Timestamps are in GMT/BST.
[0:06] * sirius (n=siriusno@) Quit ()
[0:13] * _ph00 (n=z@) has joined #freenet
[0:25] * NullAcht15 (n=NullAcht@) Quit (Remote closed the connection)
[0:48] * zac__ (n=zac@) Quit (Remote closed the connection)
[0:52] * aou (n=rebo123@) has joined #freenet
[0:53] * rebo123 (n=rebo123@) Quit (Nick collision from services.)
[0:53] * aou is now known as rebo123
[0:57] * OctobersDark (n=October@) has joined #freenet
[0:58] * ldoc (n=ldoc@) has joined #freenet
[1:00] * oCc (n=nodeOne@) has joined #freenet
[1:00] * oCc (n=nodeOne@) Quit (Remote closed the connection)
[1:01] * colione (n=colione@) has joined #freenet
[1:11] * BigPuppy69 (i=BigPuppy@) has joined #freenet
[1:16] * ldoc|away (n=ldoc@) Quit (Read error: 110 (Connection timed out))
[1:32] * kuroishi (n=kuroishi@) has joined #freenet
[1:33] * Zothar_Work (n=chatzill@) Quit ("Chatzilla 0.9.74 [Firefox 1.5.0.7/2006090921]")
[1:44] * maaxel (i=polaris@) Quit (Read error: 110 (Connection timed out))
[2:18] * maaxel (i=polaris@) has joined #freenet
[2:26] * maaxel (i=polaris@) Quit (Read error: 54 (Connection reset by peer))
[2:26] * maaxel (i=polaris@) has joined #freenet
[2:29] * nodeOne (n=nodeOne@) Quit ("moget")
[2:58] * maaxel (i=polaris@) Quit (Read error: 60 (Operation timed out))
[3:01] * THread4D4 (n=Thread@) Quit ("Leaving")
[3:06] * maaxel (i=polaris@) has joined #freenet
[3:40] * _ph00 (n=z@) Quit (Remote closed the connection)
[3:49] * maaxel (i=polaris@) Quit (Read error: 54 (Connection reset by peer))
[3:51] * mk (n=mk@) has joined #freenet
[3:54] * maaxel (i=polaris@) has joined #freenet
[3:55] <mk> Does anyone understand how winny/share work? I've tried to find papers or general information on the mechanism online, but aside from "it's based very loosely on freenet", I've found nothing.
[3:59] <BigPuppy69> is that even still around?
[4:01] <mk> I guess?
[4:02] <BigPuppy69> try this: http://www.answers.com/topic/share-p2p
[4:03] <mk> I've had a look at that wp article, and the links. It doesn't give much information on anonymity
[4:04] <mk> or, well, much information at all
[4:04] <BigPuppy69> Well, I'm guessing the author is pretty concerned about anonymity as well, since his predecessor was arrested :D
[4:04] <mk> the client connects to other clients with similar cluster keywords, and in some way a search is made, and in some way it's all anonymous
[4:08] <BigPuppy69> to be honest, I have no clue
[4:10] * OctobersDark is now known as Oct_borkin
[4:27] * BigPuppy69 (i=BigPuppy@) Quit ()
[4:35] * sirius (n=siriusno@) has joined #freenet
[4:43] * kuroishi (n=kuroishi@) Quit (Read error: 110 (Connection timed out))
[4:46] <sirius> hi
[4:46] <sirius> i just installed freenet
[4:46] <sirius> "This node has no peers to connect to, therefore it will not be able to function normally. Ideally you should connect to peers run by people you know (if you are paranoid, then people you trust; if not, then at least people you've talked to)."
[4:46] <sirius> etc..
[4:46] <sirius> so i guess i come here?
[4:52] * sirius (n=siriusno@) Quit ()
[4:57] * colione (n=colione@) has left #freenet
[5:04] * sortanew (n=Email@) has joined #freenet
[5:04] <sortanew> anyone exchange refs in here?
[5:12] <fridim> sortanew, read topic please
[5:27] <mk> is anyone familiar with 'distributed uploading'?
[5:32] * noggly_ (i=noggly@) Quit (Read error: 60 (Operation timed out))
[5:33] * noggly (i=noggly@) has joined #freenet
[5:37] * Guest806 (n=Guest806@) has joined #freenet
[5:45] * Guest806 is now known as Guest77
[5:46] * Guest77 is now known as Guest806
[5:59] * Loof (n=loof@) has joined #freenet
[7:55] * bigtitan (i=bigtitan@) has joined #freenet
[7:55] * bigtitan (i=bigtitan@) has left #freenet
[8:01] * mk (n=mk@) has left #freenet
[8:11] * Loof (n=loof@) Quit ("leaving")
[8:16] * minusvirus (n=minusvir@) has joined #freenet
[8:16] <minusvirus> yop
[8:25] * TheBishop_ (n=bishop@) Quit (Read error: 113 (No route to host))
[8:26] * TheBishop_ (n=bishop@) has joined #freenet
[8:27] * Tritman (i=Tritman@) has joined #freenet
[8:39] * whiterabbit (n=whiterab@) has joined #freenet
[9:10] * sanity (n=ian@) Quit ()
[9:19] * sanity (n=ian@) has joined #freenet
[9:19] * ChanServ sets mode +o sanity
[9:19] * fridim (n=fridim@) Quit (""Putain ils sont o?? ?" -- le petit poucet")
[9:33] * Tritman (i=Tritman@) Quit (Client Quit)
[10:36] * franky (n=fdm@) has joined #freenet
[10:36] * franky (n=fdm@) has left #freenet
[10:47] * frankee (n=musango@) has joined #freenet
[10:48] <frankee> test
[10:48] <frankee> Jholla
[10:55] * frankee (n=musango@) Quit (":Bye")
[11:20] * NullAcht15 (n=NullAcht@) has joined #freenet
[11:42] * toad_ (n=toad@) has joined #freenet
[11:42] * ChanServ sets mode +o toad_
[11:57] * PraiseChaos (n=kcecil@) Quit (Remote closed the connection)
[12:40] * oCc (n=nodeOne@) has joined #freenet
[12:48] * Guest806 (n=Guest806@) Quit ()
[12:48] * whiterabbit (n=whiterab@) Quit ("Changing server...")
[12:49] * whiterabbit (n=whiterab@) has joined #freenet
[12:51] * sich (n=sich@) has joined #freenet
[12:52] <sich> hello anyone here ?
[13:03] <toad_> hi
[13:06] <sich> hi toad_
[13:06] <sich> my computer just crash, and now my node can't connect with other peers
[13:07] <sich> any idee about this ?
[13:07] <sich> I have this error in freenet-latest.log : nov. 08, 2006 12:50:01:777 (freenet.node.FNPPacketMangler, UdpSocketManager sender thread on port 44813, ERROR): Unmatchable packet from xx.xx.xx.xx:xxxx
[13:19] * Oct_borkin is now known as OctobersDark
[13:22] <sich> toad_, someone add my <new> refs, and it's work....
[13:22] <sich> the question is why old connection doesn't work :(
[13:25] * greycat (i=rfc1413@) has joined #freenet
[13:28] * Jase (i=jase@) Quit (Read error: 104 (Connection reset by peer))
[13:30] * Jase (i=jase@) has joined #freenet
[13:53] <toad_> sich: maybe your old refs didn't include your ip address
[13:54] <sich> my old ref include my ip
[13:54] <sich> ...
[13:55] <toad_> then what's the diff between your old ref and your new ref?
[13:55] <sich> the only thing who change is the <sig> ligne
[13:56] <sich> here is the new ref : http://dl.cafe-philo.net/sich_dark.txt
[13:56] <sich> this is the old : http://dl.cafe-philo.net/sich_dark_back.txt
[13:57] <toad_> maybe the problem isn't with your ref
[13:57] <toad_> bbiab
[13:57] * OctobersDark is now known as OctobersBORK
[14:04] * Zothar_Work (n=chatzill@) has joined #freenet
[14:21] * mozillaman (n=borg@) has joined #freenet
[14:41] * sbc (n=sbc@) has joined #freenet
[14:45] * Boerta (n=bjornelo@) has joined #freenet
[15:02] * Ash-Fox (i=UNKNOWN@) Quit (Remote closed the connection)
[15:03] * Ash-Fox (i=UNKNOWN@) has joined #FreeNET
[15:05] * duff (n=chatzill@) has joined #freenet
[15:11] * duff is now known as duffiskewl
[15:18] * duffiskewl (n=chatzill@) has left #freenet
[15:20] * duffiskewl (n=chatzill@) has joined #freenet
[15:37] * sbc (n=sbc@) Quit ("Ex-Chat")
[15:42] * duffiskewl (n=chatzill@) Quit ("Chatzilla 0.9.75 [Firefox 2.0/2006101023]")
[15:43] * darkblack (i=ircap8@) has joined #freenet
[15:43] * darkblack (i=ircap8@) has left #freenet
[15:44] * mephisto_ (n=chatzill@) has joined #freenet
[15:54] * mephisto_ (n=chatzill@) has left #freenet
[15:57] * minusvirus (n=minusvir@) Quit ("redrum !!!")
