[freenet-support] Re: Revver.com activation email

2005-10-07 Thread Zenon Panoussis

Ian Clarke wrote:
Steve Jurvetson wrote:

>> Welcome jurvetson! 

>> Your password is: zok18wod. 

Ee! Why would anyone need a privacy tool of any kind under
such circumstances?

Z


-- 
The best defence against logic is ignorance. The next best
is stupidity. Both can be used simultaneously.




Re: [freenet-support] Re: Revver.com activation email

2005-10-06 Thread Zenon Panoussis

Ian Clarke wrote:
Steve Jurvetson wrote:

 Welcome jurvetson! 
snip
 Your password is: zok18wod. 

Ee! Why would anyone need a privacy tool of any kind under
such circumstances?

Z


-- 
The best defence against logic is ignorance. The next best
is stupidity. Both can be used simultaneously.

___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] RE: anonymity(NOT)

2004-08-05 Thread Zenon Panoussis
Matthew Findley wrote:
Let me see if I can get caught up on whats gone on since I left work.
Oh, you were posting on your employer's time? I personally believe in
the presumed innocent until proven guilty, so rather than assuming
you guilty of misusing your work time for private activities, I'll
presume that posting here is part of your work. That would also explain
the FUD without holding you personally accountable for it. Yeah, this
presumption of innocence thingy is just great, isn't it? Of course you
may correct me if I'm wrong, but you do have the right to remain silent ;)
First I should probably clear this up.  I am not a lawyer.  I work at 
the U.S. Attoreny's Office yes; but, only as a clerk.
So nothing I say is legal advice, the postion of the DOJ, to be 
considered an offical interpretation of the laws, ect
Still, I asked you several times for a pointer to law or precedent that
would support your view and you fail to provide it. You could ask a
colleague who is a lawyer, perhaps?
Someone asked if attempting to block KP would eliminate intent.  This 
question would be up to the jury.  While you would probably need 100% 
blocking to win in a civial trial.  This would be much more likely to 
satisfy a criminal jury.
Civil lawsuit for kiddie porn? And who is materially entitled to sue, pray?
The abused child(ren) depicted in the porn, sure, and hardly anyone else at
all. I kinda fail to see where such a lawsuit would come from.
Someone else pointed out that ISPs are not officaly common carriers.  
This is of course correct.  But the hybrid nature of what they do gives 
them a sort of grey status.  So while no responsable for what goes on 
across their networks in general.  They are responsable if a problem is 
brought to their attention and they fail to act.
I was the one to point that out and I insist that ISPs are not being held
responsible for questionable content even if it is brought to their attention
and they refuse to act, except in certain DMCA situations.
That person also used the example of an employ abuseing a company computer.
In that case the company isn't criminaly responsable beacuse they didn't 
know what the employ was useing the computer for.  You can not be held 
responsable for something you fail to forsee and prevent.  
If you run a company with anything more than three employees, you can
be sure that sooner or later someone will do something illegal on the
net. If you run a company with hundreds of employees, you can be sure
that someone does something illegal on the net every day. Common sense
says so. Due diligence is easy: all you have to do is install a proxy
and add some automated monitoring of employee activities. Many companies
do that for their own sake. It's not perfect, but it's cheap, it's easy,
and it's in the company's own interests. With your view on passive
facilitation and willful blindness, every company that doesn't implement
at least some kind of elementary protection can be held criminally
accountable for employees' actions. Yet we haven't seen a lawsuit like
that to this day. How come? Is the DoJ too busy posting on mailing
lists to prosecute some companies, or has Our Beloved Leader issued
a decree ordering his campaign contributors to be left alone?
Quote
'IANAL (BIKAF), but I would expect that for ignorance to be willful it 
can't be a side-effect of a goal, it must be a goal in itself.  There  
are plenty of reasons why someone might want to use Freenet other than 
obtaining illegal content.'

That is very true.  Other wise we could hold people responsable for 
virus on their computer.  You can not arrest someone for what they 
didn't know and thus couldn't see.  But you can for something they did 
know but chose to ignore.  You know that your node is transmitting bad 
stuff and its doing so by your choice to activate it, ignoreing it 
simply beacuse you can't see it is not a defense.
Nobody can escape the deluge of warnings - on the net, from the newspapers,
at work, in society at large - which say that if you run an unprotected
and unpatched machine it *will* get infected. Connecting a Win98 box to
the net and not even having a virus scanner is, according to your own
reasoning, willful blindness. Yet you say that a person doing that won't
be arrested, but anybody running freenet would and should be. I have to
admit that I can't follow your reasoning. The question is: is it your
reasoning that's inconsistent or is the law inconsistent? If it's the
latter, wouldn't you be all for making it consistent and jailing people
who connect vulnerable computers to the net?
Let me put it this way.
When you all fire up your nodes you know there is a very strong 
likelyhood that it will end up houseing and transmiting illegal 
material, correct?
We don't all fire up our nodes. This is not a conspiracy, if that's
what you're getting to. When *I* fire up *my* node, I know that some
illegal content *might* pass through it; not that it will. However,
I do not fire 

Re: [freenet-support] RE: anonymity(NOT)

2004-08-05 Thread Zenon Panoussis
Paul wrote:
What country does respect freedoms? The US is getting to the point
where emgrating becomes a serious consideration for me. 
I lived in Greece during the 1967-1974 dictatorship. Later I've
lived in England, in Germany, in Sweden and the Netherlands. Of all
these countries, Greece is the one whose laws afforded its citizens
the least freedom. A bloody dictatorship is what it was back then,
complete with torture by police and military and exile on uninhabited
islands for dissidents, even though the conditions on those islands
were far better than those in Guantánamo today.
Yet, the total inefficiency and incompetence of the state at that
time allowed for quite a lot of informal freedom. Basically, as
long as you were a bit discreet and didn't advertise what would
get you in trouble, you were fine most of the time. There was
no freedom of press whatsoever, yet the press learned to write
very clear text between the lines and the citizen learned to read
that text. Rumors spread faster than forest fires in the summer
and were, most of the time, accurate and detailed. Despite efforts
of the government to block access to foreign news, its interference
transmitters were an utter failure and the Greek could listen to
BBC, the voice of America, radio Moscow or radio Peking according
to his preferences on the standard AM radio that could be found
in every home. Hell, you were supposed to be badly beaten and go
to jail for singing songs of the communist resistence, yet people
kept gathering and singing them all over the place in sheer
defiance even though there weren't even communists.
Comparing that situation to these days, technology has not only
brought new possibilities, but also new problems. While the
internet has made possible a tremendous flow of information in both
directions, not only to the citizen but also from him, it has also
made monitoring him so much easier. TV and FM radio are so commonplace
that hardly anyone has a long/medium/short wave AM receiver any more;
these could be outlawed tomorrow and nobody but the usual suspects
would protest. The eagerness of governments to know everything and
to control everything has been constantly increasing in pace with
their ability to do so and under every kind of pretext. Before Our
Beloved Leader's war on terrorism, Our Great Leader's war on drugs
was the patent pretext for total control. Tomorrow it will be
something else, but I don't see the trend changing any soon.
All in all, if you're looking for more freedom through relocation,
I'd say don't bother looking for a country with good laws. Look
for a country with an impoverished and unstable government instead,
and try to pick one that is not next on the list to be liberated.
The one thing you really don't want is to find yourself in the
same situation as the German Jew who emigrated to France in 1935
to avoid persecution, only to find himself in a cattle wagon headed
back to Germany in 1942. If you're American, Paraguay and thereabouts
could be a good choice.
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


[freenet-support] Showdown at the Freenode Coral

2004-08-05 Thread Zenon Panoussis
Mr Matthew Findley
You made certain claims on this list regarding the possible penal
consequences of running a freenet node. I challenged you to provide
law and/or precedent references to support your claims. You failed
to do so. In fact, you silently ignored this challenge.
I also challenged you to explain the fact that you yourself run a
freenet node, in view of the facts that you (a) consider it illegal
to do so and (b) post from a US department of justice address. You
chose to silently ignore this challenge too.
Based on your own claims regarding the legality of operating a
freenet node and your disclaimer regarding the relation of the
contents of your postings on this list to your employment, you
are, according to yourself, either a liar or a criminal. Your
period of grace with me is coming to an end. Unless you provide
this list with an adequate - at my discretion - explanation of
these discrepancies in your arguments, I will cause a formal
complaint against you to be filed with the US department of
justice for running a freenet node and thereby knowingly
distributing illegal material.
What all this boils down to is that, following a formal complaint,
the US department of justice will only have two options: to
prosecute you or to not prosecute you. If it fails to prosecute
you, it will be setting a precedent very useful to freenet. If it
does prosecute you, all freenet operators will be able to benefit
from your defence in the case, no matter whether you finally get
convicted or acquitted. The way I see it, both alternatives are
good for freenet. You and your employer are just about to become
tools for the promotion of freenet's goals. The lack of honesty
and integrity on the part of both yourself and your employer is
no hindrance to this.
Taking all this into account, I would suggest that you talk with
your boss and decide on a strategy. You can create some rather
impressive FUD by going to prison, or you can drop the FUD and
acknowledge that the operation of freenet nodes is not illegal.
It's your call. I will wait 18 hours from the time stamp of this
mail and then act.
Sincerely,
ZP
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Request for help: Stable reset

2004-08-04 Thread Zenon Panoussis
Mailed this from the wrong address - it got caught for moderator
approval. Please don't approve that posting.
Toad wrote:
Anyone who wants in on the new stable network before it is officially
rolled out, please contact me, and get the new seednodes and jar file
from:

http://mywebpages.comcast.net/jkcorson/5089/freenet.jar
http://mywebpages.comcast.net/jkcorson/5089/seednodes.ref
Done.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
miguel wrote:
Just wondering... with all this encryption permeating Freenet 
there remains a gaping hole through which the nazi's could saunter through
with their spy tools and legal bypasses to incriminate any and all Freenetters
they choose to incriminate...  the ip address/port# of all.  Even using a third party
dns service wouldn't help.  Maybe not this day, but in light of current trends in
government policies, in the not-too-distant future they will be slipping in and snagging
whomever they choose by the ip address and will thus render useless all Freenet anonymity measures.
Is there not a way to spoof the ip addresses, or mask the ip addresses so that our uncles 
and big brothers can't come in and bring down the house(s)?  
But the IP where a request originates and the IP of the machine
where a requested file is stored *are* masked by the proxying
system.
Assume I'm the Gestapo and I'm running one or several freenet
nodes and logging everything that goes on. I see a request
coming from your IP. I can't figure what is being requested,
because the key is encrypted. I can't figure who requested it,
because your machine might be - and probably is - proxying
the request for some other node. Unless the requested file is
served from my own node, all I can do is pass on the request
to yet another node and I'll never know which node or nodes
finally served the file.
Now, if I'm not the Gestapo but something much worse, like, say,
Homeland Security, I could monitor the traffic of my peers in
order to discover their peers and then monitor their traffic
too until I have a good picture of the entire network. Traffic
analysis might help me figure who made a request and who served
it, but I still have to break encryption before I can figure
which file that request concerned.
Being the almighty Homeland Security, I do break the encryption.
Fine, now I know that X requested kiddie porn and Y served it.
However, I can't get anyone prosecuted for this. Y is going to
deny - quite truthfully - that he knew that he was serving
kiddie porn, X is going to claim that he just clicked on a
link not knowing what it was and was appalled to find out,
and I will have disclosed that I have broken freenet. That
last part is the worst, because then all the leftists, the
anti-globalists, the anti-war pack and other such terrorists
will know to not use freenet any more. Of course, the same
will happen if I get freenet forbidden: then the entire world
will keep using it, except my local gulag population, which
is the easiest one for me to monitor. Thus, I have to let
freenet live and let the kiddie porn pass and concentrate on
finding out who inserts subversive propaganda against our
Beloved Leader.
Or something like that. The real and ever-present danger
against freenet is not in your IP being shown to your peers.
It is in (a) the integrity of its developers and (b) in the
security of the software archive. If the latter ever gets
compromised, we might all end up running a piece of Big
Broher-owned spyware called freenet.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
[EMAIL PROTECTED] wrote:
As for the uploader
Willful blindness can not protect you if it can be shown that you 
had a reasonable suspicion to believe they you are committing a 
crime.  In fact in some cases a deliberate attempt to not obtain 
knowledge is proof of that knowledge.
In my village, intent to commit an illegal act is a prerequisite to
the committment of that act constituting a penal offence. Additionally,
not preventing others from committing penal offences is not an offence
in itself.
The mere fact that you unknowingly and unintentionally facilitate
the transfer of illegal material cannot be construed as an intentional
active participation in that transfer. If it could, then every single
ISP would be in jail because they all provide facilities which can be
used and are actually used for the transfer of illegal material and
they all damn well know that plenty of illegal material gets transferred
through their systems along with the legal.
As long as a system can and is meant to be used legally, you can't
go after the provider of the system just because some abuse also
occurs. At least here, we don't arrest the bus driver who happened
to drive a drug dealer to his drop-off point. We don't jail the
postman who happened to deliver a package with stolen goods to a
fence, even though the postman damn well knows that, among all the
packets he delivers, here are bound to be some with illegal content.
And so on.
Let me also remind you that the uploader on freenet is too
complicated a term to be used as loosely as you do. The fact that
a file is served from my system does not mean that I put it there.
Nor does it mean that it will still be there next week when some
over-zealous junior prosecutor raids me. And it certainly doesn't
mean that I am obliged to check every byte that other people (or
the system) put on my machine before I allow it to be put there.
With your definition of the uploader, every owner of every forum
and blog and news server and mail server on or through which
something illegal got posted, would be headed for jail.
Of course, YMMV. In countries where the law hardly matters, where
money buys acquittals and where prosecutors work to get convictions
rather than justice, irrespective of actual guilt, you might find
yourself in a sore spot no matter that what you did might have
been fully legal.
As for the downloader
While true, the mere act of downloading contraband will probably
not land you in jail by itself.  It is however most likely sufficient 
evidence to obtain a warrant and if you really are downloading kiddy 
porn you will end up in jail.
You are now assuming (a) that Big Brother has cracked freenet
and (b) that he doesn't care if that fact gets known and (c) that
a search warrant will yield more evidence than traffic monitoring
did. None of this needs be true and any one out of three is enough
to keep you out of jail, provided that traffic monitoring didn't
already provide sufficient evidence for a conviction, in which
case a warrant and a search are superfluous.
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
Toad wrote:
Or something like that. The real and ever-present danger
against freenet is not in your IP being shown to your peers.
It is in (a) the integrity of its developers and (b) in the
security of the software archive. If the latter ever gets
compromised, we might all end up running a piece of Big
Broher-owned spyware called freenet.

Well, most PCs run insecure software, infrequently updated. Even of
those that are relatively secure their operators don't have the
understanding or the time to make them secure. And even if they do there
are always more vulnerabilities, as programmers are human beings. They
can probably compromize the vast majority of PCs pretty easily.
If my machine is insecure and gets compromised, my ass might be
on fire. If your ftp server gets compromised, the ass of every
single freenet user in the world could be on fire.
And the idea that this could happen is not far-fetched. Remember
the linux kernel root hack a few months ago on kernel.org? The
Debian server? You can publish all the md5 checksums you want,
but whoever can manipulate the files themselves, can manipulate
the published checksums too. Among the eager competitors to hack
your server are about 120 governments, a multitude of political
organisations, several mafias of different flavours and, of course,
every Joe Hacker and Skrip T Kiddie who would consider it a
special honour to have hacked a whole network instead of only
a server.
You have taken extraordinary measures to protect against this
happening, haven't you?
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
[EMAIL PROTECTED] wrote:
That's because ISPs/Mail are protected by common carrier laws, 
you are not.  They pass laws that specifically say that if a 
company is incorporated as a common carrier, then the items (or 
data) they transport aren't their responsibility.
Do you have a pointer to those laws? As in acts and articles?
AFAIK, most ISPs have chosen to *not* assume the common carrier
status in order to avoid common carrier obligations and to not
subject their ToSs and AUPs to common carrier demands. The DMCA
offers the possibility to any ISP to assume a common-carrier-like
position, at his option and after he has received a complaint,
but the DMCA only addresses copyright infringements and not any
other illegal content.
Besides, if we disregard ISPs for a moment, I don't know of any
private company in a non-carrier business that has ever been
prosecuted for what its employees do over its networks. That
is: I work at company X. I spend most of my time in the office
downloading kiddie porn and uploading copyright infringements,
trade mark violations, libel and military secrets. When I'm
caught, I'll go to jail for a very long time.
Now, do you seriously think that my boss will go to jail too
because he could have known that this could happen and he
didn't take protective measures and he should have controlled
the contents of all incoming and outgoing communications over
the company network and he didn't have to provide internet
access to his employees in the first place? Do you seriously
think so? And, if you do, does that reflect your opinion as
Matthew.Findley@ or as @usdoj.gov ?
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: Security precautions, CVS commit mails was Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
Toad wrote:
You have taken extraordinary measures to protect against [the 
ftp server being hacked], haven't you?

Umm, measures such as..? I don't see how you can defend against the
above, really.
Well, first of all the elementary stuff. No other services on the
same machine. You don't want your ftp server compromised because
of a flaw in mailman, or even sendmail, so put that stuff elsewhere.
Heavy firewalling. IDS. No compiler installed; most hacks begin
with a compilation. No unnecessary script interpreters; an ftp
server can live very well (and much longer) without PHP, python,
perl, java, whathaveyou. A super-lean kernel. A permanently up
to date system.
Then the more tedious stuff. Remote syslog. Remote md5sums of every
file on the machine, regularly checked. A draconic password policy.
Why not a read-only server running from a CD-ROM?
And then comes the really difficult part, physical security. A
gang of angry and hungry dobbermans in the outer perimeter, cobras
in the server room, tarantulas inside the server itself.
As a side-dish, network security. If your DNS can be compromised,
nobody needs to touch your ftp server before they can serve their
own files from your machine. Arp. There is really no way to
ensure that a visitor to your ftp server won't end up elsewhere,
but an unpredictable control mechanism can let you know if that
happens and mitigate the damage.
There is one thing though... I think the CVS announcement mails are
generated on the client side. They should be generated on the server
side. Anyone know how to do this?
What you mean by CVS announcements?
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
Edward J. Huff wrote:
That is up to each node operator.  Failure to block some content -- like
mp3's -- is a lot less serious than failure to block other content --
like kp.  The node operator might decide to take the risk in the name of
civil disobedience for some content but not other.
Associating freenet to civil disobedience (in the node op's
jurisdiction) is a sure way of bringing it down; it then
becomes illegal by self-imposed definition. Censorship is
jurisdiction-bound and so is the system's reaction to civil
disobedience. When you, as a US-based op, agree to censor
kiddie porn and can get away for mp3s go through, you can
trust that your Chinese peer will rot in jail if he lets
reports from Tienanmen go through. The Chinese equivalent
to your kiddie porn censorship is censoring Tienanmen and
letting the mp3s through. Well, pretty worthless I'd say.
Don't touch content. Don't make it possible to touch any
content. When you do, you burn all content as well as
yourself.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
Ian Clarke wrote:
s/does/does not
$ Error: open second argument to s
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
Toad wrote:
IANAL (BIKAF), but I would expect that for ignorance to be willful it 
can't be a side-effect of a goal, it must be a goal in itself.  There 
are plenty of reasons why someone might want to use Freenet other than 
obtaining illegal content.

The problem is that ignorance is indeed a goal in itself on Freenet.
It's part of its very basic design features.
Keep track of the subject. The fact that ignorance is a goal
of the developers doesn't mean - nor prove - that it's a goal
of the prosecuted user.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: Security precautions, CVS commit mails was Re: [freenet-support] anonymity(NOT)

2004-08-04 Thread Zenon Panoussis
Toad wrote:
The fundamental issues revolve around changes to source code. 
Only in theory. In practice, the source code only affects your reputation.
The binary code affects the users. If you only protect the source code
(which is also what might get reviewed at some point or other), you will
only be protecting those users who are really careful and compile from
source and don't really need protection. Protecting the binaries is much
more crucial.
Of course I don't mean that protecting the source is unimportant. I have
the impression - from nowhere - that freenet is developed by a small and
rather tight team. If that is so, then commits can be based on personal
trust. If, on the contrary, source can be committed by not fully trusted
people, then there is no end to the auditing requirements before you can
call the resulting binaries safe.
They're
not easy to deal with. Specifically, no matter how deeply you secure the
server, you can't certify every single build as free from unexpected
code. 
It is human to err and, as builds 5085-5087 prove, errors will happen.
However, as long as the developers are well-willing but imperfect friends,
we can trust that there will be no spycode sending extensive reports to
nsa.gov. There is a fundamental difference between bugs and malicious code.
I am willing to take the risk of accidentally introduced security flaws,
but not the guaranteed-to-work intentional security breach that an outsider
would put in freenet if he could.
Hence the need to ensure that for example mails get sent out EVERY
time a CVS commit occurs, and if they bounce it will keep trying to send
them forever. How can we achieve this?
As far as I know how mail servers work, you can't. Then again, why would
you need to? Really, how many people have commit permissions? As long as
they are fewer than three dozen or so, you can have a cryptographically
secured system of notification acknowledgements which leads to phone calls
for missing acknowledgments after a certain threshold. The problem is
not some notifications not reaching their destination, but rather commits
happening without anyone at all being notified.
I think that what you are really saying is that you ned to ensure that
nothing can be committed without at least some notifications going out.
If the cvs server gets hacked, you can't. One way around this is what
I wrote about remotely stored md5sums of all files. The way cvs works
sabotages this though (existing file unchanged, newer file present but
not md5summed to begin with).
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


[freenet-support] F*cked-up releases

2004-07-30 Thread Zenon Panoussis
Just to sing a different tune than the one everyone else is
singing, I upgraded to 5088 last night and it seems to work
relatively well. The load is considerably higher than with
5084 and the same configuration but, as far I can see without
studying logs, everything works as it should. Perhaps with
time the load will go down too...
I never touched 5085-5087 though, that might be why I'm in
a good mood :)  I went straight from 5084 to current.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] In need of opinions and ideas

2004-07-23 Thread Zenon Panoussis

Nicholas Sturm wrote:
Has anyone figured out what he had for lunch.  The schmerk is almost 
missing in his salute picture in the USA Today shot by AFP.
Does that stand for Air Force Photograph.  I didn't say gone, just 
almost missing.
What's a schmerk?
Agence France Presse.
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] In need of opinions and ideas

2004-07-22 Thread Zenon Panoussis
S wrote:
I don't really agree with the idea that such a pr0xy would bring
exposure or users to Freenet. Joe Surfer, upon finding your gatewayed
content in Google, is going to click through, access the content, and
move on, not realizing that he's ventured beyond the confines of the
normal web. Useful to Joe Surfer, not to Freenet. Or worse, he clicks
through and gets some confusing message about Route Not Found that
makes absolutely no sense to him. No help to Freenet or to Joe Surfer.
My idea is to force visitors to go through an introduction page,
where I can explain what it's all about and where I can put some
warnings and disclaimers too. I should be able to do that without
cookies, just with a mod_rewrite rule referrer !this_host rewrite-FAQ
Also, I think you are looking too shallow into what's useful to
whom. According to me, if it's useful to Joe Surfer it's useful
to freenet, for the very simple reason that freenet is all about
disseminating information and none about keeping it confined or
restricted. At least that's what I gather from the project site;
it says nothing at all about an only-for-us-select-few club, it
only talks about as widely-used and accessible as possible.
Network resources are another issue. If suddenly there are thousands of
web users trying to reach Freenet content through a gateway, that's
thousands more requests flooding into the network, thousands of
leeching users, who aren't giving any resources back to Freenet. 
Ah, but you forget that the  p r o x y  itself is contributing
back to freenet in exact proportion to what those leechers
leech. Therefore, the victim of the leeching is not freenet,
but myself. I think I should be able to handle that loss
and, if not, I'll just have to RTFM a bit more on iproute
and rate limiting.
This
symptom would likely be limited to some extent by your node's own
ability to handle requests. A caching pr0xy would resolve the potential
for network burden, but then you've got to deal with expiring cached DBR
sites, the legal issues of caching the plaintext content, ...
The apache proxy dosn't log (other than keys) and dosn't cache, but
fproxy does, in a way. I increased the store to 1 GB for now and
I could increase it a lot more if/when needed. That would lead to
more sites being local and less traffic outwards, yet nothing in
plaintext to compromise me or the user. Thus, I don't see any of
the problems you mention.
People have run public nodes before, but Google never indexed them
beyond the main Web Interface page, so their audience consisted of
people who a) were already Freenet users and b) knew exactly what to
search for in Google to find a public node. 
Well, this contradics what you just wrote above. If you are right
on this point, then your fears about thousands of users leeching
and burdening freenet without giving anything back are unfounded
already because of this, even disregarding my arguments above. Or
vice versa. Of course, if you're right on this, then running the
thing would be fairly meaningless. However, as long as it's not
damaging, it doesn't matter much if it's meaningless; when I
realise that I'll just take it down.
They also don't have a
tendency to be very reliable. Bringing Freenet to the entire web would,
I imagine, have its own unique set of issues.
Of course it would. Reliability is not my main concern though;
Freenet itself is not very reliable either, and it's easy to reason
along the lines of if you want it more reliable than I can offer,
then go run your own node. What worries me most is the legal/political
side of things.
To be precise: when the yellow press picks this up (not if; when),
they'll make angry headlines of it in the style of And what is
the government doing? Nothing! And of course the wolves will
then move in (Miguel, this is in reply to you too). From that
point on there are many possible scenaria:
A. My upstream cuts me off and the p r o x y dies silently
   (along with everything else I host), or I move to a new ISP
   time and over again until I find one solid enough to carry
   the service.
B. I get a prosecutor's order to block one or several specific
   and named freesites. The law says I have to comply first and
   can seek reversal in court afterwards.
C. I get prosecuted for serving some specific freenet content.
D. I get sued in a civil lawsuit by someone who doesn't like
   some specific freenet content.
Let's examine all this in the light of the purpose of freenet,
which I understand as the promotion of free speech irrespective
of the content thereof. Please correct me if this definition
is skewed or incomplete.
To begin with, free speech in a solitary cell is no free speech
at all. You only have free speech if you can say what you want
*whenever you want and to whoever you want*, provided that they
want to listen. Thus, the notion of let's keep it quiet so they
don't come down on us and crush us contradicts the very purpose
it's supposed to promote. The greater the pssibe audience, 

Re: [freenet-support] In need of opinions and ideas

2004-07-22 Thread Zenon Panoussis
Toad wrote:
Well, this contradics what you just wrote above. If you are right
on this point, then your fears about thousands of users leeching
and burdening freenet without giving anything back are unfounded
already because of this, even disregarding my arguments above. Or
vice versa. Of course, if you're right on this, then running the
thing would be fairly meaningless. However, as long as it's not
damaging, it doesn't matter much if it's meaningless; when I
realise that I'll just take it down.

No, because they are not indexed, because we send a robots directive on
fproxy IIRC.
Uhm, that's a bit too laconic for me. Please explain. Are
you saying that a request for a key will be sent out even
if the key is present in the local store? But yet, if the
usage is low, the network burden will be low either way.
E. You get slimed in the press and elsewhere as a paedophile because you
provide child porn.
If the prosecuror has ordered me to block it, I don't
provide it. If the prosecutor has not ordered me to block
it, I think you're barking up the wrong tree, here's the
phone number to the prosecuror is an adequate public
defence. I also think the blood-thirst of the press can
be somewhat mitigated by a well-done portal and FAQ.
[openness vs closed circuit]
Perhaps so. I suspect that Freenet will gradually have to get less open,
but we'll see. When it's fairly closed is exactly the time when it's
most vital. But right now, openness is good. 
It's a very difficult assessment, if not impossible. All
one can do is try to use good judgement and hope for the
best.
[self-regulation]
The really nasty governments are of course the worst in this. Chinese
ISPs etc are encouraged to censor their clients, without generally
having any explicit idea what the rules are. In the West, ISPs generally
don't go looking for content they don't like on their customers' sites.
The way this happens is simply that they have all-encompassing AUPs so
that if they get a threatening letter they can dump you with no
liability themselves. Which of course they do.
Yet I see a bigger problem in the west than in China. In
China, the government is involved and actively participates
in the censorship. Therefore, China is on every list of
every state and of every NGO who monitors censorship, and
gets fingers pointed at it all over the place. But the US?
Europe? Censorship, no sir, we have nothing of the kind here;
that's the official approach and it works very well too.
We get censored and our governments get to keep their good
reputation and stay out of disturbing political winds too.
The latest drive is hate speech, with France and Germany
pulling the strings. If they get their way, anything that
happens to disturb some group - especially some non-negligible
minority - will be illegal. Little do they understand that
if you want to fight neonazism, racism, anti-semitism,
whatever, you need to see your enemy, you need to let him
talk so that you can trash him.
Establishing that Freenet is slow and only used to distribute illegal
content is a disadvantage.
But freenet *is* slow and it is *not* only used to distribute
illegal content. In fact, the little I've looked around, I
didn't run across any content that would be illegal in the
west. Of course it's there, I'm just saying it doesn't seem
to be predominant.
[capability to comply with orders]
Sadly, all nodes are capable of compliance with don't serve key X
orders, they just have to modify the code. Since it is open source, this
is easy.
Not for a non-programmer. I wouldn't know how to do it and
current legislation does not require me to learn java. Besides,
before you can serve an order to a freenode, you need to find
it. And even if X node would block Y key, the same content
would reappear under a different key, as well as under the
old key on node Z.
[precedents and their effects]
No. You go to jail, your ISP gets away with it. Because you're not an
ISP. They'd find some way to fudge it.
In this you might very well be right. Over-estimating the
legal system is among the most stupid things one can do.
Admittedly I've done it more than once.
[immunity to civil suits]
LOL. Co$ strikes again! ;)
Really, I should put a big banner on the portal, this site
was made possible through the kind cooperation of the church
of scientology. That would at least put the kiddie porn to
a good use ;)
[Al Quaeda hacked]
Uhm, there's a real AQ site?!
There was, although it wasn't called that; it was the site
of some or other moslim foundation, on which AQ communiqus
often appeared first hand. It went down a year ago or so.
[not logging]
No, but they can compel you to keep more logs. In UK law, they can
compel you to keep more logs and require you to continue running the
node, and not tell anyone (including the judiciary) about it.
They can't have it both ways. Indeed I don't enjoy the
protection that ISPs enjoy, but also, precisely because
I'm not an ISP, they can't compel me to log, or to run
a service in the first 

Re: [freenet-support] In need of opinions and ideas

2004-07-22 Thread Zenon Panoussis
Toad wrote:
They are not indexed by google because by default fproxy sends a
robots.txt indicating that it shouldn't be spidered.
Aaah, I see. That explains S' comment too. Well, current
legislation does not require me to learn java, but it
does not forbid me to either ;)
[prosecutor's block orders]
So they go after us and make us provide a version with that option.
Yes, theoretically they they could try, but who is us
in an open source project? If all they wanted was to
force X content out of a certain node, I think they'd
go for the easiest way and take down the node. If they
want more, such as a tool to monitor and control
underground communications, they'd write their own and
present it to the public as an improved freenet version.
In fact, that's exactly what it says on freenetproject.org,
new stable version released. Ask me, did I carefully read
and analyse the code I'm running? Did I build everything
myself from source? Erhm, uhm, well, can we change the
subject?
[UK]
But perhaps other jurisdictions are more sane.
There was a cartoon in Punch a few years ago - I so regret
I didn't keep it - depicting Bush playing a tambourine and
Blair in the form of a small monkey on a chain, dancing to it.
That cartoonist really captured the whole essence of the
situation in a few penstrokes. If the US has a patriot act,
why would the UK not have one?
The proletariat are the majority. Democracy is the rule of the mob.
And btw, they're not proles. They're middle class in the modern
newspeak. They're middle income. They just read the Sun ;).
Hey, that makes you and me the elite, the intelligentsia,
the avant-garde in this swamp we live in. Lets see it from
the bright side :)
Seriously, it's a lot easier to convince the average person that Freenet
is evil than that it is needed.
Interestingly, it's seldom you read in the paper about
petty mafiosi, illegal immigrants and street bums getting
caught with big archives of kiddie porn. Invariably they
are well-established members of the middle or higher
middle class (the real upper class is above suspicion,
so it doesn't get caught). The class that uses illegal
content on freenet is the very class that proclaims to
be against it. Perhaps mirrornet would be a better
name for it: what you see there is what you are.
Duh. We have come a very long way from technical support
and I doubt everybody around is interested in these
philosophical aspects.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] In need of opinions and ideas

2004-07-22 Thread Zenon Panoussis
Toad wrote:
They are not indexed by google because by default fproxy sends a
robots.txt indicating that it shouldn't be spidered.
Aaah, I see. That explains S' comment too. Well, current
legislation does not require me to learn java, but it
does not forbid me to either ;)
[prosecutor's block orders]
So they go after us and make us provide a version with that option.
Yes, theoretically they they could try, but who is us
in an open source project? If all they wanted was to
force X content out of a certain node, I think they'd
go for the easiest way and take down the node. If they
want more, such as a tool to monitor and control
underground communications, they'd write their own and
present it to the public as an improved freenet version.
In fact, that's exactly what it says on freenetproject.org,
new stable version released. Ask me, did I carefully read
and analyse the code I'm running? Did I build everything
myself from source? Erhm, uhm, well, can we change the
subject?
[UK]
But perhaps other jurisdictions are more sane.
There was a cartoon in Punch a few years ago - I so regret
I didn't keep it - depicting Bush playing a tambourine and
Blair in the form of a small monkey on a chain, dancing to it.
That cartoonist really captured the whole essence of the
situation in a few penstrokes. If the US has a patriot act,
why would the UK not have one?
The proletariat are the majority. Democracy is the rule of the mob.
And btw, they're not proles. They're middle class in the modern
newspeak. They're middle income. They just read the Sun ;).
Hey, that makes you and me the elite, the intelligentsia,
the avant-garde in this swamp we live in. Lets see it from
the bright side :)
Seriously, it's a lot easier to convince the average person that Freenet
is evil than that it is needed.
Interestingly, it's seldom you read in the paper about
petty mafiosi, illegal immigrants and street bums getting
caught with big archives of kiddie porn. Invariably they
are well-established members of the middle or higher
middle class (the real upper class is above suspicion,
so it doesn't get caught). The class that uses illegal
content on freenet is the very class that proclaims to
be against it. Perhaps mirrornet would be a better
name for it: what you see there is what you are.
Duh. We have come a very long way from technical support
and I doubt everybody around is interested in these
philosophical aspects.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] error while opening freesites

2004-07-22 Thread Zenon Panoussis
M. Seredszun wrote:
Couldn't retrieve key: 
[EMAIL PROTECTED]/BPC/3//*
Hops To Live: *15*

Error: *Route Not Found*

Can you help me Pls ?
Keep trying. It's out here, it's loading alright at
https://81.169.159.148:8080/[EMAIL PROTECTED]/BPC/3//
but it's slow. If nothing helps, download
http://freenetproject.org/snapshots/seednodes.ref
into your freenet directory and restart freenet.
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Load

2004-07-21 Thread Zenon Panoussis

David Masover wrote:
Of course, if you don't own
your own computer, how can you trust it?  One-way trust.  Suppose my bro
trusts me, but I don't trust him, I have root, and he wants Freenet.  
You don't need root to run it and it's probably a good idea
to not run it as root even when you are root.
# useradd -r -d /path/to/freenet freenet
# su - freenet -c /path/to/start-freenet.sh
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


[freenet-support] Key harvester

2004-07-21 Thread Zenon Panoussis
Alright, here's an  o p e n  f r e e n e t  p r o x y  (anti-
Google syntax): https://8 1 . 1 6 9 . 1 5 9 . 1 4 8 :8080/
I'd appreciate feedback from anyone who cares to play with it
and/or attempt to break it. I am particularly interested in
unlinked/undocumented FProxy functions which I should have
blocked, but haven't.
The proxy logs in this format:
GET /[EMAIL PROTECTED]/marlowe// HTTP/1.1
GET /[EMAIL PROTECTED]/fiw/11//activelink.png HTTP/1.1
GET /[EMAIL PROTECTED]/fmb/5// HTTP/1.1
GET /[EMAIL PROTECTED]/fiw/10//activelink.png HTTP/1.1
GET /[EMAIL PROTECTED],GwcklYxhS7f8G9dEeJqRjA/phamnuwen//activelink.png HTTP/1.1
Of course you have nothing but my word on that, so do
nothing sensitive.
Please don't spread this ouside the list for now, as long
as I don't know how well it works and whether I'll keep it
or not.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Key harvester

2004-07-21 Thread Zenon Panoussis
[EMAIL PROTECTED] wrote:
It could be that I have yet to even browse my own proxy successfully.
but I tried your site, and received a good 'ol --

Bad Gateway
The proxy server received an invalid response from an upstream server.
I restarted it two minutes ago, you must have hit it
right then. Try again.
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Key harvester

2004-07-21 Thread Zenon Panoussis
Toad wrote:
Seems a bit flaky. Every so often I get an Apache error.

Forbidden

You don't have permission to access
/[EMAIL PROTECTED],aAEwN5~NVmuIvZdfqlORxg/BSIT/20// on
this server.
Ugh. Sometimes logging serves better purposes than policing.
I can't see what went wrong there. I do have some mod_rewrite
rules in the proxy configuration in order to protect status
info etc, but this shouldn't have been caught by them, unless
the original URI contained a query string, i.e.
server:port/something?someother .
I'll turn mod_rewrite logging on for a while and see.
The blocks appear to prevent access to anything sensitive. I think you
probably want to set publicNode=true though, 
Did now.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Key harvester

2004-07-21 Thread Zenon Panoussis
I wrote:
I do have some mod_rewrite
rules in the proxy configuration in order to protect status
info etc, but this shouldn't have been caught by them, unless
the original URI contained a query string, i.e.
server:port/something?someother .
That was it; there was a query string date=some_date.
Fixed that one, but there may be more.
Is there a list somewhere of the query strings used?
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Key harvester

2004-07-21 Thread Zenon Panoussis
Toad wrote:
Is there a list somewhere of the query strings used?

For fproxy:

?key=key
?htl=number
?linkhtl=number
?mime=mime type
?date=date
?rdate=true|false
?force=short hex cookie

Probably there are more for the splitfile servlet.
I was trying to block access to ?setSimpleAdvancedMode=mode,
but also anticipating the existence of query strings that might
do things I wouldn't want the public to be doing. By what you
list here, I don't see the harm in removing the query string
filter altogether, but better ask: would that open any abuse
avenues, as fas as you can see?
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Connection/Routing problems?

2004-07-21 Thread Zenon Panoussis
[EMAIL PROTECTED] wrote:
***A couple problems so far.. All 4 sessions, It doesn't even appear to be
able to access the default ... never-fail site.. however there is a ton
of traffic, so i KNOW its finding nodes out there.
I suspect something with your firewall. What does it block?
Can you make it log?
Z
--
Framtiden är som en babianröv, färggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


[freenet-support] In need of opinions and ideas

2004-07-21 Thread Zenon Panoussis
The whole load/logging/key harvesting discussion I started here
a couple of days ago originated from my wish to make freenet
searchable, especially to the non-freenet world. So I installed
an open  p r o x y in order to harvest keys, so that I could set
up a search engine.
What I only realised when I saw the  p r o x y  working, is that
there is no need for me to run a search engine in the first place
if there is an open  p r o x y  running. Nor do I need to have
Google's army of engineers to develop algorithms to fight search
engine spamming. All I need to do is feed proxied URIs to Google,
and Google will take care of indexing as well as of spam fighting.
I can see advantages in such an approach. Having freenet results
integrated among Google results in general would be quite a push
for freenet, a very good way to get more people to it. Also, the
fact that freenet search results would get blended among internet
web results would provide a certain footing of deniability to the
users: yes, X freesite with questionable content was perhaps among
my search results, but that's not what I was searching for in the
first place. And of course the fact that Google's ranking, spam
combatting and response latency resources will always be a tad
better than mine ;)
I can also see disadvantages in this scheme.
The foremost one is that if I run an open p r o x y, somweone
sooner or later will claim that I am responsible for the content
it serves. Nobody ever got it into their head to prosecute an
ISP for content served by the ISP's proxy, but all it would
take to get me prosecuted is a juicy article in a local newspaper.
I don't have the protective ISP status, nor the resources to fight
back.
Another aspect is more philosophical. Some would say that, as
long as freenet is relatively obscure and not readily available
to the masses, it is left alone but, if it became bigger and more
known, it would become a target for attack. Others would counter
publish and be damned. I really don't know what to make of this;
how to judge benefits and risks and what is best to do when all
is taken into account.
Finally, there is a financial issue. If I provide a bridge
between freenet and the web, then I pay for all web-to-freenet
traffic. There is quite a risk that I will end up as the victim
of my own good idea. This could be mitigated by others running
open  p r o x i e s  too, perhaps with all of them being round-
robined on the same web URL in order to keep Google consistent.
This raises the question: would anyone else around here consider
running a  p r o x y?  Is it realistic at all to think that, with
time, there could be a network of freenet-web bridges?
I would really appreciate your thoughts on these issues, especially
pointers to aspects I've missed.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


[freenet-support] Load

2004-07-19 Thread Zenon Panoussis
Hello everyone.
I started a node on a machine with lots of bandwidth and a very
lousy I/O subsystem. Not much else is going on on the machine, so
without freenet the load is steadily between 0.01 and 0.10. When
freenet runs, the load is constantly around 3.50, with peaks
reaching well above 5.00. The system latency caused by these
loads gets other stuff to malfunction; for instance, mail server
queries to LDAP time out and result in service temporarily
unavailable errors. Obviously, such things become a show stopper
for freenet.
The machine is a Celeron 2.4 GHz with 512 MB RAM running RHEL3
with Sun java 1.4.2_05.
I reduced maxNodeConnections to 85 from the default 200 in the
hope to reduce the number of java instances, but that didn't help
much. I also set diagnosticsPath=/dev/null to stop the constant
writing on disk (is there a better way to say disable stats,
I don't need them?) and that didn't help much either.
So I'm asking for advice from those more experienced with freenet:
what can I do to reduce the load? More specifically, how can I
reduce the number of java instances running? With my current
settings (most else at default), I have 96 java processes eating
away everything on the machine and the machine itself too.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Load

2004-07-19 Thread Zenon Panoussis

Roger Oksanen wrote:
I run freenet niced at +10 on a 2x500MHz computer, load stays at 2-3 all 
the time. 
Ah yes, I forgot to mention that. It's niced at 19. Beats me how
something that's niced 19 can bring the load to 5.00, but that's
a different issue.
I suspect the problem you have lies in the fact that freenet will eat 
ALL available bandwidth that you give it, which will lead to 
starvation, so adjust the following settings:

inputBandwidthLimit= Your input limit
outputBandwidthLimit= Your output limit 
That's done already, it's not where the problem lies. Both these
settings are at 10240, calculated for a monthly consumption of
about 50 GB. The machine has a 100 Mbit connection to the net, so
starvation is out of the question.
You could also limit the threads used by adjusting the maximumThreads 
setting.
Reducing maximumThreads from default 120 to 60 had very little
positive impact on the load. However, while I was there I noticed
the overLoadlow parametre, which I had missed earlier. I set it
to 0.8 but it dosn't work as advertised. After 35 minutes with
this setting in effect, I'm looking at
   9:57,  1 user,  load average: 1.13, 1.74, 1.04
   9:58,  1 user,  load average: 1.53, 1.71, 1.07
  10:00,  1 user,  load average: 1.84, 1.77, 1.17
  10:01,  1 user,  load average: 3.04, 2.05, 1.31
  10:05,  1 user,  load average: 2.37, 2.39, 1.61
  10:17,  1 user,  load average: 5.49, 4.00, 2.69
  10:26,  1 user,  load average: 4.27, 4.20, 3.39
./stop-freenet.sh
  10:30,  1 user,  load average: 0.15, 1.99, 2.66
If all averages are constantly above the overLoadlow limit and
the one-minute average keeps increasing, then this setting is
simply not being obeyed.
Duh. I don't remember running a more aggressive piece of software,
ever.
A note to the developers:
RAM is cheap. Working software is very expensive. Freedom 
is horrendously expensive.
Sadly, this is an over-simplification and reality is more complex
than that. The people who have money can buy freedom and don't
need more RAM. The people who mostly need more RAM in order to
have freedom are mainly those who can't afford the RAM. This is
true on a national level, comparing the degree of repression and
the financial situation of the average citizen in, say, China or
Egypt to those in the US or Europe, and it is also true on the
personal level; he who can pay a good team of lawyers will seldom
need to fiddle with freenet.
In my case, I rent a server somewhere for 39 euro per month.
It's crappy hardware, but it's fully sufficient for all my
needs and it's all I can afford anyway. To get better hardware
where I have the bandwidth I'd have to double my expense. At
home, where I have better hardware, I pay the traffic at the
tune of 3 euro/GB. The sum of this equation is, unfortunately,
one freenet node less. I do think that resource management
would be a worthy priority for the project.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Load

2004-07-19 Thread Zenon Panoussis
Toad wrote:
Strange. What is your logLevel ?
Well, that's relative. The log level is set to debug, but the
log file is a FIFO, where a simple perl script greps for URIs
and dumps the rest. My idea was to feed those URIs to mnogosearch
and create a non-anonymous search engine fo freenet.
Won't make much difference. The setting you want is maximumThreads.
I took them down from 120 to 60, saw hardly any difference at all.
I also set diagnosticsPath=/dev/null to stop the constant
writing on disk (is there a better way to say disable stats,
I don't need them?) and that didn't help much either.

You do. The node uses them for estimating load. My long-lived unstable
node's stats dir is 3MB, as is my long-lived stable node's stats dir.
It's not a problem.
It's not the size of the stats on disk I want to avoid, but the
extra I/O that comes from keeping them.
Set maximumThreads=60 (remove the leading %), logLevel=error, and
doCPULoad=true (is your node pegged on CPU, or just on I/O? what's the
idle % typically?).
OK, I'll give it one more try to see if it's the logging that
does it. Of course, the logging is required for what I want
to do, so I don't know how to get around the problem, if that's
where it is.
The normal load of the machine is around 0.10 an I/O is its
big problem in general.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Load

2004-07-19 Thread Zenon Panoussis
Toad wrote:
The thing is, the lack of search capabilities reduces
the useability of freenet

Of course. There are ways to implement search, however. Sooner or later
somebody will implement a good spider based anonymous search. 
I searched a bit on the web. At
http://conferences.oreillynet.com/cs/p2pweb2001/view/e_sess/1669
I found someone claiming that searching freenet would be
possible real soon, to quote: right about now. That was
in 2001. At  http://www.freenet.org.nz/search/ I found a
totally defunct search engine, obviously based on the same
principle I'm trying to apply now.
I fully agree with you that anonymous search is much better
than a non-anonymous. However, as I mentioned, the problem
of anonymity has two sides: that of the publisher and that
of the user. If a non-anonymous search solves one part without
affecting the other, what's the harm of it?
This would
probably have two components: 1. A spider, which would spider out from
known freesites, scan NIMs, and Frost traffic, and insert index files.
2. A client, probably integrated into fproxy, which would fetch the
index files that are appropriate to the search given.
You mean creating index files before a search has been made?
Wouldn't that be highly inaccurate and/or produce massive
volumes of indices?
I can publish stuff anonymously all I want
but, unless I post a URL somewhere, nobody is going to
find my publications. 

Indeed. Thus we have NIMs, FreeMail and Frost within Freenet, and
outside it we have Mixmaster remailers, IIP, I2P, various kinds of
proxies and so on. Sadly some people use hushmail too, which is not
exactly the safest option. But there are many possibilities.
All this put together is still a *very* small world. If
I'd find and publish, say, the Bush administration's plans
to invade Cuba, or detailed information on Israel's chemical
and biological weapons, I don't want this information to
to reach the users of freenet and hushmail; I want it to
reach the huge and clueless masses who watch CNN and use
hotmail. And I also want to protect my anonymity damn well.
The way to go? Publish on freenet and let automation, i.e.
nobody, make the bridge to the web.
How do you propose to protect against spam, and plain malicious content?
I don't. I'm not Google. As you have already gathered,
my financial capacity is enough to run a 39-euro server,
but not a 78-euro one. Because of that, things get very
simple: if I make a freenet search, it will be just as
well or ill protected from spam and malicious content as
freenet itself is.
 Freenet does not know the
URIs of data that passes through the node, only those requested locally.

It does know the requests that pass through the node.

Nope. It doesn't. It only knows the routing keys, which are insufficient
to decrypt the actual data. Any other URIs in the logs will be locally
originated. Example:

CHK@routing key,decrypt key/human readable key
Uhm, there's something eluding me here. You know freenet's
internals; I don't. If you say so, then so it is. Yet I
stuck some of those URIs I found in my logs into my browser
and got sites to which I had never been before.
Taking what you say here for granted, the entire discussion
up to this point is probably a meaningless exchange based
on some misunderstanding on my part. But what?
[URIs from logs]
Would be interested to see some of this list. 
Duh. So am I by now, but with all the messing around today
I deleted them. I can try again though.
Are you running a public
gateway? Are you fetching lots of stuff locally?
Neither.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]


Re: [freenet-support] Load

2004-07-19 Thread Zenon Panoussis
I wrote:
Taking what you say here for granted, the entire discussion
up to this point is probably a meaningless exchange based
on some misunderstanding on my part. But what?

[URIs from logs]

Would be interested to see some of this list. 

Duh. So am I by now, but with all the messing around today
I deleted them. I can try again though.
Now I know what the misunderstanding was. The working URIs
I found in my logs come from the default bookmarks in the
interface servlet. I had never visited them before, but
they had passed my client anyway.
Z
--
Framtiden r som en babianrv, frggrann och full av skit.
 Arne Anka
___
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]