Slashdot Mirror
MethLabs Shuts out PeerGuardian
Lost&Confused writes to tell us Slyck News is reporting that most of Methlabs.org administration and development staff have been forced out of their own website. For the time being PeerGuardian is being hosted on sourceforge. However, users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list until they can sort things out.
It's not a business.
Basically, the guys who were in charge of administering the money and servers slowly took over. Now they're claiming ownership of everything.
"If we let things terrify us, life will not be worth living."
- Seneca
What a guy^h^h^h gal!
...they don't tend to be very big on the business accumen. Any enterprise where stuff like this can happen, needs to have contracts in force that head them off. The big business closed source world lives and dies by contracts and legally binding agreements. The licenses on the code produced should not be where the thoughts of legalities end. Internal legal matters are perhaps far more important.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
What possible reason would Mr. Erwin want with methlabs.org? I can't believe he would pull this shit. He needs a good ass kicking for stepping out of line.
Take this web site to....hmmmm....wait....
I have gotton various things, at methlabs.org it says to ignore e-mails I get from anyone about PG unless it is from @methlabs.org. In an e-mail I got from someone else saying to go to the Sourceforge site. So for the time being, I probabaly will not download anything from either place since I don't know who to believe.
Not really. But it sounds almost exactly the same as what Michael Sims, the Slashdot editor, did to the Censorware Project.
Expecting a bitchslap in 5... 4... 3...
Bogtha Bogtha Bogtha
This kind of thing happens all the time in real methamphetamine labs across the country.
A group of like-minded people pool their resources within an abandoned house to create something and inevitably one of them puts a padlock on the formerly abandoned house to keep it all for himself.
I'm a big tall mofo.
Indeed. We (Methlabs) had an admittedly stupid setup and were working to change it. Obviously, we worked too slow. It's a shame that small groups of friends even have to think of legalities but I guess that's reality.
Anyone have advice on keeping this from happening again, to us or other OSS groups?
http://en.wikipedia.org/wiki/PeerGuardian
PeerGuardian and PeerGuardian 2 are free and open source software firewalls capable of blocking incoming and outgoing IP addresses. The application uses a blocklist of IP addresses to filter the computers of several organisations, including the RIAA and MPAA while using filesharing networks such as FastTrack and BitTorrent. The system is also capable of blocking advertising, spyware, government and educational ranges, depending upon user preferences.
We keep track of various organizations as best we can. I don't have a link on hand but I do remember a study folks at MIT did (couple years ago) that showed PeerGuardian caused a 75% reduction in fake/corrupt files on Kazaa.
I'm reluctant to update my lists using either source at the moment until it's cleared up. The plan for me is to keep the status quo until told otherwise from a reputable source.
I have a problem though; I have two main computers I use regularly and one of them was last updated on the 11th of September, the other on the 14th of September. The $64,000 question is:
Which of my computers, if any, are using reputable blocklists?
I don't know when this coup was started and thus I don't know at what stage we were supposed to stop trusting the auto-updating. I've already turned off my auto-updating for PG2 on both computers but I'd like some info on whether my current lists have been 'tainted.' By the sounds of it, this was a bit of a 'slow mutiny' so I'm somewhat paranoid that the lists may have been compromised far earlier than say, a week ago and thus this is all null and void. Needless to say, we just don't know at the moment.
Any info from some reputable PG2 personnel (I've seen you guys post here before, PS - love your work! I donate!) would go a very, very long way.
http://www.slyck.com/news.php?story=913
Methlabs Update
September 16th, 2005 by Administrator
"Dear Methlabs and P2P Community,
Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.
Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.
Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.
We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.
To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.
Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.
We apoligize for the current situation. Please visit http://methlabs.org/ for OFFICIAL updates, and help us spread the word!
- The Methlabs Team"
Slyck.com, Zeropaid.com, UniteTheCows.com, p2pnet.net, p2pconsortium.com and many others are saying the same thing... even the person who started the whole thing and who the domain name is named after has been locked out.
Officially, according to the founders of the community, their lead article writer, almost all senior administrators and the software developer of PeerGuardian 2... methlabs.org was hijacked.
peerguardian.sourceforge.net IS trustworthy.
(it's where the developers, founders, etc. are saying to go for new releases.)
Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog is causing the Lost-In-Space-Robot in my head to wave its arms madly:
If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks, and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."
The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.
We are the PeerGuardian Robots
We are here to protect you
We are here to protect you from the terrible secret of PeerGuardian
Do not trust the Methlabs Robot. He is malfunctioning
Do not trust the Sourceforge robot. He is inferior.
Form an LLC (couple hundred dollars).
Give all assets that you want to protect to the LLC.
Distribute ownership of the LLC among ALL memebers, and require license changes/ownership changes/policy changes/domain changes, etc, either unanimous consent or a 2/3 (maybe 3/4) vote.
Fundamentally, the purpose of a business 'shell', in any small organization, is to put your assets in one place so that no one can legally mismanage them.
If, for example, methlabs.org had been the property of methlabs, LLC, and the administrator tried to boot you off, you could send an e-mail to your registrar from the 'director' of the LLC, indicating that the administrator was not acting in the interest of the LLC. You send them the *signed* (can be signed electronically, using the US gov't standard, which is a bit silly \ \ ) LLC articles of incorporation, showing either that the administrator member had no right to do that, OR that he wasn't a member of the LLC.
Then they hand you the 'keys' to the castle, so to speak.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Hey, the cops came and forced me out of my meth lab once.
Registered Linux User #404114 [url=http://www.punkoiska.com][img]http://img406.imageshack.us/img406/4379/posbannercf5.g
But it lists most of the third party companies that snoop as well. If there is a whole, people are encouraged to report it.
And besides - Isn't poor secuirity at least a little better than no security?
This and other injustices perpetrated by slashdot's editors are documented within the pages of Anti-slash: Sacred Jihad Against Slashdot. We invite you to join our community and force slashdot's editors to answer for their crimes.
In Sacred Jihad,
jihadi_31337
Also, 2 more points ;-)
.), and its a fun way to stick it to him.
;-) ) and use this as additional proof (even though small claims doesn't set a precedent) for your cybersquatting claim.
1. Form the LLC anyways. Use the name, MethLabs LLC
File a cybersquatting request. Even if you loose, its not a bad way to go. If you can show you started the project, you'll be in *really* good shape, I think. As far as I know, if you have a business name, you are virtually guaranteed the domain name. What's good for the goose is good for the gander.
Emphasize that its a *security* site. ICANN generally frowns on people trying to subvert security software.
2. Trademark the term "Peerguardian". This costs about ~$400. You may have to take a collection for this. Then, you can pretty reliably prevent him from using that term on methlabs.org.
A trademark will help you achieve number 1, above, and virtually guarantees number 3, below.
3. Sue in small claims court. Make sure to sue in *his* state, but not necessarily his jurisdiction. Even if you don't get the domain back, claim the maximum (usually $3000) in damage. The loss of your projects domain name is easily worth much, much more, but $3000 should be fairly easy to start up again with (pays Domain fees hosting fees LLC fees, etc. .
Small claims court usually only takes a day of work, and the filing fees are pretty small, too. Even if he doesn't pay, you can enter a judgement against him, have the pleasure of actually employing a creditor FOR you (not against
Plus, small claims judges are big on practical issues. They don't like to see people get screwed, and generally side with the abused party.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
PeerGaurdian isn't about spam email blocking. It's about blocking IPs that belong to MPAA/RIAA/DOJ/Government/BSA and other organizations that flood p2p networks, looking to gather information on you and send you a lawsuit.
"Dear Member,
The majority of the Methlabs.org administration and development team have been forced out of their website following a series of threats and incidents. The member of the group that had been trusted to handle the finances and servers slowly managed to take over each individual part of the web site's assets, eventually claiming control over the entire group and locking out the majority of staff.
The organisation's founders, Tim Leonard and Ken McKelland, as well as the majority of the organisation's staff and developers (including the main developer of the PeerGuardian2 application, Cory Nelson and the staff members responsible for auditing the PeerGuardian Blocklists) have all been forcibly removed from the servers that were funded from donations given to the organisation by happy users, and from text advertising placed on the websites forum and project pages.
The money, which was to have been used to help fund the development and hosting costs of the group is now unavailable, stolen by the one who was trusted to keep it.
Development of PeerGuardian will resume, and the website will temporarily move to http://peerguardian.sourceforge.net/ until a new domain is registered and a new server found. The intention of the group is to register a non-profit organisation to handle the development of Methlabs applications and to promote open source projects that aid both security, privacy and peer-to-peer technologies, in order to prevent a repeat of this incident.
The team wish all their users the best through this difficult time, but promise that development will continue. Please visit http://peerguardian.sf.net/ for news as we make progress. All other sites, including http://methlabs.org/ and http://blocklist.org/ are under control of the rogue member and should not be trusted for safe updates to our applications or lists.
A new build of PeerGuardian will be released soon to reflect these changes. Until then we ask you to continue using Beta 6a but with caution as the update servers are no longer under our control.
All staff are available in irc.freenode.net, channel #methlabs if you wish to chat.
Thanks, The Methlabs Staff (looking for a new home) -----
Adam Hoier, Cory Nelson, Eric Mayuk, Fox Lowe, James Shanelec, Joseph Farthing, Ken McKelland, Steffen Tuzar, Tim Leonard
aka
braindancer, D3F, fox, FuRiOuS1, JFM, KuKIE, method, phrosty, r00ted"
FTFA:
"UPDATE: William Erwin, now confirmed as the hijacker, has posted news on Methlabs.org, claiming the hijacking news is false and stems from a revolt by former team members.
However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine."
The reporter has "heard from both sides", and said that the Methlabs team is correct. That's what real reporters do: they find all the sides of a story, decide which version is the most correct, and tell the story. They don't just report "he said / she said", which reduces the reporter and the publication to puny PR outlets for anyone with a version of the story, no matter how self-serving.
That's not to say the reporter's version is the most correct, or even correct at all. But that's what separates good reporters from bad ones: their skill at finding the most accurate story version. And then telling it so readers get the most accurate version of the story in our heads. Good journalists back up their judgements with representative quotes and descriptions of evidence to bolster the reader's confidence in their version. Really good journalists make good judgements and back it up, earning the ongoing confidence of their readers.
We still all need to take any story from where it comes. Which is why it helps to read some reporters for a long time, to understand their track record, their blind spots, biases, vested interests, and insights. We've watched "journalism" turn into a farce precisely because we no longer expect the journalist to use good judgement in reporting, highlighting what they find to be true. We expect journalists to be "objective" to the extent that the journalist disappears, acting only as a stenographer for whoever gets access to them as a channel for that interested party. Which is worse than useless.
This reporter, on this little story, in a little tech backwater, is exercising exactly the professionalism that most of the people in their industry wouldn't recognize if it faced them across an interview desk.
--
make install -not war
PeerGuardian is not for e-mail, it's for P2P networks.
Also, I don't know how you can believe that blacklists are useless. I'm down to only about a spam a day, despite my current primary e-mail address being listed all over the internet for years now. Obviously, your choice of blacklists is important, and using other metrics as well helps.
Besides that, the forces at work in P2P spam are completely different than that of e-mail spam. I can vouch for the PeerGuardian blacklist being extremely effective at blocking probably 99% of P2P spam, and making that last 1% look far less legitimate, and far less likely to be selected.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Anyone who contributed money to PG support should be suing the person who forced the rest of the team out for fraud and theft. I would expect them to have standing in court to pursue such a claim, and could make life very difficult for this apparent criminal.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Yes, I agree that the use of 'theft' is inappropriate. However, it really is drawn out to say 'copyright violation' all the time. Can we take it as read that I DO understand the difference between theft of proprty, and the unlawful redistribution of information ?
:)
And, no, you don't get a specific vote on copyright law. You didn't get a specific vote on a bunch of things. You live in a republic, not a democracy. The last TRUE democracy was ancient Greece, where they voted on near everything, and things didn't turn out so well for them
My point (and I really don't see why it was labelled 'off topic'... even 'flamebait' might have been more accurate) was that P2P communities are rife with people that just want their free stuff, and they don't give a damn who they hurt. So, it should be NO surprise that one of them turned against the PeerGuardian developers. William wanted his free stuff - where 'stuff' here meant the methlabs.org site - and he didn't give a damn who he hurt.
No surprise whatsoever.
If one wants to deal only with ethical people, don't create programs that will attract a highly disproportionate amount of unethical people.
Could the admin have been influenced (via loads of cash) to cause this confusion. Remove or modigy all MPAA/RIAA ip addresses, and make sure they do not go anywhere else for updates? If I was one of the above orginizations, that is what I would do.
-William
God is everything science has yet to explain.
