Timestamps are in GMT/BST.
[0:11] * PraiseChaos (n=kcecil@) Quit (Remote closed the connection)
[0:14] * mike10 (i=root@) has joined #freenet
[0:15] * PraiseChaos (n=kcecil@) has joined #freenet
[0:22] * ShipHead (i=ShipHead@) Quit (Client Quit)
[0:45] * superstraw (n=superstr@) has joined #freenet
[0:47] * superstraw is now known as troythered
[0:47] <troythered> oops i keep forgetting that
[0:56] * troythered (n=superstr@) Quit ("Leaving")
[1:04] * PraiseChaos (n=kcecil@) Quit ("Leaving")
[1:08] * PraiseChaos (n=kcecil@) has joined #freenet
[1:11] * mike10 (i=root@) Quit (Remote closed the connection)
[1:12] * mike10 (i=root@) has joined #freenet
[1:18] * sanity (n=ian@) Quit ()
[1:51] * lionking (n=chatzill@) Quit ("Chatzilla 0.9.75 [Firefox 1.5.0.7/2006090918]")
[1:58] * PraiseChaos (n=kcecil@) Quit (Remote closed the connection)
[2:02] * PraiseChaos (n=kcecil@) has joined #freenet
[2:09] * PraiseChaos (n=kcecil@) Quit (Remote closed the connection)
[2:14] * Urs_ShPo (i=Urs_ShPo@) Quit ("Leaving.")
[2:22] * timmy2chk (n=Vincent@) Quit ("Let me out of here")
[2:27] * CodeBlue (n=codeblue@) has joined #freenet
[2:28] <CodeBlue> Would ANYONE like to swap ref's
[2:43] * phrosty (n=phrosty@) has joined #freenet
[2:44] <CodeBlue> phrosty would you like to swap ref's
[2:47] * BotX (n=10339F52@) has joined #freenet
[2:52] * dermoth (n=dermoth@) has joined #freenet
[2:57] * CodeBlue (n=codeblue@) has left #freenet
[3:13] * BotX (n=10339F52@) Quit (Read error: 104 (Connection reset by peer))
[3:40] * mike10 (i=root@) Quit (Client Quit)
[3:40] * mike10 (i=root@) has joined #freenet
[4:04] * dermoth (n=dermoth@) Quit ("Ex-Chat")
[5:13] * HotTuna (n=robbansw@) Quit (Read error: 110 (Connection timed out))
[5:25] * agsarite (i=agsarite@) Quit (Read error: 104 (Connection reset by peer))
[5:30] * noggly_ (i=noggly@) has joined #freenet
[5:40] * noggly (i=noggly@) Quit (Read error: 110 (Connection timed out))
[6:13] * timmy2chk (n=Vincent@) has joined #freenet
[6:42] * scar (i=scar@) has joined #freenet
[6:45] * scar (i=scar@) Quit (Client Quit)
[6:50] * scar (i=scar@) has joined #freenet
[7:09] * mike10 (i=root@) Quit (Remote closed the connection)
[7:20] <TheSeeker> d'oh. I started downloading my inserts to verify they were retrievable before posting keys... and it seems two of them were corrupted with the 'fetch the manifest instead of the file' bug ... and they were inserted uncompressed, si there's no simple way of just generating the correct key :P
[7:21] <TheSeeker> corrupted 170MB inserts = :(
[7:24] <scar> are there any good underground news sites on freenet
[7:25] * mike10 (i=root@) has joined #freenet
[7:44] * sanity (n=ian@) has joined #freenet
[7:44] * ChanServ sets mode +o sanity
[7:44] * sanity (n=ian@) Quit (Client Quit)
[7:45] * whiterabbit (n=whiterab@) has joined #freenet
[7:53] * sbc (n=sbc@) has joined #freenet
[7:54] * THread4D4 (n=Thread@) Quit ("Leaving")
[8:07] * mike10 (i=root@) Quit (Remote closed the connection)
[8:10] * mike10 (i=root@) has joined #freenet
[8:41] * Mai01 (i=HeidiKoi@) has joined #freenet
[8:45] * dotbeer (n=max@) has joined #freenet
[8:47] <dotbeer> what is the site where I can post references?
[8:48] <Mai01> i just had it open
[8:48] <Mai01> http://refex.s-coding.nl/
[8:48] <Mai01> so you are likely to get my ref :D
[8:48] <dotbeer> cool, I really just needed the site though :]
[8:49] <_ph00> you mean like a pastebin?
[8:49] <_ph00> most ppl here use dark-code.bulix.org
[8:49] <_ph00> some use pastebin.ca
[8:50] <dotbeer> oh yeah, that's the one. Thanks
[9:08] * timmy2chk (n=Vincent@) Quit ("Let me out of here")
[9:14] * tourach (n=tourach@) has joined #freenet
[9:21] * agsarite (i=agsarite@) has joined #freenet
[9:34] * rhni (i=jonasgli@) has joined #freenet
[9:36] * dotbeer (n=max@) Quit ()
[9:39] * _ph00 (n=z@) Quit ("Leaving")
[9:54] * Nico_32 (n=user@) has joined #freenet
[10:01] * Bombe (n=bombe@) Quit (Read error: 110 (Connection timed out))
[10:11] * agsarite (i=agsarite@) Quit (Client Quit)
[10:14] * rhni (i=jonasgli@) Quit (Remote closed the connection)
[10:33] * mike10 (i=root@) Quit (Remote closed the connection)
[10:57] * _ph00 (n=z@) has joined #freenet
[11:02] <Mai01> what was the channel name where you could share connection information with other users?
[11:07] * timmy2chk (n=Vincent@) has joined #freenet
[11:16] * Mai01 (i=HeidiKoi@) Quit ()
[11:22] * phrosty (n=phrosty@) Quit ("baseball is wrong: man with four balls cannot walk.")
[11:43] * Syd2 (n=markus@) has joined #freenet
[11:43] <Syd2> hi
[11:43] <Syd2> is there a way to delete all completed downloads from the queue?
[11:47] <nextgens> Syd2> no
[11:47] * PIFilms (n=PIF@) has joined #freenet
[11:47] <nextgens> Syd2> not on fproxy at least
[11:47] <nextgens> thaw provides such a functionnality
[11:47] <PIFilms> Hello everyone.
[11:47] <nextgens> fproxy has got an "emergency button"
[11:48] <nextgens> but it won't keep non-finished tasks either ;)
[11:50] <Syd2> where is the emergency button?
[11:50] <TheSeeker> Obviously not very well-placed if you can't find it :/
[11:51] <nextgens> there is a config setting for enabling it
[11:51] <Syd2> thx
[11:51] <nextgens> TheSeeker> could you define not well placed ?
[11:51] <nextgens> TheSeeker> it's displayed in red on top of the page
[11:51] <nextgens> what's the problem with that ?
[11:52] <TheSeeker> Hmm, seems the problem is that you have to explicitly enable it to see it.
[11:53] <nextgens> that was the default behaviour until someone complained about that button to be too powerfull
[11:53] * toad_ (n=toad@) has joined #freenet
[11:53] * ChanServ sets mode +o toad_
[11:53] <TheSeeker> heh
[11:53] <nextgens> and displaying a confirmation dialog for an emergency button is really stupid btw
[11:53] <nextgens> hey toad_
[11:54] <TheSeeker> and you can't een see the 'enable panic button' unless you 'enable advanced darkent'
[11:55] <TheSeeker> even, too
[11:55] <nextgens> what's the purpose of such a button?
[11:57] <TheSeeker> apparently to cause confusion and piss people off. ;p
[12:22] * Bombe (n=bombe@) has joined #freenet
[12:22] * ChanServ sets mode +o Bombe
[12:22] * greycat (i=rfc1413@) has joined #freenet
[12:23] <TheSeeker> oh, I'm trying to do a clientput over FCP to getchkonly without compression ... I found the wiki page describing the message, but I get no feedback when using the example modified to use my data ... do path delimiters need to be \\ or / on windows?
[12:27] <TheSeeker> I suppose it would help if I did a watchglobal :P
[12:28] * phrosty (n=phrosty@) has joined #freenet
[13:04] * rtr- (n=rtr@) has joined #freenet
[13:08] * Zothar_Work (n=chatzill@) has joined #freenet
[13:12] <toad_> TheSeeker: panic button is for panicking of course
[13:16] <phrosty> and for crappy movies
[13:16] <nextgens> toad_> would you mind if I was setting up a "specialized" pastebin on emu ?
