Re: [freenet-dev] Behind the times

[Arne Babenhauserheide]

Am Freitag, 23. Oktober 2015, 22:52:38 schrieb Ian:
> Because before they download we need to give them at least a tiny bit of
> information about why they might want to download.

They also have “share, chat, browse, anonymously”. What we don’t have
is something at the top which shows how we are different from Tor.

To get additional information, they can read the next section.

What I’m still missing is a section “Testimonials” or “What users
say”.

Best wishes,
Arne
--
Celebrate with ye beauty and gather yer friends for a Pirate Party!
→ http://1w6.org/english/flyerbook-rules#pirate-party ←



signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian]

On Thu, Oct 22, 2015 at 10:09 PM, Steve Dougherty 
wrote:

> On 10/22/2015 10:58 PM, Ian Clarke wrote:
> > On Thu, Oct 22, 2015 at 9:43 PM, Steve Dougherty 
> > wrote:
> ...
> >> I don't understand what you mean by this exactly. Reduce padding between
> >> sections and put the download button where? Up in the menu?
> >>
> >
> > Probably below the menu, but in the top-right of the page.  That way it's
> > very prominent, but not the immediate thing that attracts attention.
>
> Why?
>

Because before they download we need to give them at least a tiny bit of
information about why they might want to download.

That's the intent of the slides, which are above the button: it starts
> on "Avoid Censorship" "Freenet is a platform for censorship-resistant
> communication and publishing. ..."
>
> Is that more verbose than you were thinking?
>

I think many of text of these slides are good, but I'm concerned about the
means of presentation - websites do sometimes use slides for things like
user-testimonials, but not the core explanation for why they should be
interested in the software.

Ian.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Juiceman]

On Oct 22, 2015 11:09 PM, "Steve Dougherty"  wrote:
>
> On 10/22/2015 10:58 PM, Ian Clarke wrote:
> > On Thu, Oct 22, 2015 at 9:43 PM, Steve Dougherty 
> > wrote:
> ...
> >> I don't understand what you mean by this exactly. Reduce padding
between
> >> sections and put the download button where? Up in the menu?
> >>
> >
> > Probably below the menu, but in the top-right of the page.  That way
it's
> > very prominent, but not the immediate thing that attracts attention.
>
> Why?
>
> > I think right now the first thing people are encouraged to look at is
the
> > Download button, but to figure out why they might want to consider
> > downloading, they have to scroll down to the "What is Freenet?" section.
>
> Currently the Browse and Forums panes link to the same page, so I'd want
> to fix that before making the section even more prominent. Somewhat less
> scrolling would be good here, yes.
>
> > I think we need a very concise explanation of why they would want to
> > download Freenet as the focal point for the front page.
> >
> > Thoughts?
>
> That's the intent of the slides, which are above the button: it starts
> on "Avoid Censorship" "Freenet is a platform for censorship-resistant
> communication and publishing. ..."
>

The left and right arrows are too close to the edge of my phone screen. My
screen protector almost covers them. Can I get a few more pixels please?

> Is that more verbose than you were thinking?
>
>
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 10/22/2015 10:58 PM, Ian Clarke wrote:
> On Thu, Oct 22, 2015 at 9:43 PM, Steve Dougherty 
> wrote:
...
>> I don't understand what you mean by this exactly. Reduce padding between
>> sections and put the download button where? Up in the menu?
>>
> 
> Probably below the menu, but in the top-right of the page.  That way it's
> very prominent, but not the immediate thing that attracts attention.

Why?

> I think right now the first thing people are encouraged to look at is the
> Download button, but to figure out why they might want to consider
> downloading, they have to scroll down to the "What is Freenet?" section.

Currently the Browse and Forums panes link to the same page, so I'd want
to fix that before making the section even more prominent. Somewhat less
scrolling would be good here, yes.

> I think we need a very concise explanation of why they would want to
> download Freenet as the focal point for the front page.
> 
> Thoughts?

That's the intent of the slides, which are above the button: it starts
on "Avoid Censorship" "Freenet is a platform for censorship-resistant
communication and publishing. ..."

Is that more verbose than you were thinking?



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian Clarke]

On Thu, Oct 22, 2015 at 9:43 PM, Steve Dougherty 
wrote:
>
> > Another thing is that there is a lot of empty space "above the fold",
> > mostly to accommodate the central placement of the "Download Freenet"
> > button I think.
>
> Yep. Ademan and I are looking into reducing the amount of vertical space
> between the menu and the first section on the main page.
>
> > Could we move the "What is Freenet?" section up, and perhaps move the
> > download link to the top right of the page?
>
> I don't understand what you mean by this exactly. Reduce padding between
> sections and put the download button where? Up in the menu?
>

Probably below the menu, but in the top-right of the page.  That way it's
very prominent, but not the immediate thing that attracts attention.

I think right now the first thing people are encouraged to look at is the
Download button, but to figure out why they might want to consider
downloading, they have to scroll down to the "What is Freenet?" section.

I think we need a very concise explanation of why they would want to
download Freenet as the focal point for the front page.

Thoughts?

Ian.

--
Ian Clarke
Blog: http://blog.locut.us/
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 10/22/2015 08:15 PM, Ian wrote:
> Yay!
> 
> I think it's a huge improvement.

:D

> One issue is there are a couple of places that could use a bit more
> contrast, particularly the "SUMA Award" logo should probably be brighter.

Brightened.

> Another thing is that there is a lot of empty space "above the fold",
> mostly to accommodate the central placement of the "Download Freenet"
> button I think.

Yep. Ademan and I are looking into reducing the amount of vertical space
between the menu and the first section on the main page.

> Could we move the "What is Freenet?" section up, and perhaps move the
> download link to the top right of the page?

I don't understand what you mean by this exactly. Reduce padding between
sections and put the download button where? Up in the menu?



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian]

Yay!

I think it's a huge improvement.

One issue is there are a couple of places that could use a bit more
contrast, particularly the "SUMA Award" logo should probably be brighter.

Another thing is that there is a lot of empty space "above the fold",
mostly to accommodate the central placement of the "Download Freenet"
button I think.

Could we move the "What is Freenet?" section up, and perhaps move the
download link to the top right of the page?

Ian.


On Wed, Oct 21, 2015 at 5:41 AM, Steve Dougherty 
wrote:

> The site is now live.
>
> On 10/05/2015 05:22 AM, Steve Dougherty wrote:
> > It's given in the prompt: both are "guest".
> >
> >
> >
> > On Sun, Oct 4, 2015, 11:41 PM Ian  wrote:
> >
> >
> > What's the username/pwd for https://testing.freenetproject.org/ ?
> >
> > On Sun, Oct 4, 2015 at 10:40 PM, Steve Dougherty 
> > wrote:
> >
> >> On 09/29/2015 07:26 PM, Arne Babenhauserheide wrote:
> >> > Am Dienstag, 29. September 2015, 14:50:27 schrieb Ian Clarke:
> >> >> - Website badly needs an update, it looks very dated and frankly a
> >> bit
> >> >> spammy. Bootstrap 
> >> >> anyone, or even the Github page generator
> >> >> 
> >> >> would be a big improvement
> >> >
> >> > Gerard created a new site a few months ago and we've been working on
> >> > finalizing it since then. Yesterday he uploaded a new test-version:
> >
> >> I spent the weekend on this and I think it's almost ready. When I get
> >> more time to devote to it I'll upload it to Transifex and put out a call
> >> for translators. I'd like to avoid deploying it with fewer words
> >> translated than the current site, but I'll put a 2-week maximum on how
> >> long to wait.
> >
> >> The current development state of the site remains here:
> >
> >> https://testing.freenetproject.org/
> >
> >> and my fork is
> >
> >> https://github.com/Thynix/freenet-website
>
>
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
>
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Travis Wellman]

Apologies for not reading the whole convo, but I have to stop here for
lack of time and want to put in two cents.

On Mon, 2015-10-05 at 12:52 -0500, Ian Clarke wrote:
> On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
> > 1) The security issue.
> > 
> 
> Right, but it appears that solutions exist for this with Gradle.

Gradle and Maven repositories are simple directory structures, if I
recall correctly. It's possible that they could be maintained in
freenet for security reasons. A maven pom can describe what
repositories it pulls from. That alone might be a security reason to
move away from ant. And if we're moving, don't move to maven. Gradle is
overtaking maven for good reasons.

> Here is the feature.  A developer wants to work on Freenet, so they
> type:
> 
> $ git clone g...@github.com:freenet/fred.git
> $ cd fred
> $ mvn assembly:assembly
> 
> And now they've built a copy of Freenet.

yyyup. I actually spent over an hour last night trying to build
Freenet. I may or may not be able to come back to it tonight, but it's
definitely frustrating that it doesn't compile yet.

Travis
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

The site is now live.

On 10/05/2015 05:22 AM, Steve Dougherty wrote:
> It's given in the prompt: both are "guest".
> 
> 
> 
> On Sun, Oct 4, 2015, 11:41 PM Ian  wrote:
> 
> 
> What's the username/pwd for https://testing.freenetproject.org/ ?
> 
> On Sun, Oct 4, 2015 at 10:40 PM, Steve Dougherty 
> wrote:
> 
>> On 09/29/2015 07:26 PM, Arne Babenhauserheide wrote:
>> > Am Dienstag, 29. September 2015, 14:50:27 schrieb Ian Clarke:
>> >> - Website badly needs an update, it looks very dated and frankly a
>> bit
>> >> spammy. Bootstrap 
>> >> anyone, or even the Github page generator
>> >> 
>> >> would be a big improvement
>> >
>> > Gerard created a new site a few months ago and we've been working on
>> > finalizing it since then. Yesterday he uploaded a new test-version:
> 
>> I spent the weekend on this and I think it's almost ready. When I get
>> more time to devote to it I'll upload it to Transifex and put out a call
>> for translators. I'd like to avoid deploying it with fewer words
>> translated than the current site, but I'll put a 2-week maximum on how
>> long to wait.
> 
>> The current development state of the site remains here:
> 
>> https://testing.freenetproject.org/
> 
>> and my fork is
> 
>> https://github.com/Thynix/freenet-website



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Zlatin Balevsky]

There exists a pure java implementation of a Tor client -
https://subgraph.com/orchid/index.en.html
apologies if this has already been brought up, searching archives is hard
(TM)

On Mon, Oct 12, 2015 at 9:41 AM, xor  wrote:

> On Tuesday, October 06, 2015 09:10:28 AM Ian Clarke wrote:
> > On Tue, Oct 6, 2015 at 4:39 AM, xor  wrote:
> > > [Sorted/trimmed/amended the quotes for readability]
> > >
> > > On Monday, October 05, 2015 12:52:08 PM Ian Clarke wrote:
> > > > On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
> > > > Right, but it appears that solutions exist for this with Gradle.
> > >
> > > "Apache Ant" = 1 320 000 Google hits
> > > "Gradle" = 957 000 Google hits
> >
> > That's a terribly unscientific way to assess the popularity of a tool.
> As
> > a professional Java developer please take my word for it when I say that
> > Apache Ant is an outdated tool, it has been replaced by Maven, and Maven
> is
> > in the process of being replaced by Gradle (although we're early in that
> > process).  If you don't believe me just ask Google, they selected Gradle
> as
> > the standard build tool for Android.  Or failing that just ask almost any
> > other professional Java developer, they'll tell you the same thing.
>
> Yes, you're right, thats a toy metric - I just couldn't think of any other
> one, sorry.
> Your observation that Google uses it sounds like a good one!
>
> I also wasn't aware that you're actively doing Java development, so now
> I'll
> trust you even more with what you say.
>
> As I've exhausted my knowledge about the stuff (which wasn't any deep
> anyway,
> I never even read a Maven/Gradle script), I think this should be my last
> reply
> to this aspect if that's OK with you.
>
> To produce a result, I filed bugtracker entries at my subprojects to adopt
> whatever the results of this thread will be:
> https://bugs.freenetproject.org/view.php?id=6697
> https://bugs.freenetproject.org/view.php?id=6698
>
> I have set the target versions in the roadmap to be the ones right after
> the
> most critical pending performance / usability fixes.
>
> > > > If someone wants to use both Freenet and Tor then they can download
> them
> > > > individually, but I see no good reason to bundle two independent
> pieces
> > >
> > > of
> > >
> > > > software just because they both solve related (but different)
> problems.
> > >
> > > Well, the question is if the user's care about the difference:
> > That seems like a very peculiar criteria with which to decide to bundle
> any
> > two projects.  If a user didn't care about the difference between Freenet
> > and Angry Birds, should we bundle it with Angry Birds?
> >
> > The only good criteria for bundling two pieces of software is that the
> > combination is dramatically more useful than either individually (eg. if
> > one depends on the other).  That wouldn't be the case here, it would just
> > be two somewhat related pieces of software glued together for no good
> > reason.
>
> I think there even is one of those anecdotal "laws" about this, which is
> something like: "Every software project converges towards becoming a full
> operating system."
> :D(if someone knows the name of that law, please tell me)
>
> The reason I recommended this is the large amount of users which come to
> the
> support chat and ask for Tor-functionality :|
> It's sad that we cannot help them easily.
>
> However, I think we can settle this for now as there is another good reason
> for me to postpone my suggestion for a while:
> The CENO project aims to provide easy mirroring of regular websites into
> Freenet: https://equalit.ie/portfolio/censorship-no/
>
> Before we consider bundling Tor, we should probably give them a year of
> time
> to get their stuff finished to the point where we can bundle it.
> With CENO we wouldn't need Tor :)
> I'm in contact with the developers (= idling in their IRC channel), and
> will
> continue to remind them to push for bundling.
>
> --
> hopstolive  (keyword for Ians spam filter)
>
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
>
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[xor]

On Tuesday, October 06, 2015 09:10:28 AM Ian Clarke wrote:
> On Tue, Oct 6, 2015 at 4:39 AM, xor  wrote:
> > [Sorted/trimmed/amended the quotes for readability]
> > 
> > On Monday, October 05, 2015 12:52:08 PM Ian Clarke wrote:
> > > On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
> > > Right, but it appears that solutions exist for this with Gradle.
> > 
> > "Apache Ant" = 1 320 000 Google hits
> > "Gradle" = 957 000 Google hits
> 
> That's a terribly unscientific way to assess the popularity of a tool.  As
> a professional Java developer please take my word for it when I say that
> Apache Ant is an outdated tool, it has been replaced by Maven, and Maven is
> in the process of being replaced by Gradle (although we're early in that
> process).  If you don't believe me just ask Google, they selected Gradle as
> the standard build tool for Android.  Or failing that just ask almost any
> other professional Java developer, they'll tell you the same thing.

Yes, you're right, thats a toy metric - I just couldn't think of any other 
one, sorry.
Your observation that Google uses it sounds like a good one!

I also wasn't aware that you're actively doing Java development, so now I'll 
trust you even more with what you say.

As I've exhausted my knowledge about the stuff (which wasn't any deep anyway, 
I never even read a Maven/Gradle script), I think this should be my last reply 
to this aspect if that's OK with you.

To produce a result, I filed bugtracker entries at my subprojects to adopt 
whatever the results of this thread will be:
https://bugs.freenetproject.org/view.php?id=6697
https://bugs.freenetproject.org/view.php?id=6698

I have set the target versions in the roadmap to be the ones right after the 
most critical pending performance / usability fixes.

> > > If someone wants to use both Freenet and Tor then they can download them
> > > individually, but I see no good reason to bundle two independent pieces
> > 
> > of
> > 
> > > software just because they both solve related (but different) problems.
> > 
> > Well, the question is if the user's care about the difference:
> That seems like a very peculiar criteria with which to decide to bundle any
> two projects.  If a user didn't care about the difference between Freenet
> and Angry Birds, should we bundle it with Angry Birds?
> 
> The only good criteria for bundling two pieces of software is that the
> combination is dramatically more useful than either individually (eg. if
> one depends on the other).  That wouldn't be the case here, it would just
> be two somewhat related pieces of software glued together for no good
> reason.

I think there even is one of those anecdotal "laws" about this, which is 
something like: "Every software project converges towards becoming a full 
operating system."
:D(if someone knows the name of that law, please tell me)

The reason I recommended this is the large amount of users which come to the 
support chat and ask for Tor-functionality :|
It's sad that we cannot help them easily.

However, I think we can settle this for now as there is another good reason 
for me to postpone my suggestion for a while:
The CENO project aims to provide easy mirroring of regular websites into 
Freenet: https://equalit.ie/portfolio/censorship-no/

Before we consider bundling Tor, we should probably give them a year of time 
to get their stuff finished to the point where we can bundle it.
With CENO we wouldn't need Tor :)
I'm in contact with the developers (= idling in their IRC channel), and will 
continue to remind them to push for bundling.

--
hopstolive  (keyword for Ians spam filter)

signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 10/10/2015 09:52 AM, Zlatin Balevsky wrote:
> As a random external java developer looking to possibly contribute, I'd
> much prefer dealing with a Gradle script than Ant/Maven.

Thanks for your input! We'll certainly look into it. I'm currently
occupied with the website refresh.



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Matthew Toseland]

On 06/10/15 10:39, xor wrote:
> Well, the question is if the user's care about the difference:
> Fact is that Freenet is insanely small compared to the regular Internet. 
> They'll thus likely to continue wanting anonymous access to the regular net
> - and keep uninstalling Freenet if it can only provide its own small content
> :(
> I do plan to soon after the performance work deal with improving the amount 
> of 
> content by getting Freetalk/Sone deployment-ready and implementing 
> filesharing 
> on top of Freetalk :) But that will likely take much longer than the 
> suggested 
> Tor/Freenet bundle. And a volunteer could work on the bundle in parallel, I 
> don't want to do this now since WoT/Sone/FT are more important.
>
> Another view on this: We've already done a similar tradeoff with providing 
> opennet in addition to darknet. Opennet is insanely insecure compared to 
> Freenet's goals, and many people hated the idea - but it had to be done to 
> get 
> a decent amount of users.
>
> Maybe we could do another pro-usability tradeoff with Freenet + Tor?
>
> And finally notice: I do think this is not something which we should be 
> spending money on. We really need to dedicate our resources on getting our 
> existing sub-projects finished.
> But if a volunteer wants to deal with this, I'd say go for it :)
The idea of maintaining a fork of the Tor Browser Bundle is definitely
worth looking into. Getting it merged upstream as an option would be
really awesome, if possible...



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Zlatin Balevsky]

As a random external java developer looking to possibly contribute, I'd
much prefer dealing with a Gradle script than Ant/Maven.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Arne Babenhauserheide]

Am Freitag, 9. Oktober 2015, 23:47:23 schrieb Steve Dougherty:
> On 10/02/2015 06:35 AM, Steve Dougherty wrote:
> > On 09/29/2015 03:50 PM, Ian Clarke wrote:
> ...
> >>- Website badly needs an update, it looks very dated and frankly a bit
> >>spammy.  Bootstrap 
> >> anyone, or even the Github page generator
> >>
> >> would be a big improvement
> > 
> > https://testing.freenetproject.org
> > 
> > gerard, ArneBab, and others have been working on it. I'll see if we can
> > get it deployed this weekend.
> 
> The English version of the site is ready for an initial release; I've
> now put out a request for translations [0] and hope to have enough to
> replace the existing website in about two weeks.

> [0] https://groups.google.com/forum/#!topic/otfl10n/O8DMl_1tlWc

That’s awesome! The linked possibilities (Secret Identity, …) are cool
— and I like it how they link into the Wiki, connecting new users to
the wiki as source of information.

Best wishes,
Arne

signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 10/02/2015 06:35 AM, Steve Dougherty wrote:
> On 09/29/2015 03:50 PM, Ian Clarke wrote:
...
>>- Website badly needs an update, it looks very dated and frankly a bit
>>spammy.  Bootstrap 
>> anyone, or even the Github page generator
>>
>> would be a big improvement
> 
> https://testing.freenetproject.org
> 
> gerard, ArneBab, and others have been working on it. I'll see if we can
> get it deployed this weekend.

The English version of the site is ready for an initial release; I've
now put out a request for translations [0] and hope to have enough to
replace the existing website in about two weeks.

- Steve

[0] https://groups.google.com/forum/#!topic/otfl10n/O8DMl_1tlWc



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Arne Babenhauserheide]

Am Mittwoch, 30. September 2015, 23:17:24 schrieb Ian:
> On Wed, Sep 30, 2015 at 4:08 PM, Arne Babenhauserheide 
> wrote:
> 
> > Am Mittwoch, 30. September 2015, 08:42:38 schrieb Ian:
> > > I'm not opposed to using signing if we can do it without keeping the
> > > project stuck in 2001's development tools - because that will pretty-much
> > > guarantee its slow death.
> >
> > Are we actually stuck in 2001’s development tools?

> When it comes to dependency management, yes.  Maven started in 2002, and
> has become standard in the years since.

You’re right in that, yes. Ant is pretty old -- but it works. And
maven was a mayor pain for distributions to package. Using ant makes
that easier — but we’re not actually cashing in on that, since we only
have packages for Gentoo.

But then, we could make it easy to use for developers. To merge with
the other thread:

> Here is the feature.  A developer wants to work on Freenet, so they type:
> 
> $ git clone g...@github.com:freenet/fred.git
> $ cd fred
> $ mvn assembly:assembly

Right now it could be:

$ (install Freenet to ~/Freenet)
$ git clone g...@github.com:freenet/fred.git
$ cd fred
$ cp ~/Freenet/freenet-ext.jar libs/
$ ant

This is slightly more involved than the maven part, but on the other
hand it requires less knowledge about maven to get it working.

We fail in this, by the way, because we do not ship junit4 and
harfbuzz in freenet-ext.jar, so people have to install those via the
distro and somehow set the paths for that in override.properties. And
that can be pretty involved.

The current maven workflow for Freenet plugins looks like this, by
example of Winterface:

$ (install Freenet to ~/Freenet)
$ git clone g...@github.com:ArneBab/Winterface.git
$ cd Winterface
$ mvn install:install-file -Dfile=$HOME/Freenet/freenet.jar 
-DgroupId=org.freenetproject -DartifactId=fred -Dversion=0.7.5.1467 
-Dpackaging=jar
$ mvn install:install-file -Dfile=$HOME/Freenet/freenet-ext.jar 
-DgroupId=org.freenetproject -DartifactId=freenet-ext -Dversion=29 
-Dpackaging=jar
$ mvn package

(documented in 
https://github.com/ArneBab/Winterface/blob/velocity-dev/README.md )

This would be easier with ant.

One more point speaking against maven (or any other java-specific
dependency management to be used in development) is that we want
anonymous contributors. Having maven download the Freenet dependencies
from external servers is pretty risky for those.

> > There are more important things to do — like getting the debian
> > package working again. And for that, using proven though sometimes a
> > bit clunky systems is an advantage.
> 
> I'd say a higher priority would be making Freenet look remotely like a
> modern piece of software.  So many aspects of Freenet seem like a time
> capsule from over a decade ago.

I agree that this is important. I attached you a screenshot of Freenet
when using the Winterface plugin. With this it looks pretty modern.

The problem is just that Winterface still isn’t ready. The only task
for which it currently outperforms fproxy is deleting notifications
(and looking good). And it got broken by purge-db4o. I started working
on fixing that, but my time is running short again, so it would be
nice if someone else could take over…

Porting branch: https://github.com/ArneBab/Winterface/tree/purge-db4o

Best wishes,
Arne


signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian Clarke]

On Tue, Oct 6, 2015 at 4:39 AM, xor  wrote:

> [Sorted/trimmed/amended the quotes for readability]
>
> On Monday, October 05, 2015 12:52:08 PM Ian Clarke wrote:
> > On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
> > Right, but it appears that solutions exist for this with Gradle.
>
> "Apache Ant" = 1 320 000 Google hits
> "Gradle" = 957 000 Google hits
>

That's a terribly unscientific way to assess the popularity of a tool.  As
a professional Java developer please take my word for it when I say that
Apache Ant is an outdated tool, it has been replaced by Maven, and Maven is
in the process of being replaced by Gradle (although we're early in that
process).  If you don't believe me just ask Google, they selected Gradle as
the standard build tool for Android.  Or failing that just ask almost any
other professional Java developer, they'll tell you the same thing.


> > > 2) What can Maven do which Ant cannot do? Do we need those features?
> >
> > Dependency management
>
> By that, do you merely mean downloading some JARs from a fixed URI and
> putting
> them into the current directory; or is it actually even able to install
> current versions of stuff on the system's package manager?
>
> IIRC, our fred Ant builder used to download a fixed freenet-ext.jar to the
> current directory on its own, so that's not a Maven seller yet.
>

No, Gradle does dependency resolution, it would automatically download and
assemble all of the components of freenet-ext.jar, while making it
trivially easy to update to more recent versions of dependencies.

Think of Gradle and Maven as being similar to apt-get on Debian.

But if Maven is indeed capable of using the package manager, I would
> actually
> get VERY hungry for it :)
> I prefer installing binaries from the package manager instead of having
> Maven
> shove truckloads of them into some backyard directory, as only by using the
> package manager I get automated security updates.
>

Maven can assemble everything into a single .jar file.


> > By not using a modern dependency management
> > system we're creating a significant barrier to entry for new contributors
> > to the code.
>
> I speculate you conclude that from at least one of those assumptions:
> The assumption that someone who first wants to compile a project is
> incapable
> or unwilling to install software (such as Ant) to do so.
>

No, I conclude that a modern Java developer will want to use build tools
that have been more-or-less standard for the last decade, instead of an
outdated tool like ant that almost no actively developed Java project uses
any more.


> @Unwilling: I don't know how it works for other people, but whenever I
> compile
> a new piece of software, I already am 100% expecting to have to install a
> TRUCKLOAD of stuff. Almost every software needs some kind of library.
> Ant is just one of them. And there are Ubuntu etc. packages, so people can
> get
> it easily.
>

That is because you are apparently unfamiliar with modern Java build tools
which have proper dependency management.


> > If someone wants to use both Freenet and Tor then they can download them
> > individually, but I see no good reason to bundle two independent pieces
> of
> > software just because they both solve related (but different) problems.
>
> Well, the question is if the user's care about the difference:
>

That seems like a very peculiar criteria with which to decide to bundle any
two projects.  If a user didn't care about the difference between Freenet
and Angry Birds, should we bundle it with Angry Birds?

The only good criteria for bundling two pieces of software is that the
combination is dramatically more useful than either individually (eg. if
one depends on the other).  That wouldn't be the case here, it would just
be two somewhat related pieces of software glued together for no good
reason.

Ian.

-- 
Ian Clarke
Founder, The Freenet Project
Email: i...@freenetproject.org
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian]

On Tue, Oct 6, 2015 at 2:03 AM, Florent Daigniere <
nextg...@freenetproject.org> wrote:
>
> > Dependency management, and more importantly, Maven (and more recently
> > Gradle) have become pretty-much industry standards, almost no new
> > Java
> > project uses Ant.  If we want to attract new contributors, the fact
> > that we
> > have an outdated build system will be a turn-off for them.
>
> You can push further and ask, are there new projects written in java?
> And the answer is very likely no; that's not what the cool kids are
> doing nowadays.


Java is one of the world's most popular programming languages.  There are
plenty of new projects being written in Java.  Every single Android app for
starters.  And I don't advocate using Gradle because it's what the "cool
kids" use, but because it simplifies things for developers, particularly
getting things set up initially.


> Don't get me wrong, I'm all for modernizing the build system... I just
> doubt that it should be the priority of the few people who still
> contribute.


Perhaps if it weren't for the outdated build system we would have more than
a few people still contributing.


> We all know Ant well enough to build freenet as is.


I'm not concerned about people who are already comfortable with the
existing build system, I'm concerned about future contributors.


> We've reached the stage where we hardly have the resources to merge
> what's contributed (out of the three examples you've picked, we had two
> of them on non-merged branches - the website and travis configs)...
> That goes to show how resource bound we currently are. Changing the
> build system is even more involved... as it entails updating the
> release scripts (that should also be gradle-ified).
>

All the more reason to do what we can to make it easier for new
contributors to contribute.

Ian.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[xor]

[Sorted/trimmed/amended the quotes for readability]

On Monday, October 05, 2015 12:52:08 PM Ian Clarke wrote:
> On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
> > >- Maven/Gradle are now de-facto standard build systems for Java apps,
> > >and yet we're still using Ant [...]
> > 
> > There are 2 aspects here:
> > 
> > 1) The security issue.
> 
> Right, but it appears that solutions exist for this with Gradle.

"Apache Ant" = 1 320 000 Google hits
"Gradle" = 957 000 Google hits

:|

An advantage of it would be that it seems to have Ant integration.

> > 2) What can Maven do which Ant cannot do? Do we need those features?
> 
> Dependency management

By that, do you merely mean downloading some JARs from a fixed URI and putting 
them into the current directory; or is it actually even able to install 
current versions of stuff on the system's package manager?

IIRC, our fred Ant builder used to download a fixed freenet-ext.jar to the 
current directory on its own, so that's not a Maven seller yet.

But if Maven is indeed capable of using the package manager, I would actually 
get VERY hungry for it :)
I prefer installing binaries from the package manager instead of having Maven 
shove truckloads of them into some backyard directory, as only by using the 
package manager I get automated security updates.

> and more importantly, Maven (and more recently
> Gradle) have become pretty-much industry standards, almost no new Java
> project uses Ant.  If we want to attract new contributors, the fact that we
> have an outdated build system will be a turn-off for them.
[...]
> Anyway, I hope we can agree on this:
> > - We can keep Ant unless we discover a feature in Maven which we must
> > have;
> > and if we switch, we first must find a way to fix the security issues.
> 
> Here is the feature.  A developer wants to work on Freenet, so they type:
> 
> $ git clone g...@github.com:freenet/fred.git
> $ cd fred
> $ mvn assembly:assembly
> 
> And now they've built a copy of Freenet.  Is that the current experience
> for a new developer?

Current experience should be something like:
$ apt-get install git
$ apt-get install ant
$ apt-get install default-jre
$ git clone ...
$ cd fred
$ ant

(Disclaimer: It is possible that Ant tells you to download some "bcprov" JAR 
because someone for whatever reason did not bother to update the script to do 
it. If it worked for freenet-ext.jar previously, I don't know why it wouldn't 
work for the new bcprov one though. I'd be glad if someone with write-access 
to our server fixed this.)

> By not using a modern dependency management
> system we're creating a significant barrier to entry for new contributors
> to the code.

I speculate you conclude that from at least one of those assumptions:
The assumption that someone who first wants to compile a project is incapable 
or unwilling to install software (such as Ant) to do so.

I suspect those assumptions are overkill:

@Incapable: Same as someone who is planning to work on a car engine can be 
assumed to be well beyond being able to drive, someone who wants to compile 
software can be assumed to be well beyond being able to install software such 
as Ant.
Also, it shouldn't be difficult for a developer to fix out how to run a build 
system they haven't used yet. In my experience most READMEs contain the 
command line, so we might expect people to look there?

@Unwilling: I don't know how it works for other people, but whenever I compile 
a new piece of software, I already am 100% expecting to have to install a 
TRUCKLOAD of stuff. Almost every software needs some kind of library.
Ant is just one of them. And there are Ubuntu etc. packages, so people can get 
it easily.
Again, IF Maven is capable of using the package manager, and thus can spare me 
from having to install any other packages, I am very willing to change my mind 
to "this is high priority" :)


BUT: Overall, I don't think that we have to discuss this to death since 
Florent provided a very nice idea of a compromise:

> Nothing prevents us from having both Ant and Gradle build
> scripts while the quirks are ironed out.

So I'd say if a volunteer feels like providing Maven scripts, we do accept to 
merge them as secondary build scripts, but keep recommending Ant as default 
for now.

ACK?


> > Also, we've today discussed using the same theme [as at the website
> > remake] for FProxy to make it look more recent as well.
> > 
> > This yielded some nice ideas as prerequisites:
> > "Browser extension to indicate whether user is on Freenet or regular
> > Internet"
> > https://bugs.freenetproject.org/view.php?id=6687
> > 
> > "Bundle Tor with Freenet"
> > https://bugs.freenetproject.org/view.php?id=6689
[...]
> I don't see why either of these would be prerequisites.
 
Sorry, I had left out the explanations for "prerequisites" since they're in 
the bugtracker. Here is a summary:

- If we make the new website design also the Freenet UI theme, then people are 
likely to mix up the b

Re: [freenet-dev] Behind the times

[Florent Daigniere]

On Mon, 2015-10-05 at 12:52 -0500, Ian Clarke wrote:
> On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
> > 
> > >- Maven/Gradle are now de-facto standard build systems for
> > > Java apps,
> > >and yet we're still using Ant (I was never convinced by the
> > > security
> > >argument against these tools, since we don't audit 3rd-party
> > > libraries
> > >anyway)
> > 
> > There are 2 aspects here:
> > 
> > 1) The security issue.
> > 
> 
> Right, but it appears that solutions exist for this with Gradle.
> 

Great. Last time we've looked into it they didn't.

> > 2) What can Maven do which Ant cannot do? Do we need those
> > features?
> > 
> 
> Dependency management, and more importantly, Maven (and more recently
> Gradle) have become pretty-much industry standards, almost no new
> Java
> project uses Ant.  If we want to attract new contributors, the fact
> that we
> have an outdated build system will be a turn-off for them.
> 

You can push further and ask, are there new projects written in java?
And the answer is very likely no; that's not what the cool kids are
doing nowadays. Are you also suggesting that we should migrate the
codebase to scala? or something else?

Don't get me wrong, I'm all for modernizing the build system... I just
doubt that it should be the priority of the few people who still
contribute. We all know Ant well enough to build freenet as is. Does
anyone know both the codebase and Gradle well enough to do the
transition? Nothing prevents us from having both Ant and Gradle build
scripts while the quirks are ironed out.

We've reached the stage where we hardly have the resources to merge
what's contributed (out of the three examples you've picked, we had two
of them on non-merged branches - the website and travis configs)...
That goes to show how resource bound we currently are. Changing the
build system is even more involved... as it entails updating the
release scripts (that should also be gradle-ified).

For once that you suggest doing something that doesn't involve "just"
the user-experience, I'm really pressed to be supportive... but I am
afraid that I don't know Gradle well enough to be of any help.

Florent

signature.asc
Description: This is a digitally signed message part
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian Clarke]

On Mon, Oct 5, 2015 at 12:57 AM, xor  wrote:
>
> >- Maven/Gradle are now de-facto standard build systems for Java apps,
> >and yet we're still using Ant (I was never convinced by the security
> >argument against these tools, since we don't audit 3rd-party libraries
> >anyway)
>
> There are 2 aspects here:
>
> 1) The security issue.
>

Right, but it appears that solutions exist for this with Gradle.


> 2) What can Maven do which Ant cannot do? Do we need those features?
>

Dependency management, and more importantly, Maven (and more recently
Gradle) have become pretty-much industry standards, almost no new Java
project uses Ant.  If we want to attract new contributors, the fact that we
have an outdated build system will be a turn-off for them.

This yielded some nice ideas as prerequisites:
>

I don't see why either of these would be prerequisites.


>
> "Browser extension to indicate whether user is on Freenet or regular
> Internet"
> https://bugs.freenetproject.org/view.php?id=6687
>
> "Bundle Tor with Freenet"
> https://bugs.freenetproject.org/view.php?id=6689
>
> I'm very happy that after all the years I finally got to think as far out
> of
> the box as it was necessary to suggest bundling Tor+Freenet:
> The previous "How to tell users to decide whether to use Tor OR Freenet?"
> thinking was too conservative. It should rather be "How can we make users
> benefit from both Tor AND Freenet?".
> They're quite complementary to each other after all:
> Freenet provides anonymous access to decentralized sites, Tor does not.
> Tor provides anonymous access to non-decentralized sites, Freenet does not.
> Ship both, and users can access the "whole" Internet.
>

I really don't like this idea.  I mean, couldn't the same reasoning be used
to justify bundling almost anything with Freenet?  Bitcoin?  I2P?  Where
would you stop?  And now we'd basically have to maintain a custom Tor
installer, in addition to our existing installer.  Pain all around, and for
what?  It's all downside.

If someone wants to use both Freenet and Tor then they can download them
individually, but I see no good reason to bundle two independent pieces of
software just because they both solve related (but different) problems.

Anyway, I hope we can agree on this:
> - We can keep Ant unless we discover a feature in Maven which we must have;
> and if we switch, we first must find a way to fix the security issues.
>

Here is the feature.  A developer wants to work on Freenet, so they type:

$ git clone g...@github.com:freenet/fred.git
$ cd fred
$ mvn assembly:assembly

And now they've built a copy of Freenet.  Is that the current experience
for a new developer?  I doubt it is, yet it is the experience for most
contemporary Java projects.  By not using a modern dependency management
system we're creating a significant barrier to entry for new contributors
to the code.

Ian.

-- 
Ian Clarke
Founder, The Freenet Project
Email: i...@freenetproject.org
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

It's given in the prompt: both are "guest".

On Sun, Oct 4, 2015, 11:41 PM Ian  wrote:

> What's the username/pwd for https://testing.freenetproject.org/ ?
>
> On Sun, Oct 4, 2015 at 10:40 PM, Steve Dougherty 
> wrote:
>
> > On 09/29/2015 07:26 PM, Arne Babenhauserheide wrote:
> > > Am Dienstag, 29. September 2015, 14:50:27 schrieb Ian Clarke:
> > >>- Website badly needs an update, it looks very dated and frankly a
> > bit
> > >>spammy.  Bootstrap 
> > >> anyone, or even the Github page generator
> > >>
> > >> would be a big improvement
> > >
> > > Gerard created a new site a few months ago and we’ve been working on
> > > finalizing it since then. Yesterday he uploaded a new test-version:
> >
> > I spent the weekend on this and I think it's almost ready. When I get
> > more time to devote to it I'll upload it to Transifex and put out a call
> > for translators. I'd like to avoid deploying it with fewer words
> > translated than the current site, but I'll put a 2-week maximum on how
> > long to wait.
> >
> > The current development state of the site remains here:
> >
> > https://testing.freenetproject.org/
> >
> > and my fork is
> >
> > https://github.com/Thynix/freenet-website
> >
> >
> > ___
> > Devl mailing list
> > Devl@freenetproject.org
> > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
> >
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[xor]

First of all let me say that I'm happy to see you participate again :)

If you feel like contributing some more, I can highly recommend IRC as the 
discussion there is nowadays very frequent and vivid.
The mailing list is usually used more as a fallback if people don't reply to 
very important stuff soon enough.


On Tuesday, September 29, 2015 02:50:27 PM Ian Clarke wrote:
> Unfortunately these aren't the only ways we've fallen behind the times
> (hard to believe we've been doing this for 15 years!).

I've recently been citing Freenet as 16 years old, based on the year of the 
Freenet whitepaper. What's the actual age? :)

>- Maven/Gradle are now de-facto standard build systems for Java apps,
>and yet we're still using Ant (I was never convinced by the security
>argument against these tools, since we don't audit 3rd-party libraries
>anyway)

There are 2 aspects here:

1) The security issue.

I understand that nobody would want to conduct man-in-the-middle via Maven to 
attack some random Android game developer or whatever. Attacks who are 
interested in using botnets for spam or whatever also probably even couldn't 
get access to the Internet backbones to inject their fake binaries.

However please look at *our* threat model:
Freenet is a highly political project, and thus our biggest threat is 
governments.
Governments control infrastructure, and this includes having access to the 
core Internet backbones.
Conducting MITM is trivial if you have backbone access, and so they're very 
likely to abuse it if our developers execute arbitrary binary code which is 
downloaded from the Internet without any verification whatsoever.

As you did argue against Ant, one could say that it is also trivial for them 
to maliciously inject *non*-binary code, i.e. alter the source code of third 
party projects which we pull without review. So we'd be in the same danger 
with Ant.
However this misses the fact that injecting source code *without getting 
noticed* is a lot more difficult than injecting binary code: Source code is 
human-readable, binary code is not. I mean who is going to shove a JAR into a 
disassembler and read the bytecode? I don't think anyone is going to do that.

With using Ant, we at least have the possibly that third-party projects review 
code on their own before merging it - just as we do.

And besides that, I think running arbitrary unsigned code off the Internet is 
really a core basic security mistake; and hence something which is just not by 
any means even up for discussion to be done on purpose by a security-focused 
project as we are. It's Maven's problem if they cannot keep up with industry 
security standards and thus are ditched in favor of Ant.
We shouldn't let ourselves be dragged down to such mistakes just because Maven 
is popular.


2) What can Maven do which Ant cannot do? Do we need those features?

I currently cannot recall anything severe which I'm missing from Ant.
It is critically important to notice that it must provide some kind of 
advantage before we consider changing it. This is because the imbalance 
between the size of our TODO list and the amount of developer force we have 
has grown very high - there are far too few developers. So we must avoid work 
which doesn't yield an immediate big benefit for our users; or potentially 
even is "only changing stuff around for the sake of changing stuff around".

Just have a look at how many subprojects we have:
https://wiki.freenetproject.org/Projects
Yet we currently only have the money for funding 1-2 persons.
And we spent years worth of work upon writing new core fred features, while 
mostly not dealing with deployment of sub-projects, i.e. client applications. 
So there is a huge lack of getting existing code out to the users. This makes 
both developers unhappy because their work is ignored, and Freenet users 
unhappy because Freenet has few actual features.
I'm happy that I've been given the opportunity to work with deployment as 
client application maintainer, thats a step in the very right direction IMHO.
But even if I continue to use all my available time on deployment, we still 
don't have enough workforce to get *all* apps polished to deploy-ableness any 
soon. It'll likely take a year for each.
So overall I think we should also stick to trying to motivate volunteers to 
deploy as much as possible - instead of merely dealing with changing things 
around such as Ant -> Maven.

>- Website badly needs an update, it looks very dated and frankly a bit
>spammy.  Bootstrap 
> anyone, or even the Github page generator
>
> would be a big improvement

Steve has been working on deploying the remake, and I'm confident he'll finish 
it soon:
https://testing.freenetproject.org/   (Username / Password = guest)

AFAIK this is a direct result of your mail, so thanks for motivating people to 
do this :)

Also, we've

Re: [freenet-dev] Behind the times

[Ian]

What's the username/pwd for https://testing.freenetproject.org/ ?

On Sun, Oct 4, 2015 at 10:40 PM, Steve Dougherty 
wrote:

> On 09/29/2015 07:26 PM, Arne Babenhauserheide wrote:
> > Am Dienstag, 29. September 2015, 14:50:27 schrieb Ian Clarke:
> >>- Website badly needs an update, it looks very dated and frankly a
> bit
> >>spammy.  Bootstrap 
> >> anyone, or even the Github page generator
> >>
> >> would be a big improvement
> >
> > Gerard created a new site a few months ago and we’ve been working on
> > finalizing it since then. Yesterday he uploaded a new test-version:
>
> I spent the weekend on this and I think it's almost ready. When I get
> more time to devote to it I'll upload it to Transifex and put out a call
> for translators. I'd like to avoid deploying it with fewer words
> translated than the current site, but I'll put a 2-week maximum on how
> long to wait.
>
> The current development state of the site remains here:
>
> https://testing.freenetproject.org/
>
> and my fork is
>
> https://github.com/Thynix/freenet-website
>
>
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
>
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 09/29/2015 07:26 PM, Arne Babenhauserheide wrote:
> Am Dienstag, 29. September 2015, 14:50:27 schrieb Ian Clarke:
>>- Website badly needs an update, it looks very dated and frankly a bit
>>spammy.  Bootstrap 
>> anyone, or even the Github page generator
>>
>> would be a big improvement
> 
> Gerard created a new site a few months ago and we’ve been working on
> finalizing it since then. Yesterday he uploaded a new test-version:

I spent the weekend on this and I think it's almost ready. When I get
more time to devote to it I'll upload it to Transifex and put out a call
for translators. I'd like to avoid deploying it with fewer words
translated than the current site, but I'll put a 2-week maximum on how
long to wait.

The current development state of the site remains here:

https://testing.freenetproject.org/

and my fork is

https://github.com/Thynix/freenet-website



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Florent Daigniere]

On Fri, 2015-10-02 at 08:48 -0400, Steve Dougherty wrote:
> On 10/02/2015 08:29 AM, Victor Denisov wrote:
> > > > How about a custom Maven repo with checked/approved
> > > > dependencies only?
> > > > Creating a Maven repo is trivial if a Web server is already
> > > > running; and
> > > > it can also be done in a GitHub repo - though GitHub certainly
> > > > wasn't
> > > > designed for such a use, I know a couple of projects which host
> > > > their
> > > > repos this way without problems.
> > > 
> > > While that could offer useful amounts of control, it seems likely
> > > to be
> > > against typical usage / culture around Maven, and unless I'm
> > > missing
> > > something wouldn't provide checksum / signature verification at
> > > time of use.
> > 
> > I wouldn't say that it is contrary to Maven culture (a lot of
> > open-source projects - i.e., Vaadin - run custom repos, and, of
> > course,
> > many larger companies with proprietary code run custom repos as
> > well).
> > The issue of signature verification should be researched further -
> > I
> > know there's a Maven plugin which can check dependency signatures
> > at
> > build time; but of course most of the libraries out there aren't
> > signed
> > - so maintainers will have to provide their own signatures (one
> > more
> > point for running a custom repo).
> 
> Unless I'm missing something the ant build is doing less verification
> than I thought. It looks like it's verifying the downloaded freenet
> -ext
> jar against a SHA-1 downloaded from the same server. [0] (As opposed
> to
> from the repo.)
> 
> I'd be perfectly happy with verifying against checksums committed to
> the
> repository, for instance.
> 
> [0] https://github.com/freenet/fred/blob/next/build.xml#L54
> 

It's not as braindead as it sounds; The data and checksums used to come
off different servers... Emu was redirecting the data download request 
to the mirror network

Florent

signature.asc
Description: This is a digitally signed message part
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Matthew Toseland]

On 02/10/15 13:48, Steve Dougherty wrote:
> On 10/02/2015 08:29 AM, Victor Denisov wrote:
 How about a custom Maven repo with checked/approved dependencies only?
 Creating a Maven repo is trivial if a Web server is already running; and
 it can also be done in a GitHub repo - though GitHub certainly wasn't
 designed for such a use, I know a couple of projects which host their
 repos this way without problems.
>>> While that could offer useful amounts of control, it seems likely to be
>>> against typical usage / culture around Maven, and unless I'm missing
>>> something wouldn't provide checksum / signature verification at time of use.
>> I wouldn't say that it is contrary to Maven culture (a lot of
>> open-source projects - i.e., Vaadin - run custom repos, and, of course,
>> many larger companies with proprietary code run custom repos as well).
>> The issue of signature verification should be researched further - I
>> know there's a Maven plugin which can check dependency signatures at
>> build time; but of course most of the libraries out there aren't signed
>> - so maintainers will have to provide their own signatures (one more
>> point for running a custom repo).
> Unless I'm missing something the ant build is doing less verification
> than I thought. It looks like it's verifying the downloaded freenet-ext
> jar against a SHA-1 downloaded from the same server. [0] (As opposed to
> from the repo.)
>
> I'd be perfectly happy with verifying against checksums committed to the
> repository, for instance.
>
> [0] https://github.com/freenet/fred/blob/next/build.xml#L54
Agreed, that would be better for now.



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[reestablishesredpoll18]

The Guardian Project figured out how to safely build privacy apps for 
Android with Maven and reproducibly too. Ask them how. Interestingly, 
you can work together on integrating Tor pluggable transports in Freenet 
too because UDP is almost always blocked on restrictive networks.


It would be great if there's more collaboration between you and sister 
projects.

___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[charles]

Open Whisper Systems has developed a Gradle plugin for verifying hard
coded checksums against dependencies.[1] They are also another example
of a project using a custom Maven repo hosted on Github.[2]

-Charles

[1] https://github.com/WhisperSystems/gradle-witness
[2] https://github.com/WhisperSystems/maven

On 10/2/15 8:48 AM, Steve Dougherty wrote:
> On 10/02/2015 08:29 AM, Victor Denisov wrote:
 How about a custom Maven repo with checked/approved dependencies only?
 Creating a Maven repo is trivial if a Web server is already running; and
 it can also be done in a GitHub repo - though GitHub certainly wasn't
 designed for such a use, I know a couple of projects which host their
 repos this way without problems.
>>> While that could offer useful amounts of control, it seems likely to be
>>> against typical usage / culture around Maven, and unless I'm missing
>>> something wouldn't provide checksum / signature verification at time of use.
>> I wouldn't say that it is contrary to Maven culture (a lot of
>> open-source projects - i.e., Vaadin - run custom repos, and, of course,
>> many larger companies with proprietary code run custom repos as well).
>> The issue of signature verification should be researched further - I
>> know there's a Maven plugin which can check dependency signatures at
>> build time; but of course most of the libraries out there aren't signed
>> - so maintainers will have to provide their own signatures (one more
>> point for running a custom repo).
> Unless I'm missing something the ant build is doing less verification
> than I thought. It looks like it's verifying the downloaded freenet-ext
> jar against a SHA-1 downloaded from the same server. [0] (As opposed to
> from the repo.)
>
> I'd be perfectly happy with verifying against checksums committed to the
> repository, for instance.
>
> [0] https://github.com/freenet/fred/blob/next/build.xml#L54
>
>
>
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl




signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 10/02/2015 08:29 AM, Victor Denisov wrote:
>>> How about a custom Maven repo with checked/approved dependencies only?
>>> Creating a Maven repo is trivial if a Web server is already running; and
>>> it can also be done in a GitHub repo - though GitHub certainly wasn't
>>> designed for such a use, I know a couple of projects which host their
>>> repos this way without problems.
>>
>> While that could offer useful amounts of control, it seems likely to be
>> against typical usage / culture around Maven, and unless I'm missing
>> something wouldn't provide checksum / signature verification at time of use.
> 
> I wouldn't say that it is contrary to Maven culture (a lot of
> open-source projects - i.e., Vaadin - run custom repos, and, of course,
> many larger companies with proprietary code run custom repos as well).
> The issue of signature verification should be researched further - I
> know there's a Maven plugin which can check dependency signatures at
> build time; but of course most of the libraries out there aren't signed
> - so maintainers will have to provide their own signatures (one more
> point for running a custom repo).

Unless I'm missing something the ant build is doing less verification
than I thought. It looks like it's verifying the downloaded freenet-ext
jar against a SHA-1 downloaded from the same server. [0] (As opposed to
from the repo.)

I'd be perfectly happy with verifying against checksums committed to the
repository, for instance.

[0] https://github.com/freenet/fred/blob/next/build.xml#L54



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Victor Denisov]

>> How about a custom Maven repo with checked/approved dependencies only?
>> Creating a Maven repo is trivial if a Web server is already running; and
>> it can also be done in a GitHub repo - though GitHub certainly wasn't
>> designed for such a use, I know a couple of projects which host their
>> repos this way without problems.
> 
> While that could offer useful amounts of control, it seems likely to be
> against typical usage / culture around Maven, and unless I'm missing
> something wouldn't provide checksum / signature verification at time of use.

I wouldn't say that it is contrary to Maven culture (a lot of
open-source projects - i.e., Vaadin - run custom repos, and, of course,
many larger companies with proprietary code run custom repos as well).
The issue of signature verification should be researched further - I
know there's a Maven plugin which can check dependency signatures at
build time; but of course most of the libraries out there aren't signed
- so maintainers will have to provide their own signatures (one more
point for running a custom repo).

Regards,
Victor Denisov.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 10/02/2015 07:56 AM, Victor Denisov wrote:
>> As long as we can pin dependencies with checksums or something to be
>> sure what jars are used, if nothing else for auditable build purposes,
>> I'm up for moving. ant does add some complexity because running "ant"
>> doesn't work without reading the README.building / adding the
>> dependency-fetching argument.
> 
> How about a custom Maven repo with checked/approved dependencies only?
> Creating a Maven repo is trivial if a Web server is already running; and
> it can also be done in a GitHub repo - though GitHub certainly wasn't
> designed for such a use, I know a couple of projects which host their
> repos this way without problems.

While that could offer useful amounts of control, it seems likely to be
against typical usage / culture around Maven, and unless I'm missing
something wouldn't provide checksum / signature verification at time of use.



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Victor Denisov]

> As long as we can pin dependencies with checksums or something to be
> sure what jars are used, if nothing else for auditable build purposes,
> I'm up for moving. ant does add some complexity because running "ant"
> doesn't work without reading the README.building / adding the
> dependency-fetching argument.

How about a custom Maven repo with checked/approved dependencies only?
Creating a Maven repo is trivial if a Web server is already running; and
it can also be done in a GitHub repo - though GitHub certainly wasn't
designed for such a use, I know a couple of projects which host their
repos this way without problems.

Regards,
Victor Denisov.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Steve Dougherty]

On 09/29/2015 03:50 PM, Ian Clarke wrote:
> Bringing an off-list conversation onto the list (I failed to cc the list in
> the first place).
> 
> ---
> 
> Unfortunately these aren't the only ways we've fallen behind the times
> (hard to believe we've been doing this for 15 years!).
> 
>- Maven/Gradle are now de-facto standard build systems for Java apps,
>and yet we're still using Ant (I was never convinced by the security
>argument against these tools, since we don't audit 3rd-party libraries
>anyway)

As long as we can pin dependencies with checksums or something to be
sure what jars are used, if nothing else for auditable build purposes,
I'm up for moving. ant does add some complexity because running "ant"
doesn't work without reading the README.building / adding the
dependency-fetching argument.

>- Website badly needs an update, it looks very dated and frankly a bit
>spammy.  Bootstrap 
> anyone, or even the Github page generator
>
> would be a big improvement

https://testing.freenetproject.org

gerard, ArneBab, and others have been working on it. I'll see if we can
get it deployed this weekend.

>- We could also use an automatic unit testing system like Travis CI
>
> (which is free for O.S projects)

There was a travis branch but we didn't bother to merge it.
https://github.com/freenet/fred/tree/travis



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[hyazinthe]

I see one group saying that all parts of freenet are sufficiently up-to-date and
one group of people saying the opposite. How about a compromise way:
Picking one part of freenet, which needs to be updated the most for potential 
freenet developers,
and picking one part of freenet, which needs to be updated the most for users,
and decide to update these both parts within the next releases of freenet?
Then the one group only needs to decide, which parts of freenet are said both 
parts...


Greetings,
Torben Lechner

--- Ursprüngliche Nachricht ---
Von: Ian 
Datum: 01.10.2015 06:17:24
An: Arne Babenhauserheide 
Betreff: Re: [freenet-dev] Behind the times

> On Wed, Sep 30, 2015 at 4:08 PM, Arne Babenhauserheide 
> wrote:
>
> > Am Mittwoch, 30. September 2015, 08:42:38 schrieb Ian:
> > > I'm not opposed to using signing if we can do it without keeping
> the
> > > project stuck in 2001's development tools - because that will pretty-much
> > > guarantee its slow death.
> >
> > Are we actually stuck in 2001?s development tools?
> >
>
> When it comes to dependency management, yes.  Maven started in 2002, and
> has become standard in the years since.
>
> There might be some tools which are not up to date, but that?s either
> > because no one took it up, or because the benefit does not outweight
> > the cost (we have to update all contributors to the new system, and
> we
> > have quite diverse development setups).
>
>
> > There are more important things to do ? like getting the debian
> > package working again. And for that, using proven though sometimes a
> > bit clunky systems is an advantage.
>
>
> I'd say a higher priority would be making Freenet look remotely like a
> modern piece of software.  So many aspects of Freenet seem like a time
> capsule from over a decade ago.
>
> Ian.
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian]

On Wed, Sep 30, 2015 at 4:08 PM, Arne Babenhauserheide 
wrote:

> Am Mittwoch, 30. September 2015, 08:42:38 schrieb Ian:
> > I'm not opposed to using signing if we can do it without keeping the
> > project stuck in 2001's development tools - because that will pretty-much
> > guarantee its slow death.
>
> Are we actually stuck in 2001’s development tools?
>

When it comes to dependency management, yes.  Maven started in 2002, and
has become standard in the years since.

There might be some tools which are not up to date, but that’s either
> because no one took it up, or because the benefit does not outweight
> the cost (we have to update all contributors to the new system, and we
> have quite diverse development setups).


> There are more important things to do — like getting the debian
> package working again. And for that, using proven though sometimes a
> bit clunky systems is an advantage.


I'd say a higher priority would be making Freenet look remotely like a
modern piece of software.  So many aspects of Freenet seem like a time
capsule from over a decade ago.

Ian.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Arne Babenhauserheide]

Am Mittwoch, 30. September 2015, 08:42:38 schrieb Ian:
> I'm not opposed to using signing if we can do it without keeping the
> project stuck in 2001's development tools - because that will pretty-much
> guarantee its slow death.

Are we actually stuck in 2001’s development tools?

I see up-to-date eclipse, JDK 7 and 8, C# for the Windows installer,
distributed version control, Python3 for the new site, release
messages autogenerated from the history, ...

We have up to date Bouncy Castle and Florent has been working again
and again at replacing old custom cypto with current standards.

There might be some tools which are not up to date, but that’s either
because no one took it up, or because the benefit does not outweight
the cost (we have to update all contributors to the new system, and we
have quite diverse development setups).

There are more important things to do — like getting the debian
package working again. And for that, using proven though sometimes a
bit clunky systems is an advantage.

Best wishes,
Arne


signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian]

On Wed, Sep 30, 2015 at 8:34 AM, Matthew Toseland  wrote:

> On 30/09/15 14:31, Ian wrote:
> >> Checking a signature or at least a checksum is basic due diligence for
> >> security-related software. It's not supported reliably by Maven,
> >> apparently for business reasons.
> >
> > I haven't looked at it in-depth, but Gradle has something that appears to
> > be signing support:
> >
> >   https://docs.gradle.org/current/userguide/signing_plugin.html
> >
> > Without a thorough audit of dependencies' source code, and their
> > dependencies source code, and so on, not to mention maybe even the JRE's
> > source code, all of this concern for digital signatures on binaries is
> > security theatre IMHO
>


> "The perfect is the enemy of the good". A concept you should be familiar
> with, it applies to security as well as to other aspects of engineering.
> Not being able to achieve perfection is not an excuse for giving up on
> the reasonable steps we CAN take.
>

I'm not opposed to using signing if we can do it without keeping the
project stuck in 2001's development tools - because that will pretty-much
guarantee its slow death.

Ian.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Matthew Toseland]

On 30/09/15 14:31, Ian wrote:
> On Wed, Sep 30, 2015 at 6:48 AM, Matthew Toseland > wrote:
>>
>> Checking a signature or at least a checksum is basic due diligence for
>> security-related software. It's not supported reliably by Maven,
>> apparently for business reasons.
>
> I haven't looked at it in-depth, but Gradle has something that appears to
> be signing support:
>
>   https://docs.gradle.org/current/userguide/signing_plugin.html
>
> Without a thorough audit of dependencies' source code, and their
> dependencies source code, and so on, not to mention maybe even the JRE's
> source code, all of this concern for digital signatures on binaries is
> security theatre IMHO.
"The perfect is the enemy of the good". A concept you should be familiar
with, it applies to security as well as to other aspects of engineering.
Not being able to achieve perfection is not an excuse for giving up on
the reasonable steps we CAN take.



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Ian]

On Wed, Sep 30, 2015 at 6:48 AM, Matthew Toseland  wrote:
>
> Checking a signature or at least a checksum is basic due diligence for
> security-related software. It's not supported reliably by Maven,
> apparently for business reasons.


I haven't looked at it in-depth, but Gradle has something that appears to
be signing support:

  https://docs.gradle.org/current/userguide/signing_plugin.html

Without a thorough audit of dependencies' source code, and their
dependencies source code, and so on, not to mention maybe even the JRE's
source code, all of this concern for digital signatures on binaries is
security theatre IMHO.

And if we can't or won't keep up with modern development tools then we're
going to severely limit who will contribute to the project, something we
can scarcely afford to do.  A modern Java developer will want to use modern
Java development tools.

