build01490: 2021-03-14
Freenet 0.7.5 build 1490 is now available.
This release provides three different changes:
- streaming in the browser,
- mitigating the pitch black attack, and
- providing the windows-installer from the node again.
For streaming, it builds on the m3u-filter to provide
direct in-browser streaming. Currently
it works with audio (mp3 and ogg vorbis)
and video (ogg theora) in sufficient quality for
music playlists and specially crafted video-streams.
With this change, adding a media-tag that references an m3u-list like
<audio src="stream.m3u" controls="controls">
not supported?
</audio>
or
<video src="stream.m3u" controls="controls">
<a href="stream.m3u">stream.m3u</a>, starting with <a href="sff-001.ogv">sff-001.ogv</a>.
Putting the first video here causes freesitemgr to more likely
put the first video into the container, giving faster initial startup.
</video>
In Sharesites you need to add at least one space before the tag.
There are three example sites:
- Audio-Playlist: USK@1wpsnrzb9fiFmmq6OozoZ0Mnk376AlizUKjKPh3TXwM,CwfRO8X0xaCUzH28eoHigxUV-5TkRV8hCoQdO2kmsQM,AQACAAE/streaming-over-fproxy/3/
- Streaming Video: USK@UGh1rxaHczJVr4k4LwxWrxFBc-Dt5P0F3IuPONpp8ZQ,klWF5g9B2PLst8tRO8c9tzk6XvisGynFVJRzM8-9718,AQACAAE/stream-36c3-sff/3/
- Radio Interview: USK@4DQ15JpGlVGDdyXvQE3Egz7SLK2TzMAUmp~aptnwyt4,ljFASreV8AHaQhscfrNLuVyl3qksltgP9sndtLuUHB8,AQACAAE/stream-radiocc-freenet/1/
This follows an old idea to enhance freesites with strictly checked interactivity,
similar to userscripts but without the security implications of adding a script
that might have a very different threat model than Freenet itself.
Also this release ships a mitigation for the pitch black attack.
For details see https://www.