Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

MethLabs Shuts out PeerGuardian

ScuttleMonkey posted about 9 years ago | from the hard-luck-and-epic-battles dept.

Security 186

Lost&Confused writes to tell us Slyck News is reporting that most of Methlabs.org administration and development staff have been forced out of their own website. For the time being PeerGuardian is being hosted on sourceforge. However, users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list until they can sort things out.

cancel ×

186 comments

Sorry! There are no comments related to the filter you selected.

How.... (1)

thesnarky1 (846799) | about 9 years ago | (#13585323)

Do they get forced out of their server? Couldn't they just fire the guy if he worked for them?

Re:How.... (4, Insightful)

FrYGuY101 (770432) | about 9 years ago | (#13585340)

It's not a business.

Basically, the guys who were in charge of administering the money and servers slowly took over. Now they're claiming ownership of everything.

Re:How.... (1)

IIH (33751) | about 9 years ago | (#13585486)

Basically, the guys who were in charge of administering the money and servers slowly took over. Now they're claiming ownership of everything.

And without hearing from both sides, who's to say that they aren't correct?

News To Me (3, Insightful)

Doc Ruby (173196) | about 9 years ago | (#13585710)

FTFA:
"UPDATE: William Erwin, now confirmed as the hijacker, has posted news on Methlabs.org, claiming the hijacking news is false and stems from a revolt by former team members.

However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine.
"

The reporter has "heard from both sides", and said that the Methlabs team is correct. That's what real reporters do: they find all the sides of a story, decide which version is the most correct, and tell the story. They don't just report "he said / she said", which reduces the reporter and the publication to puny PR outlets for anyone with a version of the story, no matter how self-serving.

That's not to say the reporter's version is the most correct, or even correct at all. But that's what separates good reporters from bad ones: their skill at finding the most accurate story version. And then telling it so readers get the most accurate version of the story in our heads. Good journalists back up their judgements with representative quotes and descriptions of evidence to bolster the reader's confidence in their version. Really good journalists make good judgements and back it up, earning the ongoing confidence of their readers.

We still all need to take any story from where it comes. Which is why it helps to read some reporters for a long time, to understand their track record, their blind spots, biases, vested interests, and insights. We've watched "journalism" turn into a farce precisely because we no longer expect the journalist to use good judgement in reporting, highlighting what they find to be true. We expect journalists to be "objective" to the extent that the journalist disappears, acting only as a stenographer for whoever gets access to them as a channel for that interested party. Which is worse than useless.

This reporter, on this little story, in a little tech backwater, is exercising exactly the professionalism that most of the people in their industry wouldn't recognize if it faced them across an interview desk.

Re:News To Me (1, Insightful)

Dot.Com.CEO (624226) | about 9 years ago | (#13585891)

You are, albeit semantically, wrong. Reporters report. It is journalist who actually "tell a story". This is extreme nitpicking but I thought it important enough to correct you.

Re:News To Me (1)

Doc Ruby (173196) | about 9 years ago | (#13586007)

If anything, you've got your quibble backwards.

Definitions of reporter [google.com] on the Web:

Definitions of journalist [google.com] on the Web:

Technically, none of those jobs allows for "merely reporting", except maybe a photographer. But all of them, even the PR flack, is "researching and telling a story". Only the "stenographer" is exempt from using their judgement of what to say when they've heard something.

Re:How.... (1, Informative)

Anonymous Coward | about 9 years ago | (#13585347)

Because Apparently the rogue admin, had all the passwords. Now my guess is either he was the only one with them or he changed them and didn't tell anyone else what they were.

As for fire the guy...they aren't a business or anything. Maybe you should read up a little more on the situation.

Re:How.... (1)

ScrewMaster (602015) | about 9 years ago | (#13585348)

Possession is nine-tenths of the law. I presume he's already been "fired", as it were, but he still has control of the domain.

Hard to get good help these days, I guess.

Re:How.... (1)

Meagermanx (768421) | about 9 years ago | (#13585811)

That phrase has always bothered me. If it were true, then robbery would be 9/10th legal, right? Or maybe robbery itself would be illegal, but once you possess something, it's yours no matter how you got it. What about copywrite infringement? Plagerism?
"Well, that paper I copied is at least 9/10th mine. You better just give me a 90% on it."
Either way, it's clearly a faulty phrase.

Re:How.... (1)

ScrewMaster (602015) | about 9 years ago | (#13585837)

No, it's not faulty. What it means is that if you have possession of something, however wrongly, the other party has to fight if they want it back. And that is an expensive business. which many will hesitate to undertake. Furthermore, even if you do go to court in an attempt to retrieve your property, you may still lose. So, yes ... the person who has possession of something has a distinct advantage, even if he is a thief.

Re:How.... (3, Funny)

freewaybear (906222) | about 9 years ago | (#13585520)

Hey, the cops came and forced me out of my meth lab once.

Why God gave man hardened fists... (1)

michaeltoe (651785) | about 9 years ago | (#13585633)

... to bang against the wall, as the cut-throat world of business leaves you in the dust.

Now we know where Michael Sims is (2, Funny)

Anonymous Coward | about 9 years ago | (#13585341)

What a guy^h^h^h gal!

misuse of funds (0)

Anonymous Coward | about 9 years ago | (#13585344)

I would be willing to bet he used the money for a methlab. OSS vs. Methlab... I think my moneys in the wrong place...

One of those things about the open source crowd... (5, Insightful)

suitepotato (863945) | about 9 years ago | (#13585358)

...they don't tend to be very big on the business accumen. Any enterprise where stuff like this can happen, needs to have contracts in force that head them off. The big business closed source world lives and dies by contracts and legally binding agreements. The licenses on the code produced should not be where the thoughts of legalities end. Internal legal matters are perhaps far more important.

