Forgot your password?
typodupeerror

VIA Pulls PadLockSL 233

Posted by michael
from the up-down-up-down dept.
yipyow writes "A few weeks ago VIA Technologies posted software based on Nullsoft's WASTE, as reported here a few days ago. VIA PadLockSL included both a Windows and Linux client and some special extensions to work with security hardware built into certain VIA products. It was released under the GPL so I managed to snag a copy of the source code right before VIA suddenly removed their page (Google cache). I have posted Linux compilation instructions and mirrored the source here. If VIA has decided not to pursue the project further, I think the F/OSS community should turn this project into something, it has potential to be a great tool."
This discussion has been archived. No new comments can be posted.

VIA Pulls PadLockSL

Comments Filter:
  • Be careful (Score:5, Interesting)

    by Oculus Habent (562837) * <[oculus.habent] [at] [gmail.com]> on Friday April 16, 2004 @08:43AM (#8879841) Journal
    It might be a good idea to find out why it was removed. Perhaps they discovered a license violation and took it down to prevent a lawsuit. While noble, the automatic assumption that they simply don't want to pursue the project could be placing yipyow in an actionable position.
    • Re:Be careful (Score:2, Interesting)

      by Anonymous Coward
      It might be a good idea to find out why it was removed. Perhaps they discovered a license violation and took it down to prevent a lawsuit. While noble, the automatic assumption that they simply don't want to pursue the project could be placing yipyow in an actionable position.


      Well the thing is they can't do anything about it now, once they released it as GPL even if they didn't mean to, then it's GPL forever baby.

      No going back on your word when company politics might prevent things, or saying "oops" lik
      • Re:Be careful (Score:5, Informative)

        by Oculus Habent (562837) * <[oculus.habent] [at] [gmail.com]> on Friday April 16, 2004 @08:52AM (#8879891) Journal
        then it's GPL forever baby

        Not if some of the source is based on a license that doesn't permit use of the GPL. If they accidentally included some proprietary or closed source to which they didn't have full rights, then their release of the software under GPL would be illegal.
      • Re:Be careful (Score:4, Insightful)

        by sangreal66 (740295) on Friday April 16, 2004 @09:29AM (#8880135)
        Again, you can only set copyright licensing terms if you own the copyright to begin with! The original WASTE was released under the GPL without permission by someone without the authority to license it (although he was the author, copyright is granted to the employer). Therefor the original GPL license is no more valid then if you were to release the leaked windows source under the GPL. That being said, unless VIA got permission from AOL to release it, they too licensed it illegaly making their GPL release invalid as well.
        • Misleading (Score:3, Insightful)

          by mcc (14761)
          The original WASTE was released under the GPL without permission by someone without the authority to license it

          No. The original WASTE was released under the GPL by someone whose permission to license it is in dispute. I have yet to see any even remotely conclusive argument about this either way, and it looks like the kind of question that really only a court has the authority to answer.
    • Re:Be careful (Score:5, Informative)

      by lotsofno (733224) on Friday April 16, 2004 @08:54AM (#8879910)
      Perhaps they discovered a license violation and took it down to prevent a lawsuit.
      They gave Nulloft/Justin no credit for their work, even though the headers clearly had WASTE code in it, their work reports included with the source code mention finding/researching a certain "open source project", and even Justin's documentation was nearly copied and pasted for their User Guide.

      All of that was reported on here [inthegray.com].

      The only reference to WASTE that you could mentioned on their page was buried in a forum discussion [viaarena.com].
    • Re:Be careful (Score:5, Insightful)

      by SacredNaCl (545593) on Friday April 16, 2004 @08:59AM (#8879938) Journal
      Perhaps they decided that it would be counter to their interest in selling hardware encryption appliances which do the same thing. Why release software that can do the job of something you can *sell* hardware for?

      • Re:Be careful (Score:2, Interesting)

        by yipyow (317154)
        Read the link I posted in the original article under "security hardware". PadLockSL uses VIA security hardware to work faster. I had an article about this but have lost it, which compared a VIA C3 1 GHz using this software could generate a key in under 14 seconds or something, where it would take a dual Xeon 2.4 GHz around twice the time. If someone knows what article I'm talking about please post a link.
    • Re:Be careful (Score:5, Insightful)

      by Jeff DeMaagd (2015) on Friday April 16, 2004 @09:32AM (#8880167) Homepage Journal
      The first rule of the internet is like the first rule of the Westerns: download first and ask questions later.
    • Re:Be careful (Score:2, Interesting)

      by yipyow (317154)
      I see this possibility...if VIA has a problem with it I will pull it off my web site (I probably should anyway, my upload bandwidth is hurtin'...). However VIA has not given any reasons for removing their page, for all I know they are having server problems (though I doubt this is the case). Other posters have mentioned that the original GPL release was invalid...this may be so, but if AOL was really interested in it why have they not taken action against the sourceforge project [sourceforge.net]? Either way I'm happy no mat
  • additional mirror (Score:5, Informative)

    by negacao (522115) * <dfgdsfg@asdasdasd.net> on Friday April 16, 2004 @08:43AM (#8879844)
    Here's an extra mirror: http://evilpen.net/PadLockSL.src.zip [evilpen.net].

    [Mirror posted in article seems to be slowing down, it's getting around 20k/sec at the moment.]

    • Is it just me, or does taking something from somebody with a site named evilpen make you edgey?
  • by Saven Marek (739395) on Friday April 16, 2004 @08:47AM (#8879869)
    I wonder sometimes how many projects start up, fail for some reason, and then the code is lost. Not lost because it's proprietary but lost because it just goes the way of crumbs under the table? How much good work is going down the drain.

    I'm glad you managed to save the code, GPLd as it is it has the right to live or die according to popularity. Hope it works.

    shak's nude anime gallery [slashdot.org]
    • by Overand (590318) on Friday April 16, 2004 @08:55AM (#8879915) Homepage
      This makes the assumption that the GPL license originally given for the original code is actually valid. The common point that people make is that Justin Frankel wrote the code while working for AOL, and depending on his contract with AOL, code he writes while working for them (or while in the office?) may be owned by AOL, meaning the license he put on the code may not be valid. Like someone pointed out earlier, if I stuck a GPL COPYING file in with the Windows 2000 source code, it wouldn't suddenly become legit. So if AOL didn't "authorize" the release of the program, the source code for waste is just as 'leaked' as the win2k source code.
      • This makes the assumption that the GPL license originally given for the original code is actually valid. The common point that people make is that Justin Frankel wrote the code while working for AOL, and depending on his contract with AOL, code he writes while working for them (or while in the office?) may be owned by AOL, meaning the license he put on the code may not be valid.

        It can be owned by AOL and still GPL'd. The real question is whether Justin Frankel has the organizational standing to make a

        • I'm guessing that it angered someone higher up the chain and Justin decided tthis wasn't worth fighting for. As this was Nullsoft code, not AOL code, Justin should have the authority to release it.

          The Prooba=lem was that other dvisions at AOL were threatened by the code. Some strings were pulled and AOL claims that the code was unauthorized. My feeling is that the code really was authorized, but it was expedient for AOL to remove it later. While the code is legal, one can expect some lawsuits from AOL
      • That's the worst example you could have possibly given. You did not write the windows source code. Justin wrote the WASTE code.
      • This makes the assumption that the GPL license originally given for the original code is actually valid. The common point that people make is that Justin Frankel wrote the code while working for AOL, and depending on his contract with AOL, code he writes while working for them (or while in the office?) may be owned by AOL, meaning the license he put on the code may not be valid.

        Nope.

