Napster Attacks Open Source Clone 141
Anonymous Coward writes "In a
letter, the author of a Gnome-based
Napster clone was pressured
to remove distribution of the program due to the fear that
source availability would make the Napster servers less secure [if]
gnap
is not ceased." UPDATE by RM: Ryan Dahl, gnap author, has spoken with Napster, says they've come to a happy understanding, and has removed the "letter from Napster" (and his response to it) from his page. He also tells us that he and Napster are working together on an article for tomorrow, which we eagerly await.
dead link (Score:1)
another unix napster client (Score:2)
visit the gnap link (Score:3)
The problem is... (Score:1)
Dan
Ain't that the pot calling the kettle black (Score:2)
There seems to be a double standard in a borderline legal product that was created for the sole purpose of piracy (they say it wasn't, but come on, what did they think was going to happen?) complaining because a clone is compromising it's own security.
Resolved? (Score:4)
1999.11.29
Thank you to all the people that supported me today. The situation was fairly heated for awhile. All I really want to do is code this client. Let me say that Napster (the person) and I discussed this issue completely. He was very resonable and nice when I got to talk to him alone. I hope we can work together to make Napster a good service.
gnap is and will continue to be GPL.
---
Letter Gone and... (Score:1)
--
Jeremy Katz
Yet another proprietary protocol? (Score:3)
The IRC discussion (Score:3)
Before freaking out (Score:5)
The Napster guy is valid in his assumption that open specs will cause lots of hacking. However, he seems to forget that keeping it closed will not stop hacked clients from emerging. Gnap is proof of this.
If you're going to bombard Napster with email, don't flame. Just indicate that security-through-obscurity simply doesn't work. Any sort of protective measures he wants to do should be done on the servers, not so much the clients which everyone has access to.
I personally would like to see lots of encryption.
I am surprised... (Score:1)
And what exactly would be the harm of releasing the source code for napster? As long as it only transfers mp3s and it is not used to transmit viruses and trojans, it is safe to use. If napster is really serious about protecting its users, it should open up the source and let people work together to fit napster's security problems (if any, surely there's gotta be a bug somewhere) instead of hiding the source, having someone discovering the bug, exploiting the system from three weeks, and then napster respond with a patch.
just my $100/5000
_______________________________________________
There is no statute of limitation on stupidity.
Re:Before freaking out (Score:1)
As DeCSS and now Napster have shown, the Linux community simply is one of do-it-yourself people and if somebody locks them out, (by not supplying a client or whatever) they will hack they way in.
Anyway, I've read that the author of gnap and Napster are discussing the problem and I'm pretty confident that they'll find a solution.
Just my 0.00245 LUF
GNoooooooo! (Score:2)
Re:The IRC discussion (Score:1)
When do developers learn... (Score:2)
People seem so quick to hop on the lawsuit bandwagon when the words "reverse engineering" emerge, but think.. Using tcpdump (or similar utilities), I can see what's being transmitted, and work from there. Thinking that your protocols will be kept secret by not releasing source doesn't make sense.
(a bit offtopic)
I'm reminded of one software reviewer's criticism against a windows "firewall" product called "Lockdown 2000". The creators of the product encrypted the executable, but they forgot that it was decrypted and loaded into memory.. just examine the memory with a utility and.. you get the idea. The company later threatened to sue the software reviewer for "cracking" their software (more than likely, fueled by the fact that the software blatantly lied about what it was "protecting" against, which was basically nil).
Let's just remember, something like napster obviously uses networking to communicate.. and as far as I know, sniffing your own system is perfectly legal.
(just my $.02)
--
Security through Obfuscation? (Score:1)
Otherwise people will just find the 'sploits on their own and, well, 'sploit them.
Security behind compiled code just isn't security.
Re:Before freaking out (Score:2)
Two things: first, if it can be reverse-engineered, it can and will be hacked, regardless of its status as open or closed source. Second, the easiest way to avoid hacked clients is to provide the clients in the first place, so there's no reason to hack them. Assuming that the developer(s?) don't have the time for that, help with it from the respective OS communities probably ought to be solicited, not rejected--the friendlier they are about others coding, the more control they can retain over the code that's being written.
