[freenet-dev] Usability test results
Le samedi 16 mai 2009 20:10:00, Matthew Toseland a ?crit : > On Saturday 16 May 2009 15:02:19 Thomas Sachau wrote: > > Matthew Toseland schrieb: > > > On Friday 15 May 2009 16:35:40 Thomas Sachau wrote: > > >> Matthew Toseland schrieb: > > >>> On Thursday 14 May 2009 18:35:07 Thomas Sachau wrote: > > Matthew Toseland schrieb: > > > My observation: Can we get rid of the "I will configure it > > > manually" choice? > > > And maybe the welcome page? (#3094) > > > > You want to force everyone to use the Wizard? > > >>> > > >>> Why would that be bad? > > >> > > >> What if i dont want to do use the Wizard? Also, if i removed the > > >> "wizard > > > > > > done" line (intentinally or > > > > > >> by mistake), a new run would remove my custom settings. With the > > >> option, > > i > > > > can just stop the wizard > > > > > >> and no harm done. > > > > > > If you know enough to skip the wizard you should shutdown the node, > > > edit > > the > > > > config file and tell the node you have done the wizard! > > > > Is there a need for editing the config file? You can set everything with > > the > > config section too, but > > > without the "i want to do it myself", you cant disable the wizard from > > the > > GUI. > > > > Related idea: We should maybe tell the user in the installer that > > > they should > > > use a separate browser for Freenet, rather than in the wizard? And > > then > > > > let > > > them choose one, and then use it when they click on the icon to > > > browse Freenet? (#3104) > > > > This would produce additional work for people packaging freenet, > > since > > > > > > they > > > > > would have to warn the > > user themselves, while users tend to ignore the output of the > > package manager. > > So this would lower the chance of people noticing the request for a > > different freenet > > browser/profile and therefor i am against it. I suggest the current > > way: > > Warning during first call > > of the webinterface like it is currently done. > > >>> > > >>> Well, maybe on linux, with the packages that we don't have yet... > > >> > > >> Did you miss the Gentoo ebuilds? > > >> Isnt it a goal to get other distros to package it too? Just because it > > did > > > > not happen until now, > > > > > >> doesnt mean it wont happen some time in the future. May just need more > > time > > > > since Gentoo as source > > > > > >> based distro may be a bit better for packages than binary distros. > > > > > > No, it is a goal to package it with private repositories. Having a > > > debian package that is frozen for 3 years is not useful at the present > > > time. > > > > > >> And if we have it for linux, why would you like to add additional code > > for > > > > windows (both in the > > > > > >> installer and in freenet, which would have to detect the OS and then > > decide > > > > to show the warning or > > > > > >> not)? > > > > > > Well, we could do something similar for *nix, no? Launch a suitable > > privacy > > > > enabled browser when the user runs the browse-freenet script? > > > > You dont know the user system. While windows user systems may be similar > > to > > each others, this is not > > > true for linux. Where would you place that script? How would you check > > which > > browser the user wants > > > to use? This idea looks more like the way user handling is done on > > windows > > or ubuntu: Expect him to > > > know nothing and try to do everything for him. Might be nice for > > beginners > > and if it works, but > > > makes things worse for experienced users, who want to do it different and > > also makes it harder, if > > > there are problems. > > Imho you cant beat stupidity. Either users read a message and act the > > right > > way or they dont. You > > > cannot prevent them from doing bad things. > > > > Additionally, Gentoo is about choice, if there is a warning, the user can > > choose, with a forcing > > > script, there is no choice, which is a bad idea for this philosophy, > > therefor i vote against such a > > > script for linux. > > Well, we already have a Browse Freenet script on all three platforms. > Currently it detects browsers that we know about. You don't have to use it > if you don't want to. But we should extend it to use incognito mode if > possible, and to favour browsers with such support. I dunno how we can > determine whether such a mode works with the particular installed version > though... I don't see the point forcing the user to choose. I don't see the point displaying a warning neither btw : should we detect all the potentials security threats (or unused benefits) on the user's system ? Things like that are just waste of time. What would be good instead is a documentation about how to have a secure environment in which you can run freenet, and display a link to it during the wizard (or display the howto directly). Additional code to detect if the user use
[freenet-dev] Usability test results
Arne Babenhauserheide schrieb: > On Saturday, 16. May 2009 16:02:19 Thomas Sachau wrote: >> Additionally, Gentoo is about choice, if there is a warning, the user can >> choose, with a forcing script, there is no choice, which is a bad idea for >> this philosophy, therefor i vote against such a script for linux. > > But in Gentoo it would also be possible to add a use flag to select the > browser, which just tells freenet which browser to use. > Do you know the numbers of possible browsers? You dont want to add a useflag for each of them and additionally this would force the user to use exactly the one browser selected by useflag. Additionally, what happens, when the selected browser has no privacy mode enabled, while another has it? This was and still is no real option. Simple and easy is only the warning page, everyone sees it, everyone can act as written there. All choices still open and if anyone chooses to act like an idiot, it is his own problem. -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 315 bytes Desc: OpenPGP digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090518/2544e319/attachment.pgp>