        There are really several possibilities here:
        1. Fankel owns the code. If this is true, the GPL release is valid.
        2. AOL owns
    • Apart from the fact it's not GPL'd, I agree.
  • by RonnyJ (651856) on Friday April 16, 2004 @08:52AM (#8879890)
    Perhaps this [nullsoft.com] has something to do with it?
    • Why is it dated May 28, 2003...how long ago did this happen, and if this isn't a typo then how did this make current news?
      • by Rostin (691447) on Friday April 16, 2004 @09:23AM (#8880092)
        Unfortunately you have to know a little history that wasn't explained to "get" this story. After NullSoft (who produce Winamp) was bought out by AOL, a Winamp programmer wrote Waste and posted it to their site (evidentally on May 28, 2003). AOL got mad and made them take it down and posted this notice. Now, VIA (from the sounds of it) has taken what is obviously source code from Waste and turned it into a new program. The parent is speculating that the reason VIA has now taken down this new source is that the original work is not actually and legally GPL'd.
        • Can one really "revoke" a gpl computer license? If someone from Nullsoft posted the software to the website, they are acting as Nullsoft, even if they do so amidst objections of their co-workers. Can Nullsoft, or anyone else for that matter, suddenly turn around and say "Sorry, ours. You can't use it anymore. We changed our minds."

          Do copyright abilities trump contract law when companies get buyer's remorse?

          • by BlueWonder (130989) on Friday April 16, 2004 @09:53AM (#8880341)
            Can one really "revoke" a gpl computer license?

            No. But note that a piece of software is not necessarily licensed under the GPL just because it is accompanied by a text which claims so. Otherwise, I could legally redistribute (e.g.) Microsoft Windows by claiming it is under the GPL.

            If someone from Nullsoft posted the software to the website, they are acting as Nullsoft, even if they do so amidst objections of their co-workers.

            Most likely, the copyright of the software is and always was held by Nullsoft, not the author. Therefore, the author didn't have the right to license the software under the GPL (or any other license) in the first place. Same thing as the Microsoft analogy.

            This is also the reason why the Free Software Foundation requires copyright disclaimers from the employers of software authors. They don't want to suddenly find out that they never had any rights to a software which they allegedly distributed under the GPL.

            • Most likely, the copyright of the software is and always was held by Nullsoft, not the author. Therefore, the author didn't have the right to license the software under the GPL (or any other license) in the first place.

              It's not that simple. If I work for a store, and it is normal duty of mine to do sales and quote prices. I'm am acting on behalf of that company when doing so.
              If I work for Nullsoft and it is my normal duty to release software, I am acting on behalf of nullsoft when I do so.
              If I have
              • by Skjellifetti (561341) on Friday April 16, 2004 @11:41AM (#8881459) Journal
                In the case of Nullsoft, the guy who released waste, obviously had the authority to do so.

                Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license? Are you his boss, perhaps, or maybe a Nullsoft lawyer? Have you read the Nullsoft source release policy statement? Do you have the employee's job description on your desk? Are you bugging Nullsoft's corporate offices? Why are you so obviously authoritative on this issue? Inquiring minds want to know!
                • Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license?

                  Because he's the guy who wrote and released their (Nullsoft's) software.

                  This is pretty much a case of the "nullsoft" division of AOL doing something that AOL decided it didn't like and then AOL claiming that there was no division and that all decisions had to go through them.

                  Maybe his bosses didn't like his decsion, but it's pretty obvious that he was in a position to make decisions on behalf of nullsoft.
                • Why are you so sure he indeed had the authority to do so (source code and all w/ a GPL license? Are you his boss, perhaps, or maybe a Nullsoft lawyer? Have you read the Nullsoft source release policy statement? Do you have the employee's job description on your desk? Are you bugging Nullsoft's corporate offices? Why are you so obviously authoritative on this issue? Inquiring minds want to know!

                  Just a quick little addendum:
                  Do I NEED all that shit when I sign a contract with another company?
                  No. There ju
        • It is questiionable if it legally GPL'ed. Seeing how the programer in question is Justin Frankel. Seeing as Frankel is the head of Nullsoft, it seems likely that if anyone has authority post software under a given License, then Frakel has it. Seeing how waste competes in some market space as AIM, it is likely to see why AOL would not wannt its existance known.

          Also, you need to know the story of gnutella, the original P2P software. That was started at Nullsoft as well. It was also GPL. It also got p
    • Imagine the indignity of having your own company turned against you by AOL.