Oops, I lied, there's a third: didn't it occur to anyone at napster that client-side security isn't really the tightest one can have (licq's "spoof UID," anyone?)? if that's napster's only security, client hacks are the least of their worries, IMHO.
On the other hand, I've never tried to write a secure client-server protocol, so maybe I'm full of it.
Re:I am surprised... (Score:2)
Read the link. (Score:3)
Headline misleading (Score:4)
I'm not trying to start a flame war,but I hope someone pays attention to this.
Re:I am surprised... (Score:3)
According to this Salon article [yahoo.com] lovingly preserved by Yahoo news service [yahoo.com], they have indeed started to try and do just that:
Slashdot and (ir)?responsible journalism (Score:1)
A more serious issue ... (Score:2)
If we get to the point where the precedent has been set that public services are within their legal right to restrict which clients are able to connect, we're in a position where competition will be severely stifled.
I'd really like to know if this type of concept already falls under some law, or if its just another grey area in the merging of law and the net.
Re:I am surprised... (Score:2)
First of all: that you for posting and contributing to this thread on /..
However, it would be so much more useful if you would help us to clear up the "misunderstanding". Obviously a lot of us were sufficiently concerned to (a) start this thread and (b) contribute to it.
It does not help that you have removed the original letter. That does not sound like a misunderstanding to paranoid /. readers like myself (:-)). It sounds like you were bullied into submission. And we don't like that, so this thread will continue and I suspect that Napster has lost whatever goodwill they had within this community at least.
If Napster is really serious that this is a misunderstanding then they should make public the whole story, unedited. This includes original e-mails, IRC logs, etc. Add whatever comments you and they think are appropriate. Then, perhaps, we will all forgive them and be friends ever after (or something)....
At the moment it looks like they are using strong-arm techniques against an Open Source movement. That approach is going to win them few friends.
Re:I am surprised... (Score:1)
Re:I am surprised... (Score:1)
Oops - I wanted to write:
Re:I am surprised... (Score:1)
Come on, get off your high horse. The problem was between gnap's author and Napster - and they settled it between them. That makes it a private matter.
While Napster might be better off going public with what they did and said (if only to clear the air), there is ABSOLUTELY no excuse for ragging on the author of gnap. I mean, what does he care whether you like the fact that he removed a letter that now has little relevance to what he is doing? Free source != full disclosure of private correspondence. F'chrissakes, it's HIS BUSINESS, so leave him alone. Sheesh.
Controversy = banner ad revenue. (Score:1)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
Re:Not all companies are evil (Score:1)
//rdj
Re:But that client is console-only & not open sour (Score:1)
to everyone (Score:4)
I had a long chat with Napster (the person, the owner of the company) this afternoon, and we worked everything out.
Many of the gnome developers had a meeting this afternoon (which I didn't join) with napster about this whole issue, everyone learned alot. After reading these logs I feel alot better too.
It turns out that Napster's (the person) request to have me remove the source code, was a request as a person (which didn't come clear across to me) not as a company. After that I wrote a letter back to them saying I would not remove the source. Then Saterday afternoon Napster (the person) his co-worker (?) nocarrier and I had a chat.
To say it bluntly, they were being rude and I was feeling threatened. (I WAS NEVER THREATENED THOUGH)
For about 24 hours the sourcecode was offline, before I decided to email them saying I would not take it off. That was that.
They have no legal case, nor do they want any legal case.
This has all been cleared up hours ago. I will put this on the gnap page.
Re:A more serious issue ... (Score:2)
Often, it is illegal. It obviously depends on which country you are in, and many other things. I doubt a legal precedent has been set, but some "real world" examples:
Anyhow, as with most things on the web, I suspect the law is at best unclear. I do feel, however, that the "open door" precedent is valid in this context so I would suggest that it is valid to restrict the clients. (It might be technically hard - or impossible - but that is another matter.)
Re:When do developers learn... (Score:2)
--
a few points... (Score:4)
2 - The service is provided without charge to the user. The client is provided without charge to the user. This does not == free, and it does not == public domain. The 'rights' of the users are just that of any other service - use it, enjoy it, if you don't like it, well... in so many words, shove it. I have yet to see someone build a free public domain server architecture and client to do the same, and when they do I hope that all of you will support it with gusto. Until then, you frankly have nothing to complain about. I don't see what is so wrong with using the client provided to you, and if you want to build your own and your own backend and open source it, more power to you.
Re:Resolved? (Score:2)
This specific instance probably isn't an issue but cut/pasting a chuck of text from another page and posting on
Anyway, go ahead a mark this as flambait.
Citrix
Re:When do developers learn... (Score:1)
Re:Headline misleading (Score:1)
stay good, slashdot, stay good!!! --kiki
Re:Another /. mistake... (Score:1)
Pretty ironic that 15 seconds of work on your part could have prevented you from screaming that out.
PR in the internet age (Score:1)
Hm, I don't think I was "ragging on" four [slashdot.org] but I apologise if it sounded that way.
Instead, I was trying to suggest that Napster had a little PR problem on their hands, and that the way to get out of it was to come open about what happened.
As for /. being important or not: I guess the results speak for themselves. Obviously four thought it was important enough to make him contribute.
The serious issue (if there is one) in this sprawling sub-thread is how to handle PR in the internet age. Obviously nobody are going to comment this deep in a thread, but I think companies have to re-evaluate their PR strategies. If nothing else then they now have to repond much faster to get their message accross (how long before a /. thread goes inactive and none of the posters read it anymore? A day? Six hours? One?).
I guess I'm advocating an Open Source approach to PR: get all the facts out in the open, fast. By all means annotate them and make sure your version of the story gets across. But don't hide or insult your customers by assuming that they can not think for themselves or that they are unable to handle the truth.
This whole story seems to be an example of PR going bad. Apparently everybody are friends now - or at least have a common understanding - but it does not appear like that to the outside world. That's a PR issue. It's not about who is "good" or "bad", "right" or "wrong", but about your company is percieved by your customers. And that is Napster's problem, as I see it. I suggested a way to handle it. Maybe it is not the best way, but it does try to tackle the problem instead of just hiding. And in any case it suggests an approach to PR rather then just a haphazard, ad hoc, inconsistent response.
Re:PR in the internet age (Score:1)
And as for your remark about how it was important enough for four to respond on
ha! (Score:1)
What is the danger? (Score:4)
It would appear that it is easier to fool the napster program in such a manner rather than messing with the source. Everyone can make a file not everyone can code a client.
Secondly who are they scared of? Even script kiddies probably have something better to do than falsely posting mp3's. If it is groups such as the RIAA flooding the server to make it unusable....well they could certainly reverse engineer the client just as well as I can.
Thridly while in this case the client seemed to be easily reverse engineerable security through obscurity is not impossible. If you capture a piece of my own private code the fact that you are unsure of the algorithm renders it difficult to decode (Re: those papers supposedly detailing buried gold in virginia where only one has been decrypted). Sure it isn't as secure as a well tested publicly availible algorithm but if your intent is to hide the actions of an algorithm your choices are limited.
Hell if security through obscurity never worked the wine project would be done.
Napster and my big fat big dong (Score:1)
Re:a few points... (Score:2)
There's really two meanings to the word "client" - one could be a user, connecting to the server or service; the other could be the software of the user, which connects the user to the server/service. AFAIK, the Napster servers are open to anyone who has the required software, whether it's made by Napster or by a third party. Restricting users to one specific client would be a BadThing, IMHO.. let's take IRC for example: all necessary security measures are built into the server so any client's software can connect to the server. I've yet to see an IRC server that says "You must use the XYZ IRC client here or you will be banned!" - that would be ridiculous. Likewise, ICQ seems to have no problems with third-party clients (licq, micq, etc.) connecting to their service - in fact, makers of these clients prove that ICQ's "security features" are lacking. Requiring a user's authorization to be added to their ICQ list, etc. is all client-side security.
Yes, Napster owns the servers, but I disagree with the comparison to mail relaying. In this case, the issue isn't the clients (as in users), its the client's software. (hope that makes sense, it's getting late here
-----------------
2 - The service is provided without charge to the user. The client is provided without charge to the user. This does not == free, and it does not == public domain. The 'rights' of the users are just that of any other service - use it, enjoy it, if you don't like it, well... in so many words, shove it. I have yet to see someone build a free public domain server architecture and client to do the same, and when they do I hope that all of you will support it with gusto. Until then, you frankly have nothing to complain about. I don't see what is so wrong with using the client provided to you, and if you want to build your own and your own backend and open source it, more power to you.
I definitely appreciate the free services that people provide online, but sharing protocols used by services was a precedent set long, long ago - I personally believe it's a good precedent, as it allows developers to create clients for all platforms. If there was a Napster protocol published, there more than likely would have been a *NIX client quite some time ago. Unfortunately, publishing the protocol would reveal weaknesses only known by the developers of the software(and curious hackers - "hackers" as in those who reverse-engineered the software or sniffed the traffic from the software, NOT crackers). Not to put down Napster, but he more than likely knew there was little server-side security, and quite frankly, didn't want to let the cat out of the bag. This is a bad precedent to set, as any malicious kiddie with half of a brain could probably construct a client that would reveal all sorts of interesting information (hostnames/IPs, passwords, etc). This is why the open source movement has so much momentum - it (usually) creates better, more secure products; and believe me, I want my software to be secure with the number of script kiddies running around these days.
-----------------
These are just my opinions on this matter, and they really don't matter one bit
--
Re:Before freaking out (Score:1)
Grrrr (Score:4)
I just have one thing to say. Grow up.
Slashdot as a media source is not your classic 1/2 hour news jive. It's an immediate source that shows what's being said in the moment, links us to where it's being said, and let's us hash it out on our own. So when it gets wind that something happens, when it gets a link to a rather rude (I take it, I didn't get to read it) email that may be threatening, it is Slashdot's place to post it. Things change, and updates can (and in this case, I expect will) be made. If you don't like it a little raw, what are you doing here in the first place?
Jose M. Weeks
Re:Another /. mistake... (Score:1)
Well I'm not an AC - and I agree completely with this. I wanted to look at the code and see how some things are done, but those functions arn't in the old posted client.
But I belive there is also a "alpha" archive that's more upto date.
So when do we start the GPL slash movement :)
--
James Michael Keller
Re:Resolved? (Score:3)
"The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say."
And here is how to get moderated up:
1. Post quickly
2. Post a link or block quote
3. Post a very long self-written comment (note that the content, to first order, doesn't matter)
4. Tell the moderators to moderate you down
5. Use a lot of white space
6. Already be at +3 or +4, most people will moderate up at this point assuming that it must be good
And, oh yes, there is also:
7. Say something original that adds to the conversation. Possibly something that was missed in the original posting or an update/clarification to that post. Possibly a new and different way of looking at the issue.
Sigh, I almost want to go set it so that I can't see scores and I never get moderator points, but you know what? I will still see all these comments which are not about the real topic, but just about moderation and I won't be able to see the context, so I'd just have to go turn them back on to see what was going on. Look at me! This conversation is supposed to be about Napster! have I said anything about Napster yet? Could I, in fact, be posting this without even knowing what Napster is? Am I just wasting space on the comments page?
Now that everyone can see their Karma, Slashdot seems to have become, for a lot of people, a game of "who can get their Karma highest." Wake up people. Karma doesn't matter. The issues matter. I'd call for complete elimination of moderation, but that will never happen. A comprimise would be, oh I don't know...
1. Hide Karma. People can't fight over what they don't know about.
2. Remove the automatic +1 bonus for high Karma. This way there is nothing to fight about, not even an invisible something.
3. Remove metamoderation. It was a good idea, but how many people activly meta-moderate anyway? It's just more time spent not reading things that matter.
So there's my rant, I don't know why I did it here and I realize that by putting it here, I am part of what I am complaining about, but I had to say it.
Re:Slashdot and (ir)?responsible journalism (Score:1)
Re:Another /. mistake... (Score:1)
Re:When do developers learn... (Score:1)
Transferring MP3s through a central file server would likely open Napster to more liability for potential copyright violations than they would like to assume.
