On 04/01/14 17:46, Steve Dougherty wrote: > On 01/04/2014 06:31 AM, Alexandre Minette wrote: >> Hi everyone ! >> >> Freenet is now really old compared to the majority of open-source projects >> (which is really good, especially in terms of security) but the sad part is >> that there's almost no users in it. >> >> I have some ideas I would share with you to improve the popularity of the >> platform, and I want to contribute in the project (maybe you already seen >> some of them) : >> >> - FProxy is really ugly and almost unusable for non-technical users. >> As I understand, someone is working on a new FProxy code with modern >> templates which is really a long task. > It is. > >> An intermediate step could be to create a modern theme for FProxy with >> the current interface. > Agreed. > >> Here is an example of a theme I've created for FProxy (fully-compatible >> with the current interface, some of you might have seen it on Sone): >> >> - >> http://image.noelshack.com/fichiers/2014/01/1388832014-screenshot-from-2014-01-04-11-39-31.png > Looks good! > >> Of course, this is only an idea and the final theme can be completely >> different. >> I can help you with the theme creation anyway, we should talk on irc about >> it :). >> >> - The CSS filter in the Core is not supporting some features of CSS3 : >> This is really important, because Javascript is not supported, CSS3 is >> the only thing that could bring a good user experience on a Freesite, >> Specially some features like : >> - animation / transition / transform / keyframes (especially because >> there is no javascript allowed). >> - background gradient (quite the same, and this feature is removing the >> needs of a background in most cases). >> - content (used mainly for icons). >> - styling of HTML5 tags (the filter does not like some of them). >> - display: box/inline-flex (less important) >> And maybe others I did not see. (border-radius seems supported). >> >> I've seen the filter code in the core and some of them are really easy to >> implement (like display: inline-flex), I could help with that too :). > Once the theme is complete I'd be happy to add it to the official > distribution of Freenet as the default theme. Files are only subject to > filtering when downloaded, and themes are not subject to filtering while > in use, so the filter work is not necessary. > >> - Why not embed the official plugins directly into the Freenet install ? >> (or download it at start), Freenet is currently requiring a lot of setup to >> work. > The installer does embed some official plugins: currently JSTUN, UPnP, > Library, KeyUtils, and ThawIndexBrowser. [0] Would you like to propose > more to include? Embedding more will make the installer larger. > >> - This has been already said but a file sharing application would boost the >> popularity of the platform (but yes, It's not really easy to write...) > Agreed. There's been work on Curator for GSoC 2013, but it needs more > work and review. [1] > >> - I could also help to create a good theme for Freemail & Sone (especially >> for Freemail which really needs one). > Sure, but an FProxy theme seems like a higher priority. > >> Bringing more users is important for a project like Freenet because >> anonymity means "hiding in the crowd". This would be even better with more >> users. >> And with more users, you will have more contributors (like the guys behind >> cryptosphere: https://github.com/cryptosphere/cryptosphere). > That would be very cool indeed. > >> Freenet is a really good piece of software anyway, congrats everyone :). > :) > > Thanks! > Steve Dougherty First off, themes *are* filtered. Secondly, he's talking about freesites mainly, and I agree we need more CSS3 support. Work on the content filter (src/freenet/client/filter/CSSTokenizerFilter.java) is fairly self-contained and not dependant on any larger refactoring: Just keep it reasonably clean and *strictly whitelist only* (i.e. only pass what you understand, stick to the spec, be conservative even within the spec e.g. just because it's okay to put quotes in a class id doesn't mean we should allow it, see the mXSS stuff for why), and it could be a big gain for a relatively small amount of work.
There is code for filtering ogg (both vorbis and theora) (and partial
support for SVG and RSS, but there are various difficulties with SVG,
including packaging issues and some serious doubts about the security of
mixed XHTML/SVG), which hasn't been merged yet because nobody's had time
to review it.
I have no idea what the CSS3 animation capabilities are, haven't looked
into it. If it can be done without any JS then great. My understanding
was that it was all event handlers and so on, i.e. JS. Anything
involving JS will be seriously nontrivial to secure.
As regards clients/plugins, most of them depend on Web of Trust.
Unfortunately this is barely usable at the moment, having severe
performance problems. p0s was working on this, paid but currently isn't
working on Freenet, because of serious personal problems. However it
looks likely he will work full time on Freenet/WoT soon. The next big
one is Sone; unfortunately Sone has severe scalability problems and
Bombe (the author) and p0s don't want it merged until these are
resolved. Unfortunately bundling FMS is rather nontrivial, since it's
written in mixed C/C++ by an anonymous author, has had remote code
execution and anonymity breach vulnerabilities in the past; it would
need to be thoroughly reviewed even if we accept the principle of
bundling non-Java code (which I'm not sure is a good idea). We can
however have a (permanently dismissable) alert pointing people to FSNG.
There are lots of views of what a "modern" theme should look like; more
themes are good. The last big suggestion consisted largely of a search
box and a white background ("give people google"), the problem being
that search doesn't work very well at the moment. (Releasing a new build
with an updated Library plugin with new indexes may help)
So if you can work on a theme that's great. If you can work on CSS
filtering, that's even better. Good luck!
(Toad, in a purely personal/IMHO/consultative capacity, likely to
disappear again on Saturday)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
