, or suffering from the ill effects of some spicy mexican, but that doesn't mean I want anyone else watching. The unfortunate reality is that many people no longer agree with me. "For security's sake" is the salvo invoked at every turn, and those who don't agree are dissidents. In a few years time, I'm afraid, we may encounter another era where dissident equals terrorist. As for piracy, the lawmakers tend to believe what they're PAID to believe. Unless we have a massive, wide-spread attack of common sense (yeah, that'll happen), our only hope is that the PAC's (such as the RIAA/MPAA) run out of money before we run out of rights.

Shh!

[AlphaHelix]

Now you've told them everything! You fool! You fool!

Re:name "Waste" -- Pynchon's The Crying of Lot 49

[dav]

Ah! I love this book! I about jumped out of my seat as soon as I saw the trumpet icon :) ...but isn't it supposed to be a muted trumpet?

Nevertheless, it's a great name choice....

WASTE

[jefu]

The first thing I thought of when I saw the name was Pynchon's "The Crying of Lot 49".

We Await Silent Tristero's Empire!

Obscure, off topic and odd. (The three essential "O"'s)

REBOL

[witchman]

If you like the idea of secure content sharing, but don't want the node limitation, check out REBOL desktop (www.rebol.com). Its not free but it works on a number of different platforms, has hooks for encryption and is made by the same guy who did most of the work on the Amiga OS, Carl Sassenrath, and I trust him way more than I trust AOL.

Moderator you are an idiot!

Yes, its a redundant comment - but STOP modding people down! Using it to mod people UP - its a complete waste of a mod and shows you are not up to the task!

Re:fix what needs fixing

[LordMyren]

they backported the crashes like mad feature, and added in an extra helping of the steal as much memory as we can bonuns too.

winamp 2.8 or bust.

Another Baby Step...

[LordMyren]

When are we going to see a scalable implementation of something like this for VPN's?

All we need is some fancy open source high falutinocity software to come along and provide distributed mesh networking on top of the secure VPN infrastructure.

Im sick of seeing security having to be reinvented again and again for every single application. End to end encryption would be one of the most humanitarian efforts ever run by computer science.

well, the download page just went 404

[ntk]

I guess AOL found out again...

Re:well, the download page just went 404

[Eminence]

Well, all the pages about WASTE are 404 now, WASTE also disappeared from the list of software made by Nullsoft. But - as I said already here - it's already irrelevant, as the GPL-ed source is already mirrored around the world and will be worked on. Soon we will see ports and mutations of WASTE everywhere.

Looks like the guys at Nullsoft learned from Gnutella...

GPL hinders acceptance of software

qt is licensed under gpl. is it's use in applications hindered?

YES. Do you think Sun would have chosen Gnome over KDE if it weren't for GTK being under the LGPL instead of the GPL? At the time Gnome was quite primitive compared to KDE (actually some might argue that it still is), but since it had a better license, Sun chose Gnome.

As an open source developer who licenses his software under the MIT/X11 License, I will never use QT for this reason.

404

[oohp]

The link now returns a 404. It was there and suddently it dissapeared. Did they pull it down from the site? Did anybody mirror this?!

WASTE pulled?

[Sleepyguy]

Forum on NULLSOFT.com is gone, http://nullsoft.com/free/waste is gone, not listed on the dev page anymore.

maybe big momma AOL is non-plused.

it's a good idea with a flawed implimentation, i hope someone takes it and runs with it.

Gone!

[Luminair]

Nullsoft took it down. That was quick. Bring on the mirrors for source and binary.

Re: Gone!

[MMHere]

Thread ID#13077 in a message entitled WASTE gone... RETURNED! (look in the forum CommunityCenter/GeneralDiscussions at forums.winamp.com has the source and binary posted.

You'll have to register for the WinAmp forums first.

Not sure if the poster hacked/altered them first, but at least something appears to be there. I was unable to grab the installer earlier, but I did grab the .zip for the sources earlier. The .zip I grabbed earlier and the .zip posted in said forum match according to the cmp command.

I'm gonna build from the sources myself rather than run the posted .EXE.

Re: Gone!

[SheepHead]

Well, I had to jump through a hoop or two to get to the message (linking there gave me a 404, searching found it) - but, in the end it looks like there is a WASTE page here.

