Current Priorities: - Sort out the pre-emptive rejection code. See bug #1245 : The basic idea is to not limit the number of requests directly, but limit limited resources such as threads and memory, and ensure that even if all requests in flight succeed, they will all be able to transfer their data within the request timeout period. Work already done: Increasing timeouts, thread limit (thx nextgens) and removing old hard limits, refactoring. - Resource usage and crash-related work: Many people's nodes still crash frequently. This is *probably* a memory usage problem, and there is more that can be done to reduce Fred's memory footprint. Also nextgens has done some work on reducing thread usage, which should eliminate some crashes when inserting large freesites, as well as being important in the light of the first item. - The proposal to add UIDs to swap requests in order to investigate location clustering, network size, network churn, routing, and especially the network topology properly. This adds a minor vulnerability by making it easier to map the network, however it is only a minor vulnerability as the network close to you can probably be mapped fairly easily anyway, and the network close to you is mostly the part you want to attack. It would make identifying nodes easier with some of the more sophisticated attacks. The purpose of this is to make it easy for us to map the network and determine whether the current pseudo-opennet is in fact the source of all freenet's ills. - STS. IMHO shipping Freenet 0.7 as the default without STS makes it rather less secure than can reasonably be expected by a user. It is a real vulnerability: Man-in-the-Middle attacks or impersonation, if the attacker has both noderefs (which he does on pseudo-opennet or real opennet), unlike the previous item. And it shouldn't be a large amount of code. - Opennet: Opennet remains essential IMHO to get more users. Right now we have lots of potential users who don't get onto Freenet at all. But more work should be done on load and routing before it is deployed. - Darknet: There is some debate going on about renaming the darknet page to "friends" or something similar, and making it behave a bit more like a buddy list. If somebody would investigate how P2P apps in general integrate the buddy list this would be very useful input. Nextgens is working on a Jabber plugin to make it easy to invite your friends to the darknet (and probably many other useful things e.g. if you put a jabber ID in your noderef you can rendezvous when your IP address changes; another proposal is IM notification when downloads complete). -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20070324/b86ce3f3/attachment.pgp>
