Re: [freenet-support] Stable build 5064, and the transfer termination attack
On 27 Jan 2004 at 1:58, Toad wrote: > 2. In some instances, we may want to receive the data. This could maybe > be determined by unobtanium on the datastore or something. Unobtanium? :) Rewatched the Core on DVD lately? ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Why are so few people upgrading unstable lately?
Maybe it's because freenet-unstable-latest.jar from yesterday on freenetproject.org was still 6448. Nikita. Conrad J. Sabatier wrote: Build 6449 has been out for several days, 6450 just became available yesterday, yet my routing table still has quite a few nodes running 6448. What's up with that? ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Stable build 5064, and the transfer termination attack
Freenet stable build 5064 is now available. The snapshots have been updated. Get it via the update.sh script on Linux, BSD, or OS/X, or use the freenet-webinstall.exe utility to update on Windows, or get the jar from http://freenetproject.org/snapshots/freenet-latest.jar . All stable branch users should upgrade. The main change is the implementation of a defence against a very nasty denial of service attack. Detail: if a node requests a file from us, and we transfer the data from another node, or as is more common, a chain of other nodes, and then it terminates the transfer, then we would previously continue to receive the data, on the grounds that we might need it - it will be useful, and also on the grounds that closing a connection is expensive. The latter reason no longer exists given multiplexing. The overriding concern now is that the transfer will use up bandwidth and cause overload on many nodes throughout the network, and the attack uses very little bandwidth to cause this. Thus it is more important to prevent the attack than to get the file, as an attacker could relatively easily use it to propagate garbage data to a large fraction of the network, overwhelm the network, destroy specialization and generally produce the symptoms we have been seeing. However there is no evidence that an attack along such lines has in fact been mounted; we should eliminate that possibility. Future work: 1. We need to punish the node in some other way - it has put us through a lot of work, only to cancel the request. This can happen naturally sometimes, due to restarts; this could however be detected by the connection loss, but this doesn't help us much if the cancels cascade down the chain. So we need some mechanism so that nodes which cancel a lot of transfers will be penalized. My favourite idea would be to implement the latest load balancing idea, request rate limiting, and then to multiply the minimum request interval for a specific node by a number calculated for that node, which would be a function of the running average of transfers cancelled. 2. In some instances, we may want to receive the data. This could maybe be determined by unobtanium on the datastore or something. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] D'oh!
Just woke up from a long nap and discovered that DFI had not inserted today. Took me a few minutes to remember that I had disabled the cron job yesterday as I was doing a manual insert and forgot to re-enable it. In the process of inserting now. Sorry, folks! -- Conrad Sabatier <[EMAIL PROTECTED]> - "In Unix veritas" ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Why are so few people upgrading unstable lately?
Build 6449 has been out for several days, 6450 just became available yesterday, yet my routing table still has quite a few nodes running 6448. What's up with that? -- Conrad Sabatier <[EMAIL PROTECTED]> - "In Unix veritas" ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] number of connections
On Sat, Jan 24, 2004 at 11:21:14PM -0800, Steven wrote: > since multiplexing has been ported to the stable branch of freenet, we can > have a MUCH lower maxConnection setting right? I used allow 300, now I only > allow 20. Is this a bad idea? 20 connections max is quite low. You have to allow a certain number of connections for the nodes in your routing table, for one thing. It's a wonder your node even runs at all. Try setting it to something more reasonable, like, say, 128 or 256. You'll most likely never hit that number with multiplexing, but it's good to allow the node some breathing room. > I've had a lot of traffic on my node, and everything seems to be working fine > (although connecting initially took forever) according to the numbers, but i > can't retrieve much. >From what I'm reading lately, it seems that content accessibility is actually better these days with unstable. :-) Although, I just noticed someone inserted a new version of their site ([EMAIL PROTECTED]/Jukebox/6// "The Jukebox of DJ Free") with a bunch of activelinks added at the bottom that I haven't been able to retrieve in a very long time. So I'm thinking maybe certain content is only reachable in one or the other. -- Conrad Sabatier <[EMAIL PROTECTED]> - "In Unix veritas" ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
RE: [freenet-support] number of connections
Well, If it works fine for you I think you should keep it. But.. Remember that for each connection that needs to be negotiated (the more ones allowed the less needs to be established), this increases you CPU load. Another issue is that fred requires you to allow for at least two connections per node in your rt.. If you have configured your node to allow only 20 connections your routing table will be reduces to only 10 nodes.. /N > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steven > Sent: den 25 januari 2004 08:21 > To: [EMAIL PROTECTED] > Subject: [freenet-support] number of connections > > > since multiplexing has been ported to the stable branch of > freenet, we can > have a MUCH lower maxConnection setting right? I used allow > 300, now I only > allow 20. Is this a bad idea? > > I've had a lot of traffic on my node, and everything seems to > be working fine > (although connecting initially took forever) according to the > numbers, but i > can't retrieve much. > > > ___ > Support mailing list > [EMAIL PROTECTED] > http://news.gmane.org/gmane.network.freenet.su> pport > > Unsubscribe at > http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support > Or mailto:[EMAIL PROTECTED] > ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
RE: [freenet-support] Route not found
Hmmm.. That page isn't the routing page.. It is the connections page.. The routing table can be viewed at http://localhost:/servlet/nodestatus/nodestatus.html But in principle you are correct. If a node is integrated into the network, not transient and able to receive inbound connections you ought to be able to see inbound connections within a day or two. regards /N > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Phillip Hutchings > Sent: den 25 januari 2004 00:14 > To: [EMAIL PROTECTED] > Subject: Re: [freenet-support] Route not found > > > Try today, freenet seems a bit healthier today. It currently seems to > have a day down, then a day up. Weird. > > Looking at my routing table, it's pretty much the same, only > outgoing. > To me it seems like the routing table isn't growing - Freenet isn't > discovering more nodes, which leads to the seed nodes being > overloaded > and dropping queries. My node is dropping queries 50% of the > time when > I use it as well. > > Maybe we need somewhere where people can drop their noderefs > and others > can get a random seednodes.ref file from that, rather than the static > version at the moment. > > On 24/01/2004, at 10:12 AM, Peter T. Mayer wrote: > > > After runnig freenet for at least 10 hours. My routingtable > looks like > > the following: > > > > ... > > As you can see there are only outbound connections. Also I can not > > receive any pages. It worked for me until 3 months before. > But then I > > made an update and now I can't use Freenet anymore. First I thougt > > there are some problems with the software, wich will be > fixed in the > > next days, but today I realized that others can use freenet. > > > > I run Build: 5063 under linux. I have no firewall software installed > > and I don't have to use a proxy server. Has anyody an idea, > why I have > > these problems? > > > > With kind regards, > > > > Peter T. Mayer > > > > PS: When I want to > > accesshttp://dodo.freenetproject.org/pipermail/support/from the > > support www page, I get an Error 403: You don't have permission to > > access /pipermail/support/ on this server. > > Archives are at http://news.gmane.org/gmane.network.freenet.support > > -- > Phillip Hutchings > [EMAIL PROTECTED] > http://www.sitharus.com/ > ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]