[freenet-chat] Re: [freenet-support] Freenet 0.7
On Thu, Aug 31, 2006 at 01:12:53PM -0500, GeckoX wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I was in China last year. I was able to create a VPN connection in the US > with no problem. Most of the web didn't work, even SSL. SSH was completely > blocked as well, which is why I was surprised that I could connect via VPN > with no problems. This was in Beijing. I'm surprised SSL doesn't work - don't they _want_ to do business with the West? > > :brian > > ++ 31/08/06 15:31 +0100 - Matthew Toseland: > >On Thu, Aug 31, 2006 at 06:01:45PM +0400, Roman V. Isaev wrote: > >> On 08/31, Matthew Toseland wrote: > >> > > > Have you thought about that ignoring reset packets thing that was > >> > > > shown to make it possible to bypass The Great Firewall? I mean, I > >> > > > don't know too much about it, or if it'd be possible for > >> > > > freenetbut it might be worth looking in to. > >> > > That would involve platform-specific code, there's no way to do that > >> > > in > >> > > java. > >> > It's unnecessary anyway because it only applies to TCP. It does however > >> > tell us something very interesting and useful: The firewall is stateless > >> > !! > >> > They pick up forbidden keywords on a packet and then send a reset > >> > packet, they don't even delete later packets on the same connection > >> > because *they don't track connections at all* ! > >> > >> But they will do that, sooner or later. It's just a matter of time. Another > >> chunk of money for Cisco I guess... > > > >The interesting thing is you can connect to IRC and discuss forbidden > >keywords... Also that study is curious because I heard they block the > >whole page, rather than just interrupt it in the middle... > >-- > >Matthew J Toseland - toad at amphibian.dyndns.org > >Freenet Project Official Codemonkey - http://freenetproject.org/ > >ICTHUS - Nothing is impossible. Our Boss says so. > > > > >___ > >Support mailing list > >Support at freenetproject.org > >http://news.gmane.org/gmane.network.freenet.support > >Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support > >Or mailto:support-request at freenetproject.org?subject=unsubscribe > > - -- > - > Freedom is slavery. > Ignorance is strength. > War is peace. > -- George Orwell > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.7 (GNU/Linux) > > iD8DBQFE9yabSMrcfZpjDKERAhAaAKCsTD/S/I1eM/3VEd740nYZPhj6KgCgo/Mo > JZ+MtJuu0elkY8pTZLtdMSM= > =G9+A > -END PGP SIGNATURE- > ___ > Support mailing list > Support at freenetproject.org > http://news.gmane.org/gmane.network.freenet.support > Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support > Or mailto:support-request at freenetproject.org?subject=unsubscribe > -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -- next part -- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/support/attachments/20060901/0ba0993c/attachment.pgp>
Re: [freenet-chat] Re: [freenet-support] Freenet 0.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was in China last year. I was able to create a VPN connection in the US with no problem. Most of the web didn't work, even SSL. SSH was completely blocked as well, which is why I was surprised that I could connect via VPN with no problems. This was in Beijing. :brian ++ 31/08/06 15:31 +0100 - Matthew Toseland: On Thu, Aug 31, 2006 at 06:01:45PM +0400, Roman V. Isaev wrote: On 08/31, Matthew Toseland wrote: Have you thought about that ignoring reset packets thing that was shown to make it possible to bypass The Great Firewall? I mean, I don't know too much about it, or if it'd be possible for freenetbut it might be worth looking in to. That would involve platform-specific code, there's no way to do that in java. It's unnecessary anyway because it only applies to TCP. It does however tell us something very interesting and useful: The firewall is stateless !! They pick up forbidden keywords on a packet and then send a reset packet, they don't even delete later packets on the same connection because *they don't track connections at all* ! But they will do that, sooner or later. It's just a matter of time. Another chunk of money for Cisco I guess... The interesting thing is you can connect to IRC and discuss forbidden keywords... Also that study is curious because I heard they block the whole page, rather than just interrupt it in the middle... -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] - -- - Freedom is slavery. Ignorance is strength. War is peace. -- George Orwell -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFE9yabSMrcfZpjDKERAhAaAKCsTD/S/I1eM/3VEd740nYZPhj6KgCgo/Mo JZ+MtJuu0elkY8pTZLtdMSM= =G9+A -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Re: [freenet-support] Freenet 0.7
On Thu, Aug 31, 2006 at 01:12:53PM -0500, GeckoX wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was in China last year. I was able to create a VPN connection in the US with no problem. Most of the web didn't work, even SSL. SSH was completely blocked as well, which is why I was surprised that I could connect via VPN with no problems. This was in Beijing. I'm surprised SSL doesn't work - don't they _want_ to do business with the West? :brian ++ 31/08/06 15:31 +0100 - Matthew Toseland: On Thu, Aug 31, 2006 at 06:01:45PM +0400, Roman V. Isaev wrote: On 08/31, Matthew Toseland wrote: Have you thought about that ignoring reset packets thing that was shown to make it possible to bypass The Great Firewall? I mean, I don't know too much about it, or if it'd be possible for freenetbut it might be worth looking in to. That would involve platform-specific code, there's no way to do that in java. It's unnecessary anyway because it only applies to TCP. It does however tell us something very interesting and useful: The firewall