[16:15] * sich (n=sich@) Quit (Read error: 110 (Connection timed out))
[16:20] * sich (n=sich@) has joined #freenet
[16:20] <sich> re
[16:44] * sannes (n=ace@) has joined #freenet
[16:57] * whiterabbit (n=whiterab@) Quit (Read error: 110 (Connection timed out))
[17:04] * timmy2chk (n=Vincent@) has joined #freenet
[17:09] <toad_> sich: did you upgrade to 993 when it didn't connect?
[17:09] <sich> the node was upgrade before problem
[17:10] <sich> I will soon make a memtest on my computer
[17:10] <sich> I think I have memory problem
[17:27] * sanity (n=ian@) Quit ()
[17:28] <Griffon26> anyone, I'm getting a lot of these: http://www.rafb.net/paste/results/O1vIcA95.html Does that ring any bells?
[17:32] <toad_> Griffon26: that's odd
[17:32] <toad_> Griffon26: was the node working after "Node initialization completed" ?
[17:32] <Griffon26> it seemed to, yes
[17:32] <toad_> Griffon26: could you possibly file a bug on https://bugs.freenetproject.org/ ?
[17:32] <Griffon26> ok
[17:35] * egon2003 (n=fargod@) has joined #freenet
[17:38] <CIA-14> toad * r10834 /trunk/freenet/src/freenet/node/Node.java: Fix always-shrink-on-startup bug.
[17:48] <CIA-14> toad * r10835 /trunk/freenet/src/freenet/ (9 files in 5 dirs): move freenet.transport to freenet.support.transport.ip
[17:51] <Griffon26> toad_: what category would that bug be?
[17:52] * sortanew (n=Email@) Quit ("-= TMD-RecruitServer 5.0=-")
[17:55] * Boefjje is now known as Boefke
[17:56] * tubbie (n=tubbie@) has joined #freenet
[17:59] <Zothar_Work> toad_: perhaps I'm just forgetting my context, but wouldn't r10834 simply not try to shrink things rather than also enforcing the limit so they wouldn't "need to be shrunk"?
[18:00] * _ph00 (n=z@) has joined #freenet
[18:03] * iwantprebutt (n=Email@) has joined #freenet
[18:03] * iwantprebutt (n=Email@) has left #freenet
[18:04] * sanity (n=ian@) has joined #freenet
[18:04] * ChanServ sets mode +o sanity
[18:05] * getch (n=Email@) has joined #freenet
[18:18] * Caco_Patane (n=caco@) has joined #freenet
[18:18] <Caco_Patane> Hallo
[18:20] * Stargazer2 (n=Stargaze@) has joined #freenet
[18:25] <Zothar_Work> howdy
[18:28] <Caco_Patane> nextgens, i've made an install of freenet in a fresh installed Windows XP SP2 (Spanish)
[18:29] <Caco_Patane> the installation was fine (i've writed a journal in case that i have some troubles in order to document them, but it was not necesary)
[18:29] <Caco_Patane> let me know if you want to try something on it, i will re-install that PC in a few days
[18:29] * egon2003 (n=fargod@) Quit (Read error: 104 (Connection reset by peer))
[18:37] <nextgens> hi
[18:37] <nextgens> Caco_Patane> well, there is not much to test appart the uninstaller
[18:37] <nextgens> but the version you installed is known to be br0ken
[18:37] * nextgens hasn't uploaded the new installer yet
[18:37] <nextgens> as they are still remaining issues
[18:38] <nextgens> and the current one performs not too bad
[18:38] <nextgens> and I wouldn't have time to fix nor provide support on the new, not as well tested, version
[18:41] <toad_> Griffon26: dunno, pick one
[18:41] <toad_> Griffon26: probably fred
[18:41] <Caco_Patane> ok
[18:42] <toad_> Zothar_Work: 10834 will enforce the size limits so that things don't need to be re-shrunk on every startup
[18:42] * _ph00 (n=z@) Quit (Remote closed the connection)
[18:43] <toad_> Zothar_Work: it reverts the hack introduced a little while ago
[18:48] <Zothar_Work> ah, OK
[18:48] * _ph00 (n=z@) has joined #freenet
[18:49] <Zothar_Work> well, I guess we'll have to change the nature of the conversation now that _ph00 is here... :)
[18:49] <toad_> [OT] rumsfeld fired ...
[18:49] <TheSeeker> And there was much rejoicing.
[18:49] <Zothar_Work> (things have been relatively quiet; perhaps they'll pick up)
[18:49] <toad_> [OT] indeed!
[18:49] <_ph00> rumsfeld?
[18:50] <_ph00> *the* rumsfeld?
[18:50] <Zothar_Work> Yeah, saw that; interesting the timing; I figure either they waited 'til after the election to not influence it or they did it because of how the election went, thinking they might get a political advantage somehow by making the change
[18:50] <_ph00> I said that a long time ago: those guys (bush, cheney and rumsfeld) will be the next *big scapegoats*
[18:50] <toad_> [OT] US defence secretary ... the guy responsible for abu ghraib, the arguably too low troop levels in iraq, and according to some the ditching of the State Department's post-war planning
[18:50] <Zothar_Work> Yeah, US Secretary of Defense Donal Rumsfeld
[18:51] <toad_> although i think that last point may have been cheney more than rumsfeld
[18:52] <_ph00> but, the *real* bad guys never get in trouble. This administration was meant to become a bunch of scapegoats *before* the RealBadGuys put the in "charge"
[18:52] * nextgens hasn't taken the time to look at the news yet, what's the result ?
[18:52] <Zothar_Work> it's a change that's been called for by some for a long time
[18:52] <toad_> [OT] nextgens: dems take the house, probably take the senate
[18:52] <nextgens> good news :)
[18:52] <Zothar_Work> (not necessarily by persons of the same political party though)
[18:53] <toad_> comes down to virginia, though montana will probably have a recount
[18:53] <Zothar_Work> ah, I see the stats have changed since earlier this morning; the dems have picked up one more seat in the senate, putting them one away from majority
[18:54] <TheSeeker> [OT] toad_: pm;y techincally take the senate... dems and reps will be even, but lieberman has pledged to vote dem on most matters
[18:54] <TheSeeker> [OT] don't know about the other independent guy
[18:55] <toad_> [OT] hmmm, could be several recounts in fact
[18:55] <toad_> [OT] but if they get virginia as well they've got the senate
[18:56] <toad_> [OT] (assuming the independants vote with the dems)
[18:56] * sandos (n=sandos@) has joined #freenet
[18:56] <toad_> sandos: hey!
[18:57] <toad_> sandos: you here?
[18:57] <sandos> hi!
[18:57] <sandos> yup
[18:57] <toad_> you never gave me your GPL2+ consent
[18:57] <TheSeeker> [OT] dems only have less than a 7000 lead in VA ... definately going to have a recount there :P
[18:57] <toad_> please email me - yes or no!
[18:57] * timmy2chk (n=Vincent@) Quit ()
[18:57] <_ph00> dems,reps... same shit
[18:57] <_ph00> oh, yeah, [OT]
[18:57] <_ph00> :P
[18:58] <nextgens> bbiab
[18:59] * NullAcht15 (n=NullAcht@) Quit (Nick collision from services.)
[18:59] * NullAcht15_ (n=NullAcht@) has joined #freenet
[19:00] * timmy2chk (n=Vincent@) has joined #freenet
[19:25] * Zothar_Work (n=chatzill@) Quit ("Chatzilla 0.9.74 [Firefox 1.5.0.7/2006090921]")
[19:25] * MaxxDrv (n=MaxxDrv@) has joined #freenet
[19:31] * MaxxDrv (n=MaxxDrv@) Quit ("Konversation terminated!")
[19:34] * huhrgah (n=hurgah@) has joined #freenet
[19:45] * Stargazer2 (n=Stargaze@) Quit (Read error: 110 (Connection timed out))
[19:45] * Stargazer2 (n=Stargaze@) has joined #freenet
[19:53] <toad_> TheSeeker: did your downloads finish?
