Nullsoft's Waste: Encrypted, Distributed, Mesh Net

← Back to Stories (view on slashdot.org)

Nullsoft's Waste: Encrypted, Distributed, Mesh Net

Posted by CmdrTaco on Wednesday May 28, 2003 @07:32PM from the p2p-gets-more-and-more dept.

Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."

20 of 674 comments (clear)

Min score:

Reason:

Sort:

Interesting, not your usual peer to peer app. by rmlane · 2003-05-28 19:43 · Score: 5, Informative

Designed for small groups of people (up to 50)
It allows easy colloboration across firewalls, and only one user inside the firewall is required to allow all users inside access to the mesh.
Each link is encrypted, but each message is decrypted and re-encrypted at each hop of the mesh, so you have to trust all of the nodes. It's also very hard to drop a node onc it is trusted, as each node shares public keys around to make sure all nodes have all public keys. Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure.
All network traffic is encrypted, it will flood each mesh link with a minimum amount of bandwidth to foil traffic analysis.
For readers of Pynchon. . . by BitHive · 2003-05-28 19:44 · Score: 4, Informative

That's W A S T E, not 'Waste'.
1. Re:For readers of Pynchon. . . by IntlHarvester · 2003-05-28 20:28 · Score: 5, Informative
  
  Above post was not at all offtopic. Crying of Lot 49 is a good nerd book, so go read it.
  
  In the book, W.A.S.T.E is an underground postal system that allowed people to exchange messages without the authorities finding out.
  
  --
  Business. Numbers. Money. People. Computer World.
Re:fix what needs fixing by misuba · 2003-05-28 19:56 · Score: 5, Informative

Winamp 2.9 is the latest release of the Winamp 2.x codebase, which takes most of the good ideas that went into Winamp 3 and codes them back to an API free of excessive abstraction. It's been out for weeks, if not months. Check your facts before posting.

--
If you don't pretend to be anyone, are you?
Re:Hmmm.... by glob · 2003-05-28 19:57 · Score: 5, Informative

"undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works"
uhh, waste is for small workgroups only ..
WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.
it's not about p2p file sharing, rather it's a colaborative tool.
sure, you could use to to share illegal stuff, but it's really no different in that respect to email, icq, whatever.

--
nostrils
Re:Gnutella by MacJedi · 2003-05-28 20:02 · Score: 5, Informative

Yes, they did. However, AOL didn't like it and got it shut down within the day. Then someone (Justin Frankel?) leaked the source and the rest is history.
/joeyo

--
2^5
Re:Gnutella by Magila · 2003-05-28 20:05 · Score: 5, Informative

Indeed, here is the original slashdot story. Of course AOL quickly ended development at nullsoft, it lived on after the protocol had been reverse engineered and others picked up where nullsoft left off.
Yes, it's GPL and it says so... by malakai · 2003-05-28 20:22 · Score: 4, Informative

I don't know, are you a troll?

Try searching on 'GNU General Public License' Einstein.

/*
WASTE - connection.cpp (Secured TCP connection class)
Copyright (C) 2003 Nullsoft, Inc.

WASTE is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

WASTE is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with WASTE; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

--
-Malakai
A Dragon Lives in my Garage
Re:I have to ask.. by Anonymous Coward · 2003-05-28 20:25 · Score: 4, Informative

But you're also right, it won't gain wide acceptance unless there's easy way to connect to the "network".. I just opened the "Network status" dialog, and what do I type in?
There is no network. The goal isn't "wide acceptance". This isn't another way for you to get your mp3s, porn, whatever. Front page of the site, emphasis added:

WASTE is a software product and protocol that enables secure distributed communication for small (on the order of 10-50 nodes) trusted groups of users.

WASTE is designed to enable small companies and small teams within larger companies to easily communicate and collaborate in a secure and efficient fashion, independent of physical network topology.
Re:I have to ask.. by GMC-jimmy · 2003-05-28 21:12 · Score: 4, Informative

If your not scared of Beta software, there's an IRC client that supports encryption for queries and even channel messages. You do have to share your key with whom ever you want to be able to read your messages however.

It's KVirc 3 over at www.kvirc.net.
It's primarily writen for KDE/Linux but they also have a pre-compiled Win32 stand-alone.

--
__________________________________
Free your mind - Flush your toilet
Re:I have to ask.. by spectral · 2003-05-28 21:49 · Score: 4, Informative

Eh, yes it does. Otherwise I'd have a lot more connections open while talking to people than just the one single connection to AOL's server. Hence the 'direct connect' button, which then DOES establish a direct connection to the server. Also, ICQ now uses modified versions of the AIM protocol(s) anyway (or at least, can run on them), so all ICQ traffic prolly goes through the servers too.