      Has the author spoken as to whether the license is legitimate or not? If he had the power to post and license products, then I assume the GPL stands.
      • Well he received a good chunk of the 100 million dollors of "**** You" money when he sold out. I assume he knew things would not be the same, but getting a huge chunk of change instead of relying on someone to send you 10 dollors for using your product even letting them remove the splashscreen without paying. At the same time WMP was starting to become real doesn't sount too great either.

        He got exactly what he expected I am sure. Probably more suprised he lasted so long then that he got kicked out.
  • by wang33 (531044) * on Friday April 16, 2004 @08:53AM (#8879898) Homepage
    I ganked the windows binary before it was pulled if anyone cares get it here PadLock [robsell.com]

    Wang33
    • by wang33 (531044) *
      Also source file here, should be a little faster than negacao's line down to 1.86kb/s when i got the source from him(her?), but we shall see how good DreamHost [dreamhost.com] is... Pad Lock Source [slashdot.org]

      Wang33
  • by Brobock (226116) on Friday April 16, 2004 @08:53AM (#8879903) Homepage
    Although without the support of VIA how would one keep developing this since it uses their security hardware. As chip design changes, you would need to know how to make calls to the chip or the program becomes useless... Does VIA offer documentation on their chipsets?
  • by uberlinuxguy (586546) on Friday April 16, 2004 @08:59AM (#8879936) Homepage
    Forbidden Code... *drool*
  • by Richard_at_work (517087) * <richardprice@nOSPam.gmail.com> on Friday April 16, 2004 @09:03AM (#8879948)
    People might want to consider that the release of WASTE was indeed unlawful under current law, AOL/Nullsoft was within their rights to withdraw the code and the GPL was applied to the code under wrong circumstances. A lot of people have mentioned in previous WASTE related stories something to the tune of "It was GPLed, I dont care who GPLed it, Im not discontinuing my use or distribution of it" while not actually considering that just because it had the GPL applied to it, the GPL was lawfully applied.

    Since this product was based on WASTE, this is possibly why it was taken down, and if so, then the fact that a major company thinks the GPL wasnt applied lawfully to it, then Im inclined to think that all the other archives of it around are infringing as well.

    Just my 2 cents on the matter. In the origional WASTE story, i offered to mirror the source code. I did this until i actually sat back and thought about it, then I removed the code because I didnt think its release was lawful.
    • by jdreed1024 (443938) on Friday April 16, 2004 @09:43AM (#8880267)
      A lot of people have mentioned in previous WASTE related stories something to the tune of "It was GPLed, I dont care who GPLed it, Im not discontinuing my use or distribution of it" while not actually considering that just because it had the GPL applied to it, the GPL was lawfully applied.

      Seriously. This is the kind of attitude that Steve Ballmer and folks can point to and say "See how viral the GPL is? Some guy under contract to AOL simply put the word GPL in the source - they didn't even have to make sure the release complied with the terms of the GPL, and now AOL's valuable IP is gone." And then millions of PHBs will ban the use of the word GPL in their offices, because Ballmer provided 'proof' that it was bad.

      The GPL does not let you take any source code anywhere and release it under the GPL. If it did, we'd have seen GPL'd Windows 2000 from the leaked MS source, and a GPL'd version of every piece of source that was ever leaked onto the net. Heck, we could solve Xfree86 problem in a second - someone just grab the latest source with the annoying license, untar it, stick in a GPL LICENSE and COPYING files, tar it back up, and distribute it. Bingo - problem solved. Yet for some strange reason, no one has done that yet. Because it's not allowed. I bet even RMS would agree with that.

      The GPL provides an awful lot of protection, but that all goes out the window if the inital release under the GPL was unlawful. And one such case would be if you signed an employment contract stating that any code you wrote was property of the company. If you plan to work on GPL stuff, either get a waiver beforehand, or find another job. But you don't get to decide that part of your contact doesn't apply because you don't like it or feel it's "wrong". If so, I could decide that I don't feel like repaying my car payment, or that I want to knock down a few walls in my apartment, regardless of what my lease says. The courts get to strike down parts of a contract after it's signed - the average person doesn't.

      • The GPL does not let you take any source code anywhere and release it under the GPL.

        No one's debating that this is a legal, legitimate way of freeing code under the GPL. I don't think there's many GPL zealots that would think so.

        The problem arises when you think about who released the WASTE code, the actualy author of WASTE and (head honcho?) of Nullsoft at the time: Justin.

        I guess what really legally determines this is how much power over Nullsoft does AOL legally have? It's something that needs to b
    • Most likely was lawfully posted and AOL does not have a legal leg to stand on. That doesn't mean that AOL can't bully you though. If the Head of comppany does not have legal authority to publish something, then who would?

      The problem is proving that Frankel caved to pressure from AOL. The Feds could not prove that Capone was a Gangster. Yet everyone knew he was one anyways.
    • People might want to consider that the release of WASTE was indeed unlawful under current law, AOL/Nullsoft was within their rights to withdraw the code and the GPL was applied to the code under wrong circumstances.

      You state that as if it's a fact, but it's actually your opinion and one I don't agree with at all.

      If I work for a store, and it is normal duty of mine to do sales and quote prices. I'm am acting on behalf of that company when doing so.
      If I work for Nullsoft and it is my normal duty to rel
    • the fact that a major company thinks the GPL wasnt applied lawfully to it,

      Sorry, but what a "major company" thinks about the application of the GPL doesn't mean shit (see that other long running story about this company called SCO). What matters is what the courts think and while I can completely understand not wanting to get embroiled in a court case, that doesn't mean you need to rationalize it by handing moral authority over to an organization that has, as its stated goal, complete self-interest witho
  • I'd say (Score:5, Informative)

    by hopelessOne (180591) <hopeless@gmai[ ]om ['l.c' in gap]> on Friday April 16, 2004 @09:06AM (#8879976) Homepage
    this is the reason it was pulled:
    http://sourceforge.net/forum/forum.php?forum_id=36 8414

    Apparently, there were some GPL violations in the code but it doesn't sound like a permanent problem
  • TEN FOOT POLE (Score:5, Insightful)

    by ca1v1n (135902) <snook@[ ]notronic.com ['gua' in gap]> on Friday April 16, 2004 @09:12AM (#8880008)
    If the Nullsoft release was unauthorized (what constitutes unauthorized is not as clear-cut as AOL would have us believe) then the fact that the code was GPL'd is irrelevant. Go roll your own people. Don't even look at the WASTE source. You'll be tainted.
  • don't do that (Score:5, Insightful)

    by hak1du (761835) on Friday April 16, 2004 @09:25AM (#8880098) Journal
    Merely the fact that the software had a GPL copyright on it and happened to be available somehow doesn't mean that you can redistribute it. Until a piece of software has been intentionally released by its owner under the GPL, it is not covered by the GPL.

    Furthermore, one of the most likely reason VIA pulled this is that they don't have the right to distribute it (patents, other people's copyrights, etc.). Then, even if you acquired a copy under the GPL, you couldn't use it because the GPL would be invalid.

    Also, the person posting it may not have been authorized to do so by the copyright holder (the company itself). That would also mean that you don't, in fact, have the right to use it under the GPL because the GPL is an agreement between you and the copyright holder (VIA), and VIA has not entered into that agreement with you.

    Even if you could get away with it legally for some reason, I really think it's a bad idea to behave that way. Good relations between VIA and OSS developers are essential in order to have Linux run well on their hardware. There is no hard-and-fast line, but in a situation like this (it seems it has had no widespread announcement, no user community, no external contributions), the creators of such a software package should be allowed to change their mind at the last minute.
    • Exactly - otherwise you could buy Windows, burn it onto a CD with a copy of the GPL, and claim it's open source.

      Licenses are the fine line between open source and anarchy. If we don't respect the licenses in place, no-one will respect ours.

    • by nuggz (69912)
      You have a license to use and distribute the software.
      If VIA comes after you, you can simply show that you have a license, and you received it from them.

