AOL Pulls Nullsoft's WASTE

dmehus writes "America Online, parent company of Nullsoft, has pulled what it views as a controversial project called WASTE from Nullsoft's servers. This is not the only time it has stepped in to Nullsoft's doings. It had quickly taken down Gnutella, developed by Nullsoft co-founder Justin Frankel, and shut down an MP3 search engine. CNET's News.com has more details." For those not keeping track, WASTE was only recently released.

Re:GPL - Source Posted

[sgarrity]

"exactly how can AOL plan to pull that?"

They can't. Dave Winer has posted the source.

I've got a copy of the install if someone wants to host it.

WASTE

[I(rispee_I(reme]

WASTE is an encrypted filesharing network, since the article did not make it clear. It is also, in the same vein as gnutella, an open protocol.

Re:WASTE

[MortisUmbra]

The whole point is a trusted network. WASTE isn't concerned with privacy between internal machines, it's goal is privacy from un-trusted nodes.

In other words, my Public Key is like the key to my house, I don't give it to somebody to give to my friend, I give it only to my friends. Because I have to trust anyone who has that key with the contents of my house. I have to trust they won't "break" in, and I have to trust they won't give it out.

Re:WASTE

[Jellybob]

Changing the locks.

If you change your private key, then anyone with your old public key can no longer get in.

Re:GPL

[8tim8]

They pulled it from the web site. Expect to see other locations to download it from posted in this thread soon.

Re:waste copy

Sure, it was initially released under the GPL, so there are already mirrors out there that keep WASTE alive... One example: http://www.dhorrocks2003.pwp.blueyonder.co.uk/

This was only to be expected

[zxSpectrum]

But, seeing as it's GPLed:

Waste-source

Please, mirror the file instead of using this as sole source. I have no opportunity to set up BitTorrent here, and I have maximum transfer per month constraints. I will pull the file after 1GB is transfered.

Re:This was only to be expected

[tka]

Mirror: Waste-source
Please mirror it.

Re:This was only to be expected

[blibbleblobble]

Please, mirror the file instead of using this as sole source.

Okay

Do we have agreement on what the MD5 should look like for these files, before everyone starts hosting any file they find with a "waste.zip" filename?

Re:This was only to be expected

I downloaded the official copies off the nullsoft site the first day. Here are my md5sums:

e3609e352afba37683c47ce60f9086bb waste-setup.exe
5645d0378b5bca6d2cf337686dca9a4d waste-source.tar.gz.tar
554cfa7350333aa4e6eb3b6e2 4201d80 waste-source.zip

AC

Mirrors!

http://www.sifnt.net/waste.zip
http://forums.wina mp.com/showthread.php?threadid=1 37077
http://www.dhorrocks2003.pwp.blueyonder.co. uk/wast e-setup.exe
http://slackerbitch.free.fr/waste/was te-source.tar .gz

Re:Mirrors!

[paulcammish]

Ah, what the hell...

http://slashdot.daedalustech.co.uk/waste.zip - 654,535 bytes, the full thing including exes and source.

Enjoy people...

Mirrors of source and binaries

A couple of mirrors:

http://www.dhorrocks2003.pwp.blueyonder.co.uk/

http://slackerbitch.free.fr/waste/

Edonkey link

distributed load/sources etc

ed2k://|file|waste-source.tar.gz|214730|F5D0DBDA 5E 7EB7A9774C7650FA306383|/

i would of used a link but /. is too paranoid on the allowed links which imho is pretty lame

mirror of the source

[mog]

Here is a mirror of this fully legal, GPL software. Do with it as you will.

My mirror

[jonathan_atkinson]

Get the source here.

--Jon

Already on sourceforge.

[jonathan_atkinson]

I noticed someone has already set up a SourceForge project for WASTE.

http://sourceforge.net/projects/waste/

Now go and help out! I want a cleanly building Linux port.

--Jon

PULLED

[zxSpectrum]

The file is now gone. Please mod this up so my server survives.