I bet the other networks are the same. MSN, Yahoo, etc. Direct connections are a bit slower to start up, and a bit more of a security risk, since you now know the other person's IP address.
Re:JabberIM does this by wossName · 2003-05-28 21:53 · Score: 4, Informative

As much as I love Jabber, that's simply not true. Jabber has no widely implemented encryption between all links, and file transfer is not exactly its strong side.

--
Someone is wrong on the Internet!
What no LibTomMath for bignum RSA? by tomstdenis · 2003-05-28 22:18 · Score: 4, Informative

Oh darn. Looks like they used some homebrew crap for their bignum stuff.

Common LibTomMath is like a billion times faster [not to mention very well tested]....

Plug plug plug!

http://math.libtomcrypt.org

Tom

--
Someday, I'll have a real sig.
Re:Looks great but... by tamagen · 2003-05-29 00:29 · Score: 4, Informative

You need at least one other client running somewhere.

You both need to enter each other's public key into your client to get started. This step shows that you "trust" one another.

Anyone else who wants to join your "network" must also enter one of your existing network members' public key into their client and have that existing member enter the new user's public key into *their* client. This step automatically makes the new person "trusted" by all the other members of the network - the important part is that you don't have to explicitly swap public keys with EVERYONE - just with one member of the network. The client does the rest once you connect to the network - see below.

Now, to get started and initially connect to someone's machine, enter their hostname or IP address (not their "username") into the "Network" window. This primes your client - it will then discover all it needs to know about the other members of the network, since by default, each client will be broadcasting discovery information (usernames, hostnames, public keys).

The "Browser" window shows all the users in the network, but currently ONLY if they are sharing one or more files. So, get each person who joins the network to share at least a test file so that they will always appear in everyone's "Browser" window.

Right-click on any names in the browser window to start interacting with them.

HTH
Re:Gnutella by lucas_gonze · 2003-05-29 01:25 · Score: 4, Informative

This is just plain wrong. The source was never available, leaked or otherwise.

The protocol was reverse engineered, with a little assistance on IRC from deadbeef.
The Right Hand Knows by fm6 · 2003-05-29 03:35 · Score: 5, Informative

In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.
Besides which, this software isn't particularly useful for illicit file sharing. For that you need a way to get into contact with strangers who happen to have a copy of the file you want to download. The encryption features would actually seem to work against that.
Also, this is technology that might be very useful to AOL. AIM's big drawback is that it's not very secure, and really shouldn't be used for sensitive corporate communication. (Though the engineers at my last employer used it anyway.) AOL could persuade people that are already using AIM for free to upgrade to WASTE in order to secure their communications. Not to mention the other features.
We Await Silent Trystero's Empire!
up and running on linux by JakusMinimus · 2003-05-29 04:13 · Score: 4, Informative

a link to the cleaned up code i am running: http://www.entheal.com/users/dweomer/waste-source- clean.tgz

my server's public key
WASTE_PUBLIC_KEY 20 2048 entheal.com ABB44E9339FC6CE16A3C04A9D828AD3F6C78A 308FF66442E35B3F69C2CFC 7AAF98FFFCE94A95E074C6B8F B8F46105A7575A5AB9CFBF9112E1AE13C02 B7CFDA578CD7B 114A64E6B18D9F857BD982E741D2A214EE52878580B51DA 4 081980FA0923244FA59D05FE314347384D23DBD58C736D71D6 D490EFD4D E3587D463D351236280BCAD18DD40F12D9F0DAF 6C3C88CAB2243A21B7A8D B0C89075685E12052263C6DD9EA 6809967A7D354037EF00F078E5E298DFC 2E89E43AF161FCF B30B2B41873F0BB34706B4C8EF749B6A3E45135F9F08D FAF 6F684E29787ECE5FB0DFEBABF904C11327CE085F735C0D7E08 DE811B3 04CEC56742090AA7A714497B9CEF1C35000301000 1 WASTE_PUBLIC_KEY_END
server name is entheal.com (you may have guessed from the public key ... )

--

You can be an atheist and still not want to succumb to some weird cross-over sheep disease -- AC
and now W A S T E by akahige · 2003-05-29 09:47 · Score: 4, Informative

AOL must not like W A S T E either. it's been pulled and there's no trace of it on the nullsoft site. hope someone mirrored it...
Found a Mirror by Anonymous Coward · 2003-05-29 10:16 · Score: 5, Informative

while perusing the winamp forums, I found a mirror:

waste installer
waste source
Re: Gone! by MMHere · 2003-05-29 10:27 · Score: 4, Informative

Thread ID#13077 in a message entitled WASTE gone... RETURNED! (look in the forum CommunityCenter/GeneralDiscussions at forums.winamp.com has the source and binary posted.
You'll have to register for the WinAmp forums first.
Not sure if the poster hacked/altered them first, but at least something appears to be there. I was unable to grab the installer earlier, but I did grab the .zip for the sources earlier. The .zip I grabbed earlier and the .zip posted in said forum match according to the cmp command.
I'm gonna build from the sources myself rather than run the posted .EXE.