On Sun, 11 Dec 2011 16:36:53 -0500, Chris wrote: > How many users actually compile it themselves?
Me, and all other Gentoo users :-). > How many examine the diffs? I do, rarely :s. > > [...] > > How would you propose to differentiate between a bugged node and a > > normal node? > > This is why you have authentication and checks against any inability > to connect to nodes. There is no such authentication that would help here. And you would be able to connect to any node normally -- except the compromised nodes would still find a way to become your peers and surround you. (I'm not sure exactly what criteria need to be met for your node to accept a stranger's offer, but I'm sure a dedicated adversary can easily meet them.) > You are looking at the issue wrong. It doesn't matter which nodes are > bugged. If a user can't connect to higher than normal percentage of > nodes it should send up a red flag for one. They will be able to. > You can keep track of nodes as well and check out which nodes are new > and which have been added over time. The number of new nodes coming > online shouldn't exceed a certain threshold. If there are 5,000 and > on average the number of nodes increase by 2 a week then 100 new > nodes coming online should send up a red flag. I don't know what the > actual numbers are or the range. Maybe some weeks do see 100 nodes > and others only 2. There is probably a number though that could > increase the time it takes to pull off such an attack. There is no such metric -- a slashdot article, for example, could easily trigger such a gauge. Moreover, you're not understanding the attack enough -- the bad guys don't need to control too many bugged nodes -- just a few which they will find a way to peer with you. By the way, here is one freesite that tries to measure how many nodes are on the network: USK@85gZTCiQO9IEPDAGvjktO9d-ZMS1lIABR6JB85m4ens,VGDItiCVzCcWAay51faZzcIfAepzeHpzXYvChlueWYE,AQACAAE/stats/1533/ > >> and if is not made apparent that is a problem with freenet (or > >> whichever project you would be suggesting). > > > > Yes it is. And that's why it's in the FAQ :p. You should take a bit > > more time, and read it more carefully: > > > > "Combined with harvesting and adaptive search attacks, [the > > bootstrapping attack] explains why opennet is regarded by many > > core developers as hopelessly insecure. If you want good security > > you need to connect only to friends." > > I don't think you understand how it works that well. I suspect if > some of your friends are compromised you won't be. Did you even read the "Correlation attacks" subsection, from http://freenetproject.org/faq.html#attack ? > I don't doubt that some developers think opennet mode is hopelessly > insecure. It's not that they "think" it's hopelessly insecure. It really is :p. I mean, it might still be "good enough" -- but there are actual, well-known, unsolvable problems with the opennet idea. Which that FAQ should have explained :p. > I think the best way to organize a revolt or guerrilla war fare in > todays world would probably be to anonymously organize multiple small > groups. I strongly disagree. The battle (no matter which one you pick, probably) is ultimately in the minds of the boring violence-phobic masses -- the majorities. If you don't have popular support, you're doomed no matter what you try to do. The best way to organize a revolt is to talk to your friends and family and convince them peacefully and rationally. (And freenet is a great tool for this! :D.) _______________________________________________ Support mailing list Support@freenetproject.org http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:support-requ...@freenetproject.org?subject=unsubscribe
