VIA Releases Source To Custom WASTE Client

daten writes "VIA has released the source code to their Padlock SL product, based on the Nullsoft WASTE code previously pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under active development, the VIA client offers a graphical interface for both Windows and Linux users and simpler configuration."

Finally

Some security for chatting.!! -SMaharaj

passive

[netkgb]

"Unlike WASTE, which is still under active development..." More like passive development on sourceforge

Re:passive

It is ok, the last version is just 2 months old. However, I am still using the original one with my friends. Great stuff for securely sharing mp3's within the group when usual means do not work, like in my case.

Re:passive

[Troed]

I've done some additional things but they're only used by me and a small group of friends. No major things, but removed stupid hardcoded limits like 256 chars in a message (now unlimited) etc.

I must confess, the WASTE sourcecode is terrible. It's like someone who's never EVER read anything about object orientation tried to write his first C++ program

I haven't put up the changes on sourceforge, mostly since no one seems to care.

Re:passive

[not2advanced]

I wouldn't mind seeing personally. That team I think needs some activity punching into it, and the first steps might be code cleanup. I'd help, but I haven't got the slightest clue where to begin with C.

Just a quick hint...

You don't need to sign your AC posts

Re:Just a quick hint...

STFU. All of you. -SMaharaj

how private?

[millahtime]

Does anyone know how private this network is? Do you have to get a key from a member? Does it just use encryption? Any details on this?

Re:how private?

[ewithrow]

If I recall correctly the data sent over the network was encrypted using a very long key generated by asking you to move the mouse randomly for a period of time. Doing this for a minute or so ensures that you get a unique key.

Re:how private?

[los+furtive]

I can't vouche for Padlock, but I've used WASTE and yes, you need a key, and I believe all transmissions are encrypted. Pretty nice really, has an IRC like client and several other little features. I've tried to convince my friends to stop using my ftp and use WASTE instead (its ideal for groups of 50 people) but they've been slow to follow suite. Maybe I can convince them with this software instead.

Re:how private?

[pe1rxq]

I think revoking their ftp access will convince them to stop using it very fast..... Or just throttle the ftp connections down using some scheduling filters :)

Jeroen

Re:how private?

[essreenim]

Yeah, but whats really required is a peer:peer system like this only any user/agent has their memory erased as soon as they read it, but not before the cached communication self destructs removing all evidence with 7-pass extended character rotation deleting for a last obliteration in the backround to remove anything.

Paranoia increases as a function of knowledge..

Re:how private?

[cshark]

I don't know about that. It looks like padlock has a hardware componant that it needs to run.

Re:BSD releases custom babe!

You need to update your cut and paste source. Half of the links are dead.
Very lame FP...

Is this legal?

[Newtonian_p]

Doesn't Nullsoft's page on WASTE say " An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website ... Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright" ?

Re:Is this legal?

its saying this now but it was released under the gpl first which cant be revoked.

Re:Is this legal?

[sangreal66]

Yes it can, if the person who released it wasn't authorized to. I can release the windows source under the GPL, but that doesn't mean its valid.

Re:Is this legal?

[Quixote]

WASTE files contain the following license at the top:

/*
WASTE - main.h (a bunch of global declarations and definitions)
Copyright (C) 2003 Nullsoft, Inc.

WASTE is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

.....

How can it be "unlicensed" if it has GPL license on each file?

On a related note: VIA is releasing their "PadLock SL" under GPL too.

Re:Is this legal?

[vegetablespork]

They say it, but that doesn't make it true. An agent of the company posted the software under the GPL. AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.

Re:Is this legal?

[Hobbex]

If whoever put the GPL block there did not have the permission of the copyright owner to license it so, then it isn't worth the electrons it is written on.

I can't take a copy of the leaked Windows code, put a GPL notice at the top of every file, and claim then claim it has been GPLed. AOL owned the source code (because Frankel was an idiot and sold his sole to them), and if they never OKed it to be released, then it is not under the GPL.

Re:Is this legal?

[alienw]

If some Microsoft employee posts the Windows code under the GPL, that will not make the code GPL. If Frankel had no power to approve the release under the GPL, then it was unauthorized and the GPL does not apply.

Re:Is this legal?

[SubtleNuance]

AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.


IANAL.

If *we*, the persons dealing with the company 'reasonably believe' that the Agent (Frankel) has the authority to enter into the agreement (GPL license) with us, then it is so. The company is responsible to uphold its agreement (where Frankel was the agent).

Posting this nonsense on the web doesnt undo Agent Frankel's agreement with us.

I just got an image of Frankel as Agent Smith in Matrix... hm, nevermind.

Re:Is this legal?

apparently he wasn't the only "idiot" to sell his "SOLE".

try proofing your post next time.

Re:Is this legal?

[drinkypoo]

We went over this in the story when WASTE was pulled in the first place. Basically the counter-argument (no idea who will win in court since IANAL but anyway) is that Frankel was an officer of Nullsoft, and the copyright is held by Nullsoft which is owned by AOL. As an officer of Nullsoft he had the right to release it since typically that's how he behaved when he released something.

There is a separate issue between him and AOL, discussing whether he had the authority to make the release. However, once an officer of a company releases something, it's going to be hard to say he didn't have the authority to do so.

Re:Is this legal?

Try using a capital as the first letter of the first word at the start of your sentences, next time.

Re:Is this legal?

[Manip]

It is like Linus pulling Linux and posting that it is illegal.. doesn't make it true, it is under the GPL and there is no controlling it now.

Re:Is this legal?

[pe1rxq]

If the guy who added the GPL blurb and posted it on the nullsoft website was at the time a nullsoft employee any outstander (ie person not in on the scam) can safely assume this person to be a representative of nullsoft.
That person can still be held responsible for the act, but the outsider can't be blamed.
This sounds like the legal person nullsoft claiming to have had a temporary case of multiple personality disorder....

Jeroen

Re:Is this legal?

[Peter+La+Casse]

If some Microsoft employee posts the Windows code under the GPL, that will not make the code GPL. If Frankel had no power to approve the release under the GPL, then it was unauthorized and the GPL does not apply.

Since Frankel had the power to release software under the GPL, and it was only after the software was released that his employers thought to limit his power to release the software, it is ok for us to continue to distribute the software.

Re:Is this legal?

[chantastic]

according to an article on the inquirer, even if we assume WASTE was licenced under the GPL, VIA took out all the copyrights in the code which violates the GPL making it illegal

Re:Is this legal?

[Delphis]

Frankel was an idiot and sold his sole to them

And why shouldn't he sell fish if he likes? :)

Re:Is this legal?

[scrytch]

> How can it be "unlicensed" if it has GPL license on each file?

The same reason the company I work for could call something I developed on their time and dime theirs, whether I GPL it or not. It was released under Nullsoft's name, so AOL technically owned it. GPL'ing it was what was unauthorized, so it was never really licensed properly in the first place. But now that the horses have already left the barn and nullsoft is gutted, AOL doesn't show much sign of pursuing their claims.

Re:Is this legal?

[Quixote]

Have you looked at the source code for PadLock? I have, and VIA has not taken out the original GPL license. They have added their own GPL license under WASTE's original license.

Eric Harmon could have just downloaded the PadLock source and looked at it, just as I did! IMHO, it just reeks of sour grapes. He hasn't been doing much maintaining, and is now pissed off that someone else has taken up the slack.

Re:Is this legal?

[ca1v1n]

Generally speaking, if an employee of a corporation does something on behalf of a corporation in a manner consistent with an official act of the corporation (like, posting it on their main website), regardless of whether or not they were supposed to, the corporation's recourse is fire the employee. The exceptions to this would be if the employee knew that the release was unauthorized and did it anyway, making them no longer an agent of the company. As long as they did it in good faith, they were acting as an agent of the company, however poor their judgement may have been.

Of course, there are other exceptions to this as well, more obscure and probably even more open to subjective interpretation in court. If you wanna use something like this, consult a lawyer, or roll your own.

Re:Is this legal?

[adolf]

...since when has it been the world's job to keep track of everyone's office politics?

I don't care if, twelve years ago, Justin's boss said to him "you're not allowed to release anything without my OK."

It's not my job to keep track of these things.

He released it, and it's mine. End of story.

Re:Is this legal?

[HexRei]

Mod parent insightful. I love to see crappy analogies crushed.

Re:Is this legal?

[Didion+Sprague]

... because Frankel was an idiot and sold his sole to them ...

Look, if AOL is dumb enough to buy fish from someone like Frankel, they deserve what they get.

Microsoft bought my halibut, and I, for one, am happy as a clam.

Re:Is this legal?

