And : SomeDude at NuBL7aaJ6Cn4fB7GXFb9Zfi8w1FhPyW3oKgU9TweZMw wrote: > falafel at IxVqeqM0LyYdTmYAf5z49SJZUxr7NtQkOqVYG0hvITw wrote: >> Freetalk dev p0s claims below: "FMS has serious design faults which can >> only be fixed by breaking compatibility" >> >> Any ideas what these design fault are? > > Well, he never says what they are. The only thing I see drastically > different is CHK vs SSK for messages. If he would elaborate on how this > will work, then we can determine if it will perform better. > > I find the following line said a little later very telling: > [16:08] <p0s> Tommy[D]: i have stolen most good ideas from the FMS spec. > i read it very often. > >> >> Toad claims below: "FMS has had both anonymity issues and buffer >> overflows,..." > > Freenet has had, and continues to have anonymity issues. Should we all > stop using Freenet? ... >> [15:52] <p0s> FMS has serious design faults which can only be fixed by >> breaking compatibility. > > Compatibility can be maintained by working together any fixing any > design faults. ... SomeDude at NuBL7aaJ6Cn4fB7GXFb9Zfi8w1FhPyW3oKgU9TweZMw wrote: > falafel at IxVqeqM0LyYdTmYAf5z49SJZUxr7NtQkOqVYG0hvITw wrote: >> from IRC: http://emu.freenetproject.org/irc/2009-01-17 >> >> interesting comments from Toad on optimisation of FMS/Freetalk. >> >> I don't understand it fully but it's worth thinking about. > > It would be nice to see some documentation about how this will work > exactly. I don't see 1 global queue being better than date based, and > it looks like you'd still have to poll for messages on the current day > with the following method. Message lists being a 1K SSK wouldn't hold a > lot of messages either. I don't think that would scale at all. Anyway, > without proper documentation it is difficult to say if it would be better. >
On 1/18/09, 3BUIb3S50i 3BUIb3S50i <3buib3s50i at gmail.com> wrote: > From FMS > > > SomeDude at NuBL7aaJ6Cn4fB7GXFb9Zfi8w1FhPyW3oKgU9TweZMw wrote: >> falafel at IxVqeqM0LyYdTmYAf5z49SJZUxr7NtQkOqVYG0hvITw wrote: >>> me again, Toad on FMS: >>> >>> [16:14] <toad_> Tommy[D]: therefore it is not worth my time to code >>> review it, especially as it's had obscure C-based remote code exec vulns >>> >>> anyone know what these "remote code exec vulns" were? >> >> There was an issue with form submission that would let another site pass >> its own form parameters to FMS. Also, before the captchas were >> validated, it could have been possible to put some nasty code in them >> instead of an image. >> >> Anyway, this argument is about as valid as saying that since Freenet has >> known vulnerabilities, and you aren't really anonymous using it, you >> shouldn't run it at all. >> >> This looks like a typical reaction: >> A bug in Freenet: It's OK, it doesn't really leak a whole lot of info >> about our users. We'll fix it eventually. >> A bug in FMS implementation: OMG, STOP USING IT FOREVER!!!! >
