Slashdot Mirror
Why Freenet is Complicated (or not)
JohnBE writes "'This article is primarily a friendly rebuttal to Steven Hazel's CodeCon 2002 talk entitled "libfreenet: a case study in horrors incomprehensible to the mind of man, and other secure protocol design mistakes". Hazel presents the Freenet protocol as an overly complicated, self designed crypto layer. In fact, though somewhat complicated, literally every step in the protocol was carefully thought out to resist certain attacks and to increase certain properties desirable for Freenet operators and the network as a whole.' Interesting in light of Peek-a-booty, this article covers many of the issues involved with creating a anonymous P2P system."
(from the article) ...
Some perceived minor irritations may arise due to the implementation of Freenet in Java. Java is not like C, so some porting issues are bound to arise. Porting is hard sometimes.
"Everyone is entitled to their own opinion, but not their own facts."
http://www.kuro5hin.org/story/2002/2/17/203032/375
"Total destruction the only solution" - Bob Marley
http://www.kuro5hin.org/?op=displaystory;sid=2002/ 2/17/203032/375
It would have been nice for the person who submitted the article to at least include the link to the article that paragraph came from...
Is this post not nifty? Sluggy Freelance. Worshi
...we can find the latest Britney Spears album, complete with high-res cover scans and 320kbps MP3s, I highly doubt Freenet will catch on. It's already surpassed by Morpheus and Gnutella in terms of users. The thing preventing Freenet from gaining wide acceptance is, for sure, the fact that mysterious files which you have no knowledge of their content, are automatically downloaded to your shared directory. This of course helps other people, including people you don't want to help.
Here's a quick overview of Freenet, if you need to get up to speed.
"It remains to be seen if the human brain is powerful enough to solve the problems it has created." Dr. Richard Wallace
All your freenet are belong to us
This was also posted to another scoop site, kuro5hin :)
For those of you who care, Ian Clark also commented on the story himself(1 2 3 4 5)
autopr0n is like, down and stuff.
I must say I agree in every respect. I've written a few apps in the past working on the fproxy level and I was stunned by the (lack of) quality of the documentation. Things like not labelling that numbers are hexadecimal (watch out for that one) or just plain mis-information. I have however found the Freenet team to be quite responisive to direct questions. But in the end it was too much of a pain and I gave up. The program worked OK enough though (for its purposes).
e4 e5
When you compare it to stuff like gnutella, mojonation and others, freenet is about average.
Freenet's not hard to write programs for at all, Freenet itself is whats complicated.
Currently I know C, VB, and I'm learning Java.
Freenet is not that complicated. Its just not documented as well as it could be.
If you use Linux, please help development of Autopac
Its just so wrong for that scgmille to copy so blatently from that poorscgmile guy. er. wait...
autopr0n is like, down and stuff.
I also think if freenet were written in C, it would have far more developer support.
Documentation is lacking and that doesnt help, what also doesnt help is using java, Freenet barely works on Linux and MacOSX.
C would have been the language of choice simply because more people know C than java, porting would have been faster.
As far as the freenet project going down, someone needs to port freenet to C right now, if its ported to C people will develop for it.
While I konw C, i dont know java. Alot of people would like a freenet DLL for windows from which they could do somethinng like write a vb app front end for the freenet backend. This would make freenet more popular for windows.
I dont know, I disagree about the freenet developers not knowing how to code, they code way better than me, they dont seem to document anything, they dont have a status page, they rarely use the mailing lists and talk too much on frost, communication skills would help.
I think freenet has come far, I think with alittle more support, perhaps some kinda sponser or from donations, or if they make it easier for people to contribute code, freenet will be a success.
Right now freenet is just too underground and esoteric for normal programmers to deal with.
If you use Linux, please help development of Autopac
This was posted two hours before on Infoanarchy. I don't understand why people don't understand single quote marks.
e4 e5
Possible the only network with a higher Porn : Non-Porn ratio than the Internet itself :P
Do these things work with digital cable? Most of the coolest stuff on HBO, Showtime, MTV2 is really only available with digital cable. Would these things work with that?
autopr0n is like, down and stuff.
If you wish to read about well-designed anonymous P2P systems, look at Crowds (similar design to Pick-a-Booty, years earlier).
Anonymity has many more uses: censorship resistant systems often use anonymity. See, for example Free Haven or the following article on a new design
http://www.cl.cam.ac.uk/~aas23/Anon_p2p2.ps
Stories are put in a submission queue for users to rate on. When a story has been sent to the front page (or a section), the date is set for that time.
This story was submitted Feb 17 <21:33 (time of comment 1)
I can't say anything of the submission process for infoAnarchy, as to whether it is readily available before it is 'posted'.
I have millions+ customers being server on a handful of java programs. The only problem I have is jvm for Solaris seems to leak memory, so we load balance and restart the java processes once a day. We did it once a month, but decided to make it nightly to be safe with the high volume of traffic. (And sys-admins are lazy!)
Most times its not the language that's the problem, its the environment, either os bugs, or some other software incompatibility.
Java seems to be fast enought for realtime mission critial apps, so stop the fud.
-
Courage is resistance to fear, mastery of fear - not absence of fear. - Mark Twain (1835 - 1910)
Yeah, crypto is easy. Knowing what a "CHK" is without looking it up is easy. Figuring out how to stop Man-in-the-middle attacks is easy. Solving the initial node announcment problem is easy. It's just that gosh darn Java that is getting in the way.
Incedently, there are many people working on a GCJ-compiled Freenet, which would allow you to run a Java node as a native program. Why don't you go help them out instead of whining on Slashdot?
Not a typewriter
I really beleive that good documentation coupled with good code is the reason that some projects prosper and others fail. Maybe they have the balance right, the system is ludicrously easy for Windows users now. On the plus side:
They have a Wiki system on their homepage which allows you to add to the documentation easily (had this been available 6 months ago I would have)
The code is nearing a stable level (Datastore bug gone)
Usefull non-Pr0n applications are been developed such as Frost.
e4 e5
...the sheer complexity of what is achieved by the current Freenet codebase would make most software engineers give up before they had started. Connection pooling, real-time unwrapping, progressive hash checking, splitting, and rewrapping of encrypted streams, incorporation of a servlet architecture, threadpooling, unit tests, the list goes on, this is a massively sophisticated piece of software, the code is well commented, and as soon as the inter-node protocols are finalized, they will be documented (in fact, Adam Langley is working on this as we speak). Yes, the code and protocol are complicated, but no more-so than they need to be.
Just to insert my $0.02 on this statement. While I think that Freenet is spiffy, and the work is great, judging programmers skill by what they produce is not always the best method. Please note I am not talking about the Freenet developers here.
I strongly believe in the million monkeys principle. I have seen code that was written by a team of people that expanded over 150K lines to do some amazing things. But the code was shit. You could tell the programmers did not have a grasp on not only how to write what they wrote, but even on common agreed-upon design and implementation principles.
The result: a rewrite bringing it to 57K lines and utilizing a tremendously lesser amount of memory.
The code when we got it was really phenominal. It did a lot, but had a lot of problems under the hood.
Judge a persons ability by the quality of code, not the features they produce.
Dacels Jewelers can't be trusted.
I'm not sure why I would want to install freenet on my system. From what I understand, basically I'm expected to download and install this software and give a certain amount of my own bandwidth and disk space over to the network. I have no way of knowing what's stored on my hard disk and being downloaded from me. I've peered through a key list for freenet and it seems most of the data is porn. You might accuse me of being alarmist but i'm fairly confident a good amount of that will be illegal porn (underage, etc) otherwise it would be on the web somewhere.
So now I've paid money to buy bandwidth and disk space to set up a porn server, and I'm not even getting ad revenues.
As for protecting speach, couldn't a government just make the freenet software itself illegal if it wanted to?
I can't see it really catching on - apart from a few paranoid "lone gunmen" types and comic book store guy, who's it going to appeal to?
Just a question.
James
> Those of you who've seen the
> freenet code will most likely agree with me, that
> many of the freenet developers couldn't code their
> way out of a wet paper bag.
I remember looking at Scott Miller's code on Gamora and feeling like, "Wow, this is the most elegent OOP code I've seen in the wild". Most code really sucks, especially if it's written in an OOP language and gets to be more than a few thousand lines.
Very few people could make the concept work in those days when Design Patterns was still new. Scott was one of those people and it looks like he's still an active developer. So, while I agree with the other statements in your comment I must disagree with the snipe about the coders not being any good.
Why do I feel the need to defend java on slashdot? Here I go again:
Java is slower than C, yet less powerful than C++.
Yeah, that's a testable statement. Most of java's use is network-bound programming, where pure speed isn't an issue, but it's excellent networking library is a benefit. No one is coding an OS in java.Add to this the fact that java 1.4 is on part (except for GUIs) with C++, and you have no speed issue.
Java is portible but so is C#, C, C++.
Java is binary portable which is a huge advantage. I can take compiled code from one architecture, and run it on another. Do that in C or C++. Hell, you can't even run a complete C# program in solaris now, so much for the common run time.
Java currently doesnt seem to be a match for C#
Is that why C# is an almost exact syntatic copy of java? Is that why the architectures and security models are almost the same? Which language has more users now? Which actually has deployed code running in production?
Java is ok, but i have yet to see a successful project written in java.
Have you heard of Tomcat? That's a moderately successful java project. Also, many real businesses use java on the web layers. I guess those don't count as 'successful projects', but they should count for something. The fact that there are relatively few java projects has more to do with the open source community being stand-offish regarding java, and not with language faults.Just posted on slashdot a couple of weeks ago: Root Node Live, which is a java project (brought to you by konspire) helps people trade jam-band music.
"This is not a company that appears to be bothered by ethical boundaries."
Attorney General Mike Hatch on Microsoft
Here is the original post, on the Freenet homepage about the Infoanarchy piece, as to whether it was posted on Kuro5hin or InfoAnarchy, read either, it doesn't matter. At the above link is an MP3 file of the original cited speech (at Codecon).
e4 e5
... doesn't lie in its protocol or security, but in its inconvenience to users. Information simply disappears off of the network, making it almost impossible for regular use. While it was not designed for sharing music and porn, thats what most people think p2p networks are for these days. As a result, the oppressed people that the project was designed for can't use the system. The initial concept that one cannot store information on their system was good, but is being abused by too many people. There simply are not enough permanent connections with enough disk space to support the current incarnation of Freenet.
The second problem is the inability to find information. Even if it does exist, very few people know how to find it. Until the key indices are completed and a uniform naming system is accepted, information will just sit there, and be as good as lost.
I apologize for this being somewhat offtopic and please correct me if either of these problems have been solved. I'd really love to see Freenet take off, but it seems that it may be dead on arrival being too difficult to use for end users.
You can always pick fight over Java is better than c or c is better than java. its tried a logt on the tech mailing list of freenet project.
There is a whiterose C++ implementation of freenet.(development is frozen there however 8) i think this is not picked up before 1.0
But above all freenet now requires:
-documentation. (no coding
-testing procedures. a test set or something like that. (you can code the tests in the language of your choice.....)
-more nodes in the network. (just download it)
-better client software. you can write a client in any language you want.
I really like Freenet overall and thought a while about putting my new HP up as a freesite. I didn't do it for minor reasons. Anyway I think it is a great project and put all my (big)file releases up as a public KSK, simply beacuse it's a good, clean and simple way to share files.
The main problem is that it will never gain popularity. Freenet has mainly two target audiences: The file-sharing community (WareZ Groups etc.) and the people, who like the Idea of browsing anonymously.
Until now Freenet has no popularity in both areas. The egoistic WareZ Groups don't even think about using Freenet, eventhough they really should contribute more to OpenSource projects, because they are the ones using them really heavily (think of LAME, MPEG2Decoders, etc.), and stick with old/insecure/closed Technologies like FTP, IRC and EDonkey.
Maybe all this would get better if we all start advertising freenet a bit more wherever we hang around (Boards, IRC, Weblogs) and promote it as a fast, secure, anonymous, stable, easy way to share files.
Boycot? Blackout? Subscriptions?
I don't care!
What about ArgoUML? It's written in Java and I'd say it's successful....
/. zen: Imagine a Beowulf cluster of Beowulf clusters...
So YOU'RE the phish!
Every major operating system (Solaris, Linux, Windows, BSD) has an independant implementation of TCP. None of them share significant code, each was designed with different goals. Every one of these implementations is validated against the standard, which spans multiple RFCs. The entire Internet is held from congestion collapse by cooperation amongst these implementations.
What are you talking about?
I saw this after on /. after I got home from school and could have sworn I saw it earlier. I checked K5 (my main hideout), but it was neither in the queue nor on the front page. I was about to question my sanity.
By the way, Kuro5hin is Scoop based, Slashdot is Slashcode based.
I still can't beleive that encryption, digital signatures and random key generators can be both fast and secure in Java...
- Benad
Has anyone dealt with the problem that Freenet is trademarked by some univesity that was responsable for the original community network software that runs places like the National Captial Freenet (ncf.ca), and similar sites?
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
- Benad
Wow, rarely have I seen such a ridiculous statement. J2EE is incredibly widely used for internet businesses of all kinds. In this time of declining job options for programmers, java (well, J2EE, anyway) programmers are still somewhat in demand.
I have worked on many successful java projects. Xtra Online, Marconi Communications, and PDX, are just a few of the companies at which I have worked on successful java projects.
Business software is generally about reliability. Computers are easily fast enough to do any kind of business calculation blindingly fast in virtually any language, and Java is fairly speedy. Java has great reliability (no buffer overflows, no uninitialized pointers, no stack overflows, no doubly-deleted pointers, etc, etc).
If you think java is too slow for business applications, the game we are working on over at http://www.cosmgame.com is all in java. I get 50-100 frames per second in full screen 3d mode, all running under java. I shit you not. We will be showing it at the Game Developer's Conference in San Francisco March 20-23rd at Sun's booth.
Virtually no business application has anything vaguely close to the kind of performance requirements we have, and we run just fine.
See you at the GDC!
...Judge a persons ability by the quality of code, not the features they produce.
;P). Also, don't forget that a re-write of old code will always be more efficient than the original...and if the re-write is done by a third party (100% efficient coders, but no access to the original source!) then, well... The sloppy-coding team will have a new 2.0 version to offer to consumers by the time the third party is done creating a smaller, slightly speedier clone. That's how the market works.
How absurd. Programming is about solving a problem (especially by definition of a "program"). How one gets there is his or her own journey.
I have seen code that was written by a team of people that expanded over 150K lines to do some amazing things. But the code was shit. You could tell the programmers did not have a grasp on not only how to write what they wrote, but even on common agreed-upon design and implementation principles
This all sounds well and good, but the reality is that users/clients/consumers would choose a "poorly coded" (but stable) program with amazing features and GUI over a slightly faster, well-coded, and similarly priced application with NO amazing features. Why? Because consumers aren't stupid! Nobody will reward a company just because they put "USES 100KB LESS DISK SPACE THAN OUR LEADING COMPETITOR" on the box. People's $$ will just simply go further if they choose to buy the poorly coded, amazing features one. And if both versions are exactly the same (features, price, GUI, relative execution speed), then people will buy from the company that offers the best technical support, guarantee, and testimonials (and the most dollars to spend on advertising
In the real world, nobody except your company has to know how crappy your code is. If it's stable, who cares how it's written! What you get done at the end of the day is what counts. For example, I know of a very poorly-coded RPG written entirely in Visual Basic and made by a novice teen-age programmer. It was to be a free Ultima Online clone. Well, the graphics sucked, the code sucked, the networking sucked, but it was a fun game! Thousands of people have played, or at least heard of "Era Online", and hundreds of people still keep current about its progress (with the game's new developers) via message boards.
You *need* to have spaghetti code to finish large projects. Most programs do not get completed. An article on gamedev.net states that in only 1 instance of 50 does a started game is ever completed to the point of release. And that's remembering that with most games, it seems 'obvious' to most programmers how to code them. But take a network protocol of such complexity and see how only freenet authors are up to the challenge: if they've had direct competition developing such a protocol since 1999, then there are probably not many competitors still going strong.
And let's not forget that no program is ever perfect. Making a compiler work how you imagine it should work sometimes fails, and one ends up hacking up work-around code... which eventually end up being part of the permanent code.
Successful programmers don't write the most efficient code. Successful programmers accomplish things. There is nothing one can criticize Freenet programmers for with what they have done so far.
Cover your eyes and click this link!
While the comment obviously deserves the score, I really don't think that those who posted them deserve the karma for posting other people's work unattributed. Perhaps if one of Slashdot's editors reads this, they can take appropriate action.
Serverside, but it is java. What lack of Java games? Almost all web games are either flash or java!
I understand why they did it in Java, but still wish they would have done it in C. Most JRE's are not free (like Stallman free) and C runs faster, C code is often more compact inspite of what java was supposed to be, and is already pre-installed on most linux platforms - this is expecially nice when you use a modem and don't want download all the overhead of a JRE - but rather just a progam and run it.
Either way, I am just thankfull that they did it. Freenet has huge implications in terms of saving redundant use of bandwidth, and has huge benefits in terms of protecting peoples freedoms in the face of copyright freaks who would turn the world into a police state rather than give up their precious government monopoly on copying that they lobied to extend 100 years longer than it ever should have been, and then shoved the DMCA down our throats, and then wonder why people have had it with copyrights.
The longer you use it the faster it gets. [unfourtunately] You will have to open the port that handles FCP request (default 8888 IIRC) on your firewall (don't run the Freenet.jar as root, nor your JVM), after 1-2hours live requests are pretty fast (within 20 seconds) even on this crappy 56k modem that I'm using.
e4 e5
All of the above are fixed, bar the inability to work behind a firewall, but I guess that's an act of God/R00T.
e4 e5
1.4? Yeah. But how are you going to deploy your apps? Not everybody is running 1.4 -- can't very well expect everybody to download a 15MB installer. So you will still need to support 1.3 for at least six months to a year.
Memory use. Java eats memory for breakfast. A simple GUI app can easily take upwards of 70MB of memory. Now try to maximize the window to fullscreen. You have entered a world of PAIN. It is too slow.
Threads. You have to do frigging everything in Java with threads. It's fragile! Livelocks and deadlocks lurks after every code block.
Seriously, the Java language and the libraries are fundamentally flawed.
Pushin' 'n dealin', shovin' 'n stealin'
Although I have never written a single character of code in Java myself (I'm a functional designer, not a coder), I know that the last four to five really successful projects at the systems integrator I work at were all done in Java. And since these involve server applications, stuff like GUI's don't really matter. Deployment of applications in an typical mass-market end-user environment maybe tough, but don't forget that 90% of the code out there is being written for a single customer.
-- Spelling and grammar errors tend to be a sign of erroneous thinking.
Java works well when you have a large degree of control over the environment where your application will be deployed and ample resources to spare. However, this is quite contrary to the alleged portable nature of Java, and rules out most thin-client applications (another Java selling point at one time). So although it is commercially successfull and has encouraged for the first time widespread adoption of useful programming techniques such as object orientation and garbage collection, both implementation and design leave so much wanting that I think on the whole it must be concluded that Java is a technological failure.