Re:One of those things about the open source crowd (5, Interesting)

PhrostyMcByte (589271) | about 9 years ago | (#13585423)

Indeed. We (Methlabs) had an admittedly stupid setup and were working to change it. Obviously, we worked too slow. It's a shame that small groups of friends even have to think of legalities but I guess that's reality.

Anyone have advice on keeping this from happening again, to us or other OSS groups?

Re:One of those things about the open source crowd (5, Informative)

WhiteWolf666 (145211) | about 9 years ago | (#13585509)

Form an LLC (couple hundred dollars).
Give all assets that you want to protect to the LLC.
Distribute ownership of the LLC among ALL memebers, and require license changes/ownership changes/policy changes/domain changes, etc, either unanimous consent or a 2/3 (maybe 3/4) vote.

Fundamentally, the purpose of a business 'shell', in any small organization, is to put your assets in one place so that no one can legally mismanage them.

If, for example, methlabs.org had been the property of methlabs, LLC, and the administrator tried to boot you off, you could send an e-mail to your registrar from the 'director' of the LLC, indicating that the administrator was not acting in the interest of the LLC. You send them the *signed* (can be signed electronically, using the US gov't standard, which is a bit silly \ \ ) LLC articles of incorporation, showing either that the administrator member had no right to do that, OR that he wasn't a member of the LLC.

Then they hand you the 'keys' to the castle, so to speak.

Re:One of those things about the open source crowd (2, Informative)

Infinityis (807294) | about 9 years ago | (#13586208)

Not to be too particular, but since I'm currently going throught the LLC application process, it might be useful to point out that it's not "articles of incorporation" but "articles of organization". "Articles of incorporation" is reserved for a corporation.

The difference between a corporation (Inc.) and limited liability company (LLC) is subtle but important. A corporation is a perpetual entity, so if a founding member dies, no problem. But if a founding member of an LLC dies, that pretty much ends the LLC. Taxes are a lot easier to handle, along with determining profit. Also, you don't have to have annual meetings where the minutes recorded, etc. However, with either one you get the benefit that your personal assets are not at risk. If the company fails miserably and owes a million dollars in debt, you still get to keep your personal car, your house, your money, etc. Thus the term "limited liability".

Re:One of those things about the open source crowd (5, Interesting)

WhiteWolf666 (145211) | about 9 years ago | (#13585560)

Also, 2 more points ;-)

1. Form the LLC anyways. Use the name, MethLabs LLC

File a cybersquatting request. Even if you loose, its not a bad way to go. If you can show you started the project, you'll be in *really* good shape, I think. As far as I know, if you have a business name, you are virtually guaranteed the domain name. What's good for the goose is good for the gander.

Emphasize that its a *security* site. ICANN generally frowns on people trying to subvert security software.

2. Trademark the term "Peerguardian". This costs about ~$400. You may have to take a collection for this. Then, you can pretty reliably prevent him from using that term on methlabs.org.

A trademark will help you achieve number 1, above, and virtually guarantees number 3, below.

3. Sue in small claims court. Make sure to sue in *his* state, but not necessarily his jurisdiction. Even if you don't get the domain back, claim the maximum (usually $3000) in damage. The loss of your projects domain name is easily worth much, much more, but $3000 should be fairly easy to start up again with (pays Domain fees hosting fees LLC fees, etc. . .), and its a fun way to stick it to him.

Small claims court usually only takes a day of work, and the filing fees are pretty small, too. Even if he doesn't pay, you can enter a judgement against him, have the pleasure of actually employing a creditor FOR you (not against ;-) ) and use this as additional proof (even though small claims doesn't set a precedent) for your cybersquatting claim.

Plus, small claims judges are big on practical issues. They don't like to see people get screwed, and generally side with the abused party.

Re:One of those things about the open source crowd (0)

Anonymous Coward | about 9 years ago | (#13585883)

Form a non profit where no person owns anything and all contributing members are welcome and where all software is under BSD or GPL and all contributing members agree to this. Put in rules about domain names, finances and such in the regulations... that ought to do the trick. But won't undo what has already been done.

What an asshole! (2, Interesting)

Elite Xizer (915457) | about 9 years ago | (#13585366)

What possible reason would Mr. Erwin want with methlabs.org? I can't believe he would pull this shit. He needs a good ass kicking for stepping out of line.

Re:What an asshole! (0)

Anonymous Coward | about 9 years ago | (#13585380)

Maybe he wants to set up a website on how to make your own methamphetamines.

Amphetamines (1)

empaler (130732) | about 9 years ago | (#13585937)

That would be my old chem teacher. He wrote a paper on how to make cleaner metamphetamines with fewer side effects.

Re:What an asshole! (1)

Alizarin Erythrosin (457981) | about 9 years ago | (#13585393)

Perhaps he wants to set up a directory of local methamphetamine labs, a la Google Local Search?

"Need a fix? Come to Methlabs.org and search out your local lab! We even offer a subscriber service to alert you when your preferred meth labs have been raided by the police!"

Re:What an asshole! (1)

PakProtector (115173) | about 9 years ago | (#13585455)

Perhaps he wants to set up a directory of local methamphetamine labs, a la Google Local Search?

"Need a fix? Come to Methlabs.org and search out your local lab! We even offer a subscriber service to alert you when your preferred meth labs have been raided by the police!"

Dude, methlabs.google.com [slashdot.org] is so last week.

Re:What an asshole! (2, Insightful)

no_mayl (659427) | about 9 years ago | (#13585446)

The human factor is often the weakest link: he got bought by somebody who does not want privacy.
(just being paranoid)

Re:What an asshole! (2, Insightful)

ScrewMaster (602015) | about 9 years ago | (#13585584)

Can you say, "RIAA"? No? "MPAA"?