[13:16] <nextgens> toad_> it seems that several people are having trouble to use a "normal" one
[13:17] <nextgens> maybe we can have our own, with some advices to ease the process
[13:17] <nextgens> or would that be a bad idea as we would have to store the data for some time
[13:17] * rtr-_ (n=rtr@) has joined #freenet
[13:18] <nextgens> and if emu got compromized, it could help harvesting the network ?
[13:25] <sbc> nextgens: How would that be different from harvesting the public pastebins?
[13:27] <nextgens> the purpose is not to gather data
[13:28] <nextgens> the purpose is to provide a new convenient way of exchanging references
[13:28] <nextgens> most people don't understand that they need to send the URL back for their data to be reachable
[13:28] <nextgens> we could put the emphasis on that for instance
[13:29] <nextgens> sbc> but yes, that would be convenient too if we would like to do some kind of statistical analysis too
[13:29] <nextgens> bbiab
[13:30] * rtr- (n=rtr@) Quit (Read error: 110 (Connection timed out))
[13:50] <toad_> nextgens: what is the problem with the normal one?
[13:56] * Ash-Fox (i=UNKNOWN@) Quit (Read error: 104 (Connection reset by peer))
[14:00] * tourach (n=tourach@) has left #freenet
[14:15] * K-roy (i=K-roy@) has joined #freenet
[14:23] <_ph00> <nextgens> most people don't understand that they need to send the URL back for their data to be reachable
[14:23] <_ph00> that's why ppl like me are often on #freenet-refs thoug they don't need refs
[14:23] <_ph00> to help noobs
[14:23] <_ph00> but ok, making it even easier would be nice
[14:48] * StevenH (i=Steve@) has joined #freenet
[14:48] <StevenH> hey
[14:48] <StevenH> what is the board on frost to exchange refs
[14:53] * lordi (n=nospam@) has joined #freenet
[14:54] <lordi> How can i alter my ports, looks like i cant edit the ini file. Can i use two ports. One for tcp and one for udp?
[14:57] * Rez (i=lorez@) Quit (Read error: 104 (Connection reset by peer))
[15:03] <_ph00> # Output Rate: 10.4 KiBps
[15:03] <_ph00> # Input Rate: 6.87 KiBps
[15:03] <_ph00> not so good for a 10Mbit connection and a 400K up 400 down setting...
[15:03] <_ph00> lordi how you can't edit freenet.ini?
[15:04] <lordi> yup
[15:04] <_ph00> did you try stop freenet => edit => start ?
[15:04] <lordi> _ph00 Can i use multiple ports?
[15:04] * Bombe (n=bombe@) Quit (Read error: 110 (Connection timed out))
[15:04] <_ph00> nope
[15:04] <_ph00> one freenet install, one port AFAIK
[15:04] <lordi> and i must use both tcp and udp?
[15:05] <_ph00> udp only
[15:05] <lordi> ahh ok
[15:05] <_ph00> freenet uses UDP
[15:05] <_ph00> not tcp
[15:09] * Rez (i=lorez@) has joined #freenet
[15:11] <lordi> ahh thanx
[15:11] <lordi> fixed my problem
[15:19] * FooDerGrosse (n=kevin@) has joined #freenet
[15:24] <lordi> i think
[15:27] * rhni (i=bla@) has joined #freenet
[15:42] * hjubal (n=hjubal@) has joined #freenet
[15:42] * FooDerGrosse (n=kevin@) Quit (Nick collision from services.)
[15:43] * FooDerGrosse (n=kevin@) has joined #freenet
[15:48] * Urs_ShPo (n=gaim@) has joined #freenet
[15:53] * sbc (n=sbc@) Quit ("Leaving")
[16:00] * rhni (i=bla@) Quit (Remote closed the connection)
[16:05] * rhni (i=bla@) has joined #freenet
[16:15] * FooDerGrosse (n=kevin@) Quit ("http://www.piratenpartei.de")
[16:15] * Urs_ShPo (n=gaim@) Quit ("Leaving.")
[16:16] * datorer (n=user@) has joined #freenet
[16:20] <_ph00> frost problem (again)
[16:21] <_ph00> I already hard this twice, but I don??t know what to suggest:
[16:21] <_ph00> the node is running, nothing is using the frost port, yet frost can't connect to the node
[16:22] <_ph00> what could be the problem?
[16:27] * FooDerGrosse (n=kevin@) has joined #freenet
[16:39] * BotX (n=10339F52@) has joined #freenet
[16:39] <BotX> is there anyone out there who knows the ins and outs of Frost?
[16:43] * BotX (n=10339F52@) has left #freenet
[16:44] * BotX (n=10339F52@) has joined #freenet
[16:48] * datorer (n=user@) has left #freenet
[16:59] * johnwest (n=123@) has joined #freenet
[16:59] * lordi (n=nospam@) Quit (Read error: 104 (Connection reset by peer))
[17:00] <johnwest> anyone has an idea why my frost seems not to be working?
[17:00] * rhni (i=bla@) Quit (Remote closed the connection)
[17:01] <BotX> whats the error?
[17:01] <PIFilms> Error for me is, can;'t connect to node.
[17:02] <johnwest> don't know but nothing happens when i am searching for messages from the last 60 days
[17:02] <johnwest> frost is loading perfectly no errors
[17:02] <BotX> could be a bug
[17:03] <PIFilms> I got it to load once, left it up 18 hours... bot a single message to view.
[17:03] <johnwest> i even added my old boards
[17:04] <BotX> if i could get mine 2 work, then I could better figure out teh prob
[17:05] <_ph00> what version of freenet are you guys running?
[17:05] <_ph00> I mean the r
[17:05] <johnwest> 0.7
[17:05] <johnwest> i mean 7.0
[17:05] <_ph00> as in version 991 rxxxxx
[17:05] <BotX> l8st and gr8st
[17:05] <johnwest> i just dl it half an hour ago
[17:05] <_ph00> yeah OK
[17:06] <_ph00> but that's not what I was talking about
[17:06] <BotX> v 991
[17:06] <johnwest> ok what do you mean then
[17:07] <johnwest> i think it's 991
[17:07] <BotX> i know what my problem is. i use Win64 and i gotta get it to point correctly to the location javaw is in
[17:09] <PIFilms> ph00, 991 newest.
[17:10] <_ph00> Freenet 0.7 Build #991 r10660
[17:10] <_ph00> in fproxy homepage
[17:11] <_ph00> now, I'm running r10660 but there are newer udates
[17:11] <_ph00> maybe the frost problem is there
[17:11] <_ph00> if all of you that are haveing frost problem are running the same r and it's different from mine, maybe the problem is there
[17:11] <_ph00> (and maybe not)
[17:11] <_ph00> just a wild guess
[17:13] <PIFilms> I have r10660.
[17:14] <_ph00> hm
[17:14] <_ph00> like me
[17:14] <_ph00> and you do have that frost problem
[17:14] <_ph00> OK
[17:14] <_ph00> so that was not it
[17:16] <PIFilms> A good suggestion, though.
[17:16] <johnwest> Freenet 0.7 Build #991 r10660
[17:16] <johnwest> Freenet-ext Build #6 r10078
[17:16] <johnwest> my version
[17:16] * Bombe (n=bombe@) has joined #freenet
[17:16] * ChanServ sets mode +o Bombe
[17:18] <PIFilms> Johnwest, identical to mine, and I can't make frost do much of anything either.
[17:18] <CIA-14> jflesch * r10709 /trunk/apps/Thaw/src/thaw/plugins/index/IndexTree.java: Fix ClassCastException when adding an index
[17:18] * timmy2chk (n=Vincent@) Quit (Read error: 145 (Connection timed out))
[17:19] <johnwest> i am starting to hate this program
[17:22] * sanity (n=ian@) has joined #freenet
[17:22] * ChanServ sets mode +o sanity
[17:24] * johnwest (n=123@) Quit ()
[17:25] * nicola (n=nicola@) has joined #freenet
[17:27] * BotX (n=10339F52@) has left #freenet
[17:29] * rhni (i=bla@) has joined #freenet
[17:31] * Caco_Patane (n=caco@) has joined #freenet
[17:31] <Caco_Patane> Buenas...
[17:31] <Caco_Patane> I'm back, with my node up and running!
[17:32] <nicola> can you give me your reference?
[17:33] <nicola> does someone know the references of freenet's nodes which are always online?
