#freenet IRC Log

IRC Log for 2006-12-08

Timestamps are in GMT/BST.

[0:00] <nextgens> sleon> only for the freenet mirror ?
[0:00] <sleon> nextgens: yes
[0:00] <mk_> I seem to be inept at finding threads regarding .5 attacks
[0:00] <sleon> nextgens: https://sleon.dyndns.org/webalizer
[0:00] <nextgens> maybe we ought to make a room for our mirror owners on our sponsor webpage
[0:01] <sleon> nextgens: cool!
[0:01] <nextgens> mk_> they might not be formulated that way
[0:01] <nextgens> mk_> look for trolls related to opennet vs darknet :)
[0:01] <nextgens> they use to be usefull pointers
[0:02] <nextgens> sleon> well, sanity is the PR expert, but that would be fair imo
[0:03] <nextgens> sleon> it asks for credentials
[0:04] <mk_> nextgens, Freenet 0,5 and 0,7?
[0:05] <mk_> is that thread title familiar?
[0:07] <nextgens> http://www.cnetfrance.fr/telecharger/windows/fiche/telecharger/0,39035850,11006456s,00.htm !
[0:07] * blacknick (n=chatzill@) Quit ("Chatzilla 0.9.77 [Firefox 1.5.0.6/2006072814]")
[0:07] <nextgens> they are pointing directly to a mirror !
[0:08] <mk_> is that bad?
[0:08] <nextgens> yes
[0:08] <nextgens> because they don't use the load-balancing mechanism
[0:09] <sleon> nextgens: to my mirror ? :))
[0:09] <nextgens> and it bypasses my stats :p
[0:09] <nextgens> sleon> yep
[0:09] <nextgens> I saw it into your referers ;)
[0:09] <mk_> well, it's better than people being turned off by the complexity of choosing a mirror
[0:09] <nextgens> http://dark-is.h12.ru/cgi-bin/s.pl dos the same
[0:09] <nextgens> +e
[0:10] <nextgens> mk_> we have a load-balancer sending http redirects
[0:10] <sleon> nextgens: maybe because sleon sounds french?
[0:10] <nextgens> it doesn't :)
[0:10] <mk_> ah
[0:11] <sleon> nextgens: and the last one because i have russian origin
[0:11] <sleon> they all feel it
[0:11] <Triad> I gotta ask, how much difference does my internet speed do?
[0:12] <nextgens> if it's not to bad, it doesn't make any
[0:12] <Triad> I got 8Mb symetric
[0:12] <nextgens> that's good
[0:12] <nextgens> having a bigger/better one wouldn't help
[0:13] <Triad> Still, i've set it at 50K output
[0:13] <nextgens> as most of your peers aren't able to upload fast enough to overload your downstream anyway
[0:14] <Triad> Ok
[0:14] <nextgens> bbiab
[0:14] <nextgens> maybe tomorrow
[0:14] <mk_> that's a somewhat unfortunate ... waste, I guess, of bandwidth
[0:15] <Triad> mk_: What do you mean?
[0:15] <mk_> I uninstalled a couple of p2p systems because they weren't using the full range of bandwidth that I was making available
[0:15] <mk_> if it's not used, it goes to waste
[0:15] <Triad> I'm using other p2p applications so i think i'm using my bandwith to the fullest :)
[0:15] <mk_> it's probably more excusable here, but it's still unfortunate
[0:16] <Triad> It's not like Freenet doesn't allow other applications to use all the bandwith just because i configured it to make use of a maximum amount of bandwith.
[0:17] <mk_> yeah, but what I'm saying is that I'm discouraged when I give a p2p app a bunch of bandwidth, and it isn't optimized enough to make use of even a fraction of it
[0:17] <Triad> Ah ok
[0:18] <Triad> My torrentprogram uses alot so im satisfied :)
[0:18] <_ph00> I have my bw set to 1000K (my total bw sould be around 1250K) but I can use otehr p2p apps anyways, as the node uses around 10K on average, peaks some pikes aound 30 and over, but never wven close to 100 (leave alone 1000)
[0:18] <_ph00> should*
[0:18] <sleon> mk_: it is beeing working on on this issue for a long time
[0:18] <sleon> mk_: there is an issue with load balancing
[0:19] <mk_> it's unfortunate
[0:19] <mk_> oh, I did an interesting calculation
[0:19] <mk_> right now the average person can download 8GB per day
[0:20] <Triad> That's not alot :)
[0:20] <mk_> it takes about 1 minute to consume 7mb of movie
[0:20] <mk_> at a somewhat low quality
[0:20] <Triad> Well
[0:21] <mk_> so, where was I? point is, at some point in the near future, our capacity to download will exceed our capacity to absorb information
[0:22] <Triad> Aha :)
[0:22] <mk_> we can download 6MB per minute, a minute of music is 2MB
[0:22] <mk_> it's about 7MB for a minute of vhs quality video
[0:22] <Triad> I don't think people will be going: OMG! I can't absorb all this data.
[0:22] <Triad> You can always save stuff for later :)
[0:23] <mk_> well, why save stuff?
[0:23] <mk_> you'll have even more bandwidth in the future
[0:23] <Triad> I don't have the time to watch everything i download at once.
[0:23] <mk_> with which to download
[0:23] <Triad> When i've seen it, I delete it.
[0:24] <mk_> yes, but my point here is that, as far as reasonable-quality video is concerned, you can now download more than you absorb
[0:24] <Triad> If you calculate the reality factor into your equation, we're already at that point, not being abel to absorb all the information.
[0:24] <mk_> the happy point here is that sometime soon, there won't be any media left that we have to store, or wait for, or anything
[0:24] <sleon> right now i have something like 12 kb/s average output rate and 12kb/s average input rate
[0:25] <Triad> mk_: Are you talking about some kind of Singularity but for data ?
[0:25] <Triad> Or video :)
[0:25] <mk_> no, not a singularity
[0:25] <mk_> but a pleasant state of affairs where we no longer have to worry about latency and all that
[0:25] <Triad> mk_: I'm guessing you've read about the Singularity at Kurzweil ?
[0:25] <Triad> Aha
[0:26] <Triad> Someday we'll get there, hopefully faster than we expect it. Just as technical development in general.
[0:26] <mk_> technological singularity? I'm quite familiar, though I don't recall Kurzweil
[0:27] <Triad> I've always considered Kurzweil as one of the 'founding fathers' of the Singularity theory: http://www.kurzweilai.net
[0:27] <mk_> I was reading some article a while back about advances in storage capacity... it was estimating that at some point in the future, we'll start producing more storage media than we can ever hope to fill up
[0:27] <Triad> At first it's mind boggling
[0:27] <mk_> oh, yes, I recall now
[0:28] <Triad> mk_: That's also true, a small factor in the Singularity
[0:28] <Triad> Everything we do will eventually overcome us all.
[0:28] <Triad> Everything will be better than humans in some aspect or another.
[0:28] <mk_> the singularity has mostly to do with having more brainpower than is needed to design a yet-better brain
[0:29] <Triad> mk_: That's a great and simple way of explaining it.
[0:29] <mk_> as soon as one of us designs a brain that can design a better brain, we're set
[0:29] <Triad> Yes!
[0:29] <Triad> Still, kinda scary theory.
[0:30] <mk_> sadly, we're not even at the point where we can design a proper dog-quality brain :)
[0:30] <Triad> But i guess we can't escape it, we're driving the evolution forward.
[0:30] <mk_> it's no longer even evolution
[0:30] <mk_> evolution brought us the complexity that is us
[0:30] <Triad> And we took over.
[0:30] <mk_> now we can use intellect and design to create something greater
[0:30] <mk_> (or so we hope)
[0:31] <Triad> That's what i mean, we are the evolution.
[0:31] <_ph00> not really, maybe some of us willbe able to upload their (human) meory to one of those machines; you would die anyways, but "something" remembering about 'being you' will survive
[0:31] <_ph00> possibly for a *very* long time
[0:31] <Triad> Nature is slow, human beings are incredibly fast.
[0:31] <_ph00> maybe evolution is supposed to go that way
[0:31] <Triad> No one knows which way evolution will go.
[0:32] <Triad> For us mere mortals, just sit back and watch :)
[0:32] <mk_> what we're doing I wouldn't call evolution
[0:32] <Triad> With the technical developments we're doing today, it won't take long.
[0:32] <mk_> from a semantic perspective
[0:32] <Triad> I believe it is.
[0:33] <mk_> have you had a look at the singularity institute?
[0:33] <mk_> there was a good quote there
[0:33] <Triad> Because we came from evolution, and we are making us selves better, i e evolving our selves.
[0:33] <Triad> mk_: Link?
[0:33] <_ph00> self-induced evolution
[0:33] <mk_> http://www.singinst.org/
[0:33] <_ph00> self-desigen cyborgs
[0:33] <_ph00> that's cool future
[0:33] <mk_> I wouldn't call it evolution
[0:34] <mk_> design, for sure
[0:34] <_ph00> (for a sci-fi geek, it is)
[0:34] <_ph00> self designed*
[0:34] <Triad> Yes, it's coded in our bodies to create something better than our selves, to evolve.
[0:34] <mk_> the quote was something about the doubling law, except the guy rephrased it, "every year, the IQ needed to create an AI goes down by one point"
[0:34] <Triad> I saw this show on Discovery Channel called "The big questions" - very informative.
[0:35] <Triad> mk_: Ah yeah, that one.
[0:35] <Triad> It's true, it's going faster and faster
[0:35] <Triad> And we're getting closer and closer.
[0:35] <_ph00> I don't have that channel, I get *some* discovery channel shows from bittorrent, when someone is nice enough to rip them from TV and up them
[0:36] <mk_> the point of the singularity institute is to make sure that some fool doesn't create an unfriendly AI
[0:36] <Triad> And don't forget the chaos factor, who knows what millions of semi-smart computers connected together will spawn :)
[0:36] <mk_> they'll spawn nothing
[0:36] <Triad> You think?
[0:36] <mk_> I don't think that computers can do that
[0:36] <Triad> Stranger things have happened.
[0:36] <mk_> it's like saying that a bunch of molecules will spawn a bird without any pressure applied
[0:36] <Triad> Like nature laws controlling basic robots.
[0:37] <mk_> you need the pressure of natural selection, or the pressure of design
[0:37] <Triad> Basic robots with basic programming have been known to show some influence from something, not programmed into them.
[0:37] <_ph00> more than one sci-fi story has been written about wide networks developing conciousness on their own
[0:37] <Triad> Like working together towards a goal.
[0:38] <_ph00> (I don't think that's possible though)
[0:38] <Triad> _ph00: And more than one sci-fi story has been written about going to the moon, or Mars, or whatever that we've achieved in the last century.
[0:38] <_ph00> btw uploading human memory to a machine, whould that still be a conscious individual?
[0:39] <mk_> yes, but that's a sci-fi story. I think that it's ridiculous to assume that a bunch of random programs and protocols can come together to produce intelligence (randomly!) faster than natural selection can produce them, much less faster than *design* can produce them
[0:39] <Triad> You can't and shouldn't rule out something just because some sci-fi stories been written on the subject. :)
[0:39] <_ph00> Triad: yes. we have achieved lots of stuff that sci-fi talked about
[0:39] <mk_> yes, but my point there is that "it was in a sci-fi story" isn't really any indicator of what is possible
[0:39] <Triad> mk_: We already have some software capable of doing that, worms and other malware.
[0:40] <Zothar_Work> autonomous agents; order and complexity out of simple rules; pretty cool stuff
[0:40] <Triad> That's one of the reasons why we now have heuristics in our anti-virus softwares.
[0:41] <Triad> Zothar_Work: Yeah :)
[0:41] <mk_> worms don't even mutate. they're about on par with some sort of simple human virus. maybe if we let them (if one mutated... somehow..) roam the internet for a few million years, we might come up with a squirrel-brain
[0:41] <Triad> mk_: I'm just saying, don't count out the chaos factor, Kurzweil hasn't. :)
[0:41] <mk_> I think that it's much, much more likely that non-human intelligence will come about as a result of design than of random chance
[0:42] <Triad> Of course it's far fetched but still.
[0:42] <_ph00> something in between
[0:42] <mk_> it's nice to consider? :)
[0:42] <Triad> Natural occuring fission is also far feteched but it's happened.
[0:42] <_ph00> design + unexpected
[0:43] <Triad> _ph00: Hehe, yeah, who knows what will come out of that.
[0:43] <mk_> yes, but way more unlikely things havn't happened than have
[0:43] <mk_> it's why they're called unlikely :)
[0:43] <Triad> mk_: Of course, it's just plain statistics :)
[0:44] <Triad> Still, i hope i'll be around when they invent the holodeck :P
[0:44] <Triad> Man, i'm never going to leave that place.
[0:44] <Triad> It will be the new dope of man.
[0:46] <_ph00> add the old ones to that...
[0:46] <_ph00> woah
[0:46] <_ph00> sounds like fun
[0:46] <Triad> Haha
[0:47] <Triad> Extasy AND holodeck! Man, can you believe it? :D
[0:49] <Triad> I'll think I'll go to bed and dream abou it, see ya guys.
[0:49] * Triad (i=Carradin@) Quit ()
[0:49] <_ph00> hm...
[0:50] <_ph00> no extasy for me thanks, im gonna take something less *speedy* (like pure acid, or something)
[0:50] <_ph00> what 'd you expect by one whose nick is ph 00
[0:53] <_ph00> btw the channel is logged and a buch of cops of different sorst are probably reading this, so of course all the refereces to illegal drugs use are purely fictional
[0:53] <_ph00> bunch*
[1:00] * hjubal (n=hjubal@) Quit ("leaving")
[1:01] <toad_> :)
[1:05] * Zothar_Work (n=chatzill@) Quit ("Chatzilla 0.9.77 [Firefox 1.5.0.8/2006102516]")
[1:18] <zorton> smoke weed and be happy?
[1:20] <toad_> mk_: nextgens you can't harvest through premix routing. you can find the topology but NOT the ip addresses
[1:21] <toad_> it relies on trusting them to be different people, and to not be likely to be random attackers (they may be attackers who know you thouhg...)
[1:21] <mk_> I wasn't concerned about that so much as about actually getting those routers set up
[1:22] <mk_> I mean, if it's no issue, then what's the point of having a darknet in the first place?
[1:23] <toad_> <mk_> the odds of a certain request originating from your are 1/20... if you send out 5 requests that's a 23% chance that you're the originator; 10, 40%; 20, 64%, etc.
[1:23] <toad_> mk_: how do you calculate this?
[1:23] <mk_> naively. I assume that on average, 1 of every 20 requests coming out of a node will be from that node
[1:23] <toad_> <mk_> I don't think that anyone you "meet" on the opennet would make a good friend
[1:24] <toad_> that's not the point, if we have opennet it increases significantly the chance that any given pre-existing friend is already on freenet
[1:24] <toad_> or wants to be on freenet (more content etc)
[1:24] <toad_> <mk_> I can think of 0 people that are the intersection of 'people I trust' and 'people who would be interested in freenet'
[1:25] <toad_> this will increase when freenet is bigger. opennet will make freenet bigger.
[1:25] <mk_> yeah, I agree. I wasn't arguing against opennet (I'm for it), just against trusting people you find on opennet to be part of your darknet
[1:25] <toad_> <mk_> I could be forgetting an attack, but it seems the only reason for implementing a darknet is to prevent a government from blocking all freenet nodes
[1:26] <toad_> mk_: frankly as far as i'm concerned that's enough. but opennet does make a lot of other attacks easier too.
[1:26] <mk_> what's wrong with implementing something like http://www.cbc.ca/technology/story/2006/12/01/censor-tool.html
[1:26] <mk_> a cheap proxy that links into freenet
[1:31] <toad_> <mk_> the quote was something about the doubling law, except the guy rephrased it, "every year, the IQ needed to create an AI goes down by one point"
[1:31] <toad_> LOL
[1:31] <toad_> it starts at 99999 though!
[1:32] <mk_> heh, well, let's hope that the combined IQ of the singularity institute is 99999
[1:34] <mk_> I probably wouldn't place it that high, but I think the point still stands that we should be worried about someone stupid brute-forcing AI
[1:35] <toad_> mk_: any "cheap proxy" will run into scaling problems, and it relies on there being a Free World to connect to
[1:35] <toad_> scaling problems = I know a guy in china, I provide him a passworded proxy. he tells his friends about it. they use it too. they tell their friends about it. ... it grinds to a halt.
[1:36] <toad_> if you can match people in china with people in the west, in small groups, then you can do something like that
[1:36] <mk_> but the same argument applies to a darknet... how many people can a guy in china connect to?
[1:37] <toad_> he can connect to all his friends in china
[1:37] <toad_> the firewall is the place likely to be most heavily surveilled
[1:37] <toad_> so you get a big western network and a big chinese network, which are weakly connected
[1:37] <toad_> to each other
[1:37] <mk_> right, so just have an opennet with the option to restrict connections to set X
[1:37] <toad_> the network recognizes this and searches in the local network first before queueing a request to the other side
[1:37] <toad_> no
[1:38] <toad_> it has to be a darknet
[1:38] <mk_> why?
[1:38] <toad_> if it's an opennet, it's harvestable
[1:38] <toad_> if it's harvestable, it's trivially blocked
[1:38] <mk_> the people in china won't be harvestable
[1:38] <toad_> apart from a lot of harder attacks
[1:38] <mk_> because they're restricting connections to one set
[1:38] <toad_> well, the chinese side definitely needs to be a darknet yes
[1:39] <toad_> as does the part of the western network that it connects to
[1:39] <mk_> yes, but that part of the network would have to be dark anyway. but if you're not connecting to your chinese friend, why be dark?
[1:40] <toad_> if you're connecting to your chinese friend, you have to be 100% dark
[1:40] <mk_> yep
[1:40] <toad_> not hybrid
[1:40] <toad_> you can connect to hybrid nodes though
[1:40] <toad_> but not opennet nodes
[1:40] <mk_> yes
[1:40] <mk_> well, you can co... yeah, same thing. I would call a hybrid node opennet
[1:40] <toad_> the reason to run darknet is 1) the west won't be free for freenet forever, and 2) it's far more secure
[1:40] <mk_> point being, your friends can't go spamming your address
[1:41] <mk_> or giving it away
[1:41] <toad_> hmm?
[1:41] <mk_> you make the distinction between hybrid and opennet
[1:41] <toad_> dark, hybrid, open
[1:41] <mk_> I'm just saying that if you have a "trusted friend" connection, you don't spam it
[1:41] <toad_> hybrid connects to pure dark (fixed, non exchanged connections) as well as to open (automatic migration of connections)
[1:41] <mk_> hence that trusted friend stays as dark as he or she wants
[1:42] <toad_> yes, trusted friend connection = darknet connection
[1:42] <toad_> however if you have even one opennet connection, you're harvestable, and blocked
[1:42] <mk_> unless that opennet connection is a trusted friend
[1:42] <toad_> no
[1:42] <mk_> in which case they won't be giving you away
[1:42] <toad_> that would be a hybrid
[1:42] <toad_> :)
[1:43] <mk_> well, ok, we understand each other is the main point
[1:43] <mk_> and I think we do :)
[1:43] <toad_> each connection is either a darknet connection (fixed, user initiated), or part of the opennet connection pool (constantly changing, open, harvestable)
[1:43] <toad_> ok
[1:43] <mk_> right
[1:43] <mk_> and you call anyone with a trusted friend connection a hybrid
[1:44] <toad_> i call anyone with a trusted friend connection AND opennet pooled connections hybrid
[1:44] <mk_> yes, indeed
[1:44] <mk_> anyone on the opennet with a trusted friend connection hybrid*
[1:44] <toad_> ok
[1:45] <toad_> the nasty part is premix routing only works on darknet
[1:45] <mk_> really?
[1:45] <mk_> my impression that it did just the opposite
[1:45] <mk_> was that, rather
[1:45] <toad_> no
[1:46] <toad_> premix routing requires us to expose some of the topology
[1:46] <mk_> right
[1:46] <toad_> but we don't expose the IP addresses; all traffic is routed through existing links
[1:46] <mk_> is that a good idea?
[1:47] <toad_> it's wasteful
[1:47] <toad_> but it's necessary
[1:47] <mk_> yeah, and it seems to expose your chain of hops to a whole bunch of people
[1:47] <toad_> no
[1:47] <mk_> no?
[1:48] <toad_> you only know that you're on *a* premix chain, who sent it to you, and where it's going, not who started it, where it's going, or how far through it you are
[1:48] <toad_> just as with any onion routing
[1:49] <mk_> right, but my point is that for every hop you want to make, you expose yourself to many nodes that route that hop from one router to another
[1:49] <toad_> yeah, but it's still source-routed
[1:50] <mk_> you mean that the source is unknown?
[1:50] <toad_> just like an onion
[1:50] <mk_> or what do you mean by source routed?
[1:50] <toad_> we have longer paths than on a typical onion because we have to route through the existing network
[1:50] <mk_> you're saying the source chooses the routers yes?
[1:51] <toad_> but not doing so opens up attacks related to connection establishment
[1:51] <mk_> my point is that, say I'm a hop. I'm instructed to find and connect to F7A89
[1:52] <mk_> I try to locate that node, but along the way, each of maybe 3, maybe 10, maybe 100! (it's not content, after all) nodes learns who I'm trying to connect to
[1:52] <toad_> okay
[1:52] <toad_> well
[1:52] <toad_> we expose the topology
[1:52] <toad_> so the source gets to choose _all_ the hops
[1:52] <toad_> at least i think that's how we'll do it
[1:53] <toad_> we divide the network up into cells of say 100 nodes
[1:53] <toad_> maybe 1000 nodes
[1:53] <toad_> within which the topology is known
[1:53] <mk_> oh, ok, so... are you sure? you're saying that you use pseudonyms, yes?
[1:53] <mk_> instead of actual ips
[1:53] <toad_> we choose a starting node, which is equally likely to be any "plausible" node in the cluster
[1:53] <toad_> yes, we only know the IP's of the nodes we're connected to
[1:54] <toad_> we only know which nodes are "plausible" (not likely to be fictitious) because on darknet it's unlikely that two connections are from the same attacker
[1:54] <toad_> plausible is worked out based on the topology
[1:54] <mk_> but then your friend (which you're trying to protect against in the first place) just gives you poisoned pseudonyms
[1:55] <mk_> and that's drastically easier than them providing poisoned ips
[1:55] <toad_> no
[1:55] <mk_> if you choose your 'friend', then you're borked
[1:55] <toad_> that's where the plausibility calculation comes in
[1:55] <mk_> no?
[1:55] <toad_> if we only know of a node through one peer, then it's not very plausible
[1:55] <toad_> if it's connected to two of our peers, (for example), then it's a lot more plausible
[1:56] <mk_> but that won't usually happen.. you won't have those sorts of "near" links
[1:56] <toad_> you should
[1:56] * Ash-Fox (i=UNKNOWN@) Quit ("Do not meddle in the affairs of kitsune, for you are crunchy and good with ketchup.")
[1:56] <mk_> so all I have to do is send out my poisoned nodes in other directions
[1:57] <toad_> on a small world network you will have a lot of near links and a few long links
[1:57] <mk_> and they'll come back to you as soon as good connections would
[1:57] * wert (n=nealblin@) Quit (Read error: 110 (Connection timed out))
[1:57] <mk_> well, if we're on a true small world network, a lot of problems are solved anyway
[1:57] <mk_> but we aren't. we have channels where people exchange refs
[1:58] <toad_> well yeah, here we are talking about true darknet
[1:58] <toad_> people who want to just exchange refs should stick to opennet
[1:58] <toad_> it's marginally more secure than fake opennet via #freenet-refs , and a lot more convenient
[1:58] <mk_> I can think of 0 people that are the intersection of 'people I trust' and 'people who would be interested in freenet' ; mk_: Same here, none of whom i trust is interested in Freenet
[1:59] * rzkb07 (n=rzkb07@) has joined #freenet
[1:59] <toad_> that's true now
[1:59] <toad_> but in future freenet will be a lot bigger, because of opennet
[1:59] <toad_> it will have a lot more content and be a lot faster
[1:59] * fader (n=segfault@) Quit (Read error: 104 (Connection reset by peer))
[1:59] <toad_> (the last bit isn't because of size though)
[2:00] <mk_> ok, fair enough
[2:00] <toad_> and it's reasonable to hope that hostile regime users will have people they are willing to connect to
[2:00] <mk_> in the case where an opennet is implemented, traitors aren't a terrible concern
[2:00] <toad_> although there is the legitimate question of will they bust my friends because they see my node connecting to them
[2:00] * fader (n=segfault@) has joined #freenet
[2:01] <toad_> I don't really have an answer to that except that they probably know who your friends are anyway, and darknet allows us to start to think about steganographic transports
[2:01] <mk_> what about securing the opennet against correlation attacks?
[2:02] <toad_> it's not possible
[2:02] <toad_> opennet is insecure against a wide variety of attacks
[2:02] <toad_> there are a few things that might improve our odds, but they're all hacks with very low real anonymity sets
[2:03] <toad_> i may implement something
[2:03] <toad_> but the real solution is premix routing
[2:03] * Ash-Fox (i=UNKNOWN@) has joined #FreeNET
[2:04] <mk_> on an opennet as well
[2:04] <toad_> no
[2:04] <toad_> premix routing doesn't work on opennet
[2:04] <toad_> because identity is free
[2:05] <toad_> there is an excellent chance that many of your opennet peers are run by the same attacker
[2:05] <toad_> they can conspire and ruin you, because the plausibility algorithm doesn't work if lots of your peers are the same evil person
[2:05] <toad_> this lies behind many attacks on opennet
[2:07] <mk_> unless I'm mistaken, i2p is doing this sort of thing on an opennet
[2:07] <mk_> will they fail, or?
[2:07] <toad_> they are harvestable, more easily than we are
[2:08] * ToN-nL (n=ton@) has joined #freenet
[2:08] <toad_> it is possible to try to defend against sybil attacks (making lots of nodes) using hashcash etc, but the attacker has the advantage of scale, and anything like that you do will slow down legitimate users joining the network
[2:08] <mk_> but they claim viability
[2:09] <mk_> I don't know what hashcash is
[2:09] <mk_> is there a terse summary or should I read a paper?
[2:10] <toad_> hashcash is sort of a proof of work that your computer has done
[2:10] <toad_> it's supposed to increase the cost of making an identity
[2:10] <mk_> what sort of proof of work?
[2:11] <toad_> some cryptographic puzzle that the computer must execute
[2:11] <toad_> it's just something that takes cpu time
[2:11] * PraiseChaos (n=kcecil@) has joined #freenet
[2:11] <toad_> there's also think cash, which is like the images you have on some sites to prove that you're a human being and not a script
[2:11] <mk_> ah
[2:14] * rzkb07 (n=rzkb07@) Quit ("Get out of that boring IRC client! It's no good for you. Bersirc 2.2 is your answer! [ http://www.bersirc.org/ - Open Source")
[2:14] <mk_> an ip address goes a long way towards preventing sybil attacks, if nodes can get a hold of a large percentage of nodes
[2:15] <toad_> ip addresses are cheap
[2:15] <toad_> and NATs mean we can't refuse multiple connections from the same IP anyway
[2:16] <mk_> ah yes
[2:16] <toad_> certainly NATs mean we can't limit the total number of nodes network-wide on a single IP address
[2:16] <toad_> although I can't see how to do that anyway
[2:16] <toad_> a worm can get loads of IPs, so can anyone with money
[2:17] <mk_> but how many ips?
[2:17] <toad_> DoS attacks rely on this etc
[2:17] <toad_> I think you could do a lot of damage with a mere few hundred IPs
[2:17] <mk_> where a sybil attack might let a single ip host 99K nodes - you can't really get that many
[2:17] <mk_> that many ips
[2:17] <toad_> we can't rely on scarcity of IP addresses
[2:18] <toad_> because they're not scarce, and because hundreds of nodes might legitimately be behind one NAT
[2:18] <mk_> to some extent I think you can
[2:18] <toad_> run by different people, because it's an ISP
[2:19] <toad_> well, the attack is this: I have 1000 IP addresses. I set up 10,000 fake nodes on those 1,000 IPs. every time I successfully complete a request, i return a pointer to one of my other fake nodes.
[2:19] <toad_> the result is i take over everyone's routing tables, eventually
[2:19] <toad_> how do you guard against this?
[2:19] <mk_> well, even if you block access to all but one identity from a given ip, blocking 1000 nodes of a huge network isn't a big deal
[2:19] <toad_> they don't have to be of the same network
[2:19] <toad_> but even if they do, how do you reliably detect them?
[2:20] * toad_ would also point out that he thinks that securing opennet is an exercise in futility because long run there won't be anywhere you can run it; it'll be blocked everywhere
[2:20] <toad_> and short run the places you can run it in aren't that interesting
[2:21] <mk_> limiting the ips to one identity would mean that despite having 10k fake identities, the attacker with 1000ips will only be able to use 1000 of them
[2:21] <toad_> mk_: sure
[2:21] <toad_> mk_: it would also mean that if there are two nodes behind an ISP's NAT, only one of them works
[2:21] <mk_> for connecting to some one node X
[2:22] <toad_> mk_: also I don't see a reliable mechanism for ensuring one node per IP network-wide
[2:22] <mk_> the odds of two of those 100 nodes wanting to connect to the same cautious node are slim
[2:22] <toad_> mk_: yes but there might be more than two behind that one ISP's NAT
[2:23] <mk_> there might be 100. but if your network has 1M nodes, what are the odds of two of those 100 trying to connect to the same outside node?
[2:23] <toad_> mk_: get a job at a big ISP, you can have a million IP addreses
[2:24] <mk_> fair enough, but as I said, for those attackers that can't get access to more than 1000 ips, this helps
[2:24] <toad_> it's not decided yet; we definitely don't want to impose any such restrictions on darknet, because darknet is beyond that
[2:25] <toad_> on opennet, it might be a marginal protection ... but you do have to deal with the fact that it will reduce connectivity
[2:25] <toad_> maybe opennet is sufficiently fluid that that won't be a problem
[2:25] <toad_> but I don't see any realistic prospect of detecting that "hmmm, there's a node on every IP in that /24 ..."
[2:26] * mazzanet (i=mazzanet@) Quit (Read error: 131 (Connection reset by peer))
[2:26] <toad_> because any such mechanism would have to be network-wide, and therefore exploitable
[2:27] * toad_ adds a note about exploiting scarcity of IPs to OpennetDesign
[2:27] <toad_> on the wiki
[2:28] <mk_> it might not be perfect, but it protects at the very least against the same ip connecting to you many times without cost
[2:28] <toad_> mk_: if the attacker has 1000 nodes, how does the 1 node per IP rule help?
[2:28] <toad_> err
[2:28] <toad_> if the attacker has 1000 IP's
[2:28] <toad_> then how does it help?
[2:29] <toad_> okay it solves the problem if he has 1 IP
[2:29] <mk_> it doesn't let him use an ip to gather statistics more than once
[2:29] <toad_> but he'll just keep resetting to another node within his 1000
[2:29] <toad_> you'll only have 100 connections at most, and on a darknet compatible opennet that should probably be more like 30-50
[2:32] <mk_> yeah, but it's better than having them use 10000 identities
[2:32] <mk_> here, you limit them to using 1000 ips
[2:32] <toad_> they can have 100,000 identities
[2:32] <toad_> they just need to use them on different nodes
[2:32] <toad_> if they are targeting one node only, they only need 1000 identities
[2:32] <toad_> in fact they can probably get away with 100
[2:34] <mk_> well, yes, if they're targetting, but that's no longer a sybil attack, I would say
[2:35] <toad_> well
[2:35] <toad_> it's still a sybil attack
[2:35] <toad_> you sybil each node
[2:35] <nextgens> hi
[2:35] <toad_> you know what the connection limit is, you know how many conns you have to each node
[2:35] <toad_> you know you need say half the routing table to be sure of victory
[2:37] <nextgens> ip scarcity won't help ... if you 0wn the wires on the first router, you can pretend to be virtually anyone/anywhere setting a special route for some /32
[2:37] <mk_> nextgens, this is in opennet
[2:37] <toad_> nextgens: yes but then you have to be the ISP, right?
[2:37] <nextgens> yes, or someone able to persuade the isp do to it
[2:38] <toad_> http://wiki.freenetproject.org/OpennetDesign
[2:38] <toad_> nextgens: that means figuring out which ISP the user is on though
[2:38] <nextgens> still, I don't get how we will protect from sybil attack, even on darknet
[2:39] <toad_> nextgens: or being a fascist dictatorship, in which case you just harvest
[2:39] <toad_> nextgens: on darknet, you control your connections; what's the problem?
[2:39] <Apophis2> yabba dabba duuuuu
[2:39] <toad_> getting two darknet connections to a node requires social engineering; it's expensive
[2:39] <toad_> it's not impossible (depending on the target's paranoia level), but it's not exactly easily automated on the same scale as on opennet
[2:40] <nextgens> toad_> the point of premix routing is to protect against eyesdropping, isn't it ?
[2:40] <toad_> nextgens: if you're not the ISP, how hard is it to get large numbers of IP addresses?
[2:40] * mazzanet (n=mazzanet@) has joined #freenet
[2:40] <toad_> nextgens: yes, mainly
[2:40] <nextgens> toad_> trivial
[2:40] <toad_> nextgens: premix routing breaks down if you have multiple peers who are the same attacker
[2:40] <toad_> nextgens: elaborate? ( mk_ listen )
[2:41] <nextgens> you just have to pick up the latest 0day ... and compromize a bunch of windows boxes
[2:41] <nextgens> today there is one in Word
[2:41] <toad_> well that's what i said ... worms can get lots of IPs very easily
[2:41] <toad_> but it doesn't have to be a Great Worm
[2:41] <toad_> it can be a minor scan-and-exploit
[2:41] <toad_> a Great Worm would be intercepted by the NSA and dealt with
[2:42] <toad_> you want it to look like yet another spam network
[2:42] <nextgens> use social engineering and call an infected document "Pornstar_naked.doc" ... that will perform better and almost as fast
[2:42] <toad_> :)
[2:42] <toad_> right, that's mass social engineering
[2:42] <toad_> that's different from having to fight your way into each and every node
[2:43] <mk_> but how much could you attack with an infected box before the infection is removed?
[2:44] <toad_> how long would that take?
[2:44] <nextgens> such infections wouldn't be noticed
[2:44] <toad_> if the box was secure it wouldn't get infected in the first place
[2:44] <toad_> nextgens: well, they'd slow down the internet
[2:44] <nextgens> no
[2:44] <nextgens> as they would be passive
[2:44] <nextgens> until told to attack a specific node
[2:44] <mk_> I agree that zombie network operators can have many ips, but enough to affect a network of 1M with just sybil?
[2:44] <toad_> nextgens: for them to be useful in a Sybil attack they'd have to be active
[2:44] <mk_> targetted attacks are a different thing entirely, there you don't need many nodes
[2:45] <nextgens> sure, but not necessarily using a jvm
[2:45] <toad_> nextgens: and Sybil's best if you can compromize the whole network, maybe one node at a time, but still you have to get a foot in the door to start with
[2:45] <mk_> the reason we're talking about sybil is that it's important when choosing your premix
[2:45] <nextgens> I'm not sure that would be detected, really
[2:46] <nextgens> most worms are detected while spreading ...
[2:46] <nextgens> on honeypots/honeynets
[2:46] <nextgens> such worm would spread using social-engineering : its discovery would be slower
[2:46] <toad_> mk_: it should be possible to observe a segment of the network at a time
[2:46] <nextgens> especially if the target audience is well choosen
[2:46] <toad_> mk_: when you're sure the culprit isn't in that segment, you move on to the next bit
[2:47] <toad_> maybe opennet is too dynamic to do that?
[2:48] <nextgens> there is an other way of dealing with the problem : DDoSing nodes
[2:48] <toad_> :)
[2:48] <mk_> I don't know. I'm saying that an attacker would need a very large network share
[2:49] <nextgens> efficient, cheap and easy to deploy
[2:49] <toad_> nextgens: yes but not for the entire network
[2:49] <mk_> before they could screw with your premix
[2:49] <nextgens> even for the entire network
[2:49] <toad_> mk_: i don't know how many nodes he'd need to break your premix
[2:49] <toad_> mk_: but i doubt he'd need to have ALL of your connections
[2:49] <mk_> depends on if your premix is fixed-size
[2:50] <toad_> what do you mean?
[2:50] <toad_> your anonymity set has to be more or less fixed or you get some nasty statistical attacks
[2:50] <nextgens> he has to have compromized the endpoint, that's all, isn't it ?
[2:50] <mk_> not quite
[2:50] <toad_> nextgens: no
[2:50] <toad_> nextgens: he has to compromize the chain
[2:50] <mk_> the odds of those nasty statistical attacks actuall succeeding depend on how many times you open a new tunnel
[2:50] <toad_> probably we can make it so he has to compromize the whole chain
[2:51] <toad_> mk_: I've seen arguments about long-lived vs short-lived tunnels, i'm not entirely decided on the matter
[2:51] * nextgens is tired ; it's 4AM here
[2:51] * toad_ should go to bed too soon
[2:51] <mk_> no, the attacks has to a) know what information is being accessed; b) know that someone is accessing info; c) connect the two
[2:51] <nextgens> cya tomorrow guys
[2:51] <mk_> goodnight
[2:51] <toad_> cya nextgens
[2:52] <toad_> mk_: best way to do it is to compromize the whole tunnel, or to catch it during connection setup
[2:52] <mk_> the thing to keep in mind is that even if theoretically these statistical attacks are eventually going to "catch" someone, that's no big deal when you start factoring in time and usage frequency
[2:52] <toad_> if we exclude the latter by using existing connections, then you compromize the whole tunnel by faking several of the peer's connected nodes, and therefore being able to fake the topology of the local network
[2:53] * PraiseChaos (n=kcecil@) Quit (Read error: 104 (Connection reset by peer))
[2:53] <mk_> you can't fake signed nodes
[2:53] <toad_> mk_: time and usage frequency are exactly how a lot of attacks work
[2:53] <mk_> assuming we're talking about signed nodes
[2:53] <toad_> mk_: what on earth are signed nodes?
[2:53] <mk_> no, I mean a different thing when I say time
[2:53] <mk_> (nodes that have a public key and can verify themselves with a signature)
[2:53] <toad_> no
[2:53] <toad_> how does that help in any way whatsoever?
[2:54] <toad_> yes it means you can't read other people's traffic
[2:54] <toad_> or impersonate other real nodes
[2:54] <mk_> because then your gateway/entry point can't spoof the entire thing
[2:54] <toad_> but you CAN pretend to be more than one node
[2:54] <toad_> yes
[2:54] <toad_> so you attack the route selection algorithm
[2:54] <mk_> sure, go ahead. that's sybil
[2:54] <toad_> you have 4 out of 10 of the target's peers
[2:54] <toad_> you can therefore very frequently convince it that your fictitious nodes are in fact real
[2:55] <mk_> ok, but it doesn't really matter how many peers you have
[2:55] <toad_> and they get selected for the route
[2:55] <toad_> if your fictitious peers get selected for the route, the target is screwed
[2:55] <mk_> yes, but it may be that the peer doesn't rely soley on you for information about the network
[2:55] <toad_> right
[2:55] <toad_> the target relies on all its peers for information about the network
[2:55] <toad_> that is precisely the problem
[2:55] <mk_> ok, but see it this way
[2:56] <mk_> I'm 4 hostile nodes connected to you
[2:56] <toad_> if you are only one of its 10 peers, your info can easily be cross-checked, and it can see that most of your fictitious nodes aren't connected to any of your other peers or their peers
[2:56] <mk_> I give you 10 more nodes from which to get network information from, and you do so
[2:56] <toad_> whereas if you are half its connections, you at least have internal cross-links
[2:56] <mk_> after a while, I'm going to run out of identities, and you'll still have a giant web of other nodes to persue
[2:56] <toad_> and you can usually have duplicate connections connecting to the real nodes too
[2:56] <toad_> sybil is baaaad
[2:57] <toad_> mk_: why would you run out of identities? identities are free
[2:57] <mk_> ips aren't free
[2:57] <toad_> ip's are very nearly free
[2:57] <toad_> and like you said this isn't network wide, it's about a single node
[2:57] <mk_> even if you can get a hold of 1M ips, which you won't be able to
[2:57] <toad_> you will
[2:57] <toad_> all you have to do is get a job as a tech at a major ISP
[2:57] <mk_> you still have only compromized 50% of the network
[2:58] <mk_> which is lots
[2:58] <toad_> doesn't follow
[2:58] <mk_> of a 1M network
[2:58] <toad_> why would you need 2M IPs to connect to 1M nodes?
[2:58] <toad_> you can reuse IPs
[2:58] <toad_> each node connects to far fewer than 1M peers
[2:58] <mk_> you don't have to connect anything. your knowledge of the network in no way depends on your peers
[2:59] <toad_> your ability to compromize premix routing depends on your connections
[2:59] <mk_> if a node can find out most of the nodes on a network, it's safe from targetted attacks (as far as premix goes)
[3:00] <toad_> hmmm?
[3:00] <mk_> I mean, if I'm relying on my hostile friend, sure, they can provide a disproportionate amount of hostile nodes
[3:00] <toad_> so you're saying don't divide the network into cells, attempt to use every node on the network for premix?
[3:00] <mk_> on the opennet? sure
[3:00] <toad_> that implies making harvesting even easier than it is now
[3:00] <mk_> in the darknet, you're somewhat screwed if a trusted friend betrays you
[3:01] <toad_> also your arguments about IP scarcity are broken
[3:01] <mk_> I mean, it's more likely that they'll just wear a wiretap in order to avoid torture or whatever
[3:01] <toad_> if you are looking at a network-wide perspective, how do you prevent multiple nodes on one IP?
[3:01] <mk_> what do you mean prevent?
[3:01] <toad_> mk_: that sort of thing is expensive. it's not impossible but it's expensive. and they would have to break more than one of your peers.
[3:02] <mk_> what sort of thing?
[3:02] <toad_> physical attacks etc
[3:02] <toad_> cost many many many times more than the sort of cyber-attacks we're talking about
[3:02] <mk_> no I'm saying that you're a chinese guy who is anti-communist
[3:02] <mk_> you get found out, or are a traitor, or whatever
[3:02] <toad_> if you're in any sort of hostile regime, you're on darknet, full stop
[3:03] <toad_> compromizing darknet is way more expensive than compromizing opennet, but of course it is possible with enough political and/or financial investment
[3:03] <mk_> you're probably not going to use freenet to betray people. If you've got a friend node who you trust and is a traitor, you've got bigger problems than those on freenet
[3:03] <toad_> right
[3:03] <mk_> so premix on darknet is... much less important
[3:03] <toad_> although just because you trust him enough to connect to him doesn't mean you trust him completely
[3:04] <mk_> so, if we have an opennet, what's the problem again?
[3:04] <toad_> no, premix on darknet means we can tolerate one bad node
[3:04] <toad_> on opennet the problem is sybil
[3:04] <toad_> it always has been sybil and it always will be sybil
[3:04] <mk_> right
[3:04] <toad_> and variants on sybil
[3:04] <mk_> how does ip scarcity not resolve this?
[3:04] <toad_> how does ip scarcity resolve it?
[3:04] <mk_> if you have a network of 1M nodes
[3:05] <mk_> and say, 900k are on unique ips
[3:05] <toad_> the remaining 100k may well be legitimate nodes
[3:05] <mk_> it takes 900k ips to compromize half of the network, right?
[3:05] * heph (n=heph@) Quit ("Leaving")
[3:05] <mk_> right, but that's ok
[3:06] <mk_> they can still work
[3:06] <toad_> how does it take 900k ip's to compromize half of the network?
[3:06] <mk_> 900/1800 = .5, 50%
[3:06] <toad_> eh?
[3:06] <toad_> where did 1800 come from?
[3:06] * heph (n=heph@) has joined #freenet
[3:06] <mk_> 900k good + 900k evil
[3:07] <toad_> you said 1M nodes
[3:07] <mk_> -100k for non-unique ips
[3:07] <toad_> you can probably compromize people with less than half the network
[3:07] <toad_> tunnels have to change from time to time
[3:08] <toad_> because nodes go up and down
[3:08] <mk_> right, but now we can do the calculations
[3:08] <toad_> and you haven't solved the connection setup problem
[3:08] <mk_> which one?
[3:08] <toad_> if you have a different route for each packet, and if you have very high latency, maybe you don't have to worry about connection setup
[3:08] <toad_> in the real world it's a big deal
[3:09] <mk_> what is connection setup?
[3:09] <toad_> mixmaster doesn't have to worry about it because all the remailers are connected to each other anyway and they have huge latency
[3:10] <toad_> mk_: if you pick 3 nodes randomly from the entire network, you have to set up the connections from the first node to the second node to the third node
[3:10] <toad_> mk_: this process is observable
[3:10] <mk_> by who?
[3:10] <toad_> by anyone
[3:10] <mk_> ..how?
[3:11] <toad_> well, by the ISPs involved, at the very least
[3:11] * PraiseChaos (n=kcecil@) has joined #freenet
[3:11] <mk_> if I'm connecting to you in italy, and you're connecting to joe in russia, who can observe all this?
[3:11] <mk_> well, massive worldwide conspiracies by all the isps is a big problem
[3:11] <toad_> national boundaries aren't what they used to be; they never were in fact
[3:11] <Apophis2> the omnipotent observer ;)
[3:11] <mk_> but also an unlikely one
[3:12] <toad_> so why not just use redbeard's global international VPN thingy?
[3:12] <mk_> I'm not familiar
[3:12] <toad_> it's based on the same logic
[3:12] <toad_> you set up a VPN where all your connections go to people in other countries
[3:12] <toad_> in theory it is difficult to trace stuff because of this
[3:14] <toad_> I don't see why an attacker cannot create 900k nodes on 100k ip addresses though
[3:14] <mk_> well, let's say they do
[3:14] <toad_> hmm?
[3:14] <mk_> now, you go and choose based on ips and not on identities
[3:15] <mk_> they have only 100k ips, the rest of the network has 900k ips
[3:15] * freddy (n=fred@) has joined #freenet
[3:15] <toad_> requires global knowledge, which is generally expensive
[3:15] <toad_> especially with nodes going up and down all the time
[3:15] <toad_> also easy to DoS the announcement mechanism itself
[3:15] <mk_> they have a network share of 10%, and not the nework share of 900k/1800k or what have you
[3:15] <mk_> unless the mechanism is distributed
[3:16] <toad_> distributed how?
[3:16] * Ralith (n=ralith@) has joined #freenet
[3:16] <toad_> obviously we can have a global database of nodes; it makes harvesting easier, but we have to assume bad guys can harvest opennet
[3:16] <toad_> however, how do you prevent that itself being attacked?
[3:16] <mk_> yeah, but they already harvest opennet
[3:17] <mk_> one idea off the top of my head for random discovery of other nodes
[3:17] <Apophis2> anyone can host such a database, dont make it a single point ...
[3:17] <mk_> is you ask your friend for 20 nodes
[3:17] <mk_> they give you them, and you choose one at random
[3:17] <toad_> how would that be biased based on IP?
[3:17] <mk_> if that one is down, or whatever, you blacklist your friend slightly
[3:18] <mk_> if it isn't, you ask it for friends, and so on
[3:18] <toad_> how would that be biased based on IP?
[3:18] <mk_> what do you mean?
[3:18] <toad_> you want to select a random IP address, not a random node
[3:18] <mk_> because they can't go around giving you the same ip over and over
[3:19] <mk_> and they can't give you fakes, or you'll blacklist them
[3:19] * tetaworx (n=freenet@) Quit (Read error: 110 (Connection timed out))
[3:19] <toad_> so what? they have 1000 IP addresses, they never have to give you the same one twice
[3:19] <toad_> or 10,000 or whatever
[3:19] <mk_> good. after 100 mere hops, you've exhausted all of them
[3:19] <toad_> eh?
[3:19] <mk_> 10k is a lot of ips, I really doubt that it's feasable
[3:20] <mk_> after 100 hops, you'll have seen all of their 1000 ips
[3:20] <toad_> you've actually worked in the industry?
[3:20] <mk_> then they'll *have* to start giving you good ips
[3:20] <mk_> no, I havn't, but I also expect some sort of proof that this is possible
[3:20] <mk_> it seems doubtful to me
[3:21] <toad_> spammers must operate networks at least that big
[3:21] <toad_> the internet is hundreds of millions of pc's
[3:21] <toad_> a lot of them have unpatched security issues
[3:22] <toad_> due to e.g. running pirate copies of windows
[3:22] <mk_> (in addition, if a single isp is giving ips away, you can detect this and blacklist)
[3:23] <mk_> ok, how many computers do you think an adversary could get a hold of?
[3:23] <toad_> if you want to keep track of the entire network, you will have to have broadcast traffic updates, and these are very heavy; your network will have severe scalability problems
[3:23] <mk_> you don't have to track it. just use my random discovery walk thing
[3:24] <toad_> there are a thousand ways to find "a few nodes"
[3:24] <toad_> most of them are insecure for our purposes here
[3:24] <mk_> how is my walk itsecure?
[3:25] <toad_> i don't know, but i'd be surprised if it wasn't
[3:25] <toad_> i need to go to bed
[3:25] <mk_> ok, have a good night
[3:25] <toad_> if you come up with a concrete proposal for premix routing on opennet, post it to the tech list
[3:26] <toad_> please?
[3:26] <mk_> yes, I will, if I come up with one
[3:27] <toad_> i'm not interested in securing opennet, because it's of no value in the long term, and premix routing on opennet would probably have to be completely different to on darknet and therefore be a waste of effort; but if it is possible then we should consider it
[3:27] <toad_> and i'm deeply skeptical that IP scarcity will save us
[3:27] <toad_> except against the most limited attackers
[3:28] <toad_> but if you come up with something by all means post to the tech list
[3:28] <toad_> good night
[3:28] * toad_ (n=toad@) Quit (Remote closed the connection)
[3:30] * phrosty (i=phrosty@) Quit ("PostQuitMessage(0);")
[3:33] * phrosty (n=phrosty@) has joined #freenet
[4:04] * freddy (n=fred@) Quit ("Leaving")
[4:09] * ToN-nL (n=ton@) Quit ("Ik ga weg")
[4:25] * nihil_aeturnius (n=imperial@) has joined #freenet
[4:26] * IMCensored_ (n=KMIntern@) has joined #freenet
[4:26] <nihil_aeturnius> Quiet...
[4:27] <mk_> start talking and others may join in
[4:27] <nihil_aeturnius> Okay I'm at the wrong place.
[4:27] * nihil_aeturnius (n=imperial@) has left #freenet
[4:43] * IMCensored1 (n=KMIntern@) Quit (Read error: 110 (Connection timed out))
[4:43] * IMCensored_ is now known as IMCensored1
[5:41] * jazminez (n=jazminez@) has joined #freenet
[5:44] * phrosty (n=phrosty@) Quit (Read error: 60 (Operation timed out))
[5:54] * agsarite (i=agsarite@) Quit (Remote closed the connection)
[5:57] * timmy2chk (n=violent@) has joined #freenet
[6:04] * Urs_ShPo (n=gaim@) has joined #freenet
[6:12] * agsarite (i=agsarite@) has joined #freenet
[6:26] * timmy2chk (n=violent@) Quit ("so what?")
[6:42] * timmy2chk (n=violent@) has joined #freenet
[6:59] * mk_ (n=mk@) has left #freenet
[7:00] * IMCensored_ (n=KMIntern@) has joined #freenet
[7:17] * IMCensored1 (n=KMIntern@) Quit (Read error: 110 (Connection timed out))
[7:17] * IMCensored_ is now known as IMCensored1
[7:59] * JustMe (i=JustMe_@) Quit ()
[8:07] * TheBishop_ (n=bishop@) Quit (Read error: 104 (Connection reset by peer))
[8:19] * TheBishop_ (n=bishop@) has joined #freenet
[8:24] * JustMe (i=JustMe_@) has joined #freenet
[8:25] * JustMe (i=JustMe_@) Quit (Client Quit)
[8:25] * JustMe (i=JustMe_@) has joined #freenet
[8:48] * Dynam (n=TakeThis@) Quit (Read error: 104 (Connection reset by peer))
[9:10] * sanity_ (n=ian@) Quit ()
[9:17] * timmy2chk (n=violent@) Quit ("so what?")
[9:24] * railk (n=railk@) has joined #freenet
[9:47] * Bifferson (i=Tbone@) has joined #freenet
[9:49] * Bifferson (i=Tbone@) has left #freenet
[9:55] * makomk (n=aidan@) has joined #freenet
[10:01] * railk (n=railk@) Quit ("Cya, wouldn't want ta be ya!")
[10:12] * Boon (n=TakeThis@) has joined #freenet
[10:12] * Boon is now known as Dynam
[10:15] * PraiseChaos (n=kcecil@) Quit (Connection timed out)
[11:14] * nextgens sets mode +v ShipHead
[11:20] * timmy2chk (n=violent@) has joined #freenet
[12:02] * NullAcht15 (n=NullAcht@) has joined #freenet
[12:16] * PraiseChaos (n=kcecil@) has joined #freenet
[12:35] * sopues_ (n=sandos@) has joined #freenet
[12:54] * sopues (n=sandos@) Quit (Read error: 110 (Connection timed out))
[13:00] * sbc (n=sbc@) has joined #freenet
[13:05] * sbc (n=sbc@) Quit ("Ex-Chat")
[13:32] * lattt (n=gerhard@) has joined #freenet
[13:32] * IMCensored_ (n=KMIntern@) has joined #freenet
[13:35] * greycat (i=rfc1413@) has joined #freenet
[13:44] * lattt (n=gerhard@) Quit ("Leaving")
[13:49] * sanity (n=ian@) has joined #freenet
[13:49] * ChanServ sets mode +o sanity
[13:50] * IMCensored1 (n=KMIntern@) Quit (Read error: 110 (Connection timed out))
[13:50] * IMCensored_ is now known as IMCensored1
[14:40] * DMac-X_ (n=chatzill@) has joined #freenet
[14:42] <DMac-X_> Can anyone give me some guidance on the "No Signature - integrity may be compromised" error when adding a node?
[14:44] * timmy2chk (n=violent@) Quit ("so what?")
[14:47] * sleon sets mode +v ShipHead
[14:47] <sleon> ShipHead: here you are
[14:56] * DMac-X_ (n=chatzill@) has left #freenet
[14:56] * mozillaman (n=borg@) has joined #freenet
[14:57] * mozillaman need news
[15:13] <nextgens> mozillaman> toad has done some work on the Librarian plugin
[15:13] <mozillaman> :) :)
[15:14] <mozillaman> Define "some work" please
[15:14] <nextgens> read commit messages :)
[15:15] <nextgens> http://cia.navi.cx/stats/project/freenet
[15:17] <mozillaman> Will do ;)
[15:31] * sanity_ (n=ian@) has joined #freenet
[15:40] * sanity (n=ian@) Quit (Read error: 110 (Connection timed out))
[15:49] * Yukishiro (n=zhaan@) has joined #freenet
[15:51] * toad_ (n=toad@) has joined #freenet
[15:51] * ChanServ sets mode +o toad_
[15:53] * ralith_ (n=ralith@) has joined #freenet
[15:56] * colione (n=colione@) Quit ("Leaving")
[15:59] * Ralith (n=ralith@) Quit (Read error: 110 (Connection timed out))
[16:05] <toad_> hi folks
[16:10] <nextgens> hi
[16:10] <toad_> hi nextgens !
[16:11] * ralith_ (n=ralith@) Quit (Connection timed out)
[16:12] <toad_> |The AOL network runs at an MTU of 1450.
[16:12] <toad_> okay...
[16:12] <toad_> http://info.aol.co.uk/broadband/faqHomeNetworking.adp
[16:13] * Urs_ShPo (n=gaim@) Quit (Remote closed the connection)
[16:14] <toad_> For rout the CompuServe gateway
[16:14] <toad_> further use data are needed, so that the MTU value for a CompuServe
[16:14] <toad_> DSL entrance on 1400 must be limited.
[16:14] <toad_> Für die
[16:14] <toad_> Router des CompuServe Gateways werden weitere Nutzungsdaten benötigt,
[16:14] <toad_> so dass der MTU Wert für einen CompuServe DSL Zugang auf 1400 begrenzt
[16:14] <toad_> werden muss.
[16:14] <toad_> original german ...
[16:14] <toad_> anyway
[16:14] <toad_> CompuServe uses an MTU of 1400 :<
[16:14] <toad_> so that's that
[16:14] <toad_> until we're ready to make it configurable
[16:15] <toad_> DFN@home uses 1448
[16:16] <nextgens> I suggest you detect it according to payload indeed
[16:16] <toad_> nextgens: hrrm?
[16:16] <nextgens> ie: you start with a high value ...
[16:16] <nextgens> and depending on the packetloss, you decrease it or not
[16:16] <toad_> nextgens: we can't set Dont Fragment
[16:16] <toad_> and packet loss could be due to anything
[16:17] <nextgens> especially fragmented packets
[16:17] <toad_> doing it per packet size would be complex and require a lot of traffic to figure it out
[16:17] <nextgens> anyway, it's sensible to reduce the mtu with a high packetloss
[16:17] <nextgens> why ? can't we make it addaptative ?
[16:17] * toad_ is not convinced; if the link is overloaded, why exacerbate the problem by sending data in a less efficient way?
[16:17] <nextgens> there will be a lot of traffic anyway
[16:18] <toad_> it's per-peer
[16:18] <nextgens> yes, it is
[16:18] <toad_> nextgens: did we ever figure out why too big packets was such a catastrophic problem?
[16:18] <toad_> yes it increases the packet loss, but if the packet loss is 2% then it only goes up to 4%
[16:19] <toad_> yet we get massive, constant retransmission, and plummeting payload %
[16:19] <toad_> maybe it's because of the middle layer not being very good
[16:19] <toad_> I should ask mrogers to write up our middle layer changes
[16:22] <nextgens> [16:18] <@ toad_> | yes it increases the packet loss, but if the packet loss is 2% then it only goes up to 4%
[16:22] <nextgens> no, it's worst than that
[16:23] <toad_> nextgens: 0.98 * 0.98 ~= 0.96
[16:23] <toad_> why's it worse than that?
[16:23] <nextgens> yes, as you are ommiting the window, order, ...
[16:24] <nextgens> your calculus is pure maths
[16:24] <toad_> hmmm
[16:25] <toad_> well we're very tolerant of out-of-order with our current code
[16:25] <toad_> we have a fixed maximum window size, which is probably too big for most connections
[16:25] <toad_> and may contribute to the flooding behaviour
[16:27] <nextgens> I thought we were using an adaptative window ... like on tcp
[16:28] <toad_> no, that's probably half the problem
[16:28] <toad_> we will be
[16:29] <CIA-14> toad * r11302 /trunk/freenet/src/freenet/io/comm/UdpSocketManager.java: Comments; source the claim of 1400 MTU.
[16:30] <toad_> brb
[16:30] * Caco_Patane (n=caco@) has joined #freenet
[16:32] * NullAcht15 (n=NullAcht@) Quit (Nick collision from services.)
[16:33] * NullAcht15_ (n=NullAcht@) has joined #freenet
[16:34] <sleon> nextgens: ping, do you have some time to help me with grsec policy ? how to set it so up that root has almost all its privileges?
[16:36] <nextgens> sleon> no, sorry
[16:36] <nextgens> I've got my AI project to work on
[16:36] <sleon> nextgens: ok :|
[16:36] <nextgens> unless you'd like to help me :D
[16:36] <sleon> nextgens: sure !
[16:36] <nextgens> !?!
[16:37] <sleon> nextgens: es i am interested :DD
[16:37] <sleon> nextgens: what is the topic ?
[16:37] <nextgens> I'll explain it to you on pm
[16:45] * railk (n=railk@) has joined #freenet
[16:51] * MikeW (i=Mike@) has joined #freenet
[16:58] * railk (n=railk@) Quit (Remote closed the connection)
[16:58] * railk (n=railk@) has joined #freenet
[17:06] <toad_> nextgens: "Fragmentation is handled only in the sending host in IPv6: routers never fragment a packet, and hosts are expected to use PMTU discovery."
[17:06] <toad_> nextgens: does this mean that the host (OS) will do PMTU for us, or does it mean the application will need to do PMTU on IPv6?
[17:08] <nextgens> the host will do
[17:08] <toad_> will it expose that information to us via an easy-to-JNI (or already wrapped) API?
[17:13] <nextgens> iirc it's already wrapped
[17:13] <nextgens> it will send us an Exception if we are over mtu
[17:13] <nextgens> anyway, as we aren't going to use ipv6 only, I don't see how that would help anyhow
[17:14] <toad_> yeah
[17:14] <toad_> well it's easier on ipv6 anyway because the minimum is 1280
[17:16] <toad_> hmmmm
[17:16] <toad_> java 1.5 lets us set the traffic class on a DatagramSocket
[17:16] <toad_> I wonder if it lets us set DF?
[17:18] <toad_> nextgens: afaics send() doesn't throw when we try to send a too big packet; receive() doesn't even throw when we try to receive a too big packet, (that would have been really helpful not long ago!)
[17:29] * mozillaman (n=borg@) Quit (Read error: 110 (Connection timed out))
[17:37] <toad_> nextgens: I suppose the top priority is to get the new congestion control done; then we won't have such a catastrophic response when we are sending too-big packets
[17:38] <nextgens> indeed
[17:38] <nextgens> but as mrrogers is doing it, you should focus on something else :)
[17:38] <toad_> after that ... how would you do the statistics? track the last <bignum> packets that were sent, whether they were lost, how big they are, and then search until you find a clear-cut line where X% of packets are lost below point N and (1-X)^2 are lost above it?
[17:38] <nextgens> by doing it I meant simulating it
[17:39] <nextgens> it wouldn't be a good idea to implement it without simulating
[17:39] <toad_> i don't think he simulates MTU at the moment
[17:39] <nextgens> :/
[17:40] <toad_> i've heard a statistic that 10% packet loss becomes 65% packet loss if fragmented; how does the math work if it's not 1-((1-X)^2)?
[17:40] * MikeW (i=Mike@) Quit ()
[17:41] * toad_ thinks we can do just fine with a fixed maximum packet size... it's all your fault for driving me into investigating it :)
[17:43] <nextgens> héhé
[17:44] * toad_ will post to the list and move on
[17:52] * Apophis2_ (n=Apophis@) has joined #freenet
[17:55] * lattt (n=gerhard@) has joined #freenet
[17:55] * xxxxx (n=Apophis@) has joined #freenet
[17:56] * Ralith (n=ralith@) has joined #freenet
[18:09] * Apophis2 (n=Apophis@) Quit (Read error: 110 (Connection timed out))
[18:10] <CIA-14> toad * r11303 /trunk/freenet/src/freenet/support/io/FilenameGenerator.java:
[18:10] <CIA-14> Wiping old temp files can take a long time, tell the user what's happened when we've finished.
[18:10] <CIA-14> Also tell the user if we can't delete any file.
[18:13] * mozillaman (n=chatzill@) has joined #freenet
[18:13] * Apophis2_ (n=Apophis@) Quit (Read error: 110 (Connection timed out))
[18:15] <mozillaman> toad_: nextgens says you've been working on librarian :)
[18:15] <toad_> mozillaman: hmmm?
[18:16] <toad_> mozillaman: if you can get everyone to upgrade to the new Librarian that would be cool
[18:16] <toad_> mozillaman: there was a security hole in Librarian fixed a while ago
[18:16] <toad_> and the new Librarian has lots of cool stuff
[18:16] * mozillaman has those kind of persuasion powers ;)
[18:16] <toad_> predictable order, CSS support, etc
[18:16] <mozillaman> How shall I tell people to upgrade?
[18:17] <mozillaman> Nice :)
[18:17] <_ph00> how about "hey you! upgrade!" ?
[18:17] <toad_> it doesn't have support for HTML in the descriptions yet (it's all encoded), and it doesn't have support for the new Thaw/XML/Librarian index format
[18:17] <toad_> but it will if people lobby for those
[18:18] <toad_> if you upgrade the node as well, then you can link to a Librarian index of your choice, (e.g. one you published), with a custom stylesheet, and search word from your own form
[18:19] <toad_> so it has everything needed for index authors to set up Librarian indexes
[18:19] <mozillaman> Great
[18:19] <mozillaman> So, how does one upgrade?
[18:20] <mozillaman> It's no automatic I take it
[18:20] * Fumble (n=Fumble@) has joined #freenet
[18:23] * lattt (n=gerhard@) Quit ("Leaving")
[18:30] * timmy2chk (n=violent@) has joined #freenet
[18:31] <nextgens> toad_> maybe we ought to consider releasing #1007
[18:32] <Fumble> nextgens> Hi there
[18:35] <nextgens> hey mate :)
[18:35] <Fumble> nextgens> J'ai cru que t'étais mort ;)
[18:35] <nextgens> ^^-^^
[18:35] <Fumble> J'installe un serveur sous Debian, ca se fete ;)
[18:37] <CIA-14> toad * r11304 /trunk/freenet/src/freenet/support/io/FilenameGenerator.java: Better totals
[18:37]