Quote:
I can see where youre coming from, but wasnt it you who also said "Developers may find it useful for new projects and to test newer versions of Waste"?
It is a bit hard to test when the (newer) network isnt there :P
|
Quote:
|
Now the exploits in WASTE are being documented it is only a matter of time before a hostile party or malicious user comprimises any WASTE clients older than 1.5 so you are in effect creating a insecure "secure" network and leaving others and yourself on your meshes open to DOS attacks and other vunerabilities .One of the reasons Justin released the code as GPL is so people would develop it . If he didnt want it developed he wouldnt of released the source code .There are alot of Justins code including Nullsoft projects that are closed source .
|
I’m happy development continues in the open source communities but I’m withholding judgment on the validity of shutting down access to previous clients. If people want to choose different versions promoted by different groups that are not backwards compatible – or even parallel compatible – they’re free to do so naturally. Meshes after all are so small that a few dozen people taking themselves out of action will have no effect on the overall system. The recent merwin network for example, called by some “nullsoft” is now fully migrated to the latest sourceforge protocol and no longer exists as an original WASTE group. It vanished from the last legacy clients yesterday afternoon at 4 PM. At its peak a few months back I counted slightly more than 50 simultaneous users but like the lifecycle of most meshes it had been in steady decline for some time (people meet, hook up and leave to start their own) so while losing it to v1.5 Beta 2 wasn’t a happy occurrence it wasn’t a tragedy either.
The problem I have with this is practical certainly, but right at the moment it’s more philosophical in nature. By balkanizing an already balkanized community and by encouraging developers to create clients that only connect to themselves we run the risk of creating yet another incompatibility boondoggle like VHS vs. Beta, ACC vs. WMA and so on. It’s been difficult enough getting people comfortable with the concept of WASTE without having to sit down and explain the competing security claims of one group’s clients vs. another’s every few months. I’m not sure I’m even comfortable calling this new version WASTE. Yes it contains some of Justin’s code but it appears from the credits at least Frankel didn’t work on it. It doesn’t say he did plus he’s not in the habit of orphaning his previous work. If at some point he jumps back into the development fray his “authorized” versions may have little in common with sourceforge’s, creating further issues.
For the most part I’m not looking down at my feet wondering if my laces are tied, I’m trying to see over the hill into the next county. This is not an issue that needs to be solved today. It’s just one that should be thought about. It may help to remember that no client will be completely secure, not even this latest attempt to redress the faults of v.1. To split the community over alleged security faults and guaranteed fixes is to akin to splitting the church over how many angels can dance on a pin. It’s unnecessary – sure the answers may be different but
they might be equally valid. To engage the community with chants of “my v. is better than your v.” is to fall into the trap of diminishing returns and increasing fractionalization with little to show in the way of actual net benefits.
Indeed,
"Developers may find it useful to test newer versions of Waste,” and I’m glad they are, I’m pro-development - but zer0share was not intended to be dismantled every 90 days by trendy new clients.
The best way to handle this or any dispute is by inclusion. To bring all members of the community together into the standards dialog who wish to participate and to avoid as much as possible development teams creating exclusive & incompatible products
for whatever reason. Waste is open source and that means
everyone is free to decide and create – not just the people at sourceforge. That’s a good thing in theory and it’s important for the future. We’ve seen what can happen in practical terms when the conversation is dominated by intransigence and stubbornness sets in, because we know about that previous Justin Frankel system called Gnutella and how it’s played out since the source code was released. Disastrously in my opinion. We should do everything necessary to avoid another “Bearshare vs. the World” with WASTE (keep in mind I’m not accusing anyone of such behavior).
What I’m advocating ultimately is this: Continue development, make WASTE as good as it can be, make it easy to use, secure and attractive. Bring people in. But by all means keep it as compatible and as free of personal competition and politics as possible. Even if that means certain compromises must be made on the path to theoretical perfection.
The most important part of WASTE won’t be discovered in the code, it’ll be found in the community.
- js.