      If a VIA employee posted it on an official website I would think that you can have a good expectation that this was properly authorized. It would be pretty hard for them to argue you knew this wasn't valid.

      Yes the creators should be allowed to change their mind at the last minute, but not after it has already passed.
    • The fact VIA was openly distributing it under the GPL is good enough for me. As for WASTE, the original code this was probably based on, that was also openly distributed by the head of the division that produced it under the GPL.

      the creators of such a software package should be allowed to change their mind at the last minute.

      No, they shouldn't. There's a huge amount of contract law that says co. It was released under a particular license. There is no changing it after hundreds of thousands of people hav
  • by Bazman (4849) on Friday April 16, 2004 @09:42AM (#8880260) Journal
    % cp /usr/src/linux/COPYING /downloads/KaZaa/WindowsSource/

    Hey presto everyone, GPL'd Windows Source code!!!

  • I love it! (Score:3, Insightful)

    by daveman_1 (62809) on Friday April 16, 2004 @11:10AM (#8881147) Homepage
    This program is just too cool! There are some things it could obviously use, such as an easier way for users to share their public keys(ala PGP key servers. The use of actual PGP/GPG keys would be really cool too!) and a few dedicated hosts to start a network(because direct peer to peer isn't always desireable or feasible, but the security through a dedicated host is good enough for most circumstances...) I guess what I'd really like to see is AIM support public key encryption, something that has always been lacking in the instant messenger app of choice for most people. Perhaps the open source community can make this a reality. And gaim encryption just doesn't work for enough people and isn't as strong as this...
  • by greygent (523713) on Friday April 16, 2004 @11:26AM (#8881302) Homepage
    I'm not a lawyer, and I don't use the dumb geek acronyms to shorten that phrase down, but:

    The WASTE software and source code was posted on the Nullsoft website by a Nullsoft employee who's always posting software to the site, who happens to also be the author of WASTE.

    Let me repeat: an officer of the company and the author of the software made this software available under the GPL on the company website.

    This seems open and shut to me: it's still GPL'd software. Sure the employee may have acted against the wishes of his gods, but its too late, it was released by the author, on the company website.

    This would set a dangerous precedence if this were successfully challenged in court. Any company could virtually release a product under the GPL and later revoke it at their whim, claiming its unauthorized and that everyone must destroy their copies.

    • It is likely that the author of the software was the company rather than the individual. We don't know without knowing the details of the employment contract. Externally, it might appear that the programmer was authorized by the company to release under the GPL but we don't know that either.

      It's far from open and shut that the release under the GPL was legal and I don't think the courts will have a hard time deciding it without setting dangerous precedent. If an employee steals a product off the manufac
  • cumulative mirror (Score:3, Interesting)

    by mr_burns (13129) on Friday April 16, 2004 @11:29AM (#8881328)
    http://www.mousearmy.net/tech/

    In the top section I've posted the original waste source, current waste source, PadLockSL source and some of the windows binaries mirrored in this thread.

    This should consolodate the mirrored files in one place.
  • How is using waste any more naughty than gnutella? After all, nullsoft released that and AOL pulled it too.

    And also, the code is in dispute maybe, but what about reverse engineering the protocol? Without protocol docs, you'd have to download and run this in a testing environment if you wanted to reverse engineer the protocol to roll your own code.
  • If all this effort that people are spending to keep putting this thing up when people take it down were instead spent actually working on the code, perhaps the non-GPL'ed parts could be rewritten, and then it wouldn't keep disappearing.
  • Has anyone else noticed that some of the arguments advanced by SCO relating to the alleged iuclusion of proprietary code in the linux kernel are very similar to the WASTE situation? I mean, clearly they aren't directly analogous, and SCO are litigous bastards etc., but think about it: Justin Frankel, while working under a contract that makes all of his software belong to AOL/TW, releases a piece of software under the GPL without authorization. Some people argue that the initial release makes it GPL foreve

The biggest mistake you can make is to believe that you are working for someone else.

Working...