[freenet-dev] Usability test results
On Sunday, 17. May 2009 00:59:13 Matthew Toseland wrote: > Not much point hiding it if you're broadcasting the existence of nodes via > MDNSDiscovery! ...you're right for OpenNet... should have seen that before. I assume only a full "steganographic announcement" framework could help there (have specific ways to hide a freenet announcement in "innocent" announcements). Best wishes, Arne --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- - singing a part of the history of free software - http://infinite-hands.draketo.de -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090518/d2b63652/attachment.pgp>
[freenet-dev] Usability test results
On Saturday, 16. May 2009 16:02:19 Thomas Sachau wrote: > Additionally, Gentoo is about choice, if there is a warning, the user can > choose, with a forcing script, there is no choice, which is a bad idea for > this philosophy, therefor i vote against such a script for linux. But in Gentoo it would also be possible to add a use flag to select the browser, which just tells freenet which browser to use. --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- - singing a part of the history of free software - http://infinite-hands.draketo.de -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090518/1673764e/attachment.pgp>
Re: [freenet-dev] Usability test results
On Saturday, 16. May 2009 16:02:19 Thomas Sachau wrote: Additionally, Gentoo is about choice, if there is a warning, the user can choose, with a forcing script, there is no choice, which is a bad idea for this philosophy, therefor i vote against such a script for linux. But in Gentoo it would also be possible to add a use flag to select the browser, which just tells freenet which browser to use. --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- - singing a part of the history of free software - http://infinite-hands.draketo.de signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
[freenet-dev] Using standard ports of encrypted protocols
Hi, It would be nice, if I could tell freenet to use standard ports for communication - especially for connections inside a LAN (where the possibility that an admin is watching all used ports might be a bit higher than on the internet). I'd think it would be useful to just test a list of ports normally used for communication (ideally encrypted), so that encrypted data wouldn't draw suspicions (and so we don't need to implement full steganography at once, but can move towards it). Maybe the option could include a list with the note Only select services you DON'T want to run! Some ideas, not all encrypted: - 2190/UDP TiVoConnect Beacon - 2593/TCP,UDP RunUO—Ultima Online server - 3723/TCP,UDP Used by many Battle.net Blizzard games (Diablo II, Warcraft II, Warcraft III, StarCraft) - 3724/TCP,UDP World of Warcraft Online gaming MMORPG - 4000/TCP,UDP Diablo II game - 6619/TCP,UDP odette-ftps, Odette File Transfer Protocol (OFTP) over TLS/SSL - 6891–6900/TCP,UDP Windows Live Messenger (File transfer) - 6901/TCP,UDP Windows Live Messenger (Voice) - 28910 Nintendo Wi-Fi Connection (all information from http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers I'm sure there are more...) Is tehre any danger in using known ports? Best wishes, Arne --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- - singing a part of the history of free software - http://infinite-hands.draketo.de signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Usability test results
On Sunday, 17. May 2009 00:59:13 Matthew Toseland wrote: Not much point hiding it if you're broadcasting the existence of nodes via MDNSDiscovery! ...you're right for OpenNet... should have seen that before. I assume only a full steganographic announcement framework could help there (have specific ways to hide a freenet announcement in innocent announcements). Best wishes, Arne --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- - singing a part of the history of free software - http://infinite-hands.draketo.de signature.asc Description: This is a digitally signed message part. ___ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Usability test results
Arne Babenhauserheide schrieb: On Saturday, 16. May 2009 16:02:19 Thomas Sachau wrote: Additionally, Gentoo is about choice, if there is a warning, the user can choose, with a forcing script, there is no choice, which is a bad idea for this philosophy, therefor i vote against such a script for linux. But in Gentoo it would also be possible to add a use flag to select the browser, which just tells freenet which browser to use. Do you know the numbers of possible browsers? You dont want to add a useflag for each of them and additionally this would force the user to use exactly the one browser selected by useflag. Additionally, what happens, when the selected browser has no privacy mode enabled, while another has it? This was and still is no real option. Simple and easy is only the warning page, everyone sees it, everyone can act as written there. All choices still open and if anyone chooses to act like an idiot, it is his own problem. signature.asc Description: OpenPGP digital signature ___ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] Usability test results
