Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nullsoft's Waste: Encrypted, Distributed, Mesh Net

Posted by CmdrTaco on from the p2p-gets-more-and-more dept.

Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."

8 of 674 comments (clear)

  1. Hmmm.... by leviramsey · · Score: 4, Insightful

    AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

    A cliche regarding:

    • a left hand
    • a right hand
    • and a lack of knowledge

    ...comes to mind.

    1. Re:Hmmm.... by Daniel+Phillips · · Score: 4, Insightful

      AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

      That was a joke right? And the moderators who marked it "interesting" and "insightful" really meant to mark it "funny", they just hit the wrong button, right?

      In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.

      As for why AOL lets Nullsoft do things like this, I suppose the choice is either to let them work on what they want to or lose the talent. What Nullsoft is doing is the best thing for the net, and so is the best thing for AOL in the end.

      --
      Have you got your LWN subscription yet?
  2. Interesting by harikiri · · Score: 5, Insightful
    I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.

    Going through the documentation, I found this:

    From here

    Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.

    Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).

    --
    Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
  3. Re:I have to ask.. by kliment · · Score: 5, Insightful

    I think this is meaningful, as it is an ad-hoc way of creating aa VPN. Also it would probably be faster if a few of the nodes have fast connections. If your friends don't see a reason behind this, then maybe it is not meant for your circle of friends. About the anonymous issue, note that Freenet already exists and works to handle that problem. This is meant to address a completely different issue

  4. Re:I have to ask.. by Motherfucking+Shit · · Score: 5, Insightful
    What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing.
    Exactly, privacy is what it's all about. People tend to forget (or not realize to begin with) that every bit of chatter they send to one another on AIM goes through AOL's servers, every message they send to their buddy on MSN Messenger passes through Microsoft's servers, etc. Waste gives you the ability to conduct reasonably secure conversations and chat. Sure, it's not as geeky as running your own private IRC server wrapped in stunnel, but hey, the easier crypto becomes, the better.

    The next time you want to have a chat with a friend, but you don't exactly want the contents bouncing all over the internet in plaintext, this looks like the perfect application. Reminds me somewhat of a program called SIMP, which is a minimalistic Blowfish-ized IM program.
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  5. Re:I have to ask.. by junklight · · Score: 4, Insightful

    The problem that we have here is that this network is NOT for piracy and therefore a lot of slashdot readers cannot see the use for it. Think instead of people working together - a workgroup as it where. For example why pay rental fees on an office when you can have a virtual one using tools such as this? Now I am not sure how great this tool is for that right not (I'm guessing - first release - not very) but I am sure it will come if people start using it.

  6. Re:Why didn't they call it "Idiot"? by driftingwalrus · · Score: 5, Insightful

    Beleive it or not, but they're not trying to sell it. You only need marketing if you plan on selling it.

    --
    Paul Anderson
    "I drank WHAT?!" -- Socrates
  7. The good, and the bad.... by NerveGas · · Score: 4, Insightful


    While on the surface, this might seem like a reinvention of IP tunnelling and VPN's, there are a couple of important features bundled in that set it apart:

    1. It turns each node into a router. While you can establish a VPN with other tool kits, you still have to enable and configure the routing manually.

    2. It's entirely user-land - it's a standalone program that a user can plop on their machine and be on their way.

    The best part about it is that you can get through firewalls. The worst part about it is that you can get through firewalls.

    Most people are pretty polar in their opinions of firewalls, with most of those people seeing them a fascist mechanism to control what they can see. In some (perhaps most) cases, that can be true. However, firewalls are much more than that: They can (and often are) used to protect YOU, the clueless end-user, from the other bad people on the Internet.

    After I clear out counters on firewall rules, it's not uncommon to see 10-20 (sometimes more) incoming attacks within 5 seconds.

    So, this will be great for letting people browse the web from work. On the other hand, it will expose them to propagation of worms and attacks which would have otherwise been caught by the firewall.

    Is this a good program? Overall, I think that it's a good thing that NullSoft created it. We simply need to realize that with all of the benefits it brings, it will also bring a few negatvies with it.

    steve

    --
    Oh, you're not stuck, you're just unable to let go of the onion rings.