The RIAA, MPAA and malware folks everywhere thank you for your stance. A point you seem to have over looked is that it is not just for blocking in P2P situations, the lists are also simple to use to block bad sites for other applications. The though of 'I don't need protection because I am doing nothing wrong' is rather shortsighted and is the reason for so many compromised systems on the net today. Also, carry the thought over into other things and you can see how silly the idea is. I can pick a deadbolt lock nearly as fast as most people can use a key, yet I still use locks on my door. If you will only use something that is 100% perfect then I think you will have a hard time ever finding anything in the world that you can use.
Question reality.
Could someone tell me who the hell methlabs.org and PeerGuardian are? I've never heard of them before.
Indeed, I loaded the safepeer plugin for azureus a few days ago (correct me if I'm wrong, but I believe it uses the peerguardian list) and the console is just FULL of blocked connections. I was a little shocked at the number.
However, looking through the logs, I wonder if it's being overly aggressive. It seems like it's blocking, for instance, all government addresses, and lots of 'private customer' addresses at major ISPs. Perhaps I'm just misunderstanding the classification categories?
I don't actually share anything that the *IAA types are likely to be looking for, which makes it even stranger that so many blocked addresses are trying to connect to me. Or, again, I may be just completely misunderstanding something...
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
The lists got a bit inaccurate over time. We had just got Blocklist.org setup so we could review all the blocked ranges, but then a month later this happens :(
Oh well. We'll recover.
Not to be too particular, but since I'm currently going throught the LLC application process, it might be useful to point out that it's not "articles of incorporation" but "articles of organization". "Articles of incorporation" is reserved for a corporation.
The difference between a corporation (Inc.) and limited liability company (LLC) is subtle but important. A corporation is a perpetual entity, so if a founding member dies, no problem. But if a founding member of an LLC dies, that pretty much ends the LLC. Taxes are a lot easier to handle, along with determining profit. Also, you don't have to have annual meetings where the minutes recorded, etc. However, with either one you get the benefit that your personal assets are not at risk. If the company fails miserably and owes a million dollars in debt, you still get to keep your personal car, your house, your money, etc. Thus the term "limited liability".
After poking around the comments on the other site, I came across this one from eremini, one of the PG devs. I've included it verbatim below. This is the most believeable version of the story I've heard.
& postdays=0&postorder=asc&start=25 )
(Background: cerberius, a.k.a. William Erwin, is the one who they claim "hijacked" methlabs.org. Cerberius, eremini, fox, and Gambit2011 were claimed to be on one side, with the rest of the devs, and the "owner", on the other. Gambit2011 posted to take himself off that list.)
(reference URL: http://www.slyck.com/forums/viewtopic.php?t=14191
Actual Post:
eremini here. I am gonna post exactly what happened, since there's no need to hide it now. As some of you know cerberius has always been the one that did technicall things on methlabs, set up the servers, updated server software, etc... So it only naturaly the servers were registered to him. Now about a week ago, Furi and Phrosty decided to kick cerb out, right now they are going around forums truying to say that they wanna be professional, but how do profesionals fire peope? They talk to them, explain the reasons, etc. Did they do that? No. Did they try to do that? No. Just one day all of a sudden, they changed the methlabs.org server root password, wiped all the data off it and hijacked a google adsence account, which was registered to cerb's social security number. Now about the domain. Yes, cerb did transfer the domain to him, a couple of months before that (Miles might call this keep all your balls in one sack), but he did not hijack anything, he transfered it with complience to all ICANN rules, which state that the preveious owner gets send an email, to which he gets to reply 60 days (!) if you want to reject the transfer, that didn't happen. So its transfered fair and square. Now about stealing money. What money? The google adsence money (which cerb got back with google being ready to press charges against hijackers for fraud) is still there, no money transfered. Same with paypal, the money, like always, will be used to pay hosting costs and other fees concerning methlabs. There thats the end of the store. Now you decide who to trust, but please don't trust them, just because they put their real names in some attemp to "be profesional"
Shorted translation:
"Please don't look for the software or support anywhere else, because even though they might be legit, I won't be able to control those other sites."
N.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
At legalzoom.com, you can incorporate a Nevada LLC (with registered agent) for ~205, IIRC
I've done this many times.
You'll have to find/pay a registered agent unless you can find an address/phone number in state. This is usually under a hundred dollars per year.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell