Matthew Toseland | 1 Jan 02:22 2011
Picon

Freenet 0.7.5 build 1316

Freenet 0.7.5 build 1316 is now available. Please upgrade, it will be mandatory on Wednesday. This build
mostly consists of bugfixes and architectural improvements to the new packet format code. There are also
some minor changes to the first-time wizard (the new opennet/darknet choice), optimisations for
seednodes, bookmarks are changed (added Linkageddon, got rid of FAI and Blabber), one small plugins API
change needed by Sone, and fixes for the network auto-testing code which digger3 is using to generate
statistics showing whether a build is better than a previous build etc.

Please upgrade, and let us know if there is any problem. Thanks!

Apologies if things are a bit rough at the moment. We need to get a feature complete alpha release out as soon
as possible, and there are still some big pieces of the new load management code and related stuff (such as
the new packet format) which need to be put in place. In some cases it makes sense to deploy a risky change
because the network is already suffering due to other problems, previous partial deployments etc (e.g.
SSKs are routed much better than CHKs at the moment).
_______________________________________________
Support mailing list
Support@...
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-request@...?subject=unsubscribe
Matthew Toseland | 1 Jan 14:32 2011
Picon

Re: Darknet vs opennet wording? was Re: Addressing the "Barlow" attack against opennet

On Thursday 23 December 2010 19:32:31 Matthew Toseland wrote:
> On Tuesday 21 December 2010 00:42:53 Matthew Toseland wrote:
> > On Friday 17 December 2010 15:50:11 Matthew Toseland wrote:
> > > On Tuesday 07 December 2010 17:21:07 Matthew Toseland wrote:
> > > > On Friday 03 December 2010 19:15:22 Klaus Koch wrote:
> > > > > > > It is a hard problem. But our traditional approach hasn't been terribly
> > > > > > > honest IMHO.
> > > > > 
> > > > > We were talking on #freenet on how to explain new users in a few words 
> > > > > (installer?) what freenet's security is all about and how to "warn" them of 
> > > > > the shortcomings of opennet. I came up with the following text:
> > > > > 
> > > > > "Freenet's security and anonymity is based on the idea that users connect to
> > > > > people they trust. Opennet mode (=LOW security level) is a convenience feature
> > > > > for new users who don't have trusted peers yet and it's security is not as 
> > > > > strong as darknet (= MEDIUM/HIGH security level). Use this mode to befriend 
> > > > > people you think you can trust. Get the highest security out of freenet by 
> > > > > connection to your reallife friends!"
> > > > > 
> > > > > somehow there's still missing that even connecting to a coworker is better 
> > > > > than a random stranger, but I still struggle to put it into one of the 
> > > > > sentences...
> > > > 
> > > > IMHO that is precisely what people misunderstand most frequently. How about:
> > > > 
> > > > Generally on Freenet you are only vulnerable to the users your node is connected to. 
> > > > Do you want Freenet to connect only to your friends? 
> > > > 
> > > > YES (DARKNET MODE):
> > > > If you have 5 or more friends who run Freenet, you should enable darknet mode, and add them on the Friends
(Continue reading)

Matthew Toseland | 1 Jan 17:22 2011
Picon

Your friends can see what you are doing was Re: Darknet vs opennet wording? was Re: Addressing the "Barlow" attack against opennet

On Saturday 01 January 2011 13:32:41 Matthew Toseland wrote:
> On Thursday 23 December 2010 19:32:31 Matthew Toseland wrote:
> > On Tuesday 21 December 2010 00:42:53 Matthew Toseland wrote:
> > > On Friday 17 December 2010 15:50:11 Matthew Toseland wrote:
> > > > On Tuesday 07 December 2010 17:21:07 Matthew Toseland wrote:
> > > > > On Friday 03 December 2010 19:15:22 Klaus Koch wrote:
> > > > > > > > It is a hard problem. But our traditional approach hasn't been terribly
> > > > > > > > honest IMHO.
> > > > > > 
> > > > > > We were talking on #freenet on how to explain new users in a few words 
> > > > > > (installer?) what freenet's security is all about and how to "warn" them of 
> > > > > > the shortcomings of opennet. I came up with the following text:
> > > > > > 
> > > > > > "Freenet's security and anonymity is based on the idea that users connect to
> > > > > > people they trust. Opennet mode (=LOW security level) is a convenience feature
> > > > > > for new users who don't have trusted peers yet and it's security is not as 
> > > > > > strong as darknet (= MEDIUM/HIGH security level). Use this mode to befriend 
> > > > > > people you think you can trust. Get the highest security out of freenet by 
> > > > > > connection to your reallife friends!"
> > > > > > 
> > > > > > somehow there's still missing that even connecting to a coworker is better 
> > > > > > than a random stranger, but I still struggle to put it into one of the 
> > > > > > sentences...
> > > > > 
> > > > > IMHO that is precisely what people misunderstand most frequently. How about:
> > > > > 
> > > > > Generally on Freenet you are only vulnerable to the users your node is connected to. 
> > > > > Do you want Freenet to connect only to your friends? 
> > > > > 
> > > > > YES (DARKNET MODE):
(Continue reading)

Matthew Toseland | 1 Jan 17:50 2011
Picon

Friends can see what you are doing: How to deal with this?

Right now the situation on Freenet is that:
- Your peers can see what you are doing. On either opennet or darknet!
- On opennet, anonymous identities can be traced by e.g. connecting to every node.
- On darknet, tracing anonymous identities is very hard.
- It is possible to write a plugin to identify a large proportion of what your friends are doing, and would not
be all that difficult; the database of keys would be the most resource-intensive part.
- Per-friend trust levels control how much data is shared with a friend node but even low friend trust does
not solve the basic problem of requests being visible.

IMHO at a minimum we need to:
- Tell the user in the first-time wizard. We are pretty close to this now, it probably makes sense to
elaborate very slightly, see the other thread.
- Make darknet a lot easier to use with invites, FOAF connections etc.
- Be careful what claims we make in public or on the website.
- Consider a change of terminology to emphasise darknet - "social darknet" ? The point is your friends are a)
your gateway to the network and b) assumed to be non-hostile, and the attacker is assumed not to be one of
your friends but a distant entity such as a corporate or (not too annoyed / well funded!) government agency.

Ideally we would provide an option which would provide adequate protection against a single malicious
friend, albeit at a significant performance cost. IMHO most users won't need this, at least most of the
time, because e.g. filesharers tend to connect to filesharers.
_______________________________________________
Devl mailing list
Devl@...
http://freenetproject.org/cgi-bin/mailman/listinfo/devl
Matthew Toseland | 1 Jan 17:52 2011
Picon

Local tunnels was Re: Friends can see what you are doing: How to deal with this?

On Saturday 01 January 2011 16:50:11 Matthew Toseland wrote:
> Right now the situation on Freenet is that:
> - Your peers can see what you are doing. On either opennet or darknet!
> - On opennet, anonymous identities can be traced by e.g. connecting to every node.
> - On darknet, tracing anonymous identities is very hard.
> - It is possible to write a plugin to identify a large proportion of what your friends are doing, and would
not be all that difficult; the database of keys would be the most resource-intensive part.
> - Per-friend trust levels control how much data is shared with a friend node but even low friend trust does
not solve the basic problem of requests being visible.
> 
> IMHO at a minimum we need to:
> - Tell the user in the first-time wizard. We are pretty close to this now, it probably makes sense to
elaborate very slightly, see the other thread.
> - Make darknet a lot easier to use with invites, FOAF connections etc.
> - Be careful what claims we make in public or on the website.
> - Consider a change of terminology to emphasise darknet - "social darknet" ? The point is your friends are
a) your gateway to the network and b) assumed to be non-hostile, and the attacker is assumed not to be one of
your friends but a distant entity such as a corporate or (not too annoyed / well funded!) government agency.
> 
> Ideally we would provide an option which would provide adequate protection against a single malicious
friend, albeit at a significant performance cost. IMHO most users won't need this, at least most of the
time, because e.g. filesharers tend to connect to filesharers.
> 
Tunnels may be possible: Because, on darknet, mobile attacker source tracing is hideously expensive,
(and connecting to everyone is virtually impossible, we do not have to worry about distant attackers
(except perhaps for the predictable-in-advance top SSK and chat posts). So we only have to worry about our
direct peers. Plus, we have both direct friend-to-friend connections and FOAF connections to route
down, which should make life easier. The simplest, rather limited options:

Me -> A's friend -> A
(Continue reading)

Matthew Toseland | 1 Jan 18:39 2011
Picon

Re: [freenet-support] Freenet 0.7.5 build 1314 (and 1313)

On Friday 31 December 2010 02:41:32 Juiceman wrote:
> On Thu, Dec 30, 2010 at 7:48 PM, Matthew Toseland <toad@...org
> > wrote:
> 
> > Freenet 0.7.5 build 1314 is now available, please upgrade! It will be
> > mandatory on Tuesday.
> >
> > This build's main new feature is a new packet format. This should give
> > significant improvements in several areas:
> > - Fewer small packets.
> > - Much more efficient. Expect improved payload percentages, and failing SSK
> > requests in particular (which are very important for chat etc) should use
> > significantly fewer bytes.
> > - Better (faster) retransmission on lossy links.
> > - Able to adapt to any reasonable MTU.
> > - Lays the foundations for transport plugins (although not with really tiny
> > packets).
> > - Also necessary for the next stage of new load management, which should go
> > in next week if all goes well.
> >
> > This was zidel's Summer of Code project, although I've done some last
> > minute improvements.
> >
> > There are also some minor changes to filename sanitising on unix OS's and
> > some language infrastructure needed by Freetalk.
> >
> > Please upgrade! And please let me know if you have any problems.
> >
> > (1313 was never released due to finding some serious bugs at the last
> > minute)
(Continue reading)

Matthew Toseland | 1 Jan 19:05 2011
Picon

Seednodes: Removing me and need more!

I have removed my node from the seednodes list as of the next build because being a seednode makes it very
difficult to debug timeout bugs. However, we only have 8 seednodes at the moment. Please email me your
opennet noderef (from the Strangers page in advanced mode) if you can be a seednode. Thanks!
_______________________________________________
Support mailing list
Support@...
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-request@...?subject=unsubscribe
Matthew Toseland | 1 Jan 20:06 2011
Picon

Release plan, release schedule and tentative feature freeze

I would just like to point out that I am not planning to meet the deadline of 31 January. The reasons for this are:
1. The critical features for the release - particularly new load management (which has recently
incorporated new packet format) and darknet enhancements - really do matter.
2. In particular, I refuse to release without the darknet enhancements. Insubordination has its place,
when you're right! And in this case I'm right. :) Having said that, the absolute minimum of darknet
enhancements should be relatively small.
3. Equally, new load management matters. Right now the state of the network - even *before* the new packet
format changes - is pretty poor. And IMHO new load management is long overdue - and most of it, believe it or
not, is done already. However, several of the major components (notably new packet format and the timeout
related changes scheduled next) will require significant debugging, and after the fact stabilisation.
4. The darknet enhancements were not envisaged when I agreed to the deadline originally. (My recollection
is there was never a clear consensus for any particular date at a meeting, it was essentially an agreement
between me and ian.)
5. Meeting the deadline will require avoiding debugging important bugs which affect users and prevent
network growth.
6. Meeting the deadline will require not working effectively with volunteers whose interests are not
directly aligned with the deadline: Postponing or more likely completely ignoring their work.
7. Making Freetalk work well will require significant work on debugging and improving USK subscriptions.
It has recently become clear that this is developing into a serious crisis.
8. A public release the day after new load management is finished would be suicidal. Major changes at the
network level result in the network performing badly for a while and need major debugging.

Basically, my point is that aiming for a feature complete but buggy alpha/beta will result in not
addressing critical bugs, and that will make things extremely difficult for users, for unpaid
volunteers, and will result in a very poor release, which will not go down well. And it won't be possible to
meet the 31st jan no matter how much of a stressed out unhelpful anti-user anti-volunteer asshole I am in
trying to meet it.

IMHO what we need is:
- A defined and limited set of features that must work reasonably well.
(Continue reading)

Matthew Toseland | 2 Jan 04:35 2011
Picon

Critical bug fix: Freenet 0.7.5 build 1317

Freenet 0.7.5 build 1317 is now available. This build fixes a critical bug in the new packet format code that
was causing many nodes to either not get connected in the first place (apart from to seednodes) or to lose
their connections later on.
_______________________________________________
Support mailing list
Support@...
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-request@...?subject=unsubscribe
Matthew Toseland | 2 Jan 04:35 2011
Picon

Freenet 0.7.5 build 1318

Freenet 0.7.5 build 1318 is now available. Please upgrade!

Build 1317 fixed a critical bug in the new packet format code.

Build 1318 introduces a new packet format, which is the same as the new one in 1314 and fixed in 1317, except
that it has a longer HMAC. This is necessary for security. 1318 advertises the old packet format and the
most recent one, but *not* the packet format from 1314-1317. Hence old nodes will tend to connect to 1318
nodes using the old protocols, while new nodes will connect using the newest format with the correct
length HMAC. So the intention is that nodes between 1314 and 1316 should be able to connect reliably to 1318
nodes using the old packet format, and thus be able to download the update to 1317.

I have not yet inserted the update to 1318 into the over-freenet auto-update. I will do so on Monday if all is well.

Thanks, and sorry for the chaos caused by the recent packet format merge problems.

Please let us know about any further problems!
_______________________________________________
Support mailing list
Support@...
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-request@...?subject=unsubscribe

Gmane