Slashdot Mirror
VIA Releases Source To Custom WASTE Client
daten writes "VIA has released the source code to their Padlock SL product, based on the Nullsoft WASTE code previously pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under active development, the VIA client offers a graphical interface for both Windows and Linux users and simpler configuration."
Doesn't Nullsoft's page on WASTE say " An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website ... Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright" ?
There are 2 kinds of people in this world: Those who write in decimal and those who don't
for those that don't want to fill out the questionnaire
Windows XP Version
Red Hat Verion 9.0
Installation Guide
User Guide
NOTICE OF UNAUTHORIZED SOFTWARE
An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.
Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.
If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.
Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.
Thank you.
Nullsoft
If I recall correctly the data sent over the network was encrypted using a very long key generated by asking you to move the mouse randomly for a period of time. Doing this for a minute or so ensures that you get a unique key.
http://almostsmart.com
I can't vouche for Padlock, but I've used WASTE and yes, you need a key, and I believe all transmissions are encrypted. Pretty nice really, has an IRC like client and several other little features. I've tried to convince my friends to stop using my ftp and use WASTE instead (its ideal for groups of 50 people) but they've been slow to follow suite. Maybe I can convince them with this software instead.
I'm a writer, a poet, a genius, I know it. I don't buy software, I grow it.
I used to work programming software that basically transmitted information between banks. I learnt one very simple thing that I think could be really helpful for the OSS community: Separate the message from the method of delivery.
Banks are obviously really paranoid about security. They also really need messages to get through, quickly. In the software that I worked on, you would basically configure it with a priorty list of methods that it could use to transmit the message. So the most secure and failsafe method would be the one it tried first. If that didn't work it would try other methods, gradually going down the list, which usually ended with Fax being the most primitive method.
So how is this relevant to the OSS community? Well, we all know email is pretty much broken. Businesses want message delivery that is 1) secure and 2) reliable. Email is neither. With OSS email clients, we should change our mentality a bit and treat them instead as messaging clients, with email being just one of the methods it might use to send the message. The first thing it might try would be a secure, peer-to-peer connection with the recipient of the message. If all OSS email clients followed the same standard - perhaps based on this WASTE code? - soon most messages might be sent by a better manner than email.
One day very soon, Microsoft is going to come out with a "better email". The OSS community will bitch about it, and then if it takes off they will try to copy it. I'd much prefer we did the innovating and MS had to copy... Come on guys!
Never mind. Stupid little me found the link _on the front page_ at last.. PadLockSL.src.zip[viaarena.com]...
Does anybody know if this can interoperate with Waste networks? I tried to get it into our waste network, and after changing the key header I got the keys to import into the waste clients, but connections still failed.
Anybody had more luck? Waste runs under wine, but there are a lot of annoying issues, and the port seems dead in the water.
Checkout VIA PadLock Hardware Security Suite. Their procs have built in AES encryption as well as a very high bitrate Random Number Generator. This allows their 1GHz procs to do encryption an order of magnitude faster than a 2.4GHz P4. So this software just takes advantage of and promotes their hardware.
JOhn
Campaign for Liberty
I think your missing the point of WASTE.
WASTE is designed for secure communications (IM, chat and file transfer) between small groups of trusted users.
Bittorrent, Kazaa etc are designed for the mass distribution of files amongst people you don't know.
The only similarities are that neither use a central server, and they can be used to transfer files. But how many protocols can't transfer files?
Winamp Unlimited covered the complete story yesterday, for those of you who are interested. There are some links/information on there that haven't been mentioned with this discussion.
Via's system requires their hardware security implementations to work.
From the user's guide:
PadLockSL utilizes hardware AES algorithm and random number generator provided in VIA C5P processor. The special characteristics PadLockSL has are outlined as below:
1.2.1 Support running on C5P system and non-C5P system
1.2.2 Automatically detect whether C5P ACE is available or not
If C5P ACE is available, use hardware AES in C5P ACE; otherwise, use software implemented AES when performing AES encryption/decryption
1.2.3 Automatically detect whether C5P RNG is available or not
If C5P RNG is available, use it as entropy source in random number generation routine; otherwise, use the random number generation device provided by linux.
I'm the urban spaceman babe, but here comes the twist... I don't exist
You can get the source code here....
http://www.viaarena.com/?PageID=401
Have fun!
It's really easy to compile Padlock on Mandrake 9.2. First install libqt3-devel, the QT deveoper package. Then, call /usr/lib/qt3/bin/qmake and make, that's all.
Also, off topic but amusing, when I was browsing around their site for more information I found this: http://www.viaarena.com/?PageID=306
"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."
"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."
Here's what I do: Bitty Browser & Andromeda