Re:Before freaking out (Score:2)
Yeah, the first time I saw that I laughed. I haven't used ICQ seriously since.
why restriction? (Score:1)
I agree to the extent that, if it's your server, technically you have rights over it, and so I can see how someone could begin trying to justify the statement that you should be validated in your efforts to restrict access to your server. Isn't this similar to actions in the instant messaging scruffle between Microsoft and AOL? (I seem to recall something about one of them changing protocol so they couldn't connect... err.. I can't remember, but here [slashdot.org]'s a link.) As someone else posted, this situation can also be likened to web browsers viewing pages; there are many different web browsers, but they can all connect to all web pages (unless it's down
Then again, I wouldn't know all the legalities of this, the implications, consequences, etc. I just think, as others have mentioned, that we're all doing about the same thing... why not work together?
Re:Before freaking out (Score:1)
Re:why restriction? (Score:1)
browser is used (AFAIK), so, by the same token, Napster can't/oughtn't restrict access to their servers based on client.
Actually the TurboTax site wouldn't let me use it because I wasn't using Windows or a Mac. It was their loss, but there is definitely a risk of this type of thing increasing - one of the reasons I have started to familiarise myself with Mozilla.
Chris Morgan
Open Source Napster could be a good thing. (Score:1)
I've heard a lot of complaints from tons of people about how Napstar doesn't work with their firewall, and how they can't seem to get their hotlist to work. I've experienced the same problems these people describe, but they seem to be intermittent at best. I don't know if it's a Win32 problem, or a Napster issue, but it is definitely annoying. Hopefully with this new open-source version, some, if not all of these problems will disappear faster than they would have if the source had stayed closed.
We need a decentralized form of this service (Score:3)
oh... and of course.. it'd be much harder for people to squash the service for distributing ~1 TB of mp3s =]
A few thoughts... (Score:3)
Re:Headline misleading (Score:2)
The threats were coming from another Napster, Inc. employee whom I will note name but will quote, "Fuck him. napster, he's goign to fuck us."
"All I know is some dipshit 17 year old is trying to fuck me."
"And I will fuck each and everyone motherfucking one of you."
They spent hours arguing over this last night... and it seems like Napster (the person) is a nice guy when talked to alone... this other guy isn't nearly as nice to gnap...
BTW, there are logs floating around of the discussion they had last night in #gnapster on EFNet... if anyone manages to get ahold of them, read it... you might not like this other developer that much.
Re:What is the danger? (Score:1)
i think the non-ratio format of napster doesn't encourage people to post false mp3 files. you mostly see this on mp3 ftp servers where you need to upload something before you can download. with napster, there's no benefit to this, aside from causing chaos.
Re:Read the link. (Score:1)
It is ironic really. Slashdot condems law enforcement and others when they falsely accuse someone making that person's life hell. Yet the story editors often falsely accuse others when posting new articules.
I like Slashdot. I just wish a little more thought went into the headlines.
Re:Slashdot and (ir)?responsible journalism (Score:1)
Isn't this illegal use of servers? (Score:1)
Re:Before freaking out (Score:1)
Re:Headline misleading (Score:2)
You're right, the headline is inaccurate. But...
I think it would be better if you kept reading the comments, and kept pointing out problems such as these. That sort of tacit approval (or at least lack of disapproval) doesn't fix the problem. Roblimo and others set too powerful an example for this sort of thing to be ignored.
Re:Isn't this illegal use of servers? (Score:1)
If you had a service/protocol, would you mind if someone wrote a different client for it? Just look at AOL.
It also depends on wether or not the stable clone (im thinking gnap so far) will allow other people to leech off you, once they can't tell the difference, does it really matter?
Good idea (Score:2)
--
Lets attempt to look at Napster's side of this.... (Score:1)
As much as we would like to see people in an altruistic light, Napster as a company needs to make money to stay in business (theoretically, although that is apparantly not the case with today's
Napster is a neat toy and it would be great if they encouraged OS development, but don't be surprised that they don't. They would like to make some cash. Yes, OS software makes money, but the typical OS revenue model doesn't apply in this case (i.e. Napster won't be selling support).
Regardless of what they say about security, cash is what it all comes down to.
Before I get flamed, yes, I know that there is an "official" console based client out there, but I'd imagine that banner ads will be on that too once it goes GUI. And when he does in fact go OS with it, there will probably be some clause in the licence stating that banners will have to still be in there somewhere.
Re:why restriction? (Score:1)
They were blocking out Mac clients to their videos page with a JavaScript that put up a message saying that there was no Microsoft Media Player for the MacOS. This despite the fact that there IS a Media Player, albeit a beta version, available.
When asked about this, MSNBC claimed it was an "error" made by the HTML programmer.
Uh, yeah, right.
Here's part of the code:
if(sUa.indexOf("mac")==-1) {
(snip)
alert("Windows Media Player for Macintosh in not currently available.");
Pope
Re:Isn't this illegal use of servers? (Score:1)
"The importance of using technology in the right way has never been more clear." [microsoft.com]
Re:Resolved? (Score:2)
I think it's good when posts like this get moderated up; they're very informative and I don't have to click through a link to see what the news is.
Just my opinion.
paranoid.android
[OFFTOPIC] slash moderation (was Re:Resolved?) (Score:1)
> but how many people activly meta-moderate
> anyway? It's just more time spent not reading
> things that matter.
You mean you *don't* metamoderate? And you're
complaining about poor moderation?
Re:The IRC discussion (Score:2)
The IRC conversation shows that Napster and one of his "partners" were being idiotic dickheads about the whole situation. I took it that de Icaza et al got motivated due in good part to the IRC conversation.
The arrogance and stupidity of the Napster partners is staggering. Based upon their hype one would think they were going public next week and had a staff of thousands. Based upon their technical discussions one would think they were trying to figure out pointers to get through "Intro to C". These guys will fortunately point the way to more capable companies who wish to accomplish the same thing. Their blatant mistakes will be avoided by smarter people next time around.
Re:Isn't this illegal use of servers? (Score:1)
Just curious.... (Score:1)
Several people have mentioned security problems. I'm curious what kind of security problems are involved here? (The only one I can see is the programmer losing control over his protocol, but as I said, I'm a little dense this morning.)
Given that there are security problems, how should they be addressed? Offhand (and not having taken a close look at Napster), the biggest problem I can imagine is there seems to be only one master server for Napster clients, I would imagine a hierarchical arrangement of a few master servers and sub-master servers, similar to Gamespy, would be more efficient (but that's more a performance issue).
Off-topic (but as long as I'm blathering), is there a Linux version or clone of Gamespy.
This is not a sig.
That's being worked on... (Score:2)
Here's where you can find it. [australia-online.net]
Thing is, it's still the old version. Honestly, I think Rob should be putting out the source more ovten. Perhaps CVS access would be something to try? Yes, I know the code's beta; that's never stopped Open-Source development before.
How about (Score:1)
Just an idea.
Re:We need a decentralized form of this service (Score:1)
This is not a sig.
Re:When do developers learn... (Score:2)
The bottom line is that the RIAA is not "Big Brother". The only reason they're going to bring a suit against someone is if that person is doing something illegal. If they are doing something illegal, then they probably deserve the charges. They don't need protection. Piracy is illegal, plan and simple.
-----------
"You can't shake the Devil's hand and say you're only kidding."
Re:Controversy = banner ad revenue. (Score:1)
--
On the Issue of Slashdot (Score:1)
On the Issue of Slashdot (Score:2)
One is the things they are posting on slashdot. There is still alot of good articles, but not nearly as good as it originally was. I used to read every slashdot article and every comment associated with it. Now I find that only a few articles a day are even interesting. And lately Slashdot has been posting stories that were posted a year or so ago, like they forgot they were posted (which is understandable I guess, but if the news link is over a year old, at least search the archives).
Another big problem I see is the moderators. I am all for moderators moderating comments and such, but I disagree with some of the things they moderate. If anyone questions soemthing about slashdot, or the open source movement, it is considered troll bait and marked down to zero or below. I have seen an abundance of good, intellectual post in the past few months that should no have ever been moderated down. If anything, they should of been moderated up. Slashdot is starting to become like , say a government, someone questions it and they are silenced. No matter how intellectual and how good of apoint they have.
And about the issue of open source and slashdot, my sentiments exactly. I have always thought slashdot code should be CVS'ed. Dont get me wrong, I am not open source extremist, but if they are going to open the source, at least give us the most recent versions. Dont open source an initial version, then keep everything private. Thats not open source. I would also like the see the financial records of slashdot open sourced (or content, whatever you feel is appropriate), as in how much Andover paid for Slashdot. Rarely does a company not disclose the takeover/merger price, especially in the internet industry.
Anyway, I cant really say keep up the good work Rob. But you have a good site here, I hope it gets better then where its been going.
On the other hand (Score:2)
How many people who agree they should open up their backend to foreign clients agree that AOL should do the same for MSFTs messager? What if they weren't giving their client away free?
Re:Resolved? (Score:2)
If disclaimers were truly meaningful, Microsoft should have disclaimed it's business practices.
Citrix
Re:Resolved? (Score:1)
Actually, as the publishers they presumably are liable. Compare it to newspaper editors who routinely gets sued.
It is (in most cases) the publication of material that is illegal. I can write all the treaties I want at home denouncing [insert ethnic group here] as sub-human and advocating that they should be treated as pack-animals, if I so desire. That is legal in most free countries: I'm entitled to my opinions, no matter how offensive. The problem arises when the material gets published - that's when the offence occurs. I may think like a racist (for example), but I can not advocate it in public. No can you (or "Rob and friends") even if you use my words.
Disclaimer: I'm not a lawyer - don't take anything I say serious.
Re:A more serious issue ... (Score:1)
Why not steal the validation code from the Netrek source [wfubmc.edu]?
Your Working Boy,
Re:We need a decentralized form of this service (Score:1)
I will freely admit that I was a person who is/was getting fed up with the unix nap client and it's crashing, and the lack of connectivity between the servers. I've even started hashing out specs in my mind for what I'd consider the right way to do this (and yes, before someone says I'm blowing smoke out my buttocks, I do have the knowledge and experience at writing TCP/IP servers ala MUDs or IRC servers to write something of this magnitude)
Re:ha! (Score:1)
Re:Resolved? [OT] (Score:1)
I JUST POURED NAKED AND PETRIFIED GNULIX BRAND GRITS DOWN MY PANTS SO J00 Mu57 Ph3@R m3!^%&^%@?
ph1r57 p057!!&(*&(*@?!(!!
PS: The second best way to get Karma is to ask to be moderated down. I'm glad I haven't had moderator access since THAT bullshit started.
---
Re:Before freaking out (Score:1)
No no no! "Lots of encryption" is not the answer. A correctly implemented, wee bit o encryption, with a secure protocol is the answer.
Re:Resolved? (Score:1)
Actually, as the publishers they presumably are liable. Compare it to newspaper editors who routinely gets sued.
The difference is that the Slashdot crew doesn't do the publication or editing --- they don't look over the comments before the comments are posted, and therefore can disclaim responsibility for the comments.
Client Validation Impossible (Score:1)
Re:Before freaking out (Score:1)
They have some weak security measures you have to pass to connect to a Napster client, and didn't want an open source client for security reasons. However they were trying to use security through obscurity, which dosen't work. Any idiot can run a packet sniffer and try to figure out what's going on on there own.
Re:On the Issue of Slashdot (Score:2)
I think that one of the problems Slashdot is starting to face is that it is turning away news submitters. How many times have any of you submitted a story, just to find that it is never posted. Fine, it does not have to be posted. But after you have submitted item several times, none of them worked, then you think, "why bother?". The less people are willing to submit stories, the more difficult for Slashdot to be as comprehensive as fast in reporting news.
And then we are starting to read news that lean more towards gossiping than real jornalism (the Corel fiasco with regard to teenagers and the EULA). Yesterday we had to read a "press release" about Y2Brand that looked more like a commercial than a news item.
Slashdot is starting to offer t-shirts to book reviewers, why not offer something to the first whose news item is published? At least that will attract back some of those who have decided that everytime they fill the form is a waste of their time.
I suspect that like many, I am starting to mine for my own news. I don't find many pieces worth reading. In the past, I could spend all my free time reading Slashdot. Now, I just skip many of the headlines.
Don't get me wrong. I like Slashdot. I want to see it shinning. But I think that it has to continue to grow up. It has the money and the resources to do it, and that has increased our expectations. It cannot and should not continue as a "garage" project. After its takeover by Andover our expectations on Slashdot changed accordingly.
