IRC meeting/2010-12-16

From Freenet Wiki
Jump to: navigation, search

Contents

Agenda

  1. WoT and Freetalk status update
  2. Windows installer - deploy without working update.cmd? Will be fixed in near future?
  3. User interface update
  4. 0.8 Update - What is left features-wise? Deadline? New load management status? Merging status? Bugs vs features vs deadlines?
  5. How to get more volunteers
  6. Security issues: Opennet: The problem, easy solutions, hard solutions, is it worth it?
  7. Security issues: Darknet: Lots of possibilities for improvement, post-0.8?
  8. Other plugins - Sone? Etc.
  9. Freenet @ CCC- Berlin
  10. Quick update on translation system - last because last time it took an hour! We can move stuff about depending on who's present etc.

Minutes

Present
nextgens, Bombe, ema-fox, mrsteveman1, sace5, @sanity, Cooo, Fenax, notsorandomnick, Smar, @toad_ , digger3, kryptos23 ,Novostr_, Tommy[D]
scribe
digger3

WoT&Freetalk

  • WoT is finished for 0.4 final release in terms of having all features implemented and

issues resolved. It only needs actual testing according to p0s.

  • For testing WoT 0.4-final-development the 0.1-final-development branch of freetalk will be used, which is not feature complete yet.
  • Freetalk 0.1 only needs minor stuff:
    • wire in the new language code list for board name prefixes
    • create a reasonable list of default boards. p0s wants to finish up the new default boards in order to structure the boards list for the influx of new users.
    • testing
  • p0s wrote freetalk database integrity validation code which completes the large big task for the freetalk 0.1 release. They always run on startup and should prevent problems.
  • p0s is confident that the Christmass release is achievable and doesn't expect any major issues to suddenly appear.
  • The current alpha versions of WoT&Freetalk are built from master, not the final-development branches. p0s will have testing binaries in the next 2-3 days.
  • toad and sanity recommend getting more users to test the 'RC' versions of freetalk & WoT.
  • p0s will send an e-mail to devl to ask for wider testing of WoT&Freetalk

latest freetalk: http://downloads.freenetproject.org/alpha/plugins/Freetalk/Freetalk-2010-12-16-1-ga20aa2bfde5c2523838884c39bcababecdc47547.jar

  • nextgens protests that freetalk work is blocking wider deployment WoT and thus of Sone (for example)

CAPTCHAs

  • toad is worried about the use of CAPTCHAs in FMS/Freetalk/WoT/..., because they are insecure and inconvenient
  • toad asks around for alternatives to them which don't involve a large darknet.
  • p0s suggests switching CAPTCHA libraries if one is cracked he sees no reasonable alternative at this time.
  • toad proposes to use Scarce SSKs in the long term, but that would require per-link limits on darknet which presuposes a large darknet.
  • sanity argues that CAPTCHAs are only used for bootstrapping and negative trust values from other users will quickly override anything bad.
  • nextgens also argues that a WoT doesn't scale and that making bootstrapping harder will block newbies too.
  • sanity is not convinced about toad's point about the ineffectiveness of CAPTCHAs + WoT
  • Some arguments about the cost of IP addresses and a short evaluation of how other big (e-mail) players deal with.
  • The issue is shelved, because of its complexity to the mailinglist for further discussion

Installer

Windows

  • no Zero3, no Juiceman no present
  • current installer doesn't work for a lot of windows users
  • alpha versions works, but lacks update script
  • toad suggests shipping the new alpha version that doesn't have an update script, but works for most users.
  • nextgens notes that the alpha version hasn't received a lot of testing
  • p0s argues that toad should maintain the windows installer when there is no alternate maintainer
  • toad asks sanity for a legal windows version such that he can resolve the remaininrg issues with the new windows installer if needed
  • nextgens suggests asking for new windows installer maintainers on the ML

Linux

Mac

  • toad thinks the mac installer works mostly, but still fails sometimes, it does have a system tray applet, but on memory autoconf
  • mrsteveman1 confirms, but notes that his changes haven't been merged yet
  • toad and mrsteveman1 exchange github URLs to get the unmerged code merged
  • toad asks about the status of the autostart issues
    • mrsteveman1 can't do much about launchd not working. Hasn't been able to reproduce it himself
  • according to mrsteveman1 it shouldn't break anything though, because run.sh checks for a running daemon
  • mrsteveman1 will check the memory autoconfig stuff again and see whether he can make it work.

Security & Releases

Planning

  • p0s agues that usability minor bug fixes have not been worked on for a long time and they should be prefered to security because 0.7 was a security release already...
  • sanity is against delaying 0.8 much furthur
  • toad asks whether it is important to have the 0.8.5-roadmap features in the 0.8 release to improve darknet.
    • nextgens votes for
      • nextgens: I think distribution servlets like on .5 should be part of it
      • distribution servlets for those who didn't use .5 are a "click the button" feature spawning a tiny http server, servicing enough data to setup a node... and being indexed by google for convenience)
    • p0s is against, we have enough features since 0.7
    • Bombe: some things might be worth doing now and others at a later time
  • nextgens: Release cycles for freenet versions are already speeding up
  • p0s and Bombe do agree that the bugtracker should be used more by toad
    • p0s further extends this point with the position that toad should keep the bugtracker updated and correct wrt current and future release plans
    • bugtracker is very full and somewhat messy, because it is not maintained enough
    • toad proposes getting the big pieces done for 0.8-alpha1 and then using the bugtracker during the stabilisation period
    • p0s views toad's continuiing neglect of the bugtracker as deterimental to the community and transparancy of the development process

Critical 0.8 features

  • Fix the pitch black attack
  • datastore I/O optimisation
  • new load management
  • zidel's branch (packet format)
  • sajack's ogg filter
  • nextgens: new libbigint, fec for x64
  • fixing Library
    • the new-index-format part of the search usually fails, probably due to lower down blocks falling out -> format change required
  • would be nice: Freemail

UI

  • Bombe thinks that fred needs a UI rewrite. New UI could be based around identities
  • toad is afraid that this will take a lot of time
  • Bombe: It's important that fred's UI becomes workable by a web designer
  • Bombe suggests throwing out freenet.client.http.*
  • toad agrees that the UI code needs a total rewrite, but not before 0.8
  • p0s argues that the UI needs a lot of improvements, some of which are already in the bugtracker and designated for 0.8

opennet

  • there is nothing to prevent one node from connecting to every node on the network and surveilling them, except bandwidth requirements. there may be cheaper attacks, of course.
  • nextgens is worried about the use of seednodes which are (also) easily blocked
  • The 0.8 release needs more seednodes

darknet

  • The Pitch Black swapping attack still isn't fixed, but we have a good idea how to fix it
    • bug #3919
    • basically we do 5 probe requests to random locations, take the median value of

the distance from the random location to the closest-node-location-found-to-that-location, and if we're a lot closer to our peers than that then we reset our location

    • according to toad it is easy to fix, but hard to test

Data persistence

  • toad: data persistence is currently worse, in part due to not having fairness between types yet

Bus factor

  • nextgens would like to see more geographical spread, because toad, nextgens and infinity0 are all in the UK
  • toad thinks that sanity (US) would be able to get access to osprey (freenet server) if required
  • toad is unsure who has the release/revocation keys exactly
  • We need to have a CORRECT list of people having access to what exactly
  • nextgens suggest using a sharedsecret where a majority of trusted people have to agree to get the revocation keys
  • nextgens volunteers to write a proposal on how to setup the key-sharing thing with a limited number of trusted peers
  • it is agreed that toad needs to become redundant regarding releases / revocations ASAP
    • this means sharing the keys in a secure manner with trusted peers

More volunteers

  • People can help get the bugtracker in shape

Localisation support

  • nothing happened on infrastructure
  • did receive updated Mandarin Chinese translation

Sone

  • Bombe: "it's aiming to be a Facebook clone. At the moment it has basic messaging capabilities and works more like Twitter."

Action items

  • p0s will send an e-mail to devl to ask for wider testing of WoT&Freetalk
  • nextgens will try to provide toad with some version(s) of windows for freenet development
  • mrsteveman1 will check the memory autoconfig stuff again and see whether he can make it work.
  • toad ask ML to provide more seednodes
  • toad needs to check the scripts for doing releases in to the repo
  • toad will ensure that critical people have access to the keys anyway

Next meeting

  • Agenda: Localisations support will need to be discussed
  • 06-01-2010 @ 19:00 UTC
Personal tools