From dbkr at freenetproject.org Thu Mar 1 09:24:25 2007 From: dbkr at freenetproject.org (Dave Baker) Date: Thu, 1 Mar 2007 09:24:25 +0000 Subject: [freenet-dev] [freenet-cvs] r11936 - trunk/freenet/src/freenet/config In-Reply-To: <20070228225125.E22219BB7E@emu.freenetproject.org> References: <20070228225125.E22219BB7E@emu.freenetproject.org> Message-ID: <200703010924.25542.dbkr@freenetproject.org> On Wednesday 28 February 2007 22:51:25 nextgens at freenetproject.org wrote: > Author: nextgens > Date: 2007-02-28 22:51:25 +0000 (Wed, 28 Feb 2007) > New Revision: 11936 > > Modified: > trunk/freenet/src/freenet/config/PersistentConfig.java > Log: > Doh! Hang on - could somebody explain what's going on with these three commits? As I see it, we start by catching an exception that's only caused by class changes and lack of a rebuild from clean (and by looking at the code it looks like it would wipe the config file). Then after that, it gets 'fixed', but rather than jnust reverting the commit, we iterate a different way (well, okay, whatever), but what worries me is that it has all the synchronisation removed. Was the synchronised {} block unnecessary? If so, why? > > Modified: trunk/freenet/src/freenet/config/PersistentConfig.java > =================================================================== > --- trunk/freenet/src/freenet/config/PersistentConfig.java 2007-02-28 > 22:41:01 UTC (rev 11935) +++ > trunk/freenet/src/freenet/config/PersistentConfig.java 2007-02-28 22:51:25 > UTC (rev 11936) @@ -34,11 +34,11 @@ > public synchronized SimpleFieldSet exportFieldSet(boolean withDefaults) { > SimpleFieldSet fs = new SimpleFieldSet(true); > Iterator configsIterator = configsByPrefix.keySet().iterator(); > - SubConfig currentSubConfig; > + SubConfig current; > while (configsIterator.hasNext()) { > - currentSubConfig = (SubConfig) configsIterator.next(); > - SimpleFieldSet scfs = currentSubConfig.exportFieldSet(withDefaults); > - fs.tput(currentSubConfig.prefix, scfs); > + current = (SubConfig) configsByPrefix.get(configsIterator.next()); > + SimpleFieldSet scfs = current.exportFieldSet(withDefaults); > + fs.tput(current.prefix, scfs); > } > return fs; > } > > _______________________________________________ > cvs mailing list > cvs at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs From nextgens at freenetproject.org Thu Mar 1 12:48:44 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Thu, 1 Mar 2007 13:48:44 +0100 Subject: [freenet-dev] [freenet-cvs] r11936 - trunk/freenet/src/freenet/config In-Reply-To: <200703010924.25542.dbkr@freenetproject.org> References: <20070228225125.E22219BB7E@emu.freenetproject.org> <200703010924.25542.dbkr@freenetproject.org> Message-ID: <20070301124844.GA4181@freenetproject.org> * Dave Baker [2007-03-01 09:24:25]: > On Wednesday 28 February 2007 22:51:25 nextgens at freenetproject.org wrote: > > Author: nextgens > > Date: 2007-02-28 22:51:25 +0000 (Wed, 28 Feb 2007) > > New Revision: 11936 > > > > Modified: > > trunk/freenet/src/freenet/config/PersistentConfig.java > > Log: > > Doh! > > Hang on - could somebody explain what's going on with these three commits? As > I see it, we start by catching an exception that's only caused by class > changes and lack of a rebuild from clean (and by looking at the code it looks > like it would wipe the config file). Indeed : not a real problem. > Then after that, it gets 'fixed', but rather than jnust reverting the commit, we > iterate a different way (well, okay, whatever), Yep, we iterate more efficiently now. > but what worries me is that it has all the synchronisation > removed. Was the synchronised {} block unnecessary? If so, why? > Cause the whole method is declared as synchronized so getting a lock on (this) is useless :) NextGen$ > > > > Modified: trunk/freenet/src/freenet/config/PersistentConfig.java > > =================================================================== > > --- trunk/freenet/src/freenet/config/PersistentConfig.java 2007-02-28 > > 22:41:01 UTC (rev 11935) +++ > > trunk/freenet/src/freenet/config/PersistentConfig.java 2007-02-28 22:51:25 > > UTC (rev 11936) @@ -34,11 +34,11 @@ > > public synchronized SimpleFieldSet exportFieldSet(boolean withDefaults) { > > SimpleFieldSet fs = new SimpleFieldSet(true); > > Iterator configsIterator = configsByPrefix.keySet().iterator(); > > - SubConfig currentSubConfig; > > + SubConfig current; > > while (configsIterator.hasNext()) { > > - currentSubConfig = (SubConfig) configsIterator.next(); > > - SimpleFieldSet scfs = currentSubConfig.exportFieldSet(withDefaults); > > - fs.tput(currentSubConfig.prefix, scfs); > > + current = (SubConfig) configsByPrefix.get(configsIterator.next()); > > + SimpleFieldSet scfs = current.exportFieldSet(withDefaults); > > + fs.tput(current.prefix, scfs); > > } > > return fs; > > } > > > > _______________________________________________ > > cvs mailing list > > cvs at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From dbkr at freenetproject.org Thu Mar 1 13:41:52 2007 From: dbkr at freenetproject.org (Dave Baker) Date: Thu, 1 Mar 2007 13:41:52 +0000 Subject: [freenet-dev] [freenet-cvs] r11936 - trunk/freenet/src/freenet/config In-Reply-To: <20070301124844.GA4181@freenetproject.org> References: <20070228225125.E22219BB7E@emu.freenetproject.org> <200703010924.25542.dbkr@freenetproject.org> <20070301124844.GA4181@freenetproject.org> Message-ID: <200703011341.52729.dbkr@freenetproject.org> On Thursday 01 March 2007 12:48:44 Florent Daigni?re wrote: > * Dave Baker [2007-03-01 09:24:25]: > > On Wednesday 28 February 2007 22:51:25 nextgens at freenetproject.org wrote: > > > Author: nextgens > > > Date: 2007-02-28 22:51:25 +0000 (Wed, 28 Feb 2007) > > > New Revision: 11936 > > > > > > Modified: > > > trunk/freenet/src/freenet/config/PersistentConfig.java > > > Log: > > > Doh! > > > > Hang on - could somebody explain what's going on with these three > > commits? As I see it, we start by catching an exception that's only > > caused by class changes and lack of a rebuild from clean (and by looking > > at the code it looks like it would wipe the config file). > > Indeed : not a real problem. > > > Then after that, it gets 'fixed', but rather than jnust reverting the > > commit, we iterate a different way (well, okay, whatever), > > Yep, we iterate more efficiently now. > > > but what worries me is that it has all the synchronisation > > removed. Was the synchronised {} block unnecessary? If so, why? > > Cause the whole method is declared as synchronized so getting a > lock on (this) is useless :) Ah, I see. Fair enough. Can I persuade you to put things like this in the commit log message so people like me don't get confused? :) Dave > > NextGen$ > > > > Modified: trunk/freenet/src/freenet/config/PersistentConfig.java > > > =================================================================== > > > --- trunk/freenet/src/freenet/config/PersistentConfig.java 2007-02-28 > > > 22:41:01 UTC (rev 11935) +++ > > > trunk/freenet/src/freenet/config/PersistentConfig.java 2007-02-28 > > > 22:51:25 UTC (rev 11936) @@ -34,11 +34,11 @@ > > > public synchronized SimpleFieldSet exportFieldSet(boolean > > > withDefaults) { SimpleFieldSet fs = new SimpleFieldSet(true); > > > Iterator configsIterator = configsByPrefix.keySet().iterator(); > > > - SubConfig currentSubConfig; > > > + SubConfig current; > > > while (configsIterator.hasNext()) { > > > - currentSubConfig = (SubConfig) configsIterator.next(); > > > - SimpleFieldSet scfs = > > > currentSubConfig.exportFieldSet(withDefaults); > > > - fs.tput(currentSubConfig.prefix, scfs); > > > + current = (SubConfig) configsByPrefix.get(configsIterator.next()); > > > + SimpleFieldSet scfs = current.exportFieldSet(withDefaults); > > > + fs.tput(current.prefix, scfs); > > > } > > > return fs; > > > } > > > > > > _______________________________________________ > > > cvs mailing list > > > cvs at freenetproject.org > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/cvs > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From nextgens at freenetproject.org Thu Mar 1 13:45:54 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Thu, 1 Mar 2007 14:45:54 +0100 Subject: [freenet-dev] [freenet-cvs] r11936 - trunk/freenet/src/freenet/config In-Reply-To: <200703011341.52729.dbkr@freenetproject.org> References: <20070228225125.E22219BB7E@emu.freenetproject.org> <200703010924.25542.dbkr@freenetproject.org> <20070301124844.GA4181@freenetproject.org> <200703011341.52729.dbkr@freenetproject.org> Message-ID: <20070301134553.GB4181@freenetproject.org> * Dave Baker [2007-03-01 13:41:52]: > On Thursday 01 March 2007 12:48:44 Florent Daigni?re wrote: > > * Dave Baker [2007-03-01 09:24:25]: > > > On Wednesday 28 February 2007 22:51:25 nextgens at freenetproject.org wrote: > > > > Author: nextgens > > > > Date: 2007-02-28 22:51:25 +0000 (Wed, 28 Feb 2007) > > > > New Revision: 11936 > > > > > > > > Modified: > > > > trunk/freenet/src/freenet/config/PersistentConfig.java > > > > Log: > > > > Doh! > > > > > > Hang on - could somebody explain what's going on with these three > > > commits? As I see it, we start by catching an exception that's only > > > caused by class changes and lack of a rebuild from clean (and by looking > > > at the code it looks like it would wipe the config file). > > > > Indeed : not a real problem. > > > > > Then after that, it gets 'fixed', but rather than jnust reverting the > > > commit, we iterate a different way (well, okay, whatever), > > > > Yep, we iterate more efficiently now. > > > > > but what worries me is that it has all the synchronisation > > > removed. Was the synchronised {} block unnecessary? If so, why? > > > > Cause the whole method is declared as synchronized so getting a > > lock on (this) is useless :) > > Ah, I see. Fair enough. Can I persuade you to put things like this in the > commit log message so people like me don't get confused? :) > > > Dave Sure, next time I will do :) NextGen$ From toad at amphibian.dyndns.org Thu Mar 1 14:08:57 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Thu, 1 Mar 2007 14:08:57 +0000 Subject: [freenet-dev] Fwd: [Content Restrictions and Freenet] Message-ID: <20070301140857.GC21603@amphibian.dyndns.org> In reference to http://www.gerv.net/security/content-restrictions/ Which may provide a way for us to provide full web functionality without having to write whitelist filters for everything including javascript ! ----- Forwarded message from me ----- Subject: Content Restrictions and Freenet Hi, I believe we met at FOSDEM? I work on Freenet, http://freenetproject.org/ , a censorship resistant peer to peer system designed for use in hostile regimes. This includes a web front-end: Files and web sites are published internally and accessed through localhost. In order to prevent web-bugs (img src's pointing to files on the real web giving away your IP address, for example), at present we implement a whitelist filter, which only supports HTML 4.01 and no scripting. Your Content Restrictions proposal may give us a way to support more or less full web functionality. Specific issues: - We would probably use request=nopost domain=127.0.0.1 - For our purposes, going beyond scripting to restrict all content on the page is a good thing. It means we don't have to filter the content we pass along to the browser at all, once we know the browser supports the content restrictions. This will be the case with any system where you can upload HTML including arbitrary tags, although I can see that most e.g. forums may want to impose a strictly limited subset. - We obviously need some way to detect whether this is in operation in a script in a filtered page; if it is, we redirect to an unfiltered one. - Obviously e.g. included CSS files would need to be interpreted with the same policy. At present we have to put in an explicit MIME type specification in to ensure that CSS is filtered correctly. - Because we will want some forms (e.g. a search form within a portal site), we will need to be able to have an unfiltered page inline a filtered stylesheet. Thanks! ----- End forwarded message ----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070301/31b6565f/attachment.pgp From nextgens at freenetproject.org Sat Mar 3 15:10:33 2007 From: nextgens at freenetproject.org (NextGen$) Date: Sat, 3 Mar 2007 15:10:33 +0000 Subject: [freenet-dev] Gentoo, freenet 0.5 ebuild Message-ID: <20070303151033.GA937@freenetproject.org> Hi, I got in touch with the gentoo guys and convinced them to fix|remove their ebuild \o/ https://bugs.gentoo.org/show_bug.cgi?id=72996#c8 hopefully we won't have support requests from gentoo users anymore. I think it's a good news ; Not that we shouldn't encourage packaging, but their package was really old and hasn't been maintained for to long. NextGen$ PS: I've created a new related ticket on mantis : https://bugs.freenetproject.org/view.php?id=1174 From nextgens at freenetproject.org Mon Mar 5 15:02:57 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Mon, 5 Mar 2007 16:02:57 +0100 Subject: [freenet-dev] The new plugin : MDNSDiscovery Message-ID: <20070305150257.GA4497@freenetproject.org> Hey! This WE I got around coding a new plugin for freenet : MDNSDiscovery. It advertises fred's services on the local network. Namely _freenet._udp (the node), _fcp._tcp (FCP), _http._tcp (Froxy) and _telnet._tcp (TCMI). MDNS is also known as ZeroConf (see [1]) or Bonjour/Rendez-Vous in apple's world (see [2]). So far no FCP client is known to be listening for zeroconf advertisement ; maybe their authors should consider doing it so that they could "automagicaly" discover FCP servers. I have filled in several tickets on mantis (see [3]). MacOSx users should now see a bookmark for fproxy in Finder, under Network Servers. We could imagine lots of applications for that plugin including "easy peer swapping capabilities with neighbors" ;) I suggest to people interested in such functionality to express their interests in a new thread on @darknet-tools. The plugin runs fine for me with the testing version of freenet and follows 1.4 strict java compatibility. Would someone object to me bundling it within the installer when 1017 is out ? Of course as it "advertises" freenet on the local subnet, there would be an "adequate" warning ;) I have also created a wiki page dedicated to its installation [6] NextGen$ PS: I have used jmdns [4] to do it, and would recommend python addicts to use avahi [5]. I know that having several MDNS stacks on the same host isn't a good solution but I don't regard using JNI to access DBUS to talk to avahi as a realistic option. [1] http://www.zeroconf.org/ [2] http://www.apple.com/macosx/features/bonjour/ [3] https://bugs.freenetproject.org/view.php?id=1179 [4] http://jmdns.sourceforge.net/ [5] http://avahi.org/ [6] http://wiki.freenetproject.org/MDNSDiscoveryPlugin From toad at amphibian.dyndns.org Mon Mar 5 16:35:48 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Mon, 5 Mar 2007 16:35:48 +0000 Subject: [freenet-dev] The new plugin : MDNSDiscovery In-Reply-To: <20070305150257.GA4497@freenetproject.org> References: <20070305150257.GA4497@freenetproject.org> Message-ID: <20070305163548.GF29425@amphibian.dyndns.org> Nice! I thought it was possible to detect IP address over Bonjour? One issue here is that ISP NATs often look like LANs; how do we tell the difference? We can certainly have an option to make Freenet accessible from the LAN and to advertise it on the LAN, but first we have to figure out whether it IS a LAN. I suppose 99% of the time it is because people are behind a router even if their ISP NATs them as well. :| On Mon, Mar 05, 2007 at 04:02:57PM +0100, Florent Daigni?re (NextGen$) wrote: > Hey! > > This WE I got around coding a new plugin for freenet : > MDNSDiscovery. It advertises fred's services on the local network. > Namely _freenet._udp (the node), _fcp._tcp (FCP), _http._tcp (Froxy) > and _telnet._tcp (TCMI). MDNS is also known as ZeroConf (see [1]) > or Bonjour/Rendez-Vous in apple's world (see [2]). > > So far no FCP client is known to be listening for zeroconf > advertisement ; maybe their authors should consider doing it so > that they could "automagicaly" discover FCP servers. > I have filled in several tickets on mantis (see [3]). > > MacOSx users should now see a bookmark for fproxy in Finder, > under Network Servers. > > We could imagine lots of applications for that plugin including > "easy peer swapping capabilities with neighbors" ;) I suggest to > people interested in such functionality to express their > interests in a new thread on @darknet-tools. > > The plugin runs fine for me with the testing version of freenet > and follows 1.4 strict java compatibility. Would someone object > to me bundling it within the installer when 1017 is out ? Of > course as it "advertises" freenet on the local subnet, there would > be an "adequate" warning ;) > > I have also created a wiki page dedicated to its installation > [6] > > NextGen$ > > PS: I have used jmdns [4] to do it, and would recommend python addicts > to use avahi [5]. I know that having several MDNS stacks on the same > host isn't a good solution but I don't regard using JNI to access DBUS > to talk to avahi as a realistic option. > > [1] http://www.zeroconf.org/ > [2] http://www.apple.com/macosx/features/bonjour/ > [3] https://bugs.freenetproject.org/view.php?id=1179 > [4] http://jmdns.sourceforge.net/ > [5] http://avahi.org/ > [6] http://wiki.freenetproject.org/MDNSDiscoveryPlugin > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070305/1ea820a0/attachment.pgp From nextgens at freenetproject.org Mon Mar 5 16:44:41 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Mon, 5 Mar 2007 17:44:41 +0100 Subject: [freenet-dev] The new plugin : MDNSDiscovery In-Reply-To: <20070305163548.GF29425@amphibian.dyndns.org> References: <20070305150257.GA4497@freenetproject.org> <20070305163548.GF29425@amphibian.dyndns.org> Message-ID: <20070305164441.GF4497@freenetproject.org> * Matthew Toseland [2007-03-05 16:35:48]: > Nice! I thought it was possible to detect IP address over Bonjour? Well, I haven't implemented that yet: it's called NAT-PMP http://files.dns-sd.org/draft-cheshire-nat-pmp.txt ... the underlying library (jmdns) doesn't support it... and only a few hardware device do atm (like apple's airports). > > One issue here is that ISP NATs often look like LANs; how do we tell the > difference? We can certainly have an option to make Freenet accessible > from the LAN and to advertise it on the LAN, but first we have to figure > out whether it IS a LAN. I suppose 99% of the time it is because people > are behind a router even if their ISP NATs them as well. :| Asking the user is the only viable option. > On Mon, Mar 05, 2007 at 04:02:57PM +0100, Florent Daigni?re (NextGen$) wrote: > > Hey! > > > > This WE I got around coding a new plugin for freenet : > > MDNSDiscovery. It advertises fred's services on the local network. > > Namely _freenet._udp (the node), _fcp._tcp (FCP), _http._tcp (Froxy) > > and _telnet._tcp (TCMI). MDNS is also known as ZeroConf (see [1]) > > or Bonjour/Rendez-Vous in apple's world (see [2]). > > > > So far no FCP client is known to be listening for zeroconf > > advertisement ; maybe their authors should consider doing it so > > that they could "automagicaly" discover FCP servers. > > I have filled in several tickets on mantis (see [3]). > > > > MacOSx users should now see a bookmark for fproxy in Finder, > > under Network Servers. > > > > We could imagine lots of applications for that plugin including > > "easy peer swapping capabilities with neighbors" ;) I suggest to > > people interested in such functionality to express their > > interests in a new thread on @darknet-tools. > > > > The plugin runs fine for me with the testing version of freenet > > and follows 1.4 strict java compatibility. Would someone object > > to me bundling it within the installer when 1017 is out ? Of > > course as it "advertises" freenet on the local subnet, there would > > be an "adequate" warning ;) > > > > I have also created a wiki page dedicated to its installation > > [6] > > > > NextGen$ > > > > PS: I have used jmdns [4] to do it, and would recommend python addicts > > to use avahi [5]. I know that having several MDNS stacks on the same > > host isn't a good solution but I don't regard using JNI to access DBUS > > to talk to avahi as a realistic option. > > > > [1] http://www.zeroconf.org/ > > [2] http://www.apple.com/macosx/features/bonjour/ > > [3] https://bugs.freenetproject.org/view.php?id=1179 > > [4] http://jmdns.sourceforge.net/ > > [5] http://avahi.org/ > > [6] http://wiki.freenetproject.org/MDNSDiscoveryPlugin > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > From toad at amphibian.dyndns.org Mon Mar 5 17:45:45 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Mon, 5 Mar 2007 17:45:45 +0000 Subject: [freenet-dev] Easier reference swapping Message-ID: <20070305174545.GA29567@amphibian.dyndns.org> We will only get a darknet if it is really easy to swap references with your friends - opennet or no opennet. The original idea for Freenet 0.7 reference swapping was that you: - Go to your node, and ask it to create a bundle. - Send the bundle to your friends. - They unzip it and run it to install Freenet. - The bundle includes your noderef. - It also includes a one-time key that allows the node to automatically connect to yours despite yours not having their noderef yet. There are two big problems with this: 1) Everyone and his dog is behind a NAT. This means in order to connect you must have already exchanged references, full stop. THIS SUCKS. It also affects connectivity for newbies in a bad way (which is important IMHO). 2) Generally people shouldn't run programs that they receive in emails! Solution to the first one - and to newbie connectivity issues - is to implement UP&P and hope that routers implement it properly in future - is this a realistic hope? Solution to the second one is to just send the noderef and a link to the website, and only use full bundles when e.g. giving somebody a CD-R (which we should make really easy). Plugins for e.g. IRC clients, IM clients, have been suggested but I'm not sure how well this would work for newbies, and in any case I set up a darknet-tools list for people to talk about this and nobody has even talked about it since a few days after it was set up, let alone done anything. <_ph00> so the basic problem is "how to safely exchage refs", and the solution "eliminate ref exchanging by implementing opennet"?!? Am I the only one to think that's very stupid? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070305/1fe1de12/attachment.pgp From Colin at sq7.org Mon Mar 5 18:02:42 2007 From: Colin at sq7.org (Colin Davis) Date: Mon, 05 Mar 2007 13:02:42 -0500 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070305174545.GA29567@amphibian.dyndns.org> References: <20070305174545.GA29567@amphibian.dyndns.org> Message-ID: <45EC5B42.1010701@sq7.org> I know it's less secure, but what about simply allowing people to connect to your machine if they know a passphrase? The passphrase would take the place of the Key, but be user-settable, and short. If that were in place, you could send an e-mail saying: Hey Jon, I just found this cool new thing called freenet, which lets you get to all sorts of sites which aren't on the normal web! It's anonymous, and free, you should check it out. It works by connecting through each other's computers, but I'll let you connect to me to get started. Go to FreenetProject.org and download it, then give it my hostname, which is XXXXXXX and give it the connection passphrase "IamNotEvil". Don't give anyone else that information, or it won't work. It'll only allow one connection.. After your up, you can connect to other friends, and everyone's connection gets faster. I'm on IM if you want to talk about it. -Person you Know. Matthew Toseland wrote: > We will only get a darknet if it is really easy to swap references with > your friends - opennet or no opennet. > > The original idea for Freenet 0.7 reference swapping was that you: > - Go to your node, and ask it to create a bundle. > - Send the bundle to your friends. > - They unzip it and run it to install Freenet. > - The bundle includes your noderef. > - It also includes a one-time key that allows the node to automatically > connect to yours despite yours not having their noderef yet. > > There are two big problems with this: > > 1) Everyone and his dog is behind a NAT. This means in order to connect > you must have already exchanged references, full stop. THIS SUCKS. It > also affects connectivity for newbies in a bad way (which is important > IMHO). > > 2) Generally people shouldn't run programs that they receive in emails! > > Solution to the first one - and to newbie connectivity issues - is to > implement UP&P and hope that routers implement it properly in future - > is this a realistic hope? > > Solution to the second one is to just send the noderef and a link to the > website, and only use full bundles when e.g. giving somebody a CD-R (which > we should make really easy). > > Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > not sure how well this would work for newbies, and in any case I set up > a darknet-tools list for people to talk about this and nobody has even > talked about it since a few days after it was set up, let alone done > anything. > > <_ph00> so the basic problem is "how to safely exchage refs", and the > solution "eliminate ref exchanging by implementing opennet"?!? Am I the > only one to think that's very stupid? > > > ------------------------------------------------------------------------ > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From dbkr at freenetproject.org Mon Mar 5 18:09:41 2007 From: dbkr at freenetproject.org (Dave Baker) Date: Mon, 5 Mar 2007 18:09:41 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC5B42.1010701@sq7.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> Message-ID: <200703051809.41642.dbkr@freenetproject.org> On Monday 05 March 2007 18:02:42 Colin Davis wrote: > I know it's less secure, but what about simply allowing people to > connect to your machine if they know a passphrase? The passphrase would > take the place of the Key, but be user-settable, and short. That doesn't solve either problem though, surely? my 2p on #freenet: [17:48] as far as both-way-adding goes, I think that's where we reach a tradeoff with security, which is one of the main challanges for Freenet. [17:49] I'm not convinced the whole difficulty of exchanging refs isn't a red herring - everyone can handle emailing a file. I'm definately in favour of the ability to burn a CD with an installer on it that installs a node with your reference pre-bundled, although I think leaving the installer out for an emailed-version means it's nothing the user couldn't do themselves. Dave > > > > If that were in place, you could send an e-mail saying: > > Hey Jon, I just found this cool new thing called freenet, which lets you > get to all sorts of sites which aren't on the normal web! It's > anonymous, and free, you should check it out. It works by connecting > through each other's computers, but I'll let you connect to me to get > started. > > Go to FreenetProject.org and download it, then give it my hostname, > which is XXXXXXX and give it the connection passphrase "IamNotEvil". > > Don't give anyone else that information, or it won't work. It'll only > allow one connection.. After your up, you can connect to other friends, > and everyone's connection gets faster. > > I'm on IM if you want to talk about it. > -Person you Know. > > Matthew Toseland wrote: > > We will only get a darknet if it is really easy to swap references with > > your friends - opennet or no opennet. > > > > The original idea for Freenet 0.7 reference swapping was that you: > > - Go to your node, and ask it to create a bundle. > > - Send the bundle to your friends. > > - They unzip it and run it to install Freenet. > > - The bundle includes your noderef. > > - It also includes a one-time key that allows the node to automatically > > connect to yours despite yours not having their noderef yet. > > > > There are two big problems with this: > > > > 1) Everyone and his dog is behind a NAT. This means in order to connect > > you must have already exchanged references, full stop. THIS SUCKS. It > > also affects connectivity for newbies in a bad way (which is important > > IMHO). > > > > 2) Generally people shouldn't run programs that they receive in emails! > > > > Solution to the first one - and to newbie connectivity issues - is to > > implement UP&P and hope that routers implement it properly in future - > > is this a realistic hope? > > > > Solution to the second one is to just send the noderef and a link to the > > website, and only use full bundles when e.g. giving somebody a CD-R > > (which we should make really easy). > > > > Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > > not sure how well this would work for newbies, and in any case I set up > > a darknet-tools list for people to talk about this and nobody has even > > talked about it since a few days after it was set up, let alone done > > anything. > > > > <_ph00> so the basic problem is "how to safely exchage refs", and the > > solution "eliminate ref exchanging by implementing opennet"?!? Am I the > > only one to think that's very stupid? > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From Colin at sq7.org Mon Mar 5 18:13:43 2007 From: Colin at sq7.org (Colin Davis) Date: Mon, 05 Mar 2007 13:13:43 -0500 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <200703051809.41642.dbkr@freenetproject.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> Message-ID: <45EC5DD7.6080302@sq7.org> It solves #2- Don't run things you get in e-mail.. Instead of requiring a Noderef, allow someone to connect with just a password, and the IP address. This is something you can TELL someone, or say in an IM, no file transfer required. Dave Baker wrote: > On Monday 05 March 2007 18:02:42 Colin Davis wrote: >> I know it's less secure, but what about simply allowing people to >> connect to your machine if they know a passphrase? The passphrase would >> take the place of the Key, but be user-settable, and short. > > That doesn't solve either problem though, surely? > > my 2p on #freenet: > > [17:48] as far as both-way-adding goes, I think that's where we reach a > tradeoff with security, which is one of the main challanges for Freenet. > [17:49] I'm not convinced the whole difficulty of exchanging refs isn't > a red herring - everyone can handle emailing a file. > > I'm definately in favour of the ability to burn a CD with an installer on it > that installs a node with your reference pre-bundled, although I think > leaving the installer out for an emailed-version means it's nothing the user > couldn't do themselves. > > > Dave > > >> >> >> If that were in place, you could send an e-mail saying: >> >> Hey Jon, I just found this cool new thing called freenet, which lets you >> get to all sorts of sites which aren't on the normal web! It's >> anonymous, and free, you should check it out. It works by connecting >> through each other's computers, but I'll let you connect to me to get >> started. >> >> Go to FreenetProject.org and download it, then give it my hostname, >> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >> >> Don't give anyone else that information, or it won't work. It'll only >> allow one connection.. After your up, you can connect to other friends, >> and everyone's connection gets faster. >> >> I'm on IM if you want to talk about it. >> -Person you Know. >> >> Matthew Toseland wrote: >>> We will only get a darknet if it is really easy to swap references with >>> your friends - opennet or no opennet. >>> >>> The original idea for Freenet 0.7 reference swapping was that you: >>> - Go to your node, and ask it to create a bundle. >>> - Send the bundle to your friends. >>> - They unzip it and run it to install Freenet. >>> - The bundle includes your noderef. >>> - It also includes a one-time key that allows the node to automatically >>> connect to yours despite yours not having their noderef yet. >>> >>> There are two big problems with this: >>> >>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>> you must have already exchanged references, full stop. THIS SUCKS. It >>> also affects connectivity for newbies in a bad way (which is important >>> IMHO). >>> >>> 2) Generally people shouldn't run programs that they receive in emails! >>> >>> Solution to the first one - and to newbie connectivity issues - is to >>> implement UP&P and hope that routers implement it properly in future - >>> is this a realistic hope? >>> >>> Solution to the second one is to just send the noderef and a link to the >>> website, and only use full bundles when e.g. giving somebody a CD-R >>> (which we should make really easy). >>> >>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>> not sure how well this would work for newbies, and in any case I set up >>> a darknet-tools list for people to talk about this and nobody has even >>> talked about it since a few days after it was set up, let alone done >>> anything. >>> >>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>> only one to think that's very stupid? >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Devl mailing list >>> Devl at freenetproject.org >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >> _______________________________________________ >> Devl mailing list >> Devl at freenetproject.org >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From freenet-devl at david.sowder.com Mon Mar 5 19:52:33 2007 From: freenet-devl at david.sowder.com (David Sowder (Zothar)) Date: Mon, 05 Mar 2007 13:52:33 -0600 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC5DD7.6080302@sq7.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> Message-ID: <45EC7501.80509@david.sowder.com> Colin Davis wrote: > It solves #2- Don't run things you get in e-mail.. > > Instead of requiring a Noderef, allow someone to connect with just a > password, and the IP address. This is something you can TELL someone, or > say in an IM, no file transfer required. > I don't think we should necessarily categorically discount a fred-based installer distribution servlet because of NAT problems. What if we allow decoupling the installer from the noderef? Then those that can overcome or don't have the NAT problem can host the installer. If I, for some reason, cannot host the installer, perhaps one of my peers is willing to share their installer hosting such that I could get "access keys" from his node to pass out to my friends and include my noderef from the distribution area of FProxy in the email I send to my friend with the "access key". My friend saves the attached noderef (which was attached as a file with a .fref extension) to a file, connects to the my peer's installer host, uses the "access key", which will probably be part of the URL, and downloads and installs the node. Then my friend can double click on the .fref file he downloaded, which includes a one-time code generated by the distribution area of my FProxy (or FCP server) that my node uses to authenticate the addition of a node I didn't already have the noderef of. Node installed in a decentralized way. Peer connection created. Pass phrases could work, but I think they should have something like a 32 character minimum length. (I wonder if there are passphrase dictionaries yet.) > Dave Baker wrote: > >> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >> >>> I know it's less secure, but what about simply allowing people to >>> connect to your machine if they know a passphrase? The passphrase would >>> take the place of the Key, but be user-settable, and short. >>> >> That doesn't solve either problem though, surely? >> >> my 2p on #freenet: >> >> [17:48] as far as both-way-adding goes, I think that's where we reach a >> tradeoff with security, which is one of the main challanges for Freenet. >> [17:49] I'm not convinced the whole difficulty of exchanging refs isn't >> a red herring - everyone can handle emailing a file. >> >> I'm definately in favour of the ability to burn a CD with an installer on it >> that installs a node with your reference pre-bundled, although I think >> leaving the installer out for an emailed-version means it's nothing the user >> couldn't do themselves. >> >> >> Dave >> >> >> >>> If that were in place, you could send an e-mail saying: >>> >>> Hey Jon, I just found this cool new thing called freenet, which lets you >>> get to all sorts of sites which aren't on the normal web! It's >>> anonymous, and free, you should check it out. It works by connecting >>> through each other's computers, but I'll let you connect to me to get >>> started. >>> >>> Go to FreenetProject.org and download it, then give it my hostname, >>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >>> >>> Don't give anyone else that information, or it won't work. It'll only >>> allow one connection.. After your up, you can connect to other friends, >>> and everyone's connection gets faster. >>> >>> I'm on IM if you want to talk about it. >>> -Person you Know. >>> >>> Matthew Toseland wrote: >>> >>>> We will only get a darknet if it is really easy to swap references with >>>> your friends - opennet or no opennet. >>>> >>>> The original idea for Freenet 0.7 reference swapping was that you: >>>> - Go to your node, and ask it to create a bundle. >>>> - Send the bundle to your friends. >>>> - They unzip it and run it to install Freenet. >>>> - The bundle includes your noderef. >>>> - It also includes a one-time key that allows the node to automatically >>>> connect to yours despite yours not having their noderef yet. >>>> >>>> There are two big problems with this: >>>> >>>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>>> you must have already exchanged references, full stop. THIS SUCKS. It >>>> also affects connectivity for newbies in a bad way (which is important >>>> IMHO). >>>> >>>> 2) Generally people shouldn't run programs that they receive in emails! >>>> >>>> Solution to the first one - and to newbie connectivity issues - is to >>>> implement UP&P and hope that routers implement it properly in future - >>>> is this a realistic hope? >>>> >>>> Solution to the second one is to just send the noderef and a link to the >>>> website, and only use full bundles when e.g. giving somebody a CD-R >>>> (which we should make really easy). >>>> >>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>>> not sure how well this would work for newbies, and in any case I set up >>>> a darknet-tools list for people to talk about this and nobody has even >>>> talked about it since a few days after it was set up, let alone done >>>> anything. >>>> >>>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>>> only one to think that's very stupid? >>>> From Colin at sq7.org Mon Mar 5 20:06:35 2007 From: Colin at sq7.org (Colin Davis) Date: Mon, 05 Mar 2007 15:06:35 -0500 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC7501.80509@david.sowder.com> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <45EC7501.80509@david.sowder.com> Message-ID: <45EC784B.3020908@sq7.org> I have no problem with an installer, that include your noderef- In an ideal world, that'd be the primary way people Get freenet. If I recall, .5 created a custom install, but almost no one ever used it. I think the passphrase solution works well enough, if it's locked down.. As for NAT issues, forgive my being out of touch, but I thought that was solved a year ago.. If I recall, I thought that even if Side-A and Side-B were both firewalled, they could connect.. When Side-A added the noderef of B, it would start sending out packets to B, knowing that they won't get returned.. But the Sending of these packets would open a NAT-hole.. Then, Side-B would get around to adding the noderef of A, and start sending packets to A, opening a NAT-hole on their own side.. Side A's packets then get in through this hole, just as B's now arrive at A. What am I missing? -Colin That said, David Sowder (Zothar) wrote: > Colin Davis wrote: >> It solves #2- Don't run things you get in e-mail.. >> >> Instead of requiring a Noderef, allow someone to connect with just a >> password, and the IP address. This is something you can TELL someone, or >> say in an IM, no file transfer required. >> > I don't think we should necessarily categorically discount a fred-based > installer distribution servlet because of NAT problems. What if we > allow decoupling the installer from the noderef? Then those that can > overcome or don't have the NAT problem can host the installer. If I, > for some reason, cannot host the installer, perhaps one of my peers is > willing to share their installer hosting such that I could get "access > keys" from his node to pass out to my friends and include my noderef > from the distribution area of FProxy in the email I send to my friend > with the "access key". My friend saves the attached noderef (which was > attached as a file with a .fref extension) to a file, connects to the my > peer's installer host, uses the "access key", which will probably be > part of the URL, and downloads and installs the node. Then my friend > can double click on the .fref file he downloaded, which includes a > one-time code generated by the distribution area of my FProxy (or FCP > server) that my node uses to authenticate the addition of a node I > didn't already have the noderef of. Node installed in a decentralized > way. Peer connection created. > > Pass phrases could work, but I think they should have something like a > 32 character minimum length. (I wonder if there are passphrase > dictionaries yet.) >> Dave Baker wrote: >> >>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >>> >>>> I know it's less secure, but what about simply allowing people to >>>> connect to your machine if they know a passphrase? The passphrase would >>>> take the place of the Key, but be user-settable, and short. >>>> >>> That doesn't solve either problem though, surely? >>> >>> my 2p on #freenet: >>> >>> [17:48] as far as both-way-adding goes, I think that's where we reach a >>> tradeoff with security, which is one of the main challanges for Freenet. >>> [17:49] I'm not convinced the whole difficulty of exchanging refs isn't >>> a red herring - everyone can handle emailing a file. >>> >>> I'm definately in favour of the ability to burn a CD with an installer on it >>> that installs a node with your reference pre-bundled, although I think >>> leaving the installer out for an emailed-version means it's nothing the user >>> couldn't do themselves. >>> >>> >>> Dave >>> >>> >>> >>>> If that were in place, you could send an e-mail saying: >>>> >>>> Hey Jon, I just found this cool new thing called freenet, which lets you >>>> get to all sorts of sites which aren't on the normal web! It's >>>> anonymous, and free, you should check it out. It works by connecting >>>> through each other's computers, but I'll let you connect to me to get >>>> started. >>>> >>>> Go to FreenetProject.org and download it, then give it my hostname, >>>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >>>> >>>> Don't give anyone else that information, or it won't work. It'll only >>>> allow one connection.. After your up, you can connect to other friends, >>>> and everyone's connection gets faster. >>>> >>>> I'm on IM if you want to talk about it. >>>> -Person you Know. >>>> >>>> Matthew Toseland wrote: >>>> >>>>> We will only get a darknet if it is really easy to swap references with >>>>> your friends - opennet or no opennet. >>>>> >>>>> The original idea for Freenet 0.7 reference swapping was that you: >>>>> - Go to your node, and ask it to create a bundle. >>>>> - Send the bundle to your friends. >>>>> - They unzip it and run it to install Freenet. >>>>> - The bundle includes your noderef. >>>>> - It also includes a one-time key that allows the node to automatically >>>>> connect to yours despite yours not having their noderef yet. >>>>> >>>>> There are two big problems with this: >>>>> >>>>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>>>> you must have already exchanged references, full stop. THIS SUCKS. It >>>>> also affects connectivity for newbies in a bad way (which is important >>>>> IMHO). >>>>> >>>>> 2) Generally people shouldn't run programs that they receive in emails! >>>>> >>>>> Solution to the first one - and to newbie connectivity issues - is to >>>>> implement UP&P and hope that routers implement it properly in future - >>>>> is this a realistic hope? >>>>> >>>>> Solution to the second one is to just send the noderef and a link to the >>>>> website, and only use full bundles when e.g. giving somebody a CD-R >>>>> (which we should make really easy). >>>>> >>>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>>>> not sure how well this would work for newbies, and in any case I set up >>>>> a darknet-tools list for people to talk about this and nobody has even >>>>> talked about it since a few days after it was set up, let alone done >>>>> anything. >>>>> >>>>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>>>> only one to think that's very stupid? >>>>> > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From Colin at sq7.org Mon Mar 5 20:06:35 2007 From: Colin at sq7.org (Colin Davis) Date: Mon, 05 Mar 2007 15:06:35 -0500 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC7501.80509@david.sowder.com> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <45EC7501.80509@david.sowder.com> Message-ID: <45EC784B.3020908@sq7.org> I have no problem with an installer, that include your noderef- In an ideal world, that'd be the primary way people Get freenet. If I recall, .5 created a custom install, but almost no one ever used it. I think the passphrase solution works well enough, if it's locked down.. As for NAT issues, forgive my being out of touch, but I thought that was solved a year ago.. If I recall, I thought that even if Side-A and Side-B were both firewalled, they could connect.. When Side-A added the noderef of B, it would start sending out packets to B, knowing that they won't get returned.. But the Sending of these packets would open a NAT-hole.. Then, Side-B would get around to adding the noderef of A, and start sending packets to A, opening a NAT-hole on their own side.. Side A's packets then get in through this hole, just as B's now arrive at A. What am I missing? -Colin That said, David Sowder (Zothar) wrote: > Colin Davis wrote: >> It solves #2- Don't run things you get in e-mail.. >> >> Instead of requiring a Noderef, allow someone to connect with just a >> password, and the IP address. This is something you can TELL someone, or >> say in an IM, no file transfer required. >> > I don't think we should necessarily categorically discount a fred-based > installer distribution servlet because of NAT problems. What if we > allow decoupling the installer from the noderef? Then those that can > overcome or don't have the NAT problem can host the installer. If I, > for some reason, cannot host the installer, perhaps one of my peers is > willing to share their installer hosting such that I could get "access > keys" from his node to pass out to my friends and include my noderef > from the distribution area of FProxy in the email I send to my friend > with the "access key". My friend saves the attached noderef (which was > attached as a file with a .fref extension) to a file, connects to the my > peer's installer host, uses the "access key", which will probably be > part of the URL, and downloads and installs the node. Then my friend > can double click on the .fref file he downloaded, which includes a > one-time code generated by the distribution area of my FProxy (or FCP > server) that my node uses to authenticate the addition of a node I > didn't already have the noderef of. Node installed in a decentralized > way. Peer connection created. > > Pass phrases could work, but I think they should have something like a > 32 character minimum length. (I wonder if there are passphrase > dictionaries yet.) >> Dave Baker wrote: >> >>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >>> >>>> I know it's less secure, but what about simply allowing people to >>>> connect to your machine if they know a passphrase? The passphrase would >>>> take the place of the Key, but be user-settable, and short. >>>> >>> That doesn't solve either problem though, surely? >>> >>> my 2p on #freenet: >>> >>> [17:48] as far as both-way-adding goes, I think that's where we reach a >>> tradeoff with security, which is one of the main challanges for Freenet. >>> [17:49] I'm not convinced the whole difficulty of exchanging refs isn't >>> a red herring - everyone can handle emailing a file. >>> >>> I'm definately in favour of the ability to burn a CD with an installer on it >>> that installs a node with your reference pre-bundled, although I think >>> leaving the installer out for an emailed-version means it's nothing the user >>> couldn't do themselves. >>> >>> >>> Dave >>> >>> >>> >>>> If that were in place, you could send an e-mail saying: >>>> >>>> Hey Jon, I just found this cool new thing called freenet, which lets you >>>> get to all sorts of sites which aren't on the normal web! It's >>>> anonymous, and free, you should check it out. It works by connecting >>>> through each other's computers, but I'll let you connect to me to get >>>> started. >>>> >>>> Go to FreenetProject.org and download it, then give it my hostname, >>>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". >>>> >>>> Don't give anyone else that information, or it won't work. It'll only >>>> allow one connection.. After your up, you can connect to other friends, >>>> and everyone's connection gets faster. >>>> >>>> I'm on IM if you want to talk about it. >>>> -Person you Know. >>>> >>>> Matthew Toseland wrote: >>>> >>>>> We will only get a darknet if it is really easy to swap references with >>>>> your friends - opennet or no opennet. >>>>> >>>>> The original idea for Freenet 0.7 reference swapping was that you: >>>>> - Go to your node, and ask it to create a bundle. >>>>> - Send the bundle to your friends. >>>>> - They unzip it and run it to install Freenet. >>>>> - The bundle includes your noderef. >>>>> - It also includes a one-time key that allows the node to automatically >>>>> connect to yours despite yours not having their noderef yet. >>>>> >>>>> There are two big problems with this: >>>>> >>>>> 1) Everyone and his dog is behind a NAT. This means in order to connect >>>>> you must have already exchanged references, full stop. THIS SUCKS. It >>>>> also affects connectivity for newbies in a bad way (which is important >>>>> IMHO). >>>>> >>>>> 2) Generally people shouldn't run programs that they receive in emails! >>>>> >>>>> Solution to the first one - and to newbie connectivity issues - is to >>>>> implement UP&P and hope that routers implement it properly in future - >>>>> is this a realistic hope? >>>>> >>>>> Solution to the second one is to just send the noderef and a link to the >>>>> website, and only use full bundles when e.g. giving somebody a CD-R >>>>> (which we should make really easy). >>>>> >>>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm >>>>> not sure how well this would work for newbies, and in any case I set up >>>>> a darknet-tools list for people to talk about this and nobody has even >>>>> talked about it since a few days after it was set up, let alone done >>>>> anything. >>>>> >>>>> <_ph00> so the basic problem is "how to safely exchage refs", and the >>>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the >>>>> only one to think that's very stupid? >>>>> > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From nextgens at freenetproject.org Mon Mar 5 20:31:31 2007 From: nextgens at freenetproject.org (NextGen$) Date: Mon, 5 Mar 2007 20:31:31 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC784B.3020908@sq7.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <45EC7501.80509@david.sowder.com> <45EC784B.3020908@sq7.org> Message-ID: <20070305203131.GF937@freenetproject.org> * Colin Davis [2007-03-05 15:06:35]: > I have no problem with an installer, that include your noderef- In an > ideal world, that'd be the primary way people Get freenet. If I recall, > .5 created a custom install, but almost no one ever used it. > > I think the passphrase solution works well enough, if it's locked down.. > > > As for NAT issues, forgive my being out of touch, but I thought that was > solved a year ago.. If I recall, I thought that even if Side-A and > Side-B were both firewalled, they could connect.. > > When Side-A added the noderef of B, it would start sending out packets > to B, knowing that they won't get returned.. But the Sending of these > packets would open a NAT-hole.. > Then, Side-B would get around to adding the noderef of A, and start > sending packets to A, opening a NAT-hole on their own side.. Side A's > packets then get in through this hole, just as B's now arrive at A. > > What am I missing? > > -Colin Both of you are missing the important point : on darknet we don't want to reveal the network topology : we can't rely on a third party to do the job. As far as I know all the NAT circumventing methods are involving a third party. Please move the thread to @tech :) NextGen$ > > > That said, > David Sowder (Zothar) wrote: > > Colin Davis wrote: > >> It solves #2- Don't run things you get in e-mail.. > >> > >> Instead of requiring a Noderef, allow someone to connect with just a > >> password, and the IP address. This is something you can TELL someone, or > >> say in an IM, no file transfer required. > >> > > I don't think we should necessarily categorically discount a fred-based > > installer distribution servlet because of NAT problems. What if we > > allow decoupling the installer from the noderef? Then those that can > > overcome or don't have the NAT problem can host the installer. If I, > > for some reason, cannot host the installer, perhaps one of my peers is > > willing to share their installer hosting such that I could get "access > > keys" from his node to pass out to my friends and include my noderef > > from the distribution area of FProxy in the email I send to my friend > > with the "access key". My friend saves the attached noderef (which was > > attached as a file with a .fref extension) to a file, connects to the my > > peer's installer host, uses the "access key", which will probably be > > part of the URL, and downloads and installs the node. Then my friend > > can double click on the .fref file he downloaded, which includes a > > one-time code generated by the distribution area of my FProxy (or FCP > > server) that my node uses to authenticate the addition of a node I > > didn't already have the noderef of. Node installed in a decentralized > > way. Peer connection created. > > > > Pass phrases could work, but I think they should have something like a > > 32 character minimum length. (I wonder if there are passphrase > > dictionaries yet.) > >> Dave Baker wrote: > >> > >>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: > >>> > >>>> I know it's less secure, but what about simply allowing people to > >>>> connect to your machine if they know a passphrase? The passphrase would > >>>> take the place of the Key, but be user-settable, and short. > >>>> > >>> That doesn't solve either problem though, surely? > >>> > >>> my 2p on #freenet: > >>> > >>> [17:48] as far as both-way-adding goes, I think that's where we reach a > >>> tradeoff with security, which is one of the main challanges for Freenet. > >>> [17:49] I'm not convinced the whole difficulty of exchanging refs isn't > >>> a red herring - everyone can handle emailing a file. > >>> > >>> I'm definately in favour of the ability to burn a CD with an installer on it > >>> that installs a node with your reference pre-bundled, although I think > >>> leaving the installer out for an emailed-version means it's nothing the user > >>> couldn't do themselves. > >>> > >>> > >>> Dave > >>> > >>> > >>> > >>>> If that were in place, you could send an e-mail saying: > >>>> > >>>> Hey Jon, I just found this cool new thing called freenet, which lets you > >>>> get to all sorts of sites which aren't on the normal web! It's > >>>> anonymous, and free, you should check it out. It works by connecting > >>>> through each other's computers, but I'll let you connect to me to get > >>>> started. > >>>> > >>>> Go to FreenetProject.org and download it, then give it my hostname, > >>>> which is XXXXXXX and give it the connection passphrase "IamNotEvil". > >>>> > >>>> Don't give anyone else that information, or it won't work. It'll only > >>>> allow one connection.. After your up, you can connect to other friends, > >>>> and everyone's connection gets faster. > >>>> > >>>> I'm on IM if you want to talk about it. > >>>> -Person you Know. > >>>> > >>>> Matthew Toseland wrote: > >>>> > >>>>> We will only get a darknet if it is really easy to swap references with > >>>>> your friends - opennet or no opennet. > >>>>> > >>>>> The original idea for Freenet 0.7 reference swapping was that you: > >>>>> - Go to your node, and ask it to create a bundle. > >>>>> - Send the bundle to your friends. > >>>>> - They unzip it and run it to install Freenet. > >>>>> - The bundle includes your noderef. > >>>>> - It also includes a one-time key that allows the node to automatically > >>>>> connect to yours despite yours not having their noderef yet. > >>>>> > >>>>> There are two big problems with this: > >>>>> > >>>>> 1) Everyone and his dog is behind a NAT. This means in order to connect > >>>>> you must have already exchanged references, full stop. THIS SUCKS. It > >>>>> also affects connectivity for newbies in a bad way (which is important > >>>>> IMHO). > >>>>> > >>>>> 2) Generally people shouldn't run programs that they receive in emails! > >>>>> > >>>>> Solution to the first one - and to newbie connectivity issues - is to > >>>>> implement UP&P and hope that routers implement it properly in future - > >>>>> is this a realistic hope? > >>>>> > >>>>> Solution to the second one is to just send the noderef and a link to the > >>>>> website, and only use full bundles when e.g. giving somebody a CD-R > >>>>> (which we should make really easy). > >>>>> > >>>>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > >>>>> not sure how well this would work for newbies, and in any case I set up > >>>>> a darknet-tools list for people to talk about this and nobody has even > >>>>> talked about it since a few days after it was set up, let alone done > >>>>> anything. > >>>>> > >>>>> <_ph00> so the basic problem is "how to safely exchage refs", and the > >>>>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the > >>>>> only one to think that's very stupid? > >>>>> > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From toad at amphibian.dyndns.org Mon Mar 5 22:36:43 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Mon, 5 Mar 2007 22:36:43 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC5DD7.6080302@sq7.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> Message-ID: <20070305223643.GA12373@amphibian.dyndns.org> I don't understand why a password and IP address is easier than a one-time reference. I suppose it has the advantage of being able to write it down - but for it to be secure it would need to be a one-time password; you'd need to generate a new one every time ... Hmmm. Maybe we should provide both mechanisms? On Mon, Mar 05, 2007 at 01:13:43PM -0500, Colin Davis wrote: > It solves #2- Don't run things you get in e-mail.. > > Instead of requiring a Noderef, allow someone to connect with just a > password, and the IP address. This is something you can TELL someone, or > say in an IM, no file transfer required. > > Dave Baker wrote: > > On Monday 05 March 2007 18:02:42 Colin Davis wrote: > >> I know it's less secure, but what about simply allowing people to > >> connect to your machine if they know a passphrase? The passphrase would > >> take the place of the Key, but be user-settable, and short. > > > > That doesn't solve either problem though, surely? > > > > my 2p on #freenet: > > > > [17:48] as far as both-way-adding goes, I think that's where we reach a > > tradeoff with security, which is one of the main challanges for Freenet. > > [17:49] I'm not convinced the whole difficulty of exchanging refs isn't > > a red herring - everyone can handle emailing a file. > > > > I'm definately in favour of the ability to burn a CD with an installer on it > > that installs a node with your reference pre-bundled, although I think > > leaving the installer out for an emailed-version means it's nothing the user > > couldn't do themselves. > > > > > > Dave > > > > > >> > >> > >> If that were in place, you could send an e-mail saying: > >> > >> Hey Jon, I just found this cool new thing called freenet, which lets you > >> get to all sorts of sites which aren't on the normal web! It's > >> anonymous, and free, you should check it out. It works by connecting > >> through each other's computers, but I'll let you connect to me to get > >> started. > >> > >> Go to FreenetProject.org and download it, then give it my hostname, > >> which is XXXXXXX and give it the connection passphrase "IamNotEvil". > >> > >> Don't give anyone else that information, or it won't work. It'll only > >> allow one connection.. After your up, you can connect to other friends, > >> and everyone's connection gets faster. > >> > >> I'm on IM if you want to talk about it. > >> -Person you Know. > >> > >> Matthew Toseland wrote: > >>> We will only get a darknet if it is really easy to swap references with > >>> your friends - opennet or no opennet. > >>> > >>> The original idea for Freenet 0.7 reference swapping was that you: > >>> - Go to your node, and ask it to create a bundle. > >>> - Send the bundle to your friends. > >>> - They unzip it and run it to install Freenet. > >>> - The bundle includes your noderef. > >>> - It also includes a one-time key that allows the node to automatically > >>> connect to yours despite yours not having their noderef yet. > >>> > >>> There are two big problems with this: > >>> > >>> 1) Everyone and his dog is behind a NAT. This means in order to connect > >>> you must have already exchanged references, full stop. THIS SUCKS. It > >>> also affects connectivity for newbies in a bad way (which is important > >>> IMHO). > >>> > >>> 2) Generally people shouldn't run programs that they receive in emails! > >>> > >>> Solution to the first one - and to newbie connectivity issues - is to > >>> implement UP&P and hope that routers implement it properly in future - > >>> is this a realistic hope? > >>> > >>> Solution to the second one is to just send the noderef and a link to the > >>> website, and only use full bundles when e.g. giving somebody a CD-R > >>> (which we should make really easy). > >>> > >>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > >>> not sure how well this would work for newbies, and in any case I set up > >>> a darknet-tools list for people to talk about this and nobody has even > >>> talked about it since a few days after it was set up, let alone done > >>> anything. > >>> > >>> <_ph00> so the basic problem is "how to safely exchage refs", and the > >>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the > >>> only one to think that's very stupid? > >>> > >>> > >>> ------------------------------------------------------------------------ > >>> > >>> _______________________________________________ > >>> Devl mailing list > >>> Devl at freenetproject.org > >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > >> _______________________________________________ > >> Devl mailing list > >> Devl at freenetproject.org > >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070305/f6fc4ba8/attachment.pgp From toad at amphibian.dyndns.org Mon Mar 5 22:41:37 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Mon, 5 Mar 2007 22:41:37 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC7501.80509@david.sowder.com> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <45EC7501.80509@david.sowder.com> Message-ID: <20070305224137.GB12373@amphibian.dyndns.org> On Mon, Mar 05, 2007 at 01:52:33PM -0600, David Sowder (Zothar) wrote: > Colin Davis wrote: > > It solves #2- Don't run things you get in e-mail.. > > > > Instead of requiring a Noderef, allow someone to connect with just a > > password, and the IP address. This is something you can TELL someone, or > > say in an IM, no file transfer required. > > > I don't think we should necessarily categorically discount a fred-based > installer distribution servlet because of NAT problems. What if we > allow decoupling the installer from the noderef? Then those that can > overcome or don't have the NAT problem can host the installer. They are a sufficiently small fraction of the overall target audience as to be uninteresting. UP&P would make them a large enough group to be interesting, although still only something like 50% because UP&P is extremely unreliable from what I have heard. > If I, > for some reason, cannot host the installer, perhaps one of my peers is > willing to share their installer hosting such that I could get "access > keys" from his node to pass out to my friends and include my noderef > from the distribution area of FProxy in the email I send to my friend > with the "access key". My friend saves the attached noderef (which was > attached as a file with a .fref extension) to a file, connects to the my > peer's installer host, uses the "access key", which will probably be > part of the URL, and downloads and installs the node. Then my friend > can double click on the .fref file he downloaded, which includes a > one-time code generated by the distribution area of my FProxy (or FCP > server) that my node uses to authenticate the addition of a node I > didn't already have the noderef of. Node installed in a decentralized > way. Peer connection created. This is not very clear. Please divide into what friend A does and what friend B does. > > Pass phrases could work, but I think they should have something like a > 32 character minimum length. (I wonder if there are passphrase > dictionaries yet.) Passphrases from movies or well-known-people are probably in a big list somewhere. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070305/f17542c5/attachment.pgp From toad at amphibian.dyndns.org Mon Mar 5 22:47:00 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Mon, 5 Mar 2007 22:47:00 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC784B.3020908@sq7.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <45EC7501.80509@david.sowder.com> <45EC784B.3020908@sq7.org> Message-ID: <20070305224700.GC12373@amphibian.dyndns.org> On Mon, Mar 05, 2007 at 03:06:35PM -0500, Colin Davis wrote: > As for NAT issues, forgive my being out of touch, but I thought that was > solved a year ago.. If I recall, I thought that even if Side-A and > Side-B were both firewalled, they could connect.. > > When Side-A added the noderef of B, it would start sending out packets > to B, knowing that they won't get returned.. But the Sending of these > packets would open a NAT-hole.. > Then, Side-B would get around to adding the noderef of A, and start > sending packets to A, opening a NAT-hole on their own side.. Side A's > packets then get in through this hole, just as B's now arrive at A. Only if both A and B know the other's IP address. That's not easy. Most people don't know their IP address. There are several issues here: 1. How to deal with NATs. I'm leaning strongly towards implementing UP&P. This might even remove the need for using central STUN servers - at least most of the time after installation. 2. How to easily give somebody a node reference that Just Works, without them having to do anything beyond double clicking on the file. Two options: 1) IP:port + password (password may be auto-generated, and probably should be one-time), 2) one-time references. 3. How to get the node source code in the first place, and whether it's a good idea for this to be distributed; if it is, we can include the initial noderef. (It probably is, but we need #2 as well for e.g. if the user already has a node or has other safe means of obtaining fred). > > What am I missing? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070305/710deead/attachment.pgp From toad at amphibian.dyndns.org Mon Mar 5 22:48:17 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Mon, 5 Mar 2007 22:48:17 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070305203131.GF937@freenetproject.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <45EC7501.80509@david.sowder.com> <45EC784B.3020908@sq7.org> <20070305203131.GF937@freenetproject.org> Message-ID: <20070305224817.GD12373@amphibian.dyndns.org> On Mon, Mar 05, 2007 at 08:31:31PM +0000, NextGen$ wrote: > > Both of you are missing the important point : on darknet we don't want to > reveal the network topology : we can't rely on a third party to do the job. > As far as I know all the NAT circumventing methods are involving a third > party. UP&P doesn't. As long as we are sure we are behind a router, we can be sure that we are on our own LAN, unless Mallory controls the router. > > Please move the thread to @tech :) IMHO this is relevant in the relatively near future. > > NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070305/2c6cab5a/attachment.pgp From carlin at jlab.org Mon Mar 5 18:02:24 2007 From: carlin at jlab.org (Chris Carlin) Date: Mon, 05 Mar 2007 13:02:24 -0500 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070305174545.GA29567@amphibian.dyndns.org> References: <20070305174545.GA29567@amphibian.dyndns.org> Message-ID: <45EC5B30.8090508@jlab.org> Matthew Toseland wrote: > There are two big problems with this: > > 1) Everyone and his dog is behind a NAT. This means in order to connect > you must have already exchanged references, full stop. THIS SUCKS. It > also affects connectivity for newbies in a bad way (which is important > IMHO). Will the IPv6 stuff in Vista will affect this? I'm under the impression that Vista has some sort of IPv6 tunneling enabled by default; does it defeat the evils of NAT? Just an idle curiosity... ~Chris From toad at amphibian.dyndns.org Tue Mar 6 03:03:01 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 6 Mar 2007 03:03:01 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45EC5B30.8090508@jlab.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B30.8090508@jlab.org> Message-ID: <20070306030301.GA5773@amphibian.dyndns.org> On Mon, Mar 05, 2007 at 01:02:24PM -0500, Chris Carlin wrote: > Matthew Toseland wrote: > > > There are two big problems with this: > > > > 1) Everyone and his dog is behind a NAT. This means in order to connect > > you must have already exchanged references, full stop. THIS SUCKS. It > > also affects connectivity for newbies in a bad way (which is important > > IMHO). > > Will the IPv6 stuff in Vista will affect this? I'm under the impression > that Vista has some sort of IPv6 tunneling enabled by default; does it > defeat the evils of NAT? I'm not capable of providing a civil answer to this question right now. > > Just an idle curiosity... > > ~Chris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/e138bc5e/attachment.pgp From toad at amphibian.dyndns.org Tue Mar 6 03:11:37 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 6 Mar 2007 03:11:37 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070306030301.GA5773@amphibian.dyndns.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B30.8090508@jlab.org> <20070306030301.GA5773@amphibian.dyndns.org> Message-ID: <20070306031137.GA1004@amphibian.dyndns.org> On Tue, Mar 06, 2007 at 03:03:01AM +0000, Matthew Toseland wrote: > On Mon, Mar 05, 2007 at 01:02:24PM -0500, Chris Carlin wrote: > > > > Will the IPv6 stuff in Vista will affect this? I'm under the impression > > that Vista has some sort of IPv6 tunneling enabled by default; does it > > defeat the evils of NAT? > > I'm not capable of providing a civil answer to this question right now. Sorry, I would like to know; tell me if you find out. > > > > Just an idle curiosity... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/1d7517cb/attachment.pgp From Volodya at WhenGendarmeSleeps.org Tue Mar 6 05:44:35 2007 From: Volodya at WhenGendarmeSleeps.org (Volodya) Date: Tue, 06 Mar 2007 05:44:35 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070305223643.GA12373@amphibian.dyndns.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <20070305223643.GA12373@amphibian.dyndns.org> Message-ID: <45ECFFC3.7030007@WhenGendarmeSleeps.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Toseland wrote: > I don't understand why a password and IP address is easier than a > one-time reference. I suppose it has the advantage of being able to > write it down - but for it to be secure it would need to be a one-time > password; you'd need to generate a new one every time ... > > Hmmm. Maybe we should provide both mechanisms? One thing that might be done is not having an increadibly secure password protection (just secure enough), but when somebody adds themselves via password they get added in the disabled mode, then the person tells you "It asks me to tell you to enable me" and you do so. If somebody intersepts the password in between and uses it, the second person will get a request to inform you that password has been used already, so you just go and delete the bugger who used it. In other words: Bring security away from the machine and to the person. - Volodya - -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://freeselfdefence.info/ Self-defence wiki http://www.kingstonstudents.org/ Kingston University students' forum "None of us are free until all of us are free." ~ Mihail Bakunin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFF7P/DuWy2EFICg+0RAtblAJ4vSyPViz4+lbcLO6n3FPA6b5deIwCguCcR O8vOSZ8JrCwTaq565LAZfP0= =5jwq -----END PGP SIGNATURE----- From the_bishop at web.de Tue Mar 6 06:08:51 2007 From: the_bishop at web.de (Martin Scheffler) Date: Tue, 6 Mar 2007 07:08:51 +0100 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45ECFFC3.7030007@WhenGendarmeSleeps.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <20070305223643.GA12373@amphibian.dyndns.org> <45ECFFC3.7030007@WhenGendarmeSleeps.org> Message-ID: <200703060708.56888.the_bishop@web.de> Am Dienstag, 6. M?rz 2007 06:44 schrieb Volodya: > One thing that might be done is not having an increadibly secure > password protection (just secure enough), but when somebody adds > themselves via password they get added in the disabled mode, then the > person tells you "It asks me to tell you to enable me" and you do so. > If somebody intersepts the password in between and uses it, the second > person will get a request to inform you that password has been used > already, so you just go and delete the bugger who used it. > > In other words: Bring security away from the machine and to the person. Yes, sounds reasonable at first. But how to distinguish MITM and the authorized peer? Maybe by being able to exchange p2p-messages (while in restricted mode) to verify responses in-band which can't be used by the eavesdropper. Is this possible? if you are still talking to the peer person out-of-band after untrusted initial connect, you could verify the node key fingerprints to be sure, but everything in-band shall be distrusted at this point. good byte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/6af3d040/attachment.pgp From the_bishop at web.de Tue Mar 6 06:12:48 2007 From: the_bishop at web.de (Martin Scheffler) Date: Tue, 6 Mar 2007 07:12:48 +0100 Subject: [freenet-dev] what about the automatic updater? Message-ID: <200703060712.50393.the_bishop@web.de> does the updated code gets uploaded to freenet this time? i had no luck updating the node by itself so far... good byte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/ba84b248/attachment.pgp From Volodya at WhenGendarmeSleeps.org Tue Mar 6 06:18:40 2007 From: Volodya at WhenGendarmeSleeps.org (Volodya) Date: Tue, 06 Mar 2007 06:18:40 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <200703060708.56888.the_bishop@web.de> References: <20070305174545.GA29567@amphibian.dyndns.org> <20070305223643.GA12373@amphibian.dyndns.org> <45ECFFC3.7030007@WhenGendarmeSleeps.org> <200703060708.56888.the_bishop@web.de> Message-ID: <45ED07C0.2050901@WhenGendarmeSleeps.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin Scheffler wrote: > Am Dienstag, 6. M?rz 2007 06:44 schrieb Volodya: >> One thing that might be done is not having an increadibly secure >> password protection (just secure enough), but when somebody adds >> themselves via password they get added in the disabled mode, then the >> person tells you "It asks me to tell you to enable me" and you do so. >> If somebody intersepts the password in between and uses it, the second >> person will get a request to inform you that password has been used >> already, so you just go and delete the bugger who used it. >> >> In other words: Bring security away from the machine and to the person. > > Yes, sounds reasonable at first. > But how to distinguish MITM and the authorized peer? 'Authorised peer' will tell you that an was unable to connect, and then you know that somebody intercepted the password. Like i said it is *still* a 1 time password, meaning that if real user typed it the intruder won't be able to use it, so intruder must do it before the real peer does, which will raise the alarm since that peer is your friend and you will be immediately informed that 'pass doesn't work, mate'. - Volodya - -- http://freedom.libsyn.com/ Voice of Freedom, Radical Podcast http://freeselfdefence.info/ Self-defence wiki http://www.kingstonstudents.org/ Kingston University students' forum "None of us are free until all of us are free." ~ Mihail Bakunin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFF7Qe/uWy2EFICg+0RAlFjAKDkypEG+pzTe+4ag4xxyqD+oRhjzACfZT5S e7tga3oXIvonTaOT0hZb/L8= =8zKA -----END PGP SIGNATURE----- From the_bishop at web.de Tue Mar 6 06:39:51 2007 From: the_bishop at web.de (Martin Scheffler) Date: Tue, 6 Mar 2007 07:39:51 +0100 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45ED07C0.2050901@WhenGendarmeSleeps.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <200703060708.56888.the_bishop@web.de> <45ED07C0.2050901@WhenGendarmeSleeps.org> Message-ID: <200703060739.52676.the_bishop@web.de> Am Dienstag, 6. M?rz 2007 07:18 schrieb Volodya: > 'Authorised peer' will tell you that an was unable to connect, and then > you know that somebody intercepted the password. If the MITM has the ability not only to read the IP+OTP messages, but to redirect the traffic from IP-A to IP-B through his fake node, then you can not distinguish MITM and peer. out of band by phone, PGP or handwritten papermail would be the best proof in that case. > Like i said it is *still* a 1 time password, meaning that if real user > typed it the intruder won't be able to use it, so intruder must do it > before the real peer does, which will raise the alarm since that peer > is your friend and you will be immediately informed that 'pass doesn't > work, mate'. not really... the MITM could try to use the both passwords immediately and fake the both other sides. If you dont have out-of-band means to verify the information from the peer node, you have a connection to the wrong node and only see the forged verification. good byte -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/0c59cce4/attachment.pgp From nextgens at freenetproject.org Tue Mar 6 10:30:51 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Tue, 6 Mar 2007 11:30:51 +0100 Subject: [freenet-dev] what about the automatic updater? In-Reply-To: <200703060712.50393.the_bishop@web.de> References: <200703060712.50393.the_bishop@web.de> Message-ID: <20070306103051.GB4145@freenetproject.org> * Martin Scheffler [2007-03-06 07:12:48]: > does the updated code gets uploaded to freenet this time? > i had no luck updating the node by itself so far... > > good byte Toad hasn't announced the new build yet: it's likely he hasn't inserted it. NextGen$ From bbackde at googlemail.com Tue Mar 6 10:35:17 2007 From: bbackde at googlemail.com (bbackde at googlemail.com) Date: Tue, 6 Mar 2007 11:35:17 +0100 Subject: [freenet-dev] what about the automatic updater? In-Reply-To: <20070306103051.GB4145@freenetproject.org> References: <200703060712.50393.the_bishop@web.de> <20070306103051.GB4145@freenetproject.org> Message-ID: But my node updated to 1018???!!! On 3/6/07, Florent Daigni?re (NextGen$) wrote: > * Martin Scheffler [2007-03-06 07:12:48]: > > > does the updated code gets uploaded to freenet this time? > > i had no luck updating the node by itself so far... > > > > good byte > > Toad hasn't announced the new build yet: it's likely he hasn't inserted > it. > > NextGen$ > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > From nextgens at freenetproject.org Tue Mar 6 10:37:25 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Tue, 6 Mar 2007 11:37:25 +0100 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <45ECFFC3.7030007@WhenGendarmeSleeps.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <20070305223643.GA12373@amphibian.dyndns.org> <45ECFFC3.7030007@WhenGendarmeSleeps.org> Message-ID: <20070306103722.GC4145@freenetproject.org> * Volodya [2007-03-06 05:44:35]: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew Toseland wrote: > > I don't understand why a password and IP address is easier than a > > one-time reference. I suppose it has the advantage of being able to > > write it down - but for it to be secure it would need to be a one-time > > password; you'd need to generate a new one every time ... > > > > Hmmm. Maybe we should provide both mechanisms? > > One thing that might be done is not having an increadibly secure password protection (just > secure enough), but when somebody adds themselves via password they get added in the > disabled mode, then the person tells you "It asks me to tell you to enable me" and you do > so. If somebody intersepts the password in between and uses it, the second person will get > a request to inform you that password has been used already, so you just go and delete the > bugger who used it. > > In other words: Bring security away from the machine and to the person. > > - Volodya > So far a node is *passive* and won't react upon reception of any unknown data. If we want to tell the user that the password has already been used, we would need to change that behaviour :/ I'm not sure it's a good idea. NextGen$ From nextgens at freenetproject.org Tue Mar 6 10:40:02 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Tue, 6 Mar 2007 11:40:02 +0100 Subject: [freenet-dev] what about the automatic updater? In-Reply-To: References: <200703060712.50393.the_bishop@web.de> <20070306103051.GB4145@freenetproject.org> Message-ID: <20070306103959.GD4145@freenetproject.org> * bbackde at googlemail.com [2007-03-06 11:35:17]: > But my node updated to 1018???!!! Ok, then it's probably a timing issue : could you please wait a bit more Martin and get back to us if it hasn't updated before the end of the day ? Thanks. PS: my node hasn't detected the update yet either. > > On 3/6/07, Florent Daigni?re (NextGen$) wrote: > >* Martin Scheffler [2007-03-06 07:12:48]: > > > >> does the updated code gets uploaded to freenet this time? > >> i had no luck updating the node by itself so far... > >> > >> good byte > > > >Toad hasn't announced the new build yet: it's likely he hasn't inserted > >it. > > > >NextGen$ > >_______________________________________________ > >Devl mailing list > >Devl at freenetproject.org > >http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > From edt at aei.ca Tue Mar 6 12:57:45 2007 From: edt at aei.ca (Ed Tomlinson) Date: Tue, 6 Mar 2007 07:57:45 -0500 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070306103722.GC4145@freenetproject.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45ECFFC3.7030007@WhenGendarmeSleeps.org> <20070306103722.GC4145@freenetproject.org> Message-ID: <200703060757.45611.edt@aei.ca> Hi, Why not take the simple way? The last time I had to reset my node I ran a swapbot that used irc to get some refs. If I remember correctly there is a project that creates an anonymous irc network. Why not have nodes create or connect to this network, at least some of the time, and use a standardized swapbot to get references. If a person running a node is willing to be less anonymous, we could even use freenode... Comments? Ed On Tuesday 06 March 2007 05:37, Florent Daigni?re wrote: > * Volodya [2007-03-06 05:44:35]: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Matthew Toseland wrote: > > > I don't understand why a password and IP address is easier than a > > > one-time reference. I suppose it has the advantage of being able to > > > write it down - but for it to be secure it would need to be a one-time > > > password; you'd need to generate a new one every time ... > > > > > > Hmmm. Maybe we should provide both mechanisms? > > > > One thing that might be done is not having an increadibly secure password protection (just > > secure enough), but when somebody adds themselves via password they get added in the > > disabled mode, then the person tells you "It asks me to tell you to enable me" and you do > > so. If somebody intersepts the password in between and uses it, the second person will get > > a request to inform you that password has been used already, so you just go and delete the > > bugger who used it. > > > > In other words: Bring security away from the machine and to the person. > > > > - Volodya > > > > So far a node is *passive* and won't react upon reception of any unknown data. > If we want to tell the user that the password has already been used, we > would need to change that behaviour :/ > > I'm not sure it's a good idea. > > NextGen$ > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > From nextgens at freenetproject.org Tue Mar 6 13:35:14 2007 From: nextgens at freenetproject.org (Florent =?iso-8859-1?Q?Daigni=E8re_=28NextGen$=29?=) Date: Tue, 6 Mar 2007 14:35:14 +0100 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <200703060757.45611.edt@aei.ca> References: <20070305174545.GA29567@amphibian.dyndns.org> <45ECFFC3.7030007@WhenGendarmeSleeps.org> <20070306103722.GC4145@freenetproject.org> <200703060757.45611.edt@aei.ca> Message-ID: <20070306133514.GI4145@freenetproject.org> * Ed Tomlinson [2007-03-06 07:57:45]: > Hi, > > Why not take the simple way? The last time I had to reset my node I ran > a swapbot that used irc to get some refs. If I remember correctly there is > a project that creates an anonymous irc network. Why not have nodes > create or connect to this network, at least some of the time, and use a > standardized swapbot to get references. If a person running a node is > willing to be less anonymous, we could even use freenode... > > Comments? > Ed That wouldn't create a small world topology... FYI, we are not discussing how to implement opennet but what are opennet alternatives. NextGen$ > > > On Tuesday 06 March 2007 05:37, Florent Daigni?re wrote: > > * Volodya [2007-03-06 05:44:35]: > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > Matthew Toseland wrote: > > > > I don't understand why a password and IP address is easier than a > > > > one-time reference. I suppose it has the advantage of being able to > > > > write it down - but for it to be secure it would need to be a one-time > > > > password; you'd need to generate a new one every time ... > > > > > > > > Hmmm. Maybe we should provide both mechanisms? > > > > > > One thing that might be done is not having an increadibly secure password protection (just > > > secure enough), but when somebody adds themselves via password they get added in the > > > disabled mode, then the person tells you "It asks me to tell you to enable me" and you do > > > so. If somebody intersepts the password in between and uses it, the second person will get > > > a request to inform you that password has been used already, so you just go and delete the > > > bugger who used it. > > > > > > In other words: Bring security away from the machine and to the person. > > > > > > - Volodya > > > > > > > So far a node is *passive* and won't react upon reception of any unknown data. > > If we want to tell the user that the password has already been used, we > > would need to change that behaviour :/ > > > > I'm not sure it's a good idea. > > > > NextGen$ > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From ian at locut.us Tue Mar 6 15:05:56 2007 From: ian at locut.us (Ian Clarke) Date: Tue, 6 Mar 2007 09:05:56 -0600 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070305223643.GA12373@amphibian.dyndns.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <20070305223643.GA12373@amphibian.dyndns.org> Message-ID: <823242bd0703060705s280801d4o217062ddfcf12817@mail.gmail.com> You don't understand why: 43.213.43.1:54533:foriemdhs ...is easier than... identity=MZHvIrRsHRLqqTaEN-S5lLpeD8yk572zFfPFxsCsS-M location=0.16978598221719554 testnet=false myName=SanityMBP lastGoodVersion=Fred,0.7,1.0,1009 sig=1fd90af28fddd96d0b159c7bd93658f9267b84dbacef75bc400074258eabe81e,433cac175114111647b4d1e0af84448c34620adb6accf307e14daf72960a8048 version=Fred,0.7,1.0,1009 dsaPubKey.y=Xw1RbImKwC5EYlfOZtvV0nUz-ujplXfW6IHq125LfajUe2m6sA~IHwvu75wtCvdp~TgjNlgddQMhVBtOkhvSIr1cdiWFYqSaeULGFDeFJdON8PZj1Apt7IN2xIVh17WUA99JoeZhCKUH9d-nKubllovx0qFyVpezkPaluWhQrOx0JCYEYJOmah5xIUlvdPfG7bkSWGnWDq5VfJAQTIW~XW2CBjtXh1jbsfOAE1l9k35JY44jNJ4Ehq-qlPLYO1gqpHE~HsikKxYFGX3FcByxRIYCTxVTSfO9bx6vAxzaBQnDIC6zthhzKJAezRJEM~YZ4zZA0q39~0Y8eKK1yIrSOQ physical.udp=sanity1.dyndns.org:14505;76.167.194.83:14505 dsaGroup.g=UaRatnDByf0QvTlaaAXTMzn1Z15LDTXe-J~gOqXCv0zpz83CVngSkb--bVRuZ9R65OFg~ATKcuw8VJJwn1~A9p5jRt2NPj2EM7bu72O85-mFdBhcav8WHJtTbXb4cxNzZaQkbPQUv~gEnuEeMTc80KZVjilQ7wlTIM6GIY~ZJVHMKSIkEU87YBRtIt1R~BJcnaDAKBJv~oXv1PS-6iwQRFMynMEmipfpqDXBTkqaQ8ahiGWA41rY8d4jDhrzIgjvkzfxkkcCpFFOldwW8w8MEecUoRLuhKnY1sm8nnTjNlYLtc1Okeq-ba0mvwygSAf4wxovwY6n1Fuqt8yZe1PDVg dsaGroup.q=ALFDNoq81R9Y1kQNVBc5kzmk0VvvCWosXY5t9E9S1tN5 dsaGroup.p=AIYIrE9VNhM38qPjirGGT-PJjWZBHY0q-JxSYyDFQfZQeOhrx4SUpdc~SppnWD~UHymT7WyX28eV3YjwkVyc~--H5Tc83hPjx8qQc7kQbrMb~CJy7QBX~YSocKGfioO-pwfRZEDDguYtOJBHPqeenVDErGsfHTCxDDKgL2hYM8Ynj8Kes0OcUzOIVhShFSGbOAjJKjeg82XNXmG1hhdh2tnv8M4jJQ9ViEj425Mrh6O9jXovfPmcdYIr3C~3waHXjQvPgUiK4N5Saf~FOri48fK-PmwFZFc-YSgI9o2-70nVybSnBXlM96QkzU6x4CYFUuZ7-B~je0ofeLdX7xhehuk ark.pubURI=SSK at 1CA0TRYSSEnK~Tj7-OqVajmsqS85iUVhjmuz8EU9HQs,MuvO8pTCCPCTqUIMpkEXUBu55nV2DgiGjhSgr~9FY0I,AQABAAE/ark ark.number=128 End I think it speaks for itself. Ian. On 3/5/07, Matthew Toseland wrote: > I don't understand why a password and IP address is easier than a > one-time reference. I suppose it has the advantage of being able to > write it down - but for it to be secure it would need to be a one-time > password; you'd need to generate a new one every time ... > > Hmmm. Maybe we should provide both mechanisms? > > On Mon, Mar 05, 2007 at 01:13:43PM -0500, Colin Davis wrote: > > It solves #2- Don't run things you get in e-mail.. > > > > Instead of requiring a Noderef, allow someone to connect with just a > > password, and the IP address. This is something you can TELL someone, or > > say in an IM, no file transfer required. > > > > Dave Baker wrote: > > > On Monday 05 March 2007 18:02:42 Colin Davis wrote: > > >> I know it's less secure, but what about simply allowing people to > > >> connect to your machine if they know a passphrase? The passphrase would > > >> take the place of the Key, but be user-settable, and short. > > > > > > That doesn't solve either problem though, surely? > > > > > > my 2p on #freenet: > > > > > > [17:48] as far as both-way-adding goes, I think that's where we reach a > > > tradeoff with security, which is one of the main challanges for Freenet. > > > [17:49] I'm not convinced the whole difficulty of exchanging refs isn't > > > a red herring - everyone can handle emailing a file. > > > > > > I'm definately in favour of the ability to burn a CD with an installer on it > > > that installs a node with your reference pre-bundled, although I think > > > leaving the installer out for an emailed-version means it's nothing the user > > > couldn't do themselves. > > > > > > > > > Dave > > > > > > > > >> > > >> > > >> If that were in place, you could send an e-mail saying: > > >> > > >> Hey Jon, I just found this cool new thing called freenet, which lets you > > >> get to all sorts of sites which aren't on the normal web! It's > > >> anonymous, and free, you should check it out. It works by connecting > > >> through each other's computers, but I'll let you connect to me to get > > >> started. > > >> > > >> Go to FreenetProject.org and download it, then give it my hostname, > > >> which is XXXXXXX and give it the connection passphrase "IamNotEvil". > > >> > > >> Don't give anyone else that information, or it won't work. It'll only > > >> allow one connection.. After your up, you can connect to other friends, > > >> and everyone's connection gets faster. > > >> > > >> I'm on IM if you want to talk about it. > > >> -Person you Know. > > >> > > >> Matthew Toseland wrote: > > >>> We will only get a darknet if it is really easy to swap references with > > >>> your friends - opennet or no opennet. > > >>> > > >>> The original idea for Freenet 0.7 reference swapping was that you: > > >>> - Go to your node, and ask it to create a bundle. > > >>> - Send the bundle to your friends. > > >>> - They unzip it and run it to install Freenet. > > >>> - The bundle includes your noderef. > > >>> - It also includes a one-time key that allows the node to automatically > > >>> connect to yours despite yours not having their noderef yet. > > >>> > > >>> There are two big problems with this: > > >>> > > >>> 1) Everyone and his dog is behind a NAT. This means in order to connect > > >>> you must have already exchanged references, full stop. THIS SUCKS. It > > >>> also affects connectivity for newbies in a bad way (which is important > > >>> IMHO). > > >>> > > >>> 2) Generally people shouldn't run programs that they receive in emails! > > >>> > > >>> Solution to the first one - and to newbie connectivity issues - is to > > >>> implement UP&P and hope that routers implement it properly in future - > > >>> is this a realistic hope? > > >>> > > >>> Solution to the second one is to just send the noderef and a link to the > > >>> website, and only use full bundles when e.g. giving somebody a CD-R > > >>> (which we should make really easy). > > >>> > > >>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > > >>> not sure how well this would work for newbies, and in any case I set up > > >>> a darknet-tools list for people to talk about this and nobody has even > > >>> talked about it since a few days after it was set up, let alone done > > >>> anything. > > >>> > > >>> <_ph00> so the basic problem is "how to safely exchage refs", and the > > >>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the > > >>> only one to think that's very stupid? > > >>> > > >>> > > >>> ------------------------------------------------------------------------ > > >>> > > >>> _______________________________________________ > > >>> Devl mailing list > > >>> Devl at freenetproject.org > > >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > >> _______________________________________________ > > >> Devl mailing list > > >> Devl at freenetproject.org > > >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > > > > _______________________________________________ > > > Devl mailing list > > > Devl at freenetproject.org > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFF7Jt7A9rUluQ9pFARAr7gAJ9iJHAur3dIsrClY+AmFSQgOy6bXgCfY2Po > kqDOiGlYjY/lZ0v66rlsip0= > =NcEY > -----END PGP SIGNATURE----- > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -- Founder and CEO, Thoof Inc Email: ian at thoof.com Office: +1 512 485 1970 Cell: +1 310 593 3724 AIM: ian.clarke at mac.com Skype: sanity From toad at amphibian.dyndns.org Tue Mar 6 16:42:22 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 6 Mar 2007 16:42:22 +0000 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <823242bd0703060705s280801d4o217062ddfcf12817@mail.gmail.com> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <20070305223643.GA12373@amphibian.dyndns.org> <823242bd0703060705s280801d4o217062ddfcf12817@mail.gmail.com> Message-ID: <20070306164222.GA3992@amphibian.dyndns.org> Well, if you are exchanging electronically, you are probably able to move the latter as easily as the former, no? Sadly no, because of the [ insert favourite expletive ] NATs which kill DCC. But you can move a small file with IM clients, surely? It's moving a file and then double clicking on it or even executing it in place, versus copying a line of text manually. So it would be easier for IRC and other stuff crippled by NATs. Would it be easier for anything practically used by semi-geek (rather than ubergeek) users? Also you can write it down. However, because it would probably have to be a one-time password (for security when dealing with newbies; if it's a two way exchange, you could maybe have more permanent passwords, at a cost in security), you can't remember it and write it down. And even if it wasn't one-time, you probably can't write it down anyway if you don't have a semistatic IP - but a lot of people *do* have semistatic IPs... Anyway, it would help in some cases, sure. So we should probably have both. On Tue, Mar 06, 2007 at 09:05:56AM -0600, Ian Clarke wrote: > You don't understand why: > > 43.213.43.1:54533:foriemdhs > > ...is easier than... > > identity=MZHvIrRsHRLqqTaEN-S5lLpeD8yk572zFfPFxsCsS-M > location=0.16978598221719554 > testnet=false > myName=SanityMBP > lastGoodVersion=Fred,0.7,1.0,1009 > sig=1fd90af28fddd96d0b159c7bd93658f9267b84dbacef75bc400074258eabe81e,433cac175114111647b4d1e0af84448c34620adb6accf307e14daf72960a8048 > version=Fred,0.7,1.0,1009 > dsaPubKey.y=Xw1RbImKwC5EYlfOZtvV0nUz-ujplXfW6IHq125LfajUe2m6sA~IHwvu75wtCvdp~TgjNlgddQMhVBtOkhvSIr1cdiWFYqSaeULGFDeFJdON8PZj1Apt7IN2xIVh17WUA99JoeZhCKUH9d-nKubllovx0qFyVpezkPaluWhQrOx0JCYEYJOmah5xIUlvdPfG7bkSWGnWDq5VfJAQTIW~XW2CBjtXh1jbsfOAE1l9k35JY44jNJ4Ehq-qlPLYO1gqpHE~HsikKxYFGX3FcByxRIYCTxVTSfO9bx6vAxzaBQnDIC6zthhzKJAezRJEM~YZ4zZA0q39~0Y8eKK1yIrSOQ > physical.udp=sanity1.dyndns.org:14505;76.167.194.83:14505 > dsaGroup.g=UaRatnDByf0QvTlaaAXTMzn1Z15LDTXe-J~gOqXCv0zpz83CVngSkb--bVRuZ9R65OFg~ATKcuw8VJJwn1~A9p5jRt2NPj2EM7bu72O85-mFdBhcav8WHJtTbXb4cxNzZaQkbPQUv~gEnuEeMTc80KZVjilQ7wlTIM6GIY~ZJVHMKSIkEU87YBRtIt1R~BJcnaDAKBJv~oXv1PS-6iwQRFMynMEmipfpqDXBTkqaQ8ahiGWA41rY8d4jDhrzIgjvkzfxkkcCpFFOldwW8w8MEecUoRLuhKnY1sm8nnTjNlYLtc1Okeq-ba0mvwygSAf4wxovwY6n1Fuqt8yZe1PDVg > dsaGroup.q=ALFDNoq81R9Y1kQNVBc5kzmk0VvvCWosXY5t9E9S1tN5 > dsaGroup.p=AIYIrE9VNhM38qPjirGGT-PJjWZBHY0q-JxSYyDFQfZQeOhrx4SUpdc~SppnWD~UHymT7WyX28eV3YjwkVyc~--H5Tc83hPjx8qQc7kQbrMb~CJy7QBX~YSocKGfioO-pwfRZEDDguYtOJBHPqeenVDErGsfHTCxDDKgL2hYM8Ynj8Kes0OcUzOIVhShFSGbOAjJKjeg82XNXmG1hhdh2tnv8M4jJQ9ViEj425Mrh6O9jXovfPmcdYIr3C~3waHXjQvPgUiK4N5Saf~FOri48fK-PmwFZFc-YSgI9o2-70nVybSnBXlM96QkzU6x4CYFUuZ7-B~je0ofeLdX7xhehuk > ark.pubURI=SSK at 1CA0TRYSSEnK~Tj7-OqVajmsqS85iUVhjmuz8EU9HQs,MuvO8pTCCPCTqUIMpkEXUBu55nV2DgiGjhSgr~9FY0I,AQABAAE/ark > ark.number=128 > End > > I think it speaks for itself. > > Ian. > > On 3/5/07, Matthew Toseland wrote: > > I don't understand why a password and IP address is easier than a > > one-time reference. I suppose it has the advantage of being able to > > write it down - but for it to be secure it would need to be a one-time > > password; you'd need to generate a new one every time ... > > > > Hmmm. Maybe we should provide both mechanisms? > > > > On Mon, Mar 05, 2007 at 01:13:43PM -0500, Colin Davis wrote: > > > It solves #2- Don't run things you get in e-mail.. > > > > > > Instead of requiring a Noderef, allow someone to connect with just a > > > password, and the IP address. This is something you can TELL someone, or > > > say in an IM, no file transfer required. > > > > > > Dave Baker wrote: > > > > On Monday 05 March 2007 18:02:42 Colin Davis wrote: > > > >> I know it's less secure, but what about simply allowing people to > > > >> connect to your machine if they know a passphrase? The passphrase would > > > >> take the place of the Key, but be user-settable, and short. > > > > > > > > That doesn't solve either problem though, surely? > > > > > > > > my 2p on #freenet: > > > > > > > > [17:48] as far as both-way-adding goes, I think that's where we reach a > > > > tradeoff with security, which is one of the main challanges for Freenet. > > > > [17:49] I'm not convinced the whole difficulty of exchanging refs isn't > > > > a red herring - everyone can handle emailing a file. > > > > > > > > I'm definately in favour of the ability to burn a CD with an installer on it > > > > that installs a node with your reference pre-bundled, although I think > > > > leaving the installer out for an emailed-version means it's nothing the user > > > > couldn't do themselves. > > > > > > > > > > > > Dave > > > > > > > > > > > >> > > > >> > > > >> If that were in place, you could send an e-mail saying: > > > >> > > > >> Hey Jon, I just found this cool new thing called freenet, which lets you > > > >> get to all sorts of sites which aren't on the normal web! It's > > > >> anonymous, and free, you should check it out. It works by connecting > > > >> through each other's computers, but I'll let you connect to me to get > > > >> started. > > > >> > > > >> Go to FreenetProject.org and download it, then give it my hostname, > > > >> which is XXXXXXX and give it the connection passphrase "IamNotEvil". > > > >> > > > >> Don't give anyone else that information, or it won't work. It'll only > > > >> allow one connection.. After your up, you can connect to other friends, > > > >> and everyone's connection gets faster. > > > >> > > > >> I'm on IM if you want to talk about it. > > > >> -Person you Know. > > > >> > > > >> Matthew Toseland wrote: > > > >>> We will only get a darknet if it is really easy to swap references with > > > >>> your friends - opennet or no opennet. > > > >>> > > > >>> The original idea for Freenet 0.7 reference swapping was that you: > > > >>> - Go to your node, and ask it to create a bundle. > > > >>> - Send the bundle to your friends. > > > >>> - They unzip it and run it to install Freenet. > > > >>> - The bundle includes your noderef. > > > >>> - It also includes a one-time key that allows the node to automatically > > > >>> connect to yours despite yours not having their noderef yet. > > > >>> > > > >>> There are two big problems with this: > > > >>> > > > >>> 1) Everyone and his dog is behind a NAT. This means in order to connect > > > >>> you must have already exchanged references, full stop. THIS SUCKS. It > > > >>> also affects connectivity for newbies in a bad way (which is important > > > >>> IMHO). > > > >>> > > > >>> 2) Generally people shouldn't run programs that they receive in emails! > > > >>> > > > >>> Solution to the first one - and to newbie connectivity issues - is to > > > >>> implement UP&P and hope that routers implement it properly in future - > > > >>> is this a realistic hope? > > > >>> > > > >>> Solution to the second one is to just send the noderef and a link to the > > > >>> website, and only use full bundles when e.g. giving somebody a CD-R > > > >>> (which we should make really easy). > > > >>> > > > >>> Plugins for e.g. IRC clients, IM clients, have been suggested but I'm > > > >>> not sure how well this would work for newbies, and in any case I set up > > > >>> a darknet-tools list for people to talk about this and nobody has even > > > >>> talked about it since a few days after it was set up, let alone done > > > >>> anything. > > > >>> > > > >>> <_ph00> so the basic problem is "how to safely exchage refs", and the > > > >>> solution "eliminate ref exchanging by implementing opennet"?!? Am I the > > > >>> only one to think that's very stupid? > > > >>> > > > >>> > > > >>> ------------------------------------------------------------------------ > > > >>> > > > >>> _______________________________________________ > > > >>> Devl mailing list > > > >>> Devl at freenetproject.org > > > >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > >> _______________________________________________ > > > >> Devl mailing list > > > >> Devl at freenetproject.org > > > >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > > > > > > > _______________________________________________ > > > > Devl mailing list > > > > Devl at freenetproject.org > > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > _______________________________________________ > > > Devl mailing list > > > Devl at freenetproject.org > > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.6 (GNU/Linux) > > > > iD8DBQFF7Jt7A9rUluQ9pFARAr7gAJ9iJHAur3dIsrClY+AmFSQgOy6bXgCfY2Po > > kqDOiGlYjY/lZ0v66rlsip0= > > =NcEY > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > Devl mailing list > > Devl at freenetproject.org > > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > > > > > -- > Founder and CEO, Thoof Inc > Email: ian at thoof.com > Office: +1 512 485 1970 > Cell: +1 310 593 3724 > AIM: ian.clarke at mac.com > Skype: sanity > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/07157e0a/attachment.pgp From toad at amphibian.dyndns.org Tue Mar 6 16:42:51 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 6 Mar 2007 16:42:51 +0000 Subject: [freenet-dev] what about the automatic updater? In-Reply-To: <20070306103051.GB4145@freenetproject.org> References: <200703060712.50393.the_bishop@web.de> <20070306103051.GB4145@freenetproject.org> Message-ID: <20070306164251.GB3992@amphibian.dyndns.org> On Tue, Mar 06, 2007 at 11:30:51AM +0100, Florent Daigni?re (NextGen$) wrote: > * Martin Scheffler [2007-03-06 07:12:48]: > > > does the updated code gets uploaded to freenet this time? > > i had no luck updating the node by itself so far... > > > > good byte > > Toad hasn't announced the new build yet: it's likely he hasn't inserted > it. I have inserted 1018 but not 1017. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/1ec7936a/attachment.pgp From freenet-devl at osndok.com Tue Mar 6 18:03:40 2007 From: freenet-devl at osndok.com (Robert Hailey) Date: Tue, 6 Mar 2007 12:03:40 -0600 Subject: [freenet-dev] Easier reference swapping In-Reply-To: <20070306164222.GA3992@amphibian.dyndns.org> References: <20070305174545.GA29567@amphibian.dyndns.org> <45EC5B42.1010701@sq7.org> <200703051809.41642.dbkr@freenetproject.org> <45EC5DD7.6080302@sq7.org> <20070305223643.GA12373@amphibian.dyndns.org> <823242bd0703060705s280801d4o217062ddfcf12817@mail.gmail.com> <20070306164222.GA3992@amphibian.dyndns.org> Message-ID: If I may suggest... In a password based connection establishment the user has to interact with the node anyway (either to set or view the password to convey it). As I understand it, an established node must already have a working NAT hole with it's external address and port known. So why not have the node supply this short (copy/pastable, IM- able, conversational) string? e.g. User enters "foriemdhs" as a new connection password, to which the node responds... "Accepted, here is a url to your node: foriemdhs at 43.213.43.1:54533" With the pinhole information, the new node can then send to the established node it's reference; yet the new node most likely does not know it's external address. However, wouldn't the source-address from the udp packets be the new node's external address 99% of the time? Perhaps this would not work if the node's pinhole changes frequently. -- Robert Hailey On Mar 6, 2007, at 10:42 AM, Matthew Toseland wrote: > Well, if you are exchanging electronically, you are probably able to > move the latter as easily as the former, no? > > Sadly no, because of the [ insert favourite expletive ] NATs which > kill > DCC. But you can move a small file with IM clients, surely? It's > moving > a file and then double clicking on it or even executing it in place, > versus copying a line of text manually. > > So it would be easier for IRC and other stuff crippled by NATs. > Would it > be easier for anything practically used by semi-geek (rather than > ubergeek) users? > > Also you can write it down. However, because it would probably have to > be a one-time password (for security when dealing with newbies; if > it's > a two way exchange, you could maybe have more permanent passwords, > at a > cost in security), you can't remember it and write it down. And > even if it wasn't one-time, you probably can't write it down anyway if > you don't have a semistatic IP - but a lot of people *do* have > semistatic IPs... > > Anyway, it would help in some cases, sure. So we should probably have > both. > > On Tue, Mar 06, 2007 at 09:05:56AM -0600, Ian Clarke wrote: >> You don't understand why: >> >> 43.213.43.1:54533:foriemdhs >> >> ...is easier than... >> >> identity=MZHvIrRsHRLqqTaEN-S5lLpeD8yk572zFfPFxsCsS-M >> location=0.16978598221719554 >> testnet=false >> myName=SanityMBP >> lastGoodVersion=Fred,0.7,1.0,1009 >> sig=1fd90af28fddd96d0b159c7bd93658f9267b84dbacef75bc400074258eabe81e, >> 433cac175114111647b4d1e0af84448c34620adb6accf307e14daf72960a8048 >> version=Fred,0.7,1.0,1009 >> dsaPubKey.y=Xw1RbImKwC5EYlfOZtvV0nUz- >> ujplXfW6IHq125LfajUe2m6sA~IHwvu75wtCvdp~TgjNlgddQMhVBtOkhvSIr1cdiWFYq >> SaeULGFDeFJdON8PZj1Apt7IN2xIVh17WUA99JoeZhCKUH9d- >> nKubllovx0qFyVpezkPaluWhQrOx0JCYEYJOmah5xIUlvdPfG7bkSWGnWDq5VfJAQTIW~ >> XW2CBjtXh1jbsfOAE1l9k35JY44jNJ4Ehq- >> qlPLYO1gqpHE~HsikKxYFGX3FcByxRIYCTxVTSfO9bx6vAxzaBQnDIC6zthhzKJAezRJE >> M~YZ4zZA0q39~0Y8eKK1yIrSOQ >> physical.udp=sanity1.dyndns.org:14505;76.167.194.83:14505 >> dsaGroup.g=UaRatnDByf0QvTlaaAXTMzn1Z15LDTXe-J~gOqXCv0zpz83CVngSkb-- >> bVRuZ9R65OFg~ATKcuw8VJJwn1~A9p5jRt2NPj2EM7bu72O85- >> mFdBhcav8WHJtTbXb4cxNzZaQkbPQUv~gEnuEeMTc80KZVjilQ7wlTIM6GIY~ZJVHMKSI >> kEU87YBRtIt1R~BJcnaDAKBJv~oXv1PS-6iwQRFMynMEmipfpqDXBTkqaQ8ahiGWA41rY >> 8d4jDhrzIgjvkzfxkkcCpFFOldwW8w8MEecUoRLuhKnY1sm8nnTjNlYLtc1Okeq- >> ba0mvwygSAf4wxovwY6n1Fuqt8yZe1PDVg >> dsaGroup.q=ALFDNoq81R9Y1kQNVBc5kzmk0VvvCWosXY5t9E9S1tN5 >> dsaGroup.p=AIYIrE9VNhM38qPjirGGT-PJjWZBHY0q- >> JxSYyDFQfZQeOhrx4SUpdc~SppnWD~UHymT7WyX28eV3YjwkVyc~-- >> H5Tc83hPjx8qQc7kQbrMb~CJy7QBX~YSocKGfioO- >> pwfRZEDDguYtOJBHPqeenVDErGsfHTCxDDKgL2hYM8Ynj8Kes0OcUzOIVhShFSGbOAjJK >> jeg82XNXmG1hhdh2tnv8M4jJQ9ViEj425Mrh6O9jXovfPmcdYIr3C~3waHXjQvPgUiK4N >> 5Saf~FOri48fK-PmwFZFc-YSgI9o2-70nVybSnBXlM96QkzU6x4CYFUuZ7- >> B~je0ofeLdX7xhehuk >> ark.pubURI=SSK at 1CA0TRYSSEnK~Tj7- >> OqVajmsqS85iUVhjmuz8EU9HQs,MuvO8pTCCPCTqUIMpkEXUBu55nV2DgiGjhSgr~9FY0 >> I,AQABAAE/ark >> ark.number=128 >> End >> >> I think it speaks for itself. >> >> Ian. >> >> On 3/5/07, Matthew Toseland wrote: >>> I don't understand why a password and IP address is easier than a >>> one-time reference. I suppose it has the advantage of being able to >>> write it down - but for it to be secure it would need to be a one- >>> time >>> password; you'd need to generate a new one every time ... >>> >>> Hmmm. Maybe we should provide both mechanisms? >>> >>> On Mon, Mar 05, 2007 at 01:13:43PM -0500, Colin Davis wrote: >>>> It solves #2- Don't run things you get in e-mail.. >>>> >>>> Instead of requiring a Noderef, allow someone to connect with >>>> just a >>>> password, and the IP address. This is something you can TELL >>>> someone, or >>>> say in an IM, no file transfer required. >>>> >>>> Dave Baker wrote: >>>>> On Monday 05 March 2007 18:02:42 Colin Davis wrote: >>>>>> I know it's less secure, but what about simply allowing people to >>>>>> connect to your machine if they know a passphrase? The >>>>>> passphrase would >>>>>> take the place of the Key, but be user-settable, and short. >>>>> >>>>> That doesn't solve either problem though, surely? >>>>> >>>>> my 2p on #freenet: >>>>> >>>>> [17:48] as far as both-way-adding goes, I think that's >>>>> where we reach a >>>>> tradeoff with security, which is one of the main challanges for >>>>> Freenet. >>>>> [17:49] I'm not convinced the whole difficulty of >>>>> exchanging refs isn't >>>>> a red herring - everyone can handle emailing a file. >>>>> >>>>> I'm definately in favour of the ability to burn a CD with an >>>>> installer on it >>>>> that installs a node with your reference pre-bundled, although >>>>> I think >>>>> leaving the installer out for an emailed-version means it's >>>>> nothing the user >>>>> couldn't do themselves. >>>>> >>>>> >>>>> Dave >>>>> >>>>> >>>>>> >>>>>> >>>>>> If that were in place, you could send an e-mail saying: >>>>>> >>>>>> Hey Jon, I just found this cool new thing called freenet, >>>>>> which lets you >>>>>> get to all sorts of sites which aren't on the normal web! It's >>>>>> anonymous, and free, you should check it out. It works by >>>>>> connecting >>>>>> through each other's computers, but I'll let you connect to me >>>>>> to get >>>>>> started. >>>>>> >>>>>> Go to FreenetProject.org and download it, then give it my >>>>>> hostname, >>>>>> which is XXXXXXX and give it the connection passphrase >>>>>> "IamNotEvil". >>>>>> >>>>>> Don't give anyone else that information, or it won't work. >>>>>> It'll only >>>>>> allow one connection.. After your up, you can connect to other >>>>>> friends, >>>>>> and everyone's connection gets faster. >>>>>> >>>>>> I'm on IM if you want to talk about it. >>>>>> -Person you Know. >>>>>> >>>>>> Matthew Toseland wrote: >>>>>>> We will only get a darknet if it is really easy to swap >>>>>>> references with >>>>>>> your friends - opennet or no opennet. >>>>>>> >>>>>>> The original idea for Freenet 0.7 reference swapping was that >>>>>>> you: >>>>>>> - Go to your node, and ask it to create a bundle. >>>>>>> - Send the bundle to your friends. >>>>>>> - They unzip it and run it to install Freenet. >>>>>>> - The bundle includes your noderef. >>>>>>> - It also includes a one-time key that allows the node to >>>>>>> automatically >>>>>>> connect to yours despite yours not having their noderef yet. >>>>>>> >>>>>>> There are two big problems with this: >>>>>>> >>>>>>> 1) Everyone and his dog is behind a NAT. This means in order >>>>>>> to connect >>>>>>> you must have already exchanged references, full stop. THIS >>>>>>> SUCKS. It >>>>>>> also affects connectivity for newbies in a bad way (which is >>>>>>> important >>>>>>> IMHO). >>>>>>> >>>>>>> 2) Generally people shouldn't run programs that they receive >>>>>>> in emails! >>>>>>> >>>>>>> Solution to the first one - and to newbie connectivity issues >>>>>>> - is to >>>>>>> implement UP&P and hope that routers implement it properly in >>>>>>> future - >>>>>>> is this a realistic hope? >>>>>>> >>>>>>> Solution to the second one is to just send the noderef and a >>>>>>> link to the >>>>>>> website, and only use full bundles when e.g. giving somebody >>>>>>> a CD-R >>>>>>> (which we should make really easy). >>>>>>> >>>>>>> Plugins for e.g. IRC clients, IM clients, have been suggested >>>>>>> but I'm >>>>>>> not sure how well this would work for newbies, and in any >>>>>>> case I set up >>>>>>> a darknet-tools list for people to talk about this and nobody >>>>>>> has even >>>>>>> talked about it since a few days after it was set up, let >>>>>>> alone done >>>>>>> anything. >>>>>>> >>>>>>> <_ph00> so the basic problem is "how to safely exchage refs", >>>>>>> and the >>>>>>> solution "eliminate ref exchanging by implementing >>>>>>> opennet"?!? Am I the >>>>>>> only one to think that's very stupid? >>>>>>> >>>>>>> >>>>>>> ---------------------------------------------------------------- >>>>>>> -------- >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Devl mailing list >>>>>>> Devl at freenetproject.org >>>>>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>>>> _______________________________________________ >>>>>> Devl mailing list >>>>>> Devl at freenetproject.org >>>>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>>> >>>>> >>>>> _______________________________________________ >>>>> Devl mailing list >>>>> Devl at freenetproject.org >>>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>> >>>> _______________________________________________ >>>> Devl mailing list >>>> Devl at freenetproject.org >>>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>>> >>> >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v1.4.6 (GNU/Linux) >>> >>> iD8DBQFF7Jt7A9rUluQ9pFARAr7gAJ9iJHAur3dIsrClY+AmFSQgOy6bXgCfY2Po >>> kqDOiGlYjY/lZ0v66rlsip0= >>> =NcEY >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> Devl mailing list >>> Devl at freenetproject.org >>> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >>> >> >> >> -- >> Founder and CEO, Thoof Inc >> Email: ian at thoof.com >> Office: +1 512 485 1970 >> Cell: +1 310 593 3724 >> AIM: ian.clarke at mac.com >> Skype: sanity >> _______________________________________________ >> Devl mailing list >> Devl at freenetproject.org >> http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >> > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl From toad at amphibian.dyndns.org Tue Mar 6 19:52:43 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 6 Mar 2007 19:52:43 +0000 Subject: [freenet-dev] Beginnings of new low-level spec Message-ID: <20070306195243.GA16228@amphibian.dyndns.org> MRogers posted the following on Frost: http://wiki.freenetproject.org/NewPacketFormat http://wiki.freenetproject.org/NewTransportLayer Any feedback would be welcome. These are the new proposed formats for the packet transport layer and the congestion control and retransmission layer respectively. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://emu.freenetproject.org/pipermail/devl/attachments/20070306/73469430/attachment.pgp From toad at amphibian.dyndns.org Tue Mar 6 21:22:14 2007 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 6 Mar 2007 21:22:14 +0000 Subject: [freenet-dev] Freenet 0.7 build 1018 Message-ID: <20070306212213.GA504@amphibian.dyndns.org> Freenet 0.7 build 1018 is now available. Your nodes should automatically download the new update for you; please upgrade. If auto-update is not working, please tell us. There are very many changes in build 1018, far too many to list here, but the main thing is that Fred's memory usage should be significantly reduced. A lot of work has gone into this area, including a 2-line patch which dramatically cuts the datastore's memory use, and major work