Re:What an asshole! (5, Interesting)

mikael (484) | about 9 years ago | (#13585515)

He thought that methlabs.org had established such a good reputation that they could start charge customers money for the service?

But didn't he realize that the developers would have backup copies of the site and just set up a new site elsewhere?

I've seen this thing happen with small companies. They recruit a couple of software architects to get the core software written. Once they get the software developed they give the architects the boot, and hire cheap graduates to do any customisation.

Re:What an asshole! (0)

Anonymous Coward | about 9 years ago | (#13586199)

I was going to suggest someone mod the parent up, but I see it's already at +5.

Yes, I've seen the same thing happen and I agree that it's the best explanation of what's happening with methlabs. Interestingly, I saw a post by someone supposedly still at methlabs who said that the founders tried to "fire" Erwin, but they did it "unprofessionally" and so Erwin was somehow justified in taking over like he did. Okaaaay.

Hijacked! (2, Funny)

Anonymous Coward | about 9 years ago | (#13585372)

Take this web site to....hmmmm....wait....

Re:Hijacked! (3, Funny)

empaler (130732) | about 9 years ago | (#13586066)

... Cuba!

Hmm (4, Interesting)

Saiyaman (859809) | about 9 years ago | (#13585377)

I have gotton various things, at methlabs.org it says to ignore e-mails I get from anyone about PG unless it is from @methlabs.org. In an e-mail I got from someone else saying to go to the Sourceforge site. So for the time being, I probabaly will not download anything from either place since I don't know who to believe.

Re:Hmm (1, Informative)

Anonymous Coward | about 9 years ago | (#13585457)

I RTFA'd:

However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine.

Re:Hmm (3, Interesting)

Xarius (691264) | about 9 years ago | (#13585482)

At the bottom of the article:

UPDATE: William Erwin, now confirmed as the hijacker, has posted news on Methlabs.org, claiming the hijacking news is false and stems from a revolt by former team members.

However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine.

PeerGuardian users are advised to stop using the Methlabs.org and Blocklist.org hosted blocklists in favor of the Bluetack list.


I'd probably believe all of this is true, if it's all lies then the person who is in control of methlabs.org would have already set a libel lawsuit rolling methinks.

Re:Hmm (2, Informative)

Anonymous Coward | about 9 years ago | (#13585550)

Alternative blacklists from:
http://bluetack.co.uk/config/sources.txt [bluetack.co.uk]

PG,http://www.bluetack.co.uk/config/ads-trackers-a nd-bad-pr0n.txt,Ad [bluetack.co.uk] Trackers,0,Ads Ad-Trackers and Bad Porn
PG,http://www.bluetack.co.uk/config/level1.txt,Lev el [bluetack.co.uk] 1,0,Level 1 Basic Blocklist
PG,http://www.bluetack.co.uk/config/level2.txt,Lev el [bluetack.co.uk] 2 Corp,0,Level 2 Corporate Ranges
PG,http://www.bluetack.co.uk/config/bogon.txt,Bogo n [bluetack.co.uk] Ranges,0,Bogon Addresses List
PG,http://www.bluetack.co.uk/config/dshield.txt,DS hield [bluetack.co.uk] Recommended,0,DShield Blocklist - More info @ www.dshield.org
PG,http://www.bluetack.co.uk/config/edu.txt,Edu [bluetack.co.uk] Ranges,0,Educational Institution Ranges
PG,http://www.bluetack.co.uk/config/hijacked.txt,H ijacked [bluetack.co.uk] IP Blocks,0,Hijacked IP Ranges List
PG,http://www.bluetack.co.uk/config/iana-multicast .txt,IANA [bluetack.co.uk] Multicast,0,IANA Multicast Addresses
PG,http://www.bluetack.co.uk/config/iana-private.t xt,IANA [bluetack.co.uk] Private,0,IANA Private Addresses
PG,http://www.bluetack.co.uk/config/iana-reserved. txt,IANA [bluetack.co.uk] Reserved,0,IANA Reserved Addresses
DONK,http://www.bluetack.co.uk/config/exclusions.t xt,Master [bluetack.co.uk] Exclusions,0,Recommended Exclusions List
PG,http://www.bluetack.co.uk/config/Microsoft.txt [bluetack.co.uk] , Microsoft Related,0,Microsoft Associated Addresses List
PG,http://www.bluetack.co.uk/config/fornonlancompu ters.txt,Non-LAN [bluetack.co.uk] List,0,LAN Blacklist 0.* 10.* and 192.168.* Ranges
PG,http://www.bluetack.co.uk/config/spider.txt,Spi ders [bluetack.co.uk] List,0,Webspiders and Bots
PG,http://www.bluetack.co.uk/config/spyware.txt,Sp yware [bluetack.co.uk] List,0,Spyware and Malware
PG,http://www.bluetack.co.uk/config/trojan.txt,Tro jan [bluetack.co.uk] & Portscanners,0,The Trojan Port Hits and Scans List

Sort him out (0)

Anonymous Coward | about 9 years ago | (#13585381)

Just go round and break his legs. Simple.

hmmm (1)

OSXpert (560516) | about 9 years ago | (#13585383)

Is there anyway we can show our support for PeerGuardian? Like maybe blacklist the people who did this?

oh wait....

Dupe! (5, Interesting)

Bogtha (906264) | about 9 years ago | (#13585384)

Not really. But it sounds almost exactly the same as what Michael Sims, the Slashdot editor, did to the Censorware Project [sethf.com] .

Expecting a bitchslap in 5... 4... 3...

