Slashdot Mirror
VIA Pulls PadLockSL
yipyow writes "A few weeks ago VIA Technologies posted software based on Nullsoft's WASTE, as reported here a few days ago. VIA PadLockSL included both a Windows and Linux client and some special extensions to work with security hardware built into certain VIA products. It was released under the GPL so I managed to snag a copy of the source code right before VIA suddenly removed their page (Google cache). I have posted Linux compilation instructions and mirrored the source here. If VIA has decided not to pursue the project further, I think the F/OSS community should turn this project into something, it has potential to be a great tool."
It might be a good idea to find out why it was removed. Perhaps they discovered a license violation and took it down to prevent a lawsuit. While noble, the automatic assumption that they simply don't want to pursue the project could be placing yipyow in an actionable position.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
Here's an extra mirror: http://evilpen.net/PadLockSL.src.zip.
[Mirror posted in article seems to be slowing down, it's getting around 20k/sec at the moment.]
I wonder sometimes how many projects start up, fail for some reason, and then the code is lost. Not lost because it's proprietary but lost because it just goes the way of crumbs under the table? How much good work is going down the drain.
I'm glad you managed to save the code, GPLd as it is it has the right to live or die according to popularity. Hope it works.
shak's nude anime gallery
Perhaps this has something to do with it?
The GPL is irrevocable, so they can't revoke it. The only "official" things they can do to stop people developing it further are:
Given that the second option would be an admission of copyright infringement, and the first option is on shaky ground, I can see them choosing the last option.
I ganked the windows binary before it was pulled if anyone cares get it here PadLock
Wang33
PAGERANK++ Robsell.com
Although without the support of VIA how would one keep developing this since it uses their security hardware. As chip design changes, you would need to know how to make calls to the chip or the program becomes useless... Does VIA offer documentation on their chipsets?
Forbidden Code... *drool*
The Uber
http://www.tulg.org/
http://devurandom.livejournal.com/
People might want to consider that the release of WASTE was indeed unlawful under current law, AOL/Nullsoft was within their rights to withdraw the code and the GPL was applied to the code under wrong circumstances. A lot of people have mentioned in previous WASTE related stories something to the tune of "It was GPLed, I dont care who GPLed it, Im not discontinuing my use or distribution of it" while not actually considering that just because it had the GPL applied to it, the GPL was lawfully applied.
Since this product was based on WASTE, this is possibly why it was taken down, and if so, then the fact that a major company thinks the GPL wasnt applied lawfully to it, then Im inclined to think that all the other archives of it around are infringing as well.
Just my 2 cents on the matter. In the origional WASTE story, i offered to mirror the source code. I did this until i actually sat back and thought about it, then I removed the code because I didnt think its release was lawful.
this is the reason it was pulled:6 8414
http://sourceforge.net/forum/forum.php?forum_id=3
Apparently, there were some GPL violations in the code but it doesn't sound like a permanent problem
Oh yeah, and for our protection, I think laws should passed worldwide that anything posted on the Internet and subsequently removed cannot be recalled once downloaded by at least one person, so that if a company releases something as GPL and then pulls it, even if that is due to copyright violations on their part in including the thing in a GPL download, that company is subject to damages but not the downloaders, since they downloaded something as licensed under the GPL.
In other words, you want the international community to pass a law that makes it so that if someone steals my code and posts it online and then has a friend download it, I lose all rights to that code.
That's a very bad idea.
I have a lot of opinions about Cyborgs and Architects
What *are* you talking about.
The idea isn't being hurt, just 1 particular project.
You cannot release someone else's code under a different license without their permission. This is exactly what keeps GPL software *free* so how could it possibly be ironic?
Licenses are *necessary*. They are, in essence, a contract between supplier and recipient. They detail that which each party can expect from the arrangement.
Without the licenses that say 'do what you will with this' there would be no OSS to keep airborne.
In case you hadn't noticed, OSS took off a long time ago.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
If the Nullsoft release was unauthorized (what constitutes unauthorized is not as clear-cut as AOL would have us believe) then the fact that the code was GPL'd is irrelevant. Go roll your own people. Don't even look at the WASTE source. You'll be tainted.
