Freenet Status Report ===================== Alpha 1 Release ---------------
Freenet 0.7 alpha 1 was released on 3 April 2006. For days the IRC channel was full of people asking for darknet references, until we eventually agreed to open a separate channel for darknet reference swaps. Hundreds of nodes were successfully added to the network. The darknet now has a (relatively) massive amount of content - 28 sites on the 0.7 darknet index, and 60+ boards on Frost. An ubernode was added by SaguratuS; this has a very large disk, a very fast connection, and over a hundred peers. This is of course an ideal location from which to attack the network. :) Also there were scripts set up to automatically add every reference pasted (although the other side must also add a reference). I would remind everyone that ideally darknet connections would be established between people who already know each other. The hope is that the network will grow "organically" now that it has had some bootstrapping. You are vulnerable to your darknet peers; if they are clever they may be able to identify which requests come from you and which are forwarded. Also around $1600 was donated in the week from the release, so that'll keep the pet developer going for a little longer. :) Thanks to everyone who helped. Especially thanks to nextgens for all his work on the installer. Network size ------------ If you have logLevel=minor you can get a minimum size estimate even for the darknet: (zcat logs/freenet-*.log.gz; cat logs/freenet-latest.log) | grep "Known Location" | sed -n "s/.*Known Location: //p" | sort | uniq | wc -l At present my node shows 239 node locations over the last 18.5 hours. This suggests that many of the new nodes have got connections to the network and have stuck around. I would be interested in hearing corresponding figures from other people. Note that the network may in fact be significantly bigger than this. A future node version will include more accurate network size estimation. Content ------- As stated above, we have far more content than was on the testnet 2 weeks ago. But we need more! We now have two ways to insert freesites; one is jSite (http://downloads.freenetproject.org/alpha/jSite/), the other is to telnet to port 2323 and use PUTSSKDIR. The first is by far the more user friendly, and will be bundled with the installer soon. Load issues and insert speeds ----------------------------- The main complaint with 0.7 so far (despite the slashdotting!) has been that inserts are slow; typically 1kB/sec or so. In contrast to requests which generally are very fast. This has been greatly improved in recent days by various changes to load balancing and related code. Inserts are always likely to be slower than requests, as they visit more nodes and cause more load. In the debate on how best to solve this, some new ideas for load balancing have been proposed. The current algorithm is loosely based on a metaphor of TCP over Ethernet. The main problems with it are that it may give away which requests are local requests, and that it does not prevent flooding of the network with requests. Also a bug in how we limit the number of packets we send in order to not swamp out TCP traffic was found and fixed. Threads (generally rather technical): Subject: [freenet-dev] Insert slowness basics Subject: [freenet-dev] Which requests should count for load limiting? Subject: [freenet-dev] Is a failed insert worth more than a failed request? Subject: [freenet-dev] Not sure about AIMD Subject: [freenet-dev] Congestion control thoughts Subject: [freenet-dev] Congestional control again Subject: [freenet-dev] Alternative congestion control algorithm Security -------- Freenet 0.7 nodes now have public/private keypairs, and these will be used to prevent MITM attacks compromizing the link encryption soon. Apart from that, the situation is unchanged; your immediate peers can probably compromize your anonymity, if they are clever enough. So if you're publishing something dangerous, you need to trust your friends. Also the location swapping algorithm is probably relatively easy to exploit at present. The network topology is accidentally exposed by the location swapping process (this is what lets us do a size estimate on the darknet). Most likely we will expose the topology and use it to a) enforce the swapping algorithm, and b) do premix routing (a long-promised upgrade to Freenet due in 0.8 which will give a large degree of protection against your neighbours). Relative to 0.5: - 0.5 has better link encryption. This will be fixed soon. - 0.5 is harvestable; 0.7 is not. - It is easy for an ubernode to pretend to be many nodes and connect to all nodes on 0.7; it can then do lots of Evil Things. This is not the case on 0.7 - at least it isn't unless the users are stupid (see all the people who connected to the TekNet node!). - The anonymity filter is working on 0.7. - You remain vulnerable to your darknet peers; more so than to the nodes you connect to on 0.5, because there are fewer of them, because routing works, and because the attacker may be able to determine the locations of your peers by eavesdropping on swaps. But you were vulnerable to your peers on 0.5, and anyone could become one of your peers very easily. - Any practical attack would require a darknet connection, and would likely involve splitfile correlation. There is a wiki page on the current security status of 0.7: http://wiki.freenetproject.org/FreenetZeroPointSevenSecurity Stability / Data Reachability ----------------------------- So far the network seems to be performing well. It may not be necessary to take drastic steps such as indirect lookups; most content seems to be reachable. Dynamic DNS issues / NAT ------------------------ If node A tries to connect to node B, node B is behind a NAT, and node A changes its IP address, then the connection will fail. This may explain some of the reported instability in darknet connections. Please do not remove connections without a good reason, certainly not until ARKs have been implemented. ARKs will help a lot to solve this: If you have one working peer (probably because it isn't NATted), that will tell you your IP address, which will then be published in your ARK, and your other (NATted) peers will be able to contact you. It is probably a good idea to forward your UDP listenPort, if you can. It isn't essential but as we see above, it is very helpful - even with ARKs, you will realistically need one reliable peer which isn't behind a NAT, or has working port forwarding. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060413/ac04499d/attachment.pgp>