And like many, I think Roblimo is doing an excellent job and I love the interviews he is doing. We need more people like him, that bring a fresh air and a professinal face to Slashdot. We also need to have more relevant articles. Finally, make sure that you understand the ramifications of your postings and the responsibilities that the community has put on it. Somehow, Slashdot readers are starting to note this and they start to believe that they have to keep a cool head despite the "news" sometimes they are presented with. The item on Napster shows that sometimes, in an attempt to be the "first", Slashdot is willing to put a headline that might dramatically change the outcome of it. I just hope that we don't lose a battle because Slashdot worked against us. On the contrary, we have to make sure Slashdot works along our Free Software ideals.
Now I just have to wait for somebody else to pump the rating on this message. Otherwise, like many comments, it might be lost in a sea of many others.
Some factual information (Score:2)
The writeup is here [advogato.org], posted on Advogato. As usual, anyone can read, but posting is restricting to free software developers.
..source code availability.....less secure..! (Score:1)
how much Andover paid for Slashdot (Score:2)
Slashdot.org Purchase Agreement
Under the terms of the Asset Purchase Agreement between BlockStackers, Inc. and Andover.Net, dated as of June 18, 1999,
Andover.Net purchased those assets of BlockStackers relating to the Slashdot.org web site for 1.5 million in cash paid at closing
and maximum future cash payments of $3.5 million payable over the next two years contingent on the continued employment of
two key employees. Maximum future stock consideration of $7.0 million is payable over a period of two years following this
offering. For the purposes of these issuances, the number of shares of common stock to be issued is determined using an assumed
initial public offering price of $13.50 per share. Thus, the total consideration that will be paid is valued at $8.5 million and the
maximum contingent consideration payable is $3.5 million. All consideration has been or will be paid to BlockStackers. The number
of shares paid is contingent on the continued employment of two key employees and the achievement of performance milestones
relating to traffic on the web site.
*
148,148 shares issuable upon the closing of this offering;
*
74,074 shares issuable seven months after the closing of this offering;
*
49,383 shares issuable 12 months after the closing of this offering;
*
98,763 shares issuable 12 months after the closing of this offering provided that the milestones in the agreement have been
met;
*
49,383 shares issuable 24 months after the closing of this offering; and
*
98,765 shares issuable 24 months after the closing of this offering provided that the milestones in the agreement have been
met.
Pursuant to this purchase agreement, BlockStackers also agreed not to compete with Andover.Net or to solicit its personnel,
customers or suppliers. Specifically, BlockStackers may not compete with Andover.Net, its subsidiaries or affiliates by engaging
in any business that involves a real-time or contemporaneous news web site until June 28, 2004. Prior to June 28, 2001,
BlockStackers may not solicit personnel, customers or suppliers from Andover.Net, its subsidiaries or affiliates. Mr. Malda, a
director of Andover.Net, owns 25% of BlockStackers. Mr. Malda, the President and co-founder of BlockStackers, was a web site
manager of BlockStackers, running Slashdot.org. Mr. Malda continues to run Slashdot.org as a web site manager and editor of
Andover.Net.
Slashdot irresponsibility (Score:2)
Obviously they're too busy trying to ride the wave they've created to worry about something as trivial as security.
Re:We need a decentralized form of this service (Score:2)
The way around this would be to store the whole database in each client, and broadcast updates to everybody. That way, any node dropping out of the system doesn't bring down the whole network. This is the trick about Usenet that makes it immune to censorship, and has kept the p0rn flowing for so many years...
Whether this should be done by piggybacking on top of IRC, or by inventing a new, parallel protocol, is left as an exercise to the implementor...
If it's centralized, someone will be sued and shut down. If it's decentralized, there are too many people to sue, and the network adapts itself and routes around the problem areas.
Not that I'm advocating breaking the laws of whatever country you happen to be in, of course. That would be wrong. I'm just talking about robust network design.
Re:Resolved? (Score:2)
I came across your post while I was -- guess what -- meta-moderating, and I just had to comment.
You may think of meta-moderation as more time spent not reading things that matter. Well, good for you. Don't do it, then. I, on the other hand, have found some very interesting and insightful comments while meta-moderating, and have even become interested (even if only for a brief while) in topics that I otherwise would have held no interest in whatsoever. That's part of why I do it, in fact. Sure, there's a lot of crap that goes through there, but you can just click the little "Fair" button and scroll past it. Occasionally, though, you get that one comment that makes it all worth the trouble. The one that makes you think.