Slashdot Mirror
Nullsoft's Waste: Encrypted, Distributed, Mesh Net
Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."
Didn't they make Gnutella too?
Happy to see the spirit of Free Software continues thrive. We've been seeing too many proprietary offerings of late. I'm glad that Nullsoft is "with the program". This is a great idea, and they deserve our support.
AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....
A cliche regarding:
...comes to mind.
Makes you wonder how long it will be until protocols/network designs are attacked on the same basis as the product derived from them. ie p2p/filesharing.
Considering nullsoft, might be a risky move.
We already have JabberIM which does this and at the same time provides tunnels to other IM networks.
Going through the documentation, I found this:
From here
Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.
Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).
Man watching 6 MSCE's around a sun box, looks alot like the opening scene's of 2001:space odyssey...
What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing. If it was more "anonymous", I could see a reason behind it. As it stands, I'll be the only person in my circle of friends who'll "get this", and it'll just spend time wasting on my HD. To be completely honest, crypto on file sharing protocols won't be commonplace until AOL or Yahoo decides to put it in AIM/Pager.
I read the article and immediately got excited. I downloaded all of the software and had it all setup and working within a few minutes. As of right now I'm living in an apartment and have no practical use, but on Monday I'm moving into my dorm room to start my summer class (bleh!) Anyway, I think this is so wonderful! I've been thinking about a secure network computing solution for my three computers when I'm at school. I have my server, workstation, and my laptop that I'd like to tie all together. The leading choice was vpn, but after playing around with this, I do think that running on my server and having the three of them connect to it, and maybe a few of my friends computers on campus, we can create a very nice, effective, small, and secure lan. Then again, after five minutes I haven't decided if the whole reinventing of the wheel is worth it. I'll probably try it out, and setup a vpn server too, and see which I like more.
--fetch daddy's blue fright wig, i must be handsome when i release my rage
while you can. Remember what happened when they first released Gnutella? If I recall, AOL forced them to pull it within hours (though it was already completely reverse-engineered almost immediately afterward).
Designed for small groups of people (up to 50)
It allows easy colloboration across firewalls, and only one user inside the firewall is required to allow all users inside access to the mesh.
Each link is encrypted, but each message is decrypted and re-encrypted at each hop of the mesh, so you have to trust all of the nodes. It's also very hard to drop a node onc it is trusted, as each node shares public keys around to make sure all nodes have all public keys. Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure.
All network traffic is encrypted, it will flood each mesh link with a minimum amount of bandwidth to foil traffic analysis.
That's W A S T E, not 'Waste'.
best name yet for a p2p app. hope they polished it up a little bit more than gnutella was, because this is gonna get tossed by AOLTIMEWARNERNEWSCOPRATTetc PDQ and then we will have another MIA P2P APP.
Acronyms. The Breakfast of Champions.
signatures are for fools with hands
Why would anyone call their product waste? I thought it must be an acronym, since they've spelt it in all caps, but they haven't said what it stands for.
Well, the Windows version has the GPL in the 'Accept/Don't accept' stage of installing the app, if that means anything to you.
Resolved that: Gnutella aside, this technology is really a direct shot at Groove Networks, the company founded by Ray Ozzie of Lotus Notes fame to sell P2P-derived technology to small and large business.
Discuss.
If you don't pretend to be anyone, are you?
Thanks for the link!
:-)
On their site I found a program called Beep. It makes noises on keyboard/mouse input
http://www.nullsoft.com/free/nbeep
It gets annoying after a while, but it is 'cute' enough to impress my girlfriend. And that matters as much as keeping my RedHat system up2date. LOL
I believe they backported the Media Library into 2.9x. Just get that.
DrPascal: Not the language, the mathematician.
Yes, Nullsoft originally created Gnutella then parent company AOL forced them to stop development, but the cat was out of the back and code was leaked/reverse engineered.
Winamp 2.9 is the latest release of the Winamp 2.x codebase, which takes most of the good ideas that went into Winamp 3 and codes them back to an API free of excessive abstraction. It's been out for weeks, if not months. Check your facts before posting.
If you don't pretend to be anyone, are you?
This is in the asyncdns.h file, and most of the other files in the .gz file.
WASTE - asyncdns.h (asynchronous DNS class)
Copyright (C) 2003 Nullsoft, Inc.
WASTE is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Seems like conflicting information to me.
as long as it has those uber-bitchin' skins, i'm in.
well, it's nothing one behind the ear wouldn't cure
Quoting from the source:
Firstly, the WA2 group backported the two major features of WA3 (video support and the media library) to WA2 and released it as WA 2.9. Development continues on a hybrid tree under the working title WA5 (2 + 3 == 5).
Secondly, not everyone shares your idea of "what they need to do". Winamp is a nice media player, but nevertheless just a media player; to many people, a protocol that facilitates cryptographically secure collaboration is infinitely more useful.
Thirdly, I'm not clear on what obligation you think Nullsoft owes you even when they're on company time, but I wouldn't be surprised if WASTE was written in spare time--you know, for fun.
