Slashdot Mirror
VIA Releases Source To Custom WASTE Client
daten writes "VIA has released the source code to their Padlock SL product, based on the Nullsoft WASTE code previously pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under active development, the VIA client offers a graphical interface for both Windows and Linux users and simpler configuration."
"Unlike WASTE, which is still under active development..." More like passive development on sourceforge
You don't need to sign your AC posts
Doesn't Nullsoft's page on WASTE say " An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website ... Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright" ?
There are 2 kinds of people in this world: Those who write in decimal and those who don't
for those that don't want to fill out the questionnaire
Windows XP Version
Red Hat Verion 9.0
Installation Guide
User Guide
NOTICE OF UNAUTHORIZED SOFTWARE
An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.
Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.
If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.
Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.
Thank you.
Nullsoft
If I recall correctly the data sent over the network was encrypted using a very long key generated by asking you to move the mouse randomly for a period of time. Doing this for a minute or so ensures that you get a unique key.
http://almostsmart.com
From the description this is a sample application using their "Padlock" hardware
I can't vouche for Padlock, but I've used WASTE and yes, you need a key, and I believe all transmissions are encrypted. Pretty nice really, has an IRC like client and several other little features. I've tried to convince my friends to stop using my ftp and use WASTE instead (its ideal for groups of 50 people) but they've been slow to follow suite. Maybe I can convince them with this software instead.
I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.
I used to work programming software that basically transmitted information between banks. I learnt one very simple thing that I think could be really helpful for the OSS community: Separate the message from the method of delivery.
Banks are obviously really paranoid about security. They also really need messages to get through, quickly. In the software that I worked on, you would basically configure it with a priorty list of methods that it could use to transmit the message. So the most secure and failsafe method would be the one it tried first. If that didn't work it would try other methods, gradually going down the list, which usually ended with Fax being the most primitive method.
So how is this relevant to the OSS community? Well, we all know email is pretty much broken. Businesses want message delivery that is 1) secure and 2) reliable. Email is neither. With OSS email clients, we should change our mentality a bit and treat them instead as messaging clients, with email being just one of the methods it might use to send the message. The first thing it might try would be a secure, peer-to-peer connection with the recipient of the message. If all OSS email clients followed the same standard - perhaps based on this WASTE code? - soon most messages might be sent by a better manner than email.
One day very soon, Microsoft is going to come out with a "better email". The OSS community will bitch about it, and then if it takes off they will try to copy it. I'd much prefer we did the innovating and MS had to copy... Come on guys!
Never mind. Stupid little me found the link _on the front page_ at last.. PadLockSL.src.zip[viaarena.com]...
Does anybody know if this can interoperate with Waste networks? I tried to get it into our waste network, and after changing the key header I got the keys to import into the waste clients, but connections still failed.
Anybody had more luck? Waste runs under wine, but there are a lot of annoying issues, and the port seems dead in the water.
Checkout VIA PadLock Hardware Security Suite. Their procs have built in AES encryption as well as a very high bitrate Random Number Generator. This allows their 1GHz procs to do encryption an order of magnitude faster than a 2.4GHz P4. So this software just takes advantage of and promotes their hardware.
JOhn
Campaign for Liberty
VIA makes CPUs (C3), motherboards (EPIA), and graphics cards (S3 UniChrome integrated and DeltaChrome) too! BTW, PadLock is definitely a reference to the encryption engine in their C3 Nehemiah and newer - it means that their 1GHz C3 can murder a x.xxGHz Pentium 4 on encryption, all while barely taking any power. However, as soon as you go to standard integer or floating point, it SUCKS ASS. Integer performance is in the 300-600MHz Celery range, and FP performance is in the sub-300MHz Celery range.
I think your missing the point of WASTE.
WASTE is designed for secure communications (IM, chat and file transfer) between small groups of trusted users.
Bittorrent, Kazaa etc are designed for the mass distribution of files amongst people you don't know.
The only similarities are that neither use a central server, and they can be used to transfer files. But how many protocols can't transfer files?
I think revoking their ftp access will convince them to stop using it very fast..... Or just throttle the ftp connections down using some scheduling filters :)
Jeroen
Secure messaging: http://quickmsg.vreeken.net/
POS systems aren't *fun* to develop. We only work on things that are fun for us. After all, we are doing this for fun - in our spare time.
BitTorrent, FTP, HTTP and KaZaa all are used for very different applications. WASTE is used for creating a private, enclosed and secure P2P network. Which of the above apps does that?
Winamp Unlimited covered the complete story yesterday, for those of you who are interested. There are some links/information on there that haven't been mentioned with this discussion.
You can get the source code here....
http://www.viaarena.com/?PageID=401
Have fun!
They say it, but that doesn't make it true. An agent of the company posted the software under the GPL. AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.
It doesn't necessarily make it false, either. The GPL's legality and enforceability have yet to be tested in court. Also, Frankel may have been bound by prior contracts which nullify any attempt to GPL any code created while employed. You can't take code someone else legally owns and release it validly under a license of your choosing.
> how about a usable Point of Sale system?
... don't expect a lot of cash drawer, manager key, or card reader support without open hardware specs. If you really want an open POS system, you the retailer are going to have to lean on the register manufacturers -- the folks you're giving your money to -- to produce open specs. Otherwise don't expect people to write free software for a platform they cannot freely support.
Fine, if you retailers want OSS to play ball and write them a POS system, then how about you get on the same field and publish a detailed requirements document publically, so that the community can get a start? The proprietary software community does have an advantage in that the client pays to have developers gather the requirements and perform production tests and so forth, but if there's an OSS solution out there, then all that you need is an integrator. But if all you say is "give me a POS system", you're going to get nothing useful back. And if you throw the requirements document over the wall and never come back with feedback, expect nothing after the initial attempt.
Hardware's another issue
I've finally had it: until slashdot gets article moderation, I am not coming back.
It's really easy to compile Padlock on Mandrake 9.2. First install libqt3-devel, the QT deveoper package. Then, call /usr/lib/qt3/bin/qmake and make, that's all.
Also, off topic but amusing, when I was browsing around their site for more information I found this: http://www.viaarena.com/?PageID=306
WebDAV -- a standard part of Apache 2 -- is the replacement for FTP. It only uses one TCP connection (HTTP extension), goes anywhere HTTP goes, can be used over HTTPS and thus be as secure as you like.
On the client side, it is already supported by KDE (use URLs like webdavs://server/dir/file.txt), GNOME, and MS Windows. There are also a few command-line clients, such as neon.
In Soviet Washington the swamp drains you.
So it's a P2P version of "Hotline". That's neat! It really is.
However, what I would like to see done with this project is someone tack some kind of version control system onto it. Once you do that, this could be the perfect "floating development board" system for projects such as PlayFair which cannot find shelter elsewhere due to legal problems and/or harassment.
Then all you have to do is move the transport layer from being straight P2P to the data being stored on FreeNet, and you've got a way to have totally public yet totally anonymous development of an "illegal" software application...
At the least, it could be interesting.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
At least the c3 has a hardware random number generator for better encryption. Sadly you need stepping 03 of the Nehemiah core, as I discovered when I got my motherboard and got Linux compiled to use it. I had a 01 stepping so it was no-go. Felt kinda cheated.
(as well as the low-noise really isn't all that lown noise)
We have seen the results of CAN-SPAM act. That should clue you in on the first point.
Next, you want a government specified secure mail protocol? I hate to be rude, but that is like asking for government specified quality literature. Any attempt at that would come out of committee dripping with pork fat, backdoored by every TLA in the country, overseen by a new agency that would tax it, and likely incapable of functioning in the real world.
Please step away from the crack pipe.
I forget what 8 was for.
"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."
"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."
Here's what I do: Bitty Browser & Andromeda
"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."
"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."
But the thing is, I doubt anybody even cares. The logic in the P2P debate is always "I believe whatever supports my position, and I don't believe anything that speaks against my position."
In this case the FSF themselves say that they are presuming it to be unauthorized, and that therefore others have rights to do anything with the software.
But who cares what the FSF says, right?
Here's what I do: Bitty Browser & Andromeda
The WASTE code in Sourceforge still violates GPL. It still includes a bunch of RSA code that isn't GPL'ed. Some of it is explicitly under a license that is imcompatible with GPL, and the rest simply gives an RSA copyright notice and says nothing about licensing.
By: Hollywood at monkeysvsrobots.com - zonk3r
RE: Nullsoft: NOTICE OF UNAUTHORIZED SOFTWARE
2003-07-23 12:22
so, here's the deal. i've been thinking about this thread a lot and figured it would be good to get an authoritative repsonse from someone 'in the know' about the gpl and law. so i decided to write rms himself and see what his take is on the matter. here's my email to him (7/21):
mr. stallman,
i've got a question for you regarding a certain application of the gpl. first i want to give a little background story to catch you up if you weren't aware of the situation...
you may be aware of an application that was released by nullsoft (www.nullsoft.com), a subsidiary of aol, called waste. justin frankel, author of waste and ceo of nullsoft, released it several weeks ago with its source code licensed under the gpl. however, it seems he didn't have the necessary privilege to do so, and aol forced nullsoft to remove the software and post this notice later in the same day it was released (http://www.nullsoft.com/free/waste/):
NOTICE OF UNAUTHORIZED SOFTWARE
An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.
Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.
If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.
Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.
Thank you.
Nullsoft
shortly after the release of the source, several projects started popping up trying to pick up where waste fell short. the one in particular that i have a question about, is this one: http://sourceforge.net/projects/waste/ . in the discussion groups a thread has arisen as to the legality of continuing the project since nullsoft and aol have 'voided, revoked and terminated' any such license it was released under. many people in this thread seem to believe that once a piece of code is released under the gpl, it can not be revoked no matter what. however, in this case the software was released illegally and the gpl was applied to it. it is my opinion that the gpl can't protect someone from this. you can't license something you don't own in the first place. it doesn't matter who the person was that licensed and released it even if they were ceo, if they didn't have the authority to do so (which frankel's contract apparently doesn't give him), then the license is null and void and any further development would be as well. the argument for the opposition is that the licensor can not retract the license (http://www.gnu.org/licenses/gpl-faq.html#CanDevel operThirdParty). in a court case, i don't think that the folks who want to develop on the source would have a leg to stand on since the originator stated, in essence, that the code was leaked and a license was applied to the leaked code which they had no authority to license in the first place.
please take a look at the discussion thread: http://sourceforge.net/forum/forum.php?thread_id=8 96863&forum_id=281189 my posts are under the screen-name 'zonk3r'.
i suppose i feel it is rather naive of them to assume that they can hide behind the gpl and everything will be okay. that enti