WARNING: there is a trojan on your
You just wait. I give this thing about 30 days, and then people will start hearing from all kinds of lawyers, and we'll have another SCO on our hands, claiming we jacked source code which we did not, in fact, jack.
Huh? Tell me, if I had a job as a janitor at Microsoft headquarters, and grabbed a copy of the Windows source code, would I be able to release it as GPL? And would the people downloading and spreading it be in the right? Of course not!
This is essentially AOL's argument: that somebody released the WASTE code under the GPL when they had no right to. If that is true, then they acted accordingly - they pulled the source and put up a notice in its place.
Now along comes VIA, who haven't got the message that their license is not valid. They "release" their derivative work, and then find out about the licensing screwup. They pull the software.
No matter how many people have downloaded the code, none of them have a valid license. VIA were never in a position to grant licenses.
So sure, if somebody is mistakenly under the impression that their license is valid, then they shouldn't be punished. But you are advocating ignoring the fact that the license is invalid, and committing copyright infringement.
But instead of using it to build the product, use it to plan a completely new design, and build that as a separate project altogether, using none of the original source code. Call it a different name, make it do slightly different things... when they come to bitch and moan, the damn thing won't share any lines of code. Shit, if there's int i in that source, our version should define int to INT and write INT i, just to throw off code comparison.
No, that's a derivative work, and is also covered by AOL copyright. Any attempt to "throw off code comparison" would be strong evidence that you knew that the license wasn't valid, which, I believe, triples damages when you inevitably lose the copyright infringement lawsuit.
Oh yeah, and for our protection, I think laws should passed worldwide that anything posted on the Internet and subsequently removed cannot be recalled once downloaded by at least one person, so that if a company releases something as GPL and then pulls it, even if that is due to copyright violations on their part in including the thing in a GPL download, that company is subject to damages but not the downloaders, since they downloaded something as licensed under the GPL.
So the janitor at Microsoft snarfs the source code, gets a new job at Sun, and uploads it onto their servers. Bingo, Free Windows, no more Sun.
Gaim-e and gaim-encryption aren't exactly user friendly. They are not easy to configure and install. Especially on windows machines. Moreover Gaim-e is Open source. So the agencies couldn't really call up a CEO or something and have them removed could they?
The only thing that is a little mainstream (because it's easy to use and install) is Trillan. However it is closed source (possible back door) and the key generation isn't fully documented. Cerulean studios could have been obliged to give up their keys..
Padlock had it all: Open source, Secure and could potentially become maintream as it is easy to install (in windows) and cross platform
Artificial intelligence is no match for natural stupidity
They gave Nulloft/Justin no credit for their work, even though the headers clearly had WASTE code in it, their work reports included with the source code mention finding/researching a certain "open source project", and even Justin's documentation was nearly copied and pasted for their User Guide.
So what? Correct me if I'm wrong, but did VIA not make substantial additions to the functionality of the code, GPL'd their source and released it back to the community? That is the extend of their obligations according to the license that the WASTE author elected to use when he released his source, is it not?
-1 Uncomfortable Truth
Merely the fact that the software had a GPL copyright on it and happened to be available somehow doesn't mean that you can redistribute it. Until a piece of software has been intentionally released by its owner under the GPL, it is not covered by the GPL.
Furthermore, one of the most likely reason VIA pulled this is that they don't have the right to distribute it (patents, other people's copyrights, etc.). Then, even if you acquired a copy under the GPL, you couldn't use it because the GPL would be invalid.
Also, the person posting it may not have been authorized to do so by the copyright holder (the company itself). That would also mean that you don't, in fact, have the right to use it under the GPL because the GPL is an agreement between you and the copyright holder (VIA), and VIA has not entered into that agreement with you.
Even if you could get away with it legally for some reason, I really think it's a bad idea to behave that way. Good relations between VIA and OSS developers are essential in order to have Linux run well on their hardware. There is no hard-and-fast line, but in a situation like this (it seems it has had no widespread announcement, no user community, no external contributions), the creators of such a software package should be allowed to change their mind at the last minute.
Licenses are not required. That's just a myth spread by the FSF fudmachine.
;-)].
For example, you can quite easily give out public domain software. Of course you get the all-oft repeated argument "what if someone takes your code than turns it closed-source" to which I reply big fucking deal. I still can release my code openly. So if some company wants to use it on their own big deal. All the power.
Actually a public domain approach is more free/open because it allows commercial developers to create solutions faster without having to re-invent the wheel [while getting it all wrong] and not having to release stuff openly [e.g. works well for BitMover and Sony so far
And before anyone replies with stupidity. I do appreciate GNU and GPLed software. I just don't use it for my own software. I can happily co-exist with the two licenses...
Tom
Someday, I'll have a real sig.
I don't think I'm reading his post selectively.
If someone steals my code, then posts it online under the GPL illegally and then other people download it, I don't think that those other people should have Carte Blanche to do what they want with my code. I think that if I inform them and can prove to them that they are using code that should never have been in the GPL, then they have an obligation to stop using my code.
If we go with the great-grandparent's plan, then anything released under the GPL, no matter how it got there, would stay GPL. In other words, thieves would be totally free to steal and distribute code.
Which is a very bad idea, I think
I have a lot of opinions about Cyborgs and Architects
% cp /usr/src/linux/COPYING /downloads/KaZaa/WindowsSource/
Hey presto everyone, GPL'd Windows Source code!!!
They didn't remove the copyright info, they copied it verbatim as the GPL licensing files. This is all they are required to do. The GPL does not have an advertising clause and in fact is incompatible with the "old" BSD license with the advertising clause.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
No. But note that a piece of software is not necessarily licensed under the GPL just because it is accompanied by a text which claims so. Otherwise, I could legally redistribute (e.g.) Microsoft Windows by claiming it is under the GPL.
Most likely, the copyright of the software is and always was held by Nullsoft, not the author. Therefore, the author didn't have the right to license the software under the GPL (or any other license) in the first place. Same thing as the Microsoft analogy.
This is also the reason why the Free Software Foundation requires copyright disclaimers from the employers of software authors. They don't want to suddenly find out that they never had any rights to a software which they allegedly distributed under the GPL.
Moderators: This person is not offtopic, they are WRONG. This is NOT "just a fancier GUI on WASTE". It is an entirely new GUI, and a different encryption algorithm. The RSA code was (C) RSA and including it in a GPL program is a GPL violation. The AES code used in Padlock SL is dual-licensable; The default license in the program is essentially BSD, but it says you can instead license it as GPL so long as you retain the original copyright notice. Sounds good to me.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
There are other hardware crypto accelerators. OpenBSD uses them to offload all possible crypto and random functions from the CPU whenever one is present. VIA's is nice, in that it comes with the computer, but $100 will get you the same functionality in a PCI card.
Anybody here thinks that securei easy IM might not facilitate terrorist message interception?
You mean, like Jabber with SSL? That cat's already out of the bag.
Dewey, what part of this looks like authorities should be involved?
Dual license means that people get to choose which license they get (all of) the code under, license A or license B. (This is what Trolltech have done with QT, you can choose between the GPL or a commercial license).
Wrt. the Win2K source code: If the Win2K source code were dual-licensed with one license being GPL, then, sure, you could take that code and start a new GPL project from it. However, it isn't/wasn't, therefore you would be infringing on Microsofts copyright to that code by distributing it (or derivative works!).
It should also be noted that only the copyright holders of the code can release it under any given license; it doesn't count if someone takes the stolen Win2K code and just slaps the GPL in at the top of each file.
HAND.
Most likely, the copyright of the software is and always was held by Nullsoft, not the author. Therefore, the author didn't have the right to license the software under the GPL (or any other license) in the first place.
It's not that simple. If I work for a store, and it is normal duty of mine to do sales and quote prices. I'm am acting on behalf of that company when doing so.