WASTE WEBSITE 404

as of now, the waste website is 404, whered it go??!?!?!

didnt take em too long...

and now W A S T E

[akahige]

AOL must not like W A S T E either. it's been pulled and there's no trace of it on the nullsoft site. hope someone mirrored it...

Re:and now W A S T E

[vrtladept]

I have the binary and one of the source files. If someone is putting up a mirror I'd be happy to send them what that and what I managed to pull out of my internet cache .. (drop me some email)

Re:and now W A S T E

[ministeroforder]

dude, I am looking for the mirror. Can you point me the way to San Jose? thks m

Re:and now W A S T E

[Tekzel]

Well I wanted to drop you some email, but I couldnt find your email anywhere. :)

Re:and now W A S T E

http://slackerbitch.free.fr/waste/download.html

Is it AOL's response ?

Not Found
The requested URL /free/waste/ was not found on this server.

Apache/1.3.26 Server at www.nullsoft.com Port 80

Poof!!! Gone!

[MrCode]

While reading this article I decided to go ahead and download WASTE, but oops, 404 on the download page. I then reloaded the main WASTE page...oops, 404. I then reloaded the main Nullsoft page and poof, no more WASTE.

Looks like someone at AOL Time Warner didn't like this, despite it being more of an enterprise IM tool instead of a P2P file sharing tool...

Anyone care to mirror the compiled app and the source?

Already gone from Nullsoft

[CntZero]

The link just disappeared from the NullSoft website. Hmmm, I wonder who they pissed off in the mother ship.

Its already been removed. Mirrors?

[Danathar]

Well, it looks like it's gone. Does anybody have a mirror?

WASTE HAS ALREADY BEEN PULLED!

Didn't even last a day and it's already erased from nullsoft's site. No longer listed as a project.

http://www.nullsoft.com/pinkumbrella.phtml

It's already gone

AOL must have gotten wind of it. It's already missing from nullsoft's page. Anyone mirrored it yet?

Found a Mirror

while perusing the winamp forums, I found a mirror:

waste installer
waste source

Re:Found a Mirror

[Quince+alPillan]

And if you go to this link you can see all the information about installing it, details on how it works, etc.

Damage control.

[Ayanami+Rei]

Anyone have links to people at AOL they can bitch to? WE WANT W A S T E!!

Thank god I already downloaded the source.

Re:Gnutella - YES

[Compenguin]

"Umm no, I was one of the first downloaders, and they didn't release the source. They were waiting to finalize the protocol. The handshake of their client is "Gnutella/0.4".

WASTE mirror

http://slackerbitch.free.fr/waste/

The nullsoft.com site should be back up soon, this is a fast mirror.

Re:WASTE mirror

[r4lv3k]

Why do you think the nullsoft site will be up soon? Are you from NS? Was it pulled b/c of bandwidth or politics?

Re:Waste Mirror

[GuNgA-DiN]

I've put up another mirror here.

Nullsoft waste, bug with port number above 32767

[throwaway18]

It looks like Nullsoft won't be accepting bug reports for waste so I'l
mention my bug list here.

It looks like it is using a signed 16bit variable for the port number somwhere, if a client is set to use a port above 32767 it gets treated
as a negative number and other clients can't connect.

A minor one is the the port number setting is not saved if you change it then close the settings dialog without pressing the update button.

I'l put my temporary waste node on a different prt, see my journal.

waste was pulled from nullsoft.

i just noticed that they wave pulled waste from the forums and nullsoft. would anyone know why they did this? any info would be great and thanks for reading.

oh well

[WilyKit]

The URL provided is 404.

Looks like they did it again, got AOL Time Warner scrambling and they pulled the plug. (Same thing happened with Gnutella, remember?)

Nullsoft Slashdotted?

[Quince+alPillan]

And then they removed the folder so they wouldn't be slashdotted. Or, (insert conspiracy theory here). The only links I could find to any of the information or files were Nullsoft links. Anybody got a mirror?

Wow. What a quote.

[Hecatonchires]

I want to read this book

Profit for AOL?

[nacturation]

As for why AOL lets Nullsoft do things like this, I suppose the choice is either to let them work on what they want to or lose the talent. What Nullsoft is doing is the best thing for the net, and so is the best thing for AOL in the end.