[silas_moeckel]

I think it has a lot to do with title. As in what was his title. A director of a company and above can enter into contract for that company. If they told him not to they can fire him and sue him for it but they cant get out of the contract without showing that the other parties knew that he was told he couldent do it. So if he was a random software coder no he dosent have the athority be default to enter into a contract with other people for the company if he was say the director of software engineering then he did. Resinding his powers after the fact dosent change it it actualy it makes the argument that he had the rite strong as they had to take it away implying he had the rite at the time.

Re:Is this legal?

How about if it wasn't just "some Microsoft employee", and it was infact Steve Ballmer...

Re:Is this legal?

[yerfatma]

Agreed. That's a lotta clams for just one fish.

Re:Is this legal?

[zonker]

you know, back when this happened, i asked rms about the issue. he basically told me that they would have to recode it from scratch in order to not violate the gpl. just because someone gpl'd it, doens't mean they had the authorization to do so...

here's the link to the discussion.

Re:Is this legal?

[alienw]

How do you know he had that power? He did not own title to the software, so he did not have that power. It's extremely shaky legal ground as far as I am concerned. As in, VIA is taking a major lawsuit risk here should AOL care to pursue the matter. It would be much easier to implement a clean-room clone than to try to legalize the original codebase.

Re:Is this legal?

[evilviper]

That doesn't matter at all. If you've dealt with corporations a good deal, you will quickly discover that they will lie their ass off CONSTANTLY. Ignore everything they tell you, unless it is comming directly from the mouth of a lawyer (and with nobody acting as a go-between). Otherwise, they can just lie and lie and lie with absolutely no consequences.

Am I the only one that remebers when a Nike representative came out and stated in no uncertain terms that their shoes were NOT made in sweatshops, only to be proven wrong days later and then claim lying to the public is constitutionally protected speach? I never heard the outcome of the lawsuit that was brought, but since companies are still lying to people left and right, I doubt he was convicted.

Re:Is this legal?

Except that Frankel was not "some employee." He was an officer of the company.

USENET

I said it when Napster came out, I said it when Audio Galaxy came out, I said it when Kazaa came out, I said it when Bittorrent came out, and I'm saying it now: USENET r teh rox. Wanna swap files? Stop innovating, you idiots, you've already got perfection in the p2p area.

Re:USENET

[mek2600]

Perfection? Dropped posts and a lack of distributed file sharing doesn't fit my description of "perfection".

I should get a *real* news server that has better post retention you say? Well, that costs money and WASTE/Kazaa Lite doesn't. USENET is great for many things, but not for all things.

Direct Download Links

[InShadows]

for those that don't want to fill out the questionnaire

Windows XP Version

Red Hat Verion 9.0

Installation Guide

User Guide

Re:Direct Download Links

[Raleel]

the redhat 9 link is slightly wrong. look at the others for what the hostname should be

Re:Direct Download Links

You don't have to fill in the questionaire anyway!

Re:Direct Download Links

Thanks for the link, karma whore.

Ahhhhh

[Heartz]

Encrypted chats via VIA!

Re:Ahhhhh

[Heartz]

Thank god it didn't go to WASTE!

Re:Ahhhhh

[pantherace]

I c3 worthless posts, including this one!

Re:Is this legal? - this text

[nighty5]

NOTICE OF UNAUTHORIZED SOFTWARE

An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.

Thank you.

Nullsoft

Via?

[Azghoul]

Doesn't Via make chipsets? I don't understand where this is coming from...

Linked page is useful for figuring it out too: "Here you go, if you download it, give us feedback."

(I admit, I'm lazy and hope some fellow /.er will enlighten me :))

Re:Via?

[Milican]

Checkout VIA PadLock Hardware Security Suite. Their procs have built in AES encryption as well as a very high bitrate Random Number Generator. This allows their 1GHz procs to do encryption an order of magnitude faster than a 2.4GHz P4. So this software just takes advantage of and promotes their hardware.

JOhn

Re:Via?

[lacrymology.com]

" Doesn't Via make chipsets? I don't understand where this is coming from..."

Perhaps this is developed firstly as an internal system (my company uses a similar system for code sharing/internal chat) and only now released to the public.

-m

Re:Via?

[bhtooefr]

VIA makes CPUs (C3), motherboards (EPIA), and graphics cards (S3 UniChrome integrated and DeltaChrome) too! BTW, PadLock is definitely a reference to the encryption engine in their C3 Nehemiah and newer - it means that their 1GHz C3 can murder a x.xxGHz Pentium 4 on encryption, all while barely taking any power. However, as soon as you go to standard integer or floating point, it SUCKS ASS. Integer performance is in the 300-600MHz Celery range, and FP performance is in the sub-300MHz Celery range.

Re:Via?

[pantherace]

Actually it isn't that bad on integer, fp could use work. Neither is it's main selling point, it simply does decently.

Overall, it is likely cheaper to have a cluster running on c3s rather than xeons/p4s/opterons/athlons/g5 simply because of the lack of huge power reqirements (10 1GHz c3s vs a 3ghz p4, on a clusterable job will almost certainly see the p4 blasted), not to mention initial cost, which can be lower than $100 per board + processor.

(and any speed c3 with a nehemiah core will murder most anything else on common encryption protocols, except something like an ibm server with a hardware encrypt assist.) Which leads to an interesting idea for encrypting things for which the server is unable to do it's job + encryption, having a c3 act like a transparent proxy for another server.

And is it just me, or are there others who feel that developers should have to have workstation machines that are slow?

Re:Via?

[Steamhead]

Then why not use both?

Re:Via?

And is it just me, or are there others who feel that developers should have to have workstation machines that are slow?

Sure. It can be useful for testing. You can go overboard though. Such as here, where systems over 1 GHz are rare. (I think somebody forgot to tell management the 20th century is over.)

Re:Via?

Are the RNG and encryption hardware supported by the Linux kernel? That would be very handy for encrypted loopback devices. Looks like it would improve access times drastically.

Re:Via?

What about the RNG in certain Intel chipsets for the Coppermine and Tualatin P3s? Can this software take advantage of it? And does Intel no longer provide an RNG in their P4 chipsets?

VIA's system requires hardware

[dbaigrie]

Via's system requires their hardware security implementations to work.

As the first step in working towards this objective, VIA was the first company in the world to introduce hardware-based security features in an x86 processor, as part of the VIA PadLock Hardware Security Suite, first with the implementation of the VIA PadLock RNG (Random Number Generator) in the initial Nehemiah core followed by the addition of a second RNG and the VIA PadLock ACE (Advanced Cryptography Engine) supporting AES encryption standards in the latest C5P Nehemiah core

From the description this is a sample application using their "Padlock" hardware

The VIA PadLock SL Utility is a sample secure messaging and information dissemination application with an advanced public key model and AES encryption for ultra-secure communication pathways between users.

Re:VIA's system requires hardware

[arkanes]

The released source also uses Qt, so you'll need a Qt license if you want to compile this yourself on Windows.

Re:VIA's system requires hardware

I thought both Intel and SiS had a hardware RNG before Via. I know Intel certainly introduced an RNG with the i810 chipset, but they could have had something in earlier chips too.

Re:VIA's system requires hardware

[dbaigrie]

The new hardware is not just random number generators but also the addition of hardware cryptography implemetations.

Re:VIA's system requires hardware

Well the way I read the anouncement is that Via are trying to claim that "VIA was the first company in the world to introduce hardware-based security features in an x86 processor..with the implementation of the VIA PadLock RNG (Random Number Generator) in the initial Nehemiah core.." The hardware crypto came later.

Maybe it's just weasel-marketing, but it sure seems to me they're trying to claim that they were the first to offer a hardware RNG.

Still, whatever. Its only a floating transistor; hardly a breakthrough in microprocessor engineering.

Re:VIA's system requires hardware

[grondu]

Via's system requires their hardware security implementations to work.

From the user's guide:

PadLockSL utilizes hardware AES algorithm and random number generator provided in VIA C5P processor. The special characteristics PadLockSL has are outlined as below:
1.2.1 Support running on C5P system and non-C5P system
1.2.2 Automatically detect whether C5P ACE is available or not
If C5P ACE is available, use hardware AES in C5P ACE; otherwise, use software implemented AES when performing AES encryption/decryption
1.2.3 Automatically detect whether C5P RNG is available or not
If C5P RNG is available, use it as entropy source in random number generation routine; otherwise, use the random number generation device provided by linux.

Re:VIA's system requires hardware

[JDBrechtel]

Their hardware isn't REQUIRED, but simply makes the encryption faster.

Re:VIA's system requires hardware

[Afrosheen]

Is Trolltech's QT license different on Windows than it is on linux? On linux, if you're building software for personal or non-commercial uses, there's no licensing agreement. If you plan to make money on it, then a license purchase is required. There are other stipulations but that's the gist.