[17:34] * Jflesch (n=jflesch@) Quit (Remote closed the connection)
[17:34] <nicola> because I never have 3 peers connect and so I cannot use freenet very well as I want
[17:34] <nicola> thank
[17:36] <Caco_Patane> nicola, have you tried #freenet-refs
[17:37] <nicola> oh sorry
[17:37] <Caco_Patane> there you will find people instrested in exchanging refs
[17:38] <nicola> I think I made a mistake
[17:38] <Caco_Patane> no worries
[17:40] <nicola> I'll try to find to exchange my refs
[17:40] <nicola> bye
[17:41] * hjubal (n=hjubal@) Quit ("..3 2 1 ???check inignition and may God's love be with you???..")
[17:41] * hjubal (n=hjubal@) has joined #freenet
[17:43] * sandos (n=sandos@) has joined #freenet
[17:43] <_ph00> did you reinstall the node or fixed the old one
[17:43] <_ph00> caco
[17:44] <Caco_Patane> reinstall and then copied/adapted confs
[17:44] <Caco_Patane> cache, datastore, tempfiles, etc
[17:44] <_ph00> k
[17:44] <Caco_Patane> my ref still the same
[17:44] <_ph00> so basicaly upgraded the old one
[17:46] <Caco_Patane> yes
[17:46] <Caco_Patane> very happy that it work out
[17:46] <_ph00> k
[17:46] <Caco_Patane> i have your old ref
[17:47] <_ph00> it's not that any more
[17:47] <_ph00> you can delete it
[17:47] <Caco_Patane> uh, ok
[17:47] <_ph00> wait I'll pvt msg you
[17:47] <Caco_Patane> yeah, i was about to suggest that
[17:49] * FooDerGrosse (n=kevin@) Quit ("http://www.piratenpartei.de")
[17:49] <Caco_Patane> oh, _ph00
[17:49] * nicola (n=nicola@) has left #freenet
[17:50] <Caco_Patane> the f*cking floor protection of this irc client ignore you =/
[17:50] * Caco_Patane (n=caco@) Quit ("BitchX: better than a penis enlargement!")
[17:50] * Caco_Patane (n=caco@) has joined #freenet
[17:55] <_ph00> Caco_Patane: where's your ref?
[17:58] <_ph00> Caco_Patane I'm gonna be off for a while, you cane give me your ref later
[17:58] <_ph00> or send them to ph00 at hush.ai
[17:59] * _ph00 (n=z@) Quit ("Leaving")
[17:59] * rhni (i=bla@) Quit (Remote closed the connection)
[17:59] * sandos (n=sandos@) Quit (Read error: 104 (Connection reset by peer))
[18:08] * rhni (i=bla@) has joined #freenet
[18:22] * FooDerGrosse (n=kevin@) has joined #freenet
[18:26] * rhni (i=bla@) Quit (Client Quit)
[18:32] * rhni (i=bla@) has joined #freenet
[18:36] * timmy2chk (n=Vincent@) has joined #freenet
[18:42] * railk (n=railk@) has joined #freenet
[18:54] * Nico_32 (n=user@) Quit ("Fatal Error: connection to brain lost !")
[19:16] * MikeW (n=em@) has joined #freenet
[19:26] * FooDerGrosse (n=kevin@) Quit ("http://www.piratenpartei.de")
[19:27] * Urs_ShPo (i=Urs_ShPo@) has joined #freenet
[19:32] * lordi (n=nospam@) has joined #freenet
[19:32] <lordi> I have one outstanding alert....
[19:33] <lordi> Unknown external address
[19:42] * phrosty (n=phrosty@) Quit ("baseball is wrong: man with four balls cannot walk.")
[19:48] <lordi> problem fixed
[19:57] * greycat (i=rfc1413@) Quit (Remote closed the connection)
[19:57] * greycat_ (i=rfc1413@) has joined #freenet
[19:57] * greycat_ is now known as greycat
[20:00] * whiterabbit (n=whiterab@) Quit ("KVIrc 3.2.5 Anomalies http://www.kvirc.net/")
[20:01] * blibbet (n=blibbet_@) has joined #freenet
[20:02] * lagedru1 (n=walter@) has joined #freenet
[20:03] * rhni (i=bla@) Quit (Client Quit)
[20:04] * rhni (i=bla@) has joined #freenet
[20:19] * mogul69_ (i=bla@) has joined #freenet
[20:22] * hjubal (n=hjubal@) Quit ("quit")
[20:22] * hjubal (n=hjubal@) has joined #freenet
[20:23] * rhni (i=bla@) Quit (Client Quit)
[20:25] * mogul69_ (i=bla@) Quit (Remote closed the connection)
[20:25] * toad_ (n=toad@) Quit (Remote closed the connection)
[20:28] * rhni (i=bla@) has joined #freenet
[20:29] * jez9999 (i=virtua@) has joined #freenet
[20:30] * volkris (n=chatzill@) has joined #freenet
[20:33] <jez9999> Is there any information around about the proposed Freenet idea of hiding other traffic in http traffic? I can't seem to find any.
[20:33] * greycat (i=rfc1413@) Quit (Remote closed the connection)
[20:33] * greycat (i=rfc1413@) has joined #freenet
[20:33] * toad_ (n=toad@) has joined #freenet
[20:33] * ChanServ sets mode +o toad_
[20:36] <toad_> rehi folk
[20:38] * greycat (i=rfc1413@) Quit ("This time the bullet cold rocked ya / A yellow ribbon instead of a swastika")
[20:42] * ShipHead (i=ShipHead@) has joined #freenet
[20:42] * rhni (i=bla@) Quit (Remote closed the connection)
[20:43] * rhni (i=bla@) has joined #freenet
[20:47] * Caco_Patane (n=caco@) Quit ("ay")
[20:48] * railk (n=railk@) Quit ("Cya, wouldn't want ta be ya!")
[20:48] * Burning (n=10339F52@) has joined #freenet
[20:49] <Burning> like what?
[20:50] * rhni (i=bla@) Quit (Remote closed the connection)
[20:52] <Burning> spies? here? i knew that already
[20:53] <toad_> huh?
[20:54] <Burning> some guy on the refs channel was talking about govt spies on this channel
[20:54] <toad_> heh
[20:54] <toad_> government presence on freenet at this point would be absurdly proactive
[20:55] <Burning> gee. my ip should be flagged in some top secret server that i don't know about.
[20:55] <toad_> hehe
[20:55] <toad_> this channel is logged !
[20:55] * Binlaza (n=Blain-B@) has joined #freenet
[20:55] <toad_> by us, by the NSA, and by the chinese :)
[20:56] <Burning> a ****ing trifecta
[20:56] <Burning> :)
[20:58] <volkris> No, that's not what I said. codeblue1 pointed out that trading refs anonymously on the refs channel reduces anonymity somewhat
[20:58] <toad_> not anonymously in the refs channel
[20:58] <toad_> that's the point
[20:59] <toad_> randomly perhaps, but not anonymously
[20:59] * rhni (i=bla@) has joined #freenet
[21:00] <Burning> is there such thing as true anonymity?
[21:00] * Burning is now known as BurningCrusade
[21:08] * BurningCrusade (n=10339F52@) has left #freenet
[21:13] <nextgens> ssl certificates have expired on emu
[21:13] <nextgens> I'll regenerate new ones soon
[21:13] <nextgens> later tonight, maybe tomorrow
[21:14] <toad_> cool
[21:14] <toad_> can you sign the new one with the old one to allow for transparent migration?
[21:15] <nextgens> better than that, we have a CA
[21:15] <nextgens> https://emu.freenetproject.org/freenet.pem
[21:15] <nextgens> but the problem is most clients won't be able to handle it
[21:16] <toad_> huh?
[21:17] <nextgens> most users aren't aware of the CA
[21:17] <nextgens> and haven't set it as a trusted authority
[21:17] <toad_> right
[21:17] <nextgens> meaning that the client software is gonna complain and tell that certificate is new
[21:17] <toad_> not much we can do about that
[21:18] <nextgens> indeed :|
[21:18] * nextgens sets mode +v rhni
[21:18] <toad_> short of spending $200/annum on a real cert
[21:18] <nextgens> rhni> go ahead
[21:18] <nextgens> toad_> I'm not keen on the idea of having "signed" SSL certs
[21:19] <nextgens> have you read the news^wtroll on /. ?
[21:19] <toad_> nextgens: no
[21:19] <toad_> nextgens: hmm?
[21:19] <toad_> nextgens: hmmm1 and hmm2?
[21:19] <toad_> is it possible that there is some sort of systematic bias in favour of the cache against the store?
[21:20] <toad_> one possibility is that the store retains junk for much longer than the cache does
[21:20] <nextgens> http://it.slashdot.org/article.pl?sid=06/10/25/2046225
[21:20] <toad_> another is that we don't cache everything we should - maybe jusa is right
[21:20] <nextgens> " Extended Validation SSL, More Secure or Just a Racket?"
[21:21] <toad_> a third is that because the cache will see more keys - because it is higher throughput - it will get more hits; does that make sense? i'm not sure it does ...
[21:23] <toad_> According to Verisign product marketing director Tim Callan, the "loose
[21:23] <toad_> collection of technoanarchists" which make up the open source
[21:23] <toad_> development community has frustrated efforts to build new security
[21:23] <toad_> features into its new browser.
[21:23] <toad_> hah
[21:23] * _ph00 (n=z@) has joined #freenet
[21:23] * nextgens thinks that they aren't doing their jobs
[21:23] <toad_> hmmm
[21:24] * toad_ reads between the lines ... uh oh ...
[21:24] <nextgens> a CA ought to do the "Extended validation"
[21:24] <nextgens> that's what they are paid for!
[21:24] <nextgens> I aggree with Moz's dev. team
[21:24] <toad_> nextgens: extended validation + TCPA = really bad news
[21:25] <nextgens> I'm not sure about that
[21:25] <toad_> "You are about to send your credit card number to a site which is not Microsoft Certified Secure. Do you really, really want to do this?"
[21:25] <nextgens> powerfull technologies can always lead to abuses
[21:25] <nextgens> whether they will or not depends on men
[21:26] <toad_> sure
[21:26] <toad_> but some larger structures incorporating technology and people are designed to be evil
[21:26] <nextgens> they could be damned cool too
[21:26] <nextgens> voting from home,
[21:26] <nextgens> paying on Internet "securely"
[21:26] <toad_> THE reason for TCPA is for Microsoft to abuse its monopoly further and destroy linux
[21:27] <nextgens> it's not as simple as that
[21:27] <nextgens> part of the reason is probably to enforce DRMs
[21:27] <toad_> nextgens: you can only vote from home / pay securely on the internet / buy movies online if you run a certified OS. to get an OS certified costs $100M...
[21:27] <toad_> well of course
[21:27] <toad_> that's all part and parcel of the vision
[21:27] <toad_> turning the PC into a general entertainment device as opposed to a universal computer
[21:28] <toad_> but they'll need more than that for DRM - they'll need remote deletion
[21:28] <toad_> okay I have no idea how much certification would cost, because I don't think such structures have been set up yet; but they will be
[21:28] * nextgens doesn't think so
[21:28] <toad_> we'll see
[21:28] <MineHaunter> remote deactivation will suffice
[21:29] <toad_> I know the distributed computing folk would like TCPA
[21:29] * timmy2chk (n=Vincent@) Quit ("Let me out of here")
[21:29] <toad_> frankly I wouldn't run windows if it was necessary for me to vote online
[21:29] * PraiseChaos (n=kcecil@) has joined #freenet
[21:29] <toad_> I'd go down the polling station and vote the old-fashioned way
[21:29] <_ph00> right
[21:29] <toad_> and if they take that away, then I'd be deeply skeptical as to the legitimacy of the elected government
[21:30] <toad_> buying stuff online we can do now
[21:30] <_ph00> I'm already skeptincal about that
[21:30] <toad_> it's insecure but it's no more insecure than paying by credit card in a supermarket
[21:30] <toad_> well, a restaurant
[21:30] <toad_> or a small shop
[21:31] <nextgens> you're wrong here :)
[21:31] <toad_> anyway, the point is this: what happens when you can only send e-mail from a Certified Secure operating system?
[21:31] <_ph00> how do you explain that the same assholes get elected eah time though everybodu hates them, and a lot of people whou could do good are never allowed to go anything bigger than smalltown local politics?
[21:31] * lagedru1 (n=walter@) has left #freenet
[21:31] <nextgens> in France it's more secure to pay in a shop
[21:31] <toad_> nextgens: how so?
[21:32] <toad_> nextgens: TCPA will not stop people running insecure operating systems
[21:32] <nextgens> in order to get paid you've to register your "paying device" into a nationnal database
[21:32] <_ph00> secure or not, all your transcation can be tracked, and the thought of that is really annoying: I use good old cash
[21:32] <nextgens> and you can know for sure who you've just paid
[21:33] <nextgens> and find him afterwards if he is not honnest
[21:33] <toad_> nextgens: hmmm, interesting
[21:33] <nextgens> whereas when you pay on the internet, you can't catch the guy
[21:33] <toad_> nextgens: is that chip&pin?
[21:33] <nextgens> yes
[21:33] <nextgens> there is a chip on the card
[21:33] <toad_> nextgens: in what way does TCPA substitute for good protocol design for e-commerce?
[21:33] <nextgens> and to access it you've to issue a pin
[21:33] <nextgens> it doesn't
[21:34] <nextgens> well, in france the terminal could be hacked too
[21:34] <toad_> I admit that the protocol design at present is pretty rubbish
[21:34] <toad_> nextgens: right, just like a PC could be hacked... is it significantly harder to hack the terminal?
[21:34] <nextgens> the problem is more fondamental than that :
[21:34] <nextgens> you issue the pin to unlock the chip ...
[21:35] <nextgens> but do you know what for ? :)
[21:35] <toad_> i thought the terminal was supposed to be a secure registered device?
[21:35] <nextgens> can your card know what operation will be made with the private key ?
[21:35] <nextgens> it's supposed to be
[21:35] * nextgens has to go
[21:35] <nextgens> bbiab
[21:35] <nextgens> maybe tomorrow
[21:36] <toad_> cya
[21:36] <toad_> you're still wrong, TCPA will bring nothing but misery and a few cool toys
[21:36] <toad_> but cya :)
[21:38] <_ph00> I have a system to make "safe" payments on the internet: I have a visa card without credit, only linked to a bank account, but no money on that account. the money is elsewhere. Then I move the amount of money I need from my real account to the visa-linked account using internet home banking, and then I make my payment with the visa. If a bad guy gets my visa number or someting, he won't find any money on the account anyway, and that visa has no cre
[21:38] <_ph00> dit. (OK the discussion was about computing and stuff, but I said that anyway because most people won't use internet payments as 'unsafe', which they are, but there's an easy way around)
[21:39] <toad_> so you have a visa debit on an account with no overdraft ... got it
[21:39] * blibbet (n=blibbet_@) Quit (":q!")
[21:39] * toad_ sees
[21:39] <_ph00> a visa that can't exceed what is on the bank account
[21:39] <_ph00> no money on the account = useless visa
[21:39] <_ph00> I transfer, pay, and presto! no money again
[21:40] <_ph00> so the bad guy gets an useless visa number
[21:40] <_ph00> :P
[21:40] <toad_> :)
[21:40] <toad_> but is it worth the effort?
[21:40] <_ph00> no big effort, all you need is having two bank accounts intead of one
[21:41] <_ph00> and I don't really know if it's worth it: I never had any problem, but I don't know whether that's because of my system or because no one tries
[21:41] <_ph00> tried*
[21:44] * lionking (n=chatzill@) has joined #freenet
[21:45] <_ph00> weren't bots banned from #freenet-refs?
[21:46] * lionking (n=chatzill@) Quit (Client Quit)
[21:48] <toad_> you mean reference bots?
[21:49] <rhni> g
[21:49] <toad_> h
[21:50] <rhni> and the boogie man
[21:50] * Jflesch (n=jflesch@) has joined #freenet
[21:53] <_ph00> yeah reference bots
[21:53] <_ph00> I thought those were banned
[21:54] <_ph00> now there's one on line ...or someone posing as a bot. I don't know, I haven't watched it long enough (just a couple of msgs)
[21:56] * Binlaza (n=Blain-B@) Quit ()
[21:59] * Urs_ShPo (i=Urs_ShPo@) Quit ("Leaving.")
[22:04] * Urs_ShPo (i=Urs_ShPo@) has joined #freenet
[22:08] <toad_> nextgens: i try to attach a .bmp to a bug and MANTIS produces an "Application Error"
[22:24] <jez9999> Is there any information around about the proposed Freenet idea of hiding other traffic in http traffic? I can't seem to find any.
[22:27] <MineHaunter> jez9999: I don't think there is such information, the feature you are talking about is not planned for this version of freenet
[22:28] <MineHaunter> I think it's something like "We may even do that, in some future"
[22:29] <rhni> Running Freenet 0.7...
[22:29] <rhni> wrapper | --> Wrapper Started as Console
[22:29] <rhni> wrapper | Launching a JVM...
[22:29] <rhni> jvm 1 | wrapper | Unable to start JVM: No such file or directory (2)
[22:29] <rhni> wrapper | JVM exited while loading the application.
[22:29] <rhni> ups
[22:29] <rhni> sorry
[22:30] <jez9999> MineHaunter: but i'm just interested in the very concept
[22:30] <jez9999> you know, the vague idea
[22:30] <jez9999> the fact that you respond to it indicates that it's out there, isn't there something written on it?
[22:31] <MineHaunter> maybe I read something some time ago but I don't remember
[22:31] <MineHaunter> it wasn't a whitepaper tho, only a "We may even do that, in some future" iirc :)
[22:31] <jez9999> hmm
[22:31] <jez9999> well maybe you could comment on my idea
[22:31] <jez9999> client A wants to chat to client B, secretly
[22:32] <rhni> why is my freenet.ini file always empty?
[22:32] <jez9999> to send a message to client B, client A sends an HTTP POST request, with some text (say, grabbed from Project Gutenburg) containing a stegonographically encoded message
[22:32] <jez9999> to indicate acknowledgement, client B returns a webpage with some text (again say from project Gutenburg)
[22:33] <jez9999> decent idea for hiding messages?
[22:33] <rhni> freenet is always terminating itself
[22:33] <rhni> and i dont know why
[22:33] <rhni> the ini file is empty
[22:34] <jez9999> MineHaunter: was the above idea something like what Freenet had in mind?
[22:34] <MineHaunter> rhni: the installer failed or your ini file got corrupt
[22:34] <MineHaunter> jez9999: any steganography algorithm to work must be unknown to an attacker
[22:34] <MineHaunter> jez9999: since freenet is open source this is not possible
[22:34] <rhni> i have to use the tar.gz file because i have no X server installed
[22:34] <MineHaunter> jez9999: it would only be useful in fooling automated systems, like routers
[22:34] <jez9999> MineHaunter: i dont see how Freenet intended to improve on that idea?
[22:36] <jez9999> MineHaunter: although it could technically be intercepted, i'm thinking along the lines of Great Firewall of China. The processing power involved in trying to decrypt all HTTP traffic for stegonographic messgaes would be overwhelming.
[22:36] <jez9999> i'm not really saying it should stand up to a concentrated middle-man attack
[22:36] <rhni> can nobody help?
[22:39] <MineHaunter> rhni: you must get a valid freenet.ini - don't know how to do that but using the installer
[22:39] <MineHaunter> rhni: there could be another way but I don't know how
[22:39] <jez9999> MineHaunter: wouldn't it?
[22:39] * hjubal (n=hjubal@) Quit ("..3 2 1 ???check inignition and may God's love be with you???..")
[22:41] <MineHaunter> jez9999: your assumption that decoding steganographic encrypted data would involve great processing power is wrong
[22:41] <MineHaunter> jez9999: once you know the algorithm used it is trivial
[22:41] <toad_> there may be viable steganography algorithms
[22:41] <toad_> which require significant processing power to identify
[22:42] <toad_> e.g. if you're hiding in validly formatted VoIP streams
[22:42] <jez9999> even if each message was megabytes in size (including image MIME data) and considering the amount of HTTP traffic to/from China?
[22:42] <toad_> right now, the chinese firewall is a stateless packet filter
[22:43] <toad_> there is not only no traffic flow analysis, there is no connection tracking even
[22:43] <toad_> if you ignore RSTs you can bypass most of it
[22:43] <toad_> as long as you're directly connected and your ISP doesn't have extra hardware
[22:43] <jez9999> i'm looking for a material for a final year university project :-)
[22:43] <toad_> freenet 0.7 traffic is designed to look random
[22:43] <jez9999> it's virtually impossible to find a problem in IT that hasn't basically been solved
[22:43] <jez9999> heh
[22:43] <toad_> the intention is that later on we can wrap it in some steganography
[22:44] <toad_> jez9999: "find a working steganography algorithm" is a good one
[22:44] <jez9999> huh?
[22:44] <toad_> i.e. one that cannot easily be identified
[22:44] <jez9999> heh
[22:44] <jez9999> just the rest of the world against me on that one
[22:44] <toad_> one for which we can quantify the effort required to identify it without the key
[22:45] <jez9999> yeah but you could say you have to assume the middleman will have the key too
[22:45] <jez9999> they're intercepting all traffic
[22:45] <toad_> no
[22:45] <jez9999> that pretty much renders steganography impossible once they've discovered you're doing it :-)
[22:45] <toad_> they won't have the key any more than they have it for your encryption
[22:46] <jez9999> you have to assume the receiver has a key that they don't
[22:46] <toad_> jez9999: you have two big threats. one is traffic flow analysis. defeating that is hard. all you can do is parasitic stuff (piggyback on VoIP etc), or stuff that's hard to surveil at the link layer
[22:46] <toad_> the other one is analysing the actual data
[22:47] <toad_> if to identify that it's bogus from the data requires 1) to decode a VoIP stream, and 2) to run some stats on it, then practically speaking very few firewalls will be capable of that
[22:47] <toad_> you can quantify the cost, more or less
[22:47] * rhni (i=bla@) Quit ()
[22:47] <toad_> jez9999: ummm, ever hear of public key encryption ?
[22:47] <MineHaunter> toad_: but the current fnp data does look totally random, doesn't it?
[22:47] <toad_> MineHaunter: right
[22:47] <jez9999> toad: aren't most internet protocols hard to surveil at the link layer?
[22:47] <toad_> MineHaunter: which means that the current chinese firewall can't easily block it
[22:48] <toad_> jez9999: no
[22:48] <toad_> jez9999: you know HTTP? GET <blah> HTTP/1.0 ...
[22:48] <jez9999> you're talking about the data link layer arent you?
[22:48] <toad_> most VoIP is unencrypted, but Skype is encrypted
[22:48] <toad_> jez9999: sorry yes
[22:48] <toad_> Skype would be a good carrier
[22:48] <jez9999> in that case, i thought packets were still broken up at that point
[22:49] <toad_> but we'd have to reverse engineer it
[22:49] <jez9999> that's level 2 switch territory
[22:49] <toad_> jez9999: hmmm
[22:49] <toad_> jez9999: I mean the actual application protocol stream
[22:49] <toad_> the thing that runs over TCP or UDP
[22:49] <toad_> is pretty easy to read
[22:49] <jez9999> i'm thinking the OSI model
[22:49] <toad_> reassembling TCP streams is pretty easy too
[22:49] <jez9999> the data link layer is one step up from the physical layer
[22:50] <toad_> well, i'm talking about something like layer 5 or 6
[22:50] <MineHaunter> anyway, no one but china still uses stateless packet filters
[22:50] <toad_> the one above TCP and below presentation
[22:50] <jez9999> dunno why you called it the link layer then
[22:50] <toad_> the link between the two applications :)
[22:50] <jez9999> application layer? :-)
[22:50] <toad_> well above TCP and below application
[22:51] <jez9999> presentation technically, but it's usually built into an application
[22:51] <MineHaunter> the OSI model is only a generic model
[22:51] <toad_> okay, so presentation = sockets?
[22:51] <jez9999> nope
[22:51] <toad_> where's sockets?
[22:52] <MineHaunter> jez9999: many network implementations mix two or more layers
[22:52] <MineHaunter> sockets are layer 3 but should be at 4
[22:52] <jez9999> you mean ports?
[22:52] <MineHaunter> because TCP and UDP use the underlaying layer 3 (IP)
[22:52] <toad_> jez9999: no, i mean the API from the kernel to the application
[22:52] <toad_> okay, so ethernet is layer 2, TCP is layer 3, sockets are layer 4, HTTP is layer 5 ?
[22:53] <toad_> roughly?
