On Thursday 13 November 2008 17:32, xor wrote:
>
> > -----Original Message-----
> > From: devl-bounces at freenetproject.org
> > [mailto:devl-bounces at freenetproject.org] On Behalf Of Matthew Toseland
> > > + private synchronized void downloadPuzzles() {
> > > + Query q = db.query();
> > > + q.constrain(Identity.class);
> > > + q.constrain(OwnIdentity.class).not();
> > > + q.descend("lastChange").constrain(new
> > > +Date(System.currentTimeMillis() - 1
> > * 24 * 60 * 60 * 1000)).greater();
> > > + q.descend("lastChange").orderDescending(); /*
> > This should choose
> > identities in a sufficiently random order */
> >
> > You may need some and()'s here. Have you tested this query?
> >
> > W.r.t. randomness, how about having a random number as a
> > member of each
> > identity? You could even change it when you download a puzzle for it,
> > admittedly at some performance cost...
>
>
> I thought that each line of that query will automatically
> be and()ed, have not tested the code yet due to the lack of a
> puzzle factory and UI.
>
> > > + for(Identity i : allIds) {
> > > + /* TODO: Create a "boolean
> > providesIntroduction" in Identity to use a
> > database query instead of this */
> > > +
> > if(i.hasContext(IntroductionPuzzle.INTRODUCTION_CONTEXT) &&
> > i.getBestScore(db) > MINIMUM_SCORE_FOR_PUZZLE_DOWNLOAD) {
> >
> > getBestScore()? Does that mean the best from any of the
> > OwnIdentities?
> > Shouldn't you specify one? It is essential that there be no
> > way for an
> > attacker to connect different OwnIdentities together ...
>
> A "Score" object is per-OwnIdentity. So if you have 5 OwnIds
> then the database will contain 5 Score objects for each
> Identity.
> Therefore, getBestScore() receives the best Score an Identity
> has received from any OwnIdentity.
>
> Using an OwnIdentity in this query WOULD connect the
> decision of which puzzles to use to the OwnId which is chosen,
> this is not what we want, is it?
This is exactly what we want, isn't it? We want it to be hard for an attacker
to connect any OwnIdentity with any other OwnIdentity i.e. we want to do the
announcement purely from the point of view of the new OwnIdentity which is
being announced.
>
> Or do you think that we should using a random OwnId?
>
> > > + ids.add(i);
>
> > > + /* I suppose its a good idea to restart
> > downloading the puzzles from the
> > latest updated identities every time the thread iterates
> > > + * This prevents denial of service because
> > people will usually get very
> > new puzzles. */
> > > + cancelRequests();
> > > +
> > > + for(Identity i : ids) {
> > > + try {
> > > + downloadPuzzle(i, 0);
> > > + } catch (Exception e) {
> > > + Logger.error(this, "Starting
> > puzzle download failed.", e);
> > > + }
> > > + }
> >
> > Does this actually restart them or does it just multiply them?
>
> It cancels all puzzle fetch requests them and and starts new ones
> with different identities hopefull.
> - this is guranteed as long as the identity queue is not full yet.
> The identity queue has the purpose of preventing downloading
> captchas from the same identitiy.
> Unfortunately cancelRequests() accidentially also flushed the
> identity queue, this was not correct and I removed the flushing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20081113/5e42f6fb/attachment.pgp>
