From mrflibble at urbantakeover.freeserve.co.uk Sun Jan 13 01:14:05 2008 From: mrflibble at urbantakeover.freeserve.co.uk (Mr. Flibble) Date: Sun, 13 Jan 2008 01:14:05 -0000 Subject: [Tech] Akamai In-Reply-To: <4754110D.40008@batosai.net> Message-ID: <03f501c85581$97770140$0a7b0001@deepspace3> Does anyone know anything about akamai? We mainly use it to cache content and reduce latency for VoIP. I heard an interesting conversation at work with some high up technical dude a while ago. He mentioned that a website of ours was getting blocked in china. It was blocked either because we linked to a page that mentioned sex, or we had the word sex on one of our pages. Anyway, he said that using akamai caching got round this. As I'd only been in the job for a month, I didn't think it wise to quiz him too much about it as he might have thought me either a troublemaker, or a wierdo, or both. Maybe it's just as simple as the fact that akamai is big enough to bribe the right people over there. Does anyone know anything more about this kind of thing? From m.rogers at cs.ucl.ac.uk Sun Jan 13 18:08:14 2008 From: m.rogers at cs.ucl.ac.uk (Michael Rogers) Date: Sun, 13 Jan 2008 18:08:14 +0000 Subject: [Tech] Akamai In-Reply-To: <03f501c85581$97770140$0a7b0001@deepspace3> References: <03f501c85581$97770140$0a7b0001@deepspace3> Message-ID: <478A538E.9010205@cs.ucl.ac.uk> Mr. Flibble wrote: > He mentioned that a website of ours was getting blocked in china. > It was blocked either because we linked to a page that mentioned sex, or we > had the word sex on one of our pages. > Anyway, he said that using akamai caching got round this. If the filtering is based on IP address, that would make sense - blocking an Akamai cache would cause a lot of collateral damage to unrelated sites. I believe the Chinese firewall also resets TCP connections if certain keywords are detected, but maybe the word sex doesn't have a high enough priority to get onto that particular blacklist. Try putting Falun Gong on one of your pages and see if it still gets through. :-) Or maybe Akamai delivers the data to its caches inside China in a compressed or encrypted form, unintentionally circumventing the RST filter as well as the IP filter? Cheers, Michael From toad at amphibian.dyndns.org Tue Jan 15 14:39:10 2008 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 15 Jan 2008 14:39:10 +0000 Subject: [Tech] We need more seednodes! Message-ID: <200801151439.19698.toad@amphibian.dyndns.org> We are in urgent need of more seednodes! We have 8 seednodes at present, and they are not very reliable; there have been several times when only my node was working, and that's very bad as I've had some major connectivity problems lately. Please email me if you have a node you are willing to use as a public seednode. The node must have reasonably high uptime (at least 50%), average bandwidth, and have a static IP or dyndns etc domain name. You will be helping new nodes to bootstrap themselves onto the network - the catch is that your opennet noderef will be part of the official seednodes.fref file, so an attacker can connect to it (as a seed client) very easily. This is only a partial connection - for him to get connected to it and able to attack it, he will need to repeatedly announce to it until it accepts his connections. You can get your opennet noderef from: http://127.0.0.1:8888/strangers/myref.fref Please send me it by email (preferably encrypted). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/tech/attachments/20080115/5e6cbc83/attachment.pgp From m.rogers at cs.ucl.ac.uk Wed Jan 16 15:53:02 2008 From: m.rogers at cs.ucl.ac.uk (Michael Rogers) Date: 16 Jan 2008 15:53:02 +0000 Subject: [Tech] F2F news/blogging Message-ID: This is an old idea of mine that could be implemented with N2NMs - similar to Syndie but with an F2F distribution mechanism. A journal is a series of articles signed with the author's private key. The articles in the journal may be written by the user or reposted from other journals, either manually or automatically (syndication). When a user writes or reposts an article it's sent to her online friends and queued for her offline friends. Articles can be marked 'friends only', in which case they should never be reposted, but obviously this can't be enforced - you just have to trust your friends. A user who reads a reposted article and wants to subscribe to the author's journal (to read and/or syndicate it) sends a subscription request to the friend in whose journal she read the article. If the friend is already subscribed to the requested journal, she forwards subsequent articles to the requester. If the friend reposted an individual article but doesn't subscribe to the journal herself, she can forward the request to the friend in whose journal she read the article, and so on. (Requests to offline users are queued.) Eventually the publisher or a subscriber will be found and the new subscription path can be established. Any thoughts? Cheers, Michael From toad at amphibian.dyndns.org Wed Jan 16 18:04:47 2008 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Wed, 16 Jan 2008 18:04:47 +0000 Subject: [Tech] F2F news/blogging In-Reply-To: References: Message-ID: <200801161804.52430.toad@amphibian.dyndns.org> On Wednesday 16 January 2008 15:53, Michael Rogers wrote: > This is an old idea of mine that could be implemented with N2NMs - similar > to Syndie but with an F2F distribution mechanism. > > A journal is a series of articles signed with the author's private key. The > articles in the journal may be written by the user or reposted from other > journals, either manually or automatically (syndication). When a user > writes or reposts an article it's sent to her online friends and queued for > her offline friends. Articles can be marked 'friends only', in which case > they should never be reposted, but obviously this can't be enforced - you > just have to trust your friends. > > A user who reads a reposted article and wants to subscribe to the author's > journal (to read and/or syndicate it) sends a subscription request to the > friend in whose journal she read the article. If the friend is already > subscribed to the requested journal, she forwards subsequent articles to > the requester. If the friend reposted an individual article but doesn't > subscribe to the journal herself, she can forward the request to the friend > in whose journal she read the article, and so on. (Requests to offline > users are queued.) Eventually the publisher or a subscriber will be found > and the new subscription path can be established. > > Any thoughts? What is the benefit of doing it over N2NMs rather than over simple USK feeds? > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/tech/attachments/20080116/0305e45f/attachment.pgp From m.rogers at cs.ucl.ac.uk Wed Jan 16 19:31:03 2008 From: m.rogers at cs.ucl.ac.uk (Michael Rogers) Date: Wed, 16 Jan 2008 19:31:03 +0000 Subject: [Tech] F2F news/blogging In-Reply-To: <200801161804.52430.toad@amphibian.dyndns.org> References: <200801161804.52430.toad@amphibian.dyndns.org> Message-ID: <478E5B77.4020105@cs.ucl.ac.uk> Matthew Toseland wrote: > What is the benefit of doing it over N2NMs rather than over simple USK feeds? It reuses the darknet web of trust: I only see articles written or reposted by my friends. Cheers, Michael From toad at amphibian.dyndns.org Sat Jan 19 21:04:03 2008 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Sat, 19 Jan 2008 21:04:03 +0000 Subject: [Tech] Tree-based passive requests proposal Message-ID: <200801192104.07952.toad@amphibian.dyndns.org> My current thinking on passive requests (long-term, post-0.7.0). http://wiki.freenetproject.org/TreePassiveRequests Please have a look at it when you get around to it. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/tech/attachments/20080119/3b782af5/attachment.pgp From mrflibble at urbantakeover.freeserve.co.uk Sun Jan 20 16:00:58 2008 From: mrflibble at urbantakeover.freeserve.co.uk (Mr. Flibble) Date: Sun, 20 Jan 2008 16:00:58 -0000 Subject: [Tech] Akamai In-Reply-To: <478A538E.9010205@cs.ucl.ac.uk> Message-ID: <037d01c85b7d$a91f75b0$6a634fd9@deepspace3> > Mr. Flibble wrote: > > He mentioned that a website of ours was getting blocked in china. > > It was blocked either because we linked to a page that > mentioned sex, or we > > had the word sex on one of our pages. > > Anyway, he said that using akamai caching got round this. > > If the filtering is based on IP address, that would make sense - > blocking an Akamai cache would cause a lot of collateral damage to > unrelated sites. > > I believe the Chinese firewall also resets TCP connections if certain > keywords are detected, but maybe the word sex doesn't have a > high enough > priority to get onto that particular blacklist. Try putting Falun Gong > on one of your pages and see if it still gets through. :-) Lol, good point, although I don't know anyone in china to test this :( > Or maybe Akamai delivers the data to its caches inside China in a > compressed or encrypted form, unintentionally circumventing the RST > filter as well as the IP filter? Good q. I think I need to find out more about this. From stwa4647000 at yahoo.co.uk Mon Jan 21 00:12:05 2008 From: stwa4647000 at yahoo.co.uk (Stephen Walford) Date: Mon, 21 Jan 2008 00:12:05 +0000 (GMT) Subject: [Tech] Some issues and considerations Message-ID: <439534.58835.qm@web25401.mail.ukl.yahoo.com> An HTML attachment was scrubbed... URL: http://emu.freenetproject.org/pipermail/tech/attachments/20080121/590112ce/attachment.htm From m.rogers at cs.ucl.ac.uk Mon Jan 21 10:09:46 2008 From: m.rogers at cs.ucl.ac.uk (Michael Rogers) Date: 21 Jan 2008 10:09:46 +0000 Subject: [Tech] Some issues and considerations In-Reply-To: <439534.58835.qm@web25401.mail.ukl.yahoo.com> References: <439534.58835.qm@web25401.mail.ukl.yahoo.com> Message-ID: Hi Stephen, > In the UK, a new law has been brought in which would make > it a crime for a suspect who has encrypted data on his computer to fail > to reveal the password to the police. The police can only issue a disclosure order if they believe "on reasonable grounds... that a key to the protected information is on the possession of" the person in question. I'm not a lawyer but that suggests a defence on the basis that you don't have, and have never had, the key in question. http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_8#pt3-pb1-l1g49 > And in the USA, users with encrypted content are > curently protected by a constitutional right to privacy which prevents > police from compelling them to disclose their passwords. But right now > even that right is being put into question with an important test case > taking place (see link below)... The test case relates to users who know a password but refuse to disclose it; it does not relate to users who don't know a decryption key (which would be too long for most people to memorise anyway). > It is also important to point > out that at least in the USA the NSA avails itself to the use of advanced > programs that can carry out advanced 'dictionary analysis' to permute > nearly every possible combination of letters and numbers for a 'brute > force' attack to discover the password for an encrypted file - a process > that can take years. Again, this is not strictly relevant - a password can be cracked using brute force, but a 256-bit encryption key can't. > Secondly, there > are government installations in the UK (for instance a new MI6 building > on the London enbankment, which has the national internet traffic > channeled through it) which carry out surveillance of communications > including internet communications. This surveillance includes not just > keyword profiling but also several other different kinds of intelligent > and statistical analysis of the traffic itself, even where encrypted > files are involved, and an significant intelligence perspective can be > obtained in this way. Yes, traffic analysis is a very important issue. Freenet does its best to frustrate traffic analysis by using a transport protocol with no unencrypted header fields, delaying and coalescing small packets to disguise timing patterns, and padding packets to disguise the size of the payload. Nevertheless I'm sure it's possible to design a rule for a deep packet inspection engine that will identify Freenet traffic. A possible direction for future research would be hiding Freenet traffic inside other application-layer protocols (HTTP, BitTorrent, RTP etc). Cheers, Michael From toad at amphibian.dyndns.org Tue Jan 22 01:42:20 2008 From: toad at amphibian.dyndns.org (Matthew Toseland) Date: Tue, 22 Jan 2008 01:42:20 +0000 Subject: [Tech] Some issues and considerations In-Reply-To: References: <439534.58835.qm@web25401.mail.ukl.yahoo.com> Message-ID: <200801220142.25046.toad@amphibian.dyndns.org> On Monday 21 January 2008 10:09, Michael Rogers wrote: > > Secondly, there > > are government installations in the UK (for instance a new MI6 building > > on the London enbankment, which has the national internet traffic > > channeled through it) which carry out surveillance of communications > > including internet communications. This surveillance includes not just > > keyword profiling but also several other different kinds of intelligent > > and statistical analysis of the traffic itself, even where encrypted > > files are involved, and an significant intelligence perspective can be > > obtained in this way. > > Yes, traffic analysis is a very important issue. Freenet does its best to > frustrate traffic analysis by using a transport protocol with no > unencrypted header fields, delaying and coalescing small packets to > disguise timing patterns, and padding packets to disguise the size of the > payload. Nevertheless I'm sure it's possible to design a rule for a deep > packet inspection engine that will identify Freenet traffic. Depends on what you mean by "deep packet inspection". It would have to be stateful; traffic flow analysis would do it nicely, whatever we wrap it in, or perhaps some rules on not matching other things and size profiles. > > A possible direction for future research would be hiding Freenet traffic > inside other application-layer protocols (HTTP, BitTorrent, RTP etc). > > Cheers, > Michael -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://emu.freenetproject.org/pipermail/tech/attachments/20080122/0907a667/attachment.pgp From m.rogers at cs.ucl.ac.uk Mon Jan 28 02:13:28 2008 From: m.rogers at cs.ucl.ac.uk (Michael Rogers) Date: Mon, 28 Jan 2008 02:13:28 +0000 Subject: [Tech] [Fwd: Re: [p2p-hackers] [tahoe-dev] Surely M$ can patent this process?] Message-ID: <479D3A48.5030709@cs.ucl.ac.uk> Does MS have a patent on CHKs? -------------- next part -------------- An embedded message was scrubbed... From: zooko Subject: Re: [p2p-hackers] [tahoe-dev] Surely M$ can patent this process? Date: Sun, 27 Jan 2008 09:18:50 -0700 Size: 7882 Url: http://emu.freenetproject.org/pipermail/tech/attachments/20080128/36520a01/attachment.eml