[22:53] <MineHaunter> roughly :)
[22:53] <jez9999> ethernet is layer 1
[22:53] <toad_> yeah
[22:53] <jez9999> well 1 and 2
[22:53] <toad_> ethernet is 1, IP is 2
[22:53] <MineHaunter> yeah MAC is 1&2
[22:53] <toad_> hmmm so where is IP? TCP is above IP
[22:54] <jez9999> IP is layer 3
[22:54] <jez9999> TCP layer 4
[22:55] <toad_> so HTTP would probably be layer 5?
[22:55] <toad_> along with FNP, and all the other P's?
[22:55] <jez9999> i'd say HTTP is layer 7
[22:56] <toad_> anyway, for steganography, we're operating at the level of HTTP, FTP, SIP, etc
[22:56] <toad_> jez9999: so 5 and 6?
[22:56] <jez9999> that's the highest layer, basically
[22:56] <CIA-14> jflesch * r10710 /trunk/apps/Thaw/src/thaw/ (core/PluginManager.java plugins/index/Index.java): Remove try {} catch(NPE) from PluginManager
[22:57] <jez9999> that's what the application sees at the end of the protocol stack
[22:57] <MineHaunter> technically tcp is at the session level (5) iirc
[22:57] <toad_> well the application would probably see sockets
[22:57] <toad_> so it doesn't see HTTP
[22:57] <toad_> unless it uses a library
[22:57] <toad_> it implements HTTP itself
[22:57] <jez9999> TCP is layer 4
[22:57] <jez9999> transport
[22:58] <jez9999> hence 'transport control protocol'
[22:58] <MineHaunter> yeah you're right
[22:58] <jez9999> toad_: HTTP is a level 7 protocol
[22:58] <jez9999> so it has to implement it itself
[22:58] <jez9999> it's an application of TCP/IP basically
[22:59] <jez9999> i'm thinking analysis of HTTP data would be difficult
[22:59] <jez9999> that was my idea
[23:00] <toad_> well for stego
[23:00] <toad_> if you can figure a way to make analysing HTTP difficult that would be really really cool
[23:00] <toad_> i'm not convinced it's feasible
[23:00] <jez9999> how do you mean analysing, though
[23:00] <jez9999> you mean the layer 7 data
[23:00] <toad_> if you have to transfer data both ways, then that will give you away
[23:00] <jez9999> or the frequency of connections?
[23:00] <toad_> traffic flow analysis will give you away anyway
[23:00] <jez9999> toad_: depends. POSTs happen on HTTP all the time
[23:01] <MineHaunter> jez9999: not bidirectional :)
[23:01] <toad_> long lived bidirectional connections, shifting data constantly both ways, between two domestic connections, repeated in a spider web
[23:01] * StevenH (i=Steve@) Quit ()
[23:01] <jez9999> yes, traffic flow analysis is much easier because it's operating at a much lower layer
[23:01] <MineHaunter> usually a web server does not post data to a client machine :P
[23:01] <jez9999> IP
[23:01] <toad_> but you have to do flow analysis; you have to do stats etc
[23:01] <jez9999> no
[23:01] <jez9999> TCP
[23:01] <jez9999> TCP is where ports are implemented (i think!)
[23:01] <jez9999> significantly easier to sniff out port 80 tyraffic
[23:01] <jez9999> *traffic
[23:02] <toad_> if you're just talking about making it impossible to identify the traffic via recognizing predictable bytes in a packet, then that may be feasible
[23:02] <toad_> although in the case of HTTP, I'm not sure
[23:02] <toad_> of course hiding FNP in SSL is easy if you assume no flow analysis
[23:03] <toad_> SSH is even better, though SSH is rare enough that it might be blocked by domestic ISPs in a hostile regime
[23:03] <jez9999> SSH? that's encrypted
[23:03] <jez9999> i'm assuming a regime that blocks all ostensively encrypted traffic
[23:03] <toad_> with flow/network/timing analysis, you're basically screwed with most things; even games won't work, because they rely on a central server
[23:03] <toad_> jez9999: not possible
[23:03] <toad_> jez9999: but it's possible for them to block SSH, sure
[23:03] <toad_> it's not really possible for them to block SSL
[23:03] <jez9999> i was thinking of starting with a stegonographic implementation, then maybe embedding encryption into the steganography
[23:03] <MineHaunter> anyway if you look for long lived connection with high bidirectional traffic you can easily map p2p users, among which there are freenet nodes
[23:04] <toad_> if they want to do business with the world, they have to allow SSL
[23:04] <jez9999> extremely difficult to decrypt or eve detect, except of course for traffic flow analysis :-)
[23:04] <jez9999> toad: they can block any non-recognised protocol
[23:04] <toad_> jez9999: well, how do you do it?
[23:04] * MikeW (n=em@) Quit ()
[23:04] <jez9999> toad_: there are already stegonographic algorithms that embed text into text
[23:05] <toad_> jez9999: parsing every protocol, or funneling it through an application layer transparent proxy, is expensive, but if you assume that, what can you do?
[23:05] <jez9999> implement that in an HTTP POST request, basically
[23:05] <jez9999> if you assume that, nothing
[23:05] <toad_> jez9999: sure, but what about the filenames?
[23:05] <jez9999> filenames?
[23:05] <toad_> jez9999: at the trivial level, you could run a web server which normally serves your homepage, but if you send the magic key, it upgrades to an FNP connection :)
[23:05] <toad_> jez9999: HTTP POST or GET requests require filenames
[23:05] <jez9999> they do?
[23:06] <toad_> jez9999: how do you propose to synthesize filenames for the operations which are not predictable?
[23:06] <toad_> jez9999: yes, it's GET /index.html HTTP/1.0\n\n etc
[23:06] <MineHaunter> 10K POSTs in an hour with random data to the same URI would be suspect even to a newbie :)
[23:06] <jez9999> toad_: the same way i propose to synthesize the pages
[23:06] <jez9999> a custom textfile on the sender's machine fuelled by eg. Project Gutenburg
[23:06] <jez9999> MineHaunter: i'm thinking of implementing this in a little IM client :-)
[23:07] <toad_> MineHaunter: yeah, if they're sending it through a transparent HTTP proxy anyway, they can do stats fairly easily
[23:07] <jez9999> not freenet
[23:07] <MineHaunter> then it should not be a big problem :)
[23:07] <toad_> jez9999: so you pick random words and append them together with randomly placed slashes and WikiCaps ?
[23:07] <jez9999> slashes would be too obvious
[23:07] <toad_> no, but you'll spend ages sorting out UP&P and all that crap :(
[23:08] <jez9999> there're better stego algorithms
[23:08] <jez9999> UP&P?
[23:08] <toad_> jez9999: it needs to look like a filename
[23:08] <toad_> jez9999: you can't assume your user isn't running a domestic NAT
[23:08] <toad_> jez9999: because 99.9% of them are
[23:08] <toad_> which complicates implementation significantly
[23:08] <jez9999> toad_: for the purposes of a university project, i think i can
[23:08] <toad_> okay..
[23:09] <toad_> well, stats on filenames are reasonably easy
[23:09] <jez9999> an alternative would be to keep one HTTP connection open a very long time
[23:09] <toad_> jez9999: with only one request?
[23:09] <jez9999> that would only require one party not to be NATted and stop the easy traffic analysis
[23:09] <MineHaunter> toad_: you can make multiple request on an http 1.1 conn
[23:09] <jez9999> in traditional http that does restrict it to one way traffic, though
[23:09] <toad_> jez9999: possible to identify ... but only with moderately clever sw/hw
[23:10] <toad_> MineHaunter: i know HTTP
[23:10] <jez9999> toad_: easier than multiple http connections?
[23:10] <toad_> jez9999: hmmm?
[23:10] <toad_> jez9999: dunno
[23:10] <jez9999> toad_: one long connection is easier to detect than one connection per message
[23:10] <jez9999> or vice versa
[23:10] <toad_> yeah
[23:10] <toad_> one long connection, many messages
[23:10] <toad_> is probably best
[23:11] <jez9999> shame http can't do two-way. i'd think of doing FTP, but HTTP is the obvious protocol that's not gonna be blocked
[23:11] <toad_> well, you just interleave POSTs with GETs
[23:11] <jez9999> interleave?
[23:11] <toad_> you can even include a small amount of data in a GET
[23:11] <toad_> POST GET POST GET POST GET ...
[23:12] <jez9999> why bother interleaving?
[23:12] <toad_> because it lets you use one connection instead of two?
