Since I have found out about TeamSpeak (from a friend), after many failed attempts to start it (but that's not the topic here), I started pondering...

First of all, many server builds segfaults on my system, and now it seems to be some library dependencies that were linked against a library version newer then mine. :mad:

Have I had the source , I might have been able to compile it to suit my library versoins, maybe try some patching to make it work on my system...

There are no configuration files. Nothing. Everything is done via a web interface, or so I read (remember, I haven't been able to start it yet). This means I am limited to what the web interface offers and no room for tweaking.
As a comparison, writing into smb.conf myself gives me loads of more flexibility then any visual configuration tool that I tried.
It may take a while to read the comments in squid.conf for example, but they tell you almost everything you need to know to make almost any kind of configuration you want.

Then, the documentation, it's wanderful, it's sublime, it's nonexistent. Barely a readme, no man pages, nothing about the server's command line parameters, files used, nothing.

I need to wander around like a blind man in the dark to try and find out what it does, where it does it and how...

The idea behind TeamSpeak is fantastic, but the installation package, documentation and support are appallingy poor when compared to other Linux server software.

And by no means last, there's a small issue of trust.
As everything I am running on my box (and it's quite a lot) is open-source using GPL or similar conditions, I find it hard to trust a binary only server that will have to run on my public IP too. With the poor documentation and little information that there is, I am almost ready to simply discard it as not worth the risk.

As I cannot review the source, I simply do not trust it. I have seen binary builds of sshd that failed checksum and they were proven to contain trojans.
Given these circumstances,
How can I trust tss?, assuming I will someday manage to get it working...


Let the client be whatever, do whatever. But the server is a totally different matter. I need to be able trust it.

I see no reason to and I won't trust it just because.
I don't trust Windows with the countless hidden features in it just because Micro$oft says so.

1) clam down

2) You do NOT need to use TS = use a other voice tool (or write it by yourself)

3) RC2 is very new and Niel and "his" guys are writing it in their spare time. Do you really belive they have time to write .txt or man files too ?
They promised a Doc will follow ! So have patience...

Originally posted by guldi
1) clam down

I am

2) You do NOT need to use TS = use a other voice tool (or write it by yourself)

True. But this doesn't mean I am forbidden to speak my mind regarding TS. Some of it I was hoping to be constructive criticism.


3) RC2 is very new and Niel and "his" guys are writing it in their spare time. Do you really belive they have time to write .txt or man files too ?
They promised a Doc will follow ! So have patience...
Oh, I know so well what that means. I figured as much.

One of my points: given "what is there", can anyone contribute? Can anyone tweak? Can anyone document?
No.

Can TS be trusted? My instinct tell me it can, but I know there is no way to know in the current context.

Originally posted by andrixnet

One of my points: given "what is there", can anyone contribute? Can anyone tweak? Can anyone document?
No.

Till now it has allways been posted when they were looking for help (=> just now they are lookingfor a webdesigner).

Can TS be trusted? My instinct tell me it can, but I know there is no way to know in the current context.

sound to me like a question of belive ??
shall I trust SuSE, Mandrak or however RedHat,.... ?

I understand your demand for the source, but so far they never released it.

I totally agree with andrixnet... we are talking trust here, and nothing is worse than an undocumented server binary!

As it is though, TS is so dam good I do run it, but on a closed box and run it with a specially created user that can't really do much else except run TS (all files are chown'ed/chmod'ed to this user also).

A little documentation and 'proof of concept' to endorse such a great product is really needed.

Nick

- documentation is in work.

- about trust.

i see 2 points about trust...

1: trust that we dont build in any trojans/backdoors etc.
you should have noticed that we give all our spare time
into this project. that we try to make a good product.
do you really think we would start to build something
like this into this project ? risking to loose all we worked
months for ? i could write alot of stuff... but seriously,
this cant be what you think. also if you do, i am sorry
for you and i feel really bad.

2: trust that our software cant be used for exploits etc.
until now we dont got any feedback about this. we try
ofcourse all our best to make it secure.
so you can trust this software or not, you have to decide.


(forgive my bad english...)

Hi Ralf,

Thanks for posting in this important discussion.

I don't think anybody is suggesting you, or any other TS member would do such a thing as to foobar code in a product like this.

But as it is now, it is a bit nubiferous as to what is going on - so there has to be a few doubts from the security side of things - and as andrixnet has, they need to be addressed and clarified - which will now happen :)

BTW, thanks for a great app!

Nick

- 1: trust that we dont build in any trojans/backdoors

I believe you. However I found this in my firewall logfile:

IN= OUT=ppp0 SRC=217.236.65.243 DST=213.202.250.101 LEN=709 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32799 DPT=45647 LEN=689

And a traceroute on that DST IP gave me:
traceroute to 213.202.250.101 (213.202.250.101), 30 hops max, 38 byte packets
1 217.5.98.102 (217.5.98.102) 53.645 ms 55.401 ms 61.571 ms
2 217.237.154.122 (217.237.154.122) 53.502 ms 53.185 ms 52.894 ms
3 F-EA1.F.DE.NET.DTAG.DE (62.154.17.170) 54.786 ms 55.807 ms 56.629 ms
4 pos3-0.router-01.co1.ngz-datacenter.net (213.202.192.1) 61.012 ms 59.501 ms 59.935 ms
5 bouncer.teamspeak.org (213.202.250.101) 60.160 ms 59.800 ms 61.736 ms

So please, could you tell me, what the server tries to do there every five minutes?

Also, I´d love to know why it takes 15 MB of RAM and then starts 8 instances of itself!

Apart from that: Thanks for TS!!!

Cheers, Ingo =;->

@ingo:
the server sends an udp packet every 5 minutes to us with some infos about: servers running, clients connected etc.

we have the problem that many companys earn money with our product and not going to give us the little we want for that. so for the start we decided to implent only this easy version about telling us who is hosting servers. we know its not the smartest :P
also many guys dont like this "home calling". we will enhance this in one of the next builds. so this udp packet is only needed in a special situation.

hope you understand that.

(heavy job to explain that in english actually..)

>hope you understand that.

Yes, I do. Even though I don't really like it of course. But it is anyway turned off through my firewall script, so it doesn't really matter.
And no, I´m not a company ;-)

>heavy job to explain that in english actually..

Ah, well, I posted this in the German thread first, but no one answered. That´s why I came here...

Cheers, Ingo =;->

i have it off on firewall too.
i agree that at least the server ought to be open sourced. Its hard to trust a closed binary.

on the issue of exploits. Exploits will be found if its open or closed, but if its open chances are they'll be found by the right people. -- TS isent big enough yet to attract much attention from the darker side of the internet.

also, maybe open source the clients only ?

because if you want TS to get around on linux, you NEED to get it onto apt and portage etc. most users would type "emerge teamspeak-client" rather than a tar.gz install. it'll get the client around everywhere fast. very fast, and then maybe the server would be in bigger demand.

If you want to get money from your server, in linux at least, you need to open source the client.

search the forum about opensource... i dont go to start this again.

we dont release the source... its better you get used to this really fast.

yes, i know what was said in those threads. just most of it isent valid, thats all.

I think it is valid.

I often wonder about M$ and the open source Linux Kernel (I mean, wht re-invent the wheel?)... how much do M$ steal from that? GPL does not protect open source from 'closed source' products like Windows - this could also explain why M$ fight tooth and nail to protect the Windows source ever being released.. no matter what the law courts decide.

So I can see Ralf's point, and as it is, it is fair enough.

But, as what started this, if you have a sucessful closed source product, then it needs correct documentation and proof of concept for it to even become 'trustworthy'.

But again, Ralf has already addressed that - it is coming - so that is sorted!

Nick

documentation isent by definition any more reason to trust a program than the binary is on face value.

i bet kazaa didnt say its spyware in the docs, ill also bet the M$ docs dont actually say their windows update is sending a list of all your installed programs to them. - i know TS is prob ok and i trust the authors, but then ive been using it for along time and i guess people coming to use it wont have been.

Guys,

I use Linux and I would also like to see this open sourced.

HOWEVER

For me, open source is also about choice. The authors of this software have decided to support our platform (thanks guys - the fact you did this means a lot to me), but they choose not to release it as open source. That is their choice and we should respect it. Endless carping on about how it should be open source is not showing respect for their choice and that it plain rude.

If you don't want to use this software, don't use it. If you do want to use it, abide by the licence that governs the software - you expect people to abide by the GPL - do the same for others. Do not insult them or their effort by telling them that they have to give their work and business away in order to fit in with your principles. If we choose to do that (and I give stuff away for free) that is our choice. They do not and that is theirs.

Mutual respect will get the open source movement a lot further than zealotry and that is what is showing in the undertones of this thread.

Please, stop it.

Thanks,
The Brain Murderer

oh yes, and i fully agree. i didnt mean to insult by demanding its open sourced, was just trying to say if the client was open it'd spread alot quicker (esp on linux platforms) and this would, in turn help their financial standings with the server. Just thought it was in the intrest of everyone.

by the way.... is "carping" and actual word ;-/

Originally posted by GNU
oh yes, and i fully agree. i didnt mean to insult by demanding its open sourced, was just trying to say if the client was open it'd spread alot quicker (esp on linux platforms) and this would, in turn help their financial standings with the server. Just thought it was in the intrest of everyone.