Re:Dupe! (1)

Seth Finklestein (582901) | about 9 years ago | (#13585548)

No need. The real Seth Finkelstein got Michael Sims fired [sethf.com] earlier this year. Now all you have to fear is the ignorance of Slashdot "editor" Zonk, who quite frankly is too stupid to be evil.

Consider the jihad (5, Funny)

la_migra (905024) | about 9 years ago | (#13585559)

This and other injustices perpetrated by slashdot's editors are documented within the pages of Anti-slash: Sacred Jihad Against Slashdot [anti-slash.org] . We invite you to join our community and force slashdot's editors to answer for their crimes.

In Sacred Jihad,

jihadi_31337

Michael is no longer employed here. (0)

Anonymous Coward | about 9 years ago | (#13585617)

^subject.

Re:Dupe! (0)

Anonymous Coward | about 9 years ago | (#13585627)

BURN MICHAEL! BURN MICHAEL!

Ironically... (4, Funny)

bigtallmofo (695287) | about 9 years ago | (#13585387)

This kind of thing happens all the time in real methamphetamine labs across the country.

A group of like-minded people pool their resources within an abandoned house to create something and inevitably one of them puts a padlock on the formerly abandoned house to keep it all for himself.

Re:Ironically... (0)

Anonymous Coward | about 9 years ago | (#13585531)

Spoken like one who knows.

Product Explanation? (1)

jgbishop (861610) | about 9 years ago | (#13585395)

For the uninformed among us (myself included), what is PeerGuardian?

Re:Product Explanation? (4, Informative)

ravenspear (756059) | about 9 years ago | (#13585430)

http://en.wikipedia.org/wiki/PeerGuardian [wikipedia.org]

PeerGuardian and PeerGuardian 2 are free and open source software firewalls capable of blocking incoming and outgoing IP addresses. The application uses a blocklist of IP addresses to filter the computers of several organisations, including the RIAA and MPAA while using filesharing networks such as FastTrack and BitTorrent. The system is also capable of blocking advertising, spyware, government and educational ranges, depending upon user preferences.

Re:Product Explanation? (1)

MetalliQaZ (539913) | about 9 years ago | (#13585493)

Since most of the P2P "snooping" that yields the lawsuits well all read about is done by 3rd party companies on behalf of the RIAA/MPAA, I don't see how this would help at all.

I don't use PeerGuardian because I know it offers no _real_ security.

-d

Re:Product Explanation? (2, Interesting)

91degrees (207121) | about 9 years ago | (#13585534)

But it lists most of the third party companies that snoop as well. If there is a whole, people are encouraged to report it.

And besides - Isn't poor secuirity at least a little better than no security?

Re:Product Explanation? (1)

Geoffreyerffoeg (729040) | about 9 years ago | (#13585804)

And besides - Isn't poor secuirity at least a little better than no security?

No security and no need for it is better than depending on poor security. I don't know about him, but one reason I avoid P2P is because it's too risky.

Re:Product Explanation? (2)

MstrFool (127346) | about 9 years ago | (#13586032)

The RIAA, MPAA and malware folks everywhere thank you for your stance. A point you seem to have over looked is that it is not just for blocking in P2P situations, the lists are also simple to use to block bad sites for other applications. The though of 'I don't need protection because I am doing nothing wrong' is rather shortsighted and is the reason for so many compromised systems on the net today. Also, carry the thought over into other things and you can see how silly the idea is. I can pick a deadbolt lock nearly as fast as most people can use a key, yet I still use locks on my door. If you will only use something that is 100% perfect then I think you will have a hard time ever finding anything in the world that you can use.

Re:Product Explanation? (0, Troll)

Cyno (85911) | about 9 years ago | (#13586241)

I can pick a deadbolt lock nearly as fast as most people can use a key, yet I still use locks on my door.

Exactly, so why should I buy a deadbolt lock, or even take the time to install one?

Besides, my computers run faster without antivirus software, firewalls, etc.

I don't care what you, the RIAA, MPAA, malware folks or anyone else thinks about it. Because I know you're all stupid. I mean it. Seriously. Freakin morons.

Re:Product Explanation? (1)

bad-badtz-maru (119524) | about 9 years ago | (#13585696)


What is "real" security? Security is not a fixed state, it's a set of layers and processes. PG is one layer and it +is+ effective.

The 3rd party companies have names and IP spaces...

Does PeerGuardian really work? (1)

antdude (79039) | about 9 years ago | (#13585406)

Does it really cut down the number of connections by listed IP addresses? I heard it doesn't stop them.

Re:Does PeerGuardian really work? (3, Informative)

PhrostyMcByte (589271) | about 9 years ago | (#13585448)

We keep track of various organizations as best we can. I don't have a link on hand but I do remember a study folks at MIT did (couple years ago) that showed PeerGuardian caused a 75% reduction in fake/corrupt files on Kazaa.

Re:Does PeerGuardian really work? (2, Insightful)

Arker (91948) | about 9 years ago | (#13586164)

Indeed, I loaded the safepeer plugin for azureus a few days ago (correct me if I'm wrong, but I believe it uses the peerguardian list) and the console is just FULL of blocked connections. I was a little shocked at the number.

However, looking through the logs, I wonder if it's being overly aggressive. It seems like it's blocking, for instance, all government addresses, and lots of 'private customer' addresses at major ISPs. Perhaps I'm just misunderstanding the classification categories?

I don't actually share anything that the *IAA types are likely to be looking for, which makes it even stranger that so many blocked addresses are trying to connect to me. Or, again, I may be just completely misunderstanding something...

Re:Does PeerGuardian really work? (3, Informative)

PhrostyMcByte (589271) | about 9 years ago | (#13586207)

The lists got a bit inaccurate over time. We had just got Blocklist.org setup so we could review all the blocked ranges, but then a month later this happens :(

Oh well. We'll recover.

It's obvious why he did this.... (0)

Anonymous Coward | about 9 years ago | (#13585418)

The domain is methlabs.org

The guy who did this is in Snowmass Village, CO

Snow...meth...the guy is obviously on crack.

A question... (2, Interesting)

darkitecture (627408) | about 9 years ago | (#13585449)


I'm reluctant to update my lists using either source at the moment until it's cleared up. The plan for me is to keep the status quo until told otherwise from a reputable source.

I have a problem though; I have two main computers I use regularly and one of them was last updated on the 11th of September, the other on the 14th of September. The $64,000 question is:

Which of my computers, if any, are using reputable blocklists?

I don't know when this coup was started and thus I don't know at what stage we were supposed to stop trusting the auto-updating. I've already turned off my auto-updating for PG2 on both computers but I'd like some info on whether my current lists have been 'tainted.' By the sounds of it, this was a bit of a 'slow mutiny' so I'm somewhat paranoid that the lists may have been compromised far earlier than say, a week ago and thus this is all null and void. Needless to say, we just don't know at the moment.

Any info from some reputable PG2 personnel (I've seen you guys post here before, PS - love your work! I donate!) would go a very, very long way.

Re:A question... (4, Informative)

PhrostyMcByte (589271) | about 9 years ago | (#13585477)

The last safe backup we have was taken on September 9th, pretty much right before all hell broke loose.

Bluetack may go a bit overkill on who they block on their lists, but they are generally trusted by the community. We'd rather users setup PeerGuardian to use our competitors lists than use possibly unsafe lists from a compromised server.

We setup instructions [sf.net] to switch to the Bluetack lists if anyone is interested.

Re:A question... (1)

tangles (241229) | about 9 years ago | (#13586184)

I was extremely interested in these instructions. Thank you.

Update on the Methlabs.org site (5, Informative)

Rac3r5 (804639) | about 9 years ago | (#13585460)

I visited the Methlabs.org site and I found this. Seems like the complete opposite of what I read on the other site, like some conspiracy.

http://www.slyck.com/news.php?story=913 [slyck.com]

Methlabs Update

September 16th, 2005 by Administrator

"Dear Methlabs and P2P Community,

Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data.

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums (http://methlabs.org/forums/ [methlabs.org] ) and change your password. We sincerely apologize for this issue. As of right now, the Methlabs site is back online, although forum posts from the past month have been lost.

Since all the data was stolen by former staff members, YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs. If they do not come from the Methlabs.org domain and from our email servers, DO NOT BELIEVE THEM.

We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted.

To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay. The current real news is that PeerGuardian development and Blocklist development is on schedule, and Blocklist should be out of Beta within the next week or so.

Please spread the word that Methlabs.org is ALIVE and DO NOT believe or TRUST any emails that do not come directly from Methlabs.org and our mail servers. These emails are from disgruntled staff members trying to hurt the P2P community as a whole.

We apoligize for the current situation. Please visit http://methlabs.org/ [methlabs.org] for OFFICIAL updates, and help us spread the word!

- The Methlabs Team"

Re:Update on the Methlabs.org site (4, Insightful)

Henry V .009 (518000) | about 9 years ago | (#13585526)

"we had several former staff members revolt against the entire P2P community as a whole"

Yeah, that's a really believable line. The site has obviously been hijacked.

Re:Update on the Methlabs.org site (0)

Anonymous Coward | about 9 years ago | (#13585562)

All of the founders and developers were kicked out by a server admin and his lackey. Obviously you'll make your own decision but it's pretty common sense to me.

Re:Update on the Methlabs.org site (5, Interesting)

Johnny Doughnuts (767951) | about 9 years ago | (#13585586)

I know Ken (d3f) personally, and most of the ml.org staff. Ken would shoot someone for putting up a message like that.

Re:Update on the Methlabs.org site (4, Funny)

gbjbaanb (229885) | about 9 years ago | (#13585641)

YOU MAY RECIEVE FAKE EMAILS that look like they are from Methlabs

Really? Hey guys, I think I got one, but I'm not sure this one isn't for real:

Dear Sir:

                I have been requested by the Methlabs and P2P Company to contact you for assistance in resolving a matter. The Methlabs and P2P Company has recently concluded a revolution where several high ranking members of the Company attempted to wipe the company servers of data and abscond with funds totalling $400 gazillion dollars. It is of uptmost concern to us that these funds not find their way into the hands of revolutionaries and so we ask your assistance.

                You assistance is requested as a non-Methlabs member to assist the Methlabs and P2P Company, and also the Peerguardian Community, in moving these funds out of Methlabs. If the funds can be transferred to your name, in your United States account, then you can forward the funds as directed by the Methlabs and P2P Company. In exchange for your accomodating services, the Methlabs and P2P Company would agree to allow you to retain 10%, or US$4 million of this amount.

                However, to be a legitimate transferee of these moneys according to ICANN law, you must presently be a depositor of at least US$100,000 in a Nigerian bank which is regulated by the Central Bank of Nigeria.

                If it will be possible for you to assist us, we would be most grateful. We suggest that you meet with us in person on the forums, and that during your visit I introduce you to the representatives of the Methlabs and P2P Company, as well as with certain officials of the PeerGuardian community.

                Please call me at your earliest convenience at [Phone Number]. Time is of the essence in this matter; very quickly the revolutionaries will realize that the server backup was intact and will attempt to transfer it to another domain.

Yours truly, etc.

Did other members get an email like this? (4, Insightful)

basil montreal (714771) | about 9 years ago | (#13585683)

"Dear Member,

The majority of the Methlabs.org administration and development team have been forced out of their website following a series of threats and incidents. The member of the group that had been trusted to handle the finances and servers slowly managed to take over each individual part of the web site's assets, eventually claiming control over the entire group and locking out the majority of staff.

