We could quite reasonably offer both functions in a single executable. We could have a separate darknet and opennet node, in the same JVM, with a unified interface. We could have client requests go to both, unless explicitly asked to go to one only.
Also there is a possibility for another kind of hybrid:
We don't have to have shared routing to proxy requests from one network
to the other, possibly using inverse passive requests.
Proposal:
- The primary network is a hybrid. Nodes can be completely dark if they
want to, and can participate in path folding if they want to.
- For future debate: Should a node be able to connect to path folded
nodes while opting out of path folding itself? I.e. should it be
able to set a flag such that the next node will always reset the
reference to itself?
- Note: The darknet and opennet portions should have separate port
numbers and authentication keys, so that if a node is no longer on
the opennet, it's old reference will not help an attacker to probe
for it.
- We also provide a secondary network. This consists of only the darknet
portion of the hybrid network. By default this is on, but it can be
opted out of.
There are several possible strategies for the secondary network:
a) We can simply send a small amount of predictable test traffic, so
it is essentially a testnet. Statistics are reported locally, and
there is no threat to anonymity.
b) We can have it a separate network which is accessed via the same
interface, if you have both.
i) Try requests first on the secondary network (it is faster)
ii) Try requests on both networks at once (if they are mutually
exclusive??)
c) We can use it as a cache for the primary network. Because of the
below properties, it may well be that this yields a performance
gain.
It is likely that the secondary network will:
- Be smaller than the primary network.
- Be faster than the primary network.
- Be utterly immune to the slashdot effect occurring around a major
release.
We can therefore measure the performance of the secondary network
separately from that of the primary network. We can have the installer
explain this and offer the option to opt out of the secondary network.
Hopefully most people won't.
On Wed, Sep 21, 2005 at 03:45:52PM +0100, Matthew Toseland wrote:
> Well, the problem is that users who start off with nodes from the
> seednodes would have bad performance. The solution is to implement a
> full hybrid network with path folding on the open portions of the
> network. The problem with that is that there is little incentive to
> migrate to the darknet, and with a hybrid, we have no information on
> whether the darknet can work on its own.
>
> I am still of the view that we will have to provide an opennet and a
> darknet. If people want to fork and make a hybrid, that's fine. The
> darknet should be more or less invulnerable to the slashdot effect, it
> will initially be a small network and therefore fast, and as it gets
> larger it will have more opportunities for growth.
>
> On Wed, Sep 21, 2005 at 02:58:09PM +0200, Alex R. Mosteo wrote:
> > [Moved from support to general]
> >
> > Matthew Toseland wrote:
> > > I'm not interested in the degenerate case of 10 people who all know each
> > > other and all connect to each other. I'm interested in scalable
> > > darknets. Which are graphs of people, which can be large, where I
> > > connect to my friends and my friend connects to his friends.
> >
> > It's ok. I'm not arguing nothing about this.
> >
> > >>I frankly have a hard time figuring how this can be achieved. When 0.7
> > >>is out I guess you and Ian will be the only persons I could ask for
> > >>their references, and how would you trust me? What if I have a single
> > >>trusted reference, and he's not 24/7 online?
> > >
> > > As I have said, strong trust is not required at this stage. Anyone I've
> > > ever argued with at length on email or IRC would probably be a
> > > candidate. At least as far as getting the topology right goes.
> >
> > So probably the initial 0.7 darknet will be composed of people in this
> > list and related chat channels/forums.
> >
> > If strong trust is not required at this stage, I would ditch all the
> > opennet effort. Why is it not required, btw?
> >
> > So, what about this: we use something like GWebCache2 to get untrusted
> > links. People can volunteer his nodes to be known (harvestable) in
> > countries where this poses small risk currently. Simultaneously,
> > everybody must work towards finding trusted links. Once you have enough
> > (how many would be enough?) you change your listening port and reject
> > untrusted links. So you go under the radar. The idea would be for the
> > darknet to "virally" posess the opennet area.
> >
> > So you would have nodes in three states:
> >
> > Nodes with all trusted links. These would form the core darknet, with
> > proper topology. Initially the people most devoted to freenet. The inner
> > ring of Atlantida, one could say ;)
> >
> > Nodes with a mix of trusted/untrusted. These would be in a transitional
> > stage.
> >
> > Nodes with only untrusted, obtained from webcache, links. These would be
> > newcomers. The topology here would be uncertain and routing would work
> > worse, I guess.
> >
> > Now, instead of saying that your node must be up for a week before
> > getting well integrated, we'd say that you must get trusted links.
> >
> > I suppose this is prone to be simulated, unless I'm talking nonsense due
> > to ignorance.
--
Matthew J Toseland - [EMAIL PROTECTED]
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
signature.asc
Description: Digital signature
_______________________________________________ chat mailing list chat@freenetproject.org Archived: http://news.gmane.org/gmane.network.freenet.general Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/chat Or mailto:[EMAIL PROTECTED]