I think that there is the start of an api (just Pascal at the moment) that will allow access to the comms but don't quote me. Whether people will want to build open apps on top of a closed protocol is moot.

by the way.... is "carping" and actual word ;-/
"Carping on" is most definitely a legal insult - you are a Brit like me - look it up :D

Originally posted by Ingo
- 1: trust that we dont build in any trojans/backdoors

I believe you. However I found this in my firewall logfile:

IN= OUT=ppp0 SRC=217.236.65.243 DST=213.202.250.101 LEN=709 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32799 DPT=45647 LEN=689


Considering this find, trust looses a lot.
Given the minimal contents of the README file, it should have been mentioned there.

In the documentation, this must be described in detail as of what information is sent, where, when, and this information to be verifyable by packet analysis.

Second, aside from the firewall, the server should have a command line option, at least, to turn this off.

Originally posted by Ingo


Also, I´d love to know why it takes 15 MB of RAM and then starts 8 instances of itself!

Apart from that: Thanks for TS!!!

Cheers, Ingo =;->

This is another interesting issue.
What options are there to control the server at startup for memory usage, child processes...
I mean, on my machine I would have to give it almost half the existing RAM!!!

Originally posted by GNU
i have it off on firewall too.
i agree that at least the server ought to be open sourced. Its hard to trust a closed binary.



Has anyone managed to run TS in chroot environment?

Originally posted by R. Ludwig
search the forum about opensource... i dont go to start this again.

we dont release the source... its better you get used to this really fast.

I think I understand the reasons, and I think I can think of several more.

However, aside from the documentation that will come, hopefully soon, the security, privacy and resource management of the server, at least on the Linux platform, must be well known and must be well controllable.

Originally posted by Brain_Murders
Guys,
For me, open source is also about choice. The authors of this software have decided to support our platform (thanks guys - the fact you did this means a lot to me), but they choose not to release it as open source. That is their choice and we should respect it.

Thanks,
The Brain Murderer

I've pointed out several sensitive issues and that some would be helped by open source.

I do respect the author's choice about the source and will accept it as is. While doing so, I do hope these issues will be properly addressed.

Also, I must add that I am not at all interested in the TS protocol and the tricks that make it work so well, neither am I interested in snatching it into another app.
No, I am not a company. This was simply intended for my home network, where I have a small, traffic based cable internet access.

another issue: -> http://www.hawksoft.com/hawkvoice/ hawkvoice
it is released under the gnu public license.
quote from http://www.gnu.org/copyleft/library.html#SEC3:
5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

hmm i hadn't heard of hawkvoice. I might check it out. To be honest im very, very glad that Ts came to linux as it was in real need of that type of software. The decision to stay closed source is valid one, and hopefully the documentation can be of a good enough standard to allow trust to develop.

OH! by the way, about trust of a binary file. Can you put up the MD5 and crc hashes of the files on future releases (please). If trust is to form, got to make sure were all running the right file first, no ?

Originally posted by Brain
another issue: -> http://www.gnu.org/copyleft/library.html#SEC3:


I am not a lawyer and I don't speak legal language, but this sounds as a serios issue.

Originally posted by Brain
another issue: -> http://www.hawksoft.com/hawkvoice/ hawkvoice
it is released under the gnu public license.
quote from http://www.gnu.org/copyleft/library.html#SEC3:


If you actually read the site, the product is released under the LGPL or the library GPL. This allows linking with proprietry software without requiring the software to be licenced under the GPL. For another example of this, glibc is also released under the LGPL and you dont see the source to IBM's DB2 anywhere do you????

Please stop trying to do these people down.

The Brain Murderer
(An unfortunate naming coincidence - no offence is meant Brain :D )

that started to piss me off from beginning...

first they cry,
do a linux client, please please please...

after you did that, they cry,
release source , release source...

after you dont did that, they cry,
you dont follow gpl , you dont here you dont there...
bla bla bla...

cant you pinguins just accept what you got ? i dont think so...
so just let us alone here. you wont get what you want.

fullstop.

Herr Ludwig,

I would like to point out that most of us Linux users are very happy and greatfull with the work you have done for our platform.

There will always be a vocal minority that move from product to product making demands that that they are not entitled to make - please ignore them.

Whilst I agree with some of their motives, their lack of respect for the efforts of others is repulsive. The upsetting thing is that a lot of these "we demand the source" individuals havent actually contributed anything themselves to the community.

To the rest of the people on this thread making the demands - way to go pissing people off - jolly well done indeed.

:mad:

The Brain Murderer

um, ludwig, what post / person are you getting angry at ? - seemed like a sensible mature discussion till that :-/