[23:12] <toad_> also you can pretend to pipeline, but it may give you away
[23:12] <jez9999> i dont quite understand why you'd need to use two connections
[23:13] <toad_> i.e. while you are reading data you can send another request, which in theory would be handled after the rest of the data has been sent
[23:13] <toad_> jez9999: you want to send data both ways, right?
[23:13] <jez9999> yeah
[23:13] <toad_> so you either have one connection that always goes one way, and one that goes the other way, or you have one connection that does both
[23:14] <toad_> if you assume you're going through a proxy, then your HTTP stream must be clean
[23:14] <toad_> so you have to use a series of POSTs and/or GETs
[23:14] <jez9999> i didn't think one http connection could alternate the direction
[23:14] <jez9999> you have the http request, and the response
[23:14] <toad_> of course it can, it adds extra lag, of course
[23:15] <toad_> well you basically poll
[23:15] <toad_> i send a POST, containing my message
[23:15] <jez9999> without closing the connection/
[23:15] <toad_> then I send a GET, and wait for his message
[23:15] <toad_> his message completes (it may be empty)
[23:16] <toad_> so I post again
[23:16] <toad_> it's horrible, really :)
[23:16] <jez9999> how is that better than just initiating new HTTP requests
[23:16] <toad_> what you want to be doing really is have two connections, one always GETing and one always POSTing (or GETing in the other direction)
[23:16] <toad_> jez9999: one HTTP connection can carry any number of requests
[23:17] <jez9999> hmm, i must read up further on http
[23:17] <toad_> jez9999: anyway, most of this has probably been done before; have a look at GNU httptunnel
[23:17] <jez9999> i always thought it was only a request and a response
[23:17] * volkris_ (n=chatzill@) has joined #freenet
[23:17] <toad_> jez9999: no, HTTP 1.1 allows for keepalives (more than one request per connection) and pipelining (sending multiple requests at once to be answered in series)
[23:17] <toad_> and Content-Encoding: chunked
[23:18] <toad_> which means you don't have to specify the length of the data, but can terminate it without closing the connection (and breaking keepalives)
[23:18] <toad_> connection setup is expensive
[23:18] <toad_> errr
[23:18] <toad_> Transfer-Encoding: chunked
[23:18] <jez9999> an alternative might be to ignore HTTP :-)
[23:18] <toad_> sure
[23:19] <toad_> what other options do you have?
[23:19] <jez9999> couldnt you connect on port 80, send a valid header, then just send whatever traffic you wanted?
[23:19] <toad_> yep
[23:19] <toad_> you could use CONNECT
[23:19] <toad_> or something like that
[23:19] <jez9999> but i guess httptunnel already does that :-)
[23:19] <toad_> nope
[23:19] <toad_> I don't think it does
[23:19] <toad_> httptunnel works over proxies
[23:19] <toad_> that means it's valid HTTP
[23:20] <jez9999> superior to this solution
[23:20] <toad_> two strategies: 1) use CONNECT, which lets you send a stream
[23:20] <toad_> many proxies - probably most proxies - don't allow CONNECT
[23:20] <toad_> 2) use a series of GETs and POSTs, on one or more connections
[23:20] <toad_> CONNECT is more efficient, but isn't allowed by most proxies
[23:20] <toad_> and you're probably behind a proxy, even if you're not explicitly connecting to one
[23:20] <Zothar_Work> CONNECT is how SSL web traffic is proxied
[23:21] <jez9999> ok, a question
[23:21] <jez9999> httptunnel has been implemented; so has freenet
[23:21] <toad_> Zothar_Work: really? cool
[23:21] <jez9999> why isn't freenet using that to hide its data in http?
[23:21] <Zothar_Work> yep, I've run a Squid proxy before
[23:21] <toad_> first, it's not in java. second, more importantly, we haven't implemented transport plugins yet.
[23:21] <toad_> transport plugins will be needed for steganography
[23:21] <jez9999> but if you had, you could use that
[23:22] <toad_> and will probably be a 2007 or 2008 summer of code project, if we're accepted :)
[23:22] <toad_> they'd be a fair bit of work
[23:22] <jez9999> im just wondering to what extent httptunnel uses steganography
[23:22] * volkris (n=chatzill@) Quit (Read error: 145 (Connection timed out))
[23:22] <toad_> but they'd let us use TCP as well as UDP, and various stego systems
[23:22] <jez9999> perusing the source code isnt going to be a fun experience
[23:22] <toad_> jez9999: have a look at the code
[23:22] * volkris_ is now known as volkris
[23:22] <toad_> jez9999: you may want to read RFC 2616 first
[23:22] <Zothar_Work> jez9999: I don't think httptunnel does any stego, but then I''m not exactly an expert on it or anything
[23:22] <toad_> jez9999: but it's long...
[23:23] <toad_> Zothar_Work: it does work over proxies that don't do CONNECT on port 80, though, doesn't it?
[23:23] <Zothar_Work> toad_: I don't know; never used it, only heard about it well before stego was talked about
[23:23] <Zothar_Work> things may have changed
[23:23] * mogul69_ (i=squid@) has joined #freenet
[23:24] * toad_ hmmz, I may have been showing off with my HTTP knowledge ... sorry to anyone offended :)
[23:24] <toad_> Zothar_Work: gnu httptunnel is fairly old
[23:25] <jez9999> maybe i could implement something like httptunnel, but that only bothered with 1 application (simple IM), and used steganography
[23:25] <jez9999> the aim would be to use Wireshark or like to look at packets and see whether they were obviously IM messages or not
[23:25] <toad_> that might be an idea
[23:25] <jez9999> i could be letting myself in for a damn tough project, but it's meant to be tough
[23:25] <toad_> I dunno, it's been done before
[23:26] <jez9999> what hasn;t?
[23:26] <toad_> stego that actually works? :)
[23:26] <jez9999> heh, that's been done, surely
[23:26] <toad_> i dunno, there may be something in the word-soup approach
[23:26] <jez9999> i send you an image file, does it contain a stego message?
[23:26] <toad_> there are ways to find out
[23:26] <jez9999> i send you a text file, does it contain a stego message?>
[23:26] <toad_> reasonably cheap ways
[23:26] <jez9999> not really.
[23:26] <nextgens> toad_> I've whitelisted a small number of file extentions (regarding mantis)
[23:26] <Zothar_Work> jez9999: just stego in spam, that should be easy... :)
[23:26] <nextgens> toad_> and yes, bmp isn't in the list
[23:26] <toad_> lol
[23:27] <toad_> nextgens: hmmm, it was a small bmp
[23:27] <jez9999> zothar: except the message will get blocked 90% of the time :-)
[23:27] <toad_> nextgens: maybe file size is better?
[23:27] <Zothar_Work> jez9999: details... :)
[23:27] <toad_> i still think hiding data in a well-formatted SIP stream has some promise
[23:27] <nextgens> jez9999> try ./run.sh console
[23:27] <_ph00> already two guys asked about this but I couldn't do anything and nobody was around here then, so I'll re-post the question now
[23:28] <jez9999> nextgens: huh? i'm not on a unix system
[23:28] <toad_> as long as the data is indistinguishable from random noise, and as long as you don't have a human being listening to all the SIP streams, it will be very expensive to identify
[23:28] <toad_> or H.263 for that matter (video)
[23:28] <_ph00> some people are having a frost problem: it can't connect to the node though the node is running and the freenet port is not occupied by something else
[23:28] <_ph00> what could that be?
[23:29] <toad_> _ph00: hmm, that's strange
[23:29] <_ph00> yeah
[23:29] <toad_> _ph00: consistently?
[23:29] <toad_> _ph00: can other apps connect to the node?
[23:29] <jez9999> toad_: when you said this idea has been done before, where exactly is an example of it?
[23:29] <_ph00> already two ppl asked about that, one yesterday and one today
[23:29] <toad_> jez9999: httptunnel :)
[23:29] <jez9999> isn't IM, doesn't seem to use stego
[23:29] <toad_> jez9999: dunno if it uses stego
[23:30] <toad_> jez9999: http stego would be good
[23:30] <Zothar_Work> toad_: or use real video streams and hide in the noise... :)
[23:30] <toad_> Zothar_Work: hiding in the noise can ALWAYS be detected
[23:30] <toad_> and it cuts your bandwidth way down
[23:30] <toad_> admittedly detecting it will be fairly expensive
[23:31] <jez9999> frankly, implementing stego in audio and video is much harder (and beyond me at the moment)
[23:31] <toad_> but detecting it in a well formatted stream that happens to produce something nonsensical will also be expensive
[23:31] <jez9999> you need a very good understanding of complex formats
[23:31] <jez9999> implementing in http text is easier
[23:31] <toad_> that's true
[23:31] <Zothar_Work> toad_: guess I don't know how stego works then; you're talking more of FNP traffic being loosely wrapped as other protocols, which is not as "secure" as I understand things...
