Re: Freenet build 1486 released

[Arne Babenhauserheide]

PS: you can watch 1486 spread on
USK@UHdUBsE9sdwYOuqPyHTlq4LvvlvzpqTYk5ze9nMX-sA,FriN3wJ0wgkXU2-nc0D3JrK0GU3FpX4qsbVSS9-lhYs,AQACAAE/watch-1486/0/

Arne Babenhauserheide  writes:

> Freenet 0.7.5 build 1486 is now available.
>
> It is available via auto-update or via download from our website:
>
> https://freenetproject.org/pages/download.html?1486
>
>
> This is an emergency release which updates JNA to version 4.5.2 to
> prevent Windows nodes from breaking when Java is updated.
>
> Since we’re releasing from next, this release contains a number of
> further improvements we had already prepared:
>
> The first time wizard now warns users on first run to disable
> thirdparty IMEs (input method editors). There are reports that
> some of those IMEs send all keystrokes to their owners.
>
> Alex Williams changed the bandwidth allocation to give more bandwidth
> to friend-to-friend connections than to opennet connections.
> Friend-to-friend connections (Darknet-mode) are the only way to build
> a Sybil-resistant network. Please invite people you’ve known for years
> long to join you in Freenet and connect to them as Friends.
>
> Oleh from Redwerk improved the styles of our main theme (Winterfacey).
> It now works much better for small devices like phones. Also Freenet
> will offer a connection speed upgrade when increased speed is
> detected.
>
> On the technical side, operhiem1 and nextgens got us a new jarsigner
> certificate which should remove some ugly warnings during
> installation, and thanks to Bombe our SSK and USK key validation is
> now stricter, and our tests now use JUnit 4. And we increased the max
> size for passthrough, so our Windows installer should spread over [UOM][]
> again.
>
> Finally, outside the direct release, but significant: desyncr ported
> Freenet to Android! The new [Freenet
> Mobile][freenet-mobile] is optimized to preserve
> bandwidth and battery power in phones. Find out how to test it [on
> reddit][freenet-mobile-reddit].
>
>
> For additional details see the [release tag for 1486][releasetag1486].
>
>
> You can download this release as usual from the [download page][],
> or if you are already using Freenet, simply let your freenet node
> update itself over Freenet.
>
>
> Thank you for using and contributing to Freenet!
>
>
> - Arne Babenhauserheide
>
> [releasetag1486]: https://github.com/freenet/fred/releases/tag/build01486
> [freenet-mobile-reddit]: 
> https://www.reddit.com/r/Freenet/comments/i21dca/freenet_mobile_01_beta
> [freenet-mobile]: https://github.com/freenet-mobile/app
> [download page]: pages/download.html
> [UOM]: https://github.com/freenet/wiki/wiki/Update-Over-Mandatory


-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Statements about the HTL attacks

[Dr. Arne Babenhauserheide]

shroobi  writes:

>> Hi shroobi,
>> shroobi  writes:
>>
>>> I wanted to leave a note about these statements on the Freenet
>>> homepage. I don't understand why a response to disprove the paper
>>> would be released but there hasn't been any code put in place to
>>> address the problem.
>>
>> There was no code put in place, because the statistics in the attacks
>> were false. We can’t fix it if there is no vulnerability in the
>> first place.
>>
>> To be frank: The paper was wrong.
>>
>>> Furthermore, later a detailed description was made of *how exactly* an
>>> attack could be done with certainty. Not cool. An enormous risk has
>>> been put on users because of this. Why was that done?
>>
>> That later description was also false:
>> https://www.draketo.de/software/levine-2017-errors.html
>>
>> We cannot fix it in code when people simply fake proof.
>
> Final note: The minimal information required for statistical claims
> about observations of node upload or download activity in Freenet:

> … snip …

Did you see any claim that actually contained this information? If not,
then they are trying to fake proof by making unverifiable claims. I have
yet to see anyone giving a solid statistical argument while providing
the actually needed information to check their claims.

This is not to say that it is impossible to trace you on opennet. It’s
just that no one ever did it right.

To actually prevent all but the most powerful (those who can make ISPs
their tools and hack individual computers) from tracking you, you must
be connected via friend-to-friend mode (high security) with people you
trust not to try to pro-actively track you. To track you then requires
hacking your friends' computers.

To get even higher security, you‘ll also need to connect Freenet to the
internet via a regional mesh-network that does not spy on the data you
transmit to find people who upload lots of encrypted packages.

But the first step to improve protections for your privacy is really to
move to friend-to-friend mode.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Statements about the HTL attacks

[Dr. Arne Babenhauserheide]

Hi shroobi,
shroobi  writes:

> I wanted to leave a note about these statements on the Freenet
> homepage. I don't understand why a response to disprove the paper
> would be released but there hasn't been any code put in place to
> address the problem.

There was no code put in place, because the statistics in the attacks
were false. We can’t fix it if there is no vulnerability in the first place.

To be frank: The paper was wrong.

> Furthermore, later a detailed description was made of *how exactly* an
> attack could be done with certainty. Not cool. An enormous risk has
> been put on users because of this. Why was that done?

That later description was also false:
https://www.draketo.de/software/levine-2017-errors.html

We cannot fix it in code when people simply fake proof.

The actual problem is in the legal system. If a court accepts false
proofs, the only way we can prevent this is to hide the address of the
node in the first place.

And Freenet enabled that in 2007: Use the friend-to-friend mode (high
security / darknet). This is the only way to prevent easy harvesting of
your IP, and so it is the only way to prevent someone from targeting you
with faked proof.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Bitcoin donation housekeeping and change of donation address for security reasons (website needs redeploy)

[Dr. Arne Babenhauserheide]

Hi Ian,

The tag suffices, yes. If you don’t see your changes yet, this could be
due to caching. Just try it with a cache-busting parameter like:
https://freenetproject.org/pages/donate.html?somethingrandom

Thank you!

And also thank you for doing the paperwork and funds management!

Best wishes,
Arne

Ian Clarke  writes:

> Thanks Florent, I've created a new release
> ,
> should that be sufficient?
>
> On Fri, Aug 21, 2020 at 11:14 AM Florent Daignière <
> nextg...@freenetproject.org> wrote:
>
>> Hi Ian,
>>
>> We already have some CI setup... each time you push on that repository,
>> it gets built/deployed by travis.
>>
>> Here's the job for your last commit:
>> https://travis-ci.org/github/freenet/website/builds/719980195
>>
>> It goes live on
>> https://staging.freenetproject.org
>>
>> If you would like it to be promoted to the main website, you need to
>> push a tag (the tag's name doesn't matter).
>>
>> Florent
>>
>>
>> On Fri, 2020-08-21 at 11:02 -0500, Ian Clarke wrote:
>> > We've been using Blockchain.info to manage our Bitcoin donations, but
>> > we were using a legacy wallet which has limited backup and security
>> > precautions (Blockchain.info has evolved a lot since we started using
>> > it).
>> >
>> > So I've moved the funds to the primary Blockchain wallet to take full
>> > advantage of the various security precautions, I'm also transferring 2
>> > BTC to Freenet Project Inc's US dollar account to reduce our exposure
>> > to the whims of Bitcoin fluctuations (but we still have plenty of BTC
>> > to benefit if the current rally continues).
>> >
>> > The old donation address will continue to work fine, however I've
>> > updated the donation address to:
>> >
>> >
>> https://www.blockchain.com/btc/address/12FNaL4XN1WRh4SHWXb8Gw2VvjkahqpJc7
>> >
>> > Note this address begins with the number twelve, and ends with the
>> > number seven.  I've updated the website accordingly via Github, would
>> > someone mind redeploying it?  I haven't modified the website in a few
>> > years and am unfamiliar with the procedure (although we should
>> > investigate whether we can automate it through Github Actions).
>> >
>> > As an additional precaution, I've attached a terrible photo of me with
>> > the new BTC address.
>> >
>> > On a related note, I filed Freenet Project's taxes last week.  As a
>> > nonprofit it doesn't need to pay tax, but unfortunately still needs to
>> > file the paperwork every year to maintain that status.
>> >
>> > Ian.
>> >
>>


-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: CSS definitions for tags without IDs or classes

[Dr. Arne Babenhauserheide]

Hi Bombe,

David “Bombe” Roden  writes:
> For Sone I have added a simple reset (i.e. “max-width: inherit;”) but other 
> plugins might or might not do that. So for the future I would ask everyone to 
> please restrict such broad definitions in CSS with an additional class (or 
> even better, ID) in order to have minimal impact on plugins and other pages. 
> That also means that we should watch out for that in future code reviews.

Thank you for the warning!

We had a similar problem in Freetalk once (a change to Toadlets added
linebreaks after tags which broke the Freetalk messages), but I missed
it in the code-review. Sorry for that :-/

Will try to look more carefully at global redefinitions in themes.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Fixing the pitch black vulnerability

[Dr. Arne Babenhauserheide]

Hi,


The next few months I want to implement a fix for the pitch black
attack. In this email I’m starting by presenting the concrete plan.


Introduction


The pitch black attack is a crippling weakness of our friend-to-friend
mode which currently enables a single node to take down all of darknet.
The pitch black attack was found by the GNUnet folks in 2007.¹

The fix has been known since 2008, but not implemented, because it
hadn’t been simulated.

In 2016 I completed a simulation (originally started by thesnark) and
showed that the fix works.²

¹: http://grothoff.org/christian/pitchblack.pdf
²: 
https://www.draketo.de/light/english/freenet/mitigate-pitch-black-attack-simulation-works

The pitch black attack works by lying in swap requests: Claim better
peers than the target to make the target accept your location. But don’t
actually accept the location of the other node: In the next swap request
you start with the same location again. That way you can slowly but
irreversibly drain locations from the network (see the simulation linked
above for details).

The original plan to fix the pitch black attack was to send a request to
a random location and check the distance between the closest node and
the key. If the distance is larger than 0.037, then the network is
guaranteed to be under attack and we take that location.

Recently I discussed the original plan to address the pitch black attack
with Florent again, and he found a weakness in the Scheme: attackers
could start a competition of veiled almost-same locations. In the
discussion we found a more robust fix that has the advantage of only
relying on actual performance metrics.


The new fix
---

Regularly insert random data as SSK or CHK and try to retrieve it with a
random delay up to the typical lifetime of a key. If it is gone, we take
its location.

This turns Freenet into a self-balancing graph: If some part of the
network becomes unreachable, nodes fill the void.

Healing of data which is partially available from cache recovers lost
content. Regular swapping returns nodes that took a random location back
to a location close to the data in its store, because most of its peers
are still located close to the original location.

Since it’s unknown who inserted an SSK, attackers cannot target those
inserts specifically. Detection of an attack on part of the keyspace
becomes based only on actual performance. Alternate between checking
SSKs and checking CHKs to prevent attacks on only parts of the store,
for example taking up part of the keyspace and having a tiny CHK store,
but a large SSK store.


Attacks that would still work
-

- Delete content by taking over parts of the keyspace with nodes which
  do not swap and at some point shutting them all down. if people kept
  running keepalive for important files, then most of the important
  content would actually be in caches and not only at the target nodes,
  so it could be reconstructed and would get re-inserted the moment they
  purge their stores.

- Delete all old content from those nodes but keep more recent content
  (but then only old files could be taken down while communication would
  continue). This relies on the interval after which 

- Have nodes positioned around the keyspace with a small store and
  move-swap all others into a very narrow portion of the keyspace. This
  can degrade performance, but if it is too small, then lifetime will
  not be guaranteed, so some nodes will detect the attack and fill the
  space.

- Blackhole all requests from a certain part of the keystore to get
  nodes to leave that part. However they will snap back with further
  swapping requests, because their peers will still be optimal for that
  part of the keyspace, or others will fill the void.

With this change attackers can still degrade the service, but no longer
disrupt it.

If people keep running keepalive for important files, then most of the
important but infrequently accessed content would be in caches and not
only at the target nodes, so it could be reconstructed and would get
re-inserted shortly after attackers purge their stores. 

Keepalive is an official plugin starting with 1487.

Frequently accessed content will already be in caches even if people
don’t use keepalive for it.


Question



Do you see powerful attacks on the new scheme that I missed?


The next steps
--


If no crippling weaknesses are found, I intend to implement this scheme
during the following months.


Best wishes,
Arne
Hi,


The next few months I want to implement a fix for the pitch black
attack. In this email I’m starting by presenting the concrete plan.


Introduction


The pitch black attack is a crippling weakness of our friend-to-friend
mode which currently enables a single node to take down all of darknet.
The pitch black attack was found by the GNUnet folks in 2007.¹

The fix has been known since 2008, but not implemented, because it

Freenet build 1486 released

[Dr. Arne Babenhauserheide]

Freenet 0.7.5 build 1486 is now available.

It is available via auto-update or via download from our website:

https://freenetproject.org/pages/download.html?1486


This is an emergency release which updates JNA to version 4.5.2 to
prevent Windows nodes from breaking when Java is updated.

Since we’re releasing from next, this release contains a number of
further improvements we had already prepared:

The first time wizard now warns users on first run to disable
thirdparty IMEs (input method editors). There are reports that
some of those IMEs send all keystrokes to their owners.

Alex Williams changed the bandwidth allocation to give more bandwidth
to friend-to-friend connections than to opennet connections.
Friend-to-friend connections (Darknet-mode) are the only way to build
a Sybil-resistant network. Please invite people you’ve known for years
long to join you in Freenet and connect to them as Friends.

Oleh from Redwerk improved the styles of our main theme (Winterfacey).
It now works much better for small devices like phones. Also Freenet
will offer a connection speed upgrade when increased speed is
detected.

On the technical side, operhiem1 and nextgens got us a new jarsigner
certificate which should remove some ugly warnings during
installation, and thanks to Bombe our SSK and USK key validation is
now stricter, and our tests now use JUnit 4. And we increased the max
size for passthrough, so our Windows installer should spread over [UOM][]
again.

Finally, outside the direct release, but significant: desyncr ported
Freenet to Android! The new [Freenet
Mobile][freenet-mobile] is optimized to preserve
bandwidth and battery power in phones. Find out how to test it [on
reddit][freenet-mobile-reddit].


For additional details see the [release tag for 1486][releasetag1486].


You can download this release as usual from the [download page][],
or if you are already using Freenet, simply let your freenet node
update itself over Freenet.


Thank you for using and contributing to Freenet!


- Arne Babenhauserheide

[releasetag1486]: https://github.com/freenet/fred/releases/tag/build01486
[freenet-mobile-reddit]: 
https://www.reddit.com/r/Freenet/comments/i21dca/freenet_mobile_01_beta
[freenet-mobile]: https://github.com/freenet-mobile/app
[download page]: pages/download.html
[UOM]: https://github.com/freenet/wiki/wiki/Update-Over-Mandatory

PS: This message did not get into the mailing list on the first try.
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Freenet 1486 Test release

[Dr. Arne Babenhauserheide]

Hi,


I created a test-release for what should become 1486.

You can get it from GitHub:
https://github.com/freenet/fred/releases/tag/build01486


This is not the 1486 release we wanted to release, but an emergency
release, because java 8 update 261 breaks Freenet on Windows. Therefore
we updated JNA to version 4.5.2.


Note that this is a pre-release. We gave it testing over the past 2
weeks, but we might have overlooked something.

You can also get it via auto-update by setting the update-key to
USK@BrNh~RNzsl3zQueAH0Ed8bgF88kZHa4AH64RNKjsCU4,~hvYp2qtiUUXk4r2AuwMbiNvLiBcPhl9Nt4lsrvaYn8,AQACAAE/jar/1485
on http://127.0.0.1:/config/node.updater?fproxyAdvancedMode=2
If Freenet does not find the update after changing the key, you might
have to restart it.

Please backup your Freenet installation (just copy the Folder) and then
change the update key to help us test whether the auto-update works.


We released from next (that’s the point of next), so the following
already prepared changes also come with this update:

- add warning message for IME to the first time wizard
- new jarsigner certificate should remove some ugly warnings - thanks to 
operhiem1 and nextgens!
- no longer accept certain invalid SSKs and USKs - thanks to Bombe!
- increase max size for passthrough to our Windows installer should spread over 
UOM again
- provide more bandwidth to darknet connections than to opennet connections - 
thanks to Alex Williams!
- offer connection speed upgrade when increased speed is detected - thanks to 
Oleh from Redwerk!
- improve CSS for small devices - thanks to Oleh from Redwerk!
- improve Winterfacey style - thanks to Oleh from Redwerk!


Please help us test 1486 so we can get it out before too many windows
nodes die.


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Freenet 1486 Test release

[Dr. Arne Babenhauserheide]

DC*  writes:

> On 2020-08-02 19:59, Dr. Arne Babenhauserheide wrote:
>> test-release for what should become 1486.
>> 
>> You can get it from GitHub:
>> https://github.com/freenet/fred/releases/tag/build01486
>
> Great work Arne and everyone involved on this release!

Thank you!

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Check Plugins to follow an API cleanup

[Dr. Arne Babenhauserheide]

Hi,

We did a small API cleanup to get rid of lots of FakeCallback-usages
just to get around the old API. Sadly there is at least one plugin which
used that API. We’re now checking all plugins whether they are affected.

It would be great if you could help check that! You only need to test
whether the plugin compiles when using the freenet.jar from build 1486.

More information and the current state is available at:
https://cryptpad.piratenpartei.de/code/#/2/code/edit/XFGQmQQpfwDylsVj8OTw7bDh/

Once we have all those points crossed, I’ll prepare 1487 with plugin
updates, including those fixes.

If you know a plugin not in the list, please tell us!

Projects on the site, state of now (~~ … ~~ means it’s already done):

- Flircp
- ~~FlogHelper~~ (compiles)
- ~~Freemail~~ (compiles)
- Fritter
- jfniki
- ~~Library~~ (compiles)
- ~~Sharesite~~ (compiles with fred next and only uses the 
HighLevelSimpleClient)
- Shoeshop
- ~~Sone~~ (uses FCP only)
- ThawIndexBrowser
- UPnP
- UPnP2
- WebOfTrust
- ~~WoTNS~~ (uses FCP only)
- BOF
- ~~Spider~~ (compiles)
- jFMS
- ~~jSite~~ (uses FCP only)
- munin-freenet
- munin-plugin-freenet
- RelayBot
- Syndie
- ~~jFCPlib~~ (uses FCP only)
- ShoeShop
- Keepalive
- KeyUtils https://github.com/freenet/plugin-KeyUtils/pull/14

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Linux installer as jar?

[Dr. Arne Babenhauserheide]

Steve Dougherty  writes:

> I can't speak for Arne but as far as I'm aware the things I mentioned
> in my quoted message still apply: we'd need to write a way for the
> package to update itself over Freenet.

While I think that this would be ideal, I also think that most users do
not need update over Freenet, since it only gives them a privacy
advantage, when they run full darknet.

The Gentoo package for example does not update over Freenet.

The distributions usually do their own quality control and update with a
delay, and while that makes measuring the update-process a bit harder,
it would also give some additional security against a Freenet release
manager going rogue.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: 1489-pre1 test release

[Dr. Arne Babenhauserheide]

Ian Clarke  writes:

> Great work Arne!

Thank you!

Best wishes,
Arne

> On Sun, Nov 29, 2020 at 4:07 AM Dr. Arne Babenhauserheide 
> wrote:
>
>> Hi,
>>
>> I created a test release for 1489:
>> https://github.com/freenet/fred/releases/tag/testing-build-1489-pre1
>> CHK@2vnn7QNa49lJUC44Wp65w9
>> ~HVOj07Qiv72yz-SJDxUw,owMWSbHR-WcuznWkbcYmFu8lzR3tp9ZFlAeIKjgHaA0,AAMC--8/freenet.jar
>>
>>
>> The main change compared too 1488 is that this release adds m3u filter
>> support. This enables streaming audio (ogg/mp3) and video (theora).
>>
>>
>> Since I did not announce the previous releases
>> here: The changes in previous releases were:
>>
>> 1488 updated translations.
>>
>> https://freenetproject.org/freenet-build-1487-released.html
>> https://freenetproject.org/freenet-build-1486-released.html
>> https://freenetproject.org/freenet-build-1485-released.html
>>
>>
>> Best wishes,
>> Arne
>> --
>> Unpolitisch sein
>> heißt politisch sein
>> ohne es zu merken
>>


-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

1489-pre1 test release

[Dr. Arne Babenhauserheide]

Hi,

I created a test release for 1489:
https://github.com/freenet/fred/releases/tag/testing-build-1489-pre1
CHK@2vnn7QNa49lJUC44Wp65w9~HVOj07Qiv72yz-SJDxUw,owMWSbHR-WcuznWkbcYmFu8lzR3tp9ZFlAeIKjgHaA0,AAMC--8/freenet.jar


The main change compared too 1488 is that this release adds m3u filter
support. This enables streaming audio (ogg/mp3) and video (theora).


Since I did not announce the previous releases
here: The changes in previous releases were:

1488 updated translations.

https://freenetproject.org/freenet-build-1487-released.html
https://freenetproject.org/freenet-build-1486-released.html
https://freenetproject.org/freenet-build-1485-released.html


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Freenet Mobile available on Fdroid!

[Dr. Arne Babenhauserheide]

DC*  writes:
> After awhile Freenet Mobile is finally available on Fdroid
> repositories [1].

That’s awesome!

Congratulations!

>  [1]: 
>  [2]: 

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Maybe make jna-4 optional, jna-3 is preferred here

[Dr. Arne Babenhauserheide]

Dennis Nezic  writes:

> Why are we forced to use JNA-4? (Looks like it was introduced in 1486?
> [1])

There was a problem with the update of Java on Windows which would have
broken all Windows nodes with the old JNA.

> In my distro, it pulls in a whole bunch of X11 stuff, starting with
> libXt, none of which I need since it's a headless server. JNA-3 doesn't
> have such dependencies.
>
> Things compile and work fine here with jna-3.4.1 if I get rid of one
> "isAndroid()" call in src/freenet/support/JVMVersion.java[2] ... it
> seems like that's the only JNA-4 specific code?

You could easily patch that out — the patch looks good for desktop.

> If JNA-4 really is needed for some people, perhaps there can be a
> config compile-time option for this?

It is needed on Windows and on Android.

> [1] https://freenetproject.org/freenet-build-1486-released.html
> [2] https://754990.bugs.gentoo.org/attachment.cgi?id=671710

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Streaming over Freenet in the Browser

[Dr. Arne Babenhauserheide]

Hi,

I shot a small peek preview video of streaming in the browser:

- https://twitter.com/ArneBab/status/1355280449845735426
- https://rollenspiel.social/@ArneBab/105641351537267109
- https://youtu.be/MHhyAf-bdLk

You can test this by building from the m3u-player pull-request (there’s
also an example jar for the reckless) and visiting the example freesites:

- pull-request:
  https://github.com/freenet/fred/pull/721
- Audio-Playlist:
  
USK@1wpsnrzb9fiFmmq6OozoZ0Mnk376AlizUKjKPh3TXwM,CwfRO8X0xaCUzH28eoHigxUV-5TkRV8hCoQdO2kmsQM,AQACAAE/streaming-over-fproxy/3/
- Streaming Video:
  
USK@UGh1rxaHczJVr4k4LwxWrxFBc-Dt5P0F3IuPONpp8ZQ,klWF5g9B2PLst8tRO8c9tzk6XvisGynFVJRzM8-9718,AQACAAE/stream-36c3-sff/3/

The pull-request needs careful review because it touches on CSP-headers
and relies on Javascript (details are in the description).

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Google Summer of Code 2021?

[Dr. Arne Babenhauserheide]

Hi,

Registration for Google Summer of Code 2021 for Organizations is open.
Will we take part?

https://summerofcode.withgoogle.com/

We need an „official representative“ of the project to register, which
would be Ian?

I started a list of interesting tasks in the wiki and on a Freesite
https://github.com/freenet/wiki/wiki/Google-Summer-of-Code-2021
USK@1e~oSIunnUl4nWEdyZBLjYMGt1IladVmY7GhXnfmHRw,hAhN74IAmm2Eo5Qkr6ZCEcG3MVBEexrbFXBp61W3jcI,AQACAAE/gsoc-2021/2/

The ones that I see as most impactful on the short term now that we have
a mobile app in FDroid (yay DC*!) are content filters for
- ogg opus,
- vp9, and
- av1

Those would make the upcoming in-browser streaming fast enough that
freesites can provide video-on-demand in HD-quality.

In addition anything that can add features from icicles to the mobile
node: https://github.com/freenet-mobile/app

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Google Summer of Code 2021?

[Dr. Arne Babenhauserheide]

Hakimi Abdul Jabar  writes:

> Defintely Ian, Arne!  Or we should now prefer Dr. Arne!

Please stick with Arne :-)

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

A test release for build 1491 is available

[Dr. Arne Babenhauserheide]

Hi,

The new test release for build 1491 is going in, hopefully the final one
for 1491. If you want to help test it, please change your auto-update
key to
USK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/jar/1490

Release on Github: https://github.com/freenet/fred/releases/tag/build01491

changes: 
SSK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/fullchangelog-1491
SSK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/changelog-1491

Release Notes:

2021-05-02

Freenet 0.7.5 build 1491 is now available.


This build is a bugfix release.
It ships cleanup to the pitch black defense and to streaming video and audio in 
the browser.


For the pitch black defense, it disables defensive swapping
if swapping is disabled in general because the node uses opennet.
This should resolve problems to the network structure and data persistence
introduced during the pitch-black fix because 
opennet nodes started swapping when they had network-issues (Sorry for that 
:-().
Also it delays the pitch black defense to 10 minutes after startup instead of 1 
minute after startup
to further reduce the probability of stray swapping.
Mitigating the Pitch Black Attack is funded by NLnet through the NGIO PET fund 
with financial support from the European Commission's Next Generation Internet 
programme.

Sidenote: If you have a Freenet project, that might be a good match for the 
Assure grant or the Search and Discovery grant, have a look at their site! The 
two application periods are open until first of June and a good match for 
individuals who want to get funding for concrete improvements: 
https://nlnet.nl/themes/


For streaming, this release fixes operation over proxies that provide a http 
node via https,
and it adds m3u compability for mobile devices - thanks to DC*
(some mobile browsers answer the query "supports m3u" with "maybe" O_o).


Further improvments in this release:

- Improve OpenBSD support thanks to jv@D7b92AQB2664AkrR.
- Fix plugin compatibility problems from refactoring.
- More cleanup of old code thanks to Jan Gerritsen.
- Fix label for logged attribute RoutingDisabled - thanks to Jan Gerritsen


Thank you for using Freenet!

- Arne Babenhauserheide
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Freenet 0.7.5 build 1490 codename “pitch black streaming” is now available

[Dr. Arne Babenhauserheide]

Hi,


The Freenet team is happy to release Freenet 1490 today.


This release provides three different changes:
- streaming in the browser,
- mitigating the pitch black attack, and
- providing the windows-installer from the node again.


It is available at https://freenetproject.org/pages/download.html


For **streaming**, it builds on the m3u-filter to provide
direct in-browser streaming. Currently
it works with audio (mp3 and ogg vorbis)
and video (ogg theora) in sufficient quality for
music playlists and specially crafted video-streams.

With this change, adding a media-tag that references an m3u-list like


stream.m3u


or


stream.m3u, starting with sff-001.ogv.
Putting the first video here causes freesitemgr to more likely
put the first video into the container, giving faster initial startup.


gives you a freesite with a clickable media-tag that plays the m3u-list.
In Sharesites you need to add at least one space before the tag.

If you want to stream via Freenet yourself, you’ll find help in
a [thirdparty howto][streaming-howto].

There are three example sites:

- Audio-Playlist: 
USK@1wpsnrzb9fiFmmq6OozoZ0Mnk376AlizUKjKPh3TXwM,CwfRO8X0xaCUzH28eoHigxUV-5TkRV8hCoQdO2kmsQM,AQACAAE/streaming-over-fproxy/3/
- Streaming Video: 
USK@UGh1rxaHczJVr4k4LwxWrxFBc-Dt5P0F3IuPONpp8ZQ,klWF5g9B2PLst8tRO8c9tzk6XvisGynFVJRzM8-9718,AQACAAE/stream-36c3-sff/3/
- Radio Interview: 
USK@4DQ15JpGlVGDdyXvQE3Egz7SLK2TzMAUmp~aptnwyt4,ljFASreV8AHaQhscfrNLuVyl3qksltgP9sndtLuUHB8,AQACAAE/stream-radiocc-freenet/1/

This follows an old idea to enhance freesites with strictly checked 
interactivity,
similar to userscripts but without the security implications of adding a script
that might have a very different threat model than Freenet itself.


Also this release ships a **mitigation for the pitch black attack**. 
For details see 
<https://www.mail-archive.com/devl@freenetproject.org/msg55182.html>

Mitigating the pitch black attack is supported by NLnet
as part of the NGI0 PET Fund.
For details see <https://nlnet.nl/project/Freenet-Routing/>
Thank you!

There are still more tests needed to ensure that the change suffices
to resolve the main objection that existed among people well-versed
in the technical background of Freenet, GNUnet, and others
against using the friend-to-friend mode of Freenet since 2007.

It used to be far too easy to break a pure friend-to-friend net
(all nodes using high-security mode). This should be resolved now.


And finally the **UOM transfer max sizes were tripled**,
so the windows-installer provided by Freenet nodes gets updated again,
and the annoying warning about freenet-latest-installer-windows.exe
during install and update disappears.


Thank you for using Freenet!


- Arne Babenhauserheide


PS: The Mac Installer needs support. The plan for next release is to get
smaller pull-requests and plugin-changes released.


[releasetag1490]: https://github.com/freenet/fred/releases/tag/build01490
[streaming-howto]: https://www.draketo.de/software/stream-over-freenet.html
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Potential GSoC mentors: please answer today

[Dr. Arne Babenhauserheide]

Hi,

I’ve almost finished our GSoC-application, and one field that is
still open is: Do we have 1-5 mentors or 5-10.

If you’d be interested in mentoring for GSoC this year, please answer
today so I can give the best estimate.

Deadline for the application is 19. Feb. 2021 at 19:00 UTC.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Potential GSoC mentors: please answer today

[Dr. Arne Babenhauserheide]

Hi,

I got 1 more positive reply over IRC, so we’re at 3 mentors now.

Best wishes,
Arne

DC*  writes:

> Hey all,
>
> I'm up for it although I can help mostly with integration (the App
> mostly), not core parts. May be new projects around REST API or
> similar.
>
> I can give a 2-3 hours a day (evening GMT).
>
> Best regards
>


Hakimi Abdul Jabar  writes:

> Thanks Arne!
>
> Already asking around.  Hope we get 5-10!
>
> On Thu, 18 Feb 2021, 9:08 a.m. Dr. Arne Babenhauserheide, 
> wrote:
>
>> Hi,
>>
>> I’ve almost finished our GSoC-application, and one field that is
>> still open is: Do we have 1-5 mentors or 5-10.
>>
>> If you’d be interested in mentoring for GSoC this year, please answer
>> today so I can give the best estimate.
>>
>> Deadline for the application is 19. Feb. 2021 at 19:00 UTC.
>>
>> Best wishes,
>> Arne
>> --
>> Unpolitisch sein
>> heißt politisch sein
>> ohne es zu merken
>>


-- 
Unpolitisch sein
heißt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature

Re: Plugins build system upgrade

[Dr. Arne Babenhauserheide]

Hi,

DC*  writes:

> Other plugins are marked as Ready to be Merged or gone through Code Reviews:
>
> * https://github.com/freenet/plugin-Library

I had to reset and re-open this because it did not run when loaded as
plugin. I’m not sure about the cause.

We might have to use fred from a local checkout, or use
parsing of dependencies.properties.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Freenet 1492-pre1 test release

[Dr. Arne Babenhauserheide]

Hi,

I received reports of working 1492-pre1, so there is now a full test
release: https://github.com/freenet/fred/releases/tag/build01492

You can get it by changing your auto-update key to 
USK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/jar/1491
Find it at http://127.0.0.1:/config/node.updater?fproxyAdvancedMode=2

The release-notes are available under 
SSK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/changelog-1492
SSK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/fullchangelog-1492

Best wishes,
Arne

"Dr. Arne Babenhauserheide"  writes:

> [[PGP Signed Part:Good signature from DCCF0DB30BC10548 Arne Babenhauserheide 
> (Physikliebhaber, Hobbysänger und Ideenspringquell)  (trust 
> ultimate) created at 2021-10-26T08:55:16+0200 using RSA
> Good signature from 13EF8D452403C3EB Arne Babenhauserheide (Drak) 
>  (trust ultimate) created at 2021-10-26T08:55:16+0200 using 
> RSA]]
> Hi,
>
>
> On sunday I created the first pre-release for 1492:
> https://github.com/freenet/fred/releases/tag/build01492-pre1
>
> Please test the installers, and please test whether the
> freenet-testing-build-1492-pre1.jar works as a drop-in replacement for
> freenet.jar freenet.jar.new and freenet-stable-latest.jar
>
> This will become 1492 if no major problems are found.
>
>
> Changes include improvements in fred and updated plugins.
>
>
> Fred:
>
> - The multi-node test to show that the mitigation against the pitch
>   black attack works.
>   https://github.com/freenet/fred/pull/736
>
> - The m3u-player for video on demand over Freenet now prevents most
>   visual flickering.
>   https://github.com/freenet/fred/pull/734
>
> - Clickable labels for checkboxes. Thanks to AC4BB21B.
>   https://github.com/freenet/fred/pull/741
>
> - Fix: skip in support.io.SkipShieldingInputStream must return
>   non-negative. Thanks to dennisnez.
>   https://github.com/freenet/fred/pull/737
>
> - Fix: NodeConfig was reading a particular config from default on every
>   start up. Thanks to desyncr.
>   https://github.com/freenet/fred/pull/739
>
> - OpenJDK 16+ compat: add wrapper.conf argument to allow access to
>   internal openjdk modules.
>   https://github.com/freenet/fred/pull/740
>
> - Fix: Correct "current size" option in Wizard => datastore size. Thanks to 
> AC4BB21B.
>   https://github.com/freenet/fred/pull/742
>
>
> Plugins:
>
> - KeyUtils:
>   Fix API call to allow compiling, and
>Fix extra bytes display for composed SSK.
>   both thanks to TheSeeker.
>   https://github.com/freenet/plugin-KeyUtils/pull/17
>   https://github.com/freenet/plugin-KeyUtils/pull/16
>
> - Library:
>   search with unchecked boxes thanks to redwerk
>   https://github.com/freenet/plugin-Library/pull/14 - 
>   
>   custom index docname thanks to TheSeeker
>   https://github.com/freenet/plugin-Library/pull/18
>
> - Spider:
>   Fix writing to the bucket and Replace SortedIntSet thanks to redwerks
>   https://github.com/freenet/plugin-Spider/pull/6
>
>   Fix build thanks to Juiceman
>   https://github.com/freenet/plugin-Spider/pull/5
>
> - FlogHelper
>   Add new media tags in tool menu: audio and video thanks to
>   AlexandreRio
>   https://github.com/freenet/plugin-FlogHelper/pull/19
>   (you can simply set an uploaded m3u file as as source of a video
>and it will show up on your flog as video on demand)
>   
>
> related: Florent fixed our website build (Thank you!), so we can release
> there again. I polished our theme and the messaging on the index-page.
> https://freenetproject.org/
>
>
> 1492 roadmap:
> - One more day of testing this 1492-pre1.
> - A release to a testing key on wednesday.
> - Insert to the real update key on monday 2021-11-01.
>
>
> Help needed: We still have some useful pull-requests open that need a
> review or addressing review notes to get finished:
>   - https://github.com/freenet/plugin-Freemail/pull/40 — migrate to new WoT 
> API
>   - https://github.com/freenet/plugin-Freemail/pull/39 — add settings page
>   - https://github.com/freenet/plugin-Library/pull/16 — Upgrade SnakeYAML 
> library
>   - https://github.com/freenet/plugin-Library/pull/15 — fix search index 
> creation.
>   - https://github.com/freenet/plugin-Library/pull/19 — 15 + more changes
> (15 needs to be merged first, there already are notes there)
>
>
> If you want to fetch the release-files from Freenet:
>
> CHK@fOhI~e2PoGv0v4G58efzklzpHOMccwmYqCWOyU-zFyA,M7oS5jaEV9CBbI6o9ABi-ktt3XO7Y~HsWlz6~bE1cZA,AAMC--8/freenetinstaller-1492-pre1.exe
>
> CHK@0AOzGu2

Freenet 1492-pre1 test release

[Dr. Arne Babenhauserheide]

Hi,


On sunday I created the first pre-release for 1492:
https://github.com/freenet/fred/releases/tag/build01492-pre1

Please test the installers, and please test whether the
freenet-testing-build-1492-pre1.jar works as a drop-in replacement for
freenet.jar freenet.jar.new and freenet-stable-latest.jar

This will become 1492 if no major problems are found.


Changes include improvements in fred and updated plugins.


Fred:

- The multi-node test to show that the mitigation against the pitch
  black attack works.
  https://github.com/freenet/fred/pull/736

- The m3u-player for video on demand over Freenet now prevents most
  visual flickering.
  https://github.com/freenet/fred/pull/734

- Clickable labels for checkboxes. Thanks to AC4BB21B.
  https://github.com/freenet/fred/pull/741

- Fix: skip in support.io.SkipShieldingInputStream must return
  non-negative. Thanks to dennisnez.
  https://github.com/freenet/fred/pull/737

- Fix: NodeConfig was reading a particular config from default on every
  start up. Thanks to desyncr.
  https://github.com/freenet/fred/pull/739

- OpenJDK 16+ compat: add wrapper.conf argument to allow access to
  internal openjdk modules.
  https://github.com/freenet/fred/pull/740

- Fix: Correct "current size" option in Wizard => datastore size. Thanks to 
AC4BB21B.
  https://github.com/freenet/fred/pull/742


Plugins:

- KeyUtils:
  Fix API call to allow compiling, and
   Fix extra bytes display for composed SSK.
  both thanks to TheSeeker.
  https://github.com/freenet/plugin-KeyUtils/pull/17
  https://github.com/freenet/plugin-KeyUtils/pull/16

- Library:
  search with unchecked boxes thanks to redwerk
  https://github.com/freenet/plugin-Library/pull/14 - 
  
  custom index docname thanks to TheSeeker
  https://github.com/freenet/plugin-Library/pull/18

- Spider:
  Fix writing to the bucket and Replace SortedIntSet thanks to redwerks
  https://github.com/freenet/plugin-Spider/pull/6

  Fix build thanks to Juiceman
  https://github.com/freenet/plugin-Spider/pull/5

- FlogHelper
  Add new media tags in tool menu: audio and video thanks to
  AlexandreRio
  https://github.com/freenet/plugin-FlogHelper/pull/19
  (you can simply set an uploaded m3u file as as source of a video
   and it will show up on your flog as video on demand)
  

related: Florent fixed our website build (Thank you!), so we can release
there again. I polished our theme and the messaging on the index-page.
https://freenetproject.org/


1492 roadmap:
- One more day of testing this 1492-pre1.
- A release to a testing key on wednesday.
- Insert to the real update key on monday 2021-11-01.


Help needed: We still have some useful pull-requests open that need a
review or addressing review notes to get finished:
  - https://github.com/freenet/plugin-Freemail/pull/40 — migrate to new WoT API
  - https://github.com/freenet/plugin-Freemail/pull/39 — add settings page
  - https://github.com/freenet/plugin-Library/pull/16 — Upgrade SnakeYAML 
library
  - https://github.com/freenet/plugin-Library/pull/15 — fix search index 
creation.
  - https://github.com/freenet/plugin-Library/pull/19 — 15 + more changes
(15 needs to be merged first, there already are notes there)


If you want to fetch the release-files from Freenet:

CHK@fOhI~e2PoGv0v4G58efzklzpHOMccwmYqCWOyU-zFyA,M7oS5jaEV9CBbI6o9ABi-ktt3XO7Y~HsWlz6~bE1cZA,AAMC--8/freenetinstaller-1492-pre1.exe

CHK@0AOzGu2q~jTHirZSin1Vltp8rzceMFcz7wHLdj9PcTk,PsoJWteIzabKCX78lRBM9XKu5LkomeEL5QcrfsokvCs,AAMC--8/freenetinstaller-1492-pre1.exe.sig

CHK@9SWNOkhgPD0TXdZvEUESR70fP8SnvCQq7Rt5fQNX6e0,x08pdGHvLmewqszKwhG8CjmzAnugFCAOdksofzOYpjQ,AAMC--8/freenet-testing-build-1492-pre1.jar

CHK@VF-RGTiMOE8kK6QJvuO97BFya0ScBzPddFMsXle~mUA,H-nlpHjlbFgIHClpX0pGtWedgIMJLUVfjo5Tihk0GPo,AAMC--8/freenet-testing-build-1492-pre1.jar.sig

CHK@euCzFQlVQ4H8r5SmsinSAZF0ivfMbEBoCxiu1qqyoMA,7q0twQYdRoFO2g7Vc7TGV3E1nPVspOwiwZMPTUXnPm4,AAMC--8/new_installer_offline_1492-pre1.jar

CHK@yL99YWCmYjBJgp~EP2XUA30UJWEL1Vh51KYkW8L7nqg,RkUsEvAAQADlXMLOIoBhm2h-WF-e6xttHcRrqGIPhJg,AAMC--8/new_installer_offline_1492-pre1.jar.sig

CHK@e-kFC1XLRBvaUKZVXlqsD2dn~uewnrZ09dq9ftkR-EU,afSmHSX~9ZYDPDj7WUn~-6nX6EpSZE22hl3ELGJC2Yk,AAMC--8/freenet-testing-build-1492-pre1-source.tar.bz2.sha1

CHK@WiuPG5Hj1Yc7JcrcBQC2NxiflbiV7aTMXD4YbMXzXRQ,kIjiXqW5sQGgOW-fsTztLd9TCvsCFcEPnrbbo0234g8,AAMC--8/freenet-testing-build-1492-pre1-source.tar.bz2.sig

CHK@MC2p0DzBOHIk1LIUt2F2B2imH08dWL7Jt6VaQ~4OqWw,lYl8eXuBj7yCIv8Kq7VUr5Fkxy9HMvJT72qHe-3ldXw,AAMC--8/freenet-testing-build-1492-pre1-source.tar.bz2


--- - -
Freenet is a peer-to-peer platform for
censorship-resistant and privacy-respecting
publishing and communication.
- https://freenetproject.org -


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Pull-requests in need of reviews

[Dr. Arne Babenhauserheide]

Hi,


I created several small and self-contained pull-requests that need
review. Please take a look so we can move forward with the next release!

# Java 16 and 17 compat:
- add required module opens for Java 17 to wrapper.conf: 
https://github.com/freenet/fred/pull/755

# Remove potential attack-vector in pitch black mitigation (thanks to nextgens!)
- randomize pitch black defense times: https://github.com/freenet/fred/pull/747

# More robust friend-to-friend workflow:
- New peer via freenet uri: https://github.com/freenet/fred/pull/753
- try replacing spaces by newlines in noderefs when parsing fails:
https://github.com/freenet/fred/pull/752

# Config-Optimizations:
- Increase default max threads to 1000: https://github.com/freenet/fred/pull/757
- increase default datastore size to 100GiB: 
https://github.com/freenet/fred/pull/756

# Fix peer scaling (fast nodes needed more than their capacity from slow nodes)
- fix peer scaling for very fast peers:
- https://github.com/freenet/fred/pull/749

# Add warning about voice-recognition being used for surveillance
- add voice recognition warning: https://github.com/freenet/fred/pull/750

# add support-code to make it easier for someone to take up the task to
  fix the ogg vorbis filter
- add output of filtered file to the OggFilterTest: 
https://github.com/freenet/fred/pull/748

# Polish:
- note effectively published field: https://github.com/freenet/fred/pull/754


There are also related changes in java_installer and
wininstaller_innosetup. Please take a look at the commits!

- https://github.com/freenet/java_installer/commits/next
- https://github.com/freenet/wininstaller-innosetup/commits/master


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: state of 1493 — and needed pull-requests

[Dr. Arne Babenhauserheide]

"Dr. Arne Babenhauserheide"  writes:

> There are also changes to the wrapper, but
> these are already from 2018 and not by me and I have to find out how and
> where we can push that code (and yes, that must happen before release).

The updated wrapper is built from upstream, wrapper-3.5.30. You can
get it from https://wrapper.tanukisoftware.com/doc/english/versions.jsp
and retrieve the source from from
https://sourceforge.net/p/wrapper/code/HEAD/tree/

There’s also a newer version, but a VM in our build pipeline changed
dependencies that would require more changes, so I’m sticking with the
older build.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Reviews needed for 1493

[Dr. Arne Babenhauserheide]

Hi,


Freenet 1493 is almost in place. To move forward, we need three code
reviews:

- Randomize pitch black defense times.
  https://github.com/freenet/fred/pull/747

- Update default bookmarks: Replace inactive indexes, add Shoeshop, show
  active sites first.
  https://github.com/freenet/fred/pull/760

- Increase default bandwidth to 32KiB/s. This should improve performance
  for new nodes where UPnP does not give the speed.
  https://github.com/freenet/fred/pull/761

It would be great if you could have a look!


Also I’ll need to look into updating the wrapper for Linux, not just for
Windows (where the new version is required; Linux does not need it, but
having different versions would be calling for problems).


Already reviewed is

- Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x
  https://github.com/freenet/fred/pull/759

Thank you, Bombe!


Additional changes are:

- Very fast nodes have more peers to fix a conceptual mistake
- Java 17 support of the installer,
- more resilient noderef parsing for easier friend-to-friend connections,
- increased max datastore size (100GiB)
- increased default thread limit (1000)
- decreased default thread stack size for reduced memory usage (512KiB)


So all in all the new release should improve the new user experience and
increase resilience of the network.


Let’s get Freenet 1493 released!


Best wishes,
Arne

PS: To get an overview of the changes in the past years, see our NEWS file:
https://github.com/freenet/fred/blob/next/NEWS.md
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Two more Reviews needed for 1493

[Dr. Arne Babenhauserheide]

Hi,


The fix for the checksum error is reviewed — thank you, Steve!


To finish the compatibility for Java 9+, we need one more review: adding
the newer wrapper files to dependencies.properties (I’m getting closer
to the final steps; there are a lot of small steps to update all the
tooling we have for multiplatform auto-update, and I hope I finally got
it all done):

- https://github.com/freenet/fred/pull/763
  Update the wrapper files in dependencies.properties to 3.5.30
  This change sets a consistent wrapper-version for Windows, *Nix, and
  also OSX.


Also we still need a review for improved safety of the pitch black
mitigation. That may sound daunting, but all that this fix does are
changes to the calculation *when* to run the mitigation:

- randomize pitch black defense times
  https://github.com/freenet/fred/pull/747


All the other needed reviews are done! Thank you!

You can see them with the tag readyToBeMerged on
https://github.com/freenet/fred/pulls


The last step I need to do is to update the seedrefs. After that I can
finally create the test release and push it to a testing key so we can
test it in different setups.


Best wishes,
Arne


"Dr. Arne Babenhauserheide"  writes:

> [[PGP Signed Part:Good signature from DCCF0DB30BC10548 Arne Babenhauserheide 
> (Physikliebhaber, Hobbysänger und Ideenspringquell)  (trust 
> ultimate) created at 2022-03-12T13:19:46+0100 using RSA
> Good signature from 13EF8D452403C3EB Arne Babenhauserheide (Drak) 
>  (trust ultimate) created at 2022-03-12T13:19:46+0100 using 
> RSA]]
> Hi,
>
> TheSeeker found a bug in our splitfile inserter, so we need one more
> review:
>
> - fix: this threw an exception if the checksum was exactly [0,0,0,0]. #762 
>   https://github.com/freenet/fred/pull/762
>
> Update: The following pull-requests have been reviewed now:
>
> - https://github.com/freenet/fred/pull/761 — thank you Steve!
> - https://github.com/freenet/fred/pull/760 — thank you AC4BB21B
> - https://github.com/freenet/fred/pull/759 — thank you Bombe!
>
> The one other pull-request still in need of a review is
>
> - randomize pitch black defense times
>   https://github.com/freenet/fred/pull/759
>
>
> Best wishes,
> Arne


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

state of 1493 — and needed pull-requests

[Dr. Arne Babenhauserheide]

Hi,


The changes to make Freenet work with Java 16 and 17 on Windows are
finally in (not yet perfect, but functional on my test VM¹), so we’re
back on track for 1493 now.


There are three pull-requests that still need review for release, though:

- randomize pitch black defense times
  https://github.com/freenet/fred/pull/747
  this removes a possible leak of the startup time,
  found by nextgens
- Update default bookmarks for 1493
  https://github.com/freenet/fred/pull/760
  Add Index Clean Spider.
  Remove dead indexes. They cause people to think that there is nothing
  new, and they are available via jFniki.Index
  (sidenote: it would be great if someone could step up with contact
   on FMS or Sone to maintain jFniki.Index)
  Add Sharesite Documentation freesite
  Add Shoeshop and FLIP (both are essential power-tools that were
   totally undiscoverable for new users)
- Increase upload bandwidth fallback if none detected to 32KiB/s
  https://github.com/freenet/fred/pull/761
  because it’s no longer 2011 — even mobile phones are much faster nowadays.
  32KiB/s are 10 peers, so this should give good performance even if
  UPnP fails. 16KiB/s were only 7 peers, which gives a sluggish Freenet 
experience.


Also please check the changes in wininstaller-innosetup and wintray and
call out anything strange! I’m pushing there directly. Please do keep a
sharp eye on what I commit. There are also changes to the wrapper, but
these are already from 2018 and not by me and I have to find out how and
where we can push that code (and yes, that must happen before release).
And please DO NOT TRUST ME. Please check what I do.

- https://github.com/freenet/wininstaller-innosetup/
- https://github.com/freenet/wintray


¹: a changed innosetup (installs java 10 on windows 64 now), and a
   change to the wrapper (thanks to operhiem1 and nextgens who already
   fixed that it 2018, it just wasn’t in the installer), and a change to
   the wintray so it recognizes that Java 9+ is OK. The only problem
   that remains is that signing the FreenetTray does not work, so this
   will need testing whether that creates problems on a real windows
   (instead of a testing VM). I did not expect the adjustment to the
   changes to the registry in modern Java to take that long.


Best wishes,
Arne

PS: The censorship surrounding the war in Ukraine convinced even the BBC
that communication over darknet is important. With Shoeshop now
visible in the default bookmarks, Freenet provides a level of
independence from establishehd power that previously was only
available with massive effort via analog Samizdat using typewriters
(shoutout: https://cyberpunk.fandom.com/wiki/95.2_Samizdat_Radio).
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Reviews needed for 1493

[Dr. Arne Babenhauserheide]

Hi,

TheSeeker found a bug in our splitfile inserter, so we need one more
review:

- fix: this threw an exception if the checksum was exactly [0,0,0,0]. #762 
  https://github.com/freenet/fred/pull/762

Update: The following pull-requests have been reviewed now:

- https://github.com/freenet/fred/pull/761 — thank you Steve!
- https://github.com/freenet/fred/pull/760 — thank you AC4BB21B
- https://github.com/freenet/fred/pull/759 — thank you Bombe!

The one other pull-request still in need of a review is

- randomize pitch black defense times
  https://github.com/freenet/fred/pull/759


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Freenet 1493-pre1 test release

[Dr. Arne Babenhauserheide]

Please report if you find any problems — and also if it works for you!

It would be great to know OS (Windows or Linux), Distro, and Java
version (java -version) on which the installer and/or the update by
stopping the node and copying in freenet.jar works.

Best wishes,
Arne

"Dr. Arne Babenhauserheide"  writes:

> [[PGP Signed Part:Good signature from DCCF0DB30BC10548 Arne Babenhauserheide 
> (Physikliebhaber, Hobbysänger und Ideenspringquell)  (trust 
> ultimate) created at 2022-03-20T21:36:27+0100 using RSA
> Good signature from 13EF8D452403C3EB Arne Babenhauserheide (Drak) 
>  (trust ultimate) created at 2022-03-20T21:36:27+0100 using 
> RSA]]
> Hi,
>
> I just created the first pre-release for 1493:
> https://github.com/freenet/fred/releases/tag/build01493-pre1
>
> Please test the installers and please test whether the
> freenet-testing-build-1493-pre1.jar works as a drop-in replacement for
> freenet.jar freenet.jar.new and freenet-stable-latest.jar
>
> This will become 1493 if no major problems are found.
>
>
> Changes include:
>
>
> - The installer requires Java 9+ now — except on 32bit Windows that has
>   no Java version higher than 8.
> - Add the required module opens for Java 17 to wrapper.conf
> - Java 17 support of the installer
> - Update the wrapper files in dependencies.properties to 3.5.30
>   This change sets a consistent wrapper-version for Windows, *Nix, and
>   also OSX, thanks to operhiem1 for the review!
>
> - Update default bookmarks: Replace inactive indexes, add Shoeshop,
>   show active sites first. Thanks to AC4BB21B for the review!
>
> - Pseudonymous people found found a bug in our splitfile inserter that
>   TheSeeker tracked down to its source. It threw an exception if the
>   checksum was exactly [0,0,0,0], thanks to operhiem1 for the review!
>
> - Fix FreenetURI intern() to not forget edition of USK — thanks to
>   debbiedub for new nodes where UPnP does not give the speed.
>
> - Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x — thanks
>   to Leo3418 and Bombe!
>
> - more resilient noderef parsing for easier friend-to-friend connections
>   try replacing spaces by newlines in noderefs when parsing fails
> - Accept FreenetURI in add peer field; only try regular url on failure
>   — thanks to desyncr for the review!
>
> - Add warning about surveillance through voice recognition tech in the
>   wizard.
>
> - fix peer scaling for very fast peers: 
>   Very fast nodes have more peers to fix a conceptual mistake
>   (did not take the aggregated bandwidth limit of the peers into account). 
>   Thanks to TheSeeker for the review!
> - increase default datastore size to 100GiB, because SSDs are much
>   faster today.
> - Increase default bandwidth to 32KiB/s. This should improve
>   performance, thanks to operhiem1 for the review!
> - Set standard thread limit to 1000.
> - decreased default thread stack size for reduced memory usage
>   (512KiB).
>
> - add output of filtered file to the OggFilterTest to ease tracking down
>   bugs — especially http://freenet.mantishub.io//view.php?id=7163
>   (the bug has example files — correct and broken).
>   
>
>
> 1493 roadmap:
>
> - One week of testing the pre-release
> - A release to a testing key next weekend
> - Insert to the real update key on saturday 2022-04-02.
>
>
> If you want to fetch the release-files from Freenet:
>
> CHK@E1O3EIM6bu8h3xmpyy5l6lsF3nT-YN2~YNBBqR-w4cM,g4b9nYtwp7qgYjkBH1-SCOtG1uITduI~KJFWCR-qSC4,AAMC--8/FreenetInstaller-1493-pre1.exe
>
> CHK@mFMgVT0GsijDjs~AIiXL18AM7N7ILzMWtZ0svVWCCFk,lch1ng1oNtWw-mCFtSR5r1NXEBnMndLj4-p97j65i50,AAMC--8/FreenetInstaller-1493-pre1.exe.sig
>
> CHK@ZyWQ~~K8U0UdLCaExo1tu8nBtbKZDQChpMVKegDVCtQ,B0bFCRBJ9MghxdhRYDcjt0vh~WCHUXHC9hZsS2gxO~8,AAMC--8/freenet-testing-build-1493-pre1.jar
>
> CHK@1FLagYTdyBl2scZEDPXNspt83qUTsTQ59HHbl5gpYGQ,-Mibjhdw99LZc4jxR7gEbZKGUBe~kxseiN8LH8lVn0I,AAMC--8/freenet-testing-build-1493-pre1.jar.sha1
>
> CHK@sfc2X88a51E6fFdi9N8iLOr3Cg2WsHJcxFNiW1GjTsw,Dg8aV-DCF8eOAxQswj9OCa2tXhwUAd9spQXpa6G~zhE,AAMC--8/freenet-testing-build-1493-pre1.jar.sig
>
> CHK@0JUB8qp7b1P9oVTHLxDSiV1Te4V2HyWQE6YK-zTY1f0,~ypj-uMF~K6FY0ca7B~kpe6N3pqqOuTMJ6w7jT32440,AAMC--8/freenet-testing-build-1493-pre1-source.tar.bz2
>
> CHK@-hHZa0a~W4ggsYD9D89F3L5b8HmAE4YWhhrqqOeFalg,lS7H3bAJJTpsNMk3b1MM23ve6GUiS4dIZq2y8EVpBAE,AAMC--8/freenet-testing-build-1493-pre1-source.tar.bz2.sha1
>
> CHK@WBtttP9O0VTkfskXRUO~HoSLl4mzEyr6TZXNH8BiTNk,sqiTGQfezdLghSv9Xasy0PVWmVxHYvwS~~BI9SVab5o,AAMC--8/freenet-testing-build-1493-pre1-source.tar.bz2.sig
>
> CHK@aD1wna3gH23OkiZmqlbc~zJ-WXY2GljtwKxGZr1~T8M,IApypqxdDhSew1sfT47z--DCxXtExQsccoLr2eXMUAo,AAMC--8/new_installer_offline_1493-pre1.jar
>
> CHK@RZdNctfKbgK1PpnpsUGnGYAW1

One more Review needed for 1493

[Dr. Arne Babenhauserheide]

Hi,

I found and fixed a bug for the wrapper on ppc-64bit. So we have one
final pull-request to review, then we can do the release:

https://github.com/freenet/fred/pull/765

It would be cool to be able to start the builds for the release today!

Best wishes,
Arne

"Dr. Arne Babenhauserheide"  writes:

> [[PGP Signed Part:Good signature from DCCF0DB30BC10548 Arne Babenhauserheide 
> (Physikliebhaber, Hobbysänger und Ideenspringquell)  (trust 
> ultimate) created at 2022-03-29T12:30:48+0200 using RSA
> Good signature from 13EF8D452403C3EB Arne Babenhauserheide (Drak) 
>  (trust ultimate) created at 2022-03-29T12:30:48+0200 using 
> RSA]]
> Hello Nicolas,
>
> thank you for your answer! Updating existing nodes will not change these
> values, it’s only the defaults from the installer that change.
>
> You can do these changes directly in the wrapper.conf (for the thread
> stack size) or in the node config interface (for thread limit and memory).
>
> Best wishes,
> Arne
>
> Nicolas Hernandez  writes:
>
>> Hello,
>>
>> I have manually updated freenet.jar on an existing node.
>>
>> Nicolas
>>
>> Envoyé depuis ProtonMail mobile
>>
>>  Message d'origine 
>> Le 28 mars 2022, 22:18, Dr. Arne Babenhauserheide < arne_...@web.de > a 
>> écrit :
>>
>>  Hi, Nicolas Hernandez writes: > after testing the 1493-testing, the Thread 
>> limit is still 500 instead of 1000 > > "- increased default thread limit 
>> (1000)" >
>>  
>> CHK@Jlh-K8PFstROc5XMj6sWukKLP4cnHO5yX86jo6lqpVQ,aWxZGDO1OZlGnPxByz5i~Ws39s~qjgeWkC7Vd4v9D-Y,AAMC--8/threadlimit.png
>> Thank you for testing! Did you run the installer, or did you update
>> the existing
>>  node? I now fixed up the NEWS entry so it makes it clear that this
>> is for newly installed nodes. It only does strictly necessary
>> changes in wrapper.conf, because that’s critical: If we break
>> wrapper.conf, the node does
>>  not start anymore. Best wishes, Arne -- Unpolitisch sein heißt politisch 
>> sein, ohne es zu merken. draketo.de


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: New test-release for 1493, with new testing key

[Dr. Arne Babenhauserheide]

Steve Dougherty  writes:

> --- Original Message ---
> On Saturday, April 2nd, 2022 at 7:09 PM, Dr. Arne Bab.  
> wrote:
> ...
>> -- Draft for Announcement --
>>
>> Freenet 0.7.5 build 1493 is now available. [overview]
>
> I'd suggest removing "[overview]". When I wrote the template I
> intended it as a placeholder, not a section header.

Fixed — thank you :-)

(when standing on the shoulders of giants it’s really useful to have
them still around to ask „am I using this right?“ :-)

>> This build provides four core improvements:
>
> Nice! This release looks like a good collection of changes. :)

Thank you!

>> now provides all the tools for selfpublishing, not only in the
>
> I'd suggest "self-publishing"

fixed - thanks!

>> transifex updated enough of the the German, Persian, Finnish,
>
> Is it worth capitalizing Transifex? It seems to be how they style it 
> themselves.

You’re right. The important point about our translators is not that they
use transifex, but that they volunteer translating Freenet.

> I don't notice anything else I'd suggest changing in this
> announcement. Thanks for getting this release together!

Thank you for checking it!

> - Steve

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: New test-release for 1493, with new testing key

[Dr. Arne Babenhauserheide]

"David Dernoncourt"  writes:
> I installed successfully on Linux with Java 17.
…
> Thanks for all the continued work :)

Thank you for testing!

Three more tests needed to be able to release:

>> - [ ] auto update on windows
>> - [ ] auto update on GNU/Linux
>> - [ ] installer on windows
>> - [X] installer on GNU/Linux ✓

> Default datastore size was 100 GiB indeed. On a side note, it would be
> great to be able to define a custom value without having to live-edit
> the page with web dev tools, like it is possible for bandwidth
> settings.

Patches / Pull requests welcome (this is not hard, but takes a while to 
realize).

The code is here: 
https://github.com/freenet/fred/blob/next/src/freenet/clients/http/wizardsteps/DATASTORE_SIZE.java#L61

Bandwidth settings as example are here: 
https://github.com/freenet/fred/blob/next/src/freenet/clients/http/wizardsteps/BANDWIDTH_RATE.java#L95

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Please help doing the three more checks required for releasing 1493!

[Dr. Arne Babenhauserheide]

Hi,


after fixing a bug that turned up in testing (wrong CHK in
dependencies.properties that got aborted because it did not match the
correct sha256 — I’m glad we double-check!), we need *three more tests*
not done by me to be able to finally push 1493 to the website and to
auto-update (because you seriously don’t want me to be the only one who
tests this).


Please help get the release out!


Required tests:

> 1. [ ] auto update on windows
> 2. [ ] auto update on GNU/Linux
> 3. [ ] installer on windows
> 4. [X] installer on GNU/Linux  — thanks David! ✓


Practically this means:

1. If you have a windows node, go to
   http://127.0.0.1:/config/node.updater?fproxyAdvancedMode=2
   then put the new testing key into the field that says
   "Where should Freenet look for updates?"
   
USK@BrNh~RNzsl3zQueAH0Ed8bgF88kZHa4AH64RNKjsCU4,~hvYp2qtiUUXk4r2AuwMbiNvLiBcPhl9Nt4lsrvaYn8,AQACAAE/jar/1492
   Then restart your node.
   It should update to 1493. Please report if you run into trouble!
   Also please report if it works!

2. Do the same on GNU/Linux. Yes, I did it, but if I’m the only one who
   does it, how should you trust Freenet to actually work?

3. Download the installer on Windows, run it, start the installed
   Freenet, and report errors you see — or that it works.
   The installer:
   
CHK@07dc2TkhlpuQBJV2WEK1z2SAycEiv07zbtZC9A4keQs,34RYMOAnxxIkGAyLIfC8qNoSNuZpPRjWtvS68aZ5rbQ,AAMC--8/FreenetInstaller-1493.exe
   or
   
https://github.com/freenet/fred/releases/download/build01493/FreenetInstaller-1493.exe


Once these three checks are done (and worked), I can finally push the
update.


… and once I pushed it, please run verify-build to ensure that what I
released is actually what’s in the sources!

- https://github.com/freenet/scripts/blob/master/verify-build


Let’s get this release out together!


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Freenet 1493-pre1 test release

[Dr. Arne Babenhauserheide]

Hi,

I just created the first pre-release for 1493:
https://github.com/freenet/fred/releases/tag/build01493-pre1

Please test the installers and please test whether the
freenet-testing-build-1493-pre1.jar works as a drop-in replacement for
freenet.jar freenet.jar.new and freenet-stable-latest.jar

This will become 1493 if no major problems are found.


Changes include:


- The installer requires Java 9+ now — except on 32bit Windows that has
  no Java version higher than 8.
- Add the required module opens for Java 17 to wrapper.conf
- Java 17 support of the installer
- Update the wrapper files in dependencies.properties to 3.5.30
  This change sets a consistent wrapper-version for Windows, *Nix, and
  also OSX, thanks to operhiem1 for the review!

- Update default bookmarks: Replace inactive indexes, add Shoeshop,
  show active sites first. Thanks to AC4BB21B for the review!

- Pseudonymous people found found a bug in our splitfile inserter that
  TheSeeker tracked down to its source. It threw an exception if the
  checksum was exactly [0,0,0,0], thanks to operhiem1 for the review!

- Fix FreenetURI intern() to not forget edition of USK — thanks to
  debbiedub for new nodes where UPnP does not give the speed.

- Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x — thanks
  to Leo3418 and Bombe!

- more resilient noderef parsing for easier friend-to-friend connections
  try replacing spaces by newlines in noderefs when parsing fails
- Accept FreenetURI in add peer field; only try regular url on failure
  — thanks to desyncr for the review!

- Add warning about surveillance through voice recognition tech in the
  wizard.

- fix peer scaling for very fast peers: 
  Very fast nodes have more peers to fix a conceptual mistake
  (did not take the aggregated bandwidth limit of the peers into account). 
  Thanks to TheSeeker for the review!
- increase default datastore size to 100GiB, because SSDs are much
  faster today.
- Increase default bandwidth to 32KiB/s. This should improve
  performance, thanks to operhiem1 for the review!
- Set standard thread limit to 1000.
- decreased default thread stack size for reduced memory usage
  (512KiB).

- add output of filtered file to the OggFilterTest to ease tracking down
  bugs — especially http://freenet.mantishub.io//view.php?id=7163
  (the bug has example files — correct and broken).
  


1493 roadmap:

- One week of testing the pre-release
- A release to a testing key next weekend
- Insert to the real update key on saturday 2022-04-02.


If you want to fetch the release-files from Freenet:

CHK@E1O3EIM6bu8h3xmpyy5l6lsF3nT-YN2~YNBBqR-w4cM,g4b9nYtwp7qgYjkBH1-SCOtG1uITduI~KJFWCR-qSC4,AAMC--8/FreenetInstaller-1493-pre1.exe

CHK@mFMgVT0GsijDjs~AIiXL18AM7N7ILzMWtZ0svVWCCFk,lch1ng1oNtWw-mCFtSR5r1NXEBnMndLj4-p97j65i50,AAMC--8/FreenetInstaller-1493-pre1.exe.sig

CHK@ZyWQ~~K8U0UdLCaExo1tu8nBtbKZDQChpMVKegDVCtQ,B0bFCRBJ9MghxdhRYDcjt0vh~WCHUXHC9hZsS2gxO~8,AAMC--8/freenet-testing-build-1493-pre1.jar

CHK@1FLagYTdyBl2scZEDPXNspt83qUTsTQ59HHbl5gpYGQ,-Mibjhdw99LZc4jxR7gEbZKGUBe~kxseiN8LH8lVn0I,AAMC--8/freenet-testing-build-1493-pre1.jar.sha1

CHK@sfc2X88a51E6fFdi9N8iLOr3Cg2WsHJcxFNiW1GjTsw,Dg8aV-DCF8eOAxQswj9OCa2tXhwUAd9spQXpa6G~zhE,AAMC--8/freenet-testing-build-1493-pre1.jar.sig

CHK@0JUB8qp7b1P9oVTHLxDSiV1Te4V2HyWQE6YK-zTY1f0,~ypj-uMF~K6FY0ca7B~kpe6N3pqqOuTMJ6w7jT32440,AAMC--8/freenet-testing-build-1493-pre1-source.tar.bz2

CHK@-hHZa0a~W4ggsYD9D89F3L5b8HmAE4YWhhrqqOeFalg,lS7H3bAJJTpsNMk3b1MM23ve6GUiS4dIZq2y8EVpBAE,AAMC--8/freenet-testing-build-1493-pre1-source.tar.bz2.sha1

CHK@WBtttP9O0VTkfskXRUO~HoSLl4mzEyr6TZXNH8BiTNk,sqiTGQfezdLghSv9Xasy0PVWmVxHYvwS~~BI9SVab5o,AAMC--8/freenet-testing-build-1493-pre1-source.tar.bz2.sig

CHK@aD1wna3gH23OkiZmqlbc~zJ-WXY2GljtwKxGZr1~T8M,IApypqxdDhSew1sfT47z--DCxXtExQsccoLr2eXMUAo,AAMC--8/new_installer_offline_1493-pre1.jar

CHK@RZdNctfKbgK1PpnpsUGnGYAW1tmFrQ7WAHq9DhMdIsI,~UcCljcowzhAoqq0YAf5DNn~NrUzGoh6LjnDG5v0DVM,AAMC--8/new_installer_offline_1493-pre1.jar.sig


This release contains the Java 17 compatibility fixes, and that requires
changes in the wrapper which are a bit brittle (failing there can cause
Freenet to fail to start), so we need testing in many configurations.

Please give it good testing!


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Reviews needed for 1493

[Dr. Arne Babenhauserheide]

Hi,

Nicolas Hernandez  writes:

> after testing the 1493-testing, the Thread limit is still 500 instead of 1000
>
> "- increased default thread limit (1000)"
> CHK@Jlh-K8PFstROc5XMj6sWukKLP4cnHO5yX86jo6lqpVQ,aWxZGDO1OZlGnPxByz5i~Ws39s~qjgeWkC7Vd4v9D-Y,AAMC--8/threadlimit.png

Thank you for testing!

Did you run the installer, or did you update the existing node?

I now fixed up the NEWS entry so it makes it clear that this is for
newly installed nodes. It only does strictly necessary changes in
wrapper.conf, because that’s critical: If we break wrapper.conf, the
node does not start anymore.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Reviews needed for 1493

[Dr. Arne Babenhauserheide]

Hello Nicolas,

thank you for your answer! Updating existing nodes will not change these
values, it’s only the defaults from the installer that change.

You can do these changes directly in the wrapper.conf (for the thread
stack size) or in the node config interface (for thread limit and memory).

Best wishes,
Arne

Nicolas Hernandez  writes:

> Hello,
>
> I have manually updated freenet.jar on an existing node.
>
> Nicolas
>
> Envoyé depuis ProtonMail mobile
>
>  Message d'origine 
> Le 28 mars 2022, 22:18, Dr. Arne Babenhauserheide < arne_...@web.de > a écrit 
> :
>
>  Hi, Nicolas Hernandez writes: > after testing the 1493-testing, the Thread 
> limit is still 500 instead of 1000 > > "- increased default thread limit 
> (1000)" >
>  
> CHK@Jlh-K8PFstROc5XMj6sWukKLP4cnHO5yX86jo6lqpVQ,aWxZGDO1OZlGnPxByz5i~Ws39s~qjgeWkC7Vd4v9D-Y,AAMC--8/threadlimit.png
>  Thank you for testing! Did you run the installer, or did you update the 
> existing
>  node? I now fixed up the NEWS entry so it makes it clear that this is for 
> newly installed nodes. It only does strictly necessary changes in 
> wrapper.conf, because that’s critical: If we break wrapper.conf, the node does
>  not start anymore. Best wishes, Arne -- Unpolitisch sein heißt politisch 
> sein, ohne es zu merken. draketo.de


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Pull-requests in need of reviews

[Dr. Arne Babenhauserheide]

Hi,

I hit a roadblock on the Windows installer — it needs someone with
innosetup skills and ideally a Windows system. We need Java 10 bundled
with the installer. I already added the new JRE, but it needs to be
unzipped (without zip we hit the github filesize limit).

It would be awesome if one of you could clone
https://github.com/freenet/wininstaller-innosetup.git and get
https://github.com/freenet/wininstaller-innosetup/blob/master/FreenetInstall_InnoSetup.iss
working on windows64!

There is a github workflow, but developing against that without a local
setup is awful.
https://github.com/freenet/wininstaller-innosetup/blob/master/.github/workflows/ci.yml

Best wishes,
Arne

"Dr. Arne Babenhauserheide"  writes:

> DC*  writes:
>> Happy new year!
>
> Thank you! To you, too!
>
>> These emails summaries are a good idea to push work forward and point
>> people to places where help is needed. Keep them up! :)
>
> I’ll try :-)
>
>
> We got many reviewed now. The following is still open and required for 
> release:
>
>>> # Java 16 and 17 compat:
>>> - add required module opens for Java 17 to wrapper.conf:
>>> https://github.com/freenet/fred/pull/755
>
>
> This one is still open, but does not block the release:
>
>>> # Remove potential attack-vector in pitch black mitigation (thanks to 
>>> nextgens!)
>>> - randomize pitch black defense times: 
>>> https://github.com/freenet/fred/pull/747
>
> And these are *reviewed* and ready for release. Thank you!
>
>>> # Fix peer scaling (fast nodes needed more than their capacity from slow 
>>> nodes)
>>> - fix peer scaling for very fast peers:
>>> - https://github.com/freenet/fred/pull/749
>
>>> # More robust friend-to-friend workflow:
>>> - New peer via freenet uri: https://github.com/freenet/fred/pull/753
>>> - try replacing spaces by newlines in noderefs when parsing fails:
>>> https://github.com/freenet/fred/pull/752
>>> 
>>> # Config-Optimizations:
>>> - Increase default max threads to 1000: 
>>> https://github.com/freenet/fred/pull/757
>>> - increase default datastore size to 100GiB:
>>> https://github.com/freenet/fred/pull/756
>>> 
>>> 
>>> # Add warning about voice-recognition being used for surveillance
>>> - add voice recognition warning: https://github.com/freenet/fred/pull/750
>>> 
>>> # add support-code to make it easier for someone to take up the task to
>>>   fix the ogg vorbis filter
>>> - add output of filtered file to the OggFilterTest:
>>> https://github.com/freenet/fred/pull/748
>>> 
>>> # Polish:
>>> - note effectively published field: https://github.com/freenet/fred/pull/754
>
> Thank you very much for your reviews!
>
> Best wishes,
> Arne


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Pull-requests in need of reviews

[Dr. Arne Babenhauserheide]

DC*  writes:
> Happy new year!

Thank you! To you, too!

> These emails summaries are a good idea to push work forward and point
> people to places where help is needed. Keep them up! :)

I’ll try :-)


We got many reviewed now. The following is still open and required for release:

>> # Java 16 and 17 compat:
>> - add required module opens for Java 17 to wrapper.conf:
>> https://github.com/freenet/fred/pull/755


This one is still open, but does not block the release:

>> # Remove potential attack-vector in pitch black mitigation (thanks to 
>> nextgens!)
>> - randomize pitch black defense times: 
>> https://github.com/freenet/fred/pull/747


And these are *reviewed* and ready for release. Thank you!

>> # Fix peer scaling (fast nodes needed more than their capacity from slow 
>> nodes)
>> - fix peer scaling for very fast peers:
>> - https://github.com/freenet/fred/pull/749

>> # More robust friend-to-friend workflow:
>> - New peer via freenet uri: https://github.com/freenet/fred/pull/753
>> - try replacing spaces by newlines in noderefs when parsing fails:
>> https://github.com/freenet/fred/pull/752
>> 
>> # Config-Optimizations:
>> - Increase default max threads to 1000: 
>> https://github.com/freenet/fred/pull/757
>> - increase default datastore size to 100GiB:
>> https://github.com/freenet/fred/pull/756
>> 
>> 
>> # Add warning about voice-recognition being used for surveillance
>> - add voice recognition warning: https://github.com/freenet/fred/pull/750
>> 
>> # add support-code to make it easier for someone to take up the task to
>>   fix the ogg vorbis filter
>> - add output of filtered file to the OggFilterTest:
>> https://github.com/freenet/fred/pull/748
>> 
>> # Polish:
>> - note effectively published field: https://github.com/freenet/fred/pull/754


Thank you very much for your reviews!


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Please help doing the three more checks required for releasing 1493!

[Dr. Arne Babenhauserheide]

"Dr. Arne Babenhauserheide"  writes:
>>>> 1. [X] auto update on windows  — thanks David and brick! ✓
>>>> 2. [X] auto update on GNU/Linux — thanks to Nicole Jones! ✓
>>>> 3. [X] installer on windows — thanks to HornyCow! ✓
>>>> 4. [X] installer on GNU/Linux  — thanks David! ✓

Thanks to Nicole Jones from Sone it’s all tested now!

Thank you! Proceeding to release.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Please help doing the three more checks required for releasing 1493!

[Dr. Arne Babenhauserheide]

"David Dernoncourt"  writes:

>>> 1. [ ] auto update on windows
>
> I tested auto-update on one of my Windows nodes (with Java 11) and it 
> successfully auto-updated to 1493.

Thank you!

With your report we’re just one check away from releasing:

>>> 1. [X] auto update on windows  — thanks David! ✓
>>> 2. [ ] auto update on GNU/Linux
>>> 3. [X] installer on windows — thanks to HornyCow! ✓
>>> 4. [X] installer on GNU/Linux  — thanks David! ✓

> Another of my Windows nodes, running 1492 and on which I didn't touch
> the update key, received an update notice too: was the update released
> already? (this node is on manual update and I didn't apply it yet)

Did it update?

If you have a darknet connection between them, it will get the
information that a new version is available, but should not accept it,
because the update keys do not match.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

After the release is before the release — Freenet reviews :-)

[Dr. Arne Babenhauserheide]

Hi,

Now that 1493 is out, we already have new pull-requests that hope for
your reviews!

There are build fixes, m3u-player improvements, translation updates,
config improvements and (IMHO most critical) a privacy improvement for
darknet: https://github.com/freenet/fred/pull/747

Please come and check the pulls! https://github.com/freenet/fred/pulls

(to have some ensurance that the code isn’t corrupted, I cannot review
stuff I added myself; please chime in!)

Still open (with more work and reviews needed) is parsing the forwarded
header *correctly* for m3u, so radio over Freenet works when you connect
to your Freenet node via a proxy:
https://github.com/freenet/fred/pull/716

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Freenet 1494 released: streaming, config, security, windows, debian, tooling

[Dr. Arne Babenhauserheide]

Dear Freenauts,


Freenet 0.7.5 build 1494 is now available.
https://freenetproject.org/pages/download.html


(read this announcement on the website:
https://freenetproject.org/freenet-build-1494-streaming-config-security-windows-debian.html
 )


This build improves six broad areas:

- streaming on demand,
- configuration,
- security,
- windows installer and tray,
- the debian package, and
- tools.



## Streaming Audio and Video on Demand

Streaming provides improved video and audio:

- Video sizes are more robust when the size changes between subsequent videos.
- Audio tags no longer try to display the overlay.

This finally enables convenient Samizdat Radio.


## Configuration

To help modernize the configuration of existing nodes,
Freenet now shows a user alert once every Freenet update if the datastore is
below 10% of available space with a link to the store size wizard page
to make it easy to increase the store. Thanks to Trivuele!

Also the bandwidth settings now parse the bit suffix correctly
(lowercase b in kbps is bit, not byte).


## Security

Freenet received improvements to security both for friend to friend
mode, for opennet, and to tools for Freesites.

Friend-to-Friend mode now randomizes pitch black defense times
and waits at least 12 hours between pitch black mitigations
to prevent timing attacks.

Opennet is hardened by disabling the write local to datastore
functionality when opennet is enabled; it can be useful on a
small darknet, but on opennet it makes it easier to find downloaders.
Thanks to Trivuele!

Also a FOAF mitigation was fixed. It wasn't operational before,
because it lacked a conversion to percent. Thanks to
freedom-of-depression!

The /imagecreator/ tool, among other changes, now ensures
that requested image sizes are sane — thanks to Oleh from Redwerk

Finally it’s now easier to build fred without network access. Thanks
to Trivuele!


## Bugfixes

In addition to these improvements, bugs got fixed:

- fix build with modern Java: add opens jvmargs on java 17.
- remove Frost on ChatForumsToadlet from non-updated translations
  (removed 2019 from the original english).
- fix parts of the German translation.
- Do not store blocks in the cache, if they are eligible for the store
  (should increase usable cache size). Thanks to Trivuele!



## Windows Installer and Tray

The windows installer and tray application much more robust detection
of the installed Java — thanks to naejadu.

The windows installer and the tray application now detect Java on your
path, and the installer only prompts installing Java if there is none
yet. The installer also installs a clean adoptium Java 11, almost
halving the installer size.

And the tray toggles additional arguments depending on your Java
version to keep Freenet working when Java is updated to version 16 or
later.


## Debian Package

Thanks to DC*, who also ported Freenet [to Android][android-package],
There is finally a Debian package available. It still needs testing.

If you run Debian or a distribution based on Debian, or can help get the 
package included in Debian, please heed the
[call for beta-testers][debian-package-beta-test]!

$ curl -s
https://packagecloud.io/install/repositories/desyncr/freenet/script.deb.sh
| sudo bash
$ apt install freenet

(maybe read the script before you directly execute it like this)

The debian package accompanies our existing 
[Gentoo-package](https://gitweb.gentoo.org/repo/gentoo.git/tree/net-p2p/freenet)
 which spearheaded packaging completely from source, and the [Arch aur 
package](https://aur.archlinux.org/packages/freenet).


## Tools: media-site and freenetbrowser

Two new tools simplify publishing media in Freenet and using freenet
with stronger protections.

- Generate Media Site is a utility to create sites with streaming media on 
demand.
  https://github.com/freenet/generate-media-site/
- freenetbrowser auto-generates a separate browser-profile on GNU/Linux
  and can install a Freenet node with randomized IP and Port, preventing
  port detection (for example by unsafe local services).
  https://github.com/freenet/browser

After installing `freenetbrowser` (see the README), you can visit the example 
page for generate media site with:

freenetbrowser --install 
USK@rQnuHCVpf7BHcsZHBt911K3-iaELN1u1Vg0fzxDRq7k,I1vFYWONhGfECHr9XD-1lKxxstr64rF4dTykcMq9swY,AQACAAE/gms/6/

This provides a simple streaming setup and a handler for Freenet URIs.


A big thank you to all contributors and reviewers
for getting this release in shape!

And thank you for using Freenet!


## Contribute

If you want to help us get better, please chat with us in https://web.libera.chat/?nick=FollowRabbit|?#freenet" id="chatlink" 
class="btn button-custom btn-custom-two">#freenet @ irc.libera.chat. And 
give us time to answer, we’re all volunteers and might not be in your timezone.

To get into development right-away, have a look at one of the 

Re: little RFC: Limiting who receives local requests

[Dr. Arne Babenhauserheide]

Added discussion from FMS:

glenn@Oqb95agYHNenFlHLfHed92ZLbRRs0O4xHihnsmnIDQs wrote :
> What's the threat we are most worried about?

The biggest threat about requests in opennet is connecting to all nodes and 
spying on their requests.

But the actual biggest threat is finding uploaders.

> It's plausible that it offers some protection against a small number of nodes 
> trying to monitor a large portion of the network.
> 
> As I said in a previous post: If the attackers doesn't rely on location 
> hopping and just runs many nodes it might increase the chance of sending 
> local requests to the attackers.

Yes, that’s what I’m worried about.

> Can we estimate how long it takes to become a top 50% node on average? Hours? 
> Days? Months?

For an established node, old nodes in the vicinity will keep a higher
score. Even nodes with only 2h uptime per day will build up a high score
over time and a new node will need about 10% of the time the other nodes
have been active.

An unintended effect could be that local requests get sent mostly to
nodes with a similar location, because these will be found again when
connecting the next time. That would increase the average hops to
content by one hop.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: little RFC: Limiting who receives local requests

[Dr. Arne Babenhauserheide]

"Dr. Arne Babenhauserheide"  writes:
> An unintended effect could be that local requests get sent mostly to
> nodes with a similar location, because these will be found again when
> connecting the next time. That would increase the average hops to
> content by one hop.

I see a way to use this to find out exactly whether a given node is the
originator: When you see suspicious requests with a long-lived node,
connect to the target with a short-lived node. If the short-lived node
receives none of the suspicious requests, you know *without a doubt* that
the target is the originator.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

little RFC: Limiting who receives local requests

[Dr. Arne Babenhauserheide]

Hi,


I’d like to start a discussion on the local request protections by
Trivuele: https://github.com/freenet/fred/pull/778 — please comment.

I’ve been reviewing the patches by Trivuele, and I really like the idea
of limiting who receives local requests.


At the same time I’m worried, though. I see two dangers:

- We have less peers we send those requests to, so high-speed nodes that
  actually respond to requests get better statistics. They will get a
  bit less than twice as many local requests than they would get
  otherwise.

- New nodes in the network will not receive any local requests, so they
  will only route half as many HTL18 requests. A new node will therefore
  have not only half the anonymity set against an attacker, but also
  only half the cover traffic.


Also this further centralizes routing on a core of very fast nodes.


The advantage is that this change disarms the attack of regularly
changing the opennet location to do superficial surveillance of many
nodes. You then need to provide actual long-lived high bandwidth nodes
to do any kind of surveillance against local requests.


Please comment what you think. Do we need additional protections for new
nodes?


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: little RFC: Limiting who receives local requests

[Dr. Arne Babenhauserheide]

"Dr. Arne Babenhauserheide"  writes:
> - New nodes in the network will not receive any local requests, so they
>   will only route half as many HTL18 requests. A new node will therefore
>   have not only half the anonymity set against an attacker, but also
>   only half the cover traffic.

Also the HTL18 requests that new nodes do receive will be more specific
to their location, so they might be distinguishable from their local
requests.

Thoughts:

- Initial random routing could solve that problem (see
  https://github.com/freenet/fred/pull/529 ), but initial random routing
  actually makes correlation attacks easier, because it removes the
  requirement to know the FOAFs to do the statistics. Knowing all the
  CHKs for a given file would be a more powerful attack.

- Reducing the probability to decrement HTL18 could increase the cover
  traffic again — 75% to forward HTL18 unchanged would balance this
  change. To avoid increasing the average distance from senders, that
  might require reducing
  Node.canWriteDatastoreRequest to maxHTL - 1,
  and
  Node.canWriteDatastoreInsert to maxHTL - 2.

- The impact is limited, because our peers route by our FOAFs, and since
  we’re most likely already close to their location.


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Please test the new Windows Installer

[Dr. Arne Babenhauserheide]

Hi,

If you run Windows, could you try the new Freenet installer with the
wintray-improvements from naejadu?

- Does it install Freenet correctly?
- Does in install Java?
- Does the tray detect an existing or newly installed Java?

https://github.com/freenet/wininstaller-innosetup/releases/download/build01493-new-installer-test-2/FreenetInstaller-1493-new-installer-2.exe

Sources and changes: https://github.com/freenet/wintray/commits/master

Best wishes,
Arne


"Dr. Arne Babenhauserheide"  writes:

> [[PGP Signed Part:Good signature from DCCF0DB30BC10548 Arne Babenhauserheide 
> (Physikliebhaber, Hobbysänger und Ideenspringquell)  (trust 
> ultimate) created at 2022-06-12T01:20:19+0200 using RSA
> Good signature from 13EF8D452403C3EB Arne Babenhauserheide (Drak) 
>  (trust ultimate) created at 2022-06-12T01:20:19+0200 using 
> RSA]]
> Hi,
>
>
> There is already a pretty nice collection of changes in the pipeline for
> 1494 (see https://github.com/freenet/fred/pulls ), but four of the
> pull-requests still need a review to be able to release:
>
>
> - randomize pitch black defense times
>   https://github.com/freenet/fred/pull/747
>   (this one is important for the long-term viability of Freenet!)
>
> - m3u-player: more robust sizes, do not use overlay for audio.
>   https://github.com/freenet/fred/pull/768
>   (this enables *convenient* samizdat radio on Freesites!)
>
> - add opens jvmargs when building on java 17
>   https://github.com/freenet/fred/pull/769
>   (important to have an easier start for new contributors)
>
> - remove old unconditional logging line
>   https://github.com/freenet/fred/pull/770
>   (that’s a simple cleanup)
>
>
> Please look into them — I cannot review them myself, because I added
> them, and we need at least four eyes on every change for basic safety.
>
>
> Also if you have some knowledge about our RequestStarter logic, please
> have a look at https://github.com/freenet/fred/pull/777/files
>
> According to Trivuele that improves throttling of local requests
> significantly, because the existing logic was pretty inconsistent over
> time, but I don’t understand the old logic well enough to see whether
> the old behavior was a bug or whether there was a point to it.
>
>
> Best wishes,
> Arne


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Reviews needed for Freenet 1494

[Dr. Arne Babenhauserheide]

Hi,


There is already a pretty nice collection of changes in the pipeline for
1494 (see https://github.com/freenet/fred/pulls ), but four of the
pull-requests still need a review to be able to release:


- randomize pitch black defense times
  https://github.com/freenet/fred/pull/747
  (this one is important for the long-term viability of Freenet!)

- m3u-player: more robust sizes, do not use overlay for audio.
  https://github.com/freenet/fred/pull/768
  (this enables *convenient* samizdat radio on Freesites!)

- add opens jvmargs when building on java 17
  https://github.com/freenet/fred/pull/769
  (important to have an easier start for new contributors)

- remove old unconditional logging line
  https://github.com/freenet/fred/pull/770
  (that’s a simple cleanup)


Please look into them — I cannot review them myself, because I added
them, and we need at least four eyes on every change for basic safety.


Also if you have some knowledge about our RequestStarter logic, please
have a look at https://github.com/freenet/fred/pull/777/files

According to Trivuele that improves throttling of local requests
significantly, because the existing logic was pretty inconsistent over
time, but I don’t understand the old logic well enough to see whether
the old behavior was a bug or whether there was a point to it.


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Freenet 1494-pre1 testing release

[Dr. Arne Babenhauserheide]

Hi,


I just created a testing release for 1494:
https://github.com/freenet/fred/releases/tag/build01494-pre1


changes:

- Show a user alert (once every Freenet update) if the datastore is
  below 10% of available space with a link to the store size wizard page
  to make it easy to increase the store — thanks to Trivuele

- Do not store blocks in the cache, if they are eligible for the store
  (should increase usable cache size) — thanks to Trivuele

- m3u-player: more robust sizes, do not use overlay for audio. This
  finally enables convenient Samizdat Radio

- randomize pitch black defense times and wait at least 12 hours
  between pitch black mitigations to prevent timing attacks

- bandwidth settings: parse bit suffix correctly

- improve /imagecreator/ — thanks to Oleh from Redwerk

- Disable write local to datastore functionality when opennet is
  enabled; it can be useful on a small darknet, but on opennet it
  makes it easier to find downloaders. — thanks to Trivuele

- make it easier to build fred without network access — thanks to Trivuele

- fix build with modern Java: add opens jvmargs on java 17

- fix: a FOAF mitigation wasn’t operational, because it lacked a
  conversion to percent. — thanks to freedom-of-depression

- remove Frost on ChatForumsToadlet from non-updated translations
  (removed 2019 from the original english)

- fix parts of the German translation


This also includes the new Windows installer (thanks to naejadu) that
should now recognize an already installed Java.

Note that the Freenet installer now needs Java 10 or higher. If no Java
is found, it provides Adoptium OpenJDK 11. Also thanks to using the new
Adoptium the size is below 100MiB again.


Best wishes,
AB


signature.asc
Description: PGP signature

Re: Reviews needed for Freenet 1495 +not 1494+

[Dr. Arne Babenhauserheide]

Sorry for the typo. We need people to check the pull-requests. I’m not
merging anything into fred (=autoupdate) not seen by at least 2 people
(author + reviewer) to ensure that if I merged something without review
this would raise red flags and get many people to check that.

That protects Freenet against being corrupted by putting pressure on me
(or any other release-manager).

Best wishes,
Arne

"Dr. Arne Babenhauserheide"  writes:

> [[PGP Signed Part:Good signature from DCCF0DB30BC10548 Arne Babenhauserheide 
> (Physikliebhaber, Hobbysänger und Ideenspringquell)  (trust 
> ultimate) created at 2022-10-01T01:20:40+0200 using RSA
> Good signature from 13EF8D452403C3EB Arne Babenhauserheide (Drak) 
>  (trust ultimate) created at 2022-10-01T01:20:40+0200 using 
> RSA]]
> Hi,
>
>
> We have pretty cool changes in the pipeline for 1495, but several of
> those still need reviews.
>
>
> The following changes are already ready to be merged and need no further
> review:
> https://github.com/freenet/fred/pulls?q=is%3Apr+is%3Aopen+label%3AreadyToBeMerged
>
> I’m especially happy that I finally got to resolve the conflicts in
> Eleriseth pending keys: https://github.com/freenet/fred/pull/404 This
> has the potential of reducing the CPU load for fast nodes and for WoT a
> lot.
>
> The healing size increase to 250MiB should increase the lifetime of
> large files a lot. Healing just didn’t work well for bigger files,
> because the limit was too low (it healed at most 16MiB, so many files
> bigger than 32MiB could not be healed fully by one access).
>
> (Also there are already two CSS improvements — and one more CSS
> improvement and a dark theme to file as PR in my TODO list; I’ll try to
> file them soon!)
>
>
> But there are a lot more pull-requests that still need review. They
> include the new firsttime wizard by redwerk (I finally managed to add
> the needed dependency tracking), work on bookmarks, announcement fixes
> and an improvement to the m3u-player (skip to the next track if a
> download failed, so you can keep it running like radio).
>
> So if you can make some time, please have a look at one of the pull
> requests that is not yet marked as readyToBeMerged:
> https://github.com/freenet/fred/pulls
>
>
> Thank you for your interest in Freenet!
>
>
> Best wishes,
> Arne


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Reviews needed for Freenet 1494

[Dr. Arne Babenhauserheide]

Hi,


We have pretty cool changes in the pipeline for 1495, but several of
those still need reviews.


The following changes are already ready to be merged and need no further
review:
https://github.com/freenet/fred/pulls?q=is%3Apr+is%3Aopen+label%3AreadyToBeMerged

I’m especially happy that I finally got to resolve the conflicts in
Eleriseth pending keys: https://github.com/freenet/fred/pull/404 This
has the potential of reducing the CPU load for fast nodes and for WoT a
lot.

The healing size increase to 250MiB should increase the lifetime of
large files a lot. Healing just didn’t work well for bigger files,
because the limit was too low (it healed at most 16MiB, so many files
bigger than 32MiB could not be healed fully by one access).

(Also there are already two CSS improvements — and one more CSS
improvement and a dark theme to file as PR in my TODO list; I’ll try to
file them soon!)


But there are a lot more pull-requests that still need review. They
include the new firsttime wizard by redwerk (I finally managed to add
the needed dependency tracking), work on bookmarks, announcement fixes
and an improvement to the m3u-player (skip to the next track if a
download failed, so you can keep it running like radio).

So if you can make some time, please have a look at one of the pull
requests that is not yet marked as readyToBeMerged:
https://github.com/freenet/fred/pulls


Thank you for your interest in Freenet!


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

infocalypse: version control over Freenet mostly works again with Python 3

[Dr. Arne Babenhauserheide]

Hi,


infocalypse is the awesome code-over-freenet tool created by djk 
and turned into an actual social coding tool by Steve (operhiem1), but
it has been broken in Python 3 for many years.

Last weekend I bit the bullet and spent a day (well, an evening, a night,
and a day) to get the minimal roundtrip working again: clone your code
to Freenet, clone back to the local computer, commit, and push it back.
It was lots of annoying string-to-byte and byte-to-string handling, but
it got into a minimally working state!

Then Debora took it up and fixed fn-setup which creates your local
infocalypse environment (I still had mine around so I didn’t hit that
while testing) and sent a bundle with the changes over FMS. Thank you!

Infocalypse is not yet fixed completely, but its core workflow is
operational. (with WoT and without WoT)


We have a working code-over-freenet system again!


If you want to try it, first install:
- Mercurial https://www.mercurial-scm.org
- pyFreenet3 (pip3 install --user pyFreenet3)

Then get infocalypse and set it up:
hg clone hg.sr.ht/~arnebab/infocalypse ~/infocalypse
hg -R ~/infocalypse update py3
echo "[extensions]
infocalypse = ~/infocalypse/infocalypse
" >> ~/.hgrc


Then try the roundtrip:

# variables for the run, choose a WoT ID of your own
export WOT_ID=ArneBab
export UUID=$(uuidgen);

# create a new repository
rm -r /tmp/infocalypse-*
hg init /tmp/infocalypse-revived
cd /tmp/infocalypse-revived
echo "Follow the white rabbit" > looking-glass.txt
hg ci -Am "infocalypse"

# clone to Freenet and get it back
hg clone . freenet:${WOT_ID}/infocalypse-revived-$UUID
hg clone freenet:${WOT_ID}/infocalypse-revived-$UUID 
/tmp/infocalypse-averted

# do a change and push it into Freenet again, this time without WOT
cd /tmp/infocalypse-averted
echo "One pill makes you larger" >> looking-glass.txt
hg ci -m "And one pill makes you small, so you can roundtrip"
hg clone . USK@/infocalypse-averted


I’m really happy that infocalypse works again!

This gets us one step closer to self-sufficient development: Freenet
development could now be done by a group of pseudonymous people. We can
already release updates when all our centralized infrastructure is down
(if we decide to ship the old windows installer and let Windows boxes
update over Freenet; Microsoft requires centralized signing), now we can
actually do development over Freenet again.

We don’t yet know whether it will work with larger repositories like
fred (it used to, but back then the network was 3 times larger), and
we’ll have to check and possibly fix hg fn-reinsert so all contributors
can keep the repository working, but we finally have that in place
again.


A foundation of real information freedom in the internet — safe against
censorship by threat and by harassment and by flooding with noise.


Imagine a group of hackers living in remote or citybound meshnets,
connecting with solar-powered nodes to their friends while using their
pseudonymous developer IDs to check on pull-requests and merge their
work until they have a release they can insert to auto-update.

Known to the community for the good work they have been doing on Freenet
in the past, an unbound focus of Freenet development.


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: final review needed for 1495 (needed ASAP …)

[Dr. Arne Babenhauserheide]

"Dr. Arne Babenhauserheide"  writes:

> I need someone to review https://github.com/freenet/fred/pull/816 ASAP

David and Steve reviewed the PR — a big thank you to both of you!

The release is progressing. Looks like despite lots of Chaos we can make
it in time to release before the decentral Chaos ends this year!

Sidenote: I started to upload videos from https://media.ccc.de/c/jev22
to watch-36c3-incrementally, so if you still need something to watch
over the weekend, you can watch the jev22 without telling the CCC folks
that you do (not that I expect any risk from that …) and without
overloading their servers (the streams I’m watching have been quite
spotty, so that might actually be useful: watch-36c3 will scale up as
much as needed, if people use it).

USK@KxGwMvg~cXm5hs1ZX4NSH~I8fYyqcQD-~8dDdtmDs18,gKSJ4JQ4E1s2Pi-C1iKnfcpWp2pTmcOLaAz6PsogCpw,AQACAAE/watch-36c3-incrementally/86/

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

final review needed for 1495 (needed ASAP …)

[Dr. Arne Babenhauserheide]

Hi,

I need someone to review https://github.com/freenet/fred/pull/816 ASAP

My window for releasing 1495 safely this year is closing quickly and
that bugfix for the new first time wizard resolves a hard release
blocker.

with JS enabled, a new install redirected from /wizard to /wiz with Javascript 
and then redirected back to /wizard due to the check for the first time wizard.

And filling out the first time wizard did not set the wizard filled out flag, 
so new users with Javascript enabled wouldn’t be able to get out of the wizard 
whatever they did.


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Freenet build 1496 released: fix keepalive, translations, windows

[Dr. Arne Babenhauserheide]

Freenet 0.7.5 build 1496 is now available.

> **Install Freenet** for **[Windows][windows-installer]**, for **[GNU/Linux, 
> macOS and other *nixes][linux-installer]**, or for 
> **[Android][android-package]**. See the [download page][download page] for 
> more information and other platforms.


This is a smaller release that provides three improvements and fixes
one regression:

- fix keepalive
- update translations
- new freemail info page
- installer, test and charset fixes


[windows-installer]: 
https://www.draketo.de/dateien/freenet/build01496/FreenetInstaller-1496.exe
[linux-installer]: 
https://www.draketo.de/dateien/freenet/build01496/new_installer_offline_1496.jar

(This still goes over the non-standard download-page. 1497 should use
the lysator-mirror again. Please use one of these mirrors — we found
that github releases heavily throttle our download-speeds)


Fix keepalive
-

This fixes breakage in keepalive by ignoring a negative maxsize.
This was broken by a fix to the client
to actually honor the maxsize which was ignored before,
so ignoring invalid values provides a compatibility layer
for old plugins.


Update translations
---

Imported updated translations from transifex.

The biggest changes were done by the Russian team,
adding or updating almost 200 translations.

The German team changed over 70 translations.

And 1 to 7 changes were done by teams
es, fa, fi, fr, hu, it, ja, nb-no,
nl, pt (br and PT), sv, zh-cn and zh-tw.

A big thank you for your work!


Bookmark curation
-

The update replaces the unmaintained freemail site in the default bookmarks
by a maintained one — thanks to Cynthia!


Further changes
---

- add meta charset tests
- add missing test annotations — thanks to vwoodzell!
- when using the windows installer to update, wrapper.conf will be overwritten
  to make it work with changed dependencies. Thanks to naejadu!
- support  in the header of freesites to set the encoding


A big thank you to all contributors and reviewers
for getting this release in shape!

And thank you for using Freenet!


Remaining known bug
---

There is one known problem with the installer that can cause Freenet
to stay in friend-to-friend mode (not connecting) even when you do not
check that you know people using Freenet. If that should happen to you
and you want to connect to strangers, please check in the menu
configuration - security levels and set the protection against
strangers to normal.

This should get fixed in 1497.


## Contribute

If you want to help us get better, please chat with us in
freenet @ irc.libera.chat . And 
give us time to answer, we’re all volunteers and might not be in your timezone.

To get into development right-away, have a look at one of the
Freenet-Projects (https://github.com/freenet/wiki/wiki/Projects) or just
get  fred (https://github.com/freenet/fred) and fix something that annoys you.

And to take on something that makes a big difference, have a look at the
high-impact tasks (https://github.com/freenet/wiki/wiki/High-Impact-tasks).


## What is Freenet?

Freenet is a peer-to-peer platform for  
censorship-resistant and privacy-respecting  
publishing and communication.

> I worry about my child and the Internet all the time, even though
> she's too young to have logged on yet. Here's what I worry about. I
> worry that 10 or 15 years from now, she will come to me and say
> 'Daddy, where were you when they took freedom of the press away from
> the Internet? --Mike Godwin, Electronic Frontier Foundation

That Freenet can keep moving forward and help people worldwide to
exercise their basic rights and freedoms is the work of amazing
volunteers, both contributors and people running Freenet nodes.

Thank you for your contributions, and thank you for using Freenet!


\-- AB


> **Install Freenet** for **[Windows][windows-installer]**, for **[GNU/Linux 
> and other *nixes][linux-installer]**, or for **[Android][android-package]**. 
> See the [download page][download page] for more information and other 
> platforms.



[releasetag1496]: https://github.com/freenet/fred/releases/tag/build01496
[download page]: pages/download.html
[windows-installer]: 
https://www.draketo.de/dateien/freenet/build01496/FreenetInstaller-1496.exe
[linux-installer]: 
https://www.draketo.de/dateien/freenet/build01496/new_installer_offline_1496.jar
[android-package]: https://freenet-mobile.github.io/app/
[debian-package-beta-test]: 
https://www.mail-archive.com/devl@freenetproject.org/msg55247.html

-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Freenet build 1495 released: new user experience and performance

[Dr. Arne Babenhauserheide]

Hi,


Freenet 0.7.5 build 1495 is now available:
https://freenetproject.org/freenet-build-1495-new-user-experience-and-performance.html


This build improves four broad areas:

- new users
- user experience
- performance
- backend changes


New users
-

There is a new firsttime wizard for single-step setup, contributed
by redwerk and finally merged after resolving dependency-requirements.

To further ease the start, the bookmarks are re-organized with
"starting points" at the top.


User experience
---

For integration in browser extensions,  TheSeeker added support for
the schemes web+freenet and ext+freenet which do not need further
allow-listing by browsers to use.

CometZ@6DtYG~ created a new theme sky-dark-static, a clean dark scheme,
simpler than Winterfacey.

To enable more beautiful Freesites, Spider Admin, naejadu and vwoodzell
extended the CSS filter to enable sticky, transition, and word-wrap.

The m3u-player is now only inserted into sites which contain at least
one video or audio tag. When a part of a stream fails, it is now skipped,
allowing for continuous playback without user-intervention.


Performance
---

For better lifetime of larger files, the healing size is increased
from 16 to 256 MiB, so a 512 MiB file will keep working if accessed
once every 10 days. To keep alive files explicitly, you can use the
keepalive plugin. You can activate it from the menu via
Configuration / Plugins.

And the pending keys optimizations by Eleriseth should reduce the CPU
load on very fast nodes with many peers.


Backend Changes
---

- merged the HashingAPI by unixninja92, a GSoC project that had
  gotten lost in the pull requests. This provides an easy and
  well-tested way to create and verify different types of Hashes from byte
  arrays, including Sha256 and TigerTree.
  https://github.com/freenet/fred/pull/258
- merged announcement fixes by toad
- upgraded unit tests to junit4, thanks to vwoodzell!
- fixed the client getter method to honor the max size argument


A big thank you to all contributors and reviewers
for getting this release in shape!

And thank you for using Freenet!


## Contribute

If you want to help us get better, please chat with us in #freenet @
irc.libera.chat. And give us time to answer, we’re all volunteers and
might not be in your timezone.

- libera.chat: https://web.libera.chat/?nick=FollowRabbit|?#freenet

To get into development right-away, have a look at one of the
Freenet-Projects or just get fred and fix something that annoys you. And
to take on something that makes a big difference, have a look at the
high-impact tasks.

- Freenet-Projects: https://github.com/freenet/wiki/wiki/Projects
- fred: https://github.com/freenet/fred
- High-Impact Tasks: https://github.com/freenet/wiki/wiki/High-Impact-tasks


## What is Freenet?

Freenet is a peer-to-peer platform for  
censorship-resistant and privacy-respecting  
publishing and communication.

> I worry about my child and the Internet all the time, even though
> she's too young to have logged on yet. Here's what I worry about. I
> worry that 10 or 15 years from now, she will come to me and say
> 'Daddy, where were you when they took freedom of the press away from
> the Internet? --Mike Godwin, Electronic Frontier Foundation

That Freenet can keep moving forward and help people worldwide to
exercise their basic rights and freedoms is the work of amazing
volunteers, both contributors and people running Freenet nodes.

Thank you for your contributions, and thank you for using Freenet!


- Arne Babenhauserheide
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Test release for Freenet 1495

[Dr. Arne Babenhauserheide]

Hi,


I’m pushing a test release for 1495 right now. If you want to help test it, you 
can change the update key of your node to 
USK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/jar/1494

(see http://127.0.0.1:/config/node.updater?fproxyAdvancedMode=2 )

Release notes:

- descriptions: 
SSK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/changelog-1495?type=text/plain
- technical: 
SSK@wytBz~rduWSo9-MmVW4AVqY3ESebPPCP9vC-eSxe-vg,mZqWi0sHmhn5kt0idu-~K4pk~~8eNXxMeYen73FOfA8,AQACAAE/fullchangelog-1495?type=text/plain

If no bigger problems crop up, this will become the release for 1495.


New users
-

There is a new firsttime wizard for single-step setup, contributed
by redwerk and finally merged after resolving dependency-requirement.

To further ease the start, the bookmarks are re-organized with
"starting points" at the top.


User experience
---

For integration in browser extensions,  TheSeeker added support for 
the schemes web+freenet and ext+freenet which do not need further
allow-listing by browsers to use.

CometZ@6DtYG~ created a new theme sky-dark-static, a clean dark scheme,
simpler than Winterfacey.

To enable more beautiful Freesites, Spider Admin, naejadu and vwoodzell
extended the CSS filter to enable sticky, transition, and word-wrap.

The m3u-player is now only inserted into sites which contain at least
one video or audio tag. When a part of a stream fails, it is now skipped,
allowing for continuous playback without user-intervention.


Performance
---

For better lifetime of larger files, the healing size is increased
from 20 to 320 MiB, so a 320 MiB file will keep working if accessed
once every 10 days.

And the pending keys optimizations by Eleriseth should reduce the CPU
load on very fast nodes with many peers.


Further technical improvements
--

- finally merged the HashingAPI by unixninja92, a GSoC project that had
  gotten lost in the pull requests. This provides an easy and
  well-tested way to create and verify different types of Hashes from byte
  arrays, including Sha256 and TigerTree.
  https://github.com/freenet/fred/pull/258
- old announcement fixes by toad were finally merged
- unit tests were upgraded to junit4, thanks to vwoodzell!
- the client getter method now honors the max size argument


Thank you for using Freenet!


Contribute
--

If you want to help us get better, please chat with us in #freenet @
libera chat. And give us time to answer, we’re all volunteers and might
not be in your timezone: https://web.libera.chat/?nick=Rabbit|?#freenet

To get into development right-away, have a look at one of the Freenet-Projects 
or just get fred and fix something that annoys you.
- https://github.com/freenet/wiki/wiki/Projects
- https://github.com/freenet/fred

And to take on something that makes a big difference, have a look at the
high-impact tasks: https://github.com/freenet/wiki/wiki/High-Impact-tasks).


What is Freenet?


Freenet is a peer-to-peer platform for  
censorship-resistant and privacy-respecting  
publishing and communication.

> I worry about my child and the Internet all the time, even though
> she's too young to have logged on yet. Here's what I worry about. I
> worry that 10 or 15 years from now, she will come to me and say
> 'Daddy, where were you when they took freedom of the press away from
> the Internet? --Mike Godwin, Electronic Frontier Foundation

That Freenet can keep moving forward and help people worldwide to 
exercise their basic rights and freedoms is the work of amazing 
volunteers, both contributors and people running Freenet nodes. 

Thank you for your contributions, and thank you for using Freenet!


Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Important Announcement: Freenet naming change

[Dr. Arne Babenhauserheide]

Ian Clarke  writes:
> You're speaking as if you speak on behalf of the Freenet community. Who 
> specifically are you speaking for and what gives you the ability to speak for
> them?

I share the sentiment. Steve spoke to me before sending this message,
and he also speaks for me, the release manager of Freenet. Also David,
Florent, and xor disagree strongly with the renaming plan. These are
most of the non-anonymous core developers of Freenet.

And the actual Freenet community that communicates on Freenet via FMS
and Sone is absolutely enraged over this.

Best wishes,
Arne

> On Tue, Jan 17, 2023 at 2:46 PM Steve Dougherty  wrote:
>  I'm surprised. I'm not sure what to say, or what reaction you and the
>  rest of the board expected.
>
>  This is another demonstration of a complete disconnect between the board
>  of FPI, and the community around Freenet. After giving up initial plans
>  to name Locutus "Freenet 2" in the face of backlash, you and the rest of
>  the board appear to now want still more of Freenet's brand recognition.
>  The hope seems to be that the Freenet community, having not been
>  consulted, and reasonably assumed to disagree, will undertake the effort
>  to rename themselves the Freenet Classic community.
>
>  I don't think this will happen. It would require buy-in, and it has
>  none.
>
>  - Steve


-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Important Announcement: Freenet naming change

[Dr. Arne Babenhauserheide]

Dear Freenet Contributors and Enthusiasts,

I want to clear up some of the confusion.

Ian Clarke  writes:
> I hope this email finds you well. I am writing to inform you of an important 
> change that the Freenet Project board voted on unanimously on Friday.
> After much discussion over the past 18 months

Ian wrote me private emails about his plan and I strongly objected. He
chose to ignore that. I do not know whether he talked to someone else.

There are no public archives, because these were just private emails.

After he agreed that others could email him, I talked to other release
managers and core developers.⁰ It is a shared understanding that this
renaming would damage Freenet. We had hoped that Ian would not go
through with this, so we did not write in public to prevent damage to
the project.

After he now wrote, the damage is done. We can only try to minimize it.

⁰: Before he said that other developers can contact him, I held it as a
   confidential discussion out of respect for the privacy of personal
   communication.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Important Announcement: Freenet naming change

[Dr. Arne Babenhauserheide]

Ian Clarke  writes:
> Apologies to mutt users, but Freenet's mainstream brand recognition has been 
> on an uninterrupted
> downward trajectory since 2004:
>
> freenet-trend.png

You are showing the US-trend. Let’s look at the trend in a country where
there was PR done:


This is the trend in Germany, and you’ll see it going up again in the
past year where I gave a presentation for a German non-profit.

What was missing for spreading was not technical. Missing was that we
did not talk enough in public about Freenet.

And brand recognition is good among long term internet freedom
activists, but only for the scope and use-cases of the current Freenet,
not for the different scope of Locutus.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Important Announcement: Freenet naming change

[Dr. Arne Babenhauserheide]

Ian Clarke  writes:

> I know exactly who he is, I was asking who he was speaking on behalf
> of since he was claiming to speak on behalf of the "Freenet
> community", quite a bold claim.

He did not claim that. It’s just how it seemed to you.

Yet despite not claiming it, Steve actually has the backing of the other
core developers and maintainers. And from what I’ve seen in the Freenet
community spaces, he also has the backing of the Freenet community.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Important Announcement: Freenet naming change

[Dr. Arne Babenhauserheide]

Ian Clarke  writes:

> On Wed, Jan 18, 2023 at 11:40 AM Dr. Arne Babenhauserheide  
> wrote:
>
>  Ian Clarke  writes:
>  > What "room"? I've already said, the constituency I care about is the next 
> generation. You don't speak for them.
>
>  You do not care about the currently existing, vibrant Freenet Community?
>
> I care about the maintainers and users of Fred, and I've said I do

This is the room that Freenet304987 is talking about.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Important Announcement: Freenet naming change

[Dr. Arne Babenhauserheide]

Ian Clarke  writes:
> What "room"? I've already said, the constituency I care about is the next 
> generation. You don't speak for them.

You do not care about the currently existing, vibrant Freenet Community?

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: infocalypse: version control over Freenet mostly works again with Python 3

[Dr. Arne Babenhauserheide]

Hi,

DC*  writes:
> Thanks for looking into this. This project is really cool and promising.
>
> Hope I can give it a try soon. Keep up the good work!

Thank you for your answer!

The full version tracking roundtrip over Freenet — including
*pull-request* and *notifications* — works again! And there is now a
doc/usage.org file with a full interaction example.

And thanks to tactical enabling of the RealTimeFlag, it now needs 80%
less time in my tests.


If you want to try it, first install:
- Mercurial https://www.mercurial-scm.org
- pyFreenet3 (pip3 install --user pyFreenet3)

Then get infocalypse and set it up:
hg clone hg.sr.ht/~arnebab/infocalypse ~/infocalypse
hg -R ~/infocalypse update py3
echo "[extensions]
infocalypse = ~/infocalypse/infocalypse
" >> ~/.hgrc

For pull-requests, you need two Identities. None of them may be a prefix
of the other. Both must have enabled Freemail in the web interface (set
a non-empty password!) and stored the login settings via

hg fn-setupfreemail --truster TestBab-2@ --mailhost 
127.0.0.1

I use TestBab-1 and TestBab-2 in this example.

Then try the roundtrip:

# Variables for the run, choose two WoT IDs of your own, do not use
# the same: you cannot message yourself yet.
export WOT_ID1=TestBab-1
export WOT_ID2=TestBab-2
export N=$(uuidgen);

# Cleanup
rm -r /tmp/infocalypse-*
cd /tmp

# Prepare first repository
hg init infocalypse-revived-${N}
cd infocalypse-revived-${N}
echo "Follow the white rabbit" > looking-glass.txt
hg ci -Am "infocalypse"
cd ..

# Share the repo
hg clone infocalypse-revived-${N} 
freenet://${WOT_ID1}/infocalypse-revived-${N}

# Get a repo and add changes
hg clone freenet://${WOT_ID1}/infocalypse-revived-${N} 
infocalypse-averted-${N}
cd infocalypse-averted-${N}
echo "One pill makes you larger" >> looking-glass.txt
hg ci -m "And one pill makes you small, so you can roundtrip"

# Share the repo and file a pull-request
hg clone . freenet://${WOT_ID2}/infocalypse-averted-${N}
# the . means "the current folder"
hg fn-pull-request --wot ${WOT_ID1}/infocalypse-revived-${N} --mailhost 
127.0.0.1 # enter a message
cd ..

# give the pull-request 5 minutes of time to propagate
sleep 5m

# Check for pull-requests, then pull and share the changes
cd infocalypse-revived-${N}
hg fn-check-notifications --wot ${WOT_ID1} --mailhost 127.0.0.1
hg pull -u freenet://${WOT_ID2}/infocalypse-averted-${N}
hg push freenet://${WOT_ID1}/infocalypse-revived-${N}
cd ..


The result of hg fn-check-notifications --wot TestBab-1 --mailhost 127.0.0.1:

Found pull request from 
'testbab-2@4ev53r3crqpgc7yftwjl2qjtqfds6d4lipi7jbofw7qwksplm3na.freemail':

testifoo

bar
baz


To accept this request, pull from: 
freenet://USK@4Svdx2KMHmF-BZ2SvUEzgUcvD4tD0fSFxbfhZUnrZto,Qp2rRpMpSLFNEvMfcQCw5HH8vkDnhYu-eYLskXAMXdk,AQACAAE/infocalypse-averted-f494c10b-7ffd-403b-8e69-033fee4db12a.R1/1
   To your repository: 
/tmp/infocalypse-revived-f494c10b-7ffd-403b-8e69-033fee4db12a
hg -R /tmp/infocalypse-revived-f494c10b-7ffd-403b-8e69-033fee4db12a pull 
'freenet://USK@4Svdx2KMHmF-BZ2SvUEzgUcvD4tD0fSFxbfhZUnrZto,Qp2rRpMpSLFNEvMfcQCw5HH8vkDnhYu-eYLskXAMXdk,AQACAAE/infocalypse-averted-f494c10b-7ffd-403b-8e69-033fee4db12a.R1/1'


That’s it: a full, anonymous, decentralized, pull-request based
workflow over Freenet.

Please give it a try and write how it works for you: whether it breaks
or whether it just works!

I only tested it locally and there may be some dependencies on my local
setup that we still need to prune.

Best wishes,
Arne

PS: I also posted this to reddit: 
https://www.reddit.com/r/Freenet/comments/ymw6uf/infocalypse_truly_decentralized_version_control/

>> I’m really happy that infocalypse works again!
>> 
>> This gets us one step closer to self-sufficient development: Freenet
>> development could now be done by a group of pseudonymous people. We can
>> already release updates when all our centralized infrastructure is down
>> (if we decide to ship the old windows installer and let Windows boxes
>> update over Freenet; Microsoft requires centralized signing), now we can
>> actually do development over Freenet again.
>> 
>> We don’t yet know whether it will work with larger repositories like
>> fred (it used to, but back then the network was 3 times larger), and
>> we’ll have to check and possibly fix hg fn-reinsert so all contributors
>> can keep the repository working, but we finally have that in place
>> again.
>> 
>> 
>> A foundation of real information freedom in the internet — safe against
>> censorship by threat and by harassment and by flooding with noise.
>> 
>> 
>> Imagine a group of hackers living in remote or citybound meshnets,
>> connecting with solar-powered nodes to their friends while using their
>> pseudonymous developer IDs to check on pull-requests and merge their

Remaining reviews needed to release Freenet 1495

[Dr. Arne Babenhauserheide]

Hi,


We’re getting ever closer to release. I merged the already reviewed
pull-requests, but some important PRs remain so we can release. Please
help getting these reviewed!


Small or simple reviews:

- only include the inline m3u player if the page contains media-tags
  https://github.com/freenet/fred/pull/802

- bookmarks: add infocalypse and pyFreenet sharesite
  https://github.com/freenet/fred/pull/801

- add sky-dark-static theme by CometZ@6DtYG~
  https://github.com/freenet/fred/pull/796

- m3u-player: skip tracks that fail.
  https://github.com/freenet/fred/pull/795

- Client getter honor max size argument
  https://github.com/freenet/fred/pull/794


More complex review:

- Redesign firsttime wizard (updating the PR from redwerk)
  https://github.com/freenet/fred/pull/790
  (this needs review of the changes I added to ship the needed dependencies)


Once the pull-requests above are reviewed, we can finally release 1495
with pretty cool improvements:

- new firsttime wizard (single-step joining with clearer defaults)
- Add web+freenet and ext+freenet as supported schemas to support
  extensions. Thanks to TheSeeker
- healing size increased (better lifetime for popular files)
- CSS: enable sticky — thanks to Spider Admin
- CSS: enable transition and word-wrap — thanks to naejadu, thanks to
  vwoodzell for the review!
- Eleriseth pending keys merged (performance)
- re-organize default bookmarks: first section has "starting points",
  thanks to vwoodzell for the review!
- new theme: sky-dark-static
- m3u-player: only inline the m3u player if the page contains media tags
- m3u-player: skip broken files
- Client getter honor max size argument
- finally merged the HashingAPI by unixninja92, a GSoC project that had
  gotten lost in the pull requests. This provides an easy and
  well-tested way to create and verify different types of Hashes from
  byte arrays, including Sha256 and TigerTree.
  https://github.com/freenet/fred/pull/258
- upgrade unit tests to junit4, thanks to vwoodzell!
- old announcement fixes by toad finally merged



The following PR does not block the release, because it needs conceptual
review to ensure that we won’t get problems when deploying in a large
network, and that we don’t make it easier to observe behavior. The
existing logic seems to be problematic, but it does not break down
completely, and this is a pretty sensitive area:

- Trivuele batch 2: RequestStarter simplification and fixes
  https://github.com/freenet/fred/pull/777
  (it would be good to have more comments in this which explain the
  logic. There is somewhat detailed documentation in the commit message:
  
https://github.com/freenet/fred/pull/777/commits/984ad3f81a4374a8fe2d55cdec21ba92ab990082
  )


Finally, this is one of the two remaining release blockers:

- Create initial Github CI flow
  https://github.com/freenet/fred/pull/775
  (this needs review to ensure that it cannot spill deployment or
   account information)


And if you want to help DC* finish the Debian package (to get to the
point where people can just apt install freenet), please have a look at

- Debian Package Continuation
  https://github.com/freenet/fred/pull/774


Best wishes,
Arne


We need people to check the pull-requests. I’m not merging anything into
fred (=autoupdate) not seen by at least 2 people (author + reviewer) to
ensure that if I merged something without review this would raise red
flags and get many people to check that.

That protects Freenet against being corrupted by putting pressure on me
(or any other release-manager).

So if you can make some time, please have a look at one of the pull
requests that is not yet marked as readyToBeMerged:
https://github.com/freenet/fred/pulls


Thank you for your interest in Freenet!


Best wishes,
Arne
--
What is Freenet?

Freenet is a peer-to-peer platform for
censorship-resistant and privacy-respecting
publishing and communication.

I worry about my child and the Internet all the time, even though
she's too young to have logged on yet. Here's what I worry about. I
worry that 10 or 15 years from now, she will come to me and say
'Daddy, where were you when they took freedom of the press away from
the Internet? --Mike Godwin, Electronic Frontier Foundation

That Freenet can keep moving forward and help people worldwide to
exercise their basic rights and freedoms is the work of amazing
volunteers, both contributors and people running Freenet nodes.

See https://freenetproject.org


signature.asc
Description: PGP signature

Re: Weird name on website

[Dr. Arne Babenhauserheide]

"Dr. Arne Babenhauserheide"  writes:
> Hello Marek,
>
> Marek Küthe  writes:
>> I was after a long time again on the website of Freenet
>> freenetproject.org. There I noticed that I am redirected to
>> https://www.hyphanet.org/index.html. Furthermore every name "Freenet"
>> was replaced with "Hyphanet" there. Is this intentional? Is there
>> perhaps a blog post about this? Is this an attack on Freenet?
>
> Hyphanet is the original Freenet.
>
> There is a post about this on the Freenet website that also gives links
> with further information:
>
> https://www.freenetproject.org/freenet-renamed-to-hyphanet.html
>
> Sorry for the confusion this causes.

And I’m sorry for being tightlipped about this. I expect that if you
read the mailinglist thread linked in the article, you’ll understand why
I think that this minimizes damage to the project.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Weird name on website

[Dr. Arne Babenhauserheide]

Hello Marek,

Marek Küthe  writes:

> I was after a long time again on the website of Freenet
> freenetproject.org. There I noticed that I am redirected to
> https://www.hyphanet.org/index.html. Furthermore every name "Freenet"
> was replaced with "Hyphanet" there. Is this intentional? Is there
> perhaps a blog post about this? Is this an attack on Freenet?

Hyphanet is the original Freenet.

There is a post about this on the Freenet website that also gives links
with further information:

https://www.freenetproject.org/freenet-renamed-to-hyphanet.html

Sorry for the confusion this causes.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Weird name on website

[Dr. Arne Babenhauserheide]

Nicolas Hernandez  writes:

>> There is a post about this on the Freenet website that also gives links
>> with further information:
>
>> https://www.freenetproject.org/freenet-renamed-to-hyphanet.html
> 404 on this page because of redirect

It does not redirect for you? That’s odd.

This is the redirect target:
https://www.hyphanet.org/freenet-renamed-to-hyphanet.html

>> Sorry for the confusion this causes.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature

Re: Is this the devl mailing list for Hyphanet/Freenet_Classic?

[Dr. Arne Babenhauserheide]

Hi,

>> Is this the devl mailing list for Hyphanet/Freenet_Classic?

freenetproject.org is the website for Hyphanet / the original Freenet.

"David Dernoncourt"  writes:
> While we're talking about good questions and the allocation of old
> resources, what happens to the seemingly large number of bitcoins that
> were donated to former-Freenet-now-Hyphanet?

The current developers of Hyphanet / the original Freenet have no access
to any of the donations that were made for Freenet, and except for
volunteer-hosted seednodes (thank you to the hosters!), we’re financing
the infrastructure of Hyphanet from our own pockets.

Regardless of what’s right or wrong, this is the reality on the ground
as I know it.

Best wishes,
Arne
-- 
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de


signature.asc
Description: PGP signature