Maybe I need to go read up on their licensing terms for Windows.

Re:VIA's system requires hardware

[arkanes]

The Windows version is not released under the GPL. The only way to aquire it is to buy a license. There's also an educational version that ships with a book, but if you want it without buying the book you need to be a teacher/instructor in a classroom situation (it's an educational license, not a student discount).

In short: yes, it's different than Linux.

Re:VIA's system requires hardware

[Monkey]

Can somebody tell me why it seems everything requiring a cross-platform C++ gui widgets seems to be written with QT? There have always been licensing issues with this product when it comes to Open Source. Are there no alternatives?

Re:VIA's system requires hardware

[arkanes]

Qt has the mindshare. There are several alternatives, including: FLTK, FOX, and my personal favorite, wxWidgets.

All of the above have LGPL or LGPL style licenses, and at least FLTK and wxWidgets have exceptions for static linking, so there should be very few licensing issues with them. There's probably more, but these the ones I know off the top of my head.

Re:VIA's system requires hardware

[scm]

You're close, but not quite right. There's always a licensing agreement with Qt, no matter the platform. If you're using it on Linux or MacOS you have 2 choices: the GPL version (can only be linked with GPL and compatible software because of the GPL) or the commercial version which you can link with your closed source code.

On Windows, there's only the commercial version available (which also means you can't build GPL software on Windows with Qt unless the GPL software has a specific license exepmtion for Qt)

Re:VIA's system requires hardware

[JCholewa]

> Can somebody tell me why it seems everything
> requiring a cross-platform C++ gui widgets
> seems to be written with QT?

It's largely because Qt is really, really insanely easy to use. The object classes are very intuitive for programming.

Regarding licensing issues, there is a GPL version for native Win32. It's not being actively updated, but it did get far enough to the point where most of my programs (the ones that didn't use other libraries, at least) would cross compile and run pretty decently. There were some speed issues, but most of them disappeared after I figured out how to get the compiled programs running without popping up a stderr command window.

--
-JC
coder
http://www.jc-news.com/parse.cgi?coding/main

W.A.S.T.E.?

[glwtta]

Is there a muted horn in their logo somewhere?

Re:W.A.S.T.E.?

[jamesangel]

Yes, there is in the original. Care to explain this?

Messaging

[pubjames]

I used to work programming software that basically transmitted information between banks. I learnt one very simple thing that I think could be really helpful for the OSS community: Separate the message from the method of delivery.

Banks are obviously really paranoid about security. They also really need messages to get through, quickly. In the software that I worked on, you would basically configure it with a priorty list of methods that it could use to transmit the message. So the most secure and failsafe method would be the one it tried first. If that didn't work it would try other methods, gradually going down the list, which usually ended with Fax being the most primitive method.

So how is this relevant to the OSS community? Well, we all know email is pretty much broken. Businesses want message delivery that is 1) secure and 2) reliable. Email is neither. With OSS email clients, we should change our mentality a bit and treat them instead as messaging clients, with email being just one of the methods it might use to send the message. The first thing it might try would be a secure, peer-to-peer connection with the recipient of the message. If all OSS email clients followed the same standard - perhaps based on this WASTE code? - soon most messages might be sent by a better manner than email.

One day very soon, Microsoft is going to come out with a "better email". The OSS community will bitch about it, and then if it takes off they will try to copy it. I'd much prefer we did the innovating and MS had to copy... Come on guys!

Re:Messaging

[drinkypoo]

Email does have reliable delivery. however it's only reliable to the MX host. After that, it's out of your hands. If email were delivered directly to the target computer then this would be enough. Unfortunately non-static IPs for most users and AUPs prohibiting long-running network servers put the damper on that little plan.

Re:Messaging

[pubjames]

Email does have reliable delivery. however it's only reliable to the MX host. After that, it's out of your hands.

It is either reliable or it isn't. It isn't.

Unfortunately non-static IPs for most users and AUPs prohibiting long-running network servers put the damper on that little plan.

You don't seem to get what I'm saying. It would try the best method (secure, reliable), if that didn't work, it would try the next best method (email?). So the message goes by the best available method. That's the whole point of what I'm saying.

Re:Messaging

[Short+Circuit]

So write to your congressman, telling them that spam is a big issue for you. Also tell them that a method is required for secure and verifiable form of email that does not depend on a standard or API controlled by someone with commercial interests.

Continue by talking about the benefits that email has for commercial and personal relations.

Advocate a patent and license free system based on existing RFCs.

Re:Messaging

[Afrosheen]

Let's go down a preliminary list of what might transpire in this type of setup.

1. Attempt to deliver message via WASTE or similar.
2. Attempt delivery via ssh/sftp direct to host. Keypairs cached on both machines to allow automatic logins. Yeah, not too secure but we're assuming trust between both boxen.
3. Attempt delivery via email.
4. Attempt delivery via IM protocol of choice.

On and on ad nauseum. Something like this?

Re:Messaging

No, YOU don't seem to understand: It's a PILL that gives WORMS to EX-GIRLFRIENDS.

Re:Messaging

[pubjames]

Something like this?

It could work like that. But I was thinking of something simpler - try to deliver via a secure P2P connection, if that doesn't work, then deliver by email. For this to work it needs to be simple - the client needs to be able to find out how to connect via P2P just from the email address. And it needs to be fairly transparent to the user.

However, the great thing about the approach is that it is modular, so other methods could be added and OSS messaging projects could spawn and evolve within a framework.

Re:Messaging

[Locutus]

pretty much what I proposed to my favorite email client developers some time ago. They said they wanted to keep the email client as an email client. What I like about this method is that not only does it find the user-preferred delivery mechanism for a particular message, but it could also deliver large files too more efficiently.

LoB

Re:Messaging

[Jemm]

An excellent thought pubjames.

If you wish to put together some type of RFC, I'd be willing to lend a hand.

Re:Messaging

Just brilliant.

Open Source?

[karevoll]

Browsed over their website, but I must say I'm disappointed. How well can we trust this client to be secure (and flawless) until the public has audited their source code?

If I'm going to chat with my friends "securely", I'd want to know exactly _how secure_ it is... to know whether I really can trust the application or not..

Security by obscurity doesn't cut it for me, and usually, the slashdot-crowd doesn't seem to be too fond if it either..

Re:Open Source?

[karevoll]

Never mind. Stupid little me found the link _on the front page_ at last.. PadLockSL.src.zip[viaarena.com]...

Re:Open Source?

[ian+mills]

1) Post link about $_topic being "unsecure" and whining about the lack of soure code
2) Reply to yourself, posting the link to said source code
3) Instant Karma!
No ???? required. Nice.

Re:Open Source?

[Reziac]

Dead link now... Got a better one?

Re:BSD releases custom babe!

You need to update your cut and paste source. Half of the links are dead.
Very lame FP...

I know there are dead links. I don't have the latest version handy right now, but FP is still FP.

Ceren for ever!

Interoperability?

[Hobbex]

Does anybody know if this can interoperate with Waste networks? I tried to get it into our waste network, and after changing the key header I got the keys to import into the waste clients, but connections still failed.

Anybody had more luck? Waste runs under wine, but there are a lot of annoying issues, and the port seems dead in the water.

Re:Interoperability?

[cbucket]

As of yet, I have not been able to connect to an existing waste network. padlock seams exactly like waste, but with less preferences. Such as limiting bandwidth and IP access control.

I'm sticking with waste.

Re:Interoperability?

[Afrosheen]

I may try waste also. Padlock doesn't run worth a shit on Mandrake 10.1 and kernel 2.6.3-7mdk. It lets me attempt to generate a key, and during that process, bombs out with "/usr/local/bin/padlocksl: line 3: 22609 Aborted". Wow. Real verbose guys.

Maybe I need to report this but each time I retry it, the line 3 : 2xxxx number gets higher. WTF.

Re:Interoperability?

[lor3]

I've got it to connect to my WASTE network (the keys have different header/footer but changing to/from WASTE/PADLOCK works).. it connects fine but nothing works - you cant even see the connected clients...

Why you'd want to use this anyway is beyond me - the GUI is awful :-)

Re:Interoperability?

WASTE uses Blowfish for link encryption, PadLockSL uses AES. This is one of the causes of incompatibility.

Re:Interoperability?

[cthulhubob]

This is just a guess, but I bet the "22609" is the process ID of the padlocksl script. Sounds like a syntax error or something on line 3 is causing it to abort execution.

Re:Interoperability?

[blixel]

Waste runs under wine, but there are a lot of annoying issues, and the port seems dead in the water.