Le samedi 16 mai 2009 20:10:00, Matthew Toseland a écrit : On Saturday 16 May 2009 15:02:19 Thomas Sachau wrote: Matthew Toseland schrieb: On Friday 15 May 2009 16:35:40 Thomas Sachau wrote: Matthew Toseland schrieb: On Thursday 14 May 2009 18:35:07 Thomas Sachau wrote: Matthew Toseland schrieb: My observation: Can we get rid of the I will configure it manually choice? And maybe the welcome page? (#3094) You want to force everyone to use the Wizard? Why would that be bad? What if i dont want to do use the Wizard? Also, if i removed the wizard done line (intentinally or by mistake), a new run would remove my custom settings. With the option, i can just stop the wizard and no harm done. If you know enough to skip the wizard you should shutdown the node, edit the config file and tell the node you have done the wizard! Is there a need for editing the config file? You can set everything with the config section too, but without the i want to do it myself, you cant disable the wizard from the GUI. Related idea: We should maybe tell the user in the installer that they should use a separate browser for Freenet, rather than in the wizard? And then let them choose one, and then use it when they click on the icon to browse Freenet? (#3104) This would produce additional work for people packaging freenet, since they would have to warn the user themselves, while users tend to ignore the output of the package manager. So this would lower the chance of people noticing the request for a different freenet browser/profile and therefor i am against it. I suggest the current way: Warning during first call of the webinterface like it is currently done. Well, maybe on linux, with the packages that we don't have yet... Did you miss the Gentoo ebuilds? Isnt it a goal to get other distros to package it too? Just because it did not happen until now, doesnt mean it wont happen some time in the future. May just need more time since Gentoo as source based distro may be a bit better for packages than binary distros. No, it is a goal to package it with private repositories. Having a debian package that is frozen for 3 years is not useful at the present time. And if we have it for linux, why would you like to add additional code for windows (both in the installer and in freenet, which would have to detect the OS and then decide to show the warning or not)? Well, we could do something similar for *nix, no? Launch a suitable privacy enabled browser when the user runs the browse-freenet script? You dont know the user system. While windows user systems may be similar to each others, this is not true for linux. Where would you place that script? How would you check which browser the user wants to use? This idea looks more like the way user handling is done on windows or ubuntu: Expect him to know nothing and try to do everything for him. Might be nice for beginners and if it works, but makes things worse for experienced users, who want to do it different and also makes it harder, if there are problems. Imho you cant beat stupidity. Either users read a message and act the right way or they dont. You cannot prevent them from doing bad things. Additionally, Gentoo is about choice, if there is a warning, the user can choose, with a forcing script, there is no choice, which is a bad idea for this philosophy, therefor i vote against such a script for linux. Well, we already have a Browse Freenet script on all three platforms. Currently it detects browsers that we know about. You don't have to use it if you don't want to. But we should extend it to use incognito mode if possible, and to favour browsers with such support. I dunno how we can determine whether such a mode works with the particular installed version though... I don't see the point forcing the user to choose. I don't see the point displaying a warning neither btw : should we detect all the potentials security threats (or unused benefits) on the user's system ? Things like that are just waste of time. What would be good instead is a documentation about how to have a secure environment in which you can run freenet, and display a link to it during the wizard (or display the howto directly). Additional code to detect if the user use freenet in a secure environment is just a waste of time. Good documentation isn't. ___ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
Re: [freenet-dev] [freenet-cvs] r25585 - in trunk/apps/simsalabim:?. darknet rembre utils
On Wed, May 13, 2009 at 02:17:48PM +0100, Matthew Toseland wrote: We don't store in the cache if we have stored in the store. Are you sure?! Hmmm, in fact we do store in both. Do you have any opinion on this? Spontaneous opinion is it may be suboptimal with unnecessary overwrites of data in cache but not in store. But if the data is not stored, then its a good idea to cache. Cannot recall what simulations showed at the moment. + + /** +* Calculates the log distance to the neighbors of this node from newpos. If +* a neighbor has position newpos, then it is given my current position. +*/ + private double logdist(CircleKey newpos) { + double val = 0.0f; + for (IteratorDarknetNode it = neighbors.iterator() ; it.hasNext() ;) { + DarknetNode dn = it.next(); + val += Math.log(dn.pos == newpos ? pos.dist(newpos) : + dn.pos.dist(newpos)); Doh! We just ignore it if we are neighbours in LocationManager.java! Granted this is a pretty small effect, but it needs to be fixed... ??? In LocationManager, when we are deciding whether to do a swap, if the location of a neighbour of the swap target is equal to our location (or theirs, depending on the bit of the calculation), and would thus introduce a zero, we don't include it in the calculation: Sounds good. + } + return val; + } + + ... Added: trunk/apps/simsalabim/DarknetRoute.java === --- trunk/apps/simsalabim/DarknetRoute.java (rev 0) +++ trunk/apps/simsalabim/DarknetRoute.java 2009-02-11 13:53:49 UTC (rev 25585) ... + + public Data findData(CircleKey k) { + for (IteratorDarknetNode it = route.iterator() ; it.hasNext() ;) { + Data d = it.next().findData(k); + if (d != null) + return d; + } + return null; + } You don't check on each hop as you reach it? Is this some idea about visiting all the nodes on the route even if we find the data early on, so we can store it everywhere for better data robustness? (And considerably worse performance on popular data!) Its just a matter of implemetation. The routes terminate for different reasons. When a route has terminated, the implementation checks if the data was found. It corresponds to the node checking the message directly in the real node. But you only cache it on nodes before the one where the data was found? No? On all the nodes in the return path (from where data was found to the requestor). pgpO8pjMHaaRy.pgp Description: PGP signature ___ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl