On Sun, 18 Jan 2004 22:08:30 -0500 "Paul Derbyshire" <[EMAIL PROTECTED]> wrote:
> On 18 Jan 2004 at 5:24, S wrote: > > > Anyone can change the "latest build number" by editing Version.java and > > compiling the source on their machine. If you were so inclined, you > > could change your "latest build number" to 9999 and confuse a whole lot > > of people. Apparently someone has compiled their own copy of Freenet and > > changed their version number to 5070. > > Perhaps nodes shouldn't be generating that message based on the > reported version numbers of other nodes, While this is likely very low on the priority list, it should be sufficient to implement an "I know of a newer build" message, and wait until multiple nodes have told us that they know of multiple instances of the same newer build. Instead of taking one node's word for it, we'd wait for corroboration (I know "there is no trust," I'm not looking to bring that up again). e.g. I connect to Nodes A, B, C, D, ... N, with build 5063. Node A says "I have 5 nodes in my RT labelled as build 5064." Node B says "I have 11 nodes in my RT labelled as build 5064, and 1 node labelled as build 5555." Node C says "I have 6 nodes in my RT labelled as build 5064." Node D says nothing because it knows of no nodes running any build greater than mine, 5063. Node N says "I have 1 node in my RT labelled as build 5064, and 1 node labelled as build 5555." At some point, after hearing that X % of the nodes I'm connected to each have at least Y nodes with build 5064 in their RT, my node decides "OK, 5064 probably exists, I'll list it as a newer build on the web interface." The advertisement of build 5555 is ignored because Y for 5555 never exceeded 1, X for 5555 is too low, or both. This scenario prohibits a lone node from fooling everyone else's node into thinking a newer build has been released. With 5 as an acceptable value for Y, someone would need to run their bogus-version-number build on at least 5 different nodes, which is a lot of work just to pull a prank. I suspect that most of the weird build numbers we've seen are from people experimenting, not from people trying to undermine the "Latest Build" feature. The downside to using this method is that it would introduce a delay in the announcement of newer builds to users who only find out about newer builds through their node's web interface. -s _______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support
