[freenet-support] Re: Revver.com activation email
Ian Clarke wrote: Steve Jurvetson wrote: >> Welcome jurvetson! >> Your password is: zok18wod. Ee! Why would anyone need a privacy tool of any kind under such circumstances? Z -- The best defence against logic is ignorance. The next best is stupidity. Both can be used simultaneously.
Re: [freenet-support] Re: Revver.com activation email
Ian Clarke wrote: Steve Jurvetson wrote: >> Welcome jurvetson! >> Your password is: zok18wod. Ee! Why would anyone need a privacy tool of any kind under such circumstances? Z -- The best defence against logic is ignorance. The next best is stupidity. Both can be used simultaneously. ___ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Showdown at the Freenode Coral
Mr Matthew Findley You made certain claims on this list regarding the possible penal consequences of running a freenet node. I challenged you to provide law and/or precedent references to support your claims. You failed to do so. In fact, you silently ignored this challenge. I also challenged you to explain the fact that you yourself run a freenet node, in view of the facts that you (a) consider it illegal to do so and (b) post from a US department of justice address. You chose to silently ignore this challenge too. Based on your own claims regarding the legality of operating a freenet node and your disclaimer regarding the relation of the contents of your postings on this list to your employment, you are, according to yourself, either a liar or a criminal. Your period of grace with me is coming to an end. Unless you provide this list with an adequate - at my discretion - explanation of these discrepancies in your arguments, I will cause a formal complaint against you to be filed with the US department of justice for running a freenet node and thereby knowingly distributing illegal material. What all this boils down to is that, following a formal complaint, the US department of justice will only have two options: to prosecute you or to not prosecute you. If it fails to prosecute you, it will be setting a precedent very useful to freenet. If it does prosecute you, all freenet operators will be able to benefit from your defence in the case, no matter whether you finally get convicted or acquitted. The way I see it, both alternatives are good for freenet. You and your employer are just about to become tools for the promotion of freenet's goals. The lack of honesty and integrity on the part of both yourself and your employer is no hindrance to this. Taking all this into account, I would suggest that you talk with your boss and decide on a strategy. You can create some rather impressive FUD by going to prison, or you can drop the FUD and acknowledge that the operation of freenet nodes is not illegal. It's your call. I will wait 18 hours from the time stamp of this mail and then act. Sincerely, ZP ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] RE: anonymity(NOT)
Paul wrote: What country does respect freedoms? The US is getting to the point where emgrating becomes a serious consideration for me. I lived in Greece during the 1967-1974 dictatorship. Later I've lived in England, in Germany, in Sweden and the Netherlands. Of all these countries, Greece is the one whose laws afforded its citizens the least freedom. A bloody dictatorship is what it was back then, complete with torture by police and military and exile on uninhabited islands for dissidents, even though the conditions on those islands were far better than those in Guantánamo today. Yet, the total inefficiency and incompetence of the state at that time allowed for quite a lot of informal freedom. Basically, as long as you were a bit discreet and didn't advertise what would get you in trouble, you were fine most of the time. There was no freedom of press whatsoever, yet the press learned to write very clear text between the lines and the citizen learned to read that text. Rumors spread faster than forest fires in the summer and were, most of the time, accurate and detailed. Despite efforts of the government to block access to foreign news, its interference transmitters were an utter failure and the Greek could listen to BBC, the voice of America, radio Moscow or radio Peking according to his preferences on the standard AM radio that could be found in every home. Hell, you were supposed to be badly beaten and go to jail for singing songs of the communist resistence, yet people kept gathering and singing them all over the place in sheer defiance even though there weren't even communists. Comparing that situation to these days, technology has not only brought new possibilities, but also new problems. While the internet has made possible a tremendous flow of information in both directions, not only to the citizen but also from him, it has also made monitoring him so much easier. TV and FM radio are so commonplace that hardly anyone has a long/medium/short wave AM receiver any more; these could be outlawed tomorrow and nobody but the usual suspects would protest. The eagerness of governments to know everything and to control everything has been constantly increasing in pace with their ability to do so and under every kind of pretext. Before Our Beloved Leader's war on terrorism, Our Great Leader's war on drugs was the patent pretext for total control. Tomorrow it will be something else, but I don't see the trend changing any soon. All in all, if you're looking for more freedom through relocation, I'd say don't bother looking for a country with good laws. Look for a country with an impoverished and unstable government instead, and try to pick one that is not next on the list to be "liberated". The one thing you really don't want is to find yourself in the same situation as the German Jew who emigrated to France in 1935 to avoid persecution, only to find himself in a cattle wagon headed back to Germany in 1942. If you're American, Paraguay and thereabouts could be a good choice. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] RE: anonymity(NOT)
Matthew Findley wrote: Let me see if I can get caught up on whats gone on since I left work. Oh, you were posting on your employer's time? I personally believe in the "presumed innocent until proven guilty", so rather than assuming you guilty of misusing your work time for private activities, I'll presume that posting here is part of your work. That would also explain the FUD without holding you personally accountable for it. Yeah, this presumption of innocence thingy is just great, isn't it? Of course you may correct me if I'm wrong, but you do have the right to remain silent ;) First I should probably clear this up. I am not a lawyer. I work at the U.S. Attoreny's Office yes; but, only as a clerk. So nothing I say is legal advice, the postion of the DOJ, to be considered an offical interpretation of the laws, ect Still, I asked you several times for a pointer to law or precedent that would support your view and you fail to provide it. You could ask a colleague who is a lawyer, perhaps? Someone asked if attempting to block KP would eliminate intent. This question would be up to the jury. While you would probably need 100% blocking to win in a civial trial. This would be much more likely to satisfy a criminal jury. Civil lawsuit for kiddie porn? And who is materially entitled to sue, pray? The abused child(ren) depicted in the porn, sure, and hardly anyone else at all. I kinda fail to see where such a lawsuit would come from. Someone else pointed out that ISPs are not officaly common carriers. This is of course correct. But the hybrid nature of what they do gives them a sort of grey status. So while no responsable for what goes on across their networks in general. They are responsable if a problem is brought to their attention and they fail to act. I was the one to point that out and I insist that ISPs are not being held responsible for questionable content even if it is brought to their attention and they refuse to act, except in certain DMCA situations. That person also used the example of an employ abuseing a company computer. In that case the company isn't criminaly responsable beacuse they didn't know what the employ was useing the computer for. You can not be held responsable for something you fail to forsee and prevent. If you run a company with anything more than three employees, you