[19:53] <toad_> [22:01] <TheSeeker> It seems that freenet doesn't seem to like decoding things as soon as it has enough pieces anymore ... (r10830)
[19:53] <toad_> is that still the case?
[19:54] <TheSeeker> toad: the downloads did eventaully all start, if that's what you're asking.
[19:54] <toad_> TheSeeker: the problem was they didn't start?
[19:54] <TheSeeker> Oh, finishing...
[19:54] <TheSeeker> right.
[19:54] <toad_> TheSeeker: i thought the problem was they wouldn't finish?
[19:55] <TheSeeker> I eventually aborted and restarted the downloads that were doing that... they fell from > 100% to the high 90s ...
[19:55] <TheSeeker> and eventually finished
[19:55] <toad_> so the problem still exists?
[19:56] <TheSeeker> most likely. None of my downloads now are anywhere near complete.
[19:57] <toad_> hmmm
[19:57] <toad_> downloads do seem to complete for me
[19:57] * whiterabbit (n=kvirc@) has joined #freenet
[19:57] <toad_> tell me if it happens again...
[19:57] <toad_> TheSeeker: can you report the bug or shall I?
[19:58] <TheSeeker> I do have one download that's been at 100% of the manifest blocks for a day now without starting the download...
[19:58] <toad_> what do you mean?
[19:58] <TheSeeker> it hasn't gove to over 200% like some others though :P
[19:58] <toad_> what does 100% of the manifest blocks mean?
[19:58] <toad_> what does starting to download mean?
[19:58] <toad_> you're confusing me
[19:58] <TheSeeker> you know, when you're downloading a large file, and the manifest is a splitfile itself?
[19:59] <toad_> yeah...
[19:59] * whiterabbit (n=kvirc@) Quit (Client Quit)
[19:59] <toad_> how do you know that?
[19:59] <toad_> the problem is that it's downloaded the manifest, and you expect the number of pending blocks to increase to the full splitfile, but it doesn't?
[19:59] <TheSeeker> well, the interface shows 100% (not bold) and fuqid shows ~100% 19/28 [19]
[19:59] <TheSeeker> and it's been that way since yesterday.
[20:01] * whiterabbit (n=whiterab@) has joined #freenet
[20:02] <TheSeeker> I just aborted and restarted, and it dropped from 19/28 to 17/28 ... if that means anything
[20:03] <toad_> and the total should be much higher than that?
[20:03] <toad_> TheSeeker: email address?
[20:03] <TheSeeker> well, once the download starts, it'll be #/8300+
[20:04] <TheSeeker> <- @ gmail
[20:04] <toad_> and there were no other downloads running at higher or equal priority?
[20:04] <toad_> any ERRORs in the logfile?
[20:05] * toad_ wonders where he can find some legal multi-level splitfiles...
[20:05] <toad_> any splitfile over 20MB will be multi-level...
[20:06] <TheSeeker> No downloads at equal or higher priority, I use soft queue scheduling, and set downloads that are 'waiting to start' to highest priority, then lower the priority once they start.
[20:07] <TheSeeker> log file errors will be a pain to look for and try to relate to the issue... I don't have any numbers about when exactly I started the download, and under windows it's not as easy to do magical compressed log parsing :P
[20:07] <toad_> hmmm
[20:07] <toad_> might be related to the lowering-priority-doesn't-work bug then?
[20:08] <toad_> did you try restarting the node?
[20:09] <TheSeeker> no, I try not to restart my node unless there's an update.
[20:09] <toad_> so it could be related?
[20:09] <toad_> next time please restart your node
[20:09] <TheSeeker> When should I restart my node, and why?
[20:09] <toad_> when it messes up like that
[20:09] <toad_> well
[20:09] <toad_> here's the theory
[20:09] <toad_> you reduce the priority of one file, because it's started
[20:10] <toad_> the priority doesn't actually change for some reason
[20:10] <toad_> (a bug)
[20:10] <toad_> then you start another file at top priority
[20:10] <toad_> hmmm
[20:10] <toad_> i'm wrong, can't be caused by that
[20:10] <toad_> know any legal multi-layer splitfiles i could try?
[20:12] <TheSeeker> Well, I've been downloading my own inserts to see if they're working, and technically fansubbed anime isn't illegal ... at least no private company has come forward to shut down the fansubbers that do the work of encoding, translation, and distrobution ... :P
[20:12] <toad_> :)
[20:13] * toad_ tries Trusted Computing again
[20:14] <TheSeeker> CHK@Q~7USt6f3LYWZhcjRDRE~fjEeRjqTIh-O6g2QXsiRY0,LWnBsiZ~0isuNFcBYyZiPch7ILuDhXdjRmf9GGOpXDs,AAEC--8/Public Domain (Slide Shows).7z ... this should be perfectly legal ... (though some material within is probably objectionable to some) ... it's a bunch of SNES rom images that are released in the public domain by people in the scene that have made slideshows and demos.
[20:15] <TheSeeker> Could my download issues be related to a large upload queue?
[20:15] * sandos (n=sandos@) Quit (Read error: 104 (Connection reset by peer))
[20:16] <CIA-14> toad * r10836 /trunk/freenet/src/freenet/store/BerkeleyDBFreenetStore.java: Remove unnecessary transaction
[20:16] <toad_> TheSeeker: upload queue? doubtful
[20:18] <TheSeeker> I'm currently uploading about 230 files between 800K and 1MB. I've set up the upload so that 25 are at highest priority, 25 at very high, 25 at medium, etc, with the rest at minimum ... the odd part is, that most of the 'low' priority inserts have more completed blocks than the average 'medium' 'high' or 'very high' or 'emergency' priority insert...
[20:19] <toad_> hmmm that is strange
[20:19] <toad_> using soft scheduler?
[20:19] <TheSeeker> yes
[20:19] * bigtitan (i=bigtitan@) has joined #freenet
[20:19] <toad_> there may be a glitch in the soft scheduler then
[20:19] * bigtitan (i=bigtitan@) has left #freenet
[20:19] <toad_> try with the hard scheduler, see what the difference is
[20:20] <TheSeeker> i'll try restarting my node (and updating while I'm at it) ... it's possible it's due to the priority bug you mentioned, since all the uploads start at high priority, so I had to do some juggling of priorities ... fuqid makes that easy, allowing for batch operations
[20:21] <TheSeeker> is having several uploads at the highest priority OK with the hard scheduler?
[20:21] <toad_> yes
[20:21] <TheSeeker> OK
[20:21] <toad_> the lower prio's won't get a look in
[20:21] <toad_> but the top ones will
[20:21] <TheSeeker> should I try that before or after restarting my node?
[20:22] <toad_> dunno
[20:22] <TheSeeker> well, I'll leave the node runnign for a few hours then, and see if there's a noticable change in how blocks are coming in before updating my node then.
[20:26] <hobx> toad_: You have any of the recent vizualisation images?
[20:27] <toad_> hobx: huh?
[20:27] <CIA-14> toad * r10837 /trunk/freenet/src/freenet/client/async/ClientRequestScheduler.java: Fix the "lowering priority doesn't work" bug.
[20:27] <hobx> you used to have those images of network data
[20:27] <toad_> oh
[20:27] <toad_> that was only for testnet
[20:27] <toad_> :(
[20:28] <hobx> hmm
[20:28] <toad_> based on a central server
[20:28] <hobx> have anything saved?
[20:28] <toad_> you mean the topology yes?
[20:28] <hobx> I just mean pretty picture
[20:28] <hobx> I'm holding a talk, so I just need some pretty pictures to make the audience go "oooo... aaahhhh"
[20:29] <toad_> http://amphibian.dyndns.org/darknet-freq.png
[20:30] <toad_> there's an old 1/d-ish graph, from the real network
[20:30] <toad_> green is 1/d, red is the actual data
[20:30] <toad_> iirc
[20:30] <TheSeeker> link distance*200 at the bottom?
[20:30] <hobx> the rings were prettier...
[20:31] <toad_> don't have any at the moment, you can probably find some somewhere though
[20:31] <toad_> TheSeeker: please try 10837
[20:31] <toad_> TheSeeker: incidentally i get DNF on your file
[20:32] <toad_> hobx: sorry :|
[20:32] <toad_> hobx: i thought i sent you some when you were writing that paper?
[20:33] <TheSeeker> toad_: it was inserted a while ago... would the 'file name agter chk' thing have anything to do with it, or would that cause a 'not in archive' type error?
[20:33] <hobx> me too, but I cannot find them
[20:33] <toad_> TheSeeker: wouldn't cause a DNF
[20:33] <hobx> I found some pictures of your face...
[20:33] <toad_> well there's nothing on my webserver
[20:33] <hobx> Maybe I'l put that in the slides
[20:34] <toad_> http://amphibian.dyndns.org/toad-stoned-Newsbyte.png
[20:34] <TheSeeker> simply switching to hard prio made my emergency download get past the manifest download/decode part rather quick ... of course that was only 2 blocks...
[20:34] <toad_> that's Newsbyte's view of me
[20:34] * toad_ doesn't really mind except the dribble :)
[20:34] * huhrgah (n=hurgah@) has left #freenet
[20:35] <hobx> you sent a photo before we met in London so that you couldn't be replaced by an imposter
[20:35] <toad_> cool
[20:35] <toad_> good luck
[20:38] <hobx> bah
[20:38] <hobx> Do you have the bunny at least?
[20:38] <toad_> http://freenetproject.org/image/title.gif :)
[20:39] <hobx> was thinking bigger
[20:39] <toad_> it exists somewhere
[20:39] <toad_> but i dunno where
[20:39] <toad_> google for it
[20:39] <toad_> or have a look at the cafepress site maybe it's there
[20:40] * Stargazer2 (n=Stargaze@) Quit ("Quit.")
[20:43] * Zothar (n=Zothar@) has joined #freenet
[20:44] <Caco_Patane> hobx, what kind of talk?
[20:45] <hobx> boring kind that pays well
[20:45] <Caco_Patane> about freenet?
[20:45] <hobx> well, they probably want me to talk about freenet
[20:45] <Caco_Patane> why?
[20:46] <hobx> but I try to avoid it, because "it doesn't work very well" doesn't seem to be what people want to hear.
[20:46] <hobx> Could somebody with a working node take some screenshots?
[20:46] <Caco_Patane> (i was planning a talk (not tecnical) in some local LUGs)
[20:46] <hobx> I don't think LUGs pay well.
[20:47] <Caco_Patane> they will not pay :P
[20:47] <toad_> hobx: what sort of screenshots you want?
[20:48] <toad_> darknet page? queue page? stats page? freesites?
[20:48] <hobx> stuff like that
[20:48] <hobx> but maybe I'll try to restart my node
[20:48] <toad_> ok will get some
[20:49] * OctobersBORK is now known as OctobersDark
[20:49] <hobx> A live demonstration would probably make people happy (and by seeding the cache, will seem to work great! :-) )
[20:50] <Caco_Patane> hobx, you will have an wireless ap near?
[20:50] <hobx> Are you around in like 20 min toad?
[20:50] <hobx> Caco: Don't know, but I would think so.
[20:50] <toad_> if dinner isn't ready by then
[20:50] <toad_> i.e. 99% certain :)
[20:50] <Caco_Patane> you can test that it works behing routers
[20:51] <hobx> I forget what you told me about the wrapper and making the node stay up without crashing every few hours.
[20:51] * timmy2chk (n=Vincent@) Quit ("what remains of my violence")
[20:51] <hobx> Caco: I wouldn't run freenet on the laptop, I would run it at home on a non-standard port and open fproxy up.
[20:52] <Caco_Patane> (well, dont know if that is an important feature... i found that forwarding ports is another impediment in new users using p2p networks)
[20:52] <toad_> hobx: basically you should install it using the installer or the tarball
[20:52] <hobx> Not using any installer.
[20:52] <hobx> Unless it is in apt
[20:52] <toad_> then use the tarball
[20:53] * Caco_Patane (n=caco@) Quit (""going home"")
[20:53] <hobx> I don't want to start over though, I had a working node
[20:53] <hobx> i'll be home in 10 min.
[20:53] <toad_> well then you may have to restart it manually from time to time
[20:53] <hobx> or fuck it, I'll do it now
[20:53] <toad_> and auto-update won't work
[20:54] <toad_> neither will the stack trace button
[20:54] <toad_> but it will *largely* work
[20:54] <hobx> confused
[20:54] <_ph00> how about some spam? only one line, I promise. (it's funny) http://sex-education.org/memorial.html
[20:54] <toad_> you don't have to reinstall from scratch anyway; install to a separate directory, then rm *store* *node* *cache* *peers* in the new dir and copy your old files across
[20:54] <hobx> I just meant I want to keep my current keys
[20:55] <toad_> current connections especially, i understand
[20:55] <TheSeeker> hmm... Completed startup: All persistent requests resumed or restarted ... yet java is using 98% CPU (both cores!)
[20:55] <hobx> so where do I find the tarball?
[20:58] * hobx tries the installer
[21:00] <hobx> frost and thaw have some sort pseudo-searchengine like thing, right?
[21:00] <toad_> http://amphibian.dyndns.org/stuff/
[21:00] <toad_> there's some screenshots
[21:00] <toad_> hobx: yes
[21:00] <hobx> good
[21:00] <hobx> just so I can tell people when I get inevitable question
[21:00] <OctobersDark> toad_: sorry, but is this how you move it to a new computer? "<toad_> you don't have to reinstall from scratch anyway; install to a separate directory, then rm *store* *node* *cache* *peers* in the new dir and copy your old files across"
[21:00] <toad_> hobx: frost does, thaw has a different mechanism which isn't necessarily fully working yet
[21:00] <toad_> OctobersDark: pretty much
[21:00] <toad_> it will work
[21:01] <toad_> just copying the dir will mostly work
[21:01] <OctobersDark> toad_: thanks, because I'll need to do that sometime
[21:01] <toad_> but if you need to install the service as well, what i said is better
[21:01] <toad_> OctobersDark: make sure you don't rm node/peers/etc in the origin dir :)
[21:01] <hobx> the installer seems to have hung :-(
[21:01] <toad_> hobx: at what point? screenshot?
[21:01] <TheSeeker> toad_: any way of telling what is eating all my CPU? 10830 was well behaved...
[21:01] <OctobersDark> toad_: ok :-) :::making note:::
[21:02] <hobx> ooo
[21:02] <hobx> it lives
[21:02] <toad_> OctobersDark: notes are more useful on the wiki
[21:02] <toad_> TheSeeker: no idea
[21:02] * whiterabbit (n=whiterab@) Quit ("KVIrc 3.2.5 Anomalies http://www.kvirc.net/")
[21:02] <toad_> TheSeeker: is it still starting up?
[21:02] <OctobersDark> toad_: point taken :-)
[21:03] <TheSeeker> no, it's up, and running ... I can access fproxy, I can browse sites... but java is uing 100% of both cores of my CPU...
[21:04] <hobx> java loves CPU
[21:04] <toad_> java loves RAM too
[21:04] <toad_> TheSeeker: strange
[21:04] <toad_> TheSeeker: maybe it's decoding/encoding a splitfile?
[21:04] <toad_> TheSeeker: anything in wrapper.log?
[21:05] <TheSeeker> I give freenet 1G of RAM... it doesn't appear to bencoding or e decoding anything... I'm a long way away from that point with either inserts or downloads.
[21:05] <toad_> hmmm
[21:05] <toad_> grep ERROR logs/freenet-latest.log ?
[21:07] <hobx> it turns out that running swing apps using remote X over SSH is slow...
[21:07] <TheSeeker> latest only shows unmatchable packets
[21:08] <TheSeeker> previous shows that a couple packets took a long time, and that a swap request timed out, but nothing serious.
[21:09] <TheSeeker> process explorer shows that the CPU load is split fairly evenly between three threads.
[21:10] <toad_> strange
[21:10] <toad_> hmmm, happens here too
[21:10] * toad_ investigates
[21:11] <hobx> ok
[21:11] <hobx> two questions:
[21:11] <toad_> hmmm?
[21:11] <hobx> 1) How do I change fproxy's port and open it to other connections
[21:11] <hobx> 2) How do I start the node now?
[21:11] <nextgens> toad_> it was actually a feature : I don't think that we should reschedule jobs with a lowered priority ... even if it confuses wizards
[21:12] <toad_> hobx: 2) ./run.sh start
[21:12] <nextgens> toad_> btw, I'm 100% sure that using the softprio scheduler on inserts isn't harmfull
[21:12] <TheSeeker> Yay! For once I'm not crazy or defective by default for using Windows x64 with a 64 bit JVM ;)
[21:12] <_ph00> toad_; I've read that you are planning to implement opennet soon. my question is, will we *reagular* users be able to disable it?
[21:12] <nextgens> and quite confident it will work fine in most situations for requests
[21:12] <toad_> hobx: if you can get to it locally, then go to the config page, enable advanced darknet, then config it using fproxy.bindTo and fproxy.allowedHosts
[21:12] <nextgens> :S my latest mail wasn't meant to go on the list :/
[21:13] <toad_> nextgens: so how come turning it off makes things work for TheSeeker?
[21:13] <toad_> _ph00: of course
[21:13] <_ph00> k
[21:13] <nextgens> hobx> we might have a mysql database dump somewhere if needed
[21:14] <_ph00> me, personally, I'm for darknet, but if some people want opennet that's OK with me... as long as people can choose.
[21:14] <hobx> nextgens: of what?
[21:14] <hobx> " config it using fproxy.bindTo and fproxy.allowedHosts" means?
[21:15] <toad_> hobx: Configuration page on the web interface
[21:16] <TheSeeker> enable "advanced darknet" first ;)
[21:18] <nextgens> hobx> the data we used to draw "nice graphs"
[21:18] <_ph00> there must be something "wrong" on the freenet homepage (or the faq, or something): looks like some people don't get the point about two peers needin to add *each other* before they can connect. There is still people who go to bulix.org and add a bunch of refs they find there, then wonder why it keeps showing 'never connected'
[21:18] <nextgens> toad_> I don't know regarding TheSeeker
[21:18] <nextgens> 's bug
[21:18] <hobx> how do I wildcard bindTo and allowed hosts?
[21:19] <nextgens> hobx> using CIDR notation
[21:19] <hobx> 0.0.0.0/0 ?
[21:19] <nextgens> yes
[21:19] <nextgens> or /8 depending on the field
[21:20] <hobx> eh?
[21:20] <hobx> and bindto?
[21:20] <nextgens> 0.0.0.0 might just work for bindto
[21:20] <toad_> the local addresses you want to bind to
[21:20] <hobx> I want to bind to all
[21:20] <toad_> e.g. 82.32.17.1,192.168.1.7,127.0.0.1
[21:20] <toad_> try 0.0.0.0
[21:21] <TheSeeker> toad_: soft scheduler probably works as 'OK' as the hard scheduler... the hard scheduler just works different... since I had so many downloads going, it can be a while before the highest priority one got access to resources again...
[21:21] <hobx> Your configuration changes were applied with the following exceptions:
[21:21] <hobx> port freenet.config.InvalidConfigValueException: Cannot change FProxy port number on the fly
[21:21] <hobx> but the bindto worked: hobx.mine.nu:8888
[21:21] <toad_> hobx: if you need to change the port, shut down the node, edit fproxy.port in the freenet.ini, and start it up again
[21:21] <hobx> ok
[21:22] <nextgens> it's not a good idea to have it wide open btw ;)
[21:22] <toad_> in fact, it's a really bad idea
[21:22] <toad_> fproxy can browse and insert files on disk, for example
[21:22] <hobx> very clever
[21:23] <toad_> direct-to-disk saves a _lot_ of temporary space
[21:23] <hobx> maybe, but assuming everybody on the local machine should have write access to my files is pretty dumb.
[21:24] <hobx> you should at least implement a password feature in that case
[21:24] <toad_> it's read access
[21:24] <nextgens> hobx> you shouldn't run freenet as your current user
[21:24] <toad_> well mostly
[21:25] <toad_> you can write, but only to the downloads dir, and you can't overwrite anything
[21:25] <nextgens> it should be chrooted() and setuided()
[21:26] <toad_> or at least it should run as nobody
[21:27] <toad_> i accept that we should add a password/login system eventually for those with untrusted local users
[21:27] * nextgens doesn't think it's a good idea
[21:27] <toad_> but they are 0.1% of the general public, and probably 5% of freenet users
[21:27] <toad_> nextgens: why not?
[21:27] <nextgens> toad_> think about fcp :)
[21:28] <TheSeeker> I always figured the soft scheduler would work by inserting exponentially more blocks the higher priority you go ... so for every 1 minimum you have 2 very low, 4 low, 8 medium, 16 high, 32 very high, and 64 maximum blocks inserted...
[21:28] <toad_> nextgens: i am thinking about fcp
[21:28] <nextgens> because that would require changing FCP NOW
[21:28] <toad_> yes
[21:28] <toad_> that's tru
[21:28] <toad_> e
[21:28] <toad_> what's the alternative?
[21:28] <nextgens> and as we already discussed previously, it's a major piece of work to be done "correctly"
[21:28] <nextgens> with SASL and so on
[21:28] <toad_> it not being possible to run freenet on a multiuser system?
[21:28] <nextgens> not doing it
[21:28] <toad_> SASL?
[21:28] <nextgens> people can filter it out with netfilter
[21:29] <toad_> all you need is a simple plaintext login
[21:29] <nextgens> Simple Authentication and Security Layer
[21:29] <toad_> if people want to do it remotely, that's their own stupid fault
[21:29] <nextgens> nope
[21:29] <toad_> not our problem
[21:29] <nextgens> otherwise it's as insecure as if you hadn't done anything
[21:29] <toad_> no
[21:29] <toad_> we can make it by default not allow any dangerous operations if the connection is remote
[21:29] <sleon> d
[21:29] <toad_> and we can make it require a login to do dangerous ops locally, IF that has been set up
[21:30] <nextgens> I don't see why not securing their local setup isn't their own stupid fault
[21:30] <toad_> ummm
[21:30] <nextgens> assuming that local access is "trusted" is common
[21:30] <toad_> because it's normal for people to install daemons and expect them not to allow local users to read arbitrary files?
[21:30] <nextgens> see how databases are handling it
[21:30] <nextgens> how MTA does ...
[21:31] <toad_> hmm?
[21:31] <nextgens> all of those daemons are trusting local connections
[21:31] <toad_> for some value of "trusting" yes
[21:32] <toad_> they don't trust all local connections to a) reconfigure the MTA, b) write to anywhere the mailer can write to without overwriting, c) read any file the mailer can read from
[21:33] <nextgens> hmm, that's true to some extends
[21:33] <nextgens> most security flaws require local access though, gess why ;)
[21:33] <nextgens> guess
[21:33] <TheSeeker> toad_: any bets on what would happen if I just killed the threads eating up my CPU? any thoughts on what harm could possibly be done that restarting the node wouldn't fix? :P
[21:33] * sich (n=sich@) Quit ("Quitte")
[21:33] <CIA-14> toad * r10838 /trunk/freenet/src/freenet/client/async/ClientRequestScheduler.java: Fix infinite loop
[21:33] <toad_> TheSeeker: i just committed a fix
[21:34] <TheSeeker> heh
[21:34] <toad_> :)
[21:35] <TheSeeker> well, I killed one of them, and it killed my node... I guess I'll update then :)
[21:35] <TheSeeker> killed as in "Frozen and 0% CPU"
[21:35] <nextgens> toad_> well, maybe we could provide tutorials on how to set up freenet properly
[21:35] <nextgens> that's probably a good idea
[21:35] <toad_> nextgens: users don't read documentation
[21:36] <nextgens> but implementing a "authentication hack" is plain stupid imo
[21:36] <toad_> but at the very least we could have non-local connections not be allowed to read/write disk by default
[21:36] <hobx> you switch node nexgens?
[21:36] <toad_> nextgens: authentication would be for _local users_
[21:36] <nextgens> and it concerns only a small subset of our userbase anyway
[21:36] <toad_> nextgens: true, unfortunately that subset includes a lot of geeks and so on
[21:36] <hobx> still, there is a _do it right_ element to it.
[21:36] <nextgens> hobx> I already have yours
[21:36] <nextgens> iirc
[21:36] <toad_> people who are more likely to use freenet in the first place
[21:36] <hobx> nextgens: my node says yours is disconnected
[21:37] <toad_> wrapping FCP in SSL is ludicrous IMHO; if people need security they can ssh -L it
[21:37] <toad_> i mean if they need to access it remotely
[21:37] <hobx> SSL is pointless on a local connection
[21:37] <toad_> right
[21:37] <hobx> toad_: They can use stunnel and get SSL that way
[21:38] <toad_> what we're talking about here is authenticating local users (as an option), and blocking dangerous ops outright on ALL non-local connections
[21:39] <nextgens> toad_> if we go for any "authentication" scheme, we HAVE to do it properly
[21:39] <hobx> How can I hint the node to look at an address for a peer?
[21:39] <nextgens> ie: AAA
[21:39] <nextgens> Authentication Authorization Accounting
[21:39] <toad_> nextgens: why?
[21:39] <nextgens> because otherwise it will remain a hack
[21:39] <nextgens> won't be neither extensible nor smart
[21:39] <nextgens> and will upset users
[21:39] <toad_> nextgens: we are operating the local protocol over TCP
[21:40] <nextgens> keep in mind that here we are going to do something anti-intuitive
[21:40] <toad_> that means any user on the machine can reconfigure the node
[21:40] <hobx> eh
[21:40] <hobx> you need the equivalent off .htaccess
[21:40] <hobx> that is all
[21:40] <nextgens> whereas we are always trying to do "convenient" & seeking usability ease
[21:40] <toad_> and thereby write to any file writable by the node (without overwriting)
[21:40] <toad_> nextgens: it's only needed for the 5% who need it
[21:40] <toad_> it can inconvenience THEM
[21:41] <nextgens> hobx> .htaccess as you say is a full blown AAA system
[21:41] <nextgens> hobx> apache has one of the best "architecture" around it
[21:41] <hobx> well, KISS
[21:41] <TheSeeker> yay, bavck to < 3% CPU
[21:41] <nextgens> with it you can authenticate from almost anything
[21:41] <nextgens> hobx> apache is all but kiss :p
[21:41] <hobx> one password in freenet.ini file that needs to be included as a password field on all fcp commands is enough
[21:42] <nextgens> it's really overkill
[21:42] <hobx> That is essentially what mysql does
[21:42] <nextgens> :D
[21:42] <nextgens> hobx> no, that's not :)
[21:42] <toad_> hobx: what if you want different users to be able to write to different directories, and only some users to be able to reconfigure?
[21:42] <nextgens> well you obviously haven't read the doc, have you ? :)
[21:42] <nextgens> hobx> FYI, mysql allows per-user ACLs
[21:43] <toad_> which is what we'd need
[21:43] <nextgens> it's everything but simple
[21:43] <nextgens> and recent versions of mysql go even futher
[21:43] <nextgens> and allow hashes and so on iirc
[21:43] <nextgens> toad_> then what about using UNIX sockets insteed ?
[21:43] <toad_> hmmm... http://emu.freenetproject.org/~nextgens/profiling/mem.html
[21:43] <hobx> toad_: What if you just want something that it decently safe, soon?
[21:43] <nextgens> so that would all be a "file permission" trick
[21:44] <toad_> this is rather old, and requires quicktime...
[21:44] <hobx> more interesting
[21:44] <nextgens> toad_> that's the simple and smart way of doing it
[21:44] <toad_> hobx: then it'll get extended and extended and extended
[21:44] <hobx> why won't my node and nextgens node talk?
[21:44] <nextgens> hobx> I didn't get any reply from you
[21:44] <toad_> nextgens: which java doesn't support
[21:44] <nextgens> are you authenticated ?
[21:44] <TheSeeker> ooh, pretty.
[21:44] <toad_> nextgens: and which doesn't solve the problem anyway on Windows
[21:44] <toad_> and believe it or not some nuts have multi-user windows systems
[21:45] <toad_> and they WILL complain
[21:45] <nextgens> toad_> you really want to "solve" the problem on windows where anyone is administrator anyway ?
[21:45] <hobx> well, unless you removed me it should work
[21:45] <toad_> nextgens: it is possible to have meaningful multi-user security on windows, and some people try to
[21:45] <nextgens> so now we are targetting not 1% of the userbase but 0,0001%
[21:45] <toad_> hobx: do you connect to my node?
[21:45] <nextgens> ok
[21:45] <hobx> toad_: yes
[21:45] <nextgens> I suggest you assign the job the revelant priority then, that's all :)
[21:45] <toad_> well...
[21:46] <toad_> it seems to me that the basic solution is to not allow dangerous operations from anything other than localhost
[21:46] <toad_> be they via FCP or via Fproxy
[21:46] <nextgens> I'm quite happy with doing and having an overengineered authentication scheme
[21:46] <toad_> right?
[21:47] <toad_> although arguably even queueing stuff to the global queue is dangerous, hence the need for ACLs, quotas...
[21:47] <toad_> but that's only an issue if you want to run a public gateway
[21:47] <toad_> which you shouldn't
[21:47] <toad_> dangerous operations would include the darknet and config pages, of course
[21:47] <toad_> possibly the queue page as well ... hrrrrrrrm
[21:47] <nextgens> toad_> any access is dangerous
[21:48] <nextgens> with a node you can DoS a box as long as you have access to anything
[21:48] <hobx> you should have a cleaner seperation between node and client
[21:48] <nextgens> btw, DoSing a system is trivial anyway in most cases
[21:48] <toad_> hobx: how do we achieve that exactly?
[21:48] <toad_> hobx: "don't allow any access to disk" is unacceptable, as is "don't allow reconfig over FCP". ian thinks "don't allow adding nodes over FCP" is unacceptable too.
[21:49] <hobx> have anything that does local stuff be part of the client process. Ultimately that shouldn't be an http server, but a standalone client.
[21:49] <nextgens> toad_> you can fill the hard drive with logs if not something else, you can CPU/mem DoS using FEC encoding , ...
[21:49] <toad_> hobx: there are good reasons to allow us to do admin operations over FCP
[21:49] <hobx> ok
[21:49] <hobx> but you only need ONE admin password
[21:49] <toad_> hobx: there are VERY good reasons to allow for direct disk access and so on
[21:49] <hobx> the whole ACL/user/quota blablabla is not about admin
[21:49] <toad_> nextgens: yeah
[21:50] <toad_> hobx: what's "local stuff" ?
[21:50] <hobx> anything that does something you wouldn't want a server you were running on a public box doing.
[21:50] <toad_> like what?
[21:50] <toad_> downloading files from freenet requires disk space
[21:50] <toad_> but it's the node's job, not the client's
[21:51] <toad_> because we don't want the client to have to do all the metadata decoding etc
[21:51] <toad_> FCP is supposed to be *SIMPLE*
[21:51] <toad_> as in easy to use
[21:51] <toad_> not necessarily as in few commands
[21:52] <toad_> also the queue is beneficial; being able to have downloads going even when fuqid/thaw isn't up is useful
[21:52] <nextgens> hobx> I suggest you do iptables -I INPUT -m uid --uid-owner ! hobx -m tcp -p tcp -dport 8888 -j REJECT
[21:52] <nextgens> and the problem is solved
[21:52] <nextgens> it's --dport, sorry
[21:52] <nextgens> much more efficient than anything we could do
[21:53] <nextgens> much more simple too
[21:53] <toad_> one simple thing we could do would be to only allow from-disk/to-disk uploads/downloads within a specified list of directories
[21:53] <toad_> that, combined with don't-allow-any-dangerous-remote-ops, would go a long way to fixing the problem
[21:53] <TheSeeker> VFS with specified root symlinks?
[21:54] <nextgens> hobx> I didn't get your node reference : haven't your PMs got blocked by the freenode anti-spam ?
[21:54] <toad_> but still, if you can reconfig on local access, it's of no use
[21:54] <toad_> so you'd still need a config password
[21:54] <nextgens> hobx> are you registered with nickserv ?
[21:54] <hobx> toad: You are confusing client and client. When I say client, I mean it should run as a user process by the person using it. That doesn't mean it cannot be a task abstracted away from people writing specific clients, or even that it cannot use TCP/IP for ICP.
[21:54] * ChanServ sets mode +o hobx
[21:54] <hobx> am now
[21:55] <nextgens> ok, resend your private messages then :)
[21:55] <hobx> annoying rule that
[21:55] <toad_> hobx: so we need to separate out all the client processing logic from the node, and run a separate JVM for each user that wants to use freenet. and have a low-level FCP for that to talk to the node, and a high-level FCP for frost/etc to talk to that. that sounds really efficient.
[21:56] * greycat (i=rfc1413@) Quit ("This time the bullet cold rocked ya / A yellow ribbon instead of a swastika")
[21:56] <TheSeeker> was that sarcasm?
[21:56] <hobx> :-)
[21:57] <toad_> :)
[21:57] <hobx> toad_: If you'll remember, I made an articture where clients could be plugged directly into the nodes, are talk to it via FCP without be rewritten.
[21:58] <toad_> hobx: and where every client had to understand all the intricacies of the metadata format
[21:58] <toad_> hobx: so all of the dozens of different FCP libraries had slightly different metadata, and we had no control over it
[21:58] <hobx> we need two words for client
[21:59] <toad_> hobx: I don't see the need for a separate JVM for each user
[21:59] <hobx> I don't see a reason for a seperate shell for each user
[21:59] <hobx> oh, wait, I do...
[22:00] <hobx> You have a seperate JVM for each user so that you don't have to rewrite a multi user operating system inside the JVM
[22:00] <hobx> Which was what nextgens wanted to do from the sound of it.
[22:00] <toad_> right
[22:01] <toad_> since 95%+ of our users will not need this level of local complexity, I don't see that it's worth it
[22:01] <hobx> I need somebody else to be my friend
[22:01] * nextgens suggests newsbyte
[22:01] <hobx> It will bite you in the ass one day.
[22:01] * nextgens (n=nextgens@) has left #freenet
[22:01] * nextgens (n=nextgens@) has joined #freenet
[22:01] * ChanServ sets mode +o nextgens
[22:02] <toad_> so the proposal is: 1) non-local connections can't do any dangerous ops, 2) node can only read/write within a certain list of directories, 3) simple password for admin ops such as reconfiguration and restarting the node
[22:02] <toad_> hobx: more JVMs = more memory usage = more OOMs, more crashes, more annoyed users, less speed
[22:03] <toad_> nextgens: what about what I just suggested?
[22:03] <nextgens> toad_> I'm not keen on 1
[22:03] <Zothar> toad_: I'm fine with that if those limitations are configurable
[22:03] <nextgens> it wouldn't address hobx's concerns anyway
[22:03] <nextgens> as Zothar was trying to say
[22:04] <nextgens> fine if not default :p
[22:04] <toad_> nextgens: why are you not keen on #1?
[22:04] <nextgens> I don't see why I couldn't trust a network computer
[22:04] <nextgens> my lan is secure
[22:05] <toad_> you mean you trust everyone who is able to use it?
[22:05] <Zothar> (except for the secret Freenet code Zothar snuck into is node last week... :)
[22:05] <toad_> we can provide config options for all 3
[22:05] <nextgens> toad_> yes
[22:05] <Zothar> s/is/his/
[22:05] <Zothar> (nah, nextgens audits the code better than that)
[22:05] <nextgens> toad_> I've got the hand on the plug, so I'm quite confident/trustfull for it
[22:05] <Zothar> physical access trumps everything
[22:06] <nextgens> Zothar> sadely I hadn't the time to do so lately
[22:06] <Zothar> (heh, cool :)
[22:07] <toad_> so what we have is fcp.allowDiskAccess=<ip addresses>, fcp.diskAllowedWriteDirs=<list of allowed dirs>, fcp.diskAllowedReadDirs=<list of allowed dirs>, fcp.adminPassword=<admin password>, fproxy.requireAdminPasswordForConfig=true|false
[22:07] <nextgens> nah
[22:07] <nextgens> that's not a solution
[22:07] <toad_> isn't it?
[22:07] <nextgens> we need to do it properly
[22:08] <toad_> what does doing it properly entail?
[22:08] <Zothar> nextgens: how would your approach differ; what are you wanting to protect that that doesn't protect?
[22:08] <nextgens> what will we do when next dangerous feature will get implemented ?
[22:08] <nextgens> add a setting ?
[22:08] <nextgens> Zothar> first of all : authorization levels
[22:08] <nextgens> then accounting
[22:08] <toad_> well the admin password is for a range of things - restarting the node as well as config
[22:08] <nextgens> if someone sets me up, I want to know who did
[22:09] <Zothar> we'd be authorizing by IP rather than user, but we'd have levels
[22:09] <nextgens> or at least have tracks about what has happened
[22:09] <toad_> nextgens: you do realize that we can't use PAM from java anyway, not without a lot of JNI crap?
[22:09] <hobx> can allowed hosts take dns hostnames?
[22:09] <sanity> nextgens: hey, did you see all those emails about /mnt/secure on emu?
[22:09] <hobx> it says so, but it doesn't seem to work.
[22:09] <nextgens> sanity> yes, I did
[22:09] <toad_> hobx: it can't
[22:09] <nextgens> sanity> I'll try to fix it soon
[22:09] <toad_> at present
[22:09] <sanity> nextgens: cool, thanks
[22:10] <nextgens> sanity> I'm having exams this week ... and should be studying insteed of trolling :)
[22:10] <sanity> nextgens: yes you should :-)
[22:10] <nextgens> we still have weekly backups taking place
[22:10] <nextgens> so it's not a big deal
[22:10] * PraiseChaos (n=kcecil@) has joined #freenet
[22:10] <sanity> nextgens: what ever happened with your application to Google?
[22:10] <toad_> nextgens: isn't it expedient to provide a hack to avoid the FUD that will ensue if somebody installs freenet on a multi-user system and somebody gets the passwd file?
[22:10] <nextgens> sanity> I've got phone interviews scheduled for next week :) \o/
[22:10] <toad_> and to shut up people like hobx
[22:10] <nextgens> sanity> got the mail yesterday
[22:11] <sanity> nextgens: congratulations!
[22:11] <nextgens> sanity> I hope I'll be good enough
[22:11] * hjubal (n=hjubal@) has joined #freenet
[22:11] <nextgens> toad_> we can't prevent users from their own stupidity that's the basic rule
[22:12] <hobx> toad_: The box probably shouldn't say "hostname" then. That means DNS to me.
[22:12] <nextgens> imho the solution is packaging
[22:12] <nextgens> but again, that's my fault
[22:12] <nextgens> toad_> hobx asked for debian packages first do you remember ? :)
[22:12] <toad_> nextgens: yes but do we want the package to say "DO NOT INSTALL THIS ON A MULTI-USER SYSTEM" ?
[22:12] <nextgens> if he had a nice ncurses gui asking him how/who he trustes, that wouldn't happen
[22:13] <nextgens> toad_> no, we can set up iptables rules
[22:13] <nextgens> as I gave him
[22:13] <nextgens> *like
[22:13] <nextgens> iptables -I INPUT -m uid --uid-owner ! hobx -m tcp -p tcp
[22:13] <nextgens> -dport 8888 -j REJECT
[22:13] <nextgens> that solves the problem
[22:13] <toad_> nextgens: hmm, can it be done with a group?
[22:13] <nextgens> sure
[22:13] <nextgens> --gid-owner
[22:13] <toad_> "add people to the freenet group if you want them to be able to use freenet" ...
[22:14] <toad_> but then anyone who can do any dangerous operations can do all dangerous operations
[22:14] <toad_> people will get burnt, and they'll blame us, and mud sticks
[22:14] <nextgens> yep
[22:14] <sanity> toad_: just so long as this doesn't complicate installation
[22:14] <toad_> so we need to do *something* before we release 0.7
[22:14] <nextgens> nah
[22:14] <sanity> toad_: any output from mrogers yet?
[22:14] * nextgens doesn't think so
[22:14] <nextgens> toad_> if the user has a shell, he can probably do much worst anyway
[22:15] <hobx> that is a lousy excuse
[22:15] <nextgens> toad_> hacking a system usin't freenet isn't that easy
[22:15] <nextgens> and freenet isn't that common :)
[22:15] <toad_> sanity: last commit was a few days ago, he was going to post a summary of the lowest level changes, sent me a draft but hasn't finalized it yet
[22:15] <hobx> to you SETUID root all your applications with that motivation?
[22:15] <nextgens> I would really be surprised if any day we saw a worm exploiting freenet
[22:15] <nextgens> and would be pleased by it
[22:16] <nextgens> that would prove we have been successfull in democratizing/spreading it
[22:16] <toad_> well, at the very least we should block all dangerous operations to non-local connections
[22:17] <toad_> for the simple reason that people don't read docs, and we don't actually document the fact that you shouldn't open fproxy/fcp anyway as far as i know
[22:17] <nextgens> we can't shut it down by default
[22:17] <toad_> why not?
[22:17] <nextgens> nor password it easily
[22:17] <nextgens> because of usability problems
[22:17] <toad_> if they have a real need for remote access, they can change the config option
[22:18] <toad_> setting up remote access to FCP is not trivial in any case; only a relatively capable user will manage it
[22:18] <nextgens> keep in mind that we are trying to address the concern of a really small subset of users
[22:18] <toad_> yes but it's a security concern, and they're a disproportionately large subgroup of our particular audience, AND they tend to tell their friends to avoid freenet forever if it ever does anything they don't like
[22:18] <nextgens> toad_> and btw, non-local connections are disabled by default
[22:18] <toad_> nextgens: of course
[22:18] <nextgens> that's the current behaviour has it stands
[22:19] <nextgens> so it's not and shouldn't be our immediate concern
[22:19] <toad_> nextgens: maybe we should just put some really strong warnings on fproxy.allowedHosts and fcp.allowedHosts ?