Listen port
;-)
Listening on port 1337
Somehow I think this is a very well chosen port...
coffee | nose > keyboard ©
Did nullsoft do this to thumb its nose at Aol? It was released May 28th 4 years after Aol paid a nice sum to buy Nullsoft.
Try searching on 'GNU General Public License' Einstein.
-Malakai
A Dragon Lives in my Garage
In "The Crying of Lot 49", which is a nice short fast spacy read, there's a plot thread about competing mail services and a conspiracy that conducts its private communications in a way that, if you refer to the name of the product as "waste" rather than "W A S T E", indicates you're clearly not part of their group. There are also email systems called "Trystero" for similar reasons, and it makes looking at post office boxes in Scandinavia quite silly even without sampling the local agricultural products.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
put on your conspiracy hats...
Think of it this way, these guys know probably better than anyone else NOT on the AOL IM team, just how much of IM conversations are monitored, logged, mined for information, media metrics...etc.
Not to mention, they work in that environment, they prolly want to be able to say "god damn, our executive VP is a bitch" and not have some network engineer provide a log documenting that conversation later.
Yeah, i wish it scalled, but wtf, its opensource. Go make it scale. For now, 10-50 is plenty for most groups of online friends.
Personally, I'd loved to see technology like Pastry get hacked into it.
-malakai
-Malakai
A Dragon Lives in my Garage
How many minutes before we can see the first Linux port (it works under W$, FreeBSD and MacOS X) ?
theefer
What a sad day it is when TeamFortress Classic is called "old-fashioned". Back in my day, we played the original TeamFortress, the modification for Quake 1. We played on modems, and if we had a 300ms ping, we liked it! Bah, new-fangled TFC. The Holy Hand Grenade server (24/7 canalzon, may it rest in peace) was the place to play.
And don't even get me started on the butchering of TF that TFC did. (HWguy can walk and shoot? and what was that monstrosity cz2 that was supposed to be a follow-up to the venerable and perfect canalzon? And the scout must've put on 30 pounds, because he sure slowed down. Ack!) I guess I'm showing my age (mid-20s, and already ancient).
...owns Nullsoft, (as already mentioned by leviramsy) but an interesting theory had been presented to me, suggesting that AOL Time Warner has for some time been planning to trump Apple's iTunes store. Maybe they are planning to power such a service with peer networking? I have never beleived this personally because AOL Time Warner would just as soon want to have everyone surfing from the same servers anyhow, and a decentralized system would only tax their bandwidth more. Maybe...maybe they will release such a service that utilizes both p2p transfers in combination with traditional server-to-client transfers, and maybe use it as an advertising platform for AOL, giving AOL users better functionality, or maybe even restricting server-to-client transfers to AOL users once the service becomes popular. Does anyone else think this idea is bogus? I find it hard to beleive, but I can't figure out how else Nullsoft could be /allowed/ to create this new service.
---
WE AWAIT SILENT TRISTERO'S EMPIRE.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
"Waste" is such a user-friendly name. NOT!
Another example of the marketing skill of technically minded people?
Woohoo! Will Canada give me refugee status? I heard they had JOBS and free health care up there!
Packin' my bags!
ahem, it's Messaging.. no N
Thank you, have a good day/evening
You begin sentences with a capital letter.
Ho ho.
" Winamp 2.9 is the latest release of the Winamp 2.x codebase, which takes most of the good ideas that went into Winamp 3 and codes them back to an API free of excessive abstraction. It's been out for weeks, if not months. Check your facts before posting."
How about you read my post again before you tell me what to do. I said "2.81 or whatever the latest 2x version is" . so that's 2.9 I never carved my answer in stone, I made it clear that I was not sure what the latest version was.
I'm suprised no one has mentioned the obvious. This is a terrible blow to the RIAA and the all the people who have been trying to sue filesharers into oblivion.
There are two uses I see for this:
There are going to be groups of people dedicated to one theme, for example, Horror Movies, or Horror Movies with mutant bees, sharing all their Horror Movies, you will need a certain ammount of Horror Movie Uploads for Downloads and noone will ever be to know you had Queen Bee 1-3.
If you replace Horror with new release you get lots of small miniDonkeys, many interconnected and unstoppable.
I'm convinced this is a revolution in filesharing because it solves the two biggest Problems filesharing has, crappy downloads and getting sued.
The downloads will be of really good quality beacause you will be sharing with friends of people you know from chatting and if the put crap in their upload directory they won't be one of your cirle of friends much longer.
Getting sued is obvious, noone will be able to tell what you are doing (the might be able to guess that all those people on cable are not running a vpn yet) as just your circle of friends know. There is still the possibility that one of your friends is a traitor but i would call that a rare chance.
Looks like you not only have to trade public keys with your friend, but somebody needs to have WASTE on a public IP with port 1337 open.
It's already irrelevant whether AOL would pull the plug on them. The source is out. GPL-ed.
the code wasn't "leaked" or "reverse engineered" the code was released under the GPL on nullsofts website at the same time as the executable.. exactly the same way as this program has been handled.
They most likely knew aol wouldn't like gnutella at all.
I goofed, and grepped for "gpl". "gnu" would have been a better grep term.
However, there's still the rsa directory, which contains stuff not compatible with GPL. (Which puzzles me...since waste is GPL'ed, why didn't they use gmp for the math, or whatever gpg uses?)
To the MPAA, 50 nodes running on a fast network means there are really 300 wicked infidel filetraders!!!!
liqbase
Is it called wasted ?
I think hundreds or thousands of coders thought of this shit, especially when Napster got shutdown.
I personally came across it when removing a section of my P2P anti hacking designed for Diablo 1 to be secure even without a central server.
Interestingly enough, I was going to call my Gnutella: Dumpster
Which is cool they're naming their software: Waste
Lets see how it turns out
God spoke to me
WASTE is something that is indeed very useful for small company or teams (especially dispersed teams) in larger organizations. In many places one or another IM system is being used to communicate with team members. Over ICQ or AOL contracts and employment conditions are discussed, remarks about contractors and clients are passed etc. That is a huge security leak if you look at it from a certain prospective, especially for some profiles of companies like small consulting firms with employees regularly using clients networks. WASTE is a simple to use and free method of closing that leak.
I know at least two small companies that should adopt WASTE immediately and I would advise them to do so. One is a PR company with 2-10 people offices around Europe, where ICQ is frequently used as a discussion medium. Other is a small consulting company. Someone eavesdropping on their ICQ chats could seriously damage both of them.
How the heck did this get moderated as informative and insightful? It's full of links to slashdot pages that don't exist.
If somebody's embedded false links in their post, doesn't that cast some doubt on the rest of the information that they've provided?
Oh darn. Looks like they used some homebrew crap for their bignum stuff.
Common LibTomMath is like a billion times faster [not to mention very well tested]....
Plug plug plug!
http://math.libtomcrypt.org
Tom
Someday, I'll have a real sig.
You need to have friends, dude! :-)
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
The software looks great and installed like a dream but How can I test it?
How can I point it at a node that will allow me to try it out? I ask this because what if someone is on the internet and needs to connect to me network. How do I point them to my network?
You say things that offend me and I can deal with it. Can you?
i'm going to bite my tongue about "leeches" and actually help a bit here.
:) good luck!
reading the docs, it becomes apparent that in order to connect to other people, you need to know their public key, and vice versa. i'm paraphrasing, but that's essentially it
Dammit, I meant to post that anonymously!
Can anyone tell me how to build this thing on OS X?
I thought Trillian also encrypts messaging with other Trillian users. I don't think I have grasped the whole point of waste yet? Perhaps that it adds Filesharing as well? Also, how does it find the other hosts without a centralized server?
"Initial connection to the mesh requires manual key exchange. PITA, but moderatley secure."
IIRC, key exchange is where most encryption schemes fall down. If this ever takes off I'd guess 99% of users will trade keys over plain ol unencrypted SMTP.
Nice summary though - this really does look interesting.
No, I did not read the f***ing article!
slightly different from Pynchon version...
not really...
as far as I can tell, to trade you have to have traded your encryption key with the person you want to share with...
5468652047616D65
. "I waste you when I get home"
. "Have you been wasted today?"
. "Be right there... just let me waste someone..."
and so on and so forth...
\m/
http://tinyurl.com/cy1z
We Await Silent Tristero's Empire
g++ -O2 -s -pipe -march=pentiumpro -c -o connection.o connection.cpp connection.cpp: In method `C_Connection::C_Connection(int, sockaddr_in * = 0)': connection.cpp:41: warning: converting NULL to non-pointer type connection.cpp: In method `long unsigned int C_Connection::get_interface()': connection.cpp:771: passing `int *' as argument 3 of `getsockname(int, sockaddr *, socklen_t *)' changes signedness make: *** [connection.o] Error 1 any ideas?
So, if you are a jabber client developer or intend to become one, see this article for a proposed handling of Open PGP -type encryption.
Code is Speech. No to Censorship.
I don't agree. Everything needs to be marketed. Giving something a name with negative connotations slows acceptance, or may even stop it. They want users don't they?
Which is daft, seeing as you don't have to accept the GPL to use a GPL piece of software:
Therefore, you only need to accept the GPL if you want to modify or distribute the code. Installing & running it is not covered.
How long after release will somebody post the first Linux port?
- 24 hours
- 48 hours
- 72 hours
- 1 week
- The developers will spend the first month arguing whether to use GTK, QT, or wxWindows.
- It will be done when CowboyNeal says it's done.
You want the truthiness? You can't handle the truthiness!
I got the impression that it was aimed for small groups of people working on a common project, at least it could be very useful for that purpose
well im afraid i cant say....not having ever 'had' nullsofts waste!!
Now that's what I'd like to see. Well, wait, maybe not.
That certainly was both ontopic and informative. As the other poster replied, just because you don't understand something doesn't mean it is offtopic. The parent post has a direct relation to encryption and how it was implemented in WASTE.
"Uh... yeah... Duuuuude - wouldn't it be cool if I, like, wrote something like NAPSTER? Yeaaaah..." is not the same as actually creating a piece of software that works.
Hundreds of thousands of coders may have had a similar idea, but Nullsoft invented Gnutella.
50 people can share files and even if just one of those 50 has access to files, they all do.
If you use Linux, please help development of Autopac
We all know what happened when they released Gnutella, this should be gone in the day.
In the mean time, the playlist editor in Winamp3 shits everytime it meets my MP3 folder...
"All I ever wanted was to see Larry Wall give Bill Gates a Perl necklace."
http://www.eisenschmidt.org/jweisen
It's not about anonymous P2P'ing it's about small colaborative networks (think BUSINESS). For example it would be great for a small OSS team to use to collaborate, share files, etc without needing to rely on the commercial (AIM, YAHOO, MSN, ICQ) messaging. Plus it adds a level of security not found in other products.
Not everything on the internet is about anonymity. As I remember it there's no constitutional guarantee of anonymity, why people keep assuming that if they're on the net they're entitled to that right I don't know.
"Do not be swept up in the momentum of mediocrity." - anon
Anyone one know if there is a forum for user user support??
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
Just noticed this in the connection negotiation. 26. A sends B the constant 16 byte signature ("MUGWHUMPJISMSYN2") Is this a subtle reference to the fact that this program provides secure communication (Mugwhump Jism)? Do I need to use a Clark Nova to write the reports on? Are NullSoft out sourcing there development work to Interzone? Me I`m just off to do the old William Tell Routine. Sorry for the abstraction in this post I've just given up smoking. Having tried the will power method, and patches. I'm using Bug powder dust.
Has anyone started a sourceforge product? If there is enough interest, I would take care of it (though I am not a coder at all).
email me at serverdude@hotmail.com if anyone is interested in further development...
Why not have it run as a service?
Let me explain: I would like to have a tool like this through which I can make the documents on all our public shares available for searching by users. We have documents and files spread over maybe 10-15 servers. There is no need to chat from those servers, all I need is have files shared.
I am not going to leave the servers logged in and have the app running all the time, for obvious security reasons.. but also because a remote reboot would bring the machine off the network.
--- Often in error; never in doubt!
"Waste" is such a user-friendly name. NOT!
:)
My favorite name of theirs is NSIS, which I've heard is an acronym for Nullsoft Super PIMP Installation System. I mean, that name is just plain pimpin'.
-- Kircle
How many other people saw the title of this article and immediately thought, "Oh, no! JonKatz wrote a technical review!"
Help us build a better map!
Also, this is technology that might be very useful to AOL. AIM's big drawback is that it's not very secure, and really shouldn't be used for sensitive corporate communication. (Though the engineers at my last employer used it anyway.) AOL could persuade people that are already using AIM for free to upgrade to WASTE in order to secure their communications. Not to mention the other features.
We Await Silent Trystero's Empire!
I've been using winamp forever, gnutella was a great idea, I can't remember the name but they made a program that would replace the ads in AIM with visualizations from winamp and now this.
I believe AOL has an outstanding opportunity here. Imagine AOL letting the nullsoft team wreak havoc on the AOL interface. Imagine AOL users with secure communications, a real email client and the ability to share anything with a trusted node. Hell, imagine if AOL/TimeWarner would open up there content so users could browse the catalog and download for a small fee (just like itunes, but not just music).
Would you be willing to pay for an AOL account if you had a secure platform that was infinitely customizable (think winamp skins) and access to huge amounts of content and the ability to share content with friends? Yeah, I'm sure there would be some DRM involved, but maybe not, maybe if you could only share with other people who had aol accounts they could just make money from the monthly fee (I know there are lots of problems in that area, but I'm dreaming ok).
Still not convinced. Ok, how about a partnership between AOL and Lindows? Bring AOL to linux via lindows. Cheap pc's with AOL accounts to make sure mom & pop can use the pc and get online.
Maybe I've got delusions of grandeur here, but don't you think this idea would make bill g soil his pants?
you're all figments of my deranged imagination
IIRC, key exchange is where most encryption schemes fall down. If this ever takes off I'd guess 99% of users will trade keys over plain ol unencrypted SMTP.
As long as you're dealing in public/private key pairs, you must intercept the public key and replace it with a public key of your own, on-the-fly, transparent to any protocol (SMTP, phone, ICQ, whatever). A "formal" exchange system by the client would be easy to detect "hey here comes the key" and replace. But this system is in fact quite hard to break, and something passive (a la Echelon/Carnivore/TIA would not work).
Not to mention if you get a key fingerprint that you can verify over some other medium, then they'd have to intercept and fake that one too. Just call him or her up and ask them for it, unless you think the government will intercept the phone connection and fake their voice in real-time...
Kjella
Live today, because you never know what tomorrow brings
my server's public keyserver name is entheal.com (you may have guessed from the public key
You can be an atheist and still not want to succumb to some weird cross-over sheep disease -- AC
would a company spend money on an employee to *read people's IMs*? Doesn't that sound like an absurd way to spend resources to anyone else?
+++ATH0
While on the surface, this might seem like a reinvention of IP tunnelling and VPN's, there are a couple of important features bundled in that set it apart:
1. It turns each node into a router. While you can establish a VPN with other tool kits, you still have to enable and configure the routing manually.
2. It's entirely user-land - it's a standalone program that a user can plop on their machine and be on their way.
The best part about it is that you can get through firewalls. The worst part about it is that you can get through firewalls.
Most people are pretty polar in their opinions of firewalls, with most of those people seeing them a fascist mechanism to control what they can see. In some (perhaps most) cases, that can be true. However, firewalls are much more than that: They can (and often are) used to protect YOU, the clueless end-user, from the other bad people on the Internet.
After I clear out counters on firewall rules, it's not uncommon to see 10-20 (sometimes more) incoming attacks within 5 seconds.
So, this will be great for letting people browse the web from work. On the other hand, it will expose them to propagation of worms and attacks which would have otherwise been caught by the firewall.
Is this a good program? Overall, I think that it's a good thing that NullSoft created it. We simply need to realize that with all of the benefits it brings, it will also bring a few negatvies with it.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
I threw up a forum for people who would like to list their public nodes here
Str8Dog
using System.Darkside; public
I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.
Appealing or not, but according to the document bundled with source distribution their key exchange takes 8 messages to complete. SSL does it with 4 packets (with multiple messages per packet), IKE - with 3 (in aggressive mode).
They also seem to impose extra load on CPU with unneccessary crypto operations (step 1 and 2), derive keys in funky way, do not provide (or do not document) rekeying mechanisms, do not provide a replay protection, etc, etc.
With all due respect, this stuff needs a major facelift and a cleanup.
3.243F6A8885A308D313
I have studied ICQ protocol about a year and a half ago in some detail.
At the time the clients would try to estabilish a direct TCP connection amongst themselves as best they could, even for a single message, only resorting to a using the server for relay if: a) both of the clients are behind a firewall b) One of the clients disabled this feature not to reviel his/her IP address.
Of course in my expirience a) is very often the case these days.
BTW: Trillian Is an excellent ICQ/AIM/MSN/Yahoo client which supports Blowfish encryptions on any of these protocols if the other client is also using Trillian.
...forward one TCP port (yes, only one) from your firewall to desktop, and that's it forever.
:)
That's "one IP protocol", not "one TCP port".
Just nitpicking
3.243F6A8885A308D313
Probably the same company that made the PIMP (and afterwards the SuperPIMP) install system...
.ASS archive, similar to a tarball. No, I'm not kidding. Check it out.
And let's not forget the program packass.exe, which creates a big
Buncha hooligans.
Oh, quitcher whining. No one is forcing you to use the latest release of Winamp. Hell, as far as I'm concerned, v2.23 was the last decent release. Guess which version I use? Sure, I try out the new releases, but I don't burst into tears when they fail to measure up to 2.23. I just delete them. There's a few hundred other audio players out there as well. Blast, this is offtopic.
I'd like to play with Waste and see how well it works with a group of people spread across the internet. Would anyone like to form
a waste network of random slashdotters?
I'm busy now so this will probably not start rolling until the
coming weekend.
Leave a message in my slashdot journal or use my current
throwaway email address zaphodbond@yahoo.com
I suspect the thing we need most is someone with a static
ip or domain name to announce thier public key and leave
waste running continuously for a few days.
I'm not using a network name in waste.
Ay, there's the rub. Of course a COMPANY needs to comunicate in a secure fashion. But a person? Why would a person need privacy? Don't you realize that if we let people talk without the government being able to listen in, they might plan a bombing?
Turning down the sarcasm (but not the jaded cynisism) a bit, it doesn't take alot for me to image an **AA-type organization getting pissy about this. They've demonstrated in the past how they feel they have not only the right, but the obligation to police us (the public). Should there be a widely-available, free system where people can trade information (be it text messages, files, etc.) without being snooped, then there will be those what wonder what these people have to hide. I think we can all agree that the current political/corporate climate is "those who do nothing wrong have nothing to hide". There's nothing wrong makin' time with my girlfriend, or suffering from the ill effects of some spicy mexican, but that doesn't mean I want anyone else watching. The unfortunate reality is that many people no longer agree with me. "For security's sake" is the salvo invoked at every turn, and those who don't agree are dissidents. In a few years time, I'm afraid, we may encounter another era where dissident equals terrorist. As for piracy, the lawmakers tend to believe what they're PAID to believe. Unless we have a massive, wide-spread attack of common sense (yeah, that'll happen), our only hope is that the PAC's (such as the RIAA/MPAA) run out of money before we run out of rights.
A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.
Now you've told them everything! You fool! You fool!
* mild mannered physics grad student by day *
* daring code hacker by night *
http://www.silent-tristero.com
So I suppose you've never come across the terms "thread bitchslap" and "blacklist", eh?
I don't know if I speak for anyone else, but as far as I'm concerned I'd rather you people just stick to moderating without clueing us dregs as to what motivates you to decide if something is "crap". Ignorance is really bliss in this case.
Thanks!
Ah! I love this book! I about jumped out of my seat as soon as I saw the trumpet icon :) ...but isn't it supposed to be a muted trumpet?
Nevertheless, it's a great name choice....
We Await Silent Tristero's Empire!
Obscure, off topic and odd. (The three essential "O"'s)
If you like the idea of secure content sharing, but don't want the node limitation, check out REBOL desktop (www.rebol.com). Its not free but it works on a number of different platforms, has hooks for encryption and is made by the same guy who did most of the work on the Amiga OS, Carl Sassenrath, and I trust him way more than I trust AOL.
they backported the crashes like mad feature, and added in an extra helping of the steal as much memory as we can bonuns too.
winamp 2.8 or bust.
When are we going to see a scalable implementation of something like this for VPN's?
All we need is some fancy open source high falutinocity software to come along and provide distributed mesh networking on top of the secure VPN infrastructure.
Im sick of seeing security having to be reinvented again and again for every single application. End to end encryption would be one of the most humanitarian efforts ever run by computer science.
I guess AOL found out again...
The link now returns a 404. It was there and suddently it dissapeared. Did they pull it down from the site? Did anybody mirror this?!
Forum on NULLSOFT.com is gone, http://nullsoft.com/free/waste is gone, not listed on the dev page anymore.
maybe big momma AOL is non-plused.
it's a good idea with a flawed implimentation, i hope someone takes it and runs with it.
b
Nullsoft took it down. That was quick. Bring on the mirrors for source and binary.
AOL must not like W A S T E either. it's been pulled and there's no trace of it on the nullsoft site. hope someone mirrored it...
While reading this article I decided to go ahead and download WASTE, but oops, 404 on the download page. I then reloaded the main WASTE page...oops, 404. I then reloaded the main Nullsoft page and poof, no more WASTE.
Looks like someone at AOL Time Warner didn't like this, despite it being more of an enterprise IM tool instead of a P2P file sharing tool...
Anyone care to mirror the compiled app and the source?
The link just disappeared from the NullSoft website. Hmmm, I wonder who they pissed off in the mother ship.
Well, it looks like it's gone. Does anybody have a mirror?
while perusing the winamp forums, I found a mirror:
waste installer
waste source
Anyone have links to people at AOL they can bitch to? WE WANT W A S T E!!
Thank god I already downloaded the source.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
"Umm no, I was one of the first downloaders, and they didn't release the source. They were waiting to finalize the protocol. The handshake of their client is "Gnutella/0.4".
It looks like Nullsoft won't be accepting bug reports for waste so I'l
mention my bug list here.
It looks like it is using a signed 16bit variable for the port number somwhere, if a client is set to use a port above 32767 it gets treated
as a negative number and other clients can't connect.
A minor one is the the port number setting is not saved if you change it then close the settings dialog without pressing the update button.
I'l put my temporary waste node on a different prt, see my journal.
The URL provided is 404.
Looks like they did it again, got AOL Time Warner scrambling and they pulled the plug. (Same thing happened with Gnutella, remember?)
And then they removed the folder so they wouldn't be slashdotted. Or, (insert conspiracy theory here). The only links I could find to any of the information or files were Nullsoft links. Anybody got a mirror?
I want to read this book
Yay me!
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
As of 23:31 UTC 29 May, http://www.nullsoft.com/free/waste/
returns a "not found" error.
Has WASTE been pulled?
Bellhead
Waste is here
Contents of the file are as follows;
This will be up until it's not. Enjoy! :)
--Pete (peteg [at] sifnt dot net)Looks like someone in charge noticed and had it pulled. Their attention was probably drawn by the horrendus slashdotting it received.
Well, maybe it'll be back later. Either way, the source is out and it's sure to follow the path of Gnutella.
And, as someone mentioned previously, they were acquired back in May of 1999, so it's almost certain that this (along with the source), is just a shot back at AOL.
Since when does something as potentially big as this just dissaper off the web and know one able to say WHY!?!?!
Whats going on? DID AOL pull it, or did nullsoft pull it cause its just a beta???
"Consider how lucky you are that life has been good to you so far. Alternatively, if life hasn't been good to you so far
Why do you think the nullsoft site will be up soon? Are you from NS? Was it pulled b/c of bandwidth or politics?
I spoke too soon, It's just a display bug.
I didn't realise how the key management(or lack of) works.
Instead of just disconnecting and reconnecting with no obvious clue about what wrong waste should pop up a box saying "You have the other clients public key be he dosn't have yours!" or vice versa.
There is lots fo room to improve the key management in Waste
I've put up another mirror here.
Poof !!! and like magic its gone from the NullSoft site.....
*--- Sometimes a majority only means that all the fools are on the same side. ---*
Yeah, I know they are different types of software, but WASTE is a text engine used by a bunch of (classic only?) Mac OS applications, including IE for the Mac and some popular text editors.
Any of you who have clicked on the link after 9:30PM EST on May 29th will notice that the software is missing from Nullsoft - shades of Gnutella! No worries, I downloaded it so anyone who wants it is free to grab it at my web site.
That is creepy... but maybe Nullsoft just took it off to keep their site from getting /.ed. Then again, there's not even a broken link or anything on the site... it's just gone. And like people have been saying, that's what happened with Gnutella. (It also happened with a program called AIMazing, by the way - it took the ads out of AOL Instant Messenger, and one day the program was magically vanished from the Nullsoft site without a trace.) I've got to hand it to the Nullsoft guys - they've got guts writing software like that under AOL Time Warner. I guess we'll have to check back tomorrow to find out for sure what happened - even if someone can mirror Waste, I don't think that a program that you have to get from some obscure mirror somewhere and that won't be updated by the authors will never be widely accepted. Sad...
I produce electronic music and write little games. Have a look.
Windows Client ..
First things first:
The client sucks. Really sucks. But so did Gnutella. Hell, it's bleeding edge. I'm happy it works as well as it does.
Two friends and myself hopped on our own little network. And all be damned, it worked.
For 2 of us, after we exited the program it no longer took our private key passphrases. Thus we had to make new keys. This is obviously a really, really bad bug. Or we're just stupid. Somehow I'm inclined to say it's the latter.
The technology behind this is very cool. You essentially get the bastard child of a VPN with the ease of P2P. Setting up your own little secure collborative chat/file trading network is very easy.
This will be a damn nice gadget once we get some better clients. (yay GPL!)
The other fun part was that, the day after the Gnutella debacle, they managed to sneak in a mention of Nutella (and a picture of it!) into their "Ask Nullsoft" section. I wonder if they'll do something similar with WASTE?
Coincidentally, see also this lecture on this history of Gnutella (warning: PDF), or its handy Google HTML-ized version.
Jouster
User 1: Alphanumeric password
User 2: Alphanumeric password
User 3: Alphabetic password
It ate the passphrases on User 1 & 2.
Conclusion:
Stick to alphabetic passwords only for now on the windows client.
Tried to get to the and found that it has been
If anyone successfully got to that page, can you please share with us info on how to dl WASTE ?
Thanks !
Muchas Gracias, Señor Edward Snowden !
Both the Download Page and the Security Page aren't accessible.
This bring the question of whether WASTE have been removed from nullsoft.com, or not?
Muchas Gracias, Señor Edward Snowden !
I clicked on the links to WASTE that
I wonder if WASTE have been removed from nullsoft.com, since nullsoft is owned by AOL?
Muchas Gracias, Señor Edward Snowden !
Those of you who are lucky, who have downloaded WASTE, please mirror the thing.
Seems like WASTE has been pulled from nullsoft, a repeat of the gnutella saga.
Thank you !
Muchas Gracias, Señor Edward Snowden !
http://members.cox.net/nswaste/waste-setup.exe http://members.cox.net/nswaste/waste-source.zip http://www.dhorrocks2003.pwp.blueyonder.co.uk/ hong...
Heh, I mirrored it from some site, just for the sake pissing AOL off. Get everything here and put up some new public mirrors. Hopefully someone will take the source and further develop. It seems like a good idea.
Looks like the page has been removed, as well as the link from the main page. Anyone have time to set up a mirror?
It's a shame that yesteday was such a heavy news day. This deserved to be on the front page longer.
With the rapidity that W A S T E disappeared from the nullsoft site I'm surprised that there hasn't been another slashdot story on the subject.
I just did a Google News search and there appears to be some official word out.
Has everyone seen this? Nullsoft's *new* waste page. We didn't mean to let you download waste... give it back!
Hello! I try to compile the WASTE server on my little box with freebsd 4.7... but give me a lot of error on md5c.c ... anyone have an idea? :)
Thanks anyways ^^
The following was posted Friday. How interesting - I guess even with Steve Case gone, you can still get called into the principal's office.
On a further note, can they really state this, that is revoke their license, once issued? The GPL doesn't seem to allow for that, right?
NOTICE OF UNAUTHORIZED SOFTWAREAn unauthorized copy of Nullsoft's copyrighted software was briefly
posted on this website on or about Wednesday May 28, 2003. The
software was identified as "WASTE" (the "Software") and includes
the files "waste-setup.exe", "waste-source.zip",
"waste-source.tar.gz" and any additional files contained in these
files.
Nullsoft is the exclusive owner of all right, title and interest in
the Software. The posting of the Software on this website was not
authorized by Nullsoft.
If you downloaded or otherwise obtained a copy of the Software, you
acquired no lawful rights to the Software and must destroy any and
all copies of the Software, including by deleting it from your
computer. Any license that you may believe you acquired with the
Software is void, revoked and terminated.
Any reproduction, distribution, display or other use of the
Software by you is unauthorized and an infringement of Nullsoft's
copyright in the Software as well as a potential violation of other
laws.
Thank you.
Nullsoft
Anyone seen my low uid? last seen 10 years ago while panning the #@$# out of Taco's 'web based discussion system'
Thanks in advance!
Friends don't let Friends do DOS.
you'd have to consume the equiv. of 50 lbs of nutmeg to derive a usable high
Where on earth did you get this idea from? Nutmeg has long been used as an intoxicant in places where there's limited access to more usual products. Malcolm X's biography talks about his experience of using it in prison.
If I recall correctly, the active dose is the powdered equivalent of one or two whole nutmegs - though I believe the effects are somewhat unpleasant and include nausea, drowsyness, etc.
WASTE_PUBLIC_KEY 20 4096 J2000_ca2 2E9EC86FB4 DD631CB8548 BC22309443FC 7F1505DA717 9160E2641B25 7C74B5A6FC1 9CBE68DF3F75 7B634FA1302 F60EA55F7AD1 EC7523DBF39 D2231CA1B7FD D6098EB686B 6F34B72BE230 4B591C1AB61 5FA3007FA6CB C1B11A940B5 26F059A98926 B14C227A050 73F9961A117E F5C4D6381B7 70AC1566C1ED 614D069B12A 8D977AC14A0D 4F32D7BB9CF 7A31819AB6A2 541EC177247 45CB9A9318BE 68A171DE20A 750A9D5E4DFE 6D61E908356 FA75B18B16BA A5008FDEB9E 5563B479AAE9 D91BEA45EF
CA344893D6FF3A4FD41827B94602FA996E343F2
62A709B8DA321FEC4BB1B7148AAB2946671E5
009396D7B0F22CCF4512D5E7131B3767CE10A
E691C442B6394B5F68AC76DBA2D7F4FFFC536
75DF47E6F5F7A4E37055ED3F7707C7A0D2B90
5FC027E51785D8A322046952906348280912E
13CC1AF8B451EE941C2D7D97DF2D1635D8EC1
FE934CD506C834E907D6D9A23464C20B1D758
503FEAB1686B5AD8D00EA34AF3E1795555A0B
37A409CF23E4FB152E073A7346AD5C337CEEC
3024474D7B487821C403E6729C606B902D505
2F5A00C35EC348237ECA0ABA3E8647673EB45
45990A12365BD5F2F45A901C54E68E69A639C
E10E57287D0605A9BF7C89D1C49ED06C47BDD
B78EBF3C59C3CEA5CD49B3F081B7076FC6D49
19E60E9D3BC4D882DED4748059CC4914DEFD4
BD0259EC7BCC0FB9798F1B49B1FA006E04427
755B0003010001
WASTE_PUBLIC_KEY_END
Did someone get the code before it got pulled? Assuming it was released under the GPL can they now retract it?
"And a voice was screaming: 'Holy Jesus! What are these goddamn animals?'" - HST
here.
I just downloaded it so it's there. 170K - not very big stuff...
This is WASTE 1.0 Beta, BTW.
Take the stupid space Slashdot put in the file id out...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Get it here http://fileforum.betanews.com/detail.php3?fid=1054 104235
Or check this ou. Apperantly its a mirror of the original site http://www.dhorrocks2003.pwp.blueyonder.co.uk/
your mom
http://www.operationiraqliberation.com
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
I've setup a public server on 'waste.2mbit.com' for people to use if they want. Its somewhat unstable, but it works.
3 44A4FC3B C12C4979179 345D35391D91 F8573DBB351 1C48E1802833 EE5FE417C3B DBFFC04FA195 4101D49BBCC 266A234A9514 7D58238E917 70C2CE78206E 963282B57FA STE_PUBLIC_KEY_END
Post your public key if you want to be added.
WASTE_PUBLIC_KEY 20 1536 SOSDG Server
EC45895B437B28ADC391973BCDB40BCF66C079997
49358159FD1933273375F80C57192B7F6192C
AA9DC66ABDBBE00A1997413F5B184F7DE8E82
39A1ECFCFF6B11EB8F36769A31D3FD7610D80
53905BFDB91FF5857A007EFCB05440603ADC4
8645F8AB9BF173B1E259BC49C0C5E4F11429B
ADC0647B7B904E10DA8EFB090003010001
W
Brielle
couldn't get worse than that.
Use ISO 8601 dates [YYYY-MM-DD]
When I M2 I regularly leave 2, 3, or sometimes even 4 or the 10 moderations untouched because I don't have the time to investigate them to see if the comment really is moderated fairly or not.
Lasers Controlled Games!