is stateless !! They pick up forbidden keywords on a packet and then send a reset packet, they don't even delete later packets on the same connection because *they don't track connections at all* ! But they will do that, sooner or later. It's just a matter of time. Another chunk of money for Cisco I guess... The interesting thing is you can connect to IRC and discuss forbidden keywords... Also that study is curious because I heard they block the whole page, rather than just interrupt it in the middle... -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] - -- - Freedom is slavery. Ignorance is strength. War is peace. -- George Orwell -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFE9yabSMrcfZpjDKERAhAaAKCsTD/S/I1eM/3VEd740nYZPhj6KgCgo/Mo JZ+MtJuu0elkY8pTZLtdMSM= =G9+A -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-chat] Re: [freenet-support] Freenet 0.7
Meh...depends where you're at. It's not one giant firewallit's a regional thing. Beijing must just have high security. Seems odd that they'd block out SSHbut I suppose SSH is a good way to hide what you're doing. On 9/1/06, Matthew Toseland [EMAIL PROTECTED] wrote: On Thu, Aug 31, 2006 at 01:12:53PM -0500, GeckoX wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I was in China last year. I was able to create a VPN connection in the US with no problem. Most of the web didn't work, even SSL. SSH was completely blocked as well, which is why I was surprised that I could connect via VPN with no problems. This was in Beijing. I'm surprised SSL doesn't work - don't they _want_ to do business with the West? :brian ++ 31/08/06 15:31 +0100 - Matthew Toseland: On Thu, Aug 31, 2006 at 06:01:45PM +0400, Roman V. Isaev wrote: On 08/31, Matthew Toseland wrote: Have you thought about that ignoring reset packets thing that was shown to make it possible to bypass The Great Firewall? I mean, I don't know too much about it, or if it'd be possible for freenetbut it might be worth looking in to. That would involve platform-specific code, there's no way to do that in java. It's unnecessary anyway because it only applies to TCP. It does however tell us something very interesting and useful: The firewall is stateless !! They pick up forbidden keywords on a packet and then send a reset packet, they don't even delete later packets on the same connection because *they don't track connections at all* ! But they will do that, sooner or later. It's just a matter of time. Another chunk of money for Cisco I guess... The interesting thing is you can connect to IRC and discuss forbidden keywords... Also that study is curious because I heard they block the whole page, rather than just interrupt it in the middle... -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] - -- - Freedom is slavery. Ignorance is strength. War is peace. -- George Orwell -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFE9yabSMrcfZpjDKERAhAaAKCsTD/S/I1eM/3VEd740nYZPhj6KgCgo/Mo JZ+MtJuu0elkY8pTZLtdMSM= =G9+A -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFE+FNAOHFIJVywduQRAkF9AJ4xeRLBj2Keu9oni0oe7zCl9VzjVgCfWpe0 aPwdgysdq2Maes3Xc4Rm+bE= =UKNu -END PGP SIGNATURE- ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED] -- HTML a href=http://www.spreadfirefox.com/?q=affiliatesamp;id=0amp;t=57;img border=0 alt=Get Firefox! title=Get Firefox! src=http://sfx-images.mozilla.org/affiliates/Buttons/180x60/blank.gif//a ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Freenet 0.7 build 956
Freenet 0.7 build 956 is now available. Please upgrade, test, and report bugs. Changelog: - Fixed some deadlocks, prevent some possible deadlocks. - Fix a bug in the content filter relating to CSS and HTML comments. - Drop the a new build is available notification completely from the version box. (To avoid confusing users) - We now require jflex to build from distclean. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Freenet 0.7 build 955 and 954
Freenet 0.7 build 955 is now available from the auto-updater (soon, recommended) and the update script. Please upgrade, and report any bugs you encounter. Major changes: - Cache all local requests. This fixes one vulnerability (peers may know for certain what you requested if they do a timing attack) but reintroduces another (your store can be probed remotely, or locally if it is seized, to identify what you've probably been browsing). We are working on ways to fix both problems at once, but full local request security will not be available until premix routing in 0.8. - Fix an infinite loop that was causing high CPU usage and spontaneous restarts. - Some improvements to IP address detection. - Rewritten ARK fetching code, much simpler and should fix the ARKs aren't fetched except just after startup bug. - Don't write (most) options which are still at the default values to freenet.ini. Thus, unmodified config values will be updated to the new default when the node is upgraded. - Turn off aggressive garbage collection, unless the user has overridden it to an unusual value (other than off or the old default). It creates unnecessary CPU usage and may contribute to deadlocks/spontaneous self-restarting. - Other bugfixes etc. 954's changelog: - Selective logging support (so you can log a single subsystem in detail without slowing down the rest of the node). - Save a lot of CPU and RAM by not generating low-level logging data if we're not going to use it. - Allow links to the real internet, subject to a click-through warning (with a button so it won't be prefetched). - Some other CPU optimizations (Node.maybeLogPeerNodeStatusSummary). - Allow setting a private comment when adding a peer. - Tidy up the darknet page a bit. - Fix a bug in the bookmark handler. - And more bugfixes. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]