The organisation's founders, Tim Leonard and Ken McKelland, as well as the majority of the organisation's staff and developers (including the main developer of the PeerGuardian2 application, Cory Nelson and the staff members responsible for auditing the PeerGuardian Blocklists) have all been forcibly removed from the servers that were funded from donations given to the organisation by happy users, and from text advertising placed on the websites forum and project pages.

The money, which was to have been used to help fund the development and hosting costs of the group is now unavailable, stolen by the one who was trusted to keep it.

Development of PeerGuardian will resume, and the website will temporarily move to http://peerguardian.sourceforge.net/ [sourceforge.net] until a new domain is registered and a new server found. The intention of the group is to register a non-profit organisation to handle the development of Methlabs applications and to promote open source projects that aid both security, privacy and peer-to-peer technologies, in order to prevent a repeat of this incident.

The team wish all their users the best through this difficult time, but promise that development will continue. Please visit http://peerguardian.sf.net/ [sf.net] for news as we make progress. All other sites, including http://methlabs.org/ [methlabs.org] and http://blocklist.org/ [blocklist.org] are under control of the rogue member and should not be trusted for safe updates to our applications or lists.

A new build of PeerGuardian will be released soon to reflect these changes. Until then we ask you to continue using Beta 6a but with caution as the update servers are no longer under our control.

All staff are available in irc.freenode.net, channel #methlabs if you wish to chat.

Thanks, The Methlabs Staff (looking for a new home) -----

Adam Hoier, Cory Nelson, Eric Mayuk, Fox Lowe, James Shanelec, Joseph Farthing, Ken McKelland, Steffen Tuzar, Tim Leonard

aka

braindancer, D3F, fox, FuRiOuS1, JFM, KuKIE, method, phrosty, r00ted"

Re:Update on the Methlabs.org site (2, Insightful)

Geoffreyerffoeg (729040) | about 9 years ago | (#13585790)

"Recently, we had several former staff members revolt against the entire P2P community as a whole. They tried to sabatoge Methlabs and attempted to wipe the Methlabs server of all its data."

"To update everyone on the current situation, there has been some news going around the Internet of a revolt which happened in Methlabs. This is hearsay."

Say what? Was there a revolt or wasn't there? The other side's story isn't self-contradictory.

"We assure you that Methlabs development will continue, and ALL OFFICIAL PROGRAMS MUST be downloaded directly from Methlabs.org . Assume that all other sites contain spyware or malicious code which may not be directly trusted."

This looks suspicious to me. Isn't it possible to do a DNS spoof or a simple web server attack and get access to methlabs.org? Shouldn't any site worth anything have reliable, trusted backups?

And shouldn't the site post hashes of several recent releases instead of simply saying "download from here only, honest!"?

"We would like to you login to the Methlabs forums (http://methlabs.org/forums/ [methlabs.org] ) and change your password."

Actually, go straight to the Methlabs forums and change your password to something completely random. And if you used your old Methlabs password somewhere else, get rid of it. Assume for your password's sake that Methlabs.org and Methlabs-Team-in-Exile are both able to compromise your password.

But still, it's good to recognize this position. We don't know what happened, and the fate of a site this crucial to security is not something to jump to conclusions about.

Re:Update on the Methlabs.org site (1)

Haeleth (414428) | about 9 years ago | (#13586221)

Say what? Was there a revolt or wasn't there? The other side's story isn't self-contradictory.

Nor is this. It's not very well written, I'll grant you, but I think it's clear enough that what it's saying is basically "some of them left and then revolted against the rest of us. You have probably heard that I revolted against everyone else, and I deny that."

Sources for who to trust and not to trust in this. (2, Insightful)

Anonymous Coward | about 9 years ago | (#13585466)

Slyck.com, Zeropaid.com, UniteTheCows.com, p2pnet.net, p2pconsortium.com and many others are saying the same thing... even the person who started the whole thing and who the domain name is named after has been locked out.

Officially, according to the founders of the community, their lead article writer, almost all senior administrators and the software developer of PeerGuardian 2... methlabs.org was hijacked.

peerguardian.sourceforge.net IS trustworthy.

(it's where the developers, founders, etc. are saying to go for new releases.)

"login ... and change your password" = danger (5, Insightful)

dsandler (224364) | about 9 years ago | (#13585474)

Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog [methlabs.org] is causing the Lost-In-Space-Robot in my head to wave its arms madly [wikipedia.org] :

Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums ([url redacted]) and change your password. We sincerely apologize for this issue.

If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks [passcracking.com] , and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."

The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.

Attack of the PeerGuardian Robots (5, Funny)

hackwrench (573697) | about 9 years ago | (#13585475)

We are the PeerGuardian Robots
We are here to protect you
We are here to protect you from the terrible secret of PeerGuardian
Do not trust the Methlabs Robot. He is malfunctioning
Do not trust the Sourceforge robot. He is inferior.

Nice biased summary (0)

Reality Master 101 (179095) | about 9 years ago | (#13585481)

Sheesh, maybe, just maybe, Scuttlemonkey, there is more to the story than the one side's view of events? Why are you assuming there is a "hijack" going on here?

Re:Nice biased summary (0)

Anonymous Coward | about 9 years ago | (#13585561)

Scuttlemonkey just put the story up. One that's been reported on Slyck. One that has contacted the leads of the project.

I'd say at most a mutiny has taken place. That would also be a form of hijacking.