[23:31] <toad_> have you done a literature search?
[23:31] <jez9999> me?
[23:31] <toad_> Zothar_Work: FNP looks like random noise
[23:31] <toad_> jez9999: yeah
[23:32] <jez9999> i've been looking up stuff on stegonography
[23:32] <jez9999> haven't really seen much in the way of live connections
[23:32] <jez9999> mainly programs to embed stuff in files
[23:32] <toad_> Zothar_Work: well, strictly speaking, FNP looks like random bytes on UDP packets; you can't profile it by predictable bytes
[23:32] <toad_> Zothar_Work: so cheap firewalls, like the chinese one, won't be able to identify it
[23:32] <toad_> Zothar_Work: but even better there's no predictable bytes to look for in stego analysis
[23:32] <jez9999> the Chinese firewall is cheap? can i have one too?
[23:32] <toad_> :)
[23:32] <Zothar_Work> toad_: yes and changing just the right least-significant bits according to your key would get it, though I suppose I'm thinking of the pre-compression video stream, so it could get lost by the compression...
[23:33] <toad_> Zothar_Work: okay... there are two proposals here. 1) use the last significant bit (how do you do that in JPEG/MPEG anyway?) 2) use everything
[23:33] <toad_> Zothar_Work: either way you need to decode it and do some stats to identify it
[23:33] <toad_> Zothar_Work: right?
[23:34] * PIFilms (n=PIF@) Quit ()
[23:34] <jez9999> usually if you muck around with JPEG it breaks the file
[23:34] <toad_> Zothar_Work: so both have their uses, but neither is really that great
[23:34] <Zothar_Work> toad_: it seems that your thinking on this suggests we get the "random" data being wrapped in protocols thing to become common place, otherwise it'd just be Freenet that had "garbage" SIP streams, etc. right?
[23:34] <toad_> right, JPEG has the redundancy stripped out anyway...
[23:35] <toad_> Zothar_Work: no, my assumption is that the attacker will not have the resources to decode every SIP stream and do stats on it to identify if it is real or not
[23:35] <jez9999> my first thought, actually, was to use 1 or 2 bits per pixel in a BMP image to embed a message
[23:35] <jez9999> that has, however, been done
[23:35] <toad_> Zothar_Work: at best he'll be able to verify that it's well formatted ...
[23:35] <Zothar_Work> toad_: there might be a third proposal, but I'm not yet sure how it'd work; bogus MPEG stream frames or something?
[23:35] <jez9999> but http text strganography? im not sure about that.
[23:35] <toad_> but having thought about it maybe that's wrong. maybe the decode costs more than the stats?
[23:35] <toad_> Zothar_Work: that's #2 ...
[23:36] <Zothar_Work> jez9999: yes, but that's before compression, which wille either strip those away in the loss or be very obvious on the other end.
[23:36] <jez9999> what's before compression?
[23:36] <toad_> jez9999: why would anyone send a BMP around?
[23:36] <toad_> people send JPEGs
[23:36] <Zothar_Work> toad_: depends on whether your #2 means all frames or just some. I'm thinking of a video player that ignores bad frames, but otherwise plays the video stream normally.
[23:36] <jez9999> toad_: yeah mostly. although PNGs get sent around.
[23:37] <toad_> mess with a JPEG and you get a visibly different JPEG - unless the JPEG has way too low compression settings
[23:37] <toad_> Zothar_Work: hmmm
[23:37] <toad_> Zothar_Work: might be possible
[23:37] <toad_> Zothar_Work: what we're really looking for is something that the attacker can know about and yet still not easily identify without exerting X effort
[23:38] <Zothar_Work> keep the FNP signal to MPEG video noise ratio small enough and the video doesn't even get laggy or anything
[23:38] <toad_> jez9999: you read the page on steganography on wikipedia?
[23:38] <nextgens> jez9999> that's why it doesn't work then ... use the installer, not the tarball!
[23:38] <Zothar_Work> right, the bad frame would even look sorta like a good frame except for a CRC or whatever check failing... :)
[23:38] <nextgens> toad_> in fact we filter out by size & extension
[23:38] <Zothar_Work> (I assume they don't use ECC, dunno for sure)
[23:38] <toad_> nextgens: well, then, could you allow bitmaps?
[23:39] <jez9999> toad_: are you pointing me to something specific on it?
[23:39] <toad_> jez9999: no, just that it's useful background
[23:39] <jez9999> i have read most of it
[23:39] <toad_> okay cool
[23:39] <Zothar_Work> nextgens: since you're actually here this time, still interested in the svnmirror we talked about last week?
[23:39] <jez9999> it's surprisingly bad quality, by Wiki's stamdards
[23:39] <nextgens> [23:32] <@ toad_> | Zothar_Work: so cheap firewalls, like the chinese one, won't be able to identify it
[23:39] <nextgens> lol
[23:39] <toad_> :)
[23:39] <jez9999> it tends to focus more on standard stego than computer stego
[23:39] <nextgens> stateless firewalls are usefull
[23:39] <nextgens> and not that cheap :)
[23:39] <jez9999> stego applies to the real world too :-)
[23:40] <jez9999> but with computers, it can be made much more sophisticated
[23:40] <toad_> does it explain the basic principles?
[23:40] <jez9999> yes
[23:40] <toad_> IIRC it explains the important bit about it being an arms race on modelling
[23:40] <nextgens> the purpose of doing it stateless is clustering ... to reach high-availability
[23:40] <toad_> you win if your model is better than your opponent's model
[23:40] <toad_> of whatever it is that is being modelled - video, audio, etc
[23:40] <jez9999> does steganalysis match or surpass the improved quality of steganography on computers?
[23:41] <toad_> nextgens: well practically speaking a stateless firewall cannot identify FNP
[23:41] <jez9999> computer-based steganalysis
[23:41] <nextgens> Zothar_Work> sure, hmmm
[23:41] <toad_> jez9999: very likely
[23:41] <jez9999> if someone comes up with a brand new stego algorithm, steganalysis is useless
[23:41] <toad_> jez9999: depending on how much resources you have
[23:41] <nextgens> Zothar_Work> I need to "freeze" the repository before dumping it though
[23:41] <nextgens> will prepare that tonight
[23:41] <jez9999> the thing about stego is, even if you think you've identified a message it could be a co-incidence
[23:41] * Zothar_Work looks into the dumping process since he needs to do it for work anyway...
[23:41] <jez9999> it's all a matter of probability
[23:42] * nextgens has reached the end of backlog
[23:42] <toad_> jez9999: sure, for low bandwidth stuff you may be okay
[23:42] <_ph00> <toad_> _ph00: can other apps connect to the node? <== all I knew was that fproxy worked
[23:42] <Zothar_Work> jez9999: especially if the stego'd data itself looks random... :)
[23:42] <toad_> jez9999: but if you can correlate over time you'll get them
[23:42] <jez9999> toad_: i'm only suggesting low bandwidth
[23:42] <jez9999> toad_: yes, but try doing that for a million users
[23:43] <toad_> right
[23:43] <toad_> strong steganography is impossible
[23:43] <jez9999> hmm
[23:43] <toad_> but weak steganography which still costs the attacker more than he is willing to pay may well be feasible for many attackers
[23:43] <jez9999> "costs the attacker more than he is willing to pay"?
[23:44] <mogul69_> can someone say where i can find the update.sh
[23:44] <Zothar_Work> nextgens; at least on svnadmin 1.1.3, it looks like you can svnadmin dump a range of revs
[23:44] <Zothar_Work> that might mean the repo doesn't have to be frozen
[23:44] <toad_> jez9999: basic concept in crypto. no crypto algorithm is perfect, but you can say "he'd need $x billion to break this key by brute force"
[23:44] <toad_> mogul69_: downloads.freenetproject.org
[23:45] <jez9999> the novel idea in stego via http would really be the ability to encrypt the message
[23:45] <toad_> jez9999: ideally a stego algorithm would cost $bignum to crack - to even identify - unless you have the key
[23:45] <toad_> jez9999: the