Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Communications The Internet

VIA Releases Source To Custom WASTE Client 209

Posted by timothy from the want-not dept.
daten writes "VIA has released the source code to their Padlock SL product, based on the Nullsoft WASTE code previously pulled by AOL. Padlock SL offers encrypted chat, instant messaging and file sharing over a private peer-to-peer network. Unlike WASTE, which is still under active development, the VIA client offers a graphical interface for both Windows and Linux users and simpler configuration."
This discussion has been archived. No new comments can be posted.

VIA Releases Source To Custom WASTE Client More

VIA Releases Source To Custom WASTE Client

Comments Filter:

  • passive (Score:2, Interesting)

    by netkgb ( 200102 ) *
    "Unlike WASTE, which is still under active development..." More like passive development on sourceforge

    • passive, because flawed? (Score:4, Interesting)

      by Dirus ( 592987 ) on Wednesday April 14, 2004 @10:06AM (#8859305)
      IIRC, it's impossible to remove someone from your network once they are in. For corporate use this makes firing people more trouble. Rebuild the network when firing someone? For personal use this presents a problem too, it's easy to add a trouble user to your network (just one person need exchange keys with them), but hard (impossible?) to remove them. I wonder if VIA has addressed this with Padlock SL. I have yet to see anything that would suggest it, but then again I haven't taken a look at the source yet.

      Also, off topic but amusing, when I was browsing around their site for more information I found this: http://www.viaarena.com/?PageID=306 [viaarena.com]

      • Not true. You should be able to remove them simply by having members of the network remove that users' public key, then make sure all clients are NOT set to auto-accept broadcasted public keys.
        Admittedly, I've never had a need to do this, but In theory it should work.

      • Re:passive, because flawed? (Score:5, Interesting)

        by gid ( 5195 ) on Wednesday April 14, 2004 @11:24AM (#8860121) Homepage
        You can also snoop in on other people's "encrypted" messages, as long as you're part of the collective. Makes me wonder how encrypted other stuff is as well. But ya, the main problem is key management.

        Another problem is this: Say Jane, Joe, and Pete are on the same network, but Jane hates Pete because he didn't call the next morning, so Jane deletes Pete's key. Pete is still allowed on the network through his long time buddy Joe, and Pete can even route through Jane. We tried some tests, and this actually works.
  • Does anyone know how private this network is? Do you have to get a key from a member? Does it just use encryption? Any details on this?

  • Is this legal? (Score:5, Interesting)

    by Newtonian_p ( 412461 ) on Wednesday April 14, 2004 @09:16AM (#8858938) Homepage
    Doesn't Nullsoft's page [nullsoft.com] on WASTE say " An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website ... Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright" ?

    • Re:Is this legal? - this text (Score:4, Informative)

      by nighty5 ( 615965 ) on Wednesday April 14, 2004 @09:22AM (#8858970)
      NOTICE OF UNAUTHORIZED SOFTWARE

      An unauthorized copy of Nullsoft's copyrighted software was briefly posted on this website on or about Wednesday May 28, 2003. The software was identified as "WASTE" (the "Software") and includes the files "waste-setup.exe", "waste-source.zip", "waste-source.tar.gz" and any additional files contained in these files.

      Nullsoft is the exclusive owner of all right, title and interest in the Software. The posting of the Software on this website was not authorized by Nullsoft.

      If you downloaded or otherwise obtained a copy of the Software, you acquired no lawful rights to the Software and must destroy any and all copies of the Software, including by deleting it from your computer. Any license that you may believe you acquired with the Software is void, revoked and terminated.

      Any reproduction, distribution, display or other use of the Software by you is unauthorized and an infringement of Nullsoft's copyright in the Software as well as a potential violation of other laws.

      Thank you.

      Nullsoft

      • I asked FSF, and FSF said... (Score:5, Informative)

        by turnstyle ( 588788 ) on Wednesday April 14, 2004 @10:36AM (#8859528) Homepage
        I asked FSF, and FSF said:

        "If WASTE's release was unauthorized, you have no rights to do anything with the software. I am not certain what you could be required to do, by law, should you be found to possess a copy."

        "Unfortunately, there is no good way to determine whether or not the release was authorized or not. We are currently presuming that it was unauthorized, until we see convincing evidence otherwise."

    • Re:Is this legal? (Score:5, Interesting)

      by Quixote ( 154172 ) on Wednesday April 14, 2004 @09:30AM (#8859032) Homepage Journal
      WASTE files contain the following license at the top:
      /*
      WASTE - main.h (a bunch of global declarations and definitions)
      Copyright (C) 2003 Nullsoft, Inc.

