Nullsoft's Waste: Encrypted, Distributed, Mesh Net 674
Myriad writes "Nullsoft, makers of the venerable Winamp MP3 player, released today a secure, distributed mesh-like networking protocal and platform called Waste. This v1.0 beta release uses RSA (key based) and Blowfish encryption for security, and features Instant Messanging and group chat, along with file browsing, searching, and transfer. Waste has been released under the GPL, with source and binaries available here."
Gnutella (Score:2, Insightful)
Hmmm.... (Score:4, Insightful)
AOL Time Warner (IIRC, owners of the second biggest recording company, not to mention one of the major recording studios) owns Nullsoft, which releases a program that the RIAA and MPAA will undoubtedly call a tool whose sole purpose is to illicitly distribute copyrighted works....
A cliche regarding:
...comes to mind.
until when (Score:3, Insightful)
Considering nullsoft, might be a risky move.
Interesting (Score:5, Insightful)
Going through the documentation, I found this:
From here [nullsoft.com]
Note: It might be worth implementing WASTE using a subset of SSL, to avoid any concern of flaws in this protocol. Feedback is gladly accepted on any potential weaknesses of the negotiation. We have spent a decent amount of time analyzing this, and although we have found a few things that are not ideal (i.e. if you know public keys from a network, you can sniff some traffic and do an offline dictionary attack on the network name/ID), but overall it seems decent. The current implementation probably needs work, too.
Which suggests to me that it isn't worth rushing out and developing application with *just* yet, until further reviews have occured (and the protocol has matured/evolved).
I have to ask.. (Score:1, Insightful)
Re:I have to ask.. (Score:5, Insightful)
Re:I have to ask.. (Score:5, Insightful)
The next time you want to have a chat with a friend, but you don't exactly want the contents bouncing all over the internet in plaintext, this looks like the perfect application. Reminds me somewhat of a program called SIMP [winfosec.com], which is a minimalistic Blowfish-ized IM program.
Re:I have to ask.. (Score:4, Insightful)
Re:Hmmm.... (Score:3, Insightful)
And does that fact necessarily matter to the *AA?
Re:Why didn't they call it "Idiot"? (Score:5, Insightful)
Re:AOL Time Warner... (Score:2, Insightful)
Re:Yes, it's GPL and it says so... (Score:1, Insightful)
Re:I have to ask.. (Score:1, Insightful)
Re:Interesting (Score:2, Insightful)
besides gpl is only for distrubiuted apps. if IBM or someother large corporation wants to make an internal use application that's customized for their use, then so be it.
Everything needs to be marketed. (Score:2, Insightful)
Re:Hmmm.... (Score:5, Insightful)
That was a joke right? And the moderators who marked it "interesting" and "insightful" really meant to mark it "funny", they just hit the wrong button, right?
In fact what we have here is a first cut at a secure distributed network presence system, something that would allow you to run an icq-like network between people you trust without being spied on by a central server. There are many reasons why one would want this: maybe *you* just want to trade copyrighted files, but *I* want to communicate securely and efficiently with my associates.
As for why AOL lets Nullsoft do things like this, I suppose the choice is either to let them work on what they want to or lose the talent. What Nullsoft is doing is the best thing for the net, and so is the best thing for AOL in the end.
It could work. (Score:2, Insightful)
The good, and the bad.... (Score:5, Insightful)
While on the surface, this might seem like a reinvention of IP tunnelling and VPN's, there are a couple of important features bundled in that set it apart:
1. It turns each node into a router. While you can establish a VPN with other tool kits, you still have to enable and configure the routing manually.
2. It's entirely user-land - it's a standalone program that a user can plop on their machine and be on their way.
The best part about it is that you can get through firewalls. The worst part about it is that you can get through firewalls.
Most people are pretty polar in their opinions of firewalls, with most of those people seeing them a fascist mechanism to control what they can see. In some (perhaps most) cases, that can be true. However, firewalls are much more than that: They can (and often are) used to protect YOU, the clueless end-user, from the other bad people on the Internet.
After I clear out counters on firewall rules, it's not uncommon to see 10-20 (sometimes more) incoming attacks within 5 seconds.
So, this will be great for letting people browse the web from work. On the other hand, it will expose them to propagation of worms and attacks which would have otherwise been caught by the firewall.
Is this a good program? Overall, I think that it's a good thing that NullSoft created it. We simply need to realize that with all of the benefits it brings, it will also bring a few negatvies with it.
steve
Re:The Right Hand Knows (Score:3, Insightful)
You don't need to be in contact with strangers if all your friends have GBs upon GBs of "shared source".