cheng/wallet
0
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

No end of changes, lost track.

Browse Source 
Switched to Deva V for greater consistency between mono spaced and serif
This commit is contained in:
reaction.la 2024-02-06 05:32:05 +00:00
parent 8f07c8dcf1
commit a247a1d30c
No known key found for this signature in database
GPG Key ID: 99914792148C8388
9 changed files with 335 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/design/TCP.md
View File

@ -102,6 +102,11 @@ upper bound. To find the actual MTU, have to have a don't fragment field
(which is these days generally set by default on UDP) and empirically
track the largest packet that makes it on this connection. Which TCP does.
MTU (packet size) and MSS (data size, $MTU-40$) is a
[messy problem](https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/25885-pmtud-ipfrag.html)
Which can be side stepped by always sending packets
of size 576 contiaing 536 bytes of data.
## first baby steps
To try and puzzle this out, I need to build a client server that can listen on

134
docs/design/peer_socket.md
View File

@ -67,8 +67,142 @@ well be handled by an instance of a class containing only a database index.
# Representing concurrent communicating processes
node.js represents them as continuations. Rust tokio represents them
as something like continuations. Go represents them lightweight
threads, which is a far more natural and easier to use representation,
but under the hood they are something like continuations, and the abstraction
leaks a little. The abstraction leaks a little in the case you have one
concurrent process on one machine communicating with another concurrent
process on another machine.
Well, in C++, going to make instances of a class, that register
call backs, and the callback is the event. Which had an instance
of a class registered with the callback. Which in C++ is a pointer
to a method of an object, which has no end of syntax that no one
ever manages to get their head around.
So if `dog` is method pointer with the argument `bark`, just say
`std::invoke(dog, bark)` and let the compiler figure out how
to do it. `bark` is, of course, the data supplied by the message
and `dog` is the concurrent communicating process plus its registered
callback. And since the process is sequential, it knows the data
for the message that this is a reply to.
A message may contain a reply-to field and or an in-regards-to field.
In general, the in-regards-to field identifies the state machine
on the server and the client, and remains unchanged for the life
of the state machines. Therefore its handler function remains unchanged,
though it may do different things depending
on the state of the state machine and depending on the type of the message.
If the message only has an in-regards-to field, then the callback function for it
will normally be reginstered for the life of the councurrent process (instance)
If it is an in-reply-to, the dispatch mechanism will unregister the handler when it
dispatches the message. If you are going to receive multiple messages in response
to a single message, then you create a new instance.
In C, one represents actions of concurrent processes by a
C function that takes a callback function, so in C++,
a member function that takes a member function callback
(warning, scary and counter intuitive syntax).
Member to function pointers are a huge mess containing
one hundred workarounds, and the best workaround is to not use them.
People have a whole lot of ingenious ways to not use them, for example
a base class that passes its primary function call to one of many
derived classes. Which solution does not seem applicable to our
problem.
`std:invoke` is syntax sugar for calling weird and wonderful
callable things - it figures out the syntax for you at compile
time according to the type, and is strongly recommended, because
with the wide variety of C++ callable things, no one can stretch
their brain around the differing syntaxes.
The many, many, clever ways of not using member pointers
just do not cut it, for the return address on a message ultimately maps
to a function pointer, or something that is exactly equivalent to a function pointer.