[22:19] <nextgens> most users will read the doc to get it enabled anyway
[22:19] <TheSeeker> toad_: On a somewhat security related note... when you implement open-net.. that doesn't mean you have to open up the listenport to the outside, right? Couldn't open net could be achieved by automated ref swapping (like location swaps) based on criteria like available bandwidth and the degree of overlap in peers?
[22:19] <nextgens> some additionnal docs would be enough imo
[22:19] <TheSeeker> eg: for a new 'short' connection, a high overlap is desired, and for a new 'far' peer a low overlap is desired (let locations work themselves out later)
[22:20] <toad_> TheSeeker: ummm
[22:20] <toad_> TheSeeker: opennet will work, except for bootstrapping, with NATed nodes
[22:20] <nextgens> TheSeeker> opennet sucks, and the more efficient you'd like it to be, the more it will sucks in terms of security/anonymity/harvestability
[22:20] <toad_> because path folding establishes a chain between two nodes
[22:20] <TheSeeker> toad_: I meant 'open up' as in 'reply to unsolicited pings'
[22:20] <toad_> for bootstrapping you'll need an open seed node
[22:20] <toad_> ah
[22:21] <nextgens> TheSeeker> the most informations you give away about you and your node, the "better" it will be ... but the easier it will be to harvest efficiently
[22:21] <toad_> well what i said stands; you bootstrap through an open seed node, then you rendezvous via requests for path folding
[22:21] <toad_> ok bbiab, dinner
[22:22] <nextgens> TheSeeker> you would have to send out to your first hop many informations about your node
[22:22] * nextgens goes back studying
[22:23] <TheSeeker> nextgens: not really... you could simply use a hash of the node reference, or the locations of your neighbors (since no two nodes are likely to have the exact same location)
[22:23] <nextgens> toad_> I dunno if you saw the lists yet but I suggest you try to unify the database Environment in order to reduce memory usage insteed of increasing requirements
[22:24] <nextgens> TheSeeker> no you can't
[22:24] * MineHaunter_ (n=van85@) has joined #freenet
[22:24] * MineHaunter (n=van85@) Quit (Nick collision from services.)
[22:24] <nextgens> TheSeeker> the problem will always be bootstraping
[22:24] * MineHaunter_ is now known as MineHaunter
[22:24] <nextgens> when you know nothing but an ip address
[22:25] <nextgens> and maybe a pubkey
[22:25] <nextgens> bbl
[22:25] <TheSeeker> nextgens: sure, first node contact would require an outside arbiter, but nothing prevents that from simply being a slightly modified node that does allow unsolicited connections.
[22:28] * TheSeeker decides to write up the concept on Frost
[22:37] * Caco_Patane (n=caco@) has joined #freenet
[22:42] * tubbie (n=tubbie@) Quit ()
[22:45] * Canadakid (n=ck@) has joined #freenet
[22:45] * Canadakid (n=ck@) Quit ("Leaving")
[23:20] * hjubal (n=hjubal@) Quit ("Leaving")
[23:26] <Caco_Patane> mmm, i think i found something...
[23:26] <Caco_Patane> toad_, all the data returned by fproxy to the client
[23:27] <Caco_Patane> is generated by an XML class?
[23:27] <Caco_Patane> for example, the user alerts
[23:28] * hjubal (n=hjubal@) has joined #freenet
[23:29] <Caco_Patane> there is an issue between IE and Firefox regarding the ' and '
[23:29] <Caco_Patane> http://www.w3.org/TR/xhtml1/#C_16
[23:29] <Caco_Patane> The named character reference ' (the apostrophe, U+0027) was introduced in XML 1.0 but does not appear in HTML. Authors should therefore use ' instead of ' to work as expected in HTML 4 user agents.
[23:33] * Nutsy (i=Nutsy@) has joined #freenet
[23:33] <Nutsy> Hi i need some help
[23:34] <Caco_Patane> the single-quotes from the user help
[23:34] <Caco_Patane> and configuration page
[23:34] <Caco_Patane> are displayed only in Firefox
[23:34] <Nutsy> A friend of mine has tryed to show me freenet... He runs a node but after doing what he says i still cant connect
[23:34] <Nutsy> o open connections
[23:34] <Nutsy> This node has not been able to connect to any other nodes so far; it will not be able to function normally. Hopefully some of your peers will connect soon; if not, try to get some more peers.
[23:34] <Nutsy> and
[23:34] <Nutsy> Symmetric firewall detected
[23:34] <Nutsy> Your internet connection appears to be behind a symmetric NAT or firewall. You will probably only be able to connect to users directly connected to the internet or behind restricted cone NATs.
[23:35] <Nutsy> are my errors:/
[23:35] <Caco_Patane> hi Nutsy
[23:35] <Nutsy> Also in Nat i forwarded 42144 but still dossnt work
[23:35] <Nutsy> and hi sorry :) i should
[23:35] <Nutsy> of said hi first :D
[23:35] <Caco_Patane> do you have your friend's referente to connect with him?
[23:36] <Caco_Patane> no worries :)
[23:36] <Nutsy> i gave him my nide infomation as well
[23:36] <Nutsy> node and he gave me his
[23:36] <Nutsy> yeah iv added it
[23:36] <Caco_Patane> you have his node in your "darknet" list?
[23:36] <Nutsy> hes gone to bed but left it running for me#
[23:36] <Nutsy> yeah
[23:36] <Nutsy> but its not connecting to him
[23:36] <Caco_Patane> ok
[23:36] <Nutsy> it did work but only for a short time and then stoped and hasnt worked since
[23:37] <Caco_Patane> both ref's included the IP address of the nodes?
[23:37] <Nutsy> yeah
[23:37] <TheSeeker> does your reference have your internal or external IP?
[23:37] <Nutsy> external
[23:37] <TheSeeker> Is your IP dynamic?
[23:37] <Caco_Patane> have you tried to ping your friend
[23:37] <Caco_Patane> maybe his node is down
[23:37] <Nutsy> yeah but hasnt changed
[23:38] <Nutsy> no its ip and i cant ping him as his routers set to ignore pings
[23:38] <Nutsy> but he says when he tryed it he was still connected to his nodes
[23:38] <Caco_Patane> (and maybe, his router ignores them)
[23:38] <Caco_Patane> oh, that :P
[23:39] <Nutsy> :/
[23:39] <Zothar> Nutsy: you port forwarded UDP on your NAT, correct?
[23:39] <Caco_Patane> the node is disconnected or backed off???
[23:39] <Nutsy> yeah
[23:39] <Caco_Patane> it was connected one time
[23:39] <Nutsy> but though im not sure if its working tbh the routers a bit SHIT!
[23:40] <Zothar> Nutsy: tried connections with others or just your friend?
[23:40] <Nutsy> just my friend
[23:40] <Caco_Patane> does that alert trigger with no peer CONNECTED or with BACK OFF too?
[23:40] <Nutsy> just says not connected
[23:41] <Nutsy> never connected
[23:41] <Caco_Patane> ah, never connected
[23:41] <Nutsy> well i deleated his info and tryed inserting it again
[23:41] <Nutsy> :p
[23:41] <Nutsy> still hasnt worked since
[23:41] <Zothar> Caco_Patane: the alert should only be when no peer is CONNECTED or BACKED OFF (maybe won't trigger if you have a TOO OLD or TOO NEW peer, but I don't remember)
[23:42] <Caco_Patane> <Nutsy> it did work but only for a short time and then stoped and hasnt worked since
[23:42] <Zothar> Nutsy: do you know if your friend is also port forwarded?
[23:42] <Caco_Patane> Zothar, you made the PeerManagerUserAlert.java?
[23:42] <Nutsy> i guess he is
[23:43] <Caco_Patane> (I have some questions about it)
[23:43] <Nutsy> ?
[23:43] <Zothar> Nutsy: port forwarding is not required for Freenet to work, assuming both ends can get other connections after their IP changes so that UDP hole punching can still work and each end can find out the other end's new IP address using something called ARKs, which grabs IP changes across Freenet
[23:43] <Caco_Patane> (it's not _really_ about that file, about fproxy xml output)
[23:44] <Nutsy> so deleating the rule may fix it?
[23:44] <Zothar> Nutsy: another thing that can help if you want to only connect a few friends instead of us strangers is to use a dyndns hostname to override your IP address so that both ends always know how to get the other's IP address after an update without needing ARKs
[23:44] <Nutsy> no idea how to do that
[23:44] <Zothar> Nutsy: deleting the port forwarding rule won't fix anything unless your router is just that borked as port forwarding does help
[23:45]