Use Dave Winers offer to download instead, or one of the other sources: waste.zip

Another

[Coke+in+a+Can]

http://edwards.servehttp.com:969/waste-setup.exe

Re:only 2 possibilities

[Daniel+Phillips]

1. AOL are the copyright holders...

You're wrong, Nullsoft are the copyright holders, or were at the time of the release. Nullsoft is owned by AOL, but is nonetheless a separate legal entity.

It all comes down to whether Justin had the right to release the code under the GPL, and from the sounds of things, he does. We shall see.

/*
WASTE - main.cpp (Windows main entry point and a lot of code :)
Copyright (C) 2003 Nullsoft, Inc.

WASTE is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

WASTE is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with WASTE; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/

Re:Wait a minute...they can't do that!

[ssimpson]

Yep, certainly was. I guess the AOL lawyers have finally found a strategy to try and put the genie back in the bottle.

Of course, the following disagree ;)

http://www.sifnt.net/waste.zip
http://forums.winamp.com/showthread.php?threadid =1 37077
http://www.dhorrocks2003.pwp.blueyonder.co.uk/wa st e-setup.exe
http://slackerbitch.free.fr/waste/waste-source.t ar .gz
http://edwards.servehttp.com:969/waste/
http://scriptingnews.userland.com/2003/05/30#Whe n:2:48:46PM
http://www.dhorrocks2003.pwp.blueyonder.co.uk/
http://www.virtuelvis.com/temp/waste-source.tar. gz
http://www.blibbleblobble.co.uk/
http://cyber.law.harvard.edu/blogs/gems/home/was te.zip
http://www.cleanstick.org/jon/junk/waste-source. tar.gz

And add to that my mirror http://www.samsimpson.com/waste-source.tar.gz

MD5 Sums.....

[TeddyR]

Well here are the MD5 sums of the files as downloaded by me from the original site [and verified with several other ppl who downloaded it from the original site].... if anyone has a different md5sum then they should look closer at their copy of the files....

e3609e352afba37683c47ce60f9086bb waste-setup.exe
5645d0378b5bca6d2cf337686dca9a4d waste-source.tar.gz
554cfa7350333aa4e6eb3b6e24201 d80 waste-source.zip

Re:GPL - Source Posted

[grahammm]

There is one very large difference here. The code was published on the "official" nullsoft web site, therefore it was released officially. There would be a considerable difference between the Windows source code being published with a GPL licence on www.microsoft.com/windows/source/ and an employee "leaking" it and publishing somewhere else.

Fuck AOL. Mirror here.

http://webspace.utexas.edu/aboulgak/waste/waste.ht ml

Re:Another possible scenario:

[An+Onerous+Coward]

What do you mean by "retract" the decision? In the case of Waste, it looks like the program and source may have been posted without the knowledge or consent of Nullsoft. I think it would be impossible for AOL to prove that Mozilla is being distributed without AOL's knowledge or consent. The bandwidth fees alone mean they know about it.

If, on the other hand, you mean they can close off access to new versions of Mozilla, they already have that right under the MPL. But they cannot stop the community from forking from the last public version and developing a competing product.

Re:Contracts?

[wfmcwalter]

Did the NullSoft buyout contract specify that they had to keep them on for a decade?

Very possibly ('though probably four or five years, not a decade) - buyout contracts often do, to prevent the "human capital" from taking their stock and running. The carrot to folks is that they get lots of new options, which vest annually so long as they remain.

Once the deal is signed, both sides often try their best to wiggle out. The stock options aren't paid out if the employee quits early, so the company tries to get the employee to quit. CEOs become directors of empty divisions with no staff and no mission, stuff like that. The company can't be _too_ blantant about it (i.e. make the CEO unblock toilets all day) as that's constructive dismissal, in which case the employee can leave with the stock (after lots of legal squabbling, of course). Equally, mr small-company-entrepreneur type wants to get the stock and bug out (either to his next startup or to Hawaii) and doesn't want to be a drone for the next half decade. So he _tries_ to get constructively dismissed. Fired for gross misconduct (not showing up, punching out his boss, etc.) won't work - so he has a bad attitude, doesn't bathe, says dumb things to the media, produces product that makes his employer uncomfortable, founds the aryian-spaceship-league, whatever. So a war of attrition is fought.

Naturally, I don't know the terms of the nullsoft acquisition, but it may be this is Frankel's (et al) idea (or at least in his mind). I figured this was the case when Gnutella came out (AOL were _never_ going to be happy with that) and WASTE is even more AOL-unfriendly (heck, it's got a chat client - who needs AIM?).

Someone should write a book about the constructive dismissal stories that fill Silicon Valley - Sculley sending Jobs to his own office building to do nothing (Jobs cracked rather quickly). I heard of some guy coming to work dressed in a full frogman suit (including flippers and mask) and walking down in the corridor when customers were around - company dress code said "no shorts, wear shoes" - if they'd changed it to read "no bodyglove swimming attire" just for him, then that would have been the constructive dismissal he sought.

Re:How can this be "pulled"???

The RSA patent is expired, it can be freely used. So that's not an issue.

Re:MD5 Sums..... and now for the rest...

[TeddyR]

[note : there should NOT be any spaces in the links.... ./ adds spaces]
Magnet links:

magnet:?xt=urn:bitprint:RNADB73OZV4J56PYURKSJBOK QU YU25RO.3YIAXBOM3XGWON5QSA6TVIJUAXJHZI54FQ3LMVY&dn= waste-setup.exe

magnet:?xt=urn:bitprint:SNMD7MSXP3QI6MY5IOF4DKUE VK UD2Y4G.6YKR7VR2TWYNPUUBOVGY5ROGMSPTA7ZZSGTECUA&dn= waste-source.tar.gz

magnet:?xt=urn:bitprint:M6HCJRTWID2MLW2EOHL2GUK7 O2 MGJLTT.CCTSJVMC4RQC67TVJDISXHS6KEXKQIRMNM2SHCI&dn= waste-source.zip

Ed2k links:

ed2k://|file|waste-source.zip|261175|d9eff5442b2 f4 ab391487c21f9998679|/

ed2k://|file|waste-source.tar.gz|214730|f5d0dbda 5e 7eb7a9774c7650fa306383|/

ed2k://|file|waste-setup.exe|173589|5f2e6a0160b4 14 10d413a965560071e2|/

Hilarious, design document is a MS Word .doc

I picked it up from the harvard mirror referenced at Scripting News. In it I read:

What kind of functionality does WASTE enable?

WASTE provides a generic virtual secure private network that other services can be built upon. Currently the following services have been implemented for use on the network and are very functional:

• Instant Messaging: allows users to communicate with other users on a private WASTE network in much the same way as when using AIM/ICQ/etc. This feature is primarily accessed through the main WASTE window.
• Group chat: allows two or more users to chat on a WASTE network in much the same way as when using AIM/ICQ/IRC/etc. This feature is primarily accessed through the main WASTE window.
• Distributed presence: allows users to see what other users are currently on a private WASTE network. This feature is primarily accessed through the main WASTE window, and facilitates ease in Instant Messaging.
• File browsing: allows users to browse a virtual directory structure for each user on the network. Each user can specify a list of directories to make available to other users on the network. This feature is primarily accessed through the WASTE Browser window.
• File searching: allows users to search other users? databases. Each user can specify a list of directories to make available to other users on the network. Currently searching for filenames and directory names is all that is supported, but full-text searching and meta-searching would be easily added. This feature is primarily accessed through the WASTE Browser window.
• File transfer: allows users to transfer files to or from other users. Files can be found via the file browsing and file searching features, or files can be uploaded to other users manually. This feature is accessed through many interfaces, and can be managed with the WASTE File Transfer window.
• Key distribution: allows hosts on the WASTE network to exchange public keys so that they can directly connect to each other (which helps the network optimize itself)

Many other services and capabilities can be added to the WASTE network, these are just the basics that have been implemented.

The Crying of Lot 49

[Hayzeus]

Amybody else get the reference? W A S T E

We Await Silent Tristero's Empire

From The Crying of Lot 49 by Thomas Pynchon, a covert postal service (my first domain was 'waste.com', so named for the same reasons)

Re:GPL - Source Posted

[mcbridematt]

To me this looks like it's a cover up. Netscape has it's source located on cvs.mozilla.org and they aren't saying anything about that (and hell, a shitload of Netscape Proprietary stuff could be in there).

As far as I see, NullSoft had authorisation at local level. They released it thinking it was 'Go go go', but AOL said "Speak to our lawyers first". The GPL doesn't allow revocation. It probably was autorised.

NullSoft has other P2P stuff up it's sleeve

Re:GPL

[blixel]

I have source code available on this web site.

Scratch that. I now have a mirror of the site.

My WASTE Site with all the INFO

[Joshuah]

http://www.northarc.com/waste_web

enjoy. there is also a forum for waste on the site.

Re:Another possible scenario:

[alienw]

AOL can't "retract" this decision. They never _made_ the decision. If it was out there for two years before they decided to take action, they would have a very difficult time proving that it was an unauthorized release. Since WASTE was out there for a total of two days, I think AOL has a point here. They did not authorize releasing the code, plain and simple.

Re:Duh.

[ToadSprocket]

This is true. The guys that I work with that have published works, or that have written RFC's, or that have just generally been around a while and written code that people actually use, get this type of thing spelled out in their contracts when they are hired. If you don't, it's pretty tough to claim anything you do you is your own. Even if you do it at home.

Re:GPL - Source Posted

I asked a lawyer friend of mine and yes the "reasonable" test does seem to be important. It seems quite reasonable for folks to assume that the software was being released under GPL.

The law in question deals with both apparent authority and inherent authority. The basic idea of apparent authority is that if the principal "cloaks" the agent with apparent authority to enter into a contract, even if he doesn't give the agent actual authority, then the principal will be liable for contracts entered into by the agent.

Inherent authority by contrast allows an agent to cloak himself in a principal's authority and to enter the principal into a binding contract.

To quote Learned Hand's opinion in Kidd v. Thomas A. Edison, Inc, 1917:

"The very purpose of delegated authority is to avoid constant recourse by third persons to the principal, which would be the consequence of denying the agent any latitude beyond his exact instructions. Once a third party has assured himself widely of the character of the agent's mandate, the very purpose of the relation demands the possibility of the principal's being bound through the agent's minor deviations."

(I am quoting from my friend's e-mail, not the actual opinion.)

So on this basis it would seem that software posted to the company website for download under a GPL would seem to bind the principal.

On the other hand, AOL did act very quickly to take the software off of the website. A court might feel that this was sufficient to nullify the rights granted under the GPL to those who downloaded the software. Or a court might feel that it was AOL's internal responsibility to assure proper security procedures to prevent unwanted posting of software under GPL terms, and that the rights granted under the GPL to recipients cannot be revoked.

Re:GPL

OK, found his name. It is in the third group during the credits:

Additional programing
Justin Frankel

Re:GPL - Source Posted

[Cyberdyne]

Sure they can. If the person who gave you the free software wasn't the copyright holder, the copyright holder can come after you.

That's their problem: the copyright holder is Microsoft. The person giving me the software is, legally, Microsoft: that's the meaning of vicarious liability. He is, legally, acting on behalf of Microsoft; whether or not they want him acting on their behalf in that way is irrelevant. (They can, of course, fire him for it, at which point he can't do it again...)

Not in California...

[SvnLyrBrto]

> They would have to have a contract with Justin that says
> all thoughts are AOL's regardless of whether he does
> them for work or not.

If the Nullsoft guys are still working out of San Francisco, as the article suggests, he's 100% in the clear. Such clauses are illegal in California, wether you sign them into your contract or not. Go ahead and sign a contract giving your employer the rights to ideas you come up with in your free time. Clauses like that are generally thrown in with the legalese to try to make you THINK they have a right to your free time. Nevertheless, said clause is illegal and unenforceable.

cya,
john

Justin Frankel's .plan updated here

http://www.1014.org/finger.phtml

md5sum (Was Re:This was only to be expected)

[IO+ERROR]

5645d0378b5bca6d2cf337686dca9a4d waste-source.tar.gz

Re:GPL - Source Posted

[baka_boy]

I think you've hit it on the head there. AOL/Nullsoft may or may not have a problem with their employees working on open source projects, (i.e., Mozilla) but they have to be acutely aware of any potential licensing no-nos, esp. given the current SCO/Linux debacle.

Personally, I think it's an interesting project, but needs some serious work before it could be a viable alternative to existing chat and filesharing apps -- the design docs distributed show a number of issues with the wire protocol, including its overuse of broadcast messages, and the high (i.e., 40 bytes per packet!) overhead added for message checksumming, routing info, etc.

Re:Wait a minute...they can't do that!

[Alsee]

Can you cite an example of a local law that allows theft?

First of all, theft? What theft? I'd like to see YOU find even a single example of a local law anywhere on earth that states copyright violation is theft. I'm really getting sick of this "copyright violation is theft" crap, especially from self-rightous idiots hurling insults and erroneous information. I don't usually flame, but I'm in a bad mood and you started with the "stupid" coment. Copyright violation is copyright violation, not theft. You may as well start saying rape is theft of sexual services and that driving with a broken headlight is theft of illumination.

If not then consider who the stupid one is in this case...

You want to toss insults? Great! Let's see who's the stupid one. The United States Library of Congress Copyright Office provides this refference: International Copyright Relations of the United States. It contains the following information:

The following countries do not recognize any protection of US copyrights :
Afghanistan
Bhutan
Ethiopia
Iran
Iraq
Nepa l
Oman
San Marino
Tonga
Yemen (San'a)

Armenia only has treaty relating to satallite programming.

The following countries have not established copyright relations with the US but "might" honor any relations (if any) that existed with their prior government:
Comoros
Jordan
Kiribati
Nauru
Nor th Korea
Palau
Sao Tome and Principe
Seychelles
Somalia
Sudan
Syria
Tuval u
Vanuatu
Western Samoa
Yemen (Aden)

There ya go! Of those 25 listing I'm sure at least 20 will happily allow this "theft". And you just asked for one. But we're not done yet!

While all other countries have some sort of copyright relations with the US, there is a vast array of different treaties and agreements. I couldn't even begin to guess how many more contries would not recognize/protect the copyright on this software. Quite a few I'd wager. Software is the sort of thing likely to fall through the cracks for any country the US only has partial treaties with.

But my primary point is that Nullsoft stated:

"you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer"

Even for the countries that do recognize this copyright it is an absurd statement. Different countries have different laws. Nullsoft's statement could be be partially or entirely false in any given country.

-

Re:WASTE...

> An analogy for Public/Private keys as described
> by Jellybob. My Public Key is like the key to my
> house. I don't give it to just anyone, I give it
> only to people I trust, because I have to trust
> anyone who has that key with the contents of my
> house. I have to trust they won't "break" in,
> and I have to trust they won't give it out.
>
> My Private Key is like the lock itself. If I
> decide I don't want anyone to have access to my
> house any more, I change the lock (the private
> key). Now everyone who has the old key to my
> house can no longer get in.

This is not a very good analogy for a public/private key system. The above analogy is flawed because you usually give out your public key to everyone. It is also flawed because in the above example, the public key has the power to decrypt the message by opening the lock which is incorrect.

There are PGP key sites where there are many many public keys. The whole idea behind the public/private key system is that you should be able to let anyone send you an encrypted message (so everyone can know your public key) but only the owner of the private key (which is never published) can read it.

Each public key is linked to a private key. A message encrypted using the public key can only be decrypted with the corresponding private key.

This is a better one:

The situation is that I have a house surrounded by a fence with a locked door. I give the key to the fence lock to the people I want to send me messages by sliding them underneath the door. This is the public key part - people can send messages to me.

But only I have the key to my door lock which means only I can read messages that are slipped underneath the door.

Your public key only opens the fence. My private key opens the door lock. So while your public key allows you to send messages to me, only my private key can read the contents of those messages.

You can see this in real life. If you send me an encrypted email using my public key, you can't read your own message later. Your sent emails directory will be unreadable to you because you don't have the private key to decrypt those messages. You used someone else's public key to encrypt it so only their private key can decrypt it.