If I work for Nullsoft and it is my normal duty to release software, I am acting on behalf of nullsoft when I do so.
If I have been delegated the authority to release software, and I release a software package, Nullsoft has just released that software package.
Things need to work this way, otherwise it would be WAY to easy for companies to wriggle out of contract that became inconvenient.
The exception would be when an employee obviously doesn't have the authority to do what they are doing (say a Microsoft intern releasing the windows source). Now if Ballmer himself were to release the Windows source code, even for a couple days, it would have to stick because he clearly had the authority to do so.
In the case of Nullsoft, the guy who released waste, obviously had the authority to do so.
Life is too short to proofread.
This program is just too cool! There are some things it could obviously use, such as an easier way for users to share their public keys(ala PGP key servers. The use of actual PGP/GPG keys would be really cool too!) and a few dedicated hosts to start a network(because direct peer to peer isn't always desireable or feasible, but the security through a dedicated host is good enough for most circumstances...) I guess what I'd really like to see is AIM support public key encryption, something that has always been lacking in the instant messenger app of choice for most people. Perhaps the open source community can make this a reality. And gaim encryption just doesn't work for enough people and isn't as strong as this...
Russian Russian Russian RussianDollSig DollSig DollSig DollSig
I'm not a lawyer, and I don't use the dumb geek acronyms to shorten that phrase down, but:
The WASTE software and source code was posted on the Nullsoft website by a Nullsoft employee who's always posting software to the site, who happens to also be the author of WASTE.
Let me repeat: an officer of the company and the author of the software made this software available under the GPL on the company website.
This seems open and shut to me: it's still GPL'd software. Sure the employee may have acted against the wishes of his gods, but its too late, it was released by the author, on the company website.
This would set a dangerous precedence if this were successfully challenged in court. Any company could virtually release a product under the GPL and later revoke it at their whim, claiming its unauthorized and that everyone must destroy their copies.
http://www.mousearmy.net/tech/
In the top section I've posted the original waste source, current waste source, PadLockSL source and some of the windows binaries mirrored in this thread.
This should consolodate the mirrored files in one place.
"Let him go, Ralph. He knows what he's doing." --Otto Mann (simpsons)
In the case of Nullsoft, the guy who released waste, obviously had the authority to do so.
Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license? Are you his boss, perhaps, or maybe a Nullsoft lawyer? Have you read the Nullsoft source release policy statement? Do you have the employee's job description on your desk? Are you bugging Nullsoft's corporate offices? Why are you so obviously authoritative on this issue? Inquiring minds want to know!
FreeSpeech.org
The original WASTE was released under the GPL without permission by someone without the authority to license it
No. The original WASTE was released under the GPL by someone whose permission to license it is in dispute. I have yet to see any even remotely conclusive argument about this either way, and it looks like the kind of question that really only a court has the authority to answer.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Was Winamp released under the GPL? If the answer is no then your post is meaningless.
How do you figure that?
Either he had the authority to act on behalf of Nullsoft or he did not. If he chose to use this authority to release winamp one way waste another, that would be at his discretion.
It is possible that Justin had authority to release binaries such as Winamp but no authority to release source.
People keep saying "well what if some internal document said XXX?"
What everyone seems to neglect is that people act as agents of the companies they work for.
If a manager at Walmart sells me a laptop for $10, he has that authority. Normally laptops sell for more than this, but this guy's a manager an I have a reasonable expectation that he can do this.
If it turns out the next day that his boss doesn't like it, they don't get the laptop back.
If we had to worry about internal agreements invalidating any contract made by employees who seemingly have the authority to do so, you'd never be able to trust a company to stick to an agreement. It would be too easy to weasel out.
I my Walmart example, maybe there's a document specfically saying he can't sell a laptop for less than $50. Why the hell should I know or care about it? The manager should know about it if he wants to keep his job, but in the end I still get my laptop for whatever he sells it to me for.
If Walmart doesn't like it they can fire the employee, or even go after him legally, but I'm in the clear. I bought my laptop at the price given to me by a Walmart representitive.
Life is too short to proofread.