On Fri, Nov 15, 2002 at 06:56:18AM -0800, kaboom at hush.com wrote: > > Sorry to chirp into developer space,, Much as I would normally welcome well informed comments from one of the biggest users of freenet... > > On Wed, 13 Nov 2002 15:22:29 -0800 Edgar Friendly <thelema at > mercury.truman.edu> wrote: > >Matthew Toseland <toad at amphibian.dyndns.org> writes: > > > >> On Tue, Nov 12, 2002 at 09:15:41PM -0600, Edgar Friendly wrote: > >> Um, the Distribution Servlet is absolutely necessary. The current > >model > >> of everyone downloads from freenetproject.org and uses hawk's > >seeds is > >> totally unsustainable, not just because it is centralized but > >also > >> because it distorts the network. > > > >I agree that distribution of node references is bad to do in a > >centralized manner; I wasn't arguing against that. I'm just thinking > >that the people who can't d/l fred off fp.org will just get it a > >different way themselves. > > > >As for people who already have fred; just have the developers(tm) > >author a freesite with the latest builds, and include the URI for > >that > >site on the fproxy homepage. > > > >> > There's no way to enforce that it's the jar you're using, so > >we might > >> > as well send the latest jar. > >> Actually, it is technically possible to generate the JAR at run > >time, > >> oskar coded this into dist servlet. We use the JAR if available > >though. > > > >I mean only that there's no way for me to prove that the file I'm > >sending you is the version of fred I'm running. > > > >> Hmmm. Without some sort of verification, we rely on the security > >of the > >> insertion SSK, and if that is broken, all is lost. > > > >adding veto subspaces makes the process slower for everyone (and > >much > >more complicated) and makes the barrier for compromise only slightly > >higher. > > > >> You might have a point. Though there is the possibility of unattended > >> nodes, so we might have several possible verification modes. > > > >Just have the unattended node notice an update (as it does now), > > and > >fire off an email or whatnot telling someone to upgrade it. > > > >I still think the Right Way to do this is by having a official > >download freesite. > > The issue may soon become not so simple as the political environment > is rapidly becoming more conservative globally, yesterday the US put forward > the idea of american issued id cards much like military for > non citizens outside the us. Yes that is nuts so unless this server > is out of reach of american aircraft carriers,,,,which is no where.. You already have a mandatory ID card. It's called a driving license. :) > > Point being the nature of validing a communication in cells,,,er i mean > distributed processing systems, in general and specifically this question > may determine freenets surviability. Uh huh. Well, in a really hostile environment, freenet will have to a) use trusted links only and b) steg those links. And it will still be vulnerable, and it will be slower even than it is now. > > O hell short version, its a social as well technical question, and veto space > wont work in the long term when he who can lock you your spouce and children > in a cuban dog kennel controls the vote, unless everyone has a vote,,,the > midwest and south are like a kennel anyway,,, Indeed. In the long run, we are all taken out of the loop. Because it will be too risky for the current developers to continue to develop freenet. It will have to be done pseudonymously. And then there is the problem of trusting pseudonyms... > > Kudos to Ian and Kazni btw for 1. actually doing the bloody obvious > to forestall cracker kidz, anyone who doesn't do this and worse deserves What did he do exactly? The revocation mechanism? > to have their crap $1000 software ripped off and 2. the $5 intro price > equivalent to traditional copyright where you charge by weight of paper > and not your own appraisal of the market worth of your words. Um, sorry? > > O,,it might be wise to remind windoze users to not install in the usual place > with the space in the directory path name,,, Hmm. Why? It's not hard to discover freenet nodes, really. > > marvelous XP reset button otherwise,, <TROLL> XP is so easy to crack, maybe we need to use that Trusted Computing Platform Alliance stuff to assure that the node is not running on it. ;-). </TROLL> >
-- Matthew Toseland toad at amphibian.dyndns.org amphibian at users.sourceforge.net Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20021115/55a5666f/attachment.pgp>
