Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Almighty Buck

Napster Attacks Open Source Clone 141

Anonymous Coward writes "In a letter, the author of a Gnome-based Napster clone was pressured to remove distribution of the program due to the fear that source availability would make the Napster servers less secure [if] gnap is not ceased." UPDATE by RM: Ryan Dahl, gnap author, has spoken with Napster, says they've come to a happy understanding, and has removed the "letter from Napster" (and his response to it) from his page. He also tells us that he and Napster are working together on an article for tomorrow, which we eagerly await.
This discussion has been archived. No new comments can be posted.

Napster Attacks Open Source Clone

Comments Filter:
  • by Anonymous Coward
    FYI: Letter link is dead/inaccesible.
  • http://www.gis.net/~nite/
  • by Wah ( 30840 ) on Monday November 29, 1999 @08:24PM (#1494694) Homepage Journal
    and end this before it gets silly, non-issue.
  • once the source is out in one place, people have it, and it spreads...like wildfire...napster cannot win this fight and should just welcome its counterpart. It's hard to stop the spread of source code.


    Dan
  • Hmmm, isn't napster the same program whose creators are being sued by the recording industry for aiding in the piracy of MP3s?
    There seems to be a double standard in a borderline legal product that was created for the sole purpose of piracy (they say it wasn't, but come on, what did they think was going to happen?) complaining because a clone is compromising it's own security.

  • by wampus ( 1932 ) on Monday November 29, 1999 @08:28PM (#1494698)
    From the gnap homepage:

    1999.11.29
    Thank you to all the people that supported me today. The situation was fairly heated for awhile. All I really want to do is code this client. Let me say that Napster (the person) and I discussed this issue completely. He was very resonable and nice when I got to talk to him alone. I hope we can work together to make Napster a good service.

    gnap is and will continue to be GPL.
    ---
  • He's taken the letter down. He says he spoke with Napster (the author of the program) and the guy was nice and that they're going to work together.



    --
    Jeremy Katz
  • by Asparfame ( 96993 ) on Monday November 29, 1999 @08:29PM (#1494700)
    What makes some of these companies think that whenever somebody writes a piece of software that exploits the flaws in their software, it's not their fault? This is just like the whole DeCSS business. Big (well, Napster isn't that big in this case) corporates trying to protect their "proprietary" software when the only reason it needs protection is because it's weak. It also seems pretty hipocritical to me when Napster, a company which is basically devoted to assiting people engaging in music piracy, tries to shout the same "it's mine!" call as the music industry. I don't know about you, but this I downloaded the gnap source code as soon as I saw this posted.
  • by Carl ( 12719 ) on Monday November 29, 1999 @08:31PM (#1494701) Homepage
    Miguel de Icaza's activity log [nuclecu.unam.mx] has a link to the irc discussion [sourceforge.net] that the author of gnap had with the people from Napster. I am not sure if this discussion took place before or after he received the letter.
  • by jfunk ( 33224 ) <jfunk@roadrunner.nf.net> on Monday November 29, 1999 @08:31PM (#1494702) Homepage
    Look at the comments on the main page [sourceforge.net].

    The Napster guy is valid in his assumption that open specs will cause lots of hacking. However, he seems to forget that keeping it closed will not stop hacked clients from emerging. Gnap is proof of this.

    If you're going to bombard Napster with email, don't flame. Just indicate that security-through-obscurity simply doesn't work. Any sort of protective measures he wants to do should be done on the servers, not so much the clients which everyone has access to.

    I personally would like to see lots of encryption.
  • I am surprised napster is _suing_ someone instead of being sued. Considering the fact that napster itself barely seems legal as it is, I'm also surprised that RIAA haven't shut napster down yet.

    And what exactly would be the harm of releasing the source code for napster? As long as it only transfers mp3s and it is not used to transmit viruses and trojans, it is safe to use. If napster is really serious about protecting its users, it should open up the source and let people work together to fit napster's security problems (if any, surely there's gotta be a bug somewhere) instead of hiding the source, having someone discovering the bug, exploiting the system from three weeks, and then napster respond with a patch.

    just my $100/5000



    _______________________________________________
    There is no statute of limitation on stupidity.
  • I just wonder when developers will finally realize that if THEY do not support Linux SOMEBODY WILL! (Even if the latter has to reverse engineer the software to port it)

    As DeCSS and now Napster have shown, the Linux community simply is one of do-it-yourself people and if somebody locks them out, (by not supplying a client or whatever) they will hack they way in.

    Anyway, I've read that the author of gnap and Napster are discussing the problem and I'm pretty confident that they'll find a solution.

    Just my 0.00245 LUF ;)
  • Gnot when Gnapster was just getting goood! Gnow the company had to go and pull this shit... goddam give it a break, its gnot like anyone's stealing money from the company, it has no real future except to helpe me pirate my mp3s...
  • darn. That also seems to have been taken down. :(
  • never, apparently. Didn't ICQ teach us that putting 'security' in the client was pointless? Come on, whining because someone released information detailing the protocol(s) used is pathetic. Security through obscurity, client side security, whatever you want to call it.. developers need to understand the plus side of the open source movement, as they will have problems pointed out (and usually solutions presented) by people who care, rather than having the problems unknowingly exploited by some script kiddies.

    People seem so quick to hop on the lawsuit bandwagon when the words "reverse engineering" emerge, but think.. Using tcpdump (or similar utilities), I can see what's being transmitted, and work from there. Thinking that your protocols will be kept secret by not releasing source doesn't make sense.

    (a bit offtopic)
    I'm reminded of one software reviewer's criticism against a windows "firewall" product called "Lockdown 2000". The creators of the product encrypted the executable, but they forgot that it was decrypted and loaded into memory.. just examine the memory with a utility and.. you get the idea. The company later threatened to sue the software reviewer for "cracking" their software (more than likely, fueled by the fact that the software blatantly lied about what it was "protecting" against, which was basically nil).

    Let's just remember, something like napster obviously uses networking to communicate.. and as far as I know, sniffing your own system is perfectly legal.

    (just my $.02)
    --
  • Why don't they simply let the linux folks pound on it for a while and pick up the (open source) bug fixes?
    Otherwise people will just find the 'sploits on their own and, well, 'sploit them.
    Security behind compiled code just isn't security.
  • Two things: first, if it can be reverse-engineered, it can and will be hacked, regardless of its status as open or closed source. Second, the easiest way to avoid hacked clients is to provide the clients in the first place, so there's no reason to hack them. Assuming that the developer(s?) don't have the time for that, help with it from the respective OS communities probably ought to be solicited, not rejected--the friendlier they are about others coding, the more control they can retain over the code that's being written.

    Oops, I lied, there's a third: didn't it occur to anyone at napster that client-side security isn't really the tightest one can have (licq's "spoof UID," anyone?)? if that's napster's only security, client hacks are the least of their worries, IMHO.

    On the other hand, I've never tried to write a secure client-server protocol, so maybe I'm full of it.

  • The article is in correct. Napster is not sueing, is not planning on sueing, ever will sue , or has even ever threatened to sue me. The whole thing has been a massive misunderstanding. (i am the gnap author)
  • by BJH ( 11355 ) on Monday November 29, 1999 @09:13PM (#1494713)
    Roblimo, at least look at the link before you post a story. There's been a number of stories on /. lately that caused a lot of problems for a few people and got a whole lot more people in an uproar simply because the story poster didn't check the linked story properly.

  • by Xerithane ( 13482 ) <xerithane@@@nerdfarm...org> on Monday November 29, 1999 @09:17PM (#1494714) Homepage Journal
    I think that the headline for this story is very very very misleading. This is like the 5th time in the last couple weeks that /. has ramped things up more than they really are. He says specifically that Napster (the person) was a nice guy.. doesn't sound like a threatening attack to me from what I read. Please, try to be an unbiased news source from now on, I'm resorting to ignoring any and all comments from the posters at this point (Especially Roblimo and michael, hemos at least apologized)
    I'm not trying to start a flame war,but I hope someone pays attention to this.
  • by cybaea ( 79975 ) <allane&cybaea,com> on Monday November 29, 1999 @09:24PM (#1494716) Homepage Journal
    Considering the fact that napster itself barely seems legal as it is, I'm also surprised that RIAA haven't shut napster down yet.

    According to this Salon article [yahoo.com] lovingly preserved by Yahoo news service [yahoo.com], they have indeed started to try and do just that:

    And to top it all off, the RIAA this week slapped an MP3 search engine called Napster with a lawsuit, claiming that Napster contributes to piracy by letting users swap file libraries with each other. Never mind the fact that many of the songs that people are swapping might be legal.

  • Here we go again. Slashdot posts some flame bait and tries to make a flame war out of nothing. Let the "two minutes of hate" begin. Come and scream your outrage against the "bad guys" !

  • Is whether or not it is illegal to utilize "public services" with non-approved access methods. In particular, utilizing public net services. I am of the belief that if you are running a public server on the internet, you cannot expect people to use the client you specify. Imagine if you only had one browser to choose from? The web is a different concept in that it's decentralized, but ICQ is a good example. ICQ has the lion's share of the latest "hot" market, and as much as they'd like to retain total control, I wouldn't appreciate being tied into one client.

    If we get to the point where the precedent has been set that public services are within their legal right to restrict which clients are able to connect, we're in a position where competition will be severely stifled.

    I'd really like to know if this type of concept already falls under some law, or if its just another grey area in the merging of law and the net.
  • The whole thing has been a massive misunderstanding. (i am the gnap author)

    First of all: that you for posting and contributing to this thread on /..

    However, it would be so much more useful if you would help us to clear up the "misunderstanding". Obviously a lot of us were sufficiently concerned to (a) start this thread and (b) contribute to it.

    It does not help that you have removed the original letter. That does not sound like a misunderstanding to paranoid /. readers like myself (:-)). It sounds like you were bullied into submission. And we don't like that, so this thread will continue and I suspect that Napster has lost whatever goodwill they had within this community at least.

    If Napster is really serious that this is a misunderstanding then they should make public the whole story, unedited. This includes original e-mails, IRC logs, etc. Add whatever comments you and they think are appropriate. Then, perhaps, we will all forgive them and be friends ever after (or something)....

    At the moment it looks like they are using strong-arm techniques against an Open Source movement. That approach is going to win them few friends.

  • I will reiterate. they are not suing . Sheeesh.
  • Oops - I wanted to write:

    First of all: thank you for posting...


  • Yeah! 'Cause we're /. readers and we're R3477Y KEWL!!!!!

    Come on, get off your high horse. The problem was between gnap's author and Napster - and they settled it between them. That makes it a private matter.

    While Napster might be better off going public with what they did and said (if only to clear the air), there is ABSOLUTELY no excuse for ragging on the author of gnap. I mean, what does he care whether you like the fact that he removed a letter that now has little relevance to what he is doing? Free source != full disclosure of private correspondence. F'chrissakes, it's HIS BUSINESS, so leave him alone. Sheesh.

  • You think they care that the story's inaccurate? Muckraking and hearsay is well worth it when you consider that they're probably getting a few thousand impressions out of this story. That means money, plain and simple, journalistic integrity be damned. Expect a follow-up retraction well after the fact while the hits keep rolling in.

    - A.P.
    --


    "One World, one Web, one Program" - Microsoft promotional ad

  • True, but most are. The goal of most companies is making money at any cost. Evil enough for me, by default I do not trust any company.

    //rdj
  • Actually, the author has decided to never make it open source..
  • by four ( 110907 ) on Monday November 29, 1999 @09:51PM (#1494728)
    I have removed the logs and emails on the gnap site because they do not show Napster (the company) in very good light. This disision was mine and mine alone.
    I had a long chat with Napster (the person, the owner of the company) this afternoon, and we worked everything out.
    Many of the gnome developers had a meeting this afternoon (which I didn't join) with napster about this whole issue, everyone learned alot. After reading these logs I feel alot better too.

    It turns out that Napster's (the person) request to have me remove the source code, was a request as a person (which didn't come clear across to me) not as a company. After that I wrote a letter back to them saying I would not remove the source. Then Saterday afternoon Napster (the person) his co-worker (?) nocarrier and I had a chat.
    To say it bluntly, they were being rude and I was feeling threatened. (I WAS NEVER THREATENED THOUGH)

    For about 24 hours the sourcecode was offline, before I decided to email them saying I would not take it off. That was that.

    They have no legal case, nor do they want any legal case.

    This has all been cleared up hours ago. I will put this on the gnap page.
  • Is whether or not it is illegal to utilize "public services" with non-approved access methods.

    Often, it is illegal. It obviously depends on which country you are in, and many other things. I doubt a legal precedent has been set, but some "real world" examples:

    • In the UK at least, just because my front door is wide open that does not give you any right to enter my house. Only if I invite you can you enter. It seems to me that this is a close example of a "public net service" as you discuss it. My door is open, but I only invite you if you use my client.
    • Anything I plug into a socket in my house has to be approved. I can not use any telephone that I have knocked together. Nor any electical equipment. They must all be approved by some authority. Until recently it was technically illegal for people in the UK to change their own lightbulbs - you were supposed to call a qualified electrician (sp?) for that. (Somebody please remind my: why am I satying in this stupid country? [slashdot.org] ;-))
    • There are lots of monopolies: "last mile" telephones, gas, water, ...

    Anyhow, as with most things on the web, I suspect the law is at best unclear. I do feel, however, that the "open door" precedent is valid in this context so I would suggest that it is valid to restrict the clients. (It might be technically hard - or impossible - but that is another matter.)

  • Yes, it does "protect" the user somewhat, but if someone was to get the file from the user, I'm assuming that there's a direct connection to their machine (assuming, because: 1. downloading through a central server would be illogical and 2. the napster setup under 'doze requires direct access to the machine on at least one port for data transmission, as documented in firewall setup). When this direct connection is requested/established, there is all sorts of diagnostic software ('netstat' included) that can tell you the remote peer's IP.
    --
  • by whocares ( 93522 ) on Monday November 29, 1999 @10:02PM (#1494731)
    1 - Napster owns the servers that the client uses. Period. They provide the servers for use by the client. Any unauthorized client using the servers is just that - unauthorized. This is exactly the same as someone relaying mail through your server that you do not authorize, and they should be equally free to do whatever they wish to make sure that only authorized clients use their servers.

    2 - The service is provided without charge to the user. The client is provided without charge to the user. This does not == free, and it does not == public domain. The 'rights' of the users are just that of any other service - use it, enjoy it, if you don't like it, well... in so many words, shove it. I have yet to see someone build a free public domain server architecture and client to do the same, and when they do I hope that all of you will support it with gusto. Until then, you frankly have nothing to complain about. I don't see what is so wrong with using the client provided to you, and if you want to build your own and your own backend and open source it, more power to you.
  • I know this is offtopic but really, post like this should not get moderated up.
    This specific instance probably isn't an issue but cut/pasting a chuck of text from another page and posting on /. could possibly get Rob and friends in trouble. I've seen post like this many time before and this seems to be the easiest way to inflate your Karma.
    Anyway, go ahead a mark this as flambait.
    Citrix
  • Agreed -- with a closed source product, how do we know that the product isn't doing something that it is not advertised to do -- like sending out personal information, opening up my computer to crackers, etc? When I tried the closed-source napster, I created a 'testuser' account on my linux box, and ran it from there... there was no way in hell that I would risk running a closed-source product from an untrusted company using my main user account. I shudder at the idea of using it on a Windows box; that would essentially open up my entire computer to attack, should anything sneaky be in the client. Gnap, on the other hand, I can trust! Why? Because when the source is open, I can be reasonably sure that there is nothing malicious in it. (and if it was ever found out that there was, someone would make a huge stink about it and I would find out.) And besides, if I suspect foul play, I can always look over the source myself. It's a win-win situation for everyone! Unless you happen to want to make money off of proprietary code, or something...
  • mildly off-topic but a very good point. i have noticed this also and just wanted to add voice to the plea that this gets attention from the /. crew.

    stay good, slashdot, stay good!!! --kiki
  • Hey buddy, guess what -- the slashdot source is out there [slashdot.org], and a lot of other sites use it. It might not be the latest version, but who cares; It's not our right to always have the latest code. Having any code at all is a priveledge that is much appreciated.
    Pretty ironic that 15 seconds of work on your part could have prevented you from screaming that out.
  • Hm, I don't think I was "ragging on" four [slashdot.org] but I apologise if it sounded that way.

    Instead, I was trying to suggest that Napster had a little PR problem on their hands, and that the way to get out of it was to come open about what happened.

    As for /. being important or not: I guess the results speak for themselves. Obviously four thought it was important enough to make him contribute.

    The serious issue (if there is one) in this sprawling sub-thread is how to handle PR in the internet age. Obviously nobody are going to comment this deep in a thread, but I think companies have to re-evaluate their PR strategies. If nothing else then they now have to repond much faster to get their message accross (how long before a /. thread goes inactive and none of the posters read it anymore? A day? Six hours? One?).

    I guess I'm advocating an Open Source approach to PR: get all the facts out in the open, fast. By all means annotate them and make sure your version of the story gets across. But don't hide or insult your customers by assuming that they can not think for themselves or that they are unable to handle the truth.

    This whole story seems to be an example of PR going bad. Apparently everybody are friends now - or at least have a common understanding - but it does not appear like that to the outside world. That's a PR issue. It's not about who is "good" or "bad", "right" or "wrong", but about your company is percieved by your customers. And that is Napster's problem, as I see it. I suggested a way to handle it. Maybe it is not the best way, but it does try to tackle the problem instead of just hiding. And in any case it suggests an approach to PR rather then just a haphazard, ad hoc, inconsistent response.

  • No, this is not a PR issue. It's an issue with the way that /. posts stories. In particular, Roblimo seems to succumb to the urge to post stories with inflammatory titles ("Napster attacks open source clone") and without proper confirmation (which in this case simply means "reading the link yourself").

    And as for your remark about how it was important enough for four to respond on /., what do you think he's going to do? He's probably had a whole bunch of gibbering /. monkeys piling all sorts of garbage into his mailbox about how they'll mailbomb Napster/crack Napster's server/otherwise harass Napster. It's happened before and it'll happen again...

  • by jebbono ( 106201 )
    Personally, I think this is really funny. Even if it is all peacefully resolved now, it would be funny if the gnap guy just sent back all of Napster's quoted press in response to the RIAA and changed "music" to "OSS". The Napster releases are like, "It's all about community and sharing." That would be too funny. Anyone know how napster plan to make money, anyway?
  • by PG13 ( 3024 ) on Monday November 29, 1999 @11:03PM (#1494744)
    As I understand the fear is that hacked napster clients will be able to report incorrectly what mp3's I have availible. But what prevents me from merely creating files of the appropriate size filled with random bytes?

    It would appear that it is easier to fool the napster program in such a manner rather than messing with the source. Everyone can make a file not everyone can code a client.

    Secondly who are they scared of? Even script kiddies probably have something better to do than falsely posting mp3's. If it is groups such as the RIAA flooding the server to make it unusable....well they could certainly reverse engineer the client just as well as I can.

    Thridly while in this case the client seemed to be easily reverse engineerable security through obscurity is not impossible. If you capture a piece of my own private code the fact that you are unsure of the algorithm renders it difficult to decode (Re: those papers supposedly detailing buried gold in virginia where only one has been decrypted). Sure it isn't as secure as a well tested publicly availible algorithm but if your intent is to hide the actions of an algorithm your choices are limited.

    Hell if security through obscurity never worked the wine project would be done.
  • Napster has tried to be all corporate now claiming to be an all mighty "silicon valley" company. haha... one day it's a hacker site, the next day it got all corporate... do i here the words portal, .COM, and television commercials soon? yuck... how about i throw up right now on MP3.com valuation and take some of that puke and through it into the future at something as trivial as napster... which i'm sure will puff it's feathers up and hire frat boys who play golf all day so they can IPO within 4 months...
  • 1 - Napster owns the servers that the client uses. Period. They provide the servers for use by the client. Any unauthorized client using the servers is just that - unauthorized. This is exactly the same as someone relaying mail through your server that you do not authorize, and they should be equally free to do whatever they wish to make sure that only authorized clients use their servers.

    There's really two meanings to the word "client" - one could be a user, connecting to the server or service; the other could be the software of the user, which connects the user to the server/service. AFAIK, the Napster servers are open to anyone who has the required software, whether it's made by Napster or by a third party. Restricting users to one specific client would be a BadThing, IMHO.. let's take IRC for example: all necessary security measures are built into the server so any client's software can connect to the server. I've yet to see an IRC server that says "You must use the XYZ IRC client here or you will be banned!" - that would be ridiculous. Likewise, ICQ seems to have no problems with third-party clients (licq, micq, etc.) connecting to their service - in fact, makers of these clients prove that ICQ's "security features" are lacking. Requiring a user's authorization to be added to their ICQ list, etc. is all client-side security.

    Yes, Napster owns the servers, but I disagree with the comparison to mail relaying. In this case, the issue isn't the clients (as in users), its the client's software. (hope that makes sense, it's getting late here :) If the software makers are willing to port their software to different platforms, more power to them.. they must remember, though, that if unencrypted communication is made over any network interface, the protocols won't be "secret" for long ;)
    -----------------
    2 - The service is provided without charge to the user. The client is provided without charge to the user. This does not == free, and it does not == public domain. The 'rights' of the users are just that of any other service - use it, enjoy it, if you don't like it, well... in so many words, shove it. I have yet to see someone build a free public domain server architecture and client to do the same, and when they do I hope that all of you will support it with gusto. Until then, you frankly have nothing to complain about. I don't see what is so wrong with using the client provided to you, and if you want to build your own and your own backend and open source it, more power to you.

    I definitely appreciate the free services that people provide online, but sharing protocols used by services was a precedent set long, long ago - I personally believe it's a good precedent, as it allows developers to create clients for all platforms. If there was a Napster protocol published, there more than likely would have been a *NIX client quite some time ago. Unfortunately, publishing the protocol would reveal weaknesses only known by the developers of the software(and curious hackers - "hackers" as in those who reverse-engineered the software or sniffed the traffic from the software, NOT crackers). Not to put down Napster, but he more than likely knew there was little server-side security, and quite frankly, didn't want to let the cat out of the bag. This is a bad precedent to set, as any malicious kiddie with half of a brain could probably construct a client that would reveal all sorts of interesting information (hostnames/IPs, passwords, etc). This is why the open source movement has so much momentum - it (usually) creates better, more secure products; and believe me, I want my software to be secure with the number of script kiddies running around these days.
    -----------------
    These are just my opinions on this matter, and they really don't matter one bit :)
    --
  • Good programmers design a solid and secure protocol first, then write the app they have in mind. The problem is that most programmers start the app first, then build the protocol around it as the app grows. They get buggy, overly complex and unsecure protocols... that they can't get rid of because everyone is using their app by the time they realise their mistake.
  • by jmweeks ( 49705 ) <jose@joseweeks.com> on Monday November 29, 1999 @11:38PM (#1494749) Homepage
    I guess this is a little offtopic (if Slashdot had a general posts board I suppose it'd go there) but I've been seeing a lot of posts criticizing the headings/content/comments of topics lately. People criticizing i.e. Roblimo for "Napster Attacks Open Source Clone" (others come to mind, such as the ID spying post and the Bruce Perens vs. Corel thing).

    I just have one thing to say. Grow up.

    Slashdot as a media source is not your classic 1/2 hour news jive. It's an immediate source that shows what's being said in the moment, links us to where it's being said, and let's us hash it out on our own. So when it gets wind that something happens, when it gets a link to a rather rude (I take it, I didn't get to read it) email that may be threatening, it is Slashdot's place to post it. Things change, and updates can (and in this case, I expect will) be made. If you don't like it a little raw, what are you doing here in the first place?

    Jose M. Weeks
  • Well I'm not an AC - and I agree completely with this. I wanted to look at the code and see how some things are done, but those functions arn't in the old posted client.

    But I belive there is also a "alpha" archive that's more upto date.

    So when do we start the GPL slash movement :)
    --
    James Michael Keller

  • by quadong ( 52475 ) on Monday November 29, 1999 @11:55PM (#1494751) Homepage
    From the top of each and every comment section:

    "The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say."

    And here is how to get moderated up:

    1. Post quickly
    2. Post a link or block quote
    3. Post a very long self-written comment (note that the content, to first order, doesn't matter)
    4. Tell the moderators to moderate you down
    5. Use a lot of white space
    6. Already be at +3 or +4, most people will moderate up at this point assuming that it must be good

    And, oh yes, there is also:
    7. Say something original that adds to the conversation. Possibly something that was missed in the original posting or an update/clarification to that post. Possibly a new and different way of looking at the issue.

    Sigh, I almost want to go set it so that I can't see scores and I never get moderator points, but you know what? I will still see all these comments which are not about the real topic, but just about moderation and I won't be able to see the context, so I'd just have to go turn them back on to see what was going on. Look at me! This conversation is supposed to be about Napster! have I said anything about Napster yet? Could I, in fact, be posting this without even knowing what Napster is? Am I just wasting space on the comments page?

    Now that everyone can see their Karma, Slashdot seems to have become, for a lot of people, a game of "who can get their Karma highest." Wake up people. Karma doesn't matter. The issues matter. I'd call for complete elimination of moderation, but that will never happen. A comprimise would be, oh I don't know...
    1. Hide Karma. People can't fight over what they don't know about.
    2. Remove the automatic +1 bonus for high Karma. This way there is nothing to fight about, not even an invisible something.
    3. Remove metamoderation. It was a good idea, but how many people activly meta-moderate anyway? It's just more time spent not reading things that matter.

    So there's my rant, I don't know why I did it here and I realize that by putting it here, I am part of what I am complaining about, but I had to say it.
  • Yes, but also note that the link provided is dead, meaning that when Roblimo posted the link was alive. Thus he didn't know the affair had been resolved, and was at least justified in posting the story, although we can argue about the title...
  • Surely the thing that makes Slashdot valuable is its content, not the particular Perl scripts that generate the HTML? I would have thought that most of the people who read Slashdot could easily produce a site with similar functionality, but that's not the point. One of the biggest factors behind the "value" of a website like thisis the number of readers... and you get readers by having useful content. I think the fact that it might use some clever Perl is way down on most peoples' priorities list.
  • This is absolutely true. A direct connection is established to actually transfer the MP3 file, which can be seen in netstat, among other things, as you said.

    Transferring MP3s through a central file server would likely open Napster to more liability for potential copyright violations than they would like to assume.
  • (licq's "spoof UID," anyone?)

    Yeah, the first time I saw that I laughed. I haven't used ICQ seriously since.

  • Anyhow, as with most things on the web, I suspect the law is at best unclear. I do feel, however, that the "open door" precedent is valid in this context so I would suggest that it is valid to restrict the clients. (It might be technically hard - or impossible - but that is another matter.)

    I agree to the extent that, if it's your server, technically you have rights over it, and so I can see how someone could begin trying to justify the statement that you should be validated in your efforts to restrict access to your server. Isn't this similar to actions in the instant messaging scruffle between Microsoft and AOL? (I seem to recall something about one of them changing protocol so they couldn't connect... err.. I can't remember, but here [slashdot.org]'s a link.) As someone else posted, this situation can also be likened to web browsers viewing pages; there are many different web browsers, but they can all connect to all web pages (unless it's down ;-). Webmasters can't/don't restrict access to their servers based on what browser is used (AFAIK), so, by the same token, Napster can't/oughtn't restrict access to their servers based on client.

    Then again, I wouldn't know all the legalities of this, the implications, consequences, etc. I just think, as others have mentioned, that we're all doing about the same thing... why not work together?
  • Mind you, email From:'s are easy enough to forge, and we still all use email...

  • Webmasters can't/don't restrict access to their servers based on what
    browser is used (AFAIK), so, by the same token, Napster can't/oughtn't restrict access to their servers based on client.


    Actually the TurboTax site wouldn't let me use it because I wasn't using Windows or a Mac. It was their loss, but there is definitely a risk of this type of thing increasing - one of the reasons I have started to familiarise myself with Mozilla.



    Chris Morgan

  • After using the closed-source Win32 Beta of Napster, I can safely say that it is a buggy little thing. Hopefully all this work that is being done to bring it to open-source will at least get some of the bugs out. And there is always the joy of having such a cool program for Linux.
    I've heard a lot of complaints from tons of people about how Napstar doesn't work with their firewall, and how they can't seem to get their hotlist to work. I've experienced the same problems these people describe, but they seem to be intermittent at best. I don't know if it's a Win32 problem, or a Napster issue, but it is definitely annoying. Hopefully with this new open-source version, some, if not all of these problems will disappear faster than they would have if the source had stayed closed.
  • by Asmodean451 ( 71567 ) on Tuesday November 30, 1999 @02:54AM (#1494762) Homepage
    What we really need, is a distributed form of the napster service. The protocol could be based loosely around IRC.. in fact it might just be easier to sit it on top of the IRC protocol. In any case, its not a terribly complex protocol.. and it would be so much nicer if the servers were distributed. Granted there is the whole speed issue.. but with some caching thrown in it could be pretty decent. We need a completely decentralized file search service ...

    oh... and of course.. it'd be much harder for people to squash the service for distributing ~1 TB of mp3s =]
  • by jd ( 1658 ) <imipak@ya[ ].com ['hoo' in gap]> on Tuesday November 30, 1999 @02:56AM (#1494763) Homepage Journal
    • Security through obscurity is an exercise in futility.
    • If Napster has a problem with unauthorised clients, do better validation.
    • Specifications are never really closed, merely hidden.
    • Removing one site's copies of a program doesn't remove the program elsewhere.
    • Competition is GOOD, monopolies are BAD.
    • Ideas and code thrive with evolution, not convolution.
  • by Anonymous Coward
    Note that he said Napster was nice WHEN ALONE...

    The threats were coming from another Napster, Inc. employee whom I will note name but will quote, "Fuck him. napster, he's goign to fuck us."

    "All I know is some dipshit 17 year old is trying to fuck me."

    "And I will fuck each and everyone motherfucking one of you."


    They spent hours arguing over this last night... and it seems like Napster (the person) is a nice guy when talked to alone... this other guy isn't nearly as nice to gnap...

    BTW, there are logs floating around of the discussion they had last night in #gnapster on EFNet... if anyone manages to get ahold of them, read it... you might not like this other developer that much. :)
  • i think what people are afraid of is the fact that the napster client allows the world to relatively anonymously access a specific directory of your system. if there's any kind of security hole, it could be hacked to allow access to your _whole_ system (that's bad). it needs to be as secure as an ftp daemon.

    i think the non-ratio format of napster doesn't encourage people to post false mp3 files. you mostly see this on mp3 ftp servers where you need to upload something before you can download. with napster, there's no benefit to this, aside from causing chaos.
  • It is ironic really. Slashdot condems law enforcement and others when they falsely accuse someone making that person's life hell. Yet the story editors often falsely accuse others when posting new articules.

    I like Slashdot. I just wish a little more thought went into the headlines.

  • From what it looks like (judging by the other posts), the situation was much less adverserial than the slashdot headline and story would have the readers believe. This should be seen for what it is -- a naked attempt on the part of slashdot to incite readers to pour torrents of rage at someone who clearly doesn't deserve it.

  • I find it amazing so many people are in favor of hacking out a Napster-clone to use their servers. This is what MS did with it's IM, using the AOL servers, and that was completely blasted everywhere (and justifiably in most cases). Yet, now that someone is doing it to the Napster servers it's okay, because it's a Linux clone? Seems to me if using someone's servers is a bad thing, it's a bad thing for everyone, for any reason.
  • Yea, but you can PGP it if you really need to be sure, with a humongous key like 2048 bits or over...
  • You're right, the headline is inaccurate. But...

    I'm resorting to ignoring any and all comments from the posters at this point (Especially Roblimo and michael, hemos at least apologized)

    I think it would be better if you kept reading the comments, and kept pointing out problems such as these. That sort of tacit approval (or at least lack of disapproval) doesn't fix the problem. Roblimo and others set too powerful an example for this sort of thing to be ignored.

  • Auctally, it much depends on the ethics of the people who are writing the clone. AOL Didn't like M$ doing what they did.
    If you had a service/protocol, would you mind if someone wrote a different client for it? Just look at AOL.
    It also depends on wether or not the stable clone (im thinking gnap so far) will allow other people to leech off you, once they can't tell the difference, does it really matter?
  • Possibly, a permanent messageboard about Slashdot would serve to reduce the clutter in the news section.
    --
  • Napster is a company whose only source of revenue will probably be banner advertisements on their client (unless they choose to go ugh, portal). By creating an open source clone without banner ads the company is losing impressions and therefore money.

    As much as we would like to see people in an altruistic light, Napster as a company needs to make money to stay in business (theoretically, although that is apparantly not the case with today's .com startups).

    Napster is a neat toy and it would be great if they encouraged OS development, but don't be surprised that they don't. They would like to make some cash. Yes, OS software makes money, but the typical OS revenue model doesn't apply in this case (i.e. Napster won't be selling support).

    Regardless of what they say about security, cash is what it all comes down to.

    Before I get flamed, yes, I know that there is an "official" console based client out there, but I'd imagine that banner ads will be on that too once it goes GUI. And when he does in fact go OS with it, there will probably be some clause in the licence stating that banners will have to still be in there somewhere.
  • Guess you never saw what happened last week with MSNBC:
    They were blocking out Mac clients to their videos page with a JavaScript that put up a message saying that there was no Microsoft Media Player for the MacOS. This despite the fact that there IS a Media Player, albeit a beta version, available.
    When asked about this, MSNBC claimed it was an "error" made by the HTML programmer.
    Uh, yeah, right.
    Here's part of the code:

    if(sUa.indexOf("mac")==-1) {
    (snip)
    alert("Windows Media Player for Macintosh in not currently available.");

    Pope
  • wasnt it the other way around? i seem to remember lots of people criticizing AOL for their attempt to block M$, amidst their Mozilla work. I am afraid that you have your stories mixed up.

    "The importance of using technology in the right way has never been more clear." [microsoft.com]
  • How could this type of post get "Rob and friends" in trouble? It explicitly states at the bottom of each /. page that Comments are owned by the Poster; if the owner of any copyrighted material finds something of his posted on /., /. is not responsible or liable.

    I think it's good when posts like this get moderated up; they're very informative and I don't have to click through a link to see what the news is.

    Just my opinion.

    paranoid.android
  • > 3. Remove metamoderation. It was a good idea,
    > but how many people activly meta-moderate
    > anyway? It's just more time spent not reading
    > things that matter.

    You mean you *don't* metamoderate? And you're
    complaining about poor moderation?

  • It took place before the letter. This was cited on hack the planet [felter.org] yesterday.

    The IRC conversation shows that Napster and one of his "partners" were being idiotic dickheads about the whole situation. I took it that de Icaza et al got motivated due in good part to the IRC conversation.

    The arrogance and stupidity of the Napster partners is staggering. Based upon their hype one would think they were going public next week and had a staff of thousands. Based upon their technical discussions one would think they were trying to figure out pointers to get through "Intro to C". These guys will fortunately point the way to more capable companies who wish to accomplish the same thing. Their blatant mistakes will be avoided by smarter people next time around.

  • Actually most people supported MS on their actions on that event. It was however the fact that ms only wanted it when it was to their advantage, and would not like it the other way around.
  • I guess I'm a little dense this morning (and I'm not into ICQ/chat progs and swapping MP3 files) so I have a couple questions...

    Several people have mentioned security problems. I'm curious what kind of security problems are involved here? (The only one I can see is the programmer losing control over his protocol, but as I said, I'm a little dense this morning.)

    Given that there are security problems, how should they be addressed? Offhand (and not having taken a close look at Napster), the biggest problem I can imagine is there seems to be only one master server for Napster clients, I would imagine a hierarchical arrangement of a few master servers and sub-master servers, similar to Gamespy, would be more efficient (but that's more a performance issue).

    Off-topic (but as long as I'm blathering), is there a Linux version or clone of Gamespy.

    This is not a sig.
  • Thing is, they're doing it in PHP.

    Here's where you can find it. [australia-online.net]

    Thing is, it's still the old version. Honestly, I think Rob should be putting out the source more ovten. Perhaps CVS access would be something to try? Yes, I know the code's beta; that's never stopped Open-Source development before.
  • Ok, I just created one. Go to http://slashdot.org/comments.pl?s id=slashdot/misc [slashdot.org]. Maybe we can push all the metacomments there.

    Just an idea.

  • Isn't/wasn't there a group working on a secure IRC replacement? If that has a file transfer protocol, it might make a good basis for Nap-like clone.

    This is not a sig.
  • Well, I don't want to be a prude here, because I'm just as guilty of MP3 Piracy as anyone. But let's be honest -- why do Napster users need protection? The only reason the RIAA would be prosecuting people would be because they are pirating copyrighted material. Now, I like getting free music, but most of the time it happens to be illegal.

    The bottom line is that the RIAA is not "Big Brother". The only reason they're going to bring a suit against someone is if that person is doing something illegal. If they are doing something illegal, then they probably deserve the charges. They don't need protection. Piracy is illegal, plan and simple.

    -----------

    "You can't shake the Devil's hand and say you're only kidding."

  • I doubt that banner ad revenue is so hot at slashdot, since readers here are mostly technically minded and therefore use products such as junkbuster to reduce unnecessary bandwidth requirements.

    --

  • Exactly my thoughts. This is not meant to really be dis against slashdot, believe me, I have loved slashdot since it was Chips and Dip. There are, however, some serious problems as mentioned by some AC's. One is the things they are posting on slashdot. There is still alot of good articles, but not nearly as good as it originally was. I used to read every slashdot article and every comment associated with it. Now I find that only a few articles a day are even interesting. And lately Slashdot has been posting stories that were posted a year or so ago, like they forgot they were posted (which is understandable I guess, but if the news link is over a year old, at least search the archives). Another big problem I see is the moderators. I am all for moderators moderating comments and such, but I disagree with some of the things they moderate. If anyone questions soemthing about slashdot, or the open source movement, it is considered troll bait and marked down to zero or below. I have seen an abundance of good, intellectual post in the past few months that should no have ever been moderated down. If anything, they should of been moderated up. Slashdot is starting to become like , say a government, someone questions it and they are silenced. No matter how intellectual and how good of apoint they have. And about the issue of open source and slashdot, my sentiments exactly. I have always thought slashdot code should be CVS'ed. Dont get me wrong, I am not open source extremist, but if they are going to open the source, at least give us the most recent versions. Dont open source an initial version, then keep everything private. Thats not open source. I would also like the see the financial records of slashdot open sourced (or content, whatever you feel is appropriate), as in how much Andover paid for Slashdot. Rarely does a company not disclose the takeover/merger price, especially in the internet industry. Anyway, I cant really say keep up the good work Rob. But you have a good site here, I hope it gets better then where its been going.
  • Exactly my thoughts. This is not meant to really be dis against slashdot, believe me, I have loved slashdot since it was Chips and Dip. There are, however, some serious problems as mentioned by some AC's.

    One is the things they are posting on slashdot. There is still alot of good articles, but not nearly as good as it originally was. I used to read every slashdot article and every comment associated with it. Now I find that only a few articles a day are even interesting. And lately Slashdot has been posting stories that were posted a year or so ago, like they forgot they were posted (which is understandable I guess, but if the news link is over a year old, at least search the archives).

    Another big problem I see is the moderators. I am all for moderators moderating comments and such, but I disagree with some of the things they moderate. If anyone questions soemthing about slashdot, or the open source movement, it is considered troll bait and marked down to zero or below. I have seen an abundance of good, intellectual post in the past few months that should no have ever been moderated down. If anything, they should of been moderated up. Slashdot is starting to become like , say a government, someone questions it and they are silenced. No matter how intellectual and how good of apoint they have.

    And about the issue of open source and slashdot, my sentiments exactly. I have always thought slashdot code should be CVS'ed. Dont get me wrong, I am not open source extremist, but if they are going to open the source, at least give us the most recent versions. Dont open source an initial version, then keep everything private. Thats not open source. I would also like the see the financial records of slashdot open sourced (or content, whatever you feel is appropriate), as in how much Andover paid for Slashdot. Rarely does a company not disclose the takeover/merger price, especially in the internet industry.

    Anyway, I cant really say keep up the good work Rob. But you have a good site here, I hope it gets better then where its been going.
  • On the other hand, it is /their/ servers, and /their/ service, so they get to dictate who uses it and how it is used. Not unlike AOL dictating who can interoperate with its instant messaging software. Since they have put the time, money, and effort into building the backend they should be able to dictate how it is used. If I provided a service to users, I wouldn't want the possibility of a foreign client disrupting or corrupting that service. In reality, in light of the fact that they give out their own client free, an open-source client probably wouldn't hurt anything, and in fact probably help, since they would gain a rather large, tech-savvy audience (I'd guess geeks have the monopoly on MP3s right now anyway).

    How many people who agree they should open up their backend to foreign clients agree that AOL should do the same for MSFTs messager? What if they weren't giving their client away free?
  • I know it says Comments are owned by the Poster but the reality is Rob/Andover/whoever is ultimatly responsible for /. I work at a bank and we disclaim everything we can but that doesn't really matter because if/when there is a dispute it is the courts that have the final say.
    If disclaimers were truly meaningful, Microsoft should have disclaimed it's business practices. :-)
    Citrix
  • How could this type of post get "Rob and friends" in trouble?[...]/. is not responsible or liable [for postings].

    Actually, as the publishers they presumably are liable. Compare it to newspaper editors who routinely gets sued.

    It is (in most cases) the publication of material that is illegal. I can write all the treaties I want at home denouncing [insert ethnic group here] as sub-human and advocating that they should be treated as pack-animals, if I so desire. That is legal in most free countries: I'm entitled to my opinions, no matter how offensive. The problem arises when the material gets published - that's when the offence occurs. I may think like a racist (for example), but I can not advocate it in public. No can you (or "Rob and friends") even if you use my words.

    Disclaimer: I'm not a lawyer - don't take anything I say serious.

  • so I would suggest that it is valid to restrict the clients. (It might be technically hard - or impossible - but that is another matter.)

    Why not steal the validation code from the Netrek source [wfubmc.edu]?

    Your Working Boy,
  • IRC is a poor choice to sit something like this on top of. For searching to be reasonably fast you *DO* want a semi-centralized search mechanism, otherwise you are connecting to each of 3000 (or more) clients and asking them to do the search for you.. That is just not the right way to do it and congests the network in a bad way.

    I will freely admit that I was a person who is/was getting fed up with the unix nap client and it's crashing, and the lack of connectivity between the servers. I've even started hashing out specs in my mind for what I'd consider the right way to do this (and yes, before someone says I'm blowing smoke out my buttocks, I do have the knowledge and experience at writing TCP/IP servers ala MUDs or IRC servers to write something of this magnitude)

  • by Mr M ( 120740 )
    In the previous version of Napster there was banner space indicating that it was available for rent. It's possible that this was removed due to the RIAA scare, but there may be other motivations. Personally, if I were at a music company, I would welcome Napster and pay for the ad space. If you can't beat em, well...
  • I honestly don't give a shit about Karma, and personally think slashdot has been going down hill since I got my user account. I tried to post something relavent and I get flamed for it. I appologise. My next post will be more on topic, and (just to keep on topic) I must add:


    I JUST POURED NAKED AND PETRIFIED GNULIX BRAND GRITS DOWN MY PANTS SO J00 Mu57 Ph3@R m3!^%&^%@?
    ph1r57 p057!!&(*&(*@?!(!!



    PS: The second best way to get Karma is to ask to be moderated down. I'm glad I haven't had moderator access since THAT bullshit started.
    ---
  • I personally would like to see lots of encryption.

    No no no! "Lots of encryption" is not the answer. A correctly implemented, wee bit o encryption, with a secure protocol is the answer.

  • Actually, as the publishers they presumably are liable. Compare it to newspaper editors who routinely gets sued.

    The difference is that the Slashdot crew doesn't do the publication or editing --- they don't look over the comments before the comments are posted, and therefore can disclaim responsibility for the comments.

  • What prevents someone from extracting the key from a signed binary and using it with their own?
  • Actully there was a linux client for Napster already out. It just wasn't open source. Also it didn't have a GUI and didn't work that well.

    They have some weak security measures you have to pass to connect to a Napster client, and didn't want an open source client for security reasons. However they were trying to use security through obscurity, which dosen't work. Any idiot can run a packet sniffer and try to figure out what's going on on there own.
  • I have similar feelings to what this message mentioned. Somehow, Slashdot seems to start getting stale.

    I think that one of the problems Slashdot is starting to face is that it is turning away news submitters. How many times have any of you submitted a story, just to find that it is never posted. Fine, it does not have to be posted. But after you have submitted item several times, none of them worked, then you think, "why bother?". The less people are willing to submit stories, the more difficult for Slashdot to be as comprehensive as fast in reporting news.

    And then we are starting to read news that lean more towards gossiping than real jornalism (the Corel fiasco with regard to teenagers and the EULA). Yesterday we had to read a "press release" about Y2Brand that looked more like a commercial than a news item.

    Slashdot is starting to offer t-shirts to book reviewers, why not offer something to the first whose news item is published? At least that will attract back some of those who have decided that everytime they fill the form is a waste of their time.

    I suspect that like many, I am starting to mine for my own news. I don't find many pieces worth reading. In the past, I could spend all my free time reading Slashdot. Now, I just skip many of the headlines.

    Don't get me wrong. I like Slashdot. I want to see it shinning. But I think that it has to continue to grow up. It has the money and the resources to do it, and that has increased our expectations. It cannot and should not continue as a "garage" project. After its takeover by Andover our expectations on Slashdot changed accordingly.

    And like many, I think Roblimo is doing an excellent job and I love the interviews he is doing. We need more people like him, that bring a fresh air and a professinal face to Slashdot. We also need to have more relevant articles. Finally, make sure that you understand the ramifications of your postings and the responsibilities that the community has put on it. Somehow, Slashdot readers are starting to note this and they start to believe that they have to keep a cool head despite the "news" sometimes they are presented with. The item on Napster shows that sometimes, in an attempt to be the "first", Slashdot is willing to put a headline that might dramatically change the outcome of it. I just hope that we don't lose a battle because Slashdot worked against us. On the contrary, we have to make sure Slashdot works along our Free Software ideals.

    Now I just have to wait for somebody else to pump the rating on this message. Otherwise, like many comments, it might be lost in a sea of many others.
  • I am one of the Gnomers who has been following this issue, and was also present at one of the irc conversations with the Napster people. I've done a little writeup of the events, which I'm hoping will help set the record straight.

    The writeup is here [advogato.org], posted on Advogato. As usual, anyone can read, but posting is restricting to free software developers.
  • The message has not got through. If security relies on 'closed' or 'secret' code the code is not secure. Only by 'many eyes' who know what they are looking for will any code ever be 'reasonably' secure. "Secure is an aspiration not an achievement."
  • If you poke around the link listed under "slashdot parent andover.net files for IPO", or whatever it is that the link says, you can find this. Looks like around 11 million? But who knows how much more if Andover successfully offers, and the stock price rises.

    Slashdot.org Purchase Agreement

    Under the terms of the Asset Purchase Agreement between BlockStackers, Inc. and Andover.Net, dated as of June 18, 1999,
    Andover.Net purchased those assets of BlockStackers relating to the Slashdot.org web site for 1.5 million in cash paid at closing
    and maximum future cash payments of $3.5 million payable over the next two years contingent on the continued employment of
    two key employees. Maximum future stock consideration of $7.0 million is payable over a period of two years following this
    offering. For the purposes of these issuances, the number of shares of common stock to be issued is determined using an assumed
    initial public offering price of $13.50 per share. Thus, the total consideration that will be paid is valued at $8.5 million and the
    maximum contingent consideration payable is $3.5 million. All consideration has been or will be paid to BlockStackers. The number
    of shares paid is contingent on the continued employment of two key employees and the achievement of performance milestones
    relating to traffic on the web site.

    *
    148,148 shares issuable upon the closing of this offering;
    *
    74,074 shares issuable seven months after the closing of this offering;
    *
    49,383 shares issuable 12 months after the closing of this offering;
    *
    98,763 shares issuable 12 months after the closing of this offering provided that the milestones in the agreement have been
    met;
    *
    49,383 shares issuable 24 months after the closing of this offering; and
    *
    98,765 shares issuable 24 months after the closing of this offering provided that the milestones in the agreement have been
    met.


    Pursuant to this purchase agreement, BlockStackers also agreed not to compete with Andover.Net or to solicit its personnel,
    customers or suppliers. Specifically, BlockStackers may not compete with Andover.Net, its subsidiaries or affiliates by engaging
    in any business that involves a real-time or contemporaneous news web site until June 28, 2004. Prior to June 28, 2001,
    BlockStackers may not solicit personnel, customers or suppliers from Andover.Net, its subsidiaries or affiliates. Mr. Malda, a
    director of Andover.Net, owns 25% of BlockStackers. Mr. Malda, the President and co-founder of BlockStackers, was a web site
    manager of BlockStackers, running Slashdot.org. Mr. Malda continues to run Slashdot.org as a web site manager and editor of
    Andover.Net.
  • Your writeup [advogato.org] makes reference to slashdot's "irresponsible journalism." In some way's I agree, they do sometimes go off half cocked. But in this case I think there's still a very real issue. The effort by "the GNOME people" and Napster to smooth things over and make nice should not be allowed to hide the fact that Napster seems determined to ignore the problems with "security through obscurity" until it jumps up and bites them on the ass.

    Obviously they're too busy trying to ride the wave they've created to worry about something as trivial as security.

  • IRC is a poor choice to sit something like this on top of. For searching to be reasonably fast you *DO* want a semi-centralized search mechanism, otherwise you are connecting to each of 3000 (or more) clients and asking them to do the search for you.. That is just not the right way to do it and congests the network in a bad way.

    The way around this would be to store the whole database in each client, and broadcast updates to everybody. That way, any node dropping out of the system doesn't bring down the whole network. This is the trick about Usenet that makes it immune to censorship, and has kept the p0rn flowing for so many years...

    Whether this should be done by piggybacking on top of IRC, or by inventing a new, parallel protocol, is left as an exercise to the implementor...

    If it's centralized, someone will be sued and shut down. If it's decentralized, there are too many people to sue, and the network adapts itself and routes around the problem areas.

    Not that I'm advocating breaking the laws of whatever country you happen to be in, of course. That would be wrong. I'm just talking about robust network design.

  • 3. Remove metamoderation. It was a good idea, but how many people activly meta-moderate anyway? It's just more time spent not reading things that matter.

    I came across your post while I was -- guess what -- meta-moderating, and I just had to comment.

    You may think of meta-moderation as more time spent not reading things that matter. Well, good for you. Don't do it, then. I, on the other hand, have found some very interesting and insightful comments while meta-moderating, and have even become interested (even if only for a brief while) in topics that I otherwise would have held no interest in whatsoever. That's part of why I do it, in fact. Sure, there's a lot of crap that goes through there, but you can just click the little "Fair" button and scroll past it. Occasionally, though, you get that one comment that makes it all worth the trouble. The one that makes you think.

The means-and-ends moralists, or non-doers, always end up on their ends without any means. -- Saul Alinsky

Working...