Slashdot Mirror
MethLabs Shuts out PeerGuardian
Lost&Confused writes to tell us Slyck News is reporting that most of Methlabs.org administration and development staff have been forced out of their own website. For the time being PeerGuardian is being hosted on sourceforge. However, users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list until they can sort things out.
It's not a business.
Basically, the guys who were in charge of administering the money and servers slowly took over. Now they're claiming ownership of everything.
"If we let things terrify us, life will not be worth living."
- Seneca
...they don't tend to be very big on the business accumen. Any enterprise where stuff like this can happen, needs to have contracts in force that head them off. The big business closed source world lives and dies by contracts and legally binding agreements. The licenses on the code produced should not be where the thoughts of legalities end. Internal legal matters are perhaps far more important.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
I have gotton various things, at methlabs.org it says to ignore e-mails I get from anyone about PG unless it is from @methlabs.org. In an e-mail I got from someone else saying to go to the Sourceforge site. So for the time being, I probabaly will not download anything from either place since I don't know who to believe.
Not really. But it sounds almost exactly the same as what Michael Sims, the Slashdot editor, did to the Censorware Project.
Expecting a bitchslap in 5... 4... 3...
Bogtha Bogtha Bogtha
This kind of thing happens all the time in real methamphetamine labs across the country.
A group of like-minded people pool their resources within an abandoned house to create something and inevitably one of them puts a padlock on the formerly abandoned house to keep it all for himself.
I'm a big tall mofo.
Indeed. We (Methlabs) had an admittedly stupid setup and were working to change it. Obviously, we worked too slow. It's a shame that small groups of friends even have to think of legalities but I guess that's reality.
Anyone have advice on keeping this from happening again, to us or other OSS groups?
http://en.wikipedia.org/wiki/PeerGuardian
PeerGuardian and PeerGuardian 2 are free and open source software firewalls capable of blocking incoming and outgoing IP addresses. The application uses a blocklist of IP addresses to filter the computers of several organisations, including the RIAA and MPAA while using filesharing networks such as FastTrack and BitTorrent. The system is also capable of blocking advertising, spyware, government and educational ranges, depending upon user preferences.
We keep track of various organizations as best we can. I don't have a link on hand but I do remember a study folks at MIT did (couple years ago) that showed PeerGuardian caused a 75% reduction in fake/corrupt files on Kazaa.
http://www.slyck.com/news.php?story=913
Methlabs Update
September 16th, 2005 by Administrator
"Dear Methlabs and P2P Community,
Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.
Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.
Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.
We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.
To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.
Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.
We apoligize for the current situation. Please visit http://methlabs.org/ for OFFICIAL updates, and help us spread the word!
- The Methlabs Team"
Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog is causing the Lost-In-Space-Robot in my head to wave its arms madly:
If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks, and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."
The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.
We are the PeerGuardian Robots
We are here to protect you
We are here to protect you from the terrible secret of PeerGuardian
Do not trust the Methlabs Robot. He is malfunctioning
Do not trust the Sourceforge robot. He is inferior.
The last safe backup we have was taken on September 9th, pretty much right before all hell broke loose.
Bluetack may go a bit overkill on who they block on their lists, but they are generally trusted by the community. We'd rather users setup PeerGuardian to use our competitors lists than use possibly unsafe lists from a compromised server.
We setup instructions to switch to the Bluetack lists if anyone is interested.
Form an LLC (couple hundred dollars).
Give all assets that you want to protect to the LLC.
Distribute ownership of the LLC among ALL memebers, and require license changes/ownership changes/policy changes/domain changes, etc, either unanimous consent or a 2/3 (maybe 3/4) vote.
Fundamentally, the purpose of a business 'shell', in any small organization, is to put your assets in one place so that no one can legally mismanage them.
If, for example, methlabs.org had been the property of methlabs, LLC, and the administrator tried to boot you off, you could send an e-mail to your registrar from the 'director' of the LLC, indicating that the administrator was not acting in the interest of the LLC. You send them the *signed* (can be signed electronically, using the US gov't standard, which is a bit silly \ \ ) LLC articles of incorporation, showing either that the administrator member had no right to do that, OR that he wasn't a member of the LLC.
Then they hand you the 'keys' to the castle, so to speak.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
He thought that methlabs.org had established such a good reputation that they could start charge customers money for the service?
But didn't he realize that the developers would have backup copies of the site and just set up a new site elsewhere?
I've seen this thing happen with small companies. They recruit a couple of software architects to get the core software written. Once they get the software developed they give the architects the boot, and hire cheap graduates to do any customisation.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Hey, the cops came and forced me out of my meth lab once.
Registered Linux User #404114 [url=http://www.punkoiska.com][img]http://img406.imageshack.us/img406/4379/posbannercf5.g
This and other injustices perpetrated by slashdot's editors are documented within the pages of Anti-slash: Sacred Jihad Against Slashdot. We invite you to join our community and force slashdot's editors to answer for their crimes.
In Sacred Jihad,
jihadi_31337
Also, 2 more points ;-)
.), and its a fun way to stick it to him.
;-) ) and use this as additional proof (even though small claims doesn't set a precedent) for your cybersquatting claim.
1. Form the LLC anyways. Use the name, MethLabs LLC
File a cybersquatting request. Even if you loose, its not a bad way to go. If you can show you started the project, you'll be in *really* good shape, I think. As far as I know, if you have a business name, you are virtually guaranteed the domain name. What's good for the goose is good for the gander.
Emphasize that its a *security* site. ICANN generally frowns on people trying to subvert security software.
2. Trademark the term "Peerguardian". This costs about ~$400. You may have to take a collection for this. Then, you can pretty reliably prevent him from using that term on methlabs.org.
A trademark will help you achieve number 1, above, and virtually guarantees number 3, below.
3. Sue in small claims court. Make sure to sue in *his* state, but not necessarily his jurisdiction. Even if you don't get the domain back, claim the maximum (usually $3000) in damage. The loss of your projects domain name is easily worth much, much more, but $3000 should be fairly easy to start up again with (pays Domain fees hosting fees LLC fees, etc. .
Small claims court usually only takes a day of work, and the filing fees are pretty small, too. Even if he doesn't pay, you can enter a judgement against him, have the pleasure of actually employing a creditor FOR you (not against
Plus, small claims judges are big on practical issues. They don't like to see people get screwed, and generally side with the abused party.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
PeerGaurdian isn't about spam email blocking. It's about blocking IPs that belong to MPAA/RIAA/DOJ/Government/BSA and other organizations that flood p2p networks, looking to gather information on you and send you a lawsuit.
"Dear Member,
The majority of the Methlabs.org administration and development team have been forced out of their website following a series of threats and incidents. The member of the group that had been trusted to handle the finances and servers slowly managed to take over each individual part of the web site's assets, eventually claiming control over the entire group and locking out the majority of staff.
The organisation's founders, Tim Leonard and Ken McKelland, as well as the majority of the organisation's staff and developers (including the main developer of the PeerGuardian2 application, Cory Nelson and the staff members responsible for auditing the PeerGuardian Blocklists) have all been forcibly removed from the servers that were funded from donations given to the organisation by happy users, and from text advertising placed on the websites forum and project pages.
The money, which was to have been used to help fund the development and hosting costs of the group is now unavailable, stolen by the one who was trusted to keep it.
Development of PeerGuardian will resume, and the website will temporarily move to http://peerguardian.sourceforge.net/ until a new domain is registered and a new server found. The intention of the group is to register a non-profit organisation to handle the development of Methlabs applications and to promote open source projects that aid both security, privacy and peer-to-peer technologies, in order to prevent a repeat of this incident.
The team wish all their users the best through this difficult time, but promise that development will continue. Please visit http://peerguardian.sf.net/ for news as we make progress. All other sites, including http://methlabs.org/ and http://blocklist.org/ are under control of the rogue member and should not be trusted for safe updates to our applications or lists.
A new build of PeerGuardian will be released soon to reflect these changes. Until then we ask you to continue using Beta 6a but with caution as the update servers are no longer under our control.
All staff are available in irc.freenode.net, channel #methlabs if you wish to chat.
Thanks, The Methlabs Staff (looking for a new home) -----
Adam Hoier, Cory Nelson, Eric Mayuk, Fox Lowe, James Shanelec, Joseph Farthing, Ken McKelland, Steffen Tuzar, Tim Leonard
aka
braindancer, D3F, fox, FuRiOuS1, JFM, KuKIE, method, phrosty, r00ted"
FTFA:
"UPDATE: William Erwin, now confirmed as the hijacker, has posted news on Methlabs.org, claiming the hijacking news is false and stems from a revolt by former team members.
However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine."
The reporter has "heard from both sides", and said that the Methlabs team is correct. That's what real reporters do: they find all the sides of a story, decide which version is the most correct, and tell the story. They don't just report "he said / she said", which reduces the reporter and the publication to puny PR outlets for anyone with a version of the story, no matter how self-serving.
That's not to say the reporter's version is the most correct, or even correct at all. But that's what separates good reporters from bad ones: their skill at finding the most accurate story version. And then telling it so readers get the most accurate version of the story in our heads. Good journalists back up their judgements with representative quotes and descriptions of evidence to bolster the reader's confidence in their version. Really good journalists make good judgements and back it up, earning the ongoing confidence of their readers.
We still all need to take any story from where it comes. Which is why it helps to read some reporters for a long time, to understand their track record, their blind spots, biases, vested interests, and insights. We've watched "journalism" turn into a farce precisely because we no longer expect the journalist to use good judgement in reporting, highlighting what they find to be true. We expect journalists to be "objective" to the extent that the journalist disappears, acting only as a stenographer for whoever gets access to them as a channel for that interested party. Which is worse than useless.
This reporter, on this little story, in a little tech backwater, is exercising exactly the professionalism that most of the people in their industry wouldn't recognize if it faced them across an interview desk.
--
make install -not war
PeerGuardian is not for e-mail, it's for P2P networks.
Also, I don't know how you can believe that blacklists are useless. I'm down to only about a spam a day, despite my current primary e-mail address being listed all over the internet for years now. Obviously, your choice of blacklists is important, and using other metrics as well helps.
Besides that, the forces at work in P2P spam are completely different than that of e-mail spam. I can vouch for the PeerGuardian blacklist being extremely effective at blocking probably 99% of P2P spam, and making that last 1% look far less legitimate, and far less likely to be selected.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Anyone who contributed money to PG support should be suing the person who forced the rest of the team out for fraud and theft. I would expect them to have standing in court to pursue such a claim, and could make life very difficult for this apparent criminal.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Yes, I agree that the use of 'theft' is inappropriate. However, it really is drawn out to say 'copyright violation' all the time. Can we take it as read that I DO understand the difference between theft of proprty, and the unlawful redistribution of information ?
:)
And, no, you don't get a specific vote on copyright law. You didn't get a specific vote on a bunch of things. You live in a republic, not a democracy. The last TRUE democracy was ancient Greece, where they voted on near everything, and things didn't turn out so well for them
My point (and I really don't see why it was labelled 'off topic'... even 'flamebait' might have been more accurate) was that P2P communities are rife with people that just want their free stuff, and they don't give a damn who they hurt. So, it should be NO surprise that one of them turned against the PeerGuardian developers. William wanted his free stuff - where 'stuff' here meant the methlabs.org site - and he didn't give a damn who he hurt.
No surprise whatsoever.
If one wants to deal only with ethical people, don't create programs that will attract a highly disproportionate amount of unethical people.
... Cuba!
The lists got a bit inaccurate over time. We had just got Blocklist.org setup so we could review all the blocked ranges, but then a month later this happens :(
Oh well. We'll recover.