Ian.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Matthew Toseland]

On 29/09/15 22:04, hyazin...@emailn.de wrote:
> Regarding point 2 best probably simply would be to ping gerard, because he
> is working at a new Freenet website and is almost finished according to
> this posting of him here, which he posted 5 months ago:
> https://emu.freenetproject.org/pipermail/devl/2015-May/038086.html
>
>
> Greetings,
> Torben Lechner
>
> --- Ursprüngliche Nachricht ---
> Von: Ian Clarke 
> Datum: 29.09.2015 21:50:27
> An: Discussion of development of development issues 
> Betreff: [freenet-dev] Behind the times
>
>> Bringing an off-list conversation onto the list (I failed to cc the list
>> in
>> the first place).
>>
>> ---
>>
>> Unfortunately these aren't the only ways we've fallen behind the times
>> (hard to believe we've been doing this for 15 years!).
>>
>>- Maven/Gradle are now de-facto standard build systems for Java apps,
>>and yet we're still using Ant (I was never convinced by the security
>>argument against these tools, since we don't audit 3rd-party libraries
>>anyway)
The perfect is the enemy of the good. The only third party library we
use that has changed in the last 5 years is Bouncycastle, which is
signed because it's a cryptographic provider. Whereas if we use Maven,
every time we build potentially we are downloading and running hundreds
of binaries which are either not signed or which have been built from
unsigned binaries.

Just because it's the "industry standard" doesn't mean it's appropriate
for our particular use case. Until a few years ago the industry standard
was to not encrypt communications other than online banking; now a lot
of the internet is HTTPS.

Checking a signature or at least a checksum is basic due diligence for
security-related software. It's not supported reliably by Maven,
apparently for business reasons. Therefore we should build our
dependencies from source, and verify at least a checksum to ensure that
it hasn't changed specifically for our particular build. It is true that
we can't realistically audit the source code of all our dependencies,
but that is not a reason to throw our hands in the air and cry "industry
standard, we can't do better than the industry standard".

However, we have had this argument before. I don't expect to change your
mind and you have no hope of changing mine. The last time this came up
it led to some deeply unprofessional accusations on both sides.
Negotiate with the active developers, this is just my worthless one
pence. We should be able to use software which is normally built with
Maven by building it from source; it should be possible to automate most
of this process, while still checking signatures where possible and
downloading from multiple sources to get a known-good-ish checksum where
it isn't.
>>- Website badly needs an update, it looks very dated and frankly a bit
>>spammy.  Bootstrap <http://getbootstrap.com/>
>> anyone, or even the Github page generator
>><https://github.com/blog/1081-instantly-beautiful-project-pages>
>> would be a big improvement
See other messages. There is a new website (almost?) ready to deploy.
Thankfully we are now past the era where "new" means "flash". I believe
the amount of intrusive third party analytics and tracking we have on
our current website is unacceptable for much of our main target
demographic - people who actually give a damn about privacy. Certainly
my use of Google Analytics has never been much beyond what could have
been achieved with a good logfile analysis tool - mostly browsers and
OSs and overall trends.
>>- We could also use an automatic unit testing system like Travis CI
>><https://travis-ci.org/>
>> (which is free for O.S projects)
We had one for some time, jenkins.freenetproject.org. It's not up at
present because nextgens hosted it; a third party provider is a good
alternative. We do have an account on a commercial static code analysis
site currently.

A normal build runs the unit tests (but without the more expensive tests
included). Developers can however bypass this via a command line flag.
In any case it is useful to run the expensive tests, ideally on a
per-commit level with automatic bisection when it fails. I hope that my
uni project this year may lead to some higher level unit tests.
>> Of course, all of these things will require work.  Fortunately, most can
>> be
>> tackled independently of each-other and so we can bite off one piece at a
>> time, if there are any volunteers to take ownership of them.
You also proposed moving the bug tracker. That would require *a lot* of
work, for little benefit other than a small cash saving.



signature.asc
Description: OpenPGP digital signature
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Florent Daigniere]

On Tue, 2015-09-29 at 14:50 -0500, Ian Clarke wrote:
> Bringing an off-list conversation onto the list (I failed to cc the
> list in
> the first place).
> 
> ---
> 
> Unfortunately these aren't the only ways we've fallen behind the
> times
> (hard to believe we've been doing this for 15 years!).
> 
>- Maven/Gradle are now de-facto standard build systems for Java
> apps,
>and yet we're still using Ant (I was never convinced by the
> security
>argument against these tools, since we don't audit 3rd-party
> libraries
>anyway)
> 

I'd like to know which of the 3rd party libraries we haven't
reviewed... I personally went through all those we used to ship when
I've last built a freenet-ext.jar (that was pre db4o)... Have the
standards slided since? Maybe.

In any case I don't see it as a good argument. What feature do we need
from those fancy, crazily insecure tools?

I can tell you (and measure) what the cost of doing it is, can you tell
me what the benefits would be? Virtually all IDEs and tools still
support Ant.

OFC we can have both... but that just adds to the maintenance
cost/burden.

>- Website badly needs an update, it looks very dated and frankly a
> bit
>spammy.  Bootstrap 
> anyone, or even the Github page generator
>
> would be a big improvement
> 

That has been answered on another thread.

>- We could also use an automatic unit testing system like Travis
> CI
>
> (which is free for O.S projects)
> 

We had one before Travis started to exist (on emu)... Since we've had a
jenkins instance... that people were not happy with and which required
a lot of maintenance...

What are you suggesting we use CI for? Release engineering? running the
few tests we have? Test that whatever pull request we get "compiles"?
Make fancy graphs? Something else?

Once again, I can see the cost, not the benefit here. It's not like
people can't use travis on their own github fork. The default/sample
file will run just fine with our antique ant build file.

Florent

signature.asc
Description: This is a digitally signed message part
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[Arne Babenhauserheide]

Am Dienstag, 29. September 2015, 14:50:27 schrieb Ian Clarke:
>- Website badly needs an update, it looks very dated and frankly a bit
>spammy.  Bootstrap 
> anyone, or even the Github page generator
>
> would be a big improvement

Gerard created a new site a few months ago and we’ve been working on
finalizing it since then. Yesterday he uploaded a new test-version:

http://realitysink.com/freenet/en/

I think it’s pretty good. It isn’t perfect in everything, but it looks
much better than the current site and it contains all information from
the current site. Also the generator script is dead simple:

https://github.com/gerard-/freenet-website

Best wishes,
Arne


signature.asc
Description: This is a digitally signed message part.
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

Re: [freenet-dev] Behind the times

[hyazinthe]

Regarding point 2 best probably simply would be to ping gerard, because he
is working at a new Freenet website and is almost finished according to
this posting of him here, which he posted 5 months ago:
https://emu.freenetproject.org/pipermail/devl/2015-May/038086.html


Greetings,
Torben Lechner

--- Ursprüngliche Nachricht ---
Von: Ian Clarke 
Datum: 29.09.2015 21:50:27
An: Discussion of development of development issues 
Betreff: [freenet-dev] Behind the times

> Bringing an off-list conversation onto the list (I failed to cc the list
> in
> the first place).
>
> ---
>
> Unfortunately these aren't the only ways we've fallen behind the times
> (hard to believe we've been doing this for 15 years!).
>
>- Maven/Gradle are now de-facto standard build systems for Java apps,
>and yet we're still using Ant (I was never convinced by the security
>argument against these tools, since we don't audit 3rd-party libraries
>anyway)
>
>- Website badly needs an update, it looks very dated and frankly a bit
>spammy.  Bootstrap <http://getbootstrap.com/>
> anyone, or even the Github page generator
><https://github.com/blog/1081-instantly-beautiful-project-pages>
> would be a big improvement
>
>- We could also use an automatic unit testing system like Travis CI
><https://travis-ci.org/>
> (which is free for O.S projects)
>
> Of course, all of these things will require work.  Fortunately, most can
> be
> tackled independently of each-other and so we can bite off one piece at a
> time, if there are any volunteers to take ownership of them.
>
> Ian.
>
> --
> Ian Clarke
> Founder, The Freenet Project
> Email: i...@freenetproject.org
> ___
> Devl mailing list
> Devl@freenetproject.org
> https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl

[freenet-dev] Behind the times

[Ian Clarke]

Bringing an off-list conversation onto the list (I failed to cc the list in
the first place).

---

Unfortunately these aren't the only ways we've fallen behind the times
(hard to believe we've been doing this for 15 years!).

   - Maven/Gradle are now de-facto standard build systems for Java apps,
   and yet we're still using Ant (I was never convinced by the security
   argument against these tools, since we don't audit 3rd-party libraries
   anyway)

   - Website badly needs an update, it looks very dated and frankly a bit
   spammy.  Bootstrap 
anyone, or even the Github page generator
   
would be a big improvement

   - We could also use an automatic unit testing system like Travis CI
   
(which is free for O.S projects)

Of course, all of these things will require work.  Fortunately, most can be
tackled independently of each-other and so we can bite off one piece at a
time, if there are any volunteers to take ownership of them.

Ian.

-- 
Ian Clarke
Founder, The Freenet Project
Email: i...@freenetproject.org
___
Devl mailing list
Devl@freenetproject.org
https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl