My personal ideas for a “safe” NEW WinMx file transfer system

[RebelMX]

Actually, the patch could be made to sort ipv6 IMO.  Clearly that is ANOTHER issue entirely and the priority is to fix the current attacks on the protocol before looking to expand it.

I have a good idea, theoretical only at this point but i could code a few lines of code to explain what i mean if necessary, which i am happy to begin discussing.  However i thought the whole community was waiting on this magical fix before we look to add even more stuff that may not work.  Need a solid starting point to restort back to in case of issues.

[Bluey_412]

Didn't know we had to have Clone Wars...

Sighhhhhhhhhhhhhhhhhh

[GhostShip]

Clone wars..lol  methinks you have too much free time Stripes 

[achilles]

Ha. ha.. Clone Wars wouldn't be all that bad. Maybe a little competition between 2 or 3 development groups to develop their own flavor of a WPN compatible client would give more options to the users, and bring more users to the network.  I don't think we will have to worry about the clone wars for another 3 years or so lol  I'm not promoting emule here, but look what happened to the emule network. There are many compatible clients for the emule / Kad network. http://www.emule-mods.de/?mods=start   Its just too bad more hasn't been done to stop the mass flooding of the emule network. It has a huge number of users, and files to choose from. The only problem is you have to drown wading though all the fake files to find what it is your looking for. I would be interested in knowing why the emule network is flooded so bad despite the fact that it is open source.  If, and when WinMx goes open source i'm sure we will see other compatible clients developed.  WinMx has too large of a following for developers not to want their own custom client.  I just don't think that WinMx will go open source anytime soon, and i'm not convinced it ever will due to some malicious coders out there that are dead set on destroying the network.  Ritchie, and others may have ever intention of making the code open source, but they already know that will be a very risky thing to do. It is my opinion only after their own coders feel they have done all they can to eliminate any possible exploits, and have exahaulted their own capabilities should the code ever be made open source.  One of two things would happen as a result of the code being made open source in regards to the attackers.  (1) The attackers would be satisfied, and cease their attacks because they believe the moral thing has been done by making the code open source. (2) The attackers would just use the code searching for more exploits to continue their attacks.  There's no way of really knowing.  Also, releasing the code gives full access to the cartel, and big brother. I'm sure they would develop their own tools such as data miners, and sniffers for the network.  Its not like they don't already. It would just give them the capability of making better tools.  In any case I don't believe the code can be safely released for open source anytime soon.  If anyone feels different I would love to hear your feedback. Well, I'm out of time for now. Got to study, and do research. Lots of fun. Later.

[Bluey_412]

Achilles, i think you have expressed the exact fears of so many, and why there is still a strong desire to keep the code for WinMX closed...

Only those who would attack or destroy the network need the code to be Open. Else why?

You have put it very succinctly, even tho this same thought has been spoken of time and time again, there IS a degree of security in keeping the code closed, whether it be the original Frontcode client, or a new clone...

[RebelMX]

Actually I disagree with this thought.  I think the code SHOULD be released opensource, BUT only once we have a clone client capable of being modified to update for any flaws and bugs or protection needed.  Anything added to a patch is all very well but built into a client itself would be much easier to control and validate locally, to avoid hijacking of functions etc.

However, that as has been said, is a long way away, and in the meantime with no ability to defend (or it seems protect ourselves) the sourcecode of anything produced should remain closed.  In all honesty, a program that is supported by many different developer streams, being updated and maintained regularily is best off open source.  Look at some of the best software, linux, firefox etc, which is opensource and actually encourages people to report flaws in order to improve the product?  Why could that not done with a clone client???

[achilles]

Which open source license would be best to use if WinMx goes open source? I've always wondered what regulates programers from adding garbage like adware, and stuff to the software.  Look at Limewire, Bearshare, and others.  The more builds / versions that came out the worse they became.  How can we make sure that doesn't happen to WinMx?

[Preston]

Which open source license would be best to use if WinMx goes open source? I've always wondered what regulates programers from adding garbage like adware, and stuff to the software.  Look at Limewire, Bearshare, and others.  The more builds / versions that came out the worse they became.  How can we make sure that doesn't happen to WinMx?

I think we should worry about getting a fixed patched for the current network and for an actual full replacement client to surface before worrying about which license to use.

[White Stripes]

Which open source license would be best to use if WinMx goes open source? I've always wondered what regulates programers from adding garbage like adware, and stuff to the software.  Look at Limewire, Bearshare, and others.  The more builds / versions that came out the worse they became.  How can we make sure that doesn't happen to WinMx?

technically the clone thats in the works would have to be GNU GPL considering its based off of GPL software...

[GhostShip]

The GPL is the licence of choice allowing as it does folks to tweak their own private versions whilst allowing for the addition of possibly helpful updates that all can share in if folks wish to make a public release.

Open src is a two edged sword in that it can make a problem in the short term but as long as theres an "official" client and developers then its not too hard to keep any attackers on their toes by continuous updating, it wouldnt be too hard to keep the whole client mutating and thus a moving target for attackers using other mechanisms that could be server based even, theres plenty of scope for new security mechanisms to fix older problems, but as Preston mentioned, we mustnt jump ahead of ourselves just yet 

[achilles]

So are the programmers bound by any terms as far as what they are allowed to add to the software? If they wanted to put adware in it then could they? I'm speaking of any open source software. Not just WinMx. There should be some sort of stipulations as to what is acceptable, and what is not.

[GhostShip]

Unfortunately Open Source means just that, that anyone can create a version or variant using the common src, however there are safeguards of a sort built into all this, one is that if anyone changes the src and then wishes to release it to the public they have to offer their modified src also so theres little point in adding adware when folks can either edit the src code and remove such adware or more likely locate the original src and application that does not contain the adware and use that instead, if any new parts or improvements are added they also become part of the open src and have to be shared so we will all win in the long run, in the short run however it will make it possible for an attacker to have a view of the src but as I mentioned above further code work and adding new security mechanisms will soon put a stop to such hi jinx.

My aim is to create a program with other like minded folks and then we will take a poll before the app or the src are released on whether the new clone is up to the task and sufficiently strong against most attacks we know of , I have said it before and will state again that only when the majority of folks are happy will any clone hit the streets,  the only exception to this may be if the clone is so different as to being no longer compatible with the WPN and thus no longer a threat to the existing client base.

[MinersLantern]

Its already 'open source' and that is the problem. As far as adding ads for monetary gain by some person or group. No. Bad, bad, idea. If people want to make money, let them go get a nice job at lets say.. McDonalds. Anything adware based I automatically remove from my computer. I dont care if it will go to the kitchen, cook my dinner, then balance my checkbook for me while giving me sex. No ads please.

[Bluey_412]

More simply, ads make the software money-earning. Legal types then link it to the downloads and accuse the site of profiting from piracy, equals biggggggg dramas for identifiable persons

[Hans-Linux]

I did some work testing and evaluating Gtk-Gnutella.
 
The good:
- Open Source
- Compiles and works on 64 and 32 bit Linux and Windows.
- Uses published protocol. Apparently "Industry Standard" used by about 10 different p2p applications. At the moment I am uploading to Limewire, Shareaza, Fosty, LuckyWire, LemonWire clients.
- Does not need Cache Servers.
- Handled 16GB files.
- Linear download like WinMx and swarming like Bittorrent. 
- If possible, files are compressed during transfer.
- Client side search filter.
- Can browse download directory on the server side like with WinMx
- IP4 and IP6

The Bad:
- Does not have Chat. This is no issue for me. A Open Source Chat client can be easily integrated.
- No End to End encryption, (Planned for the future)
- Variety of files available for download is not as large as with WinMx

The Ugly:
- Can't use the same upload  library directory at the same time with both WinMx and Gtk-Gnutella on a Linux box.
- Does not have source to source encryption.
- Displays everyone's IP address.

it should be no problem with the full WinMX protocol at hand to make Gtk-Gnutella a WinMx client and primary.

Hans 

[achilles]

Hans, is there any chance you can produce some sample code for the new client project so you will be taken seriously as someone that has a lot to offer to the project.  This project is not going to go anywhere if we can't bring more coders / developers into the community. Maybe you could produce some code to extend the library capabilities to highlight files in ones search results that they already have completed in their library. I'm not sure why this capability was not added to WinMx long ago.

[White Stripes]

I'm not sure why this capability was not added to WinMx long ago.

mx isnt documented (officially) and is closed source.... not easy to add things.... and frontcode (kevin) just seemed to let bit-rot creep in rather than put much more effort into mx between the 3.3 and 3.5 series....

[GhostShip]

The prime parts that where implemented in the client after 3.31 where mainly a lot of boring and non visible buffer overload protections and some similar features,the single main visible change was new library layout, that was pretty noticable but compared to the big changes under the hood its not as useful.

[White Stripes]

3.31 and 3.53 use the same library system....

3.54 was never fully fleshed out.... (cant get it to run on my system either but thats for another topic)

[Hans-Linux]

Hans, is there any chance you can produce some sample code for the new client project so you will be taken seriously as someone that has a lot to offer to the project.  This project is not going to go anywhere if we can't bring more coders / developers into the community. Maybe you could produce some code to extend the library capabilities to highlight files in ones search results that they already have completed in their library. I'm not sure why this capability was not added to WinMx long ago.

Not possible. WinMx is a closed source Windows application and to my best knowledge can not be modified to add  about 1000 line of "C" code. This can only be part of a new WinMX client.

Hans