I've got a better idea (-1, Offtopic)

po8 (187055) | about 9 years ago | (#13585512)

Stop using blacklists altogether. It isn't like the experiment hasn't been tried and failed. Folks have been using them for many years now, in increasing numbers, and the quantity of spam has decreased not at all, while many legitimate mails have been inadvertently (or intentionally, in some cases) squelched. Blacklists represent a ridiculously bad tradeoff of reliability for security, to the point that they do serve a useful function for me; I can tell who has a clue about running a mail system by whether they have them turned on or not.

Re:I've got a better idea (3, Informative)

Seumas (6865) | about 9 years ago | (#13585566)

PeerGaurdian isn't about spam email blocking. It's about blocking IPs that belong to MPAA/RIAA/DOJ/Government/BSA and other organizations that flood p2p networks, looking to gather information on you and send you a lawsuit.

Re:I've got a better idea (1)

moxley (895517) | about 9 years ago | (#13585902)

And this is certainly one thing to consider when you think about why someone would do this - The government and big business and slimy groups like the RIAA and MPAA (who think it's okay to have your computer to ensure that you're aren't doing anything they consider wrong, and don't think shey should be liable if they happen to damage it) have a lot of money and many forms of coercion, bribery and inteimidation to accomplish their goals. THey'd like nothing better than to take over something they know people depend upon to keep p2p free of shams. Just reading that Erwin guy's response, to me it seems fairly obvious that he is using fear based tactics to try to scare people from even really looking into the situation....

Re:I've got a better idea (1, Informative)

Anonymous Coward | about 9 years ago | (#13585711)

Peerguardian has nothing to do with spam, primarily its designed to keep the RIAA and MPAA (and thier slimy bloodhounds) from connecting to your PC whilst you are using P2P file sharing software. Of course, you can add known spammers to your list of Ip's to block, but this really isnt an RBL system for e-mail.

As for the flaw of RBL's, I do agree that they are not perfect. A much better blacklisting scheme is to generate your own local temporary blacklists based on mail (and mailservers) which appear to be spamming. http://www.acme.com/mail_filtering/introduction_fr ameset.html [acme.com] has a good article on such things. By and large though, you are right, RBL's fall down because they are not Realtime enough. They don't adapt to false negative or positive conditions fast enough to be relied on as a anti-spam measure.

Re:I've got a better idea (3, Informative)

evilviper (135110) | about 9 years ago | (#13585751)

PeerGuardian is not for e-mail, it's for P2P networks.

Also, I don't know how you can believe that blacklists are useless. I'm down to only about a spam a day, despite my current primary e-mail address being listed all over the internet for years now. Obviously, your choice of blacklists is important, and using other metrics as well helps.

Besides that, the forces at work in P2P spam are completely different than that of e-mail spam. I can vouch for the PeerGuardian blacklist being extremely effective at blocking probably 99% of P2P spam, and making that last 1% look far less legitimate, and far less likely to be selected.

Re:I've got a better idea (1)

Jugalator (259273) | about 9 years ago | (#13586022)

Hmm, are you saying you're using PeerGuardian's blacklists against spam? Or just giving another example of blacklist usage?

If PeerGuardian doesn't block spam, just connections to you via IP ranges, I'm interested in an open source e-mail client independent solution (i.e. like a proxy?) for spam blocking via common blacklists. Anyone know such a product? :-)

Too Bad... Sooo Sad...Another CDDB (1)

Macfox (50100) | about 9 years ago | (#13585551)

I noticed this just last week. The forums went offline and there hasn't been hardly any moderator updates made to correct the mistakes in the IP DB.

Many of the mistakes can be put down to them assuming whois.sc IP location is current, when in fact much of it's historical.

I was getting frustrated trying to get a couple of updates done, but there are 100's of mislabelled/ named IP ranges yet to be addressed. It's now obvious why nothing was being done.

If the blocklist isn't going to be updated regularly and with reasonable accuracy, then there's not much point to it.

As the article states time to source your blocklist elsewhere...Just another CDDB type fiasco.

Seems both sides are accusing the other. (1)

91degrees (207121) | about 9 years ago | (#13585583)

and oddly, both sides are encouraging people not to use the other sides list.

These are just blacklists aren't they? Having both will - at worst - mean that too many IP addresses are blocked. Why no tuse both lists until we can find out what's happening?

the problem with "news" sites (1, Interesting)

SuperBanana (662181) | about 9 years ago | (#13585606)

...is that we really don't know who to believe, especially since nobody has bothered to the things journalists do. Like go out and interview people, corroborate stories, and so on.

We get:

"However, after speaking to the Methlabs team and various connected members of the community, P2Pnet, SuprNova and Slyck can all confirm that the original story that the domain has been hijacked is genuine"

So "Slyck News" is claiming they've done so- but they haven't given any names, quotes, or details as to how they arrived at this conclusion?

The whole thing is one Big Internet Drama, and pardon me if I just don't care.

No honour amongst theives. (1, Informative)

Chmarr (18662) | about 9 years ago | (#13585634)

No honour amongst thieves.

Okay, I'm NOT saying that ALL P2P users are thieves, but I don't think ANYONE in their right mind is going to argue that copyright violations is not the majority use of P2P networks.

So... EVEN IF a handful of folk in a group are using P2P software for utterly and totally legitimate purposes, the majority aren't, and of THOSE people, their sense of ethics is at least tainted, and most likely totally horked.

So... takeover of a P2P-related group by one of its members? No surprise there. Roll in the next drama please.

Re:No honour amongst theives. (0)

Anonymous Coward | about 9 years ago | (#13585695)

For the last time, copyright violation isn't theft.

And some people don't even believe in copyright.

If it was against the law to marry a homosexual, and you loved a homosexual, would you refuse to marry him?

Re:No honour amongst theives. (-1, Flamebait)

Anonymous Coward | about 9 years ago | (#13585841)

Umm.. it is theft.. Someone is selling a product (musice, movies, ect.. ) and your getting it for free. Anyway you slice it its wrong..