Of course, we very frequently do not have any state, and you just
cannot have a member function to a static function. One way around
this problem is just to have one concurrent process whose state just
does not change, one concurrent process that cheerfully handles
messages from an unlimited number of correspondents, all using the same
`in-regards-to`, which may well be a well known named number, the functional
equivalent of a static web page. It is a concurrent process,
like all the others, and has its own data like all the others, but its
data does not change when it responds to a message, so never expects an
in-reply-to response, or if does, creates a dynamic instance of another
type to handle that. Because it does not remember what messages it sent
out, the in-reply-to field is no use to it.
Or, possibly our concurrent process, which is static and stateless
in memory, nonetheless keeps state in the database, in which case
it looks up the in-reply-to field in the database to find
the context. But a database lookup can hang a thread,
which we do not want to stall network facing threads.
So we have a single database handling thread that sequentially handles a queue
of messages from network facing threads driving network facing concurrent
processes, drives database facing concurrent processes,
which dispatch the result into a queue that is handled by
network facing threads that drive network facing concurrent
processes.
So, a single thread that handles the network card, despatching
message out from a queue in memory, and in from queue in memory, and does not
usually or routinely do memory allocation or release, or handles them itself
if they are standard, common, and known to be capable of being quickly handled,
a single thread that handles concurrent systems that are purely
memory to memory, but could involve dynamic allocation of memory,
and a single thread that handles concurrent state machines that do database
lookups and writes and possibly dynamic memory allocation, but do not
directly interact with the network, handing that task over to concurrent
state machines in the networking thread.
So a message comes in through the wire, where it is handled
by a concurrent process, probably a state machine with per connection
state, though it might have substates, child concurrent processes,
for reassembling one multipart message without hanging the next,
It then passes that message to a state machine in the application
layer, which is queued up in the queue for the thread or threads appropriate
to its destination concurrent process, and receives messages from those threads,
which it then despatches to the wire.
A concurrent process is of course created by another
concurrent process, so when it completes,
does a callback on the concurrent process that created it,
and any concurrent processes it has created
are abruptly discarded. So our external messages and events
involve a whole lot of purely internal messages and events.
And the event handler has to know what internal object this
message came from,
which for external messages is the in-regards-to field,
or is implicit in the in-reply-to field.
If you could be receiving events from different kinds of
objects about different matters, well, you have to have
different kinds of handlers. And usually you are only
receiving messages from only one such object, but in
irritatingly many special cases, several such objects.
But it does not make sense to write for the fully general case
when the fully general case is so uncommon, so we handle this
case ad-hoc by a special field, which is defined only for this
message type, not defined as a general quality of all messages.
It typically makes sense to assume we are handling only one kind
of message, possibly of variant type, from one object, and in
the other, special, cases, we address that case ad hoc by additional
message fields.
But if we support `std:variant`, there is a whole lot of overlap
between handling things by a new variant, and handling things
by a new callback member.
The recipient must have associated a handler, consisting of a
call back and an opaque pointer to the state of the concurrent process
on the recipient with the messages referenced by at least one of

