Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Nullsoft's Waste: Encrypted, Distributed, Mesh Net 674

Posted by CmdrTaco from the p2p-gets-more-and-more dept.
Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."
This discussion has been archived. No new comments can be posted.

Nullsoft's Waste: Encrypted, Distributed, Mesh Net More

Nullsoft's Waste: Encrypted, Distributed, Mesh Net

Comments Filter:

  • Gnutella (Score:2, Insightful)

    by Nermal6693 ( 622898 ) on Thursday May 29, 2003 @03:35AM (#6065658)
    Didn't they make Gnutella too?

  • Hmmm.... (Score:4, Insightful)

    by leviramsey ( 248057 ) on Thursday May 29, 2003 @03:36AM (#6065670) Journal

    AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

    A cliche regarding:

    • a left hand
    • a right hand
    • and a lack of knowledge

    ...comes to mind.

  • until when (Score:3, Insightful)

    by Vej ( 199488 ) on Thursday May 29, 2003 @03:38AM (#6065675)
    Makes you wonder how long it will be until protocols/network designs are attacked on the same basis as the product derived from them. ie p2p/filesharing.

    Considering nullsoft, might be a risky move.

  • Interesting (Score:5, Insightful)

    by harikiri ( 211017 ) on Thursday May 29, 2003 @03:39AM (#6065679)
    I haven't yet spotted any cryptographic "reviews" of this yet, but it certainly looks like an appealing platform to work with.

    Going through the documentation, I found this:

    From here [nullsoft.com]

    Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.

    Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).

  • I have to ask.. (Score:1, Insightful)

    by the unbeliever ( 201915 ) <chris+slashdot&atlgeek,com> on Thursday May 29, 2003 @03:39AM (#6065681) Homepage
    What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing. If it was more "anonymous", I could see a reason behind it. As it stands, I'll be the only person in my circle of friends who'll "get this", and it'll just spend time wasting on my HD. To be completely honest, crypto on file sharing protocols won't be commonplace until AOL or Yahoo decides to put it in AIM/Pager.

  • Re:I have to ask.. (Score:5, Insightful)

    by kliment ( 627259 ) on Thursday May 29, 2003 @03:47AM (#6065719)
    I think this is meaningful, as it is an ad-hoc way of creating aa VPN. Also it would probably be faster if a few of the nodes have fast connections. If your friends don't see a reason behind this, then maybe it is not meant for your circle of friends. About the anonymous issue, note that Freenet already exists and works to handle that problem. This is meant to address a completely different issue

  • Re:I have to ask.. (Score:5, Insightful)

    by Motherfucking Shit ( 636021 ) on Thursday May 29, 2003 @03:50AM (#6065728) Journal
    What's the point? If you can only connect to people who's key you have, and if only people who have your key can connect to you, this is going to be a pretty private thing.
    Exactly, privacy is what it's all about. People tend to forget (or not realize to begin with) that every bit of chatter they send to one another on AIM goes through AOL's servers, every message they send to their buddy on MSN Messenger passes through Microsoft's servers, etc. Waste gives you the ability to conduct reasonably secure conversations and chat. Sure, it's not as geeky as running your own private IRC server wrapped in stunnel, but hey, the easier crypto becomes, the better.

    The next time you want to have a chat with a friend, but you don't exactly want the contents bouncing all over the internet in plaintext, this looks like the perfect application. Reminds me somewhat of a program called SIMP [winfosec.com], which is a minimalistic Blowfish-ized IM program.

  • Re:I have to ask.. (Score:4, Insightful)

    by junklight ( 183583 ) <mark@TIGERjunklight.com minus cat> on Thursday May 29, 2003 @04:10AM (#6065786) Homepage
    The problem that we have here is that this network is NOT for piracy and therefore a lot of slashdot readers cannot see the use for it. Think instead of people working together - a workgroup as it where. For example why pay rental fees on an office when you can have a virtual one using tools such as this? Now I am not sure how great this tool is for that right not (I'm guessing - first release - not very) but I am sure it will come if people start using it.

  • Re:Hmmm.... (Score:3, Insightful)

    by leviramsey ( 248057 ) on Thursday May 29, 2003 @04:48AM (#6065907) Journal

    And does that fact necessarily matter to the *AA?

  • Re:Why didn't they call it "Idiot"? (Score:5, Insightful)

    by driftingwalrus ( 203255 ) on Thursday May 29, 2003 @05:22AM (#6066005) Homepage
    Beleive it or not, but they're not trying to sell it. You only need marketing if you plan on selling it.

  • Re:AOL Time Warner... (Score:2, Insightful)

    by Isosonys ( 589846 ) on Thursday May 29, 2003 @05:46AM (#6066049)
    what service? I see software, Free software at that with code. Maybe someone got bored at the office?

  • Re:Yes, it's GPL and it says so... (Score:1, Insightful)

    by Anonymous Coward on Thursday May 29, 2003 @05:49AM (#6066061)
    Because the patent expired.

  • Re:I have to ask.. (Score:1, Insightful)

    by Anonymous Coward on Thursday May 29, 2003 @07:11AM (#6066263)
    good thing they included the source then... to make it easier for someone to create one...

  • Re:Interesting (Score:2, Insightful)

    by mark_lybarger ( 199098 ) on Thursday May 29, 2003 @07:25AM (#6066286)
    come on now. the gpl won't hinder it's use in other applications at all. qt is licensed under gpl. is it's use in applications hindered? (currently only in the non unix world, but at the rate the cygwin port is coming along, that might change). gpl will ensure that all other apps are under gpl as well, and that's a good thing. i want to see and want others to see the source for my encrypted im application. i want my boss to have access to the source. i want lots of people to see the source and scrutinize it all to hell and back.

    besides gpl is only for distrubiuted apps. if IBM or someother large corporation wants to make an internal use application that's customized for their use, then so be it.

  • Everything needs to be marketed. (Score:2, Insightful)

    by Futurepower(R) ( 558542 ) on Thursday May 29, 2003 @08:09AM (#6066434) Homepage
    I don't agree. Everything needs to be marketed. Giving something a name with negative connotations slows acceptance, or may even stop it. They want users don't they?

  • Re:Hmmm.... (Score:5, Insightful)

    by Daniel Phillips ( 238627 ) on Thursday May 29, 2003 @08:23AM (#6066516)
    AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....

    That was a joke right? And the moderators who marked it "interesting" and "insightful" really meant to mark it "funny", they just hit the wrong button, right?

    In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.

    As for why AOL lets Nullsoft do things like this, I suppose the choice is either to let them work on what they want to or lose the talent. What Nullsoft is doing is the best thing for the net, and so is the best thing for AOL in the end.

  • It could work. (Score:2, Insightful)

    by HanzoSan ( 251665 ) on Thursday May 29, 2003 @09:45AM (#6067003) Homepage Journal
    50 people can share files and even if just one of those 50 has access to files, they all do.

  • The good, and the bad.... (Score:5, Insightful)

    by NerveGas ( 168686 ) on Thursday May 29, 2003 @12:33PM (#6068395)

    While on the surface, this might seem like a reinvention of IP tunnelling and VPN's, there are a couple of important features bundled in that set it apart:

    1. It turns each node into a router. While you can establish a VPN with other tool kits, you still have to enable and configure the routing manually.

    2. It's entirely user-land - it's a standalone program that a user can plop on their machine and be on their way.

    The best part about it is that you can get through firewalls. The worst part about it is that you can get through firewalls.

    Most people are pretty polar in their opinions of firewalls, with most of those people seeing them a fascist mechanism to control what they can see. In some (perhaps most) cases, that can be true. However, firewalls are much more than that: They can (and often are) used to protect YOU, the clueless end-user, from the other bad people on the Internet.

    After I clear out counters on firewall rules, it's not uncommon to see 10-20 (sometimes more) incoming attacks within 5 seconds.

    So, this will be great for letting people browse the web from work. On the other hand, it will expose them to propagation of worms and attacks which would have otherwise been caught by the firewall.

    Is this a good program? Overall, I think that it's a good thing that NullSoft created it. We simply need to realize that with all of the benefits it brings, it will also bring a few negatvies with it.

    steve

  • Re:The Right Hand Knows (Score:3, Insightful)

    by L7_ ( 645377 ) on Thursday May 29, 2003 @01:15PM (#6068727)
    Yes, it seems to be more of a client where you already have a trusted group of users either from real life (Say, a whole dorm hall or a bunch of co-workers) or from a presence online (Say, a whole gaming guild or software collaborators or even a little message board community) to open some of your system files to. It is a trusted way to get recommended files, be they legal or illegal.

    You don't need to be in contact with strangers if all your friends have GBs upon GBs of "shared source".

Slashdot Top Deals

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (5) All right, who's the wiseguy who stuck this trigraph stuff in here?

Close