I bought Win4Lin ... and WASTE was one of my motivating reasons for buying it. If WASTE is important enough to you, I'd recommend Win4Lin. And you get the addeded benefit of being able to do other Windows things. (Kaaza [though giFT works well enough for me most of the time], and whatever other Windows things you need.) The only "problem" with Win4Lin is that at this point in time it's Win95/98/98SE/ME only. However - if your programs will operate under Win98SE (WASTE will), then it's actually an advantage due to lower resource requirements.

I downloaded this PadLockSL but I'm not really impressed with it. The GUI looks "broken" in several places. Text doesn't line up correctly over the buttons and things of that nature. And it doesn't connect with our WASTE network anyway.

Re:Interoperability?

[Hobbex]

I do not have a windows installation at all, and I have absolutely no want or need for one, so Win4Lin is not what I am looking for.

I should just port Waste myself, but in that case I find myself thinking I should start from scratch so as to avoid the tainted code. But in that case it wouldn't be waste, as I think the protocol can be improved on....

Who cares?

[NineNine]

This is another example of the OSS community wasting time duplicating their efforts. IM? We've got at least 3 networks out there already, and hundreds of clients. File sharing? FTP, HTTP, Kazaa, Bit Torrent, etc. Who cares abuot yet ANOTHER of the same thing. Is there are OSS coders with free time on their hands (and there obviously are plenty), how about a usable Point of Sale system? How about wirting *anything* that hasn't been done 1000 times already?

Re:Who cares?

[Scytale]

WASTE does do things that the other clients do not, specifically for file sharing. I agree it's not the greatest when it comes to IM. The other file sharing methods you mention do not allow for easy 2-way transfer (except FTP but we know the flaws in that protocol). It allows you not only to download from other people, but to 'push' files to them as well. The WASTE protocol also handles relaying of messages so that multiple clients behind a firewall can still connect to WASTE networks on the outside.

Re:Who cares?

[Will+Fisher]

I think your missing the point of WASTE.

WASTE is designed for secure communications (IM, chat and file transfer) between small groups of trusted users.

Bittorrent, Kazaa etc are designed for the mass distribution of files amongst people you don't know.

The only similarities are that neither use a central server, and they can be used to transfer files. But how many protocols can't transfer files?

Re:Who cares?

[110010001000]

POS systems aren't *fun* to develop. We only work on things that are fun for us. After all, we are doing this for fun - in our spare time.

Re:Who cares?

[Neophytus]

BitTorrent, FTP, HTTP and KaZaa all are used for very different applications. WASTE is used for creating a private, enclosed and secure P2P network. Which of the above apps does that?

Re:Who cares?

These days it seems that IM clients are like free TGP sites.

Re:Who cares?

[scrytch]

> how about a usable Point of Sale system?

Fine, if you retailers want OSS to play ball and write them a POS system, then how about you get on the same field and publish a detailed requirements document publically, so that the community can get a start? The proprietary software community does have an advantage in that the client pays to have developers gather the requirements and perform production tests and so forth, but if there's an OSS solution out there, then all that you need is an integrator. But if all you say is "give me a POS system", you're going to get nothing useful back. And if you throw the requirements document over the wall and never come back with feedback, expect nothing after the initial attempt.

Hardware's another issue ... don't expect a lot of cash drawer, manager key, or card reader support without open hardware specs. If you really want an open POS system, you the retailer are going to have to lean on the register manufacturers -- the folks you're giving your money to -- to produce open specs. Otherwise don't expect people to write free software for a platform they cannot freely support.

Re:Who cares?

[llefler]

Hardware's another issue ... don't expect a lot of cash drawer, manager key, or card reader support without open hardware specs.

A lot could be done without incorporating specialized hardware. Think a little smaller. I have a friend that owns an appliance store. He doesn't need a cash drawer, manager key, and the card reader is on the box he got from the credit card processing company. Same goes for the dealership where I bought my motorcyle.

What he does need is POS entry, customer database, invoice printing, inventory tracking, product serial number tracking, work orders, and an interface into an accounting package. There are probably 10s of thousands of businesses like these.

BTW, barcode scanners are available as keyboard wedge devices and cash drawers are available with a serial interface. www.mscashdrawer.com has technical documentation on how to access their serial and parallel drawers.

Re:Who cares?

Full of ads you mean...?

Re:Who cares?

[Rick.C]

How about wirting *anything* that hasn't been done 1000 times already?

I don't know whether the parent's view is accurate or not, but it does point out something I learned in [shudder] "diversity training".

In a successful organization, there are several types of individuals: those that do the R-and-D; the blue-sky dreamers who dream up uses for the stuff the R-and-D folks invent; the "people persons" who sell the products the dreamers dream up; and the accountants and production control bean counters who take pleasure in making sure that schedules are met and the bills are collected/paid. Take away any one group and the others are doomed to failure.

From my limited knowledge of OSS, it seems like it might be very heavy in the R-and-D department, but very, very light in all the others. They all are necessary.

Is this a strategic shortcoming of OSS? Are there some possible strategic alliances that might restore some balance?

I don't have any answers, but these seem like valid concerns.

Re:Who cares?

[Lanae]

What are bean counters necessary for, when no one's making any beans? =)

Re:Who cares?

[Rick.C]

What are bean counters necessary for, when no one's making any beans?

True, in a non-profit group there is a reduced need for accountants, but bean counters will find beans to count none the less. Sort of like Da Count (Count von Count) on Sesame Street. These folks are also good at organizing things, maintaining version numbers, deciding what updates go into which version, coordinating schedules and cut-off dates and generally telling other people what to do.

I know that last bit sounds like a bad thing and many OSS folks don't like to be told what to do, but some discipline is necessary in any organization. If things seem to be a little too chaotic, then some more discipline is needed, either internal (self-discipline) or external.

Unstable

[ic3p1ck]

If their chipsets are anything to go by, this thing will crash / lockup every chance it gets! I personally won't touch anything to do with VIA...

Then again maybe I just had a bad experience with their AMD chipsets. Once bitten....

Re:Unstable

I personally won't touch anything to do with VIA...hen again maybe I just had a bad experience with their AMD chipsets.

Which was it, a Via chipset or an AMD chipset?

Oh, I see now. You mean you've had problems with a Via chipset for AMD CPU's.

Let me guess. You own at least one Creative sound card or an nVidia GeForce?

Re:Unstable

[ic3p1ck]

Yes I meant AMD CPU, apologies... Its was more than an issue with Creative, it was some flaw in their PCI bus implementation with respect to bus mastering. Theres even a workaround in the Linux kernel for the issue. Since then I've been hesitant to use VIA....

I don't understand why my post is modded flamebait? I'm not trying to incite a riot or flamefest, just stating my opinion of via... sheesh.. looks like any monkey can moderate these days....

The Future of File Sharing

I believe this will be the future of file sharing when the RIAA and Movie RIAA (can't remember name) finally gets all the rest of the networks taken down. It reminds me of days before Napster when the easier way to get stuff was to goto IRC and download from a very limited selection (for backup purposes only ;) ). Off topic: Anyone know a way to open a quickbooks database across the Internet using Quickbooks Professional, I got legal copies (amazing for me)of Quickbooks Professional and I wanna be able to use it in two locations at the same time. Linux looks like the route to go, but how? *Lamer Aura* Also, bandwidth is an issue, 256k DSL on both ends. I don't wanna buy anymore software either

No one has done anything like this before.

[Ayanami+Rei]

I mean seriously. It bundles in plausible deniability into the network protocol. Stuff that into your pipe and smoke it.

If you want to do skunkworks-style development, collaboration, or your just an 'ARRRRR net pirate then WASTE is a tasty morsel of goodness that is hard to find in other products.

Point of sale system, right. You don't do that open source because there's no point. Who'd use it that doesn't have a purchasing department and thus can be expected to outlay a little dough?

Re:No one has done anything like this before.

[CaptainTux]

Point of sale system, right. You don't do that open source because there's no point. Who'd use it that doesn't have a purchasing department and thus can be expected to outlay a little dough

What it sounds like you're saying is that, if you've got a lot of money, you don't really deserve the freedom OS software gives you. The whole point of OS software has NOTHING to do with money. It's about freedom. Why should someone be locked into proprietary software just because they have the money for it? Isn't this just perpetuating the myth that "open source is for those who can't afford better software"?

But aside from that, there are a lot of places that could use it and who DON'T have "purchasing departments". Small, struggling, mom and pop stores for example. There are a LOT more small businesses than large mega-corps. And those small businesses should not be at the mercy of proprietary vendors.

That said, I have to agree with another poster here: an OS POS system isn't likely to happen until some vendors open up their hardware specs. Sure, we could reverse engineer it but then we'd have the DMCA to deal with. On the other hand, as someone who's looking at purchasing and developing for kiosk hardware, it seems that most vendors offer interface guides to the hardware. If this is also true in the POS side of things then it might not be so hopeless. Regardless, someone needs to publish a requirements document.

