From 2a3bd9e0233bf9b30032004072ad159b8b893330 Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Wed, 15 Jun 2022 09:27:17 +1000 Subject: [PATCH 1/6] proposing altered setup, which likely will be changed again by someone else --- README.html | 187 ---------------------------------------- docs/rootDocs/README.md | 7 ++ 2 files changed, 7 insertions(+), 187 deletions(-) delete mode 100644 README.html diff --git a/README.html b/README.html deleted file mode 100644 index b4c8405..0000000 --- a/README.html +++ /dev/null @@ -1,187 +0,0 @@ - - - - - - - README - - - - - -
-

README

-
-

pre alpha documentation (mostly a wish list)

-

copyright © and license

-

pre-requisite, Pandoc to build the html documentation from the markdown files.

-

Windows pre-requisites: Visual Studio and git-bash

-

To obtain the source code from which the project can be built, including -this README, from the bash command line (git-bash in windows).

-
git clone --recurse-submodules missing url
-

To configure and build the required third party libraries in windows, then -build the program and run unit test for the first time, launch the Visual -Studio X64 native tools command prompt in the cloned directory, then:

-
winConfigure.bat
-

Should the libraries change in a subsequent pull you will need

-
git pull
-rem you get a status message indicating libraries have been updated.
-git pull -force --recurse-submodules
-winConfigure.bat
-

in order to rebuild the libraries.

-

The --force is necessary, because winConfigure.bat changes -many of the library files, and therefore git will abort the pull.

-

winConfigure.bat also configures the repository you just created to use -.gitconfig in the repository, causing git to to implement GPG signed -commits – because cryptographic software is under attack from NSA -entryists and shills, who seek to introduce backdoors.

-

This may be inconvenient if you do not have gpg installed and set up.

-

.gitconfig adds several git aliases:

-
    -
  1. git lg to display the gpg trust information for the last four commits. -For this to be useful you need to import the repository public key -public_key.gpg into gpg, and locally sign that key.
    2. -
  2. git graph to graph the commit tree with signing status
    3. -
  3. git alias to display the git aliases.
    4. -
-
# To verify that the signature on future pulls is
-# unchanged.
-gpg --import  public_key.gpg
-gpg --lsign 096EAE16FB8D62E75D243199BC4482E49673711C
-

We ignore the Gpg Web of Trust model and instead use the Zooko -identity model.

-

We use Gpg signatures to verify that remote repository code -is coming from an unchanging entity, not for Gpg Web of Trust. Web -of Trust is too complicated and too user hostile to be workable or safe.

-

Never –sign any Gpg key related to this project. –lsign it.

-

Never check any Gpg key related to this project against a public -gpg key repository. It should not be there.

-

Never use any email address on a gpg key related to this project -unless it is only used for project purposes, or a fake email, or the -email of an enemy. We don’t want Gpg used to link different email -addresses as owned by the same entity, and we don’t want email -addresses used to link people to the project, because those -identities would then come under state and quasi state pressure.

-

To build the documentation in its intended html form from the markdown -files, execute the bash script file docs/mkdocs.sh, in an environment where -pandoc is available. On Windows, if Git Bash and Pandoc -has been installed, you should be able to run this shell -file in bash by double clicking on it.

-

Pre alpha release, which means it does not yet work even well enough for -it to be apparent what it would do if it did work.

- - diff --git a/docs/rootDocs/README.md b/docs/rootDocs/README.md index 15fb852..e3a166c 100644 --- a/docs/rootDocs/README.md +++ b/docs/rootDocs/README.md @@ -74,6 +74,13 @@ of Trust is too complicated and too user hostile to be workable or safe. Never --sign any Gpg key related to this project. --lsign it. +`gitconfig` disallows merges unless you have told `gpg` to trust the +public key corresponding to the private key that signed the tip of +the root. So part of the pull request process is getting the puller to +trust your public key, and you will not be able to pull updates +unless you tell `gpg` to trust the key that is in the root directory as +`public_key.gpg`. + Never check any Gpg key related to this project against a public gpg key repository. It should not be there. From 5517b7814aa9b215de3dc2dcd6148d61c9127473 Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Thu, 16 Jun 2022 08:37:48 +1000 Subject: [PATCH 2/6] social networking algorithm designed --- docs/set_up_build_environments.md | 6 ++++++ docs/social_networking.md | 25 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/docs/set_up_build_environments.md b/docs/set_up_build_environments.md index 925ad0b..b6f82d8 100644 --- a/docs/set_up_build_environments.md +++ b/docs/set_up_build_environments.md @@ -176,6 +176,12 @@ Setting up an actual server is similar to setting up the virtual machine modelling it, except you have to worry about the server getting overloaded and locking up. +On an actual server, you probably want to totally disable passwords by corrupting the shadow file once you have `ssh` working. + +```bash +usermod -L root +``` + If a server is configured with an [ample swap file] an overloaded server will lock up and have to be ungracefully powered down, which can corrupt the data on the server. If the swap file is inadequate, the OOM killer will shut diff --git a/docs/social_networking.md b/docs/social_networking.md index 8aab0e7..d9263f3 100644 --- a/docs/social_networking.md +++ b/docs/social_networking.md @@ -264,6 +264,31 @@ So, you can navigate to whole world’s public conversation through approved links and reply-to links – but not every spammer, scammer, and shill in the world can fill your feed with garbage. +## Algorithm and data structure. + +For this to work, the underlying structure needs to be something based on +the same principles as Git and git repositories, except that Git relies on +SSL and the Certificate Authority system to locate a repository, which +dangerous centralization would fail under the inevitable attack. It needs to + have instead for its repository name system a Kamelia distributed has +table within which local repositories find the network addresses of remote +repositories on the basis of the public key of a Zooko identity of a person +who pushed a tag or a branch to that repository, a branch being a thread, +and the branch head in this case being the most recent response to a thread +by a person you are following. + +The messages of the people you are following are likely to be in a +relatively small number of repositories, even if the total number of +repositories out there is enormous and the number of hashes in each +repository is enormous, so this algorithm and data structure will scale, and +the responses to that thread that they have approved, by people you are not +following, will be commits in that repository, that, by pushing their latest +response to that thread to a public repository, they committed to that +repository. + +Each repository contains all the material the poster has approved, resulting +in considerable duplication, but not enormous duplication. + The underlying protocol and mechanism is that when you are following Bob, you get a Bob feed from a machine controlled by Bob, or controlled by someone that Bob has chosen to act on his behalf, and that when Bob From 8693cbadcf8f4981ca595d68ddc035842dfdbcdf Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Thu, 16 Jun 2022 09:46:40 +1000 Subject: [PATCH 3/6] fixing repo configuration to better handle radical submodule changes --- .gitconfig | 5 ++++- docs/set_upstream.sh | 52 ++++++++++++++++++++++++++++++++++++++++++++ winConfigure.sh | 2 +- 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 docs/set_upstream.sh diff --git a/.gitconfig b/.gitconfig index 507547f..fc87133 100644 --- a/.gitconfig +++ b/.gitconfig @@ -1,6 +1,7 @@ [core] autocrlf = input whitespace = -tab-in-indent,tabwidth=4,indent-with-non-tab,trailing-space,space-before-tab + whitespace = fix safecrlf=warn [apply] whitespace = fix @@ -12,5 +13,7 @@ [commit] gpgSign = true [submodule] - recurse = true + recurse = true +[diff] + submodule = log diff --git a/docs/set_upstream.sh b/docs/set_upstream.sh new file mode 100644 index 0000000..50d1750 --- /dev/null +++ b/docs/set_upstream.sh @@ -0,0 +1,52 @@ +#!/bin/bash +set -e +set -x +echo intended to be run in the event of moving repositories +git remote -v +git remote set-url origin git@cpal.pw:~/wallet.git +git submodule foreach --recursive 'git remote -v' +cd libsodium +git remote set-url origin git@cpal.pw:~/libsodium.git +git remote set-url upstream https://github.com/jedisct1/libsodium.git +cd .. +cd mpir +git remote set-url origin git@cpal.pw:~/mpir.git +git remote set-url upstream https://github.com/BrianGladman/mpir.git +cd .. +cd wxWidgets +git remote set-url origin git@cpal.pw:~/wxWidgets.git +git remote set-url upstream https://github.com/wxWidgets/wxWidgets.git +cd .. +cd wxWidgets/3rdparty/catch +git remote set-url origin git@cpal.pw:~/Catch.git +git remote set-url upstream https://github.com/wxWidgets/Catch.git +cd ../../.. +cd wxWidgets/3rdparty/nanosvg +git remote set-url origin git@cpal.pw:~/nanosvg +git remote set-url upstream https://github.com/wxWidgets/nanosvg +cd ../../.. +cd wxWidgets/3rdparty/pcre +git remote set-url origin git@cpal.pw:~/pcre +git remote set-url upstream https://github.com/wxWidgets/pcre +cd ../../.. +cd wxWidgets/src/expat +git remote set-url origin git@cpal.pw:~/libexpat.git +git remote set-url upstream https://github.com/wxWidgets/libexpat.git +cd ../../.. +cd wxWidgets/src/jpeg +git remote set-url origin git@cpal.pw:~/libjpeg-turbo.git +git remote set-url upstream https://github.com/wxWidgets/libjpeg-turbo.git +cd ../../.. +cd wxWidgets/src/png +git remote set-url origin git@cpal.pw:~/libpng.git +git remote set-url upstream https://github.com/wxWidgets/libpng.git +cd ../../.. +cd wxWidgets/src/tiff +git remote set-url origin git@cpal.pw:~/libtiff.git +git remote set-url upstream https://github.com/wxWidgets/libtiff.git +cd ../../.. +cd wxWidgets/src/zlib +git remote set-url origin git@cpal.pw:~/zlib.git +git remote set-url upstream https://github.com/wxWidgets/zlib.git +cd ../../.. +winConfigure.sh diff --git a/winConfigure.sh b/winConfigure.sh index 01e1f5f..fb77a4d 100644 --- a/winConfigure.sh +++ b/winConfigure.sh @@ -3,7 +3,7 @@ set -e set -x git submodule foreach --recursive 'git reset --hard' git submodule foreach --recursive 'git clean -xdf' -git submodule update --init --recursive +git submodule update --init --recursive --remote git config --local include.path ../.gitconfig set +e set +x From fdb84ac8801f4e3490aa50e0c955db73e27e207f Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Thu, 16 Jun 2022 10:46:09 +1000 Subject: [PATCH 4/6] modified: style.css modified: ../libraries/review_of_crypto_libraries.md --- docs/libraries/review_of_crypto_libraries.md | 2 +- docs/pandoc_templates/style.css | 6 ++++++ docs/social_networking.md | 9 +++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/docs/libraries/review_of_crypto_libraries.md b/docs/libraries/review_of_crypto_libraries.md index 9141f3f..b865adc 100644 --- a/docs/libraries/review_of_crypto_libraries.md +++ b/docs/libraries/review_of_crypto_libraries.md @@ -188,7 +188,7 @@ way. Going to use base52 for any purposes for which my bright idea would have been useful, so should be rewritten to base64 regardless. Using the hash of shared state goes together with immutable -append only Merkle-patricia trees like ham and eggs, though you +append only Merkle‑patricia trees like ham and eggs, though you don't need to keep the potentially enormous data structure around. When a connection has no activity for a little while, you can discard everything except a very small amount of data, primarily the keys, diff --git a/docs/pandoc_templates/style.css b/docs/pandoc_templates/style.css index 95fdd89..30ee994 100644 --- a/docs/pandoc_templates/style.css +++ b/docs/pandoc_templates/style.css @@ -1,6 +1,12 @@ body { max-width: 30em; margin-left: 1em; + font-family: "Georgia, Times New Roman", Times, serif; + font-style: normal; + font-variant: normal; + font-weight: normal; + font-stretch: normal; + font-size: 16px; } table { border-collapse: collapse; diff --git a/docs/social_networking.md b/docs/social_networking.md index d9263f3..916d4a6 100644 --- a/docs/social_networking.md +++ b/docs/social_networking.md @@ -277,6 +277,15 @@ who pushed a tag or a branch to that repository, a branch being a thread, and the branch head in this case being the most recent response to a thread by a person you are following. +The Distributed hash table key will be:\ +`human readable area of interest name/#public key of zooko name/ +human readable branch name/#hash of data item`\ +so that items that are likely to be looked up together will likely be near +each other on the same physical disk, and transmitted over the same +network connection. When someone approves of a text, then it goes into a +repository he controls or has write access to, and gets a corresponding key +in the distributed hash table. + The messages of the people you are following are likely to be in a relatively small number of repositories, even if the total number of repositories out there is enormous and the number of hashes in each From 566198a6d5307fd50150d8d921013ce89c4179ca Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Thu, 16 Jun 2022 18:53:22 +1000 Subject: [PATCH 5/6] modified: docs/social_networking.md --- docs/social_networking.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/docs/social_networking.md b/docs/social_networking.md index 916d4a6..7f7afed 100644 --- a/docs/social_networking.md +++ b/docs/social_networking.md @@ -278,7 +278,11 @@ and the branch head in this case being the most recent response to a thread by a person you are following. The Distributed hash table key will be:\ +<<<<<<< Updated upstream `human readable area of interest name/#public key of zooko name/ +======= +`#public key of zooko name/ +>>>>>>> Stashed changes human readable branch name/#hash of data item`\ so that items that are likely to be looked up together will likely be near each other on the same physical disk, and transmitted over the same @@ -286,6 +290,19 @@ network connection. When someone approves of a text, then it goes into a repository he controls or has write access to, and gets a corresponding key in the distributed hash table. +<<<<<<< Updated upstream +======= +Which is not exactly a distributed hash table, for a hash table relies on the uniform distribution of hashes for its efficiency, and, because we want things likely to be looked up together at the same network address on the same physical machine, this is a very non uniform distribution. But it will still be efficient, because by the time you walk the network past the zooko +key, you will seldom have very far to walk. Walk the network to the end of +the zooko key, you are at a machine to which that identity has write +access, and thus, he has the authority and incentive to make things work. + +Rather than being a distributed hash table, this is a distributed patricia tree. +But it will work if the person who controls a particular Zooko name +structures the data under his name in accordance with the characteristics of +the lookup process, and if he does not, other people will fail to find the material in his repositories, and that is his problem, which he can fix. + +>>>>>>> Stashed changes The messages of the people you are following are likely to be in a relatively small number of repositories, even if the total number of repositories out there is enormous and the number of hashes in each From fb210a9b7a1f1dcb1912294a802d4abaf1c6c6f3 Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Sat, 18 Jun 2022 19:21:04 +1000 Subject: [PATCH 6/6] suggested disabling root account. modified: set_up_build_environments.md --- LICENSE.html | 84 ------------------------------- NOTICE.html | 83 ------------------------------ RELEASE_NOTES.html | 72 -------------------------- docs/set_up_build_environments.md | 50 +++++++++++++++++- 4 files changed, 48 insertions(+), 241 deletions(-) delete mode 100644 LICENSE.html delete mode 100644 NOTICE.html delete mode 100644 RELEASE_NOTES.html diff --git a/LICENSE.html b/LICENSE.html deleted file mode 100644 index 8ccc91d..0000000 --- a/LICENSE.html +++ /dev/null @@ -1,84 +0,0 @@ - - - - - - - LICENSE - - - - - -
-

LICENSE

-
-

Copyright © 2021 reaction.la gpg key 154588427F2709CD9D7146B01C99BB982002C39F

-

This distribution of free software contains numerous other -distributions with other compatible free software licenses and copyrights. -Those files and directories are governed by their own license, and their -combination and integration into this project by this license and this -copyright, and anything in this distribution not otherwise licensed and -copyrighted in this distribution is governed by this license, and this -copyright.

-

Licensed under the Apache License, Version 2.0 (the “License”); -you may not use this distribution of software except in compliance with the License. -You may obtain a copy of the License at -https://directory.fsf.org/wiki/License:Apache-2.0

-

Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an “AS IS” BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License.

- - diff --git a/NOTICE.html b/NOTICE.html deleted file mode 100644 index 916f3fb..0000000 --- a/NOTICE.html +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - - NOTICE - - - - - -
-

NOTICE

-
-

Copyright © 2021 reaction.la gpg key 154588427F2709CD9D7146B01C99BB982002C39F

-

The license of this software, and the licenses of the packages on which it -relies, grant the four software freedoms:

-
    -
  1. The freedom to run the program as you wish, for any purpose.
    2. -
  2. The freedom to study how the program works, and change it so it -does your computing as you wish.
    3. -
  3. The freedom to redistribute copies so you can help others.
    4. -
  4. The freedom to distribute copies of your modified versions to -others.
    5. -
-

This software is licensed under the apache 2.0 license.

-

This product includes several packages, each with their own free software licence, referenced in the relevant files or subdirectories.

-

Or, in the case of Sqlite, the Sqlite blessing in place of a license, which is -morally though not legally obligatory on those that obey the -commandments of Gnon. See also the contributor code of conduct.

- - diff --git a/RELEASE_NOTES.html b/RELEASE_NOTES.html deleted file mode 100644 index 8143673..0000000 --- a/RELEASE_NOTES.html +++ /dev/null @@ -1,72 +0,0 @@ - - - - - - - Release Notes - - - - - -
-

Release Notes

-
-

To build and run README

-

pre alpha documentation (mostly a wish list) (In order to read these on this local system, you must first execute the document build script mkdocs.sh, with bash, sed and pandoc)

-

This software is pre alpha and should not yet be released. It does -not work well enough to even show what it would do if it was -working

- - diff --git a/docs/set_up_build_environments.md b/docs/set_up_build_environments.md index b6f82d8..7a1d0d3 100644 --- a/docs/set_up_build_environments.md +++ b/docs/set_up_build_environments.md @@ -176,10 +176,36 @@ Setting up an actual server is similar to setting up the virtual machine modelling it, except you have to worry about the server getting overloaded and locking up. -On an actual server, you probably want to totally disable passwords by corrupting the shadow file once you have `ssh` working. +On an actual server, it is advisable to enable passwordless sudo for one user. + +issue the command `visudo` and edit the sudoers file to contain the line: + +``` default +cherry ALL=(ALL) NOPASSWD:ALL +``` + +That user can now sudo any root command, with no password login nor ssh in for root. And can also get into the root shell with `sudo su -l root` + +On an actual server, you may want to totally disable passwords to +accounts that have sensitive information by corrupting the shadow file ```bash -usermod -L root +usermod -L cherry +``` +When an account is disabled in this manner, you cannot login at the +terminal, and may be unable to ssh in, but you can still get into it by `su -l cherry` from the root account. And if you have disabled the root account, +but have enabled passwordless sudo for one special user, you can still get + into the root account with `sudo -s` or `sudo su -l root` But if you disable + the root account in this manner without creating an account that can sudo + into root passwordless, you are hosed big time. So instead, once `ssh` is + working, give one user passwordless sudo, make sure you can ssh into that + account, and disable password and ssh access to the root account. + +You can always undo the deliberate corruption by setting a new password, +providing you can somehow get into root. + +```bash +passwd -D cherry ``` If a server is configured with an [ample swap file] an overloaded server will @@ -198,6 +224,26 @@ on wake. Swapping should never escalate to lockup, and if it does, bad memory management design, though this misfeature seems common to most operating systems. +When the OS detects the cpu idling while waiting for pages to be loaded +into memory, should disable one process so its pages do not get loaded for +a while, and derank all pages in memory that belong to that process, and +derank all pages that belong to processes waiting on that process. When the +cpu has idle time, and nothing to do for enabled processes, because +everything they need has been done, and is only awaiting for disabled +processes to get their pages loaded, then the OS can re-enable a disabled +process, whereupon its virtualed paged get loaded back into physical +memory, possibly resulting in some other process starting to thrash and +getting disabled. So instead paging out the least recently used page, pages out an entire process, and stalls it until the cpu is adequately responsive to the remaining processes, and has been adequately responsive for a little +while. This is inefficient, but it is a lot more efficient than a computer +thrashing on paging. If the computer is stalling waiting on page load, then +it is just running more processes than it can run, and the least recently used page algorithm is not going to accomplish anything useful. Some entire +processes just have to be paged out, and stay paged out, until the +remaining processes have completed and are idling. A thrashing computer +is not running anything at all. Better that is run some things, and from time +to time changes those things. + +When the cpu has nothing to do because all the processes are waiting for pages to be loaded, something has to be done. + I prefer an ample swap file, larger than total memory, plus [thrash protect], which will result in comparatively graceful degradation, plus the existence of the file `/tmp/thrash-protect-frozen-pid-list` will tell you that your