can be sure that sooner or later someone will do something illegal on the net. If you run a company with hundreds of employees, you can be sure that someone does something illegal on the net every day. Common sense says so. Due diligence is easy: all you have to do is install a proxy and add some automated monitoring of employee activities. Many companies do that for their own sake. It's not perfect, but it's cheap, it's easy, and it's in the company's own interests. With your view on passive facilitation and willful blindness, every company that doesn't implement at least some kind of elementary protection can be held criminally accountable for employees' actions. Yet we haven't seen a lawsuit like that to this day. How come? Is the DoJ too busy posting on mailing lists to prosecute some companies, or has Our Beloved Leader issued a decree ordering his campaign contributors to be left alone? Quote 'IANAL (BIKAF), but I would expect that for ignorance to be willful it can't be a side-effect of a goal, it must be a goal in itself. There are plenty of reasons why someone might want to use Freenet other than obtaining illegal content.' That is very true. Other wise we could hold people responsable for virus on their computer. You can not arrest someone for what they didn't know and thus couldn't see. But you can for something they did know but chose to ignore. You know that your node is transmitting bad stuff and its doing so by your choice to activate it, ignoreing it simply beacuse you can't see it is not a defense. Nobody can escape the deluge of warnings - on the net, from the newspapers, at work, in society at large - which say that if you run an unprotected and unpatched machine it *will* get infected. Connecting a Win98 box to the net and not even having a virus scanner is, according to your own reasoning, willful blindness. Yet you say that a person doing that won't be arrested, but anybody running freenet would and should be. I have to admit that I can't follow your reasoning. The question is: is it your reasoning that's inconsistent or is the law inconsistent? If it's the latter, wouldn't you be all for making it consistent and jailing people who connect vulnerable computers to the net? Let me put it this way. When you all fire up your nodes you know there is a very strong likelyhood that it will end up houseing and transmiting illegal material, correct? We don't "all fire up our nodes". This is not a conspiracy, if that's what you're getting to. When *I* fire up *my* node, I know that some illegal content *might* pass through it; not that it will. However, I do not fi
Re: Security precautions, CVS commit mails was Re: [freenet-support] anonymity(NOT)
Toad wrote: The fundamental issues revolve around changes to source code. Only in theory. In practice, the source code only affects your reputation. The binary code affects the users. If you only protect the source code (which is also what might get reviewed at some point or other), you will only be protecting those users who are really careful and compile from source and don't really need protection. Protecting the binaries is much more crucial. Of course I don't mean that protecting the source is unimportant. I have the impression - from nowhere - that freenet is developed by a small and rather tight team. If that is so, then commits can be based on personal trust. If, on the contrary, source can be committed by not fully trusted people, then there is no end to the auditing requirements before you can call the resulting binaries safe. They're not easy to deal with. Specifically, no matter how deeply you secure the server, you can't certify every single build as free from unexpected code. It is human to err and, as builds 5085-5087 prove, errors will happen. However, as long as the developers are well-willing but imperfect friends, we can trust that there will be no spycode sending extensive reports to nsa.gov. There is a fundamental difference between bugs and malicious code. I am willing to take the risk of accidentally introduced security flaws, but not the guaranteed-to-work intentional security breach that an outsider would put in freenet if he could. Hence the need to ensure that for example mails get sent out EVERY time a CVS commit occurs, and if they bounce it will keep trying to send them forever. How can we achieve this? As far as I know how mail servers work, you can't. Then again, why would you need to? Really, how many people have commit permissions? As long as they are fewer than three dozen or so, you can have a cryptographically secured system of notification acknowledgements which leads to phone calls for missing acknowledgments after a certain threshold. The problem is not some notifications not reaching their destination, but rather commits happening without anyone at all being notified. I think that what you are really saying is that you ned to ensure that nothing can be committed without at least some notifications going out. If the cvs server gets hacked, you can't. One way around this is what I wrote about remotely stored md5sums of all files. The way cvs works sabotages this though (existing file unchanged, newer file present but not md5summed to begin with). Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
Toad wrote: IANAL (BIKAF), but I would expect that for ignorance to be willful it can't be a side-effect of a goal, it must be a goal in itself. There are plenty of reasons why someone might want to use Freenet other than obtaining illegal content. The problem is that ignorance is indeed a goal in itself on Freenet. It's part of its very basic design features. Keep track of the subject. The fact that ignorance is a goal of the developers doesn't mean - nor prove - that it's a goal of the prosecuted user. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
Ian Clarke wrote: s/does/does not $ Error: open second argument to s Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
Edward J. Huff wrote: That is up to each node operator. Failure to block some content -- like mp3's -- is a lot less serious than failure to block other content -- like kp. The node operator might decide to take the risk in the name of civil disobedience for some content but not other. Associating freenet to civil disobedience (in the node op's jurisdiction) is a sure way of bringing it down; it then becomes illegal by self-imposed definition. Censorship is jurisdiction-bound and so is the system's reaction to civil disobedience. When you, as a US-based op, agree to censor kiddie porn and can get away for mp3s go through, you can trust that your Chinese peer will rot in jail if he lets reports from Tienanmen go through. The Chinese equivalent to your kiddie porn censorship is censoring Tienanmen and letting the mp3s through. Well, pretty worthless I'd say. Don't touch content. Don't make it possible to touch any content. When you do, you burn all content as well as yourself. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: Security precautions, CVS commit mails was Re: [freenet-support] anonymity(NOT)
Toad wrote: You have taken extraordinary measures to protect against [the ftp server being hacked], haven't you? Umm, measures such as..? I don't see how you can defend against the above, really. Well, first of all the elementary stuff. No other services on the same machine. You don't want your ftp server compromised because of a flaw in mailman, or even sendmail, so put that stuff elsewhere. Heavy firewalling. IDS. No compiler installed; most hacks begin with a compilation. No unnecessary script interpreters; an ftp server can live very well (and much longer) without PHP, python, perl, java, whathaveyou. A super-lean kernel. A permanently up to date system. Then the more tedious stuff. Remote syslog. Remote md5sums of every file on the machine, regularly checked. A draconic password policy. Why not a read-only server running from a CD-ROM? And then comes the really difficult part, physical security. A gang of angry and hungry dobbermans in the outer perimeter, cobras in the server room, tarantulas inside the server itself. As a side-dish, network security. If your DNS can be compromised, nobody needs to touch your ftp server before they can serve their own files from "your" machine. Arp. There is really no way to ensure that a visitor to your ftp server won't end up elsewhere, but an unpredictable control mechanism can let you know if that happens and mitigate the damage. There is one thing though... I think the CVS announcement mails are generated on the client side. They should be generated on the server side. Anyone know how to do this? What you mean by "CVS announcements"? Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
Edward J. Huff wrote: Ok, suppose most users of freenet decide to unite against kiddie porn by using TFE, YOYO, etc., to learn as many KP keys as possible, and delete these keys from their datastores and patch freenet so it won't carry them.Now even so, some KP will be distributed, but only so long as the keys are unknown to the general population of freenet users. Now what do you say about intent? That's exactly the trap that most ISPs set for themselves when they used their AUPs to reserve the right to review content. I'll tell you what he'll say. He'll say that you didn't look hard enough and are therefore responsible due to negligence. The moment you assume controlling tasks, you're cooked and done. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
[EMAIL PROTECTED] wrote: I'm not sure where your 'village' is but here it works much the same way actually. But the problem is that there is no machine that can just tell us what your intent was. So what your intent was has to be inferred from your actions and your knowledge. "Inferred"? You really wrote "inferred" WRT penal guilt in a list that gets archived and indexed by Google? You know, I read once, back in the horrible days before Our Beloved Leader, something about "until proven guilty" and something about "beyond reasonable doubt". Utter crap, of course, a danger to our Free Society. Good thing to hear from someone in law enforcement, that that old shit has been done away with and that guilt nowadays can be inferred, unless there is a machine that can prove innocence. The fact is that everyone knows there lots of illegal stuff floating around freenet, and one can simply not avoid responsibility for a crime by deliberately ignoring what is obvious. So even though you didn't want to transmit kiddy porn you made the choice to run a freenet node fully aware that it could and would result in KP being distributed. That right there is enough to establish intent. You are rather categorical when you say "is enough to establish intent". Again, would you mind giving some concrete pointers to law and/or precedent? I know, this list is meant for *technical* support and we have been way off-topic for about 40 posts already, but no technical topic seems to stir up the list members as much as your postings do, so I guess we can keep it up for just a bit more. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
[EMAIL PROTECTED] wrote: That's because ISPs/Mail are protected by common carrier laws, you are not. They pass laws that specifically say that if a company is incorporated as a common carrier, then the items (or data) they transport aren't their responsibility. Do you have a pointer to those laws? As in acts and articles? AFAIK, most ISPs have chosen to *not* assume the common carrier status in order to avoid common carrier obligations and to not subject their ToSs and AUPs to common carrier demands. The DMCA offers the possibility to any ISP to assume a common-carrier-like position, at his option and after he has received a complaint, but the DMCA only addresses copyright infringements and not any other illegal content. Besides, if we disregard ISPs for a moment, I don't know of any private company in a non-carrier business that has ever been prosecuted for what its employees do over its networks. That is: I work at company X. I spend most of my time in the office downloading kiddie porn and uploading copyright infringements, trade mark violations, libel and military secrets. When I'm caught, I'll go to jail for a very long time. Now, do you seriously think that my boss will go to jail too because he "could have known that this could happen" and he "didn't take protective measures" and he "should have controlled the contents of all incoming and outgoing communications over the company network" and he "didn't have to provide internet access to his employees in the first place"? Do you seriously think so? And, if you do, does that reflect your opinion as Matthew.Findley@ or as @usdoj.gov ? Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
Toad wrote: Or something like that. The real and ever-present danger against freenet is not in your IP being shown to your peers. It is in (a) the integrity of its developers and (b) in the security of the software archive. If the latter ever gets compromised, we might all end up running a piece of Big Broher-owned spyware called "freenet". Well, most PCs run insecure software, infrequently updated. Even of those that are relatively secure their operators don't have the understanding or the time to make them secure. And even if they do there are always more vulnerabilities, as programmers are human beings. "They" can probably compromize the vast majority of PCs pretty easily. If my machine is insecure and gets compromised, my ass might be on fire. If your ftp server gets compromised, the ass of every single freenet user in the world could be on fire. And the idea that this could happen is not far-fetched. Remember the linux kernel root hack a few months ago on kernel.org? The Debian server? You can publish all the md5 checksums you want, but whoever can manipulate the files themselves, can manipulate the published checksums too. Among the eager competitors to hack your server are about 120 governments, a multitude of political organisations, several mafias of different flavours and, of course, every Joe Hacker and Skrip T Kiddie who would consider it a special honour to have hacked a whole network instead of only a server. You have taken extraordinary measures to protect against this happening, haven't you? Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
[EMAIL PROTECTED] wrote: They do have a choice, nothing is forcing them to run freenet. It doesn't matter that they can't see exactly what their node is doing, but only the fact that they know what their node is probably doing. If someone gives you a package in Mexico and ask you to carry it across the boarder. You do so and customs finds it full of drugs. It doesn't matter that you didn't see what was in there or even if it was locked and you couldn't see what was in there. All that matters is that a reasonable person would know what's in there. Not if you are a regular goods carrier and are doing legal transportation business. When did you - yes, you personally - last prosecute a USPS employee for carrying a packet of drugs from Mexico to the US in the course of his normal business? When did you prosecute USPS itself for the same? The point you refuse to see is: freenet is not all illegal. Most of the information on it is legal. Its intentions, stated and not, are legal. Mos of its users use it for legal purposes. There is a great difference between a system meant to carry legal traffic, which sometimes gets abused, and a system that is especially designed to carry illegal traffic. Then again, there isn't much point in discussing legal fineties in The Great Republic of Our Beloved Leader and usdoj.gov has gained a well-deserved reputation to match that of its sister services in China, Belarus and Kazakhstan. Bottom line is: WRT the US, you are right. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
[EMAIL PROTECTED] wrote: As for the uploader Willful blindness can not protect you if it can be shown that you had a reasonable suspicion to believe they you are committing a crime. In fact in some cases a deliberate attempt to not obtain knowledge is proof of that knowledge. In my village, intent to commit an illegal act is a prerequisite to the committment of that act constituting a penal offence. Additionally, not preventing others from committing penal offences is not an offence in itself. The mere fact that you unknowingly and unintentionally facilitate the transfer of illegal material cannot be construed as an intentional active participation in that transfer. If it could, then every single ISP would be in jail because they all provide facilities which can be used and are actually used for the transfer of illegal material and they all damn well know that plenty of illegal material gets transferred through their systems along with the legal. As long as a system can and is meant to be used legally, you can't go after the provider of the system just because some abuse also occurs. At least here, we don't arrest the bus driver who happened to drive a drug dealer to his drop-off point. We don't jail the postman who happened to deliver a package with stolen goods to a fence, even though the postman damn well knows that, among all the packets he delivers, here are bound to be some with illegal content. And so on. Let me also remind you that "the uploader" on freenet is too complicated a term to be used as loosely as you do. The fact that a file is served from my system does not mean that I put it there. Nor does it mean that it will still be there next week when some over-zealous junior prosecutor raids me. And it certainly doesn't mean that I am obliged to check every byte that other people (or "the system") put on my machine before I allow it to be put there. With your definition of "the uploader", every owner of every forum and blog and news server and mail server on or through which something illegal got posted, would be headed for jail. Of course, YMMV. In countries where the law hardly matters, where money buys acquittals and where prosecutors work to get convictions rather than justice, irrespective of actual guilt, you might find yourself in a sore spot no matter that what you did might have been fully legal. As for the downloader While true, the mere act of downloading contraband will probably not land you in jail by itself. It is however most likely sufficient evidence to obtain a warrant and if you really are downloading kiddy porn you will end up in jail. You are now assuming (a) that Big Brother has cracked freenet and (b) that he doesn't care if that fact gets known and (c) that a search warrant will yield more evidence than traffic monitoring did. None of this needs be true and any one out of three is enough to keep you out of jail, provided that traffic monitoring didn't already provide sufficient evidence for a conviction, in which case a warrant and a search are superfluous. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] anonymity(NOT)
miguel wrote: Just wondering... with all this encryption permeating Freenet there remains a gaping hole through which the nazi's could saunter through with their spy tools and legal bypasses to incriminate any and all Freenetters they choose to incriminate... the ip address/port# of all. Even using a third party dns service wouldn't help. Maybe not this day, but in light of current trends in government policies, in the not-too-distant future they will be slipping in and snagging whomever they choose by the ip address and will thus render useless all Freenet anonymity measures. Is there not a way to spoof the ip addresses, or mask the ip addresses so that our uncles and big brothers can't come in and bring down the house(s)? But the IP where a request originates and the IP of the machine where a requested file is stored *are* masked by the proxying system. Assume I'm the Gestapo and I'm running one or several freenet nodes and logging everything that goes on. I see a request coming from your IP. I can't figure what is being requested, because the key is encrypted. I can't figure who requested it, because your machine might be - and probably is - proxying the request for some other node. Unless the requested file is served from my own node, all I can do is pass on the request to yet another node and I'll never know which node or nodes finally served the file. Now, if I'm not the Gestapo but something much worse, like, say, Homeland Security, I could monitor the traffic of my peers in order to discover their peers and then monitor their traffic too until I have a good picture of the entire network. Traffic analysis might help me figure who made a request and who served it, but I still have to break encryption before I can figure which file that request concerned. Being the almighty Homeland Security, I do break the encryption. Fine, now I know that X requested kiddie porn and Y served it. However, I can't get anyone prosecuted for this. Y is going to deny - quite truthfully - that he knew that he was serving kiddie porn, X is going to claim that he just clicked on a link not knowing what it was and was appalled to find out, and I will have disclosed that I have broken freenet. That last part is the worst, because then all the leftists, the anti-globalists, the anti-war pack and other such terrorists will know to not use freenet any more. Of course, the same will happen if I get freenet forbidden: then the entire world will keep using it, except my local gulag population, which is the easiest one for me to monitor. Thus, I have to let freenet live and let the kiddie porn pass and concentrate on finding out who inserts subversive propaganda against our Beloved Leader. Or something like that. The real and ever-present danger against freenet is not in your IP being shown to your peers. It is in (a) the integrity of its developers and (b) in the security of the software archive. If the latter ever gets compromised, we might all end up running a piece of Big Broher-owned spyware called "freenet". Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Request for help: Stable reset
Mailed this from the wrong address - it got caught for moderator approval. Please don't approve that posting. Toad wrote: Anyone who wants in on the new stable network before it is officially rolled out, please contact me, and get the new seednodes and jar file from: http://mywebpages.comcast.net/jkcorson/5089/freenet.jar http://mywebpages.comcast.net/jkcorson/5089/seednodes.ref Done. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] F*cked-up releases
Just to sing a different tune than the one everyone else is singing, I upgraded to 5088 last night and it seems to work relatively well. The load is considerably higher than with 5084 and the same configuration but, as far I can see without studying logs, everything works as it should. Perhaps with time the load will go down too... I never touched 5085-5087 though, that might be why I'm in a good mood :) I went straight from 5084 to current. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] In need of opinions and ideas
Nicholas Sturm wrote: Has anyone figured out what he had for lunch. The schmerk is almost missing in his "salute" picture in the USA Today shot by AFP. Does that stand for Air Force Photograph. I didn't say gone, just "almost" missing. What's a schmerk? Agence France Presse. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] error while opening freesites
M. Seredszun wrote: Couldn't retrieve key: [EMAIL PROTECTED]/BPC/3//* Hops To Live: *15* Error: *Route Not Found* Can you help me Pls ? Keep trying. It's out here, it's loading alright at https://81.169.159.148:8080/[EMAIL PROTECTED]/BPC/3// but it's slow. If nothing helps, download http://freenetproject.org/snapshots/seednodes.ref into your freenet directory and restart freenet. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] In need of opinions and ideas