Re:No one has done anything like this before.

[llefler]

Point of sale system, right. You don't do that open source because there's no point. Who'd use it that doesn't have a purchasing department and thus can be expected to outlay a little dough?

How about any small business that is trying to get their systems up to the current century. I've been looking at FOSS POS systems. Few work, some think the web is the answer to everything. The best I have found so far is Quasar, (not free, but reasonably priced) and it doesn't quite meet my clients needs. So if I choose it, I'll end up making modifications or writing extra utilities. I need it to tie into a PostgreSQL server and integrate with some warranty systems/part lookup systems.

Not the sexiest project to work on, but I'll bet you could feed your family supporting it.

Re:No one has done anything like this before.

[djplurvert]

As someone already pointed out, it isn't fun. Accounting software is almost always shit. Who wants to spend their time on that? Whether people "deserve" the freedom of open source is beside the point. Those people "have" the freedom to write it themselves, thus they already have the freedom they "deserve".

Open source POS will happen when somebody who values it gets involved with the open source community.

Re:No one has done anything like this before.

[NineNine]

Hardware is a non-issue. It's all pretty standard. Receipt printers are standard parallel port printers, scanners are PS2 port devices that simple dangle off the keyboard connection, and type in the UPS numbers and press enter. The cash drawers also dangle off the PS2 port and have a single command... "open". Credit card swipes do the same thing... read the numbers, and press enter after each line (also PS2 port). There's nothing fancy about it.

I'm just saying that instead of having 1000 IM programs on sourceforge, or 1000 different newsreaders, web browsers, FTP clients, etc. what about something useful? Hell, I don't even care about an OS OS because Windows 2000 isn't expensive, and I don't deal with the OS. I need some useful, business apps that don't cost a mint and that are flexible. There are a few out there, but they don't do nearly enough to be useful. And yes, you're right... small retailers, as one example, don't have the $$ for a real POS system, and there aren't any viable OSS alternatives.

Re:No one has done anything like this before.

[VAXGeek]

Well, you better get started with GnuPOS. Sounds like you have an itch to scratch, so get scratching.

Re:No one has done anything like this before.

[NineNine]

A. GnuPOS is a dead project.

B. GnuPOS isn't written in a language that I know.

I'm gonna see if the guy from XTremePOS needs help, since I can code in VB really well.

Whew, some duplicate code there...

[tcopeland]

...as shown in the report generated by CPD.

That's quite a class:

[tom@hal pd]$ wc -l srchwnd.cpp
2503 srchwnd.cpp
[tom@hal pd]$

Trying to learn how to set up a VPN

[KaiserZoze_860]

I'm trying to set up a VPN at home mostly so I can get at South Park eps on my Tivo and so my girlfriend can access her documents from school. How difficult would it be to implement either WASTE or PADLOCK on a Mandrake 9.2 system? I know Mandrake has some RH based architecture...

Please bear in mind in any advice that I'm a complete server n00b.

Winamp Unlimited Has The Full Story

[lotsofno]

Winamp Unlimited covered the complete story yesterday, for those of you who are interested. There are some links/information on there that haven't been mentioned with this discussion.

2 Sided Consent

[thpdg]

How does this get in the way of the story from 13 April about needing both sides to contsent to chat recordings? If the solution to that is to allow 3rd party "wiretapping" of IM sessions, this would limit it severly.

Re:2 Sided Consent

[CaptainTux]

How does this get in the way of the story from 13 April about needing both sides to contsent to chat recordings?

The April 13 ruling would still apply. Basically, before you can tap or log other peoples chat sessions you need one of two things: 1) mutual consent from both parties or 2) a warrant from a judge. If you have 2 then you don't need to worry about things like consent.

Personally, I don't think a lot of eavesdropping happens on IM. Yeah, employers might do it to their employees (which I think they have a right to do) but the average IM user isn't being logged. Usually, when a third party is interested in logging your chat sessions there is something terribly wrong. You've either ticked the wrong dude off or there will soon be very stark looking men in nice suits knocking on your door.

Source Code

[Human_USB]

You can get the source code here....
http://www.viaarena.com/?PageID=401
Have fun!

Re:Source Code

You can get the source code here.... http://www.viaarena.com/?PageID=401 Have fun!

You stupid twat, do you really think posting the same link as in the article blurb is going to score you karma points? You've got a long way to go towards becoming a decent slashdot troll.

Re:Source Code

[JeremyALogan]

even though Human_USB posted the exact same address as in the article I decided that it should have been a link...

so here ya go http://www.viaarena.com/?PageID=401


wish I hadn't used up all my mod points... this is an obvious ploy for karma

Is this illegal?

They say it, but that doesn't make it true. An agent of the company posted the software under the GPL. AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.

It doesn't necessarily make it false, either. The GPL's legality and enforceability have yet to be tested in court. Also, Frankel may have been bound by prior contracts which nullify any attempt to GPL any code created while employed. You can't take code someone else legally owns and release it validly under a license of your choosing.

Re:Is this illegal?

It has already been tested. It was found to be a valid lisence.

The GPL has some gray areas (what is a derivative work?), but it's otherwise a good and valid lisence.

Re:Is this illegal?

Hmm, the microsoft lisence hasen't been tested in court. WEE, let's rip of their code, HAHA! Their lisence suXor!!!!

Hardware level security ?

[polyp2000]

Anyone care to comment on how this fits in with all that palladium / DRM crap ? is it related in any way and / or is this a bonus that its under the GPL ?

nick...

Re:Hardware level security ?

I guess this the "cooking of the frog" - slow introducing of user-friendly security features and programs with a smiling face, before delivering a DRM cucumber up consumer's asses. I'm willing to bet that their initial TCPA implementation will be under the same name of "Padlock" - there is apparently already a bunch of security-related stuff named "Padlock".
It makes me mad that they are not even doing the work... they just lifted Frankel's stuff and named it Padlock.

Just compile Padlock on Mandrake

[G�tz]

It's really easy to compile Padlock on Mandrake 9.2. First install libqt3-devel, the QT deveoper package. Then, call /usr/lib/qt3/bin/qmake and make, that's all.

Re:Just compile Padlock on Mandrake

[AKnightCowboy]

It's really easy to compile Padlock on Mandrake 9.2. First install libqt3-devel, the QT deveoper package. Then, call /usr/lib/qt3/bin/qmake and make, that's all.

Or just run it. The "Redhat 9" version runs perfectly fine on my Debian Sid system, albeit I'm not sure of what the point of it is. It seems terribly difficult to use. To share files between people peer-to-peer I need to manually get everyone else's keys and setup a connection to each of them and vice versa? That seems like an incredible pain in the ass.

Re:Just compile Padlock on Mandrake

[G�tz]

Yes, that one might work as well. You'll need to import the keys manually, as that's the only way to ensure encrypted connections. The foundation of the encryption is that you can trust the keys, so the only safe way to exchange the keys is to give it personally, on a data medium. If you have done all the complicated setup steps, you'll have a trusted private network, that's the whole point of this program.

Re:Just compile Padlock on Mandrake

That's the point!

Justin Frankel's Reaction

[lotsofno]

Forgot to put this in the parent. Justin briefly posted his thoughts on the release, on his 04-21-04 .plan. From what I understand, he was quite surprised about the whole thing when he first heard about it.

Wow, I could swear I've written something like this before...
Wonder what will happen with that...

passive, because flawed?

[Dirus]

IIRC, it's impossible to remove someone from your network once they are in. For corporate use this makes firing people more trouble. Rebuild the network when firing someone? For personal use this presents a problem too, it's easy to add a trouble user to your network (just one person need exchange keys with them), but hard (impossible?) to remove them. I wonder if VIA has addressed this with Padlock SL. I have yet to see anything that would suggest it, but then again I haven't taken a look at the source yet.

Also, off topic but amusing, when I was browsing around their site for more information I found this: http://www.viaarena.com/?PageID=306

Re:passive, because flawed?

[HexRei]

Not true. You should be able to remove them simply by having members of the network remove that users' public key, then make sure all clients are NOT set to auto-accept broadcasted public keys.
Admittedly, I've never had a need to do this, but In theory it should work.

Re:passive, because flawed?

[gid]

You can also snoop in on other people's "encrypted" messages, as long as you're part of the collective. Makes me wonder how encrypted other stuff is as well. But ya, the main problem is key management.

Another problem is this: Say Jane, Joe, and Pete are on the same network, but Jane hates Pete because he didn't call the next morning, so Jane deletes Pete's key. Pete is still allowed on the network through his long time buddy Joe, and Pete can even route through Jane. We tried some tests, and this actually works.

Re:passive, because flawed?

[llefler]

I don't see the problem, all you have to do is call the next morning.

Re:passive, because flawed?

Messages between two individual users on a Waste/Padlock network should not be able to be 'snooped' without the 'snooper' having the private key for the other users. Chats (for multiple users) may be another story, however.

Re:passive, because flawed?

[gid]

I can't remember if it was private or a multiuser chat messages. But I specifically remember them showing up in my waste log on my linux server.

Use WebDAV

[mi]

WebDAV -- a standard part of Apache 2 -- is the replacement for FTP. It only uses one TCP connection (HTTP extension), goes anywhere HTTP goes, can be used over HTTPS and thus be as secure as you like.

On the client side, it is already supported by KDE (use URLs like webdavs://server/dir/file.txt), GNOME, and MS Windows. There are also a few command-line clients, such as neon.

Re:Use WebDAV

[scm]

It's also supported on MacOS. iDisk uses WebDAV.

CVS

[mcc]

So it's a P2P version of "Hotline". That's neat! It really is.

However, what I would like to see done with this project is someone tack some kind of version control system onto it. Once you do that, this could be the perfect "floating development board" system for projects such as PlayFair which cannot find shelter elsewhere due to legal problems and/or harassment.

Then all you have to do is move the transport layer from being straight P2P to the data being stored on FreeNet, and you've got a way to have totally public yet totally anonymous development of an "illegal" software application...

At the least, it could be interesting.

Re:CVS

[burns210]

Nope. Freenet is too slow at retrieving data and has too high a failure rate to be used for anything practically. Straight WASTE would be easier, and more practical.

The Crying of Lot 49

[=weezer=]

Drifting a little OT, but look to Pynchon's "The Crying of Lot 49", IIRC the muted horn is a logo associated with an underground mail system known as *drumroll* WASTE.

reduces my confidence in VIA

[Futurepower(R)]

The story certainly reduces my confidence in VIA. What a mess they are making of things.

Hardware Random number

[Bender+Unit+22]

At least the c3 has a hardware random number generator for better encryption. Sadly you need stepping 03 of the Nehemiah core, as I discovered when I got my motherboard and got Linux compiled to use it. I had a 01 stepping so it was no-go. Felt kinda cheated.
(as well as the low-noise really isn't all that lown noise)

Re:Hardware Random number

[evilviper]

(as well as the low-noise really isn't all that lown noise)

Yes, it seems that even those that pride themselves on low-noise can't shell out the extra $1 to get a good fan.

But you don't seem very unhappy so I'll assume you haven't yet discovered the wonderful surprise that the processor performs like an AMD/Intel one of about half the MHz it's rated... Have fun with that one, I know I did!

Re:Hardware Random number

[Bender+Unit+22]

The first thing I did, was to replace the fan, including the one in the PSU, helped a lot.
However I would like to install a better heatsink so i am thinking of using one of those motherboard heatsinks, like the Swiftech MCX159-R, just cant figure out if it fits. But then the harddrives will be the loudest part.

I am a bit dissapointed with the speed, but as it functions as my home file,web,mail server on Redhat it does not matter much.

Re:Hardware Random number

[evilviper]

The first thing I did, was to replace the fan, including the one in the PSU, helped a lot.

Yes, I do the same thing myself. I'm amazed that the companies that make "quiet" PCs don't spend the extra $1 or 2 to buy decent, quiet, tempurature controlled fans. I would certainly pay $10 more to have them in the system, rather than have to go through that work myself.

just cant figure out if it fits.

Take my advice. Get out a ruler, and very carefully measure the dimentions in your system. Then compare it to the dimentions listed for the heatsink you want. And don't make my mistake, be sure you have enough room for the heatsink, AND the fan that will be on top of it. It's all too common for heatsink/fan combos to list the two dimentions seperately.

I am a bit dissapointed with the speed,

Well, at least you aren't in denial like many others I've discussed this with here on slashdot. Some saying that the VIA CPUs are just as fast as Intel/AMD, and it's perfectly normal for DVD-playback to use 80% of your CPU on a 1GHz system :-)

Congress?!?

[abulafia]

Why on earth do you think asking Congress to provide either a spam fix or a "secure and verifiable form of email" is a good idea?

We have seen the results of CAN-SPAM act. That should clue you in on the first point.

Next, you want a government specified secure mail protocol? I hate to be rude, but that is like asking for government specified quality literature. Any attempt at that would come out of committee dripping with pork fat, backdoored by every TLA in the country, overseen by a new agency that would tax it, and likely incapable of functioning in the real world.

Please step away from the crack pipe.

I asked FSF, and FSF said...

[turnstyle]

I asked FSF, and FSF said:

"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."

"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."

Re:I asked FSF, and FSF said...

Don't forget that Waste was released by a trusted employee of Nullsoft with authorization to release software in general. This wasn't an illegal leak. The website was even updated to show the release information.

This legal aspects of this have been discussed earlier, and there is nothing AOL can do about it except fire and/or sue their lead programmer. I am surprised the FSF is taking such a cautious stand on this issue.

RE: VIA Releases Source To Custom WASTE Client

[lone_knight]

I don't see the advantage of this over any other P2P app that already exists. Encryption strikes a dissonant chord with me in this case. If you want the advantage of public file sharing, what is the benefit of encryption, since you purposefully want to share information with the public already? There are plenty of encrypted chat programs already out there. I know Hushmail has an encrypted chat program, and I believe there are encryption plugins that exist for ICQ, etc. If I am missing something here, I welcome anyone to explain what the hoopla is all about.

You are kidding right?

[nurb432]

Most current chat clients have had various encryption options for some time now...

Re:You are kidding right?

[HexRei]

Not sure what you were responding to, but both Padlock and WASTE are mainly secure, enclosed P2P apps. The chat is really an afterthought mainly to facilitate text requests for files and such.

Can't vouch for Padlock, but WASTE really is the shit.

Re:You are kidding right?

[nurb432]

Original poster acted like secure chat features was something new..

My only comment was that its not new.. and pretty common... In relation to other 'pure' chat clients..

Re:You are kidding right?

i think he said that encryption is done BY HARDWARE.

That VIA motherboard implements AES by hardware and has two Random Number Generators with 0.99% entrophy per bit.

I think that these are good news.

bye.

Re: VIA Releases Source To Custom WASTE Client

WASTE is meant for a small, trusted group of peers to be able to share content securely without having to worry about eavesdropping. If you want the latest hot music and warez then this definitely isn't the program you should be looking at.

but, but, but...

[steak]

now people could haxor gunbound.

Re: VIA Releases Source To Custom WASTE Client

[LesDawson]

If you want the advantage of public file sharing, what is the benefit of encryption, since you purposefully want to share information with the public already?

Since maybe you don't want to publically share files, e.g. in private communities.

For those interested in trying Waste out...

If you want to try and get waste running, try joining up with an existing network. Very painless 4. step process. I like these guys, they have a 50-75 person network that welcomes newbies.

Nullsoft guilty of laches?

[hotspotbloc]

If whoever put the GPL block there did not have the permission of the copyright owner to license it so, then it isn't worth the electrons it is written on.

Well stated and very correct with an exception.

I can't take a copy of the leaked Windows code, put a GPL notice at the top of every file, and claim then claim it has been GPLed.

Also correct so long as MS takes prompt legal action to protect their claim to said copywritten work(s). And we all know they would in a "New York Minute".

AOL owned the source code [...], and if they never OKed it to be released, then it is not under the GPL.

Here's the rub: AOL could be guilty of "laches" or negligent in claiming their legal rights in a "prompt" time and fashion, and not due any relief.

For example:

BigSoftCo has a product called BigSoftApp.

BigSoftApp's source code gets released with GPL copyright tags on all the source files.

Even though BigSoftApp's source code is "notoriously" and publicly available, BigSoftCo takes no legal action against those distributing said source code.

LittleSoftCo releases LittleSoftApp under the GPL using some or all of BigSoftApp's source code.

BigSoftCo complains and files suit claiming copyright infringment against LittleSoftCo.

BigSoftCo loses the suit because they didn't exercise their rights in a timely manner even though it can be proven that they knew of said code being distributed and took no action.

IFAIK nullsoft hasn't filed one legal motion to stop the distribution of the WASTE code and IMO has could've lost their rights to retract the GPL placed on said code. IMO this could be tantamount to de facto permission to use the WASTE code under the GPL. If the WASTE code contains any code previously released under the GPL it would only further weaken any claims they may make.

