Thanks! I'll start with my proposals. I'll put ideas about your proposals in a separate reply, it's easier to discuss different people's proposals in a thread of their own.
SPEED: Improving Web of Trust (WoT) performance. This would complete the first iteration of the most critical algorithmic performance fixes, which was the subject of my previous 2 years of work. It would thus ensure that this work is not left in an unfinished state. 3 of 4 of the fixes of the first iteration have been completed: - Finished: Event-notifications (see build0014 Changelog) - Finished: Trust list queueing (see build0016 Changelog) - Finished: Core algorithm fixes (see my bachelor's thesis / build0018) - Remaining: Reduce O(N²) USK subscriptions to O(N): https://bugs.freenetproject.org/view.php?id=3816 The future second iteration would deal with less severe changes. I'd call this iteration "first" because finishing it would allow us to finally start encouraging users to actually use the applications built on WoT. Many of the most interesting already existing client applications depend on WoT: - Social networking (Sone) - Blogging (FlogHelper) - Forums (Freetalk) - Mail (Freemail) - Distributed version control (various tools for Git / Mercurial over Freenet) We currently don't deploy any of those as part of the default configuration. While this is partly due to certain lack of polishing in those apps themselves, the primary reason is that WoT would be too much of a resource hog to deploy by default. (Beyond 6 months of work, fixing WoT would also be a preparation for developing the client app which has received the highest amount of 700 votes on uservoice: Filesharing. This could be implemented based on the forums.) USE FRIENDLINESS Darknet enhancements. These are smaller pieces of work, so I will suggest a few: - Single use node references with authentication token: Currently, to create a darknet connection, *both* users have to add the node reference of each other. Tokenized node references would allow one person to use your reference to add himself as your peer *without* you having to add his node reference manually. I think this is a major usability improvement, as the general workflow of other stuff such as phones / WhatsApp is that you do NOT have to both add a "reference" of each other. People just aren't used to this. - Darknet invitation bundles: Feature for adding a single use node reference to an installer executable. People could hand out the installer executable to their friends to allow them to connect by darknet instantly. Thanks to ArneBab for this idea! - Short node references: Currently, node references fill almost half a page of paper. This doesn't fit into a Facebook chat window for example. As most users are likely to not only use darknet but also opennet, we could upload node references to Freenet itself as a random KSK, with for example 128 bit entropy to be ~ 25 letters. This would also make sense to combine with the aforementioned single use node references. - Friend-of-a-friend connection suggestions ("FOAF"). Like the Facebook friend finder, Freenet could be improved to tell you about darknet peers of your peers. You could then chose to add them as your peers. Part of this codebase already exists. - Friend requests, like in Facebook: With primitive FOAF, both peers would still have to add each other. With friend requests, peers of your peers could just request to connect to you. Together with the aforementioned FOAF connections, this could have a very similar UI to how adding friends on Facebook works. This should thus be a huge usability improvement. - Darknet chat improvements: Freenet allows you to send messages to your darknet peers. The UI of that is very primitive. It should be improved to be similar to e.g. the Facebook chat. There is also a very high probability of losing messages: Messages are not queued to disk, so restarting before a message is sent results in its loss. This should be fixed. We've discussed how to implement these ideas, so I'm aware of how it would work and feel capable of doing this. (As the above were all Freenet ideas, here's why there is no WoT idea: It recently received a full revamp of it's web interface, and also a full l10n revamp. So I don't think any usability work is necessary there at the moment.) SECURITY Multiple ideas again: - All fred plugins: AFAIK *none* of our official plugins deletes its database when the user removes it. They also do not obey the "PANIC" button of Freenet which should delete all client data. I'm further not aware of any of the plugins encrypting its database if fred itself is configured to encrypt the user data. These issues cause private data to stay on disk when the user actually believes it was deleted. Thus we should fix that. - fred: The Darknet enhancements in the usability section are major giant security improvement as well: Opennet is generally believed to be impossible to make even only basically secure. It's really just more of a convenience- feature for users whose main goal is connectivity, not security. Thus, for security purposes, we should want to encourage darknet use a lot. - WoT: The WoT work is also security-related: Many people use FMS since the WoT-based forums are not finished. FMS is an unreviewed C++ application developed by an anonymous contributor. Unreviewed, C++, and anonymous developer are all security risks. The WoT forums would be Java, and the code which has been written so far was reviewed by Matthew. Also, since FMS is difficult to use, a lot of people still use Frost even though we've been telling them that it can be DoS-ed by design for like 10 years. WoT's central goal is to prevent DoS/censorship, and hence preparing for easy-to-use WoT-based forums is a fix for that. Usability benefit included. All of these ideas are things which I feel capable to implement. TECHNICAL DEBT - fred: Both the unit test coverage and documentation of fred are believed to be poor. Further, there are many giant functions which should be split up. As a general way of getting myself a bit more into fred development, I would be happy if some time was allocated for me to improve upon this. Writing docs and tests is a good way to learn about a codebase! And splitting up functions can be done while running into them during doc'ing/testing. Additionally, since Matthew is not yet sure whether he will ever continue to work for us, it would be good to do this while he still seems to enjoy contributing as a volunteer. While this is the case, we can still ask him about things which aren't clear from the code. (Matthew, if you would feel annoyed by that, feel free to tell us!!) - WoT: The WoT unit test coverage is rather good IMHO. So it would be possible to complete it to 100% test coverage. This would be a preparation of replacing db4o with a different database. This may become necessary as the company behind it has abandoned the project. Having full unit tests before doing a very complex task such as replacing the database will ease that a lot. This would again be stuff I feel capable off. OUTREACH - Fundraising: When we ran out of funds this time, this admittedly also was because I didn't take care of fundraising while we still had money. During the ~ 6 months of not having funds, it became apparent that there are not many volunteers who are interested in fundraising. I also noticed that it is quite a bit of work to deal with it. Further, it's rather stressful. Thus it should be done over an extended timespan *before* money runs out, instead of being in a large hurry because we already are bankrupt. Doing stressful things only every few weeks is less stressful overall. Thus, it would be nice if contacting donors could become eligible to be done during working hours. I'd be willing to start doing that. Especially notice that this would help us get Matthew back: He said with the current level of funding, he's not available for Freenet. He'll do something else for 1 year, and then do his master's thesis, so we have some time to acquire funds for him. As he has worked for Freenet for over 10 years, securing his knowledge is of utmost importance :) -- hopstolive (keyword for Ians spam filter)
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