Toad wrote: They are not indexed by google because by default fproxy sends a robots.txt indicating that it shouldn't be spidered. Aaah, I see. That explains S' comment too. Well, current legislation does not require me to learn java, but it does not forbid me to either ;) [prosecutor's block orders] So they go after us and make us provide a version with that option. Yes, theoretically they they could try, but who is "us" in an open source project? If all they wanted was to force X content out of a certain node, I think they'd go for the easiest way and take down the node. If they want more, such as a tool to monitor and control underground communications, they'd write their own and present it to the public as an improved freenet version. In fact, that's exactly what it says on freenetproject.org, "new stable version released". Ask me, did I carefully read and analyse the code I'm running? Did I build everything myself from source? Erhm, uhm, well, can we change the subject? [UK] But perhaps other jurisdictions are more sane. There was a cartoon in Punch a few years ago - I so regret I didn't keep it - depicting Bush playing a tambourine and Blair in the form of a small monkey on a chain, dancing to it. That cartoonist really captured the whole essence of the situation in a few penstrokes. If the US has a patriot act, why would the UK not have one? The proletariat are the majority. Democracy is "the rule of the mob". And btw, they're not proles. They're middle class in the modern newspeak. They're middle income. They just read the Sun ;). Hey, that makes you and me the elite, the intelligentsia, the avant-garde in this swamp we live in. Lets see it from the bright side :) Seriously, it's a lot easier to convince the average person that Freenet is evil than that it is needed. Interestingly, it's seldom you read in the paper about petty mafiosi, illegal immigrants and street bums getting caught with big archives of kiddie porn. Invariably they are well-established members of the middle or higher middle class (the real upper class is above suspicion, so it doesn't get caught). The class that uses illegal content on freenet is the very class that proclaims to be against it. Perhaps "mirrornet" would be a better name for it: what you see there is what you are. Duh. We have come a very long way from technical support and I doubt everybody around is interested in these philosophical aspects. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] In need of opinions and ideas
Toad wrote: They are not indexed by google because by default fproxy sends a robots.txt indicating that it shouldn't be spidered. Aaah, I see. That explains S' comment too. Well, current legislation does not require me to learn java, but it does not forbid me to either ;) [prosecutor's block orders] So they go after us and make us provide a version with that option. Yes, theoretically they they could try, but who is "us" in an open source project? If all they wanted was to force X content out of a certain node, I think they'd go for the easiest way and take down the node. If they want more, such as a tool to monitor and control underground communications, they'd write their own and present it to the public as an improved freenet version. In fact, that's exactly what it says on freenetproject.org, "new stable version released". Ask me, did I carefully read and analyse the code I'm running? Did I build everything myself from source? Erhm, uhm, well, can we change the subject? [UK] But perhaps other jurisdictions are more sane. There was a cartoon in Punch a few years ago - I so regret I didn't keep it - depicting Bush playing a tambourine and Blair in the form of a small monkey on a chain, dancing to it. That cartoonist really captured the whole essence of the situation in a few penstrokes. If the US has a patriot act, why would the UK not have one? The proletariat are the majority. Democracy is "the rule of the mob". And btw, they're not proles. They're middle class in the modern newspeak. They're middle income. They just read the Sun ;). Hey, that makes you and me the elite, the intelligentsia, the avant-garde in this swamp we live in. Lets see it from the bright side :) Seriously, it's a lot easier to convince the average person that Freenet is evil than that it is needed. Interestingly, it's seldom you read in the paper about petty mafiosi, illegal immigrants and street bums getting caught with big archives of kiddie porn. Invariably they are well-established members of the middle or higher middle class (the real upper class is above suspicion, so it doesn't get caught). The class that uses illegal content on freenet is the very class that proclaims to be against it. Perhaps "mirrornet" would be a better name for it: what you see there is what you are. Duh. We have come a very long way from technical support and I doubt everybody around is interested in these philosophical aspects. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] In need of opinions and ideas
Toad wrote: Well, this contradics what you just wrote above. If you are right on this point, then your fears about thousands of users leeching and burdening freenet without giving anything back are unfounded already because of this, even disregarding my arguments above. Or vice versa. Of course, if you're right on this, then running the thing would be fairly meaningless. However, as long as it's not damaging, it doesn't matter much if it's meaningless; when I realise that I'll just take it down. No, because they are not indexed, because we send a robots directive on fproxy IIRC. Uhm, that's a bit too laconic for me. Please explain. Are you saying that a request for a key will be sent out even if the key is present in the local store? But yet, if the usage is low, the network burden will be low either way. E. You get slimed in the press and elsewhere as a paedophile because you provide child porn. If the prosecuror has ordered me to block it, I don't provide it. If the prosecutor has not ordered me to block it, I think "you're barking up the wrong tree, here's the phone number to the prosecuror" is an adequate public defence. I also think the blood-thirst of the press can be somewhat mitigated by a well-done portal and FAQ. [openness vs closed circuit] Perhaps so. I suspect that Freenet will gradually have to get less open, but we'll see. When it's fairly closed is exactly the time when it's most vital. But right now, openness is good. It's a very difficult assessment, if not impossible. All one can do is try to use good judgement and hope for the best. ["self-regulation"] The really nasty governments are of course the worst in this. Chinese ISPs etc are encouraged to censor their clients, without generally having any explicit idea what the rules are. In the West, ISPs generally don't go looking for content they don't like on their customers' sites. The way this happens is simply that they have all-encompassing AUPs so that if they get a threatening letter they can dump you with no liability themselves. Which of course they do. Yet I see a bigger problem in the west than in China. In China, the government is involved and actively participates in the censorship. Therefore, China is on every list of every state and of every NGO who monitors censorship, and gets fingers pointed at it all over the place. But the US? Europe? Censorship, no sir, we have nothing of the kind here; that's the official approach and it works very well too. We get censored and our governments get to keep their good reputation and stay out of disturbing political winds too. The latest drive is "hate speech", with France and Germany pulling the strings. If they get their way, anything that happens to disturb some group - especially some non-negligible minority - will be illegal. Little do they understand that if you want to fight neonazism, racism, anti-semitism, whatever, you need to see your enemy, you need to let him talk so that you can trash him. Establishing that Freenet is slow and only used to distribute illegal content is a disadvantage. But freenet *is* slow and it is *not* only used to distribute illegal content. In fact, the little I've looked around, I didn't run across any content that would be illegal in the west. Of course it's there, I'm just saying it doesn't seem to be predominant. [capability to comply with orders] Sadly, all nodes are capable of compliance with "don't serve key X" orders, they just have to modify the code. Since it is open source, this is easy. Not for a non-programmer. I wouldn't know how to do it and current legislation does not require me to learn java. Besides, before you can serve an order to a freenode, you need to find it. And even if X node would block Y key, the same content would reappear under a different key, as well as under the old key on node Z. [precedents and their effects] No. You go to jail, your ISP gets away with it. Because you're not an ISP. They'd find some way to fudge it. In this you might very well be right. Over-estimating the legal system is among the most stupid things one can do. Admittedly I've done it more than once. [immunity to civil suits] LOL. Co$ strikes again! ;) Really, I should put a big banner on the portal, "this site was made possible through the kind cooperation of the church of scientology". That would at least put the kiddie porn to a good use ;) [Al Quaeda hacked] Uhm, there's a real AQ site?! There was, although it wasn't called that; it was the site of some or other moslim foundation, on which AQ communiquÃs often appeared first hand. It went down a year ago or so. [not logging] No, but they can compel you to keep more logs. In UK law, they can compel you to keep more logs and require you to continue running the node, and not tell anyone (including the judiciary) about it. They can't have it both ways. Indeed I don't enjoy the protection that ISPs enjoy, but also, precisely because I'm not an ISP, they can't compel me to log, or to run a service in
