VIA Releases Source To Custom WASTE Client 209
daten writes "VIA has released the source code to their Padlock SL product, based on the Nullsoft WASTE code previously pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under active development, the VIA client offers a graphical interface for both Windows and Linux users and simpler configuration."
passive (Score:2, Interesting)
passive, because flawed? (Score:4, Interesting)
Also, off topic but amusing, when I was browsing around their site for more information I found this: http://www.viaarena.com/?PageID=306 [viaarena.com]
Re:passive, because flawed? (Score:2, Informative)
Admittedly, I've never had a need to do this, but In theory it should work.
Re:passive, because flawed? (Score:5, Interesting)
Another problem is this: Say Jane, Joe, and Pete are on the same network, but Jane hates Pete because he didn't call the next morning, so Jane deletes Pete's key. Pete is still allowed on the network through his long time buddy Joe, and Pete can even route through Jane. We tried some tests, and this actually works.
Re:passive, because flawed? (Score:5, Funny)
how private? (Score:2)
Re:how private? (Score:5, Informative)
Re:how private? (Score:5, Informative)
Re:how private? (Score:3, Funny)
Jeroen
Use WebDAV (Score:4, Informative)
WebDAV [webdav.org] -- a standard part of Apache 2 -- is the replacement for FTP. It only uses one TCP connection (HTTP extension), goes anywhere HTTP goes, can be used over HTTPS and thus be as secure as you like.
On the client side, it is already supported by KDE (use URLs like webdavs://server/dir/file.txt), GNOME, and MS Windows [mydocsonline.com]. There are also a few command-line clients, such as neon [webdav.org].
Re:Use WebDAV (Score:2)
Re:how private? (Score:2)
Is this legal? (Score:5, Interesting)
Re:Is this legal? - this text (Score:4, Informative)
An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.
Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.
If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.
Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.
Thank you.
Nullsoft
I asked FSF, and FSF said... (Score:5, Informative)
"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."
"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."
Re:Is this legal? (Score:5, Interesting)
How can it be "unlicensed" if it has GPL license on each file?
On a related note: VIA is releasing their "PadLock SL" under GPL too.
Re:Is this legal? (Score:2)
The same reason the company I work for could call something I developed on their time and dime theirs, whether I GPL it or not. It was released under Nullsoft's name, so AOL technically owned it. GPL'ing it was what was unauthorized, so it was never really licensed properly in the first place. But now that the horses have already left the barn and nullsoft is gutted, AOL doesn't show much sign of pursuing their claims.
Re:Is this legal? (Score:5, Interesting)
There is a separate issue between him and AOL, discussing whether he had the authority to make the release. However, once an officer of a company releases something, it's going to be hard to say he didn't have the authority to do so.
(reposted) I asked FSF, and FSF said: (Score:4, Informative)
"If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."
"Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."
But the thing is, I doubt anybody even cares. The logic in the P2P debate is always "I believe whatever supports my position, and I don't believe anything that speaks against my position."
In this case the FSF themselves say that they are presuming it to be unauthorized, and that therefore others have rights to do anything with the software.
But who cares what the FSF says, right?
Re:(reposted) I asked FSF, and FSF said: (Score:4, Insightful)
The FSF saying it presumes it was an unauthorized release is prudent but equivalent to an assumption of guilt. Frankel had traditionally released software apparently at will, with nary a peep from AOL, but Waste drew fire. Given that precedent points to him being allowed to release the code, in order to prove that it was unauthorized someone is likely going to have to show that someone higher up the food chain than Frankel explicitly told him not to release Waste.
The FSF is not saying that they think it was an unauthorized release. They're saying that they have no idea, and that if you get busted the FSF's reaction will be "I told you so."
But as you say, who cares what the FSF has to say about it? They're not even involved. The GPL is covered by copyright law, not FSF law, which doesn't exist, so the FSF is irrelevant. The question is not whether the GPL applies in this situation, because clearly if he did not have the right to put the GPL on the code, then the code is not really GPL. (If you don't hold the copyright, you can't reassign it.) If he DID have the right to make the release, then the GPL certainly applies.
If you want to get a useful opinion from someone on this issue, talk to the EFF, because they're the only cavalry you can expect (hope) will come to the rescue if you are sued for doing something with the WASTE sources. Or at this point, possibly VIA, if you are a VIA customer using their release, though I sincerely doubt that they'd step in on your behalf.