      WASTE is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
      the Free Software Foundation; either version 2 of the License, or
      (at your option) any later version.

      .....

      How can it be "unlicensed" if it has GPL license on each file?

      On a related note: VIA is releasing their "PadLock SL" under GPL too.

      • > How can it be "unlicensed" if it has GPL license on each file?

        The same reason the company I work for could call something I developed on their time and dime theirs, whether I GPL it or not. It was released under Nullsoft's name, so AOL technically owned it. GPL'ing it was what was unauthorized, so it was never really licensed properly in the first place. But now that the horses have already left the barn and nullsoft is gutted, AOL doesn't show much sign of pursuing their claims.

    • Re:Is this legal? (Score:5, Insightful)

      by vegetablespork ( 575101 ) <vegetablespork@gmail.com> on Wednesday April 14, 2004 @09:30AM (#8859034) Homepage
      They say it, but that doesn't make it true. An agent of the company posted the software under the GPL. AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.

      • Re:Is this legal? (Score:5, Insightful)

        by alienw ( 585907 ) <alienw.slashdot@ ... inus threevowels> on Wednesday April 14, 2004 @09:34AM (#8859069)
        If some Microsoft employee posts the Windows code under the GPL, that will not make the code GPL. If Frankel had no power to approve the release under the GPL, then it was unauthorized and the GPL does not apply.

        • Re:Is this legal? (Score:5, Insightful)

          by Peter La Casse ( 3992 ) on Wednesday April 14, 2004 @09:52AM (#8859200)
          If some Microsoft employee posts the Windows code under the GPL, that will not make the code GPL. If Frankel had no power to approve the release under the GPL, then it was unauthorized and the GPL does not apply.

          Since Frankel had the power to release software under the GPL, and it was only after the software was released that his employers thought to limit his power to release the software, it is ok for us to continue to distribute the software.

          • ...since when has it been the world's job to keep track of everyone's office politics?

            I don't care if, twelve years ago, Justin's boss said to him "you're not allowed to release anything without my OK."

            It's not my job to keep track of these things.

            He released it, and it's mine. End of story.

            • I think it has a lot to do with title. As in what was his title. A director of a company and above can enter into contract for that company. If they told him not to they can fire him and sue him for it but they cant get out of the contract without showing that the other parties knew that he was told he couldent do it. So if he was a random software coder no he dosent have the athority be default to enter into a contract with other people for the company if he was say the director of software engineering
          • How do you know he had that power? He did not own title to the software, so he did not have that power. It's extremely shaky legal ground as far as I am concerned. As in, VIA is taking a major lawsuit risk here should AOL care to pursue the matter. It would be much easier to implement a clean-room clone than to try to legalize the original codebase.

      • Re:Is this legal? (Score:3, Informative)

        by SubtleNuance ( 184325 )
        AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.

        IANAL.

        If *we*, the persons dealing with the company 'reasonably believe' that the Agent (Frankel) has the authority to enter into the agreement (GPL license) with us, then it is so. The company is responsible to uphold its agreement (where Frankel was the agent).

        Posting this nonsense on the web doesnt undo Agent Frankel's agreement with us.

        I just got an image of

      • Is this illegal? (Score:2, Informative)

        by Anonymous Coward
        They say it, but that doesn't make it true. An agent of the company posted the software under the GPL. AOL/Nullsoft's dispute is with Justin Frankel if they contend the release was unauthorized. But released it was, and it is under the GPL.

        It doesn't necessarily make it false, either. The GPL's legality and enforceability have yet to be tested in court. Also, Frankel may have been bound by prior contracts which nullify any attempt to GPL any code created while employed. You can't take code someone else
    • Generally speaking, if an employee of a corporation does something on behalf of a corporation in a manner consistent with an official act of the corporation (like, posting it on their main website), regardless of whether or not they were supposed to, the corporation's recourse is fire the employee. The exceptions to this would be if the employee knew that the release was unauthorized and did it anyway, making them no longer an agent of the company. As long as they did it in good faith, they were acting as
    • By: Hollywood at monkeysvsrobots.com - zonk3r
      RE: Nullsoft: NOTICE OF UNAUTHORIZED SOFTWARE
      2003-07-23 12:22
      so, here's the deal. i've been thinking about this thread a lot and figured it would be good to get an authoritative repsonse from someone 'in the know' about the gpl and law. so i decided to write rms himself and see what his take is on the matter. here's my email to him (7/21):

      mr. stallman,

      i've got a question for you regarding a certain application of the gpl
    • That doesn't matter at all. If you've dealt with corporations a good deal, you will quickly discover that they will lie their ass off CONSTANTLY. Ignore everything they tell you, unless it is comming directly from the mouth of a lawyer (and with nobody acting as a go-between). Otherwise, they can just lie and lie and lie with absolutely no consequences.

      Am I the only one that remebers when a Nike representative came out and stated in no uncertain terms that their shoes were NOT made in sweatshops, only t

  • Direct Download Links (Score:5, Informative)

    by InShadows ( 103008 ) on Wednesday April 14, 2004 @09:17AM (#8858945)
    for those that don't want to fill out the questionnaire

    Windows XP Version [viaarena.com]

    Red Hat Verion 9.0 [viaarena.com]

    Installation Guide [viaarena.com]

    User Guide [viaarena.com]

  • Via? (Score:2)

    by Azghoul ( 25786 )
    Doesn't Via make chipsets? I don't understand where this is coming from...

    Linked page is useful for figuring it out too: "Here you go, if you download it, give us feedback."

    (I admit, I'm lazy and hope some fellow /.er will enlighten me :))

    • Re:Via? (Score:5, Informative)

      by Milican ( 58140 ) on Wednesday April 14, 2004 @09:31AM (#8859045) Journal
      Checkout VIA PadLock Hardware Security Suite [via.com.tw]. Their procs have built in AES encryption as well as a very high bitrate Random Number Generator. This allows their 1GHz procs to do encryption an order of magnitude faster than a 2.4GHz P4. So this software just takes advantage of and promotes their hardware.

      JOhn

    • Re:Via? (Score:4, Informative)

      by bhtooefr ( 649901 ) <bhtooefr@bhtooefr. o r g> on Wednesday April 14, 2004 @09:42AM (#8859121) Homepage Journal
      VIA makes CPUs (C3), motherboards (EPIA), and graphics cards (S3 UniChrome integrated and DeltaChrome) too! BTW, PadLock is definitely a reference to the encryption engine in their C3 Nehemiah and newer - it means that their 1GHz C3 can murder a x.xxGHz Pentium 4 on encryption, all while barely taking any power. However, as soon as you go to standard integer or floating point, it SUCKS ASS. Integer performance is in the 300-600MHz Celery range, and FP performance is in the sub-300MHz Celery range.
      • Actually it isn't that bad on integer, fp could use work. Neither is it's main selling point, it simply does decently.

        Overall, it is likely cheaper to have a cluster running on c3s rather than xeons/p4s/opterons/athlons/g5 simply because of the lack of huge power reqirements (10 1GHz c3s vs a 3ghz p4, on a clusterable job will almost certainly see the p4 blasted), not to mention initial cost, which can be lower than $100 per board + processor.

        (and any speed c3 with a nehemiah core will murder most anyth

      • Having worked with these chips for a while (since they're pretty much the new pet CPU for the x86 set-top box crowd...) I can say that your claims aren't accurate in the slightest.

        Integer performance on a Nehemiah (key word there- previous incarnations of the C3 CPU were good low-power offerings for embedded designs, and showed poorer performance...) core is on a par with a comparably clocked Celeron (i.e. it's in the ballpark of a 1GHz Celeron with the chip on the EPIA M10000 board...) and it's FP perform
  • Via's system requires their hardware security implementations to work.

    As the first step in working towards this objective, VIA was the first company in the world to introduce hardware-based security features in an x86 processor, as part of the VIA PadLock Hardware Security Suite, first with the implementation of the VIA PadLock RNG (Random Number Generator) in the initial Nehemiah core followed by the addition of a second RNG and the VIA PadLock ACE (Advanced Cryptography Engine) supporting AES encryption

    • The released source also uses Qt, so you'll need a Qt license if you want to compile this yourself on Windows.
      • Is Trolltech's QT license different on Windows than it is on linux? On linux, if you're building software for personal or non-commercial uses, there's no licensing agreement. If you plan to make money on it, then a license purchase is required. There are other stipulations but that's the gist.

        Maybe I need to go read up on their licensing terms for Windows.
        • The Windows version is not released under the GPL. The only way to aquire it is to buy a license. There's also an educational version that ships with a book, but if you want it without buying the book you need to be a teacher/instructor in a classroom situation (it's an educational license, not a student discount).

          In short: yes, it's different than Linux.

        • You're close, but not quite right. There's always a licensing agreement with Qt, no matter the platform. If you're using it on Linux or MacOS you have 2 choices: the GPL version (can only be linked with GPL and compatible software because of the GPL) or the commercial version which you can link with your closed source code.

          On Windows, there's only the commercial version available (which also means you can't build GPL software on Windows with Qt unless the GPL software has a specific license exepmtion for Q

    • Re:VIA's system requires hardware (Score:5, Informative)

      by grondu ( 239962 ) on Wednesday April 14, 2004 @09:53AM (#8859207)
      Via's system requires their hardware security implementations to work.

      From the user's guide:

      PadLockSL utilizes hardware AES algorithm and random number generator provided in VIA C5P processor. The special characteristics PadLockSL has are outlined as below:
      1.2.1 Support running on C5P system and non-C5P system
      1.2.2 Automatically detect whether C5P ACE is available or not
      If C5P ACE is available, use hardware AES in C5P ACE; otherwise, use software implemented AES when performing AES encryption/decryption
      1.2.3 Automatically detect whether C5P RNG is available or not
      If C5P RNG is available, use it as entropy source in random number generation routine; otherwise, use the random number generation device provided by linux.

  • Messaging (Score:5, Interesting)

    by pubjames ( 468013 ) on Wednesday April 14, 2004 @09:26AM (#8859005)
    I used to work programming software that basically transmitted information between banks. I learnt one very simple thing that I think could be really helpful for the OSS community: Separate the message from the method of delivery.

    Banks are obviously really paranoid about security. They also really need messages to get through, quickly. In the software that I worked on, you would basically configure it with a priorty list of methods that it could use to transmit the message. So the most secure and failsafe method would be the one it tried first. If that didn't work it would try other methods, gradually going down the list, which usually ended with Fax being the most primitive method.

    So how is this relevant to the OSS community? Well, we all know email is pretty much broken. Businesses want message delivery that is 1) secure and 2) reliable. Email is neither. With OSS email clients, we should change our mentality a bit and treat them instead as messaging clients, with email being just one of the methods it might use to send the message. The first thing it might try would be a secure, peer-to-peer connection with the recipient of the message. If all OSS email clients followed the same standard - perhaps based on this WASTE code? - soon most messages might be sent by a better manner than email.

    One day very soon, Microsoft is going to come out with a "better email". The OSS community will bitch about it, and then if it takes off they will try to copy it. I'd much prefer we did the innovating and MS had to copy... Come on guys!
    • Email does have reliable delivery. however it's only reliable to the MX host. After that, it's out of your hands. If email were delivered directly to the target computer then this would be enough. Unfortunately non-static IPs for most users and AUPs prohibiting long-running network servers put the damper on that little plan.

      • Re:Messaging (Score:2, Interesting)

        by pubjames ( 468013 )
        Email does have reliable delivery. however it's only reliable to the MX host. After that, it's out of your hands.

        It is either reliable or it isn't. It isn't.

        Unfortunately non-static IPs for most users and AUPs prohibiting long-running network servers put the damper on that little plan.

        You don't seem to get what I'm saying. It would try the best method (secure, reliable), if that didn't work, it would try the next best method (email?). So the message goes by the best available method. That's the whole
        • Let's go down a preliminary list of what might transpire in this type of setup.

          1. Attempt to deliver message via WASTE or similar.
          2. Attempt delivery via ssh/sftp direct to host. Keypairs cached on both machines to allow automatic logins. Yeah, not too secure but we're assuming trust between both boxen.
          3. Attempt delivery via email.
          4. Attempt delivery via IM protocol of choice.

          On and on ad nauseum. Something like this?
          • Something like this?

            It could work like that. But I was thinking of something simpler - try to deliver via a secure P2P connection, if that doesn't work, then deliver by email. For this to work it needs to be simple - the client needs to be able to find out how to connect via P2P just from the email address. And it needs to be fairly transparent to the user.

            However, the great thing about the approach is that it is modular, so other methods could be added and OSS messaging projects could spawn and evolve w
            • pretty much what I proposed to my favorite email client developers some time ago. They said they wanted to keep the email client as an email client. What I like about this method is that not only does it find the user-preferred delivery mechanism for a particular message, but it could also deliver large files too more efficiently.

              LoB

  • Interoperability? (Score:5, Interesting)

    by Hobbex ( 41473 ) on Wednesday April 14, 2004 @09:31AM (#8859044)
    Does anybody know if this can interoperate with Waste networks? I tried to get it into our waste network, and after changing the key header I got the keys to import into the waste clients, but connections still failed.