The interesting question here is how does AOL profit from Waste? AOL is in business to gather as many paying customers as they can and return a value for shareholders. Funding the development of something which is given away for free and doesn't require you to be on AOL seems to go against this goal. Nobody's going to sign up for AOL service just because they released a cool distributed networking tool.

Nullsoft's website returns 404 on these pages

[Bellhead]

As of 23:31 UTC 29 May, http://www.nullsoft.com/free/waste/
returns a "not found" error.

Has WASTE been pulled?

Bellhead

Waste Mirror

[Freaek]

Waste is here

Contents of the file are as follows;

waste - network architecture.htm
waste - network architecture_files
waste - security model and implementation.htm
waste-setup.exe
waste-source.tar.gz
waste-source.zip

This will be up until it's not. Enjoy! :)

--Pete (peteg [at] sifnt dot net)

History repeats itself...

It's official...

Much in the way that AOL forced Nullsoft to pull their nascent "Gnutella" technology when it first came out, it appears AOL has once again forced Nullsoft to yank distribution of their "Waste" secure P2P-based file sharing and messaging software.

Slashdot.org announced the product this morning, and by afternoon it is officially gone from the Nullsoft site.

Fortunately, the Internet routes around censorship and the software is still available here (along with an interesting chat forum on the subject) and, undoubtedly, in other places around the net.

It's likely that the source and binaries for this much-needed freedom-inducing GPLed software will be making an appearance on a freesite at some point in the not-so-distant-future.

Yes folks, history, once again, repeats itself.
I guess it just shows to go you, that when it comes to kick-ass software Justin Frankel is still the man!

Gone already - where's the SF project page?

[jmanning2k]

Looks like someone in charge noticed and had it pulled. Their attention was probably drawn by the horrendus slashdotting it received.
Well, maybe it'll be back later. Either way, the source is out and it's sure to follow the path of Gnutella.
And, as someone mentioned previously, they were acquired back in May of 1999, so it's almost certain that this (along with the source), is just a shot back at AOL.

so what the hell happened????

[marcushnk]

Since when does something as potentially big as this just dissaper off the web and know one able to say WHY!?!?!

Whats going on? DID AOL pull it, or did nullsoft pull it cause its just a beta???

wifi

[Afbc0m]

anyone see the possibilities of distributed wifi networks? file sharing simply and easily accross wifi as well as bridging to the internet or a corporate lan

Re:Nullsoft waste, bug with port number above 3276

[throwaway18]

I spoke too soon, It's just a display bug.
I didn't realise how the key management(or lack of) works.

Instead of just disconnecting and reconnecting with no obvious clue about what wrong waste should pop up a box saying "You have the other clients public key be he dosn't have yours!" or vice versa.

There is lots fo room to improve the key management in Waste

Re:Gnutella: Ouch this is gone also

[Tuna_Shooter]

Poof !!! and like magic its gone from the NullSoft site.....

Name's taken

[eMartin]

Yeah, I know they are different types of software, but WASTE is a text engine used by a bunch of (classic only?) Mac OS applications, including IE for the Mac and some popular text editors.

Mirror

[nabucco]

Any of you who have clicked on the link after 9:30PM EST on May 29th will notice that the software is missing from Nullsoft - shades of Gnutella! No worries, I downloaded it so anyone who wants it is free to grab it at my web site.

Re:Gnutella: Ouch this is gone also

[ragingmime]

That is creepy... but maybe Nullsoft just took it off to keep their site from getting /.ed. Then again, there's not even a broken link or anything on the site... it's just gone. And like people have been saying, that's what happened with Gnutella. (It also happened with a program called AIMazing, by the way - it took the ads out of AOL Instant Messenger, and one day the program was magically vanished from the Nullsoft site without a trace.) I've got to hand it to the Nullsoft guys - they've got guts writing software like that under AOL Time Warner. I guess we'll have to check back tomorrow to find out for sure what happened - even if someone can mirror Waste, I don't think that a program that you have to get from some obscure mirror somewhere and that won't be updated by the authors will never be widely accepted. Sad...

Comments from a guy who's actually used it ..

[Splat]

Windows Client ..

First things first:

The client sucks. Really sucks. But so did Gnutella. Hell, it's bleeding edge. I'm happy it works as well as it does.

Two friends and myself hopped on our own little network. And all be damned, it worked.