11
docs/libraries.md
View File

@ -367,6 +367,17 @@ Of course missing from this from Jim's long list of plans are DDoS protection, a
The net is vast and deep. Maybe we need to start cobbling these pieces together. The era of centralized censorship needs to end. Musk will likely lose either way, and he's only one man against the might of so many paper tigers that happen to be winning the information war.
## Lightning node
[`rust-lightning`]:https://github.com/lightningdevkit/rust-lightning
{target="_blank"}
[`rust-lightning`] is a general purpose library for writing lightning nodes, running under Tokio, that is used in one actual lightning node implementation.
It is intended to be integrated into on-chain wallets.
It provides the channel state as "a binary blob that you can store any way you want" -- which is to say, ready to be backed up onto the social net.
# Consensus

26
docs/manifesto/sox_accounting.md
View File

@ -53,7 +53,7 @@ And suddenly people stopped being willing to pay Enron cash on the
barrelhead for goods, suddenly stopped being willing to sell Enron goods
on credit. Suddenly Enron could no longer pay its employees, nor its
landlord. Its employees stopped turning up, its landlord chucked their
furniture out into the street.
stuff out into the street.
Problem solved.
@ -118,14 +118,34 @@ was an earthly reflection of the divine scales of justice and the symmetry of Go
When the dust settled over the Great Minority Mortgage Meltdown it became apparent that
the books of the financial entities involved had little connection to God's creation.
The trouble with postmodern accounting is that what goes into the asset column,
what goes into the liability column, and what goes into the equity column
bears little relationship to what is actually an asset, a liability, or equity,
little relationship to God Creation.
(Modernity begins in the seventeenth century, with joint stock
publicly traded limited liability corporation, the industrial revolution,
and the scientific revolution. Postmodernity is practices radically different from,
and fundamentally opposed to, the principles of the that era. Such as detaching
the columns of the books from the real things that correspond to those names. If
science is done by consensus, rather than the scientific method described in "the
skeptical chymist", it is postmodern science, and if the entries in the books do not
actually correspond to real liability, real assets, and real equity,
it is postmodern bookkeeping. Postmodern science is failing to produce the results
that modern science produced, and postmodern bookkeeping is failing
to produce the results that modern bookkeeping produced.)
The state has been attacking the cohesion of the corporation just as it has been attacking
the cohesion of the family. Modern corporate capitalism is incompatible with SoX,
because if your books are detached from reality,
because if your books are detached from reality.
lies that hostile outsiders demand that you believe,
the corporation has lost that which makes it one person.
When the books are lie imposed on you by hostile outsiders you lose cohesion around profit,
When the books are a lie imposed on you by hostile outsiders you lose cohesion around profit,
making things, buying, selling, and satisfying the customer,
and instead substitute cohesion around gay sex, minority representation, and abortion rights.
If the names of the columns do not mean what they say, people do not care about the effects
of their actions on those columns.
Notice Musk's tactic of making each of his enterprises a moral crusade,
and also of giving them a legal form that evades SoX accounting. Which legal form does
not permit their shares to be publicly traded.

2
docs/names/zookos_triangle.svg
View File

@ -3,7 +3,7 @@
width="width: 100%" height="100%"
viewBox="-2500 -2400 4870 4300"
style="background-color:#ddd">
<g fill="none" font-family="Georgia" font-size="200"
<g fill="none" font-family="DejaVu Serif, serif" font-size="200"
font-weight="400"
>
<path stroke="#d8d800" stroke-width="36.41"

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.5 KiB

After

Width:  |  Height:  |  Size: 2.5 KiB

2
docs/pandoc_templates/logo.svg
View File

@ -2,7 +2,7 @@
xmlns="http://www.w3.org/2000/svg"
width="width: 100%" height="100%"
viewBox="-2 -2 4 4">
<g fill="#0F0" font-family="Georgia" font-size="2.4">
<g fill="#0F0" font-family="DejaVu Serif, serif" font-size="2.4">
<g id="h3">
<g id="h2">
<path id="flame" stroke="#0D0" stroke-width="0.05"

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 688 B

After

Width:  |  Height:  |  Size: 700 B

4
docs/pandoc_templates/style.css
View File

@ -1,7 +1,7 @@
body {
max-width: 30em;
margin-left: 1em;
font-family: "Georgia, Times New Roman", Times, serif;
font-family: "DejaVu Serif, Georgia, Times New Roman", Times, serif;
font-style: normal;
font-variant: normal;
font-weight: normal;
@ -45,7 +45,7 @@ td, th {
text-align: left;
}
pre.terminal_image {
font-family: 'Lucida Console';
font-family: 'DejaVu Sans Mono, Lucida Console, sans-serif';
background-color: #000;
color: #0F0;
font-size: 75%;

154
docs/setup/set_up_build_environments.md
View File

@ -87,14 +87,38 @@ in Virtual Box. Update /etc/apt/sources.list from Bullseye
to Bookworm. Run apt update and apt upgrade.
After that you have a functioning Debian 12 UEFI Virtual machine.
### server in virtual box
If it is a server and you are using nfs, don't need guest additions and therefore
do not need module-module assistant, and may not need the build stuff.
```bash
sudo -i
apt-get -qy update
apt-get -qy full-upgrade
apt-get -qy install dnsutils curl sudo dialog rsync zstd avahi-daemon nfs-common
```
To access disks on the real machine, create the empty directory `«/mytarget»` directory and add the line
```bash
«my-nfs-server»:/«my-nfs-subdirectory» «/mytarget» nfs4
```
to `/etc/fstab`
to test that it works without rebooting: `mount «/mytarget»`
### Guest Additions
If you are running it through your local machine, you want to bring up
the gui and possibly the disk access through guest additions
To install guest additions on Debian:
```bash
sudo -i
apt-get -qy update && apt-get -qy install build-essential module-assistant
apt-get -qy install git dnsutils curl sudo dialog rsync zstd
apt-get -qy install git dnsutils curl sudo dialog rsync zstd avahi-daemon nfs-common
apt-get -qy full-upgrade
m-a -qi prepare
apt autoremove -qy
@ -255,13 +279,42 @@ Setting them in `/etc/bash.bashrc` sets them for all users, including root. But
The line for in fstab for optical disks needs to given the options `udf,iso9660 ro,users,auto,nofail` so that it automounts, and any user can eject it.
Confusingly, `nofail` means that it is allowed to fail, which of course it will
if there is nothing in the optical drive.
if there is nothing in the optical drive. If you have `auto` but not `nofail` the system
will not boot into multi-user let along gui unless there is something in the drive.
You get dropped into single user root logon (where you will see an error message
regarding the offending drive and can edit the offending fstab).
`'user,noauto` means that the user has to mount it, and only the user that
`user,noauto` means that the user has to mount it, and only the user that
mounted it can unmount it. `user,auto` is likely to result in root mounting it,
and if `root` mounted it, as it probably did, you have a problem. Which
problem is fixed by saying `users` instead of `user`
## Setting up Ubuntu in Virtual box
The same as for Debian, except that the desktop addition lacks openssh-server, it already has avahi-daemon to make the name available, and the install program will setup auto login for you.
```bash
sudo apt install openssh-server.
```
Then ssh in
### Guest Additions
```bash
sudo -i
apt-get -qy update && apt-get -qy install build-essential dkms
apt-get -qy install git dnsutils curl sudo dialog rsync zstd
apt-get -qy full-upgrade
apt autoremove -qy
```
Then you click on the autorun.sh in the cdrom through the gui.
```bash
usermod -a -G vboxsf cherry
```
## Setting up OpenWrt in VirtualBox
OpenWrt is a router, and needs a network to route. So you use it to route a
@ -777,18 +830,20 @@ nano /etc/ssh/sshd_config
Your config file should have in it
```default
UsePAM no
HostKey /etc/ssh/ssh_host_ed25519_keyd
PermitRootLogin prohibit-password
ChallengeResponseAuthentication no
PasswordAuthentication no
PubkeyAuthentication yes
PermitTunnel yes
X11Forwarding yes
PasswordAuthentication no
UsePAM no
ChallengeResponseAuthentication no
AllowAgentForwarding yes
AllowTcpForwarding yes
GatewayPorts yes
X11Forwarding yes
TCPKeepAlive yes
PermitTunnel yes
HostKey /etc/ssh/ssh_host_ed25519_key
ciphers chacha20-poly1305@openssh.com
macs hmac-sha2-256-etm@openssh.com
kexalgorithms curve25519-sha256
@ -847,7 +902,6 @@ only use the ones I have reason to believe are good and securely
implemented. Hence the lines:
```default
HostKey /etc/ssh/ssh_host_ed25519_key
ciphers chacha20-poly1305@openssh.com
macs hmac-sha2-256-etm@openssh.com
kexalgorithms curve25519-sha256
@ -957,6 +1011,21 @@ ufw allow 3389
ufw reload
```
This does not result in, or even allow, booting into
mate desktop, because it does not supply the lightdm, X-windows
and all that. It enables xrdp to run the mate desktop remotely
xrdp has its graphical login manager in place of lightdm, and does
not have anything to display x-windows locally.
If you want the option of locally booting int mate desktop you
also want lightDM and local X11, which is provided by:
```bash
apt update && apt upgrade -y
apt install task-mate-desktop
```
```terminal_image
$ systemctl status xrdp
● xrdp.service - xrdp daemon
@ -3674,6 +3743,71 @@ flatpack environment, is going to not have the same behaviours. The programmer
has total control over the environment in which his program runs which means
that the end user does not.
# tor
Documenting this here because all the repository based methods
of installing tor that are everywhere documented don't work
and are apt to screw up your system.
## enabling tor services
This is needed by programs that use tor, such as cln (core lightning) but not needed by the tor browser
```bash
install tor
systemctl enable --now tor
nano /etc/tor/torrc:
```
In 'etc/tor/torrc`uncomment or add
```default
ExitPolicy reject *:* # no exits allowed
ControlPort 9051
CookieAuthentication 1
CookieAuthFile /var/lib/tor/control_auth_cookie
CookieAuthFileGroupReadable 1
DirPort 0
ORPort 0
```
ControlPort should be closed, so that only applications running on your computer can get to it.
DirPort and ORPort, if set, should be open -- whereupon you are running as a bridge.
Which you probably do not want, but are good for obfuscation traffic.
Because the cookie file is group readable,
applications running on your computer can read it to control tor through the control port.
It is a good idea to firewall this port so that it is externally closed, so that nothing
outside the computer can control tor.
DirPort and ORPort tell tor to advertise that these ports are open. Don't open or advertise them (set to zero), because then you are running as a bridge.
If you want to run as a bridge to create obfuscation:
```default
DirPort «your external ip address»:9030
ORPort «your external ip address»:9001
```
## installing tor browser
[Torproject on Github](https://torproject.github.io/manual/installation/){target="_blank"} provides information that actually works.
Download the tar file to your home directory, extract it, and execute the command as an ordinary user, no `sudo`, no root, no mucking around with `apt``
```bash
tar -xf tor-browser-linux-x86_64-13.0.8.tar.xz
cd tor-browser
./start-tor-browser.desktop --register-app
```
The next time you do a graphical login, tor will just be there
and will just work, with no fuss or drama. And it will itself
check for updates and nag you for them when needed.
# Censorship resistant internet
## [My planned system](social_networking.html)

34
docs/setup/wireguard.md
View File

@ -146,6 +146,7 @@ On the server
sudo mkdir -p /etc/wireguard
wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key
sudo chmod 600 /etc/wireguard/ -R
sudo chmod 700 /etc/wireguard
```
On the client
@ -154,6 +155,7 @@ On the client
sudo mkdir -p /etc/wireguard