    Anybody had more luck? Waste runs under wine, but there are a lot of annoying issues, and the port [dnetc.org] seems dead in the water.

    • Re:Interoperability? (Score:3, Insightful)

      by blixel ( 158224 )
      Waste runs under wine, but there are a lot of annoying issues, and the port seems dead in the water.

      I bought Win4Lin [netraverse.com] ... and WASTE was one of my motivating reasons for buying it. If WASTE is important enough to you, I'd recommend Win4Lin. And you get the addeded benefit of being able to do other Windows things. (Kaaza [though giFT [sf.net] works well enough for me most of the time], and whatever other Windows things you need.) The only "problem" with Win4Lin is that at this point in time it's Win95/98/98SE/ME
      • I do not have a windows installation at all, and I have absolutely no want or need for one, so Win4Lin is not what I am looking for.

        I should just port Waste myself, but in that case I find myself thinking I should start from scratch so as to avoid the tainted code. But in that case it wouldn't be waste, as I think the protocol can be improved on....

  • Winamp Unlimited Has The Full Story (Score:5, Informative)

    by lotsofno ( 733224 ) on Wednesday April 14, 2004 @09:51AM (#8859189)
    Winamp Unlimited [inthegray.com] covered the complete story yesterday, for those of you who are interested. There are some links/information on there that haven't been mentioned with this discussion.

  • Source Code (Score:4, Informative)

    by Human_USB ( 771223 ) on Wednesday April 14, 2004 @09:55AM (#8859221)
    You can get the source code here....
    http://www.viaarena.com/?PageID=401
    Have fun!
  • Anyone care to comment on how this fits in with all that palladium / DRM crap ? is it related in any way and / or is this a bonus that its under the GPL ?

    nick...

  • CVS (Score:4, Interesting)

    by mcc ( 14761 ) <amcclure@purdue.edu> on Wednesday April 14, 2004 @10:16AM (#8859376) Homepage
    So it's a P2P version of "Hotline". That's neat! It really is.

    However, what I would like to see done with this project is someone tack some kind of version control system onto it. Once you do that, this could be the perfect "floating development board" system for projects such as PlayFair which cannot find shelter elsewhere due to legal problems and/or harassment.

    Then all you have to do is move the transport layer from being straight P2P to the data being stored on FreeNet, and you've got a way to have totally public yet totally anonymous development of an "illegal" software application...

    At the least, it could be interesting.

  • Hardware Random number (Score:3, Informative)

    by Bender Unit 22 ( 216955 ) on Wednesday April 14, 2004 @10:29AM (#8859474) Journal
    At least the c3 [via.com.tw] has a hardware random number generator for better encryption. Sadly you need stepping 03 of the Nehemiah core, as I discovered when I got my motherboard and got Linux compiled to use it. I had a 01 stepping so it was no-go. Felt kinda cheated.
    (as well as the low-noise really isn't all that lown noise)
    • (as well as the low-noise really isn't all that lown noise)

      Yes, it seems that even those that pride themselves on low-noise can't shell out the extra $1 to get a good fan.

      But you don't seem very unhappy so I'll assume you haven't yet discovered the wonderful surprise that the processor performs like an AMD/Intel one of about half the MHz it's rated... Have fun with that one, I know I did!
      • The first thing I did, was to replace the fan, including the one in the PSU, helped a lot.
        However I would like to install a better heatsink so i am thinking of using one of those motherboard heatsinks, like the Swiftech MCX159-R, just cant figure out if it fits. But then the harddrives will be the loudest part.

        I am a bit dissapointed with the speed, but as it functions as my home file,web,mail server on Redhat it does not matter much.

        • The first thing I did, was to replace the fan, including the one in the PSU, helped a lot.

          Yes, I do the same thing myself. I'm amazed that the companies that make "quiet" PCs don't spend the extra $1 or 2 to buy decent, quiet, tempurature controlled fans. I would certainly pay $10 more to have them in the system, rather than have to go through that work myself.

          just cant figure out if it fits.

          Take my advice. Get out a ruler, and very carefully measure the dimentions in your system. Then compare it t

  • Still violates GPL (Score:3, Informative)

    by harlows_monkeys ( 106428 ) on Wednesday April 14, 2004 @02:37PM (#8862420) Homepage
    The WASTE code in Sourceforge still violates GPL. It still includes a bunch of RSA code that isn't GPL'ed. Some of it is explicitly under a license that is imcompatible with GPL, and the rest simply gives an RSA copyright notice and says nothing about licensing.

Slashdot Top Deals

For God's sake, stop researching for a while and begin to think!

Close