Re: [freenet-support] In need of opinions and ideas
S wrote: I don't really agree with the idea that such a pr0xy would bring exposure or users to Freenet. Joe Surfer, upon finding your gatewayed content in Google, is going to click through, access the content, and move on, not realizing that he's ventured beyond the confines of the normal web. Useful to Joe Surfer, not to Freenet. Or worse, he clicks through and gets some confusing message about "Route Not Found" that makes absolutely no sense to him. No help to Freenet or to Joe Surfer. My idea is to force visitors to go through an introduction page, where I can explain what it's all about and where I can put some warnings and disclaimers too. I should be able to do that without cookies, just with a mod_rewrite rule "referrer !this_host rewrite->FAQ" Also, I think you are looking too shallow into what's useful to whom. According to me, if it's useful to Joe Surfer it's useful to freenet, for the very simple reason that freenet is all about disseminating information and none about keeping it confined or restricted. At least that's what I gather from the project site; it says nothing at all about an only-for-us-select-few club, it only talks about as widely-used and accessible as possible. Network resources are another issue. If suddenly there are thousands of web users trying to reach Freenet content through a gateway, that's thousands more requests flooding into the network, thousands of "leeching" users, who aren't giving any resources back to Freenet. Ah, but you forget that the p r o x y itself is contributing back to freenet in exact proportion to what those leechers leech. Therefore, the "victim" of the leeching is not freenet, but myself. I think I should be able to handle that "loss" and, if not, I'll just have to RTFM a bit more on iproute and rate limiting. This symptom would likely be limited to some extent by your node's own ability to handle requests. A caching pr0xy would resolve the potential for network burden, but then you've got to deal with expiring cached DBR sites, the legal issues of caching the plaintext content, ... The apache proxy dosn't log (other than keys) and dosn't cache, but fproxy does, in a way. I increased the store to 1 GB for now and I could increase it a lot more if/when needed. That would lead to more sites being local and less traffic outwards, yet nothing in plaintext to compromise me or the user. Thus, I don't see any of the problems you mention. People have run public nodes before, but Google never indexed them beyond the main Web Interface page, so their audience consisted of people who a) were already Freenet users and b) knew exactly what to search for in Google to find a public node. Well, this contradics what you just wrote above. If you are right on this point, then your fears about thousands of users leeching and burdening freenet without giving anything back are unfounded already because of this, even disregarding my arguments above. Or vice versa. Of course, if you're right on this, then running the thing would be fairly meaningless. However, as long as it's not damaging, it doesn't matter much if it's meaningless; when I realise that I'll just take it down. They also don't have a tendency to be very reliable. Bringing Freenet to the entire web would, I imagine, have its own unique set of issues. Of course it would. Reliability is not my main concern though; Freenet itself is not very reliable either, and it's easy to reason along the lines of "if you want it more reliable than I can offer, then go run your own node". What worries me most is the legal/political side of things. To be precise: when the yellow press picks this up (not if; when), they'll make angry headlines of it in the style of "And what is the government doing? Nothing!" And of course the wolves will then move in (Miguel, this is in reply to you too). From that point on there are many possible scenaria: A. My upstream cuts me off and the p r o x y dies silently (along with everything else I host), or I move to a new ISP time and over again until I find one solid enough to carry the service. B. I get a prosecutor's order to block one or several specific and named freesites. The law says I have to comply first and can seek reversal in court afterwards. C. I get prosecuted for serving some specific freenet content. D. I get sued in a civil lawsuit by someone who doesn't like some specific freenet content. Let's examine all this in the light of the purpose of freenet, which I understand as "the promotion of free speech irrespective of the content thereof". Please correct me if this definition is skewed or incomplete. To begin with, free speech in a solitary cell is no free speech at all. You only have free speech if you can say what you want *whenever you want and to whoever you want*, provided that they want to listen. Thus, the notion of "let's keep it quiet so they don't come down on us and crush us" contradicts the very purpose it's supposed to promote. The greater th
[freenet-support] In need of opinions and ideas
The whole load/logging/key harvesting discussion I started here a couple of days ago originated from my wish to make freenet searchable, especially to the non-freenet world. So I installed an open p r o x y in order to harvest keys, so that I could set up a search engine. What I only realised when I saw the p r o x y working, is that there is no need for me to run a search engine in the first place if there is an open p r o x y running. Nor do I need to have Google's army of engineers to develop algorithms to fight search engine spamming. All I need to do is feed proxied URIs to Google, and Google will take care of indexing as well as of spam fighting. I can see advantages in such an approach. Having freenet results integrated among Google results in general would be quite a push for freenet, a very good way to get more people to it. Also, the fact that freenet search results would get blended among internet web results would provide a certain footing of deniability to the users: "yes, X freesite with questionable content was perhaps among my search results, but that's not what I was searching for in the first place". And of course the fact that Google's ranking, spam combatting and response latency resources will always be a tad better than mine ;) I can also see disadvantages in this scheme. The foremost one is that if I run an open p r o x y, somweone sooner or later will claim that I am responsible for the content it serves. Nobody ever got it into their head to prosecute an ISP for content served by the ISP's proxy, but all it would take to get me prosecuted is a juicy article in a local newspaper. I don't have the protective ISP status, nor the resources to fight back. Another aspect is more philosophical. Some would say that, as long as freenet is relatively obscure and not readily available to the masses, it is left alone but, if it became bigger and more known, it would become a target for attack. Others would counter "publish and be damned". I really don't know what to make of this; how to judge benefits and risks and what is best to do when all is taken into account. Finally, there is a financial issue. If I provide a bridge between freenet and the web, then I pay for all web-to-freenet traffic. There is quite a risk that I will end up as the victim of my own good idea. This could be mitigated by others running open p r o x i e s too, perhaps with all of them being round- robined on the same web URL in order to keep Google consistent. This raises the question: would anyone else around here consider running a p r o x y? Is it realistic at all to think that, with time, there could be a network of freenet->web bridges? I would really appreciate your thoughts on these issues, especially pointers to aspects I've missed. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Connection/Routing problems?
[EMAIL PROTECTED] wrote: ***A couple problems so far.. All 4 sessions, It doesn't even appear to be able to access the default ... "never-fail" site.. however there is a ton of traffic, so i KNOW its finding nodes out there. I suspect something with your firewall. What does it block? Can you make it log? Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Key harvester
Toad wrote: Is there a list somewhere of the query strings used? For fproxy: ?key= ?htl= ?linkhtl= ?mime= ?date= ?rdate= ?force= Probably there are more for the splitfile servlet. I was trying to block access to ?setSimpleAdvancedMode=, but also anticipating the existence of query strings that might do things I wouldn't want the public to be doing. By what you list here, I don't see the harm in removing the query string filter altogether, but better ask: would that open any abuse avenues, as fas as you can see? Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Key harvester
I wrote: I do have some mod_rewrite rules in the proxy configuration in order to protect status info etc, but this shouldn't have been caught by them, unless the original URI contained a query string, i.e. server:port/something?someother . That was it; there was a query string date=some_date. Fixed that one, but there may be more. Is there a list somewhere of the query strings used? Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Key harvester
Toad wrote: Seems a bit flaky. Every so often I get an Apache error. Forbidden You don't have permission to access /[EMAIL PROTECTED],aAEwN5~NVmuIvZdfqlORxg/BSIT/20// on this server. Ugh. Sometimes logging serves better purposes than policing. I can't see what went wrong there. I do have some mod_rewrite rules in the proxy configuration in order to protect status info etc, but this shouldn't have been caught by them, unless the original URI contained a query string, i.e. server:port/something?someother . I'll turn mod_rewrite logging on for a while and see. The blocks appear to prevent access to anything sensitive. I think you probably want to set publicNode=true though, Did now. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Key harvester
[EMAIL PROTECTED] wrote: It could be that I have yet to even browse my own "proxy" successfully. but I tried your site, and received a good 'ol --> Bad Gateway The proxy server received an invalid response from an upstream server. I restarted it two minutes ago, you must have hit it right then. Try again. Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Key harvester
Alright, here's an o p e n f r e e n e t p r o x y (anti- Google syntax): https://8 1 . 1 6 9 . 1 5 9 . 1 4 8 :8080/ I'd appreciate feedback from anyone who cares to play with it and/or attempt to break it. I am particularly interested in unlinked/undocumented FProxy functions which I should have blocked, but haven't. The proxy logs in this format: "GET /[EMAIL PROTECTED]/marlowe// HTTP/1.1" "GET /[EMAIL PROTECTED]/fiw/11//activelink.png HTTP/1.1" "GET /[EMAIL PROTECTED]/fmb/5// HTTP/1.1" "GET /[EMAIL PROTECTED]/fiw/10//activelink.png HTTP/1.1" "GET /[EMAIL PROTECTED],GwcklYxhS7f8G9dEeJqRjA/phamnuwen//activelink.png HTTP/1.1" Of course you have nothing but my word on that, so do nothing sensitive. Please don't spread this ouside the list for now, as long as I don't know how well it works and whether I'll keep it or not. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
David Masover wrote: Of course, if you don't own your own computer, how can you trust it? One-way trust. Suppose my bro trusts me, but I don't trust him, I have root, and he wants Freenet. You don't need root to run it and it's probably a good idea to not run it as root even when you are root. # useradd -r -d /path/to/freenet freenet # su - freenet -c "/path/to/start-freenet.sh" Z -- Framtiden är som en babianröv, färggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
I wrote: Taking what you say here for granted, the entire discussion up to this point is probably a meaningless exchange based on some misunderstanding on my part. But what? [URIs from logs] Would be interested to see some of this list. Duh. So am I by now, but with all the messing around today I deleted them. I can try again though. Now I know what the misunderstanding was. The working URIs I found in my logs come from the default bookmarks in the interface servlet. I had never visited them before, but they had passed my client anyway. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
Toad wrote: The thing is, the lack of search capabilities reduces the useability of freenet Of course. There are ways to implement search, however. Sooner or later somebody will implement a good spider based anonymous search. I searched a bit on the web. At http://conferences.oreillynet.com/cs/p2pweb2001/view/e_sess/1669 I found someone claiming that searching freenet would be possible real soon, to quote: "right about now". That was in 2001. At http://www.freenet.org.nz/search/ I found a totally defunct search engine, obviously based on the same principle I'm trying to apply now. I fully agree with you that anonymous search is much better than a non-anonymous. However, as I mentioned, the problem of anonymity has two sides: that of the publisher and that of the user. If a non-anonymous search solves one part without affecting the other, what's the harm of it? This would probably have two components: 1. A spider, which would spider out from known freesites, scan NIMs, and Frost traffic, and insert index files. 2. A client, probably integrated into fproxy, which would fetch the index files that are appropriate to the search given. You mean creating index files before a search has been made? Wouldn't that be highly inaccurate and/or produce massive volumes of indices? I can publish stuff anonymously all I want but, unless I post a URL somewhere, nobody is going to find my publications. Indeed. Thus we have NIMs, FreeMail and Frost within Freenet, and outside it we have Mixmaster remailers, IIP, I2P, various kinds of proxies and so on. Sadly some people use hushmail too, which is not exactly the safest option. But there are many possibilities. All this put together is still a *very* small world. If I'd find and publish, say, the Bush administration's plans to invade Cuba, or detailed information on Israel's chemical and biological weapons, I don't want this information to to reach the users of freenet and hushmail; I want it to reach the huge and clueless masses who watch CNN and use hotmail. And I also want to protect my anonymity damn well. The way to go? Publish on freenet and let automation, i.e. nobody, make the bridge to the web. How do you propose to protect against spam, and plain malicious content? I don't. I'm not Google. As you have already gathered, my financial capacity is enough to run a 39-euro server, but not a 78-euro one. Because of that, things get very simple: if I make a freenet search, it will be just as well or ill protected from spam and malicious content as freenet itself is. > Freenet does not know the >URIs of data that passes through the node, only those requested locally. It does know the requests that pass through the node. Nope. It doesn't. It only knows the routing keys, which are insufficient to decrypt the actual data. Any other URIs in the logs will be locally originated. Example: CHK@,/ Uhm, there's something eluding me here. You know freenet's internals; I don't. If you say so, then so it is. Yet I stuck some of those URIs I found in my logs into my browser and got sites to which I had never been before. Taking what you say here for granted, the entire discussion up to this point is probably a meaningless exchange based on some misunderstanding on my part. But what? [URIs from logs] Would be interested to see some of this list. Duh. So am I by now, but with all the messing around today I deleted them. I can try again though. Are you running a public gateway? Are you fetching lots of stuff locally? Neither. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
Toad wrote: >I recommend you set the following: >logLevelDetail=freenet.client:debug You did uncomment it, right? Of course :) ...that now the URIs don't get logged. ' That's strange. What URIs were you after? Those of requests in transit and inserts. Because of the "island-like" nature of freenet publishing, traditional spidering won't get very far; you can't seed a search engine with a few sites and assume that you will find the entire network by following links. Monitoring requests and inserts musters the collective URI knowledge of one's peers and of their peers, so it could go a long way, especially if you can put together a mesh of URI-grabbing nodes in different places. The thing is, the lack of search capabilities reduces the useability of freenet and, indirectly, compromises anonymity too. I can publish stuff anonymously all I want but, unless I post a URL somewhere, nobody is going to find my publications. And conversely, if I'm looking for a piece of information that might well be on freenet, I won't find it without asking. Especially for someone who's new to freenet and doesn't already have a set of bookmarks and starting points, the threshold for getting anywhere is pretty high despite the proxy bookmarks. A non-anonymous search engine on the web could solve part of both these problems and at the same time function as an invitation to freenet for non-freenet users. > Freenet does not know the URIs of data that passes through the node, only those requested locally. It does know the requests that pass through the node. Last night, all of freenet for me was the few URIs that are published on freenetproject.org. This morning I had a whole long list in my logs, and through that I was able to start finding my way around. That's how this idea of a search engine popped up and turned into a small project in itself. Most of these would go through freenet.client... some might go through freenet.node.states.FCP, and there are a few internal ones. I'll look. I'm grateful for any tips you might have. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
Toad wrote: [loglevel] Okay, this is your basic problem. I don't even use logLevel=debug any more. It produces crazy amounts of data, uses a lot of CPU, and the system cannot keep up. I doubt that feeding it through a FIFO will make that much difference - much of it is probably the generation side (as well as the syscalls). Hm. That was it, although I did everything you suggested in one go (maximumThreads=60, doCPULoad=true with overloadLow=0.8), so I don't know to what extent the latter also helped. Anyway, the load is down to a very decent 0.20 - 0.30, so I could even increase some of these values. All is well that ends well, except... I recommend you set the following: logLevelDetail=freenet.client:debug That should catch all the URIs, probably. You don't need debug log level on everything else, and having it will really mess stuff up. ...that now the URIs don't get logged. Grrr. I think I'll let this rest for a while, go out have a coffee, and then look at the source when I get back. There must be a simple way of adding logLevel:URI to the thing. If I figure out how, I could have it write logs in the format "INSERT INTO etc;" and let mysql pick them up straight from the FIFO... Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
Toad wrote: Strange. What is your logLevel ? Well, that's relative. The log level is set to debug, but the log file is a FIFO, where a simple perl script greps for URIs and dumps the rest. My idea was to feed those URIs to mnogosearch and create a non-anonymous search engine fo freenet. Won't make much difference. The setting you want is maximumThreads. I took them down from 120 to 60, saw hardly any difference at all. I also set diagnosticsPath=/dev/null to stop the constant writing on disk (is there a better way to say "disable stats, I don't need them"?) and that didn't help much either. You do. The node uses them for estimating load. My long-lived unstable node's stats dir is 3MB, as is my long-lived stable node's stats dir. It's not a problem. It's not the size of the stats on disk I want to avoid, but the extra I/O that comes from keeping them. Set maximumThreads=60 (remove the leading %), logLevel=error, and doCPULoad=true (is your node pegged on CPU, or just on I/O? what's the idle % typically?). OK, I'll give it one more try to see if it's the logging that does it. Of course, the logging is required for what I want to do, so I don't know how to get around the problem, if that's where it is. The normal load of the machine is around 0.10 an I/O is its big problem in general. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] Load
Roger Oksanen wrote: I run freenet niced at +10 on a 2x500MHz computer, load stays at 2-3 all the time. Ah yes, I forgot to mention that. It's niced at 19. Beats me how something that's niced 19 can bring the load to 5.00, but that's a different issue. I suspect the problem you have lies in the fact that freenet will eat ALL available bandwidth that you give it, which will lead to starvation, so adjust the following settings: inputBandwidthLimit= outputBandwidthLimit= That's done already, it's not where the problem lies. Both these settings are at 10240, calculated for a monthly consumption of about 50 GB. The machine has a 100 Mbit connection to the net, so starvation is out of the question. You could also limit the threads used by adjusting the maximumThreads setting. Reducing maximumThreads from default 120 to 60 had very little positive impact on the load. However, while I was there I noticed the overLoadlow parametre, which I had missed earlier. I set it to 0.8 but it dosn't work as advertised. After 35 minutes with this setting in effect, I'm looking at 9:57, 1 user, load average: 1.13, 1.74, 1.04 9:58, 1 user, load average: 1.53, 1.71, 1.07 10:00, 1 user, load average: 1.84, 1.77, 1.17 10:01, 1 user, load average: 3.04, 2.05, 1.31 10:05, 1 user, load average: 2.37, 2.39, 1.61 10:17, 1 user, load average: 5.49, 4.00, 2.69 10:26, 1 user, load average: 4.27, 4.20, 3.39 ./stop-freenet.sh 10:30, 1 user, load average: 0.15, 1.99, 2.66 If all averages are constantly above the overLoadlow limit and the one-minute average keeps increasing, then this setting is simply not being obeyed. Duh. I don't remember running a more aggressive piece of software, ever. A note to the developers: RAM is cheap. Working software is very expensive. Freedom is horrendously expensive. Sadly, this is an over-simplification and reality is more complex than that. The people who have money can buy freedom and don't need more RAM. The people who mostly need more RAM in order to have freedom are mainly those who can't afford the RAM. This is true on a national level, comparing the degree of repression and the financial situation of the average citizen in, say, China or Egypt to those in the US or Europe, and it is also true on the personal level; he who can pay a good team of lawyers will seldom need to fiddle with freenet. In my case, I rent a server somewhere for 39 euro per month. It's crappy hardware, but it's fully sufficient for all my needs and it's all I can afford anyway. To get better hardware where I have the bandwidth I'd have to double my expense. At home, where I have better hardware, I pay the traffic at the tune of 3 euro/GB. The sum of this equation is, unfortunately, one freenet node less. I do think that resource management would be a worthy priority for the project. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] Load
Hello everyone. I started a node on a machine with lots of bandwidth and a very lousy I/O subsystem. Not much else is going on on the machine, so without freenet the load is steadily between 0.01 and 0.10. When freenet runs, the load is constantly around 3.50, with peaks reaching well above 5.00. The system latency caused by these loads gets other stuff to malfunction; for instance, mail server queries to LDAP time out and result in "service temporarily unavailable" errors. Obviously, such things become a show stopper for freenet. The machine is a Celeron 2.4 GHz with 512 MB RAM running RHEL3 with Sun java 1.4.2_05. I reduced maxNodeConnections to 85 from the default 200 in the hope to reduce the number of java instances, but that didn't help much. I also set diagnosticsPath=/dev/null to stop the constant writing on disk (is there a better way to say "disable stats, I don't need them"?) and that didn't help much either. So I'm asking for advice from those more experienced with freenet: what can I do to reduce the load? More specifically, how can I reduce the number of java instances running? With my current settings (most else at default), I have 96 java processes eating away everything on the machine and the machine itself too. Z -- Framtiden Ãr som en babianrÃv, fÃrggrann och full av skit. Arne Anka ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]