Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nullsoft's Waste: Encrypted, Distributed, Mesh Net

Posted by CmdrTaco on from the p2p-gets-more-and-more dept.

Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."

19 of 674 comments (clear)

  1. Gnutella by Nermal6693 · · Score: 2, Insightful

    Didn't they make Gnutella too?

  2. Hmmm.... by leviramsey · · Score: 4, Insightful

    AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

    A cliche regarding:

    • a left hand
    • a right hand
    • and a lack of knowledge

    ...comes to mind.

    1. Re:Hmmm.... by leviramsey · · Score: 3, Insightful

      And does that fact necessarily matter to the *AA?

    2. Re:Hmmm.... by Daniel+Phillips · · Score: 4, Insightful

      AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

      That was a joke right? And the moderators who marked it "interesting" and "insightful" really meant to mark it "funny", they just hit the wrong button, right?

      In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.

      As for why AOL lets Nullsoft do things like this, I suppose the choice is either to let them work on what they want to or lose the talent. What Nullsoft is doing is the best thing for the net, and so is the best thing for AOL in the end.

      --
      Have you got your LWN subscription yet?
  3. until when by Vej · · Score: 3, Insightful

    Makes you wonder how long it will be until protocols/network designs are attacked on the same basis as the product derived from them. ie p2p/filesharing.

    Considering nullsoft, might be a risky move.

  4. Interesting by harikiri · · Score: 5, Insightful
    I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.

    Going through the documentation, I found this:

    From here

    Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.

    Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).

    --
    Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
    1. Re:Interesting by mark_lybarger · · Score: 2, Insightful

      come on now. the gpl won't hinder it's use in other applications at all. qt is licensed under gpl. is it's use in applications hindered? (currently only in the non unix world, but at the rate the cygwin port is coming along, that might change). gpl will ensure that all other apps are under gpl as well, and that's a good thing. i want to see and want others to see the source for my encrypted im application. i want my boss to have access to the source. i want lots of people to see the source and scrutinize it all to hell and back.

      besides gpl is only for distrubiuted apps. if IBM or someother large corporation wants to make an internal use application that's customized for their use, then so be it.

  5. I have to ask.. by the+unbeliever · · Score: 1, Insightful

    What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing. If it was more "anonymous", I could see a reason behind it. As it stands, I'll be the only person in my circle of friends who'll "get this", and it'll just spend time wasting on my HD. To be completely honest, crypto on file sharing protocols won't be commonplace until AOL or Yahoo decides to put it in AIM/Pager.

    1. Re:I have to ask.. by kliment · · Score: 5, Insightful

      I think this is meaningful, as it is an ad-hoc way of creating aa VPN. Also it would probably be faster if a few of the nodes have fast connections. If your friends don't see a reason behind this, then maybe it is not meant for your circle of friends. About the anonymous issue, note that Freenet already exists and works to handle that problem. This is meant to address a completely different issue

    2. Re:I have to ask.. by Motherfucking+Shit · · Score: 5, Insightful
      What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing.
      Exactly, privacy is what it's all about. People tend to forget (or not realize to begin with) that every bit of chatter they send to one another on AIM goes through AOL's servers, every message they send to their buddy on MSN Messenger passes through Microsoft's servers, etc. Waste gives you the ability to conduct reasonably secure conversations and chat. Sure, it's not as geeky as running your own private IRC server wrapped in stunnel, but hey, the easier crypto becomes, the better.

      The next time you want to have a chat with a friend, but you don't exactly want the contents bouncing all over the internet in plaintext, this looks like the perfect application. Reminds me somewhat of a program called SIMP, which is a minimalistic Blowfish-ized IM program.
      --
      "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
    3. Re:I have to ask.. by junklight · · Score: 4, Insightful

      The problem that we have here is that this network is NOT for piracy and therefore a lot of slashdot readers cannot see the use for it. Think instead of people working together - a workgroup as it where. For example why pay rental fees on an office when you can have a virtual one using tools such as this? Now I am not sure how great this tool is for that right not (I'm guessing - first release - not very) but I am sure it will come if people start using it.

    4. Re:I have to ask.. by Anonymous Coward · · Score: 1, Insightful

      good thing they included the source then... to make it easier for someone to create one...

  6. Re:Why didn't they call it "Idiot"? by driftingwalrus · · Score: 5, Insightful

    Beleive it or not, but they're not trying to sell it. You only need marketing if you plan on selling it.

    --
    Paul Anderson
    "I drank WHAT?!" -- Socrates
  7. Re:AOL Time Warner... by Isosonys · · Score: 2, Insightful

    what service? I see software, Free software at that with code. Maybe someone got bored at the office?

  8. Re:Yes, it's GPL and it says so... by Anonymous Coward · · Score: 1, Insightful

    Because the patent expired.

  9. Everything needs to be marketed. by Futurepower(R) · · Score: 1, Insightful

    I don't agree. Everything needs to be marketed. Giving something a name with negative connotations slows acceptance, or may even stop it. They want users don't they?

  10. It could work. by HanzoSan · · Score: 1, Insightful

    50 people can share files and even if just one of those 50 has access to files, they all do.

    --
    If you use Linux, please help development of Autopac
  11. The good, and the bad.... by NerveGas · · Score: 4, Insightful


    While on the surface, this might seem like a reinvention of IP tunnelling and VPN's, there are a couple of important features bundled in that set it apart:

    1. It turns each node into a router. While you can establish a VPN with other tool kits, you still have to enable and configure the routing manually.

    2. It's entirely user-land - it's a standalone program that a user can plop on their machine and be on their way.

    The best part about it is that you can get through firewalls. The worst part about it is that you can get through firewalls.

    Most people are pretty polar in their opinions of firewalls, with most of those people seeing them a fascist mechanism to control what they can see. In some (perhaps most) cases, that can be true. However, firewalls are much more than that: They can (and often are) used to protect YOU, the clueless end-user, from the other bad people on the Internet.

    After I clear out counters on firewall rules, it's not uncommon to see 10-20 (sometimes more) incoming attacks within 5 seconds.

    So, this will be great for letting people browse the web from work. On the other hand, it will expose them to propagation of worms and attacks which would have otherwise been caught by the firewall.

    Is this a good program? Overall, I think that it's a good thing that NullSoft created it. We simply need to realize that with all of the benefits it brings, it will also bring a few negatvies with it.

    steve

    --
    Oh, you're not stuck, you're just unable to let go of the onion rings.
  12. Re:The Right Hand Knows by L7_ · · Score: 2, Insightful

    Yes, it seems to be more of a client where you already have a trusted group of users either from real life (Say, a whole dorm hall or a bunch of co-workers) or from a presence online (Say, a whole gaming guild or software collaborators or even a little message board community) to open some of your system files to. It is a trusted way to get recommended files, be they legal or illegal.

    You don't need to be in contact with strangers if all your friends have GBs upon GBs of "shared source".