Re:(reposted) I asked FSF, and FSF said: (Score:2)
This most certainly is about P2P, that's why people cares about WASTE in the first place (that, and also because JF made it). It's certainly not a global P2P app like Kazaa, but most folks think of it in terms of little closed, encrypted file-sharing communities -- all clearly stated in the original Slashdot post: "encrypted chat, instant messaging and file sharing over a private peer-to-peer network." That's not about P2P?
And, as my post indicated, it certainly comes as no surpr
Re:(reposted) I asked FSF, and FSF said: (Score:2)
The thing that WASTE does that is special is not P2P. Other P2P services exist and are freely available. None of them are quite as easy to set up as WASTE but quite frankly it would not be amazingly to put together some self-installing (or copy-installing) binary packages for windows, linux, and other popular operating systems :) to provide all the functionality WASTE does with Free and Open Source software.
WASTE's special feature is its ability to send bogus data (up to a certain maximum throughput) at
Re:Is this legal? (Score:2)
That person can still be held responsible for the act, but the outsider can't be blamed.
This sounds like the legal person nullsoft claiming to have had a temporary case of multiple personality disorder....
Jeroen
Re:Is this legal? (Score:5, Funny)
Look, if AOL is dumb enough to buy fish from someone like Frankel, they deserve what they get.
Microsoft bought my halibut, and I, for one, am happy as a clam.
Re:Is this legal? (Score:5, Insightful)
Re:Is this legal? (Score:5, Insightful)
Re:Is this legal? (Score:5, Insightful)
Since Frankel had the power to release software under the GPL, and it was only after the software was released that his employers thought to limit his power to release the software, it is ok for us to continue to distribute the software.
Re:Is this legal? (Score:2)
I don't care if, twelve years ago, Justin's boss said to him "you're not allowed to release anything without my OK."
It's not my job to keep track of these things.
He released it, and it's mine. End of story.
Re:Is this legal? (Score:2)
Re:Is this legal? (Score:2)
Re:Is this legal? (Score:3, Informative)
IANAL.
If *we*, the persons dealing with the company 'reasonably believe' that the Agent (Frankel) has the authority to enter into the agreement (GPL license) with us, then it is so. The company is responsible to uphold its agreement (where Frankel was the agent).
Posting this nonsense on the web doesnt undo Agent Frankel's agreement with us.
I just got an image of
Is this illegal? (Score:2, Informative)
It doesn't necessarily make it false, either. The GPL's legality and enforceability have yet to be tested in court. Also, Frankel may have been bound by prior contracts which nullify any attempt to GPL any code created while employed. You can't take code someone else
Re:Is this legal? (Score:2)
FYI Stallman comments on sf waste page (Score:3, Informative)
RE: Nullsoft: NOTICE OF UNAUTHORIZED SOFTWARE
2003-07-23 12:22
so, here's the deal. i've been thinking about this thread a lot and figured it would be good to get an authoritative repsonse from someone 'in the know' about the gpl and law. so i decided to write rms himself and see what his take is on the matter. here's my email to him (7/21):
mr. stallman,
i've got a question for you regarding a certain application of the gpl
Re:Is this legal? (Score:2)
Am I the only one that remebers when a Nike representative came out and stated in no uncertain terms that their shoes were NOT made in sweatshops, only t
Re:Is this legal? (Score:2, Informative)
Re:Is this legal? (Score:2)
Eric Harmon could have just downloaded the PadLock source and looked at it, just as I did! IMHO, it just reeks of sour grapes. He hasn't been doing much maintaining, and is now pissed off that someone else has taken up the slack.
Direct Download Links (Score:5, Informative)
Windows XP Version [viaarena.com]
Red Hat Verion 9.0 [viaarena.com]
Installation Guide [viaarena.com]
User Guide [viaarena.com]
Re:Direct Download Links (Score:3, Informative)
Via? (Score:2)
Linked page is useful for figuring it out too: "Here you go, if you download it, give us feedback."
(I admit, I'm lazy and hope some fellow
Re:Via? (Score:5, Informative)
JOhn
Re:Via? (Score:4, Informative)
Re:Via? (Score:2)
Overall, it is likely cheaper to have a cluster running on c3s rather than xeons/p4s/opterons/athlons/g5 simply because of the lack of huge power reqirements (10 1GHz c3s vs a 3ghz p4, on a clusterable job will almost certainly see the p4 blasted), not to mention initial cost, which can be lower than $100 per board + processor.
(and any speed c3 with a nehemiah core will murder most anyth
That's not been my experience... (Score:2)
Integer performance on a Nehemiah (key word there- previous incarnations of the C3 CPU were good low-power offerings for embedded designs, and showed poorer performance...) core is on a par with a comparably clocked Celeron (i.e. it's in the ballpark of a 1GHz Celeron with the chip on the EPIA M10000 board...) and it's FP perform
VIA's system requires hardware (Score:2, Informative)
Re:VIA's system requires hardware (Score:3, Interesting)
Re:VIA's system requires hardware (Score:2)
Maybe I need to go read up on their licensing terms for Windows.
Re:VIA's system requires hardware (Score:2)
In short: yes, it's different than Linux.
Re:VIA's system requires hardware (Score:2)
On Windows, there's only the commercial version available (which also means you can't build GPL software on Windows with Qt unless the GPL software has a specific license exepmtion for Q
Re:VIA's system requires hardware (Score:2)
All of the above have LGPL or LGPL style licenses, and at least FLTK and wxWidgets have exceptions for static linking, so there should be very few licensing issues with them. There's probably more, but these the ones I know off the top of my head.
Re:VIA's system requires hardware (Score:2)
> requiring a cross-platform C++ gui widgets
> seems to be written with QT?
It's largely because Qt is really, really insanely easy to use. The object classes are very intuitive for programming.
Regarding licensing issues, there is a GPL version for native Win32 [sourceforge.net]. It's not being actively updated, but it did get far enough to the point where most of my programs (the ones that didn't use other libraries, at least) would cross compile and run pretty decent
Re:VIA's system requires hardware (Score:5, Informative)
From the user's guide:
PadLockSL utilizes hardware AES algorithm and random number generator provided in VIA C5P processor. The special characteristics PadLockSL has are outlined as below:
1.2.1 Support running on C5P system and non-C5P system
1.2.2 Automatically detect whether C5P ACE is available or not
If C5P ACE is available, use hardware AES in C5P ACE; otherwise, use software implemented AES when performing AES encryption/decryption
1.2.3 Automatically detect whether C5P RNG is available or not
If C5P RNG is available, use it as entropy source in random number generation routine; otherwise, use the random number generation device provided by linux.
Messaging (Score:5, Interesting)
Banks are obviously really paranoid about security. They also really need messages to get through, quickly. In the software that I worked on, you would basically configure it with a priorty list of methods that it could use to transmit the message. So the most secure and failsafe method would be the one it tried first. If that didn't work it would try other methods, gradually going down the list, which usually ended with Fax being the most primitive method.
So how is this relevant to the OSS community? Well, we all know email is pretty much broken. Businesses want message delivery that is 1) secure and 2) reliable. Email is neither. With OSS email clients, we should change our mentality a bit and treat them instead as messaging clients, with email being just one of the methods it might use to send the message. The first thing it might try would be a secure, peer-to-peer connection with the recipient of the message. If all OSS email clients followed the same standard - perhaps based on this WASTE code? - soon most messages might be sent by a better manner than email.
One day very soon, Microsoft is going to come out with a "better email". The OSS community will bitch about it, and then if it takes off they will try to copy it. I'd much prefer we did the innovating and MS had to copy... Come on guys!
Re:Messaging (Score:2)
Re:Messaging (Score:2, Interesting)
It is either reliable or it isn't. It isn't.
Unfortunately non-static IPs for most users and AUPs prohibiting long-running network servers put the damper on that little plan.
You don't seem to get what I'm saying. It would try the best method (secure, reliable), if that didn't work, it would try the next best method (email?). So the message goes by the best available method. That's the whole
Re:Messaging (Score:2)
1. Attempt to deliver message via WASTE or similar.
2. Attempt delivery via ssh/sftp direct to host. Keypairs cached on both machines to allow automatic logins. Yeah, not too secure but we're assuming trust between both boxen.
3. Attempt delivery via email.
4. Attempt delivery via IM protocol of choice.
On and on ad nauseum. Something like this?
Re:Messaging (Score:2)
It could work like that. But I was thinking of something simpler - try to deliver via a secure P2P connection, if that doesn't work, then deliver by email. For this to work it needs to be simple - the client needs to be able to find out how to connect via P2P just from the email address. And it needs to be fairly transparent to the user.
However, the great thing about the approach is that it is modular, so other methods could be added and OSS messaging projects could spawn and evolve w
Re:Messaging (Score:2)
LoB
Congress?!? (Score:4, Insightful)
We have seen the results of CAN-SPAM act. That should clue you in on the first point.
Next, you want a government specified secure mail protocol? I hate to be rude, but that is like asking for government specified quality literature. Any attempt at that would come out of committee dripping with pork fat, backdoored by every TLA in the country, overseen by a new agency that would tax it, and likely incapable of functioning in the real world.
Please step away from the crack pipe.
Interoperability? (Score:5, Interesting)
Anybody had more luck? Waste runs under wine, but there are a lot of annoying issues, and the port [dnetc.org] seems dead in the water.
Re:Interoperability? (Score:3, Insightful)
I bought Win4Lin [netraverse.com]
Re:Interoperability? (Score:2)
I should just port Waste myself, but in that case I find myself thinking I should start from scratch so as to avoid the tainted code. But in that case it wouldn't be waste, as I think the protocol can be improved on....
Re:Interoperability? (Score:2)
Maybe I need to report this but each time I retry it, the line 3 : 2xxxx number gets higher. WTF.
Re:Interoperability? (Score:3, Insightful)
Winamp Unlimited Has The Full Story (Score:5, Informative)
Justin Frankel's Reaction (Score:4, Interesting)
reduces my confidence in VIA (Score:2)
Source Code (Score:4, Informative)
http://www.viaarena.com/?PageID=401
Have fun!
Hardware level security ? (Score:2)
nick...
CVS (Score:4, Interesting)
However, what I would like to see done with this project is someone tack some kind of version control system onto it. Once you do that, this could be the perfect "floating development board" system for projects such as PlayFair which cannot find shelter elsewhere due to legal problems and/or harassment.
Then all you have to do is move the transport layer from being straight P2P to the data being stored on FreeNet, and you've got a way to have totally public yet totally anonymous development of an "illegal" software application...
At the least, it could be interesting.
Re:CVS (Score:4, Interesting)
Hardware Random number (Score:3, Informative)
(as well as the low-noise really isn't all that lown noise)
Re:Hardware Random number (Score:2)
Yes, it seems that even those that pride themselves on low-noise can't shell out the extra $1 to get a good fan.
But you don't seem very unhappy so I'll assume you haven't yet discovered the wonderful surprise that the processor performs like an AMD/Intel one of about half the MHz it's rated... Have fun with that one, I know I did!
Re:Hardware Random number (Score:2)
However I would like to install a better heatsink so i am thinking of using one of those motherboard heatsinks, like the Swiftech MCX159-R, just cant figure out if it fits. But then the harddrives will be the loudest part.
I am a bit dissapointed with the speed, but as it functions as my home file,web,mail server on Redhat it does not matter much.
Re:Hardware Random number (Score:2)
Yes, I do the same thing myself. I'm amazed that the companies that make "quiet" PCs don't spend the extra $1 or 2 to buy decent, quiet, tempurature controlled fans. I would certainly pay $10 more to have them in the system, rather than have to go through that work myself.
Take my advice. Get out a ruler, and very carefully measure the dimentions in your system. Then compare it t
Still violates GPL (Score:3, Informative)
Just a quick hint... (Score:2, Funny)
You are kidding right? (Score:2)
Re:You are kidding right? (Score:2)
My only comment was that its not new.. and pretty common... In relation to other 'pure' chat clients..
Re:Open Source? (Score:4, Informative)
Re:Open Source? (Score:2)
Re:Ahhhhh (Score:2)
Re:Ahhhhh (Score:2)
Re:Who cares? (Score:4, Insightful)
WASTE is designed for secure communications (IM, chat and file transfer) between small groups of trusted users.
Bittorrent, Kazaa etc are designed for the mass distribution of files amongst people you don't know.
The only similarities are that neither use a central server, and they can be used to transfer files. But how many protocols can't transfer files?
Re:Who cares? (Score:3, Insightful)
No one has done anything like this before. (Score:2)
If you want to do skunkworks-style development, collaboration, or your just an 'ARRRRR net pirate then WASTE is a tasty morsel of goodness that is hard to find in other products.
Point of sale system, right. You don't do that open source because there's no point. Who'd use it that doesn't have a purchasing department and thus can be expected to outlay a little dough?
Re:No one has done anything like this before. (Score:2)
What it sounds like you're saying is that, if you've got a lot of money, you don't really deserve the freedom OS software gives you. The whole point of OS software has NOTHING to do with money. It's about freedom. Why should someone be locked into proprietary software just because they have the money for it? Isn't this
Re:No one has done anything like this before. (Score:2)
I'm just saying that instead of having 1000 IM programs o
Re:No one has done anything like this before. (Score:2)
How about any small business that is trying to get their systems up to the current century. I've been looking at FOSS POS systems. Few work, some think the web is the answer to everything. The best I have found so far is Quasar [linuxcanada.com], (not free, but reasonably priced) and it doesn't quite meet my clients needs. So if I cho
Well, I didn't say it _couldn't be_ open source. (Score:2)
I mean, do you have POS cash registers in your basement just waiting to be endowed with such an application? Come on.
Re:Who cares? (Score:4, Informative)
Re:Who cares? (Score:4, Interesting)
Fine, if you retailers want OSS to play ball and write them a POS system, then how about you get on the same field and publish a detailed requirements document publically, so that the community can get a start? The proprietary software community does have an advantage in that the client pays to have developers gather the requirements and perform production tests and so forth, but if there's an OSS solution out there, then all that you need is an integrator. But if all you say is "give me a POS system", you're going to get nothing useful back. And if you throw the requirements document over the wall and never come back with feedback, expect nothing after the initial attempt.
Hardware's another issue
Re:Who cares? (Score:2)
A lot could be done without incorporating specialized hardware. Think a little smaller. I have a friend that owns an appliance store. He doesn't need a cash drawer, manager key, and the card reader is on the box he got from the credit card processing company. Same goes for the dealership where I bought my motorcyle.
What he does need is POS entry, customer database, invoice prin
Re:Who cares? (Score:2)
I don't know whether the parent's view is accurate or not, but it does point out something I learned in [shudder] "diversity training".
In a successful organization, there are several types of individuals: those that do the R-and-D; the blue-sky dreamers who dream up uses for the stuff the R-and-D folks invent; the "people persons" who sell the products the dreamers dream up; and the accountants and production control bean counters who t
Re:Who cares? (Score:2)
True, in a non-profit group there is a reduced need for accountants, but bean counters will find beans to count none the less. Sort of like Da Count (Count von Count) on Sesame Street. These folks are also good at organizing things, maintaining version numbers, deciding what updates go into which version, coordinating schedules and cut-off dates and generally telling other people what to do.
I know that last bit sounds like a bad thing an
Just compile Padlock on Mandrake (Score:4, Informative)
Re:Just compile Padlock on Mandrake (Score:2)
Or just run it. The "Redhat 9" version runs perfectly fine on my Debian Sid system, albeit I'm not sure of what the point of it is. It seems terribly difficult to use. To share files between people peer-to-peer I need to manually get everyone else's keys and setup a connection to each of them and vice versa? That seems like an incredible pain
Re:Just compile Padlock on Mandrake (Score:2)
Re:2 Sided Consent (Score:2)
The April 13 ruling would still apply. Basically, before you can tap or log other peoples chat sessions you need one of two things: 1) mutual consent from both parties or 2) a warrant from a judge. If you have 2 then you don't need to worry about things like consent.
Personally, I don't think a lot of eavesdropping happens on IM. Yeah, employers might do it to their employees (which I think the
Re: VIA Releases Source To Custom WASTE Client (Score:2)
The hoopla is that you can encrypt all your network communications for "free" if you use AES, even on an otherwise "slow" CPU. OpenBSD will automatically take advantage of this CPU, if present. Not need to patch a Linux kernel if you want t