So I guess if someone wanted you dead it would be fine for them to kill you as long as they didn't believe in murder being a violation..

Re:No honour amongst theives. (0)

Anonymous Coward | about 9 years ago | (#13586188)

Why the fuck can't infringement be wrong and not theft at the same time? There are lots of things that are wrong and not theft. Murder is wrong (as you so astutely point out) and not theft.

Some forms of copyright infringement are wrong, but that DOESN'T MAKE THEM THEFT.

Re:No honour amongst theives. (1)

globalar (669767) | about 9 years ago | (#13585771)

The thieves reference feels like a troll (obviously infringment is not theft). History is rife with "unethical" actions involving patents, trademarks, copyright, etc - by corporations and individuals. There is no honor in business and consumerism period. Selling and buying is about self-interest.

But it bothers me that you cite ethics. Ethics is not synonymous with the law. The whole notion of "intellectual property" in modern economies could be argued as unethical. The law, generally, conveniences those who enacted it. I don't remember having a specific vote on copyright laws, do you?

Re:No honour amongst theives. (3, Interesting)

Chmarr (18662) | about 9 years ago | (#13585868)

Yes, I agree that the use of 'theft' is inappropriate. However, it really is drawn out to say 'copyright violation' all the time. Can we take it as read that I DO understand the difference between theft of proprty, and the unlawful redistribution of information ?

And, no, you don't get a specific vote on copyright law. You didn't get a specific vote on a bunch of things. You live in a republic, not a democracy. The last TRUE democracy was ancient Greece, where they voted on near everything, and things didn't turn out so well for them :)

My point (and I really don't see why it was labelled 'off topic'... even 'flamebait' might have been more accurate) was that P2P communities are rife with people that just want their free stuff, and they don't give a damn who they hurt. So, it should be NO surprise that one of them turned against the PeerGuardian developers. William wanted his free stuff - where 'stuff' here meant the methlabs.org site - and he didn't give a damn who he hurt.

No surprise whatsoever.

If one wants to deal only with ethical people, don't create programs that will attract a highly disproportionate amount of unethical people.

Re:No honour amongst theives. (0)

Arker (91948) | about 9 years ago | (#13586235)

Can we take it as read that I DO understand the difference between theft of proprty, and the unlawful redistribution of information ?

If we take it as read that you do understand the difference, but you persist in calling copyright infringement 'theft' anyway, then we must conclude that you're being deliberately deceptive, or trolling.

and I really don't see why it was labelled 'off topic'... even 'flamebait' might have been more accurate

I agree. Troll would have been even better.

If one wants to deal only with ethical people, don't create programs that will attract a highly disproportionate amount of unethical people.

You're working hard to imply that there is an ethical problem with the use of P2P technology, or with what PeerGuardian did, which was making available a list of IPs that were used to sabotage P2P technology in order to allow P2P users to avoid the sabotage. I don't see it, and you haven't given any basis for it.

We're clear, are we not, that P2P is not used for theft?

While it can be used for copyright infringement, which some people might feel poses an ethical problem, that is FAR from the only use of it, so even if we grant that copyright infringement is ethically problematic for the sake of argument, that still doesn't mean there is anything ethically wrong with using and defending non-infringing use of P2P.

So really, I have to say I think you're indulging in that old, dishonourable, and definately ethically problematic game of 'blame the victim' here.

Society is rife with unethical people these days, unfortunately, and if you look carefully you can find one in nearly any organisation, regardless of whether the organisation itself is ethically questionable or not.

Grow the fuck up (0, Offtopic)

Tankko (911999) | about 9 years ago | (#13585666)

nt

slashmelt the hijacked server (1)

alex4u2nv (869827) | about 9 years ago | (#13585706)

[methlab_member]: Wanna hijack my server?!?! well guess what, its gonna get slashmeleted!

Sue (4, Insightful)

Nom du Keyboard (633989) | about 9 years ago | (#13585760)

Anyone who contributed money to PG support should be suing the person who forced the rest of the team out for fraud and theft. I would expect them to have standing in court to pursue such a claim, and could make life very difficult for this apparent criminal.

What are these things? (0)

Anonymous Coward | about 9 years ago | (#13585879)

One sounds like it is a drugs factory, and the other one sounds like some government monitoring thing, so the title makes sense.

MPAA/RIAA (2, Interesting)

kd5ujz (640580) | about 9 years ago | (#13585895)

Could the admin have been influenced (via loads of cash) to cause this confusion. Remove or modigy all MPAA/RIAA ip addresses, and make sure they do not go anywhere else for updates? If I was one of the above orginizations, that is what I would do.

SourceForge... (1)

JediLow (831100) | about 9 years ago | (#13585961)

For all of you that believe that the Methlabs.org is actually telling the truth you have to realize that PeerGuardian has existed on SourceForge for a while now; leading the whole 'Only download from Methlabs.org' and all of that to be very suspicious...

context plz (2, Insightful)

taybin (622573) | about 9 years ago | (#13586070)

Could someone tell me who the hell methlabs.org and PeerGuardian are? I've never heard of them before.

Now that they're divided (1)

Nom du Keyboard (633989) | about 9 years ago | (#13586093)

Now that they're divided, I wouldn't be surprised at all to see the ??AA swoop in and compromise at least one of the two (or more) sides. Sounds like this is over money, which the ??AA has in abundance. How long before the blocklist has just a tiny little hole in it waiting to be exploited?

Download location hasn't changed! (1)

chasingsol (743706) | about 9 years ago | (#13586218)

peerguardian.sourceforge.net has always been the location to download the PeerGuardian software, that hasn't changed. It's the only place that the 'hijacker' couldn't take over.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>