wg genkey | sudo tee /etc/wireguard/private.key | wg pubkey | sudo tee /etc/wireguard/public.key
sudo chmod 600 /etc/wireguard/ -R
sudo chmod 700 /etc/wireguard
```
# Configure Wireguard on server
@ -173,25 +175,25 @@ The curly braces mean that you do not copy the text inside the curly braces, whi
```default
[Interface]
# public key = CHRh92zutofXTapxNRKxYEpxzwKhp3FfwUfRYzmGHR4=
# public key = «CHRh92zutofXTapxNRKxYEpxzwKhp3FfwUfRYzmGHR4=»
Address = 10.10.10.1/24, «AAAA:AAAA:AAAA:AAAA»:«BBBB:BBBB:BBBB»:0001/112
ListenPort = 115
PrivateKey = iOdkQoqm5oyFgnCbP5+6wMw99PxDb7pTs509BD6+AE8=
PrivateKey = iOdkQoqm5oyFgnCbP5+6wMw99PxDb7pTs509BD6+AE8=»
[Peer]
PublicKey = rtPdw1xDwYjJnDNM2eY2waANgBV4ejhHEwjP/BysljA=
PublicKey = «rtPdw1xDwYjJnDNM2eY2waANgBV4ejhHEwjP/BysljA=»
AllowedIPs = 10.10.10.4/32, «AAAA:AAAA:AAAA:AAAA»:«BBBB:BBBB:BBBB»:0009/128
[Peer]
PublicKey = YvBwFyAeL50uvRq05Lv6MSSEFGlxx+L6VlgZoWA/Ulo=
PublicKey = «YvBwFyAeL50uvRq05Lv6MSSEFGlxx+L6VlgZoWA/Ulo=»
AllowedIPs = 10.10.10.8/32, «AAAA:AAAA:AAAA:AAAA»:«BBBB:BBBB:BBBB»:0019/128
[Peer]
PublicKey = XpT68TnsSMFoZ3vy/fVvayvrQjTRQ3mrM7dmyjoWJgw=
PublicKey = «XpT68TnsSMFoZ3vy/fVvayvrQjTRQ3mrM7dmyjoWJgw=»
AllowedIPs = 10.10.10.12/32, «AAAA:AAAA:AAAA:AAAA»:«BBBB:BBBB:BBBB»:0029/128
[Peer]
PublicKey = f2m6KRH+GWAcCuPk/TChzD01fAr9fHFpOMbAcyo3t2U=
PublicKey = «f2m6KRH+GWAcCuPk/TChzD01fAr9fHFpOMbAcyo3t2U=»
AllowedIPs = 10.10.10.16/32, «AAAA:AAAA:AAAA:AAAA»:«BBBB:BBBB:BBBB»:0039/128
```
@ -235,6 +237,7 @@ Change the file permission mode so that only root user can read the files. Priv
```bash
sudo chmod 600 /etc/wireguard/ -R
sudo chmod 700 /etc/wireguard
```
## IPv6
@ -665,6 +668,7 @@ Change the file mode so that only root user can read the files.
```bash
chmod 600 /etc/wireguard/ -R
chmod 700 /etc/wireguard
```
Start WireGuard.
@ -701,28 +705,16 @@ The status should look something like this:
```terminal_image
# systemctl status wg-quick@wg-client0.service
wg-quick@wg-client0.service - WireGuard via wg-quick(8) for wg/client0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; disabled; vendor preset: enabled)
Active: active (exited) since Wed 2023-12-27 03:48:41 +08; 1min 11s ago
wg-quick@wg-client0.service - WireGuard via wg-quick(8) for wg/client0
Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; preset: enabled)
Active: inactive (dead)
Docs: man:wg-quick(8)
man:wg(8)
https://www.wireguard.com/
https://www.wireguard.com/quickstart/
https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
Process: 2913 ExecStart=/usr/bin/wg-quick up wg-client0 (code=exited, status=0/SUCCESS)
Main PID: 2913 (code=exited, status=0/SUCCESS)
CPU: 109ms
Dec 27 03:48:41 backups wg-quick[2913]: [#] ip -6 route add ::/0 dev wg-client0 table 51820
Dec 27 03:48:41 backups wg-quick[2913]: [#] ip -6 rule add not fwmark 51820 table 51820
Dec 27 03:48:41 backups wg-quick[2913]: [#] ip -6 rule add table main suppress_prefixlength 0
Dec 27 03:48:41 backups wg-quick[2913]: [#] nft -f /dev/fd/63
Dec 27 03:48:41 backups wg-quick[2913]: [#] ip -4 route add 0.0.0.0/0 dev wg-client0 table 51820
Dec 27 03:48:41 backups wg-quick[2913]: [#] ip -4 rule add not fwmark 51820 table 51820
Dec 27 03:48:41 backups wg-quick[2913]: [#] ip -4 rule add table main suppress_prefixlength 0
Dec 27 03:48:41 backups wg-quick[2913]: [#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
Dec 27 03:48:41 backups wg-quick[2913]: [#] nft -f /dev/fd/63
```
Now go to this website: `http://icanhazip.com/` to check your public IP address. If everything went well, it should display your VPN servers public IP address instead of your client computers public IP address.