NASLite Network Attached Storage

I wouldn't say skilled, many 13 year olds can do as he / she done. Thousands on the net can do it. He / she picked a small program to decode and was probably his / her first! and thought he / she hit the jackpot. Major scoop server elements takes control of your pc reports all you files on your server and how many times you take a pee / piss.

galps
I didn't like his / her attitude "(ps, I hope this isnt something you would do, but just in case, removing this post without explanation will force me to release this information publically so that your customers know what you're doing)"

galps
If he / she is so concerned about ones behaviour then may be his first port of call should be ones ISP. they log far more then Naslite+

galps
Lamer springs to mind.

am i a fanboi? quite frankly i don't give a dam. Naslite+ is a great product and i fully support it, theres always people like you, always trying to put a spanner in the works.

I think this thread should be removed it serves no purpose other then to expose you as a " " "i'll let the other readers fill in the missing section"

edeng - youve been a supportive poster on this forum (form what I've read), but on this issue you sound like a company shill. So back off and let the folks talk without the personal attacks.

tony - I understand your licensing/pirating concerns. You have a right to protect your intellectual property. At the same time, your largest customer base seems to be the OSS community, which likes to open stuff up and look around. You shouldnt be surprised when people take it apart to see how it ticks. It happens to Redhat every minute.

If galps had posted instructions in your forum on how to defeat the mechanism, that would be wrong. But he didnt, he asked a question and listed the code as proof.

galps - rock on!

I just bought NASLite+ a week ago and am happy with it. It's an excellent product for the price. Keep up the good work. You are living the dream of a small, profitable enterprise. Many of us "large company droids" are envious!

An active forum with lots of posts and (positive) interaction from owners is key to a great products continued commercial viability in the future.

I totally agree with you I shouldnt have lowered myself to personal attacks, My mindset is to never say anything to anyone in a forum that I wouldnt say face to face, and I don't know if he is bigger then me. If I hurt his feelings I am sorry. out of 140 odd posts I have done my best to help users of naslite, I am no expert but if I can help someone solve a problem then I am happy. thinking about it i might look like a company shill, ( could do with that cheque right now

Sorry to everyone i may have offended with my posts, and spoiling this forum.

Eden

Hello flyman,

Your post is probably one of the most genuine and morale-boosting bits of communication I’ve seen on this forum. It’s good to know that folks like yourself use NASLite and like it enough to jump in with a few kind words.



By posting the string encryption code galps has provided the means for one to derive a license ID from the data passed by the browser. I’m pretty sure that qualifies as a defeat to the mechanism.

There is no law that prohibits the transmission of a license ID and a MAC address in encrypted form via a browser, especially in this context. There is however a law that prohibits the circumvention of anti-piracy measures. It’s called the Digital Millennium Copyright Act, and galps can read it’s contents in full at the following URL:

http://www.gseis.ucla.edu/iclp/dmca1.htm

Again, I understand the curiosity, but unless galps is absolutely clueless about the code contents he posted, there is no excuse for releasing the unobfuscated strings publicly.

Anyway, water under the bridge…

This was indeed an interesting read.

However something that i think that may have been missed (or at least not discussed properly) is the correct way to discuss these kinds of matters.

It is common etiquete when finding a security hole, bug or quirk to FIRST e-mail the author of the software directly and in private.

It is also perfectly acceptable to say in this communication "please get back to me within a week or im going public".

This allows genuine holes or misunderstadings to be sorted out behind the scenes. If the author is not responsive then the reporter can still go public.

However when they go public with licensed code they SHOULD NOT release the code. At the very most they should give the reader clues as to where to look.

Naslite+ is not free, and is the work of coders that have every right to keep it closed source within any license they feel suits them and the GPL base it is built on.

Making money from Linux is ALWAYS hard and FUD like this can have a significant impacy on PR and sales.

IMHO the original poster handled this completely wrong. I understand his sentiments and he obviously has skills so i am disapointed he didnt have the fortitude to think this through from both sides of the fence.

Lastly for any new users thinking of buying Naslite+. IMHO this concern is completly and utterly meaningless in the real world... your privacy is invaded more by using a store card to buy a pint of milk.

I know this is an old post, and that by responding to it, I may be re-igniting a dormant volcano, but so be it.

I came across NASLite & NASLite+ a week or so ago, and have been reading through the posts in the forum as it appears to be something I could use, and this post drew to my attention a couple of potential negative issues, not least of which was the approach of some forum members in regard to privacy, however I am not here to discuss privacy.

Since I am not a lawyer, I will also avoid the licensing issues, I have no problem, conceptually, in paying the more than reasonable license fee - but I will say that there appear to be grey areas on how things are being done given my limited understanding of the open source license that is a given for any product based on linux.

The point that I wish to make, is that a statement has been made that there can be no back door since the product does not provide any facilities for a gateway - this, I do not agree with.

To make it clear - if the statement that the product does not provide any facilities for a gateway, simply means that there is no place to enter one - then this does not mean that the box has no way to reach the internet.

Setting a default gateway simply creates a default route to the outside world, something which can also be done manually.

Java code on the NAS box sends the client PC to the webserver which in turn pushes more java code to the PC, instructing it to get the default gateway and run a CLI instruction on the NAS box, setting a default route and you're done. You can take it one step further and put a script on the configuration diskette that runs at every power up of the NAS box.

Don't get me wrong, I am not saying that this is what is being done, but simply that the lack of a default gateway is no guarantee.

fordem,

I am not really sure what you are trying to say?
The author has said there is no backdoor in Naslite+ are you trying say there could be? or that just because it dont have a gateway it does not mean it cant have a backdoor.

Hello fordem,


Linux is just a kernel. Define a product based on Linux? There are a lot of proprietary user-space applications that run on top of the Linux kernel. That is why many libraries use LGPL licensing terms. There is plenty of documentation online to clarify your confusion regardless of whether you are a lawyer or not.


I made the statement that NASLite has no “concept of a gateway” meaning that there is no default gateway set in the kernel routing table. If that is not sufficient for one’s comfort, then placing a traffic sniffer on the LAN and examining the traffic should resolve the issue and establish satisfactory and conclusive results. Surely someone has done this already. After all, if the much more complex task of decrypting the management code was done; analyzing the NASLite network activities should not be a problem.


The whole point of NASLite is to reduce the number of binaries to the absolute bare essentials. Preventing the possibility of scenarios such as what you are describing is one of the reasons why NASLite does not include everything and the kitchen sink. It contains only an optimized set of binaries necessary for core functionality. The result of that approach is reliable, consistent, predictable and stable operation without unnecessary overhead.

Very interesting thread ... kudos to galps for posting! It's too bad some posts were not kept civilized. Ah well, eternal vigilence is the price of freedom, after all.

However, one question seems to remain, and beg for clarification.

Tony stated:
"The root account that the code creates is unnecessary and should have been removed prior to release."

So with NASLite+ v1.5 (which I think is the latest release), has the creation of this root account been removed?

Thanks,
Tarrant

Welcome =Tarrant=,

IMHO galps had a agender not quite sure what. His post was threaterning and not very civilized, after all this was his first post, and something that really should have been delt with behind the scenes. There was no great conspiracy after all, No collection of files on the server, No backdoor.

There seem to be a small number of new posters that seem to support galps in this thread, Which is a shame really, if they really want to be positive they should maybe post ideas for enhancements and tweaks. Enjoy using naslite its a great product.

As far as the root account goes since the start of this thread there have been no updates, look out for v2.


For new posters reading this and worried, i'd just like to clarify a few things, Naslite "DOES NOT" contain spyware and "DOES NOT" contain a backdoor.

=Tarrant= this is a great place to be and hope you continue supporting naslite.

So if I am reading this thread correctly the following conditions will blacklist my license number.

1. I swap out a network card in my pc.
2. I change my ip scheme.
3. I decide to use a different pc instead of the original pc.

The reason I'm asking this is because I will be doing number 3 since I downloaded the software at work and just tried it out before going home but now it seems my license will be tied to a work computer instead of one of my home computers. If this is the case it would be nice to state in writing that your license will be tied to the first computer you use it on.

VoiVod

Hi voivod,

if you was reading the thread correctly you would not have drawn that conclusion.

No where does it state a serial/license key is tied to one machine.
Quite clearly it states in the user manual that "if you wish to use NASlite+ simultaneously on multiple computers, multiple NASlite+ licences must be purchased from Server Elements."

Many people swap out network cards, change ip etc. and don't blacklist their license number.

Don't panic you are safe.

if you want to clarify the situation pop over to http://www.serverelements.com/documentation.php and download the manual its a *.pdf document. and the section you need is Licensing and Disclaimer.

I just wanted to post something in support of user galps. He found something that he considered questionable and so he posted here asking what it was about. He got an honest, straight forward answer from Server Elements and the matter was concluded.

Asking questions is not disloyal. In fact I'm pretty sure galps' sole reason for posting was to protect himself and others from what might have been either a big or an exploit.

To those of you that felt the need to condemn galps for his post I suggest leaving Server Elements to fight their own battles in future. They seemed quite well equipped to do so on this occasion.

John

John,

Its nice to know people like galps are watching our backs! heaven forbid it was neither BIG or an Exploit.

All water under the bridge now.

ps the server element guys are big enough and ugly enough to fight there own battles.

Eden

im not a software person, so alot of what you people are saying is over my head, but it seams like alot of you are worried about back door and spyware....
ive been using naslite to stream movies and do backups and works flawless...
ive been wondering if all the people that claim they found a way to open a back door to a naslite or worried some one will, has done the same with microsoft..cause they have backdoors, front doors, side doors, even a garage.

naslite to me is an great product and i recomend it to everyone...but its just storage solution..what about the operating system that you use.

ive seen more bugs, spyware, virus, and problems with them, hours to set up so that some buttwipe can get into it to get your stuff and that system costs way more...

we all need to know how are systems work...but not to email the author with the problem first i think was rude, just an opinion.

until i can buy windows xp pro for 20.00 ill send my complaints to microsoft first.....

sorry if this makes anybody upset