For 2 of us, after we exited the program it no longer took our private key passphrases. Thus we had to make new keys. This is obviously a really, really bad bug. Or we're just stupid. Somehow I'm inclined to say it's the latter.

The technology behind this is very cool. You essentially get the bastard child of a VPN with the ease of P2P. Setting up your own little secure collborative chat/file trading network is very easy.

This will be a damn nice gadget once we get some better clients. (yay GPL!)

Re:Comments from a guy who's actually used it ..

[marcushnk]

ok what I found is that after you generate it the first time, if you click on the "generate key" button in preferences but cancel out without generating a new key, it looses the first key you made.. thus the result you got.. /.02

Re:Comments from a guy who's actually used it ..

[yppiz]

I tried the Windows client on Windows 2000. I used an passphrase with letters, numbers, and punctuation. I was unable to connect to another user on my local network.

We exchanged keys via the cut and paste method, rather than sending files. So both of us had the other's public key. But the clients didn't want to talk to each other.

--Pat / zippy@cs.brandeis.edu

Re:Gnutella: Ouch this is gone also

[Jouster]

The other fun part was that, the day after the Gnutella debacle, they managed to sneak in a mention of Nutella (and a picture of it!) into their "Ask Nullsoft" section. I wonder if they'll do something similar with WASTE?

Coincidentally, see also this lecture on this history of Gnutella (warning: PDF), or its handy Google HTML-ized version.

Jouster

Possible Bug Explanation

[Splat]

User 1: Alphanumeric password
User 2: Alphanumeric password
User 3: Alphabetic password

It ate the passphrases on User 1 & 2.

Conclusion:

Stick to alphabetic passwords only for now on the windows client.

Mirror

Anyone have a mirror up yet? Nullsoft took it down already.

Beef or no beef, WASTE has been Slashdotted !

[Taco+Cowboy]

Tried to get to the

WASTE DOWNLOAD PAGE

and found that it has been /.ed !

If anyone successfully got to that page, can you please share with us info on how to dl WASTE ?

Thanks !

Re:Beef or no beef, WASTE has been Slashdotted !

[zonker]

not slashdotted, yanked. look again.

Re:Beef or no beef, WASTE has been Slashdotted !

for de dor de dor de dor...ooopsie...

Also do this

I do not know CPP so I cannot help with the xfers warning problem. But you should add "-no-cpp-precomp" in the Make file to remove most other errors like the redefined BIG_ENDIAN.

should look like this:

CXXFLAGS = -O2 $(DEBUGFLAG) -pipe -no-cpp-precomp -Irsa -DBIG_ENDIAN
CFLAGS = -O2 $(DEBUGFLAG) -pipe -no-cpp-precomp -Irsa -DBIG_ENDIAN

Re:Also do this

But you could do this:

look for this line in xfers.cpp: "m_reply.set_index" (there is only on in the file)

and change it from "m_reply.set_index(-1)" to "m_reply.set_index((unsigned)-1)" (by doing this youre making a cast in C language anyway, its kind of translation between different types).

This wya there should be no errors at all when compiling this on the darwin platform.

Download done version...already compiled with src

You can download an already modified and precompiled version at http://sigma.netbsd.se/macosx_waste.tgz. But there is no keys. The only files modifed are Makefile and xfers.cpp.

Has WASTE been removed from nullsoft ?

[Taco+Cowboy]

Both the Download Page and the Security Page aren't accessible.

This bring the question of whether WASTE have been removed from nullsoft.com, or not?

Re:Has WASTE been removed from nullsoft ?

[caligulla]

Of course they removed it, AOL is also a motion picture and music company. You think they want a webbed intercommunication tool floating around there whose content they can't scan for pirated material? Of course not.... Yet another example of why the paranoia of the RIAA and other special interest groups is holding back the progress of network computing. Almost makes me want to write something similar just to spite them. It's not like RSA is a hard encryption standard to write for... I have the basic algorithms for it in "The Art of Computer Programming, Volume 2; Semi-numerical Algorithms, Third Edition". A good read for anyone interested in writing such a tool, by Don Knuth, publisher is Addison Wesley. I recommend the entire series to any programmer, particularly those who like to use mathematical analysis of algorithms.

Has WASTE become another victim, like Gnutella ?

[Taco+Cowboy]

I clicked on the links to WASTE that /. has so generously provided, and I found out that both the Download Page and the Security Page of WASTE can't be accessed!

I wonder if WASTE have been removed from nullsoft.com, since nullsoft is owned by AOL?

404's; Waste Offline.

Waste seems to have been taken offline for now, is this perhaps like when Gnutella was taken offline for a shortwhile when it was first /.'ed during the beta phase... Or perhaps AOL really cracked it at Justin?

Please put up mirrors for WASTE, thank you !

[Taco+Cowboy]

Those of you who are lucky, who have downloaded WASTE, please mirror the thing.

Seems like WASTE has been pulled from nullsoft, a repeat of the gnutella saga.

Thank you !

Re:Please put up mirrors for WASTE, thank you !

has anyone mirrored the former waste site?

Re:Please put up mirrors for WASTE, thank you !

http://waste.2mbit.com/index2.html

Re:Please put up mirrors for WASTE, thank you !

Links to the software can be found here
http://www.broadbandreports.com/forum/remark ,70002 89~root=poll,swapping~mode=flat

Re:Has WASTE become another victim, like Gnutella

Same problem eight hours ago.. anyone have a mirror yet?

Re:Has WASTE become another victim, like Gnutella

[hongbits]

http://members.cox.net/nswaste/waste-setup.exe http://members.cox.net/nswaste/waste-source.zip http://www.dhorrocks2003.pwp.blueyonder.co.uk/ hong...

mirrored

[oohp]

Heh, I mirrored it from some site, just for the sake pissing AOL off. Get everything here and put up some new public mirrors. Hopefully someone will take the source and further develop. It seems like a good idea.

Site is down, link removed

[fionnmaccool]

Looks like the page has been removed, as well as the link from the main page. Anyone have time to set up a mirror?

First page

[lobsterGun]

It's a shame that yesteday was such a heavy news day. This deserved to be on the front page longer.

With the rapidity that W A S T E disappeared from the nullsoft site I'm surprised that there hasn't been another slashdot story on the subject.

Re:First page

With the Nullsoft page removed, and this story quickly being relegated to the depths of slashdot's archive, is anyone going to setup a new home for WASTE. Somewhere to log bugs and coordinate development. If WASTE is to progress this is something that needs to happen. Perhaps a Sourceforge Project?

First "official" news of WASTE's pull?

[irenetheno]

I just did a Google News search and there appears to be some official word out.

Re:First "official" news of WASTE's pull?

[irenetheno]

The CNET story seems to have a few more details.

Btw, here's my search.

Re:First "official" news of WASTE's pull?

This is rather interesting and a bit of a shame. We were already testing this out at work to aid our developers and had already begun implementing a couple of changes (added a flashing taskbar for pre NT5 users, sounds, more text color options (to differentiate the name/message), and 'Away' notifications).

I hate to just stop using it since it is such a neat format...

My public key

WASTE_PUBLIC_KEY 20 1536 L3stat
CD98444224CDA2080611490C139FBDD0C57043ADC1 3959F554 05FAE37392
98CB8ACB72AD522525AAAB64C84AD52B7B78CB 5195E6587D08 4A6FDEC4E8
4A3944F07F79F9CF416CCB7FD3F53E3695A4C1 2A1FD28F6FE7 A5E34D1772
694E4D551212844642AC9D658C4DD8E3B40537 01B8C3020CFF FDAE8DFAD4
388340074A568DD60FBB489EFABCA82B07695D 81394FF11035 CE7B6F13AC
B64714B9106EAC502D98D6AC5DA712E0016B8F 406918DFAA5F 33F1FE7426
9CF72BB07EA40774B7155AFB0003010001
WA STE_PUBLIC_KEY_END

Re:Twenty Four Hours later...

It's been yanked down by AOL.
http://news.com.com/2100-1032_3-1011585.html ?tag=f d_top

JS.

oops...

[not_on_fire]

Has everyone seen this? Nullsoft's *new* waste page. We didn't mean to let you download waste... give it back!

Re:oops...

Can they change the licence now?
I mean, as we downloaded the source under the GPL license, can they *legally* take it back?

Re:oops...

>Can they change the licence now?
>I mean, as we downloaded the source under the GPL license, can they *legally* take it back?

go ahead, Ask Slashdot!

NOTICE OF UNAUTHORIZED SOFTWARE

[DrRiffic]

An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.

Thank you.

Nullsoft

Re:NOTICE OF UNAUTHORIZED SOFTWARE

No doubt AOL made Nullsoft post it. AOL wants to pretend like it has control of everything when really it has control of nothing.

WASTE && FreeBSD

[steve81]

Hello! I try to compile the WASTE server on my little box with freebsd 4.7... but give me a lot of error on md5c.c ... anyone have an idea? :) Thanks anyways ^^

it's official, AOL pulled the plug on Waste

Less than 24 hours after its public debut, WASTE was pulled offline by Nullsoft parent company AOL. In a notice posted to the former WASTE Web site, AOL said the release was "unauthorized" and revoked all rights to the software, demanding WASTE be deleted from users' computers.

"If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer," the notice reads. "Any license that you may believe you acquired with the Software is void, revoked and terminated. Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws. "

http://www.betanews.com/article.php3?sid=1054 340168

there's a statement up now...

[mumkin]

...at the former waste URL (http://www.nullsoft.com/free/waste). This grows more interesting by the day.

NOTICE OF UNAUTHORIZED SOFTWARE

An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.

Thank you.

Nullsoft

Re:there's a statement up now...

[defiant_penguin]

you can download it here http://fileforum.betanews.com/detail.php3?fid=1054 104235

W A S T E has been pulled.

[mgbastard]

The following was posted Friday. How interesting - I guess even with Steve Case gone, you can still get called into the principal's office.

On a further note, can they really state this, that is revoke their license, once issued? The GPL doesn't seem to allow for that, right?

NOTICE OF UNAUTHORIZED SOFTWARE

An unauthorized copy of Nullsoft's copyrighted software was briefly
posted on this website on or about Wednesday May 28, 2003. The
software was identified as "WASTE" (the "Software") and includes
the files "waste-setup.exe", "waste-source.zip",
"waste-source.tar.gz" and any additional files contained in these
files.

Nullsoft is the exclusive owner of all right, title and interest in
the Software. The posting of the Software on this website was not
authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you
acquired no lawful rights to the Software and must destroy any and
all copies of the Software, including by deleting it from your
computer. Any license that you may believe you acquired with the
Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the
Software by you is unauthorized and an infringement of Nullsoft's
copyright in the Software as well as a potential violation of other
laws.

Thank you.

Nullsoft

Hallucinella

[dipipanone]

you'd have to consume the equiv. of 50 lbs of nutmeg to derive a usable high

Where on earth did you get this idea from? Nutmeg has long been used as an intoxicant in places where there's limited access to more usual products. Malcolm X's biography talks about his experience of using it in prison.

If I recall correctly, the active dose is the powdered equivalent of one or two whole nutmegs - though I believe the effects are somewhat unpleasant and include nausea, drowsyness, etc.

Re:Hallucinella

[Anonymous+DWord]

Erowid is, as always, your friend.

My Public Key

[J2000_ca]

WASTE_PUBLIC_KEY 20 4096 J2000_ca
CA344893D6FF3A4FD41827B94602FA996E343F22 2E9EC86FB4 DD631CB854
62A709B8DA321FEC4BB1B7148AAB2946671E58 BC22309443FC 7F1505DA71
009396D7B0F22CCF4512D5E7131B3767CE10A7 9160E2641B25 7C74B5A6FC
E691C442B6394B5F68AC76DBA2D7F4FFFC5361 9CBE68DF3F75 7B634FA130
75DF47E6F5F7A4E37055ED3F7707C7A0D2B902 F60EA55F7AD1 EC7523DBF3
5FC027E51785D8A322046952906348280912E9 D2231CA1B7FD D6098EB686
13CC1AF8B451EE941C2D7D97DF2D1635D8EC1B 6F34B72BE230 4B591C1AB6
FE934CD506C834E907D6D9A23464C20B1D7581 5FA3007FA6CB C1B11A940B
503FEAB1686B5AD8D00EA34AF3E1795555A0B5 26F059A98926 B14C227A05
37A409CF23E4FB152E073A7346AD5C337CEEC0 73F9961A117E F5C4D6381B
3024474D7B487821C403E6729C606B902D5057 70AC1566C1ED 614D069B12
2F5A00C35EC348237ECA0ABA3E8647673EB45A 8D977AC14A0D 4F32D7BB9C
45990A12365BD5F2F45A901C54E68E69A639CF 7A31819AB6A2 541EC17724
E10E57287D0605A9BF7C89D1C49ED06C47BDD7 45CB9A9318BE 68A171DE20
B78EBF3C59C3CEA5CD49B3F081B7076FC6D49A 750A9D5E4DFE 6D61E90835
19E60E9D3BC4D882DED4748059CC4914DEFD46 FA75B18B16BA A5008FDEB9
BD0259EC7BCC0FB9798F1B49B1FA006E04427E 5563B479AAE9 D91BEA45EF
755B0003010001
WASTE_PUBLIC_KEY_END

stupid question

so did anyone get a copy? can anyone set up a mirror? anyone? anyone? buler, buler, buler...

Re:stupid question

[future+assassin]

Get it here http://fileforum.betanews.com/detail.php3?fid=1054 104235 Or check this ou. Apperantly its a mirror of the original site http://www.dhorrocks2003.pwp.blueyonder.co.uk/ your mom http://www.operationiraqliberation.com

A working mirror

http://waste.2mbit.com/index2.html

Downloads all work

Which begs the question.

[pherris]

If someone got the source code with a GPL copyright statement is Nullsoft/AOL bound by it? It seems from the parent's quote [from Nullsoft's website] that they are claiming WASTE was never meant to be posted and distributed. My guess is that they're trying to say they're not bound by the GPL.

Did someone get the code before it got pulled? Assuming it was released under the GPL can they now retract it?

Warning: parent is a goatse!

The parent is a goatse link. Do not click!

Re:Download and mirror this [ MIRROR + INFO LINKS]

Mirror of Nullsoft site:
http://www.dhorrocks2003.pwp.blueyonder.co. uk/

Download:
http://fileforum.betanews.com/detail. php3?fid=1054 104235

Project:
http://www.xenobit.de

A copy of the WASTE Beta 1.0 Can be found...

[Master+of+Transhuman]

here.

I just downloaded it so it's there. 170K - not very big stuff...

This is WASTE 1.0 Beta, BTW.

Take the stupid space Slashdot put in the file id out...

Add my Code Please

WASTE_PUBLIC_KEY 20 1536 DrKPepper
D0B131A7A20F9ABBE0BDBF9AE76D2E77471FE7D 7B21783B7435FAEE59AA9
7FE49BE3B208F85BFE99DEF3380 8D2D3D3CA844EF32F8215BB3393C35B79
44BF46A8A5BA181 14DB858ADED31FD058E2BFC2A19D8C358741233114CF7
A40 A05D03156AB194AFAA90602AFF734AFD52B01B41A589BFEAA4 0ED006B
7D458071F22347DA32CE713D3F26DE18AD5151E37 F4936BB1E73B2264AC2
0E0C11C4D2E20888CE5421A2B849B 8747B9752ECA2AC444A0DDC02D35B4B
C89E7DD42C477D3E1 BB1F4CD0003010001
WASTE_PUBLIC_KEY_END

Public Server Up

[bruns]

I've setup a public server on 'waste.2mbit.com' for people to use if they want. Its somewhat unstable, but it works.
Post your public key if you want to be added.

WASTE_PUBLIC_KEY 20 1536 SOSDG Server
EC45895B437B28ADC391973BCDB40BCF66C0799973 44A4FC3B C12C497917
49358159FD1933273375F80C57192B7F6192C9 345D35391D91 F8573DBB35
AA9DC66ABDBBE00A1997413F5B184F7DE8E821 1C48E1802833 EE5FE417C3
39A1ECFCFF6B11EB8F36769A31D3FD7610D80B DBFFC04FA195 4101D49BBC
53905BFDB91FF5857A007EFCB05440603ADC4C 266A234A9514 7D58238E91
8645F8AB9BF173B1E259BC49C0C5E4F11429B7 70C2CE78206E 963282B57F
ADC0647B7B904E10DA8EFB090003010001
WA STE_PUBLIC_KEY_END

did aol jst try to violate the gpl?

Any license that you may believe you acquired with the Software is void, revoked and terminated.

it seems to me this is a notice that they are about to violate the gpl

Is the waste network down?

I can't connect to anyone... is the WASTE network down?

is the waste network down?

I can't connect to anyone!!! HELP!

Amen!

[Compact+Dick]

couldn't get worse than that.