Again, IMO it might be too late to stop the spread of the WASTE code under a GPL license. This is in a way similar to the problem SCO will face in court. They distributed what they claim is SCO code in Caldera GNU/Linux under the GPL and now claim someone else added it. Even if they didn't add said code since they did distribute it under the GPL for years they're almost totally screwed.

Imagine building a house that partly sits on some else's property. Years go by and the property owner says nothing even though it can be proven he knew of the problem. You go to sell your house, the title search shows the problem and the owner wants to sell you the property in question. You can claim that since he didn't take prompt action when he knew of the problem that the property should belong to you. Legally you have a case.

As a supporter of the GPL I personally don't like seeing code being used in such a "muddy" way but VIA should be in the clear.

Re:Nullsoft guilty of laches?

[scragz]

Are you sure? It sounds like you're getting copyright law confused with trademark law.

Re:Nullsoft guilty of laches?

[hotspotbloc]

Are you sure? It sounds like you're getting copyright law confused with trademark law.

Laches applies to all civil laws, not just copyright or trademark laws. It's a more common issue in real property law though.

(reposted) I asked FSF, and FSF said:

[turnstyle]

I personally asked FSF their opinion of the legal status of WASTE, and here's their reply:

"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."

"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."

But the thing is, I doubt anybody even cares. The logic in the P2P debate is always "I believe whatever supports my position, and I don't believe anything that speaks against my position."

In this case the FSF themselves say that they are presuming it to be unauthorized, and that therefore others have rights to do anything with the software.

But who cares what the FSF says, right?

Re:(reposted) I asked FSF, and FSF said:

[drinkypoo]

This isn't about P2P. While waste is a P2P program, it's really not useful in the same way that Kazaa or similar is. It only allows you to share files with others on a small trusted network. (The way the network is designed, you must trust all users the same, which is stupid, but presumably it would have seen greater development inside nullsoft had there been a chance.)

The FSF saying it presumes it was an unauthorized release is prudent but equivalent to an assumption of guilt. Frankel had traditionally released software apparently at will, with nary a peep from AOL, but Waste drew fire. Given that precedent points to him being allowed to release the code, in order to prove that it was unauthorized someone is likely going to have to show that someone higher up the food chain than Frankel explicitly told him not to release Waste.

The FSF is not saying that they think it was an unauthorized release. They're saying that they have no idea, and that if you get busted the FSF's reaction will be "I told you so."

But as you say, who cares what the FSF has to say about it? They're not even involved. The GPL is covered by copyright law, not FSF law, which doesn't exist, so the FSF is irrelevant. The question is not whether the GPL applies in this situation, because clearly if he did not have the right to put the GPL on the code, then the code is not really GPL. (If you don't hold the copyright, you can't reassign it.) If he DID have the right to make the release, then the GPL certainly applies.

If you want to get a useful opinion from someone on this issue, talk to the EFF, because they're the only cavalry you can expect (hope) will come to the rescue if you are sued for doing something with the WASTE sources. Or at this point, possibly VIA, if you are a VIA customer using their release, though I sincerely doubt that they'd step in on your behalf.

Re:(reposted) I asked FSF, and FSF said:

[turnstyle]

"This isn't about P2P."

This most certainly is about P2P, that's why people cares about WASTE in the first place (that, and also because JF made it). It's certainly not a global P2P app like Kazaa, but most folks think of it in terms of little closed, encrypted file-sharing communities -- all clearly stated in the original Slashdot post: "encrypted chat, instant messaging and file sharing over a private peer-to-peer network." That's not about P2P?

And, as my post indicated, it certainly comes as no surprise to me to see someone now come in and say that the FSF's position -- that they themselves presume WASTE to be unauthorized -- isn't even relevant.

Re:(reposted) I asked FSF, and FSF said:

[drinkypoo]

The thing that WASTE does that is special is not P2P. Other P2P services exist and are freely available. None of them are quite as easy to set up as WASTE but quite frankly it would not be amazingly to put together some self-installing (or copy-installing) binary packages for windows, linux, and other popular operating systems :) to provide all the functionality WASTE does with Free and Open Source software.

WASTE's special feature is its ability to send bogus data (up to a certain maximum throughput) at all times to fill your link to your next neighbor. It then becomes impossible to determine when you are communicating, and with whom, outside of who is in the network. The entire thing becomes opaque to outsiders who are attempting to monitor your activities by analysis of your communications.

The implication of "P2P" is that of a greater community. I realize that WASTE is a peer to peer network, but it is for small groups who could otherwise communicate securely, but the bandwidth masking is the tricky part. What WASTE suggests is what many of us knew already; If you encrypt everything then you don't raise suspicion when you send encrypted traffic. It takes it a(n intuitive but perhaps not obvious) step further when it makes the channel opaque by sending deceptive traffic. Its real purpose is secure communications, not P2P.

As I have said before (I read it somewhere first though) the more encrypted traffic, the better. If your webservers have enough CPU to do SSL all the time (ha ha) then consider offering your visitors the option to encrypt their session, just to raise the amount of noise :)

Re:(reposted) I asked FSF, and FSF said:

[iminplaya]

The logic in the P2P debate is always "I believe whatever supports my position, and I don't believe anything that speaks against my position."

And why not?? They're just following the example set by the people in charge. In reality, this is a turf war, little else, and you're getting caught in the cross fire. I believe the gov't calls it "collateral damage". I'm waiting for the wireless thing to take off, and REALLY cut out the middle man. Then we' will have REAL P2P. Scary. Isn't it?

Well, I didn't say it _couldn't be_ open source.

[Ayanami+Rei]

But what NineNine "expects" is unreasonable. I think the combination of paid support/access with ability to see and modify the source for a POS system is great! But no one should be expected to develop such a monstrosity just to do it, especially when there's no reasonable way the developer can test or deploy it!

I mean, do you have POS cash registers in your basement just waiting to be endowed with such an application? Come on.

How does it compare to SILC

[pyite69]

SILC is exactly like IRC, but with added encryption. That means encrypted chat, and file sharing via DCC.

Re: VIA Releases Source To Custom WASTE Client

[Homology]

There are plenty of encrypted chat programs already out there. I know Hushmail has an encrypted chat program, and I believe there are encryption plugins that exist for ICQ, etc. If I am missing something here, I welcome anyone to explain what the hoopla is all about.

The hoopla is that you can encrypt all your network communications for "free" if you use AES, even on an otherwise "slow" CPU. OpenBSD will automatically take advantage of this CPU, if present. Not need to patch a Linux kernel if you want to test it.

Re:Hello !

Troll?

Shouldn't this be moderated Hobbit, or maybe Halfing?

That's not been my experience...

[Svartalf]

Having worked with these chips for a while (since they're pretty much the new pet CPU for the x86 set-top box crowd...) I can say that your claims aren't accurate in the slightest.

Integer performance on a Nehemiah (key word there- previous incarnations of the C3 CPU were good low-power offerings for embedded designs, and showed poorer performance...) core is on a par with a comparably clocked Celeron (i.e. it's in the ballpark of a 1GHz Celeron with the chip on the EPIA M10000 board...) and it's FP performance is somewhere in the ballpark of a 750MHz Celeron- give or take. If it were like you claim, you'd not be able to play DivX streams on the M10000 (You can...). The chips just aren't ball-busters like P4's, Athlon XP/64's, or Opterons are.

Now, had you been talking about a Samuel or Ezra core C3, you'd be closer to the mark. They have an integer performance similar to a identically clocked Celeron- with a FP performance that is abyssmal at best (FP portion of the core is clocked at 1/2 the clock speed of the CPU...)

Not even close to Palladium/DRM

[quarkscat]

VIA's incorporation of random number generators
into the CPU core is a boon for user privacy.
Software-based psuedo-random number generators
use entropy gathering to furnish a seed number.
Poorly implimented software-based RNG have the
problem of being more statistically predictable
than desired. Problems with RNG negatively
effect encryption, including SSH and even TCP/IP.
Recent releases of the GNU/linux kernel can
make use of the VIA RNG for better security.

Palladium can make use of hardware-based RNG,
but the Secure Computing Platform actually
uses firmware beyond today's BIOS to restrict
software and hardware replacement or additions.
Firmware-based DRM, by design, must retain the
encryption keys as well as the code to generate
them.

So long as VIA does not impliment a change in
the current BIOS capabilities, the Palladium/
DRM nightmare can be avoided. However, the
latest incarnation of the C3 processor does
give VIA a head-start on DRM adaptation.

It is all a question of degree (currently).

Still violates GPL

[harlows_monkeys]

The WASTE code in Sourceforge still violates GPL. It still includes a bunch of RSA code that isn't GPL'ed. Some of it is explicitly under a license that is imcompatible with GPL, and the rest simply gives an RSA copyright notice and says nothing about licensing.

WASTE anarchist autonomous Networks

[c4ll7]

WASTE is real strong in being the first in several areas: purep2p, anarchistic (WASTE is the most anarchist p2p because it implements security culture, free association and mutual aid. This is thanks to it's Decentralization, Encryption and preferences/features) , passive to passive transfers (via [sic] unique routing), & in being 'illegal' open source I think more Open Source projects should reclaim proprietary ideas that were developed/discovered in places like public schools and return the knowledge to the public so we can be more self-sustainable and sharing. shutting down lifeless entities control over our intellect. padlock is not compatible I've tried. it's also got allot of disabled features. it's like a whitewash. my hope is that the sourceforge open source WASTE team http://sf.net/projects/waste/ kicks into action to make a mockery of this via project much like has been done to neomodus dc over dc++ , but this is a reverse hijacked fork protocall type thing. not that i think it even matters much. i value having a network name/ID and full control of options that are in WASTE and not in Padlock. there interface is kinda weak ,with huge buttons and striping? i guess just watch and see if they add the rest of wastes advanced features or make a more restricted program from the most anarchistic p2p i love and call WASTE.

Re:WASTE anarchist autonomous Networks

[Lanae]

Dissappointing news, indeed. I got all excited because I thought finally someone had re-written the code, using the original WASTE as a guide, as Stallman suggested that the OSS community do (see WASTE Sourceforge forum). Turns out they just copied & pasted, and not even everything at that? =(

Very timely for me, I just gave a presentation on this today as part of my master's project. I was trying to come up with a way to use p2p for small groups, when WASTE came out in this past summer. Perhaps at least this will be a QT alternative to the unfinished GTK2 WASTE project? There's still quite a bit to re-write from scratch, either way, if one is to do a proper job of it. As for example code to start with, the more the merrier.

Multi-source downloads?

[-=Zak=-]

Last time I checked, I don't think WASTE supported multi-source downloads (aka "swarming"). I'd love to use WASTE technology in a couple of applications, but I really want people downloading from multiple sources simultaneously instead of having to get the whole file from a single source.

Anyone know if this (or any other) WASTE-derived P2P solution supports this?

-Zak

FYI Stallman comments on sf waste page

[Lanae]

By: Hollywood at monkeysvsrobots.com - zonk3r
RE: Nullsoft: NOTICE OF UNAUTHORIZED SOFTWARE
2003-07-23 12:22
so, here's the deal. i've been thinking about this thread a lot and figured it would be good to get an authoritative repsonse from someone 'in the know' about the gpl and law. so i decided to write rms himself and see what his take is on the matter. here's my email to him (7/21):

mr. stallman,

i've got a question for you regarding a certain application of the gpl. first i want to give a little background story to catch you up if you weren't aware of the situation...

you may be aware of an application that was released by nullsoft (www.nullsoft.com), a subsidiary of aol, called waste. justin frankel, author of waste and ceo of nullsoft, released it several weeks ago with its source code licensed under the gpl. however, it seems he didn't have the necessary privilege to do so, and aol forced nullsoft to remove the software and post this notice later in the same day it was released (http://www.nullsoft.com/free/waste/):

NOTICE OF UNAUTHORIZED SOFTWARE

An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.

If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.

Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.

Thank you.

Nullsoft

shortly after the release of the source, several projects started popping up trying to pick up where waste fell short. the one in particular that i have a question about, is this one: http://sourceforge.net/projects/waste/ . in the discussion groups a thread has arisen as to the legality of continuing the project since nullsoft and aol have 'voided, revoked and terminated' any such license it was released under. many people in this thread seem to believe that once a piece of code is released under the gpl, it can not be revoked no matter what. however, in this case the software was released illegally and the gpl was applied to it. it is my opinion that the gpl can't protect someone from this. you can't license something you don't own in the first place. it doesn't matter who the person was that licensed and released it even if they were ceo, if they didn't have the authority to do so (which frankel's contract apparently doesn't give him), then the license is null and void and any further development would be as well. the argument for the opposition is that the licensor can not retract the license (http://www.gnu.org/licenses/gpl-faq.html#CanDevel operThirdParty). in a court case, i don't think that the folks who want to develop on the source would have a leg to stand on since the originator stated, in essence, that the code was leaked and a license was applied to the leaked code which they had no authority to license in the first place.

please take a look at the discussion thread: http://sourceforge.net/forum/forum.php?thread_id=8 96863&forum_id=281189 my posts are under the screen-name 'zonk3r'.

i suppose i feel it is rather naive of them to assume that they can hide behind the gpl and everything will be okay. that enti

A brief review...

[darc]

VIA's release has only one real feature, that of the ability to use AES on their hardware, and possibly the linux client that actually works. The interface has been made gawd ugly, filled with blue and white crap, with a push button icon size of nearly 60x60 pixels each. It also sticks the huge disgusting logo beneath the main window, instead of a clean dialog box.

It is significantly less usable than the current WASTE client from waste.sourceforge.net . Further, it takes keys in a slightly different format, requiring you to change the header "WASTE_PUBLIC_KEY" to "PADLOCKSL_PUBLIC_KEY". The networks are otherwise fairly interoperable, although troublesome because of the key import thing. So if you really want to use padlockSL on an existing waste network, this is fine, AS LONG AS YOU'RE NOT USING A NETWORK PASSWORD.

For some inexplicable reason, VIA removed the network password feature, which immediately makes it worthless for connecting to any passworded WASTE network.

Summary, this thing is useless, except for those with VIA hardware, a strong urge to use their linux client, or if you have problems seeing certain icons, and need them about ten times larger.

New link!

[kg4czo]

Ok, the binaries are at http://padlocksl.viaarena.com/. They have downloads for Win NT/2k and RH Linux 9.0. Maybe some debs can be made from them. :-) Still can't get to the sources. :-(

** Mirrors **

Mirrors?? Any mirrors available? It seems VIA has taken the page down ... ?

Re: VIA Releases Source To Custom WASTE Client

[lone_knight]

Thanks (to all of the above) for the replies, this makes a bit more sense now.

I can definitely appreciate the part about "[no] need to patch a Linux kernel." Very schweet.

Re:MOD PARENT DOWN!! DDOS TROJANS!!

What happens when you run it? :)

Seriously though, this seems like a coincidence. I have already installed it on 2 machines with no sudden extra activity. You might want to install a bandwidth monitor to see what is eating it up.

VIA has removed all traces of it...

[sH4RD]

VIA has removed all traces of the VIA Padlock SL application as of about 9:00am EST today. Interesting.

Re:VIA has removed all traces of it...

Can someone please make with a .torrent ?? :]

MIRROR PLEASE !!!!

Could someone out there PLEASE do the usual /. thing and produce an ftp or a .torrent of this app?

Thanks In Advance ! ! !

thanks for the information, downloaded it forcheck

Download PADLOCK-WASTE the p2p way:

THE WEBSITE

magnet:?xt=urn:bitprint:472PCY5U2WAUBIMOI6WCFZFH XF 2TI5O7.XGGLWGAAMO3T2Z7DWZI5XLO7RLBO246FRLMHLJA&dn= sqrville_org%20projects%20-%20VIA%20PadLockSL%20Li nux%20HOWTO.htm

ed2k://|file|sqrville_org%20projects%20-%20VIA%2 0P adLockSL%20Linux%20HOWTO.htm|26105|b4e2ade39634b47 d7c34524fcf33d726|/

THE SOURCE CODE
magnet:?xt=urn:bitprint:T4EDIJIPGMQR65W3V3E3 3AYLFI NJ3N5Z.DOXF3JQGJMAWYO2FZ5C2HKDSG2H5AP2CAA7FRUI&dn= PadLockSL.src.zip

ed2k://|file|PadLockSL.src.zip|1375870|3422c73cc b7 465cde4250fbd1c28635a|/

THE WINDOWS INSTALLER

magnet:?xt=urn:bitprint:XEQMCYDA4J5TR53IIWI7ADP4 ZZ JBQ557.2Y3QPT57UJ6GXMBECQLFJZEO27SAL4VGUBOKQSA&dn= PadLockSL.win.01.09.040315.zip

ed2k://|file|PadLockSL.win.01.09.040315.zip|4016 48 2|cb434021755eaa34d7399d396165a804|/

REST

magnet:?xt=urn:bitprint:3LUXE2FP67SF6FHKJJEY6UYB 2M YIETZQ.4V2IXDUUCYHN4WETATZKGLZL5EVVDEE6IIXCW7I&dn= PadLockSL-UG-001_20040311.zip

ed2k://|file|PadLockSL-UG-001_20040311.zip|99847 3| 7c446c26d07cc97fd0239bff38aec5cc|/