Slashdot Mirror
Nullsoft's Waste: Encrypted, Distributed, Mesh Net
Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."
Designed for small groups of people (up to 50)
It allows easy colloboration across firewalls, and only one user inside the firewall is required to allow all users inside access to the mesh.
Each link is encrypted, but each message is decrypted and re-encrypted at each hop of the mesh, so you have to trust all of the nodes. It's also very hard to drop a node onc it is trusted, as each node shares public keys around to make sure all nodes have all public keys. Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure.
All network traffic is encrypted, it will flood each mesh link with a minimum amount of bandwidth to foil traffic analysis.
That's W A S T E, not 'Waste'.
Yes, Nullsoft originally created Gnutella then parent company AOL forced them to stop development, but the cat was out of the back and code was leaked/reverse engineered.
Winamp 2.9 is the latest release of the Winamp 2.x codebase, which takes most of the good ideas that went into Winamp 3 and codes them back to an API free of excessive abstraction. It's been out for weeks, if not months. Check your facts before posting.
If you don't pretend to be anyone, are you?
uhh, waste is for small workgroups only ..
it's not about p2p file sharing, rather it's a colaborative tool.sure, you could use to to share illegal stuff, but it's really no different in that respect to email, icq, whatever.
nostrils
/joeyo
2^5
Indeed, here is the original slashdot story. Of course AOL quickly ended development at nullsoft, it lived on after the protocol had been reverse engineered and others picked up where nullsoft left off.
Firstly, the WA2 group backported the two major features of WA3 (video support and the media library) to WA2 and released it as WA 2.9. Development continues on a hybrid tree under the working title WA5 (2 + 3 == 5).
Secondly, not everyone shares your idea of "what they need to do". Winamp is a nice media player, but nevertheless just a media player; to many people, a protocol that facilitates cryptographically secure collaboration is infinitely more useful.
Thirdly, I'm not clear on what obligation you think Nullsoft owes you even when they're on company time, but I wouldn't be surprised if WASTE was written in spare time--you know, for fun.
Try searching on 'GNU General Public License' Einstein.
-Malakai
A Dragon Lives in my Garage
If your not scared of Beta software, there's an IRC client that supports encryption for queries and even channel messages. You do have to share your key with whom ever you want to be able to read your messages however.
It's KVirc 3 over at www.kvirc.net.
It's primarily writen for KDE/Linux but they also have a pre-compiled Win32 stand-alone.
__________________________________
Free your mind - Flush your toilet
Eh, yes it does. Otherwise I'd have a lot more connections open while talking to people than just the one single connection to AOL's server. Hence the 'direct connect' button, which then DOES establish a direct connection to the server. Also, ICQ now uses modified versions of the AIM protocol(s) anyway (or at least, can run on them), so all ICQ traffic prolly goes through the servers too.
I bet the other networks are the same. MSN, Yahoo, etc. Direct connections are a bit slower to start up, and a bit more of a security risk, since you now know the other person's IP address.
As much as I love Jabber, that's simply not true. Jabber has no widely implemented encryption between all links, and file transfer is not exactly its strong side.
Someone is wrong on the Internet!
Oh darn. Looks like they used some homebrew crap for their bignum stuff.
Common LibTomMath is like a billion times faster [not to mention very well tested]....
Plug plug plug!
http://math.libtomcrypt.org
Tom
Someday, I'll have a real sig.
You need at least one other client running somewhere.
You both need to enter each other's public key into your client to get started. This step shows that you "trust" one another.
Anyone else who wants to join your "network" must also enter one of your existing network members' public key into their client and have that existing member enter the new user's public key into *their* client. This step automatically makes the new person "trusted" by all the other members of the network - the important part is that you don't have to explicitly swap public keys with EVERYONE - just with one member of the network. The client does the rest once you connect to the network - see below.
Now, to get started and initially connect to someone's machine, enter their hostname or IP address (not their "username") into the "Network" window. This primes your client - it will then discover all it needs to know about the other members of the network, since by default, each client will be broadcasting discovery information (usernames, hostnames, public keys).
The "Browser" window shows all the users in the network, but currently ONLY if they are sharing one or more files. So, get each person who joins the network to share at least a test file so that they will always appear in everyone's "Browser" window.
Right-click on any names in the browser window to start interacting with them.
HTH
This is just plain wrong. The source was never available, leaked or otherwise.
The protocol was reverse engineered, with a little assistance on IRC from deadbeef.
Also, this is technology that might be very useful to AOL. AIM's big drawback is that it's not very secure, and really shouldn't be used for sensitive corporate communication. (Though the engineers at my last employer used it anyway.) AOL could persuade people that are already using AIM for free to upgrade to WASTE in order to secure their communications. Not to mention the other features.
We Await Silent Trystero's Empire!
yeah, the root of this is a #define for socklen_t in the non-win32 code (which is already typedef'd in system headers). my solution was to put a #ifdef POSIX around the define.
You can be an atheist and still not want to succumb to some weird cross-over sheep disease -- AC
my server's public keyserver name is entheal.com (you may have guessed from the public key
You can be an atheist and still not want to succumb to some weird cross-over sheep disease -- AC
This code actually does work, with this patch you are able to both transfer files, connect, and chat.
The tricky thing is to set up the server properly.
The easiest way is like someone else pointed out to make a new profile in waste, (copy your own default.pr* files out of the way first).
Then, add your public SERVER key to your public-key list in the windows-client. And add your public-windows-client-key to the list of keys of the server.. (default.pr3).
Dont forget to NOT use a network name ( or make sure they are the same in your default.pr0 files).
If you want to join my server contact me on icq: 706826, or see http://waste.mjoelkbar.net/ which will be online soon.
I guess AOL found out again...
AOL must not like W A S T E either. it's been pulled and there's no trace of it on the nullsoft site. hope someone mirrored it...
while perusing the winamp forums, I found a mirror:
waste installer
waste source
You'll have to register for the WinAmp forums first.
Not sure if the poster hacked/altered them first, but at least something appears to be there. I was unable to grab the installer earlier, but I did grab the .zip for the sources earlier. The .zip I grabbed earlier and the .zip posted in said forum match according to the cmp command.
I'm gonna build from the sources myself rather than run the posted .EXE.
Waste is here
Contents of the file are as follows;
This will be up until it's not. Enjoy! :)
--Pete (peteg [at] sifnt dot net)