Slashdot Mirror

← Back to Stories (view on slashdot.org)

VIA Releases Source To Custom WASTE Client

Posted by timothy on from the want-not dept.

daten writes "VIA has released the source code to their Padlock SL product, based on the Nullsoft WASTE code previously pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under active development, the VIA client offers a graphical interface for both Windows and Linux users and simpler configuration."

15 of 209 comments (clear)

  1. passive by netkgb · · Score: 2, Interesting

    "Unlike WASTE, which is still under active development..." More like passive development on sourceforge

  2. Is this legal? by Newtonian_p · · Score: 4, Interesting

    Doesn't Nullsoft's page on WASTE say " An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website ... Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright" ?

    --

    There are 2 kinds of people in this world: Those who write in decimal and those who don't

    1. Re:Is this legal? by Quixote · · Score: 4, Interesting
      WASTE files contain the following license at the top:
      /*
      WASTE - main.h (a bunch of global declarations and definitions)
      Copyright (C) 2003 Nullsoft, Inc.

      WASTE is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
      the Free Software Foundation; either version 2 of the License, or
      (at your option) any later version.

      .....

      How can it be "unlicensed" if it has GPL license on each file?

      On a related note: VIA is releasing their "PadLock SL" under GPL too.

    2. Re:Is this legal? by drinkypoo · · Score: 4, Interesting
      We went over this in the story when WASTE was pulled in the first place. Basically the counter-argument (no idea who will win in court since IANAL but anyway) is that Frankel was an officer of Nullsoft, and the copyright is held by Nullsoft which is owned by AOL. As an officer of Nullsoft he had the right to release it since typically that's how he behaved when he released something.

      There is a separate issue between him and AOL, discussing whether he had the authority to make the release. However, once an officer of a company releases something, it's going to be hard to say he didn't have the authority to do so.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  3. Re:VIA's system requires hardware by arkanes · · Score: 2, Interesting

    The released source also uses Qt, so you'll need a Qt license if you want to compile this yourself on Windows.

  4. Messaging by pubjames · · Score: 5, Interesting

    I used to work programming software that basically transmitted information between banks. I learnt one very simple thing that I think could be really helpful for the OSS community: Separate the message from the method of delivery.

    Banks are obviously really paranoid about security. They also really need messages to get through, quickly. In the software that I worked on, you would basically configure it with a priorty list of methods that it could use to transmit the message. So the most secure and failsafe method would be the one it tried first. If that didn't work it would try other methods, gradually going down the list, which usually ended with Fax being the most primitive method.

    So how is this relevant to the OSS community? Well, we all know email is pretty much broken. Businesses want message delivery that is 1) secure and 2) reliable. Email is neither. With OSS email clients, we should change our mentality a bit and treat them instead as messaging clients, with email being just one of the methods it might use to send the message. The first thing it might try would be a secure, peer-to-peer connection with the recipient of the message. If all OSS email clients followed the same standard - perhaps based on this WASTE code? - soon most messages might be sent by a better manner than email.

    One day very soon, Microsoft is going to come out with a "better email". The OSS community will bitch about it, and then if it takes off they will try to copy it. I'd much prefer we did the innovating and MS had to copy... Come on guys!

    1. Re:Messaging by pubjames · · Score: 2, Interesting

      Email does have reliable delivery. however it's only reliable to the MX host. After that, it's out of your hands.

      It is either reliable or it isn't. It isn't.

      Unfortunately non-static IPs for most users and AUPs prohibiting long-running network servers put the damper on that little plan.

      You don't seem to get what I'm saying. It would try the best method (secure, reliable), if that didn't work, it would try the next best method (email?). So the message goes by the best available method. That's the whole point of what I'm saying.

  5. Open Source? by karevoll · · Score: 0, Interesting

    Browsed over their website, but I must say I'm disappointed. How well can we trust this client to be secure (and flawless) until the public has audited their source code?

    If I'm going to chat with my friends "securely", I'd want to know exactly _how secure_ it is... to know whether I really can trust the application or not..

    Security by obscurity doesn't cut it for me, and usually, the slashdot-crowd doesn't seem to be too fond if it either..

  6. Interoperability? by Hobbex · · Score: 4, Interesting

    Does anybody know if this can interoperate with Waste networks? I tried to get it into our waste network, and after changing the key header I got the keys to import into the waste clients, but connections still failed.

    Anybody had more luck? Waste runs under wine, but there are a lot of annoying issues, and the port seems dead in the water.

  7. Re:Who cares? by scrytch · · Score: 3, Interesting

    > how about a usable Point of Sale system?

    Fine, if you retailers want OSS to play ball and write them a POS system, then how about you get on the same field and publish a detailed requirements document publically, so that the community can get a start? The proprietary software community does have an advantage in that the client pays to have developers gather the requirements and perform production tests and so forth, but if there's an OSS solution out there, then all that you need is an integrator. But if all you say is "give me a POS system", you're going to get nothing useful back. And if you throw the requirements document over the wall and never come back with feedback, expect nothing after the initial attempt.

    Hardware's another issue ... don't expect a lot of cash drawer, manager key, or card reader support without open hardware specs. If you really want an open POS system, you the retailer are going to have to lean on the register manufacturers -- the folks you're giving your money to -- to produce open specs. Otherwise don't expect people to write free software for a platform they cannot freely support.

    --
    I've finally had it: until slashdot gets article moderation, I am not coming back.
  8. Justin Frankel's Reaction by lotsofno · · Score: 3, Interesting
    Forgot to put this in the parent. Justin briefly posted his thoughts on the release, on his 04-21-04 .plan. From what I understand, he was quite surprised about the whole thing when he first heard about it.
    Wow, I could swear I've written something like this before...
    Wonder what will happen with that...
  9. passive, because flawed? by Dirus · · Score: 4, Interesting
    IIRC, it's impossible to remove someone from your network once they are in. For corporate use this makes firing people more trouble. Rebuild the network when firing someone? For personal use this presents a problem too, it's easy to add a trouble user to your network (just one person need exchange keys with them), but hard (impossible?) to remove them. I wonder if VIA has addressed this with Padlock SL. I have yet to see anything that would suggest it, but then again I haven't taken a look at the source yet.

    Also, off topic but amusing, when I was browsing around their site for more information I found this: http://www.viaarena.com/?PageID=306

    1. Re:passive, because flawed? by gid · · Score: 4, Interesting

      You can also snoop in on other people's "encrypted" messages, as long as you're part of the collective. Makes me wonder how encrypted other stuff is as well. But ya, the main problem is key management.

      Another problem is this: Say Jane, Joe, and Pete are on the same network, but Jane hates Pete because he didn't call the next morning, so Jane deletes Pete's key. Pete is still allowed on the network through his long time buddy Joe, and Pete can even route through Jane. We tried some tests, and this actually works.

  10. CVS by mcc · · Score: 3, Interesting

    So it's a P2P version of "Hotline". That's neat! It really is.

    However, what I would like to see done with this project is someone tack some kind of version control system onto it. Once you do that, this could be the perfect "floating development board" system for projects such as PlayFair which cannot find shelter elsewhere due to legal problems and/or harassment.

    Then all you have to do is move the transport layer from being straight P2P to the data being stored on FreeNet, and you've got a way to have totally public yet totally anonymous development of an "illegal" software application...

    At the least, it could be interesting.

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts
    1. Re:CVS by burns210 · · Score: 3, Interesting

      Nope. Freenet is too slow at retrieving data and has too high a failure rate to be used for anything practically. Straight WASTE would be easier, and more practical.