Pushin' 'n dealin', shovin' 'n stealin'
Why is it that when I run my freenet node, the CPU is throttled?
I'm running a P200, it's enough for Apache, X, my firewall, storing my mail, processing mailing lists, compiling programs, serving files, serving a printer, but none of that throttles the CPU.
The only reason I would have to upgrade this box is to run Freenet. This is consistent with all my experiences with Java.
You're probably right that the Freenet networking code probably isn't sucking the system dry, my guess is that it would be either the encryption, or some data shuffling going on in memory.
There must be some troubleshooting tools out there to narrow down the heaviest lines of code. But I can't speak Java.
1.4? Yeah. But how are you going to deploy your apps? Not everybody is running 1.4 -- can't very well expect everybody to download a 15MB installer. So you will still need to support 1.3 for at least six months to a year.
Java is not VB. Older applicaions written in java have no problem running on a newer JVM. Most of the time, they are actually faster. Also unlike VB, you can continue to use nearly all of your older code in a new project. Have you even seen what Microsoft has done with VB.net? It's a new language with some passing similarity to VB.
Threads. You have to do frigging everything in Java with threads. It's fragile! Livelocks and deadlocks lurks after every code block.
Pure fud. You have either never actually used java or are actively trolling.
-- Give me ambiguity or give me something else!
As for threads, well, it's true. You need heaps and gobs of them. If you're a server, you'll need a separate thread for every child, because Java is rather lacking in the "sane I/O" department.
Sure, the new I/O layer in 1.4 will fix that (once they get the bugs out on all platforms) -- but then you are back to point number 1: you can't use the new I/O layer when your customers don't have/want 1.4. So it's no panacea.
Pushin' 'n dealin', shovin' 'n stealin'
As a previous node operator and development mailing list lurker, I can tell you that shitty VMs account for half of Freenet's problems. When you write in C, you don't have to put up with a VM.
Now, as for that sig...Bullshit, complete and utter.
All those who want to run Windows-based games on Linux and are willing to pay to have them available on a timely basis will sign up with Transgaming. All who don't sign up with Transgaming don't want Windows-based games on Linux, or are unwilling to pay for having said privilige in the near future.
I "want games", but not necessarily commercial games -- Nethack, bzFlag and the results of the annual Interactive Fiction Competition provide all the entertainment I need. When I want to run commercial games, I'm generally happy with releases old enough that the main WINE tree will run them correctly. Your statement implies I don't want games to run on Linux at all -- bullshit, plain and simple. Someone who does want new Windows games to run on Linux soon but doesn't have the cash to subscribe on hand (or has higher priorities -- rent is a frequent one) can also exist; folks can also work towards this goal by contributing their time to mainline WINE rather than sending their dollars to Transgaming. Your attempt to place a sharp and incorrect division between two sets of people stops just short of offensive.
A court system with the presumption of innocense is a doomed project. It was from the start. Those that died fighting for it were/are fools for not seeing the obvious limitations and the *obvious* misuse of the system. I really don't feel like contributing to the rapists and murderers out there thankyew.
...or maybe do you think that in order to give the rest of us rights it might be necessary to let a murderer or two go free?
Why is it that when I run my freenet node, the CPU is throttled?
When I run my freenet node the CPU isn't even close to throttled -- indeed, freenet's more often than not just idling and using no CPU time at all. My guess would be that you're running an old, buggy version of freenet; try a current snapshot. Ya know, it's possible (pretty easy, even!) to throttle the CPU in C code, too.
In short, it's almost certainly the code itself, as opposed to the JVM, that's causing this issue. IIRC, freenet has had such issues from time to time.
mmm, wonder how that relates to the old Win95 issue of giving a socket OOB data when it wasnt expecting it; causing it to throw a wobbly and lock the whole box in seconds....
IIRC there was one guy who wrote most (all?) of the original Win95 stack, dunno if he nicked anything from BSD though.