Why Freenet is Complicated (or not)

JohnBE writes "'This article is primarily a friendly rebuttal to Steven Hazel's CodeCon 2002 talk entitled "libfreenet: a case study in horrors incomprehensible to the mind of man, and other secure protocol design mistakes". Hazel presents the Freenet protocol as an overly complicated, self designed crypto layer. In fact, though somewhat complicated, literally every step in the protocol was carefully thought out to resist certain attacks and to increase certain properties desirable for Freenet operators and the network as a whole.' Interesting in light of Peek-a-booty, this article covers many of the issues involved with creating a anonymous P2P system."

A little honesty is refreshing sometimes

[Tri0de]

(from the article) ...
Some perceived minor irritations may arise due to the implementation of Freenet in Java. Java is not like C, so some porting issues are bound to arise. Porting is hard sometimes.

Re:I could have sworn I read this verbatim before

[Salamander]

It was posted on infoAnarchy before it was published on kuro5hin (1:15am EST vs. 2:25am EST). It might have been posted elsewhere, or sent via email. Someone's sure going out of their way to get publicity.

Re:A little honesty is refreshing sometimes

[grammar nazi]

In paragraph specifically mentions that the security model is overly complicated. For comparison...

Microsoft's argument for a long time was that Java's security model was overly complicated. ASP, by contrast, had a simplified security model. Either an ASP executes scripts locally, or it doesn't. Thus ASP does have a simple security model.

Now... which security model will be suitable for your projects? Which security model is potentially better for the client browsers?

I am extremely familiar with freenet and I can tell you that the current security model is very *robust* yet I feel that it is very streamlined. By contrast, napster's security model was simple. So Mr. MP3 Pirate, which security model would you prefer? Do you want to continue to enjoy music or would you rather get nasty letters from the MPAA/RIAA and get your cablemodem shut off.

Re:Freenet is not perfect!

[JohnBE]

I agree with you in respective of the "fuck you" attitude of the developers, that is their perogative, but I think it is counter productive to one of their goals which is widespread acceptance.

I really beleive that good documentation coupled with good code is the reason that some projects prosper and others fail. Maybe they have the balance right, the system is ludicrously easy for Windows users now. [freenetproject.org] On the plus side:

They have a Wiki system on their homepage which allows you to add to the documentation easily (had this been available 6 months ago I would have)

The code is nearing a stable level (Datastore bug gone)

Usefull non-Pr0n applications are been developed such as Frost [sf.net].

Re:Please tell me why...

[JohnBE]

A government could make encryption software illegal, however the legal barriers are quite high. In Europe they have the Human Rights act which protects a lot of rights (which is one of the reasons the RIP Act has not been rigourously enforced in England) and in the US you have the constitution.

I started using Freenet for the technical challenge, a kind of Internet within Internet, which is a kind of neat concept, but there are also some interesting quite innovative sites on there. But danger Will Robinson, there is also some evil!

Has there ever been a time that you want to comment about something and protect you identity? Freenet [freenetproject.org] allows this.

Re:Java sucks and I'll prove it.

[_underSCORE]

Why do I feel the need to defend java on slashdot? Here I go again:

Java is slower than C, yet less powerful than C++.

Yeah, that's a testable statement. Most of java's use is network-bound programming, where pure speed isn't an issue, but it's excellent networking library is a benefit. No one is coding an OS in java.Add to this the fact that java 1.4 is on part (except for GUIs) with C++, and you have no speed issue.

Java is portible but so is C#, C, C++.
Java is binary portable which is a huge advantage. I can take compiled code from one architecture, and run it on another. Do that in C or C++. Hell, you can't even run a complete C# program in solaris now, so much for the common run time.

Java currently doesnt seem to be a match for C#

Is that why C# is an almost exact syntatic copy of java? Is that why the architectures and security models are almost the same? Which language has more users now? Which actually has deployed code running in production?

Java is ok, but i have yet to see a successful project written in java.

Have you heard of Tomcat? That's a moderately successful java project. Also, many real businesses use java on the web layers. I guess those don't count as 'successful projects', but they should count for something. The fact that there are relatively few java projects has more to do with the open source community being stand-offish regarding java, and not with language faults.Just posted on slashdot a couple of weeks ago: Root Node Live, which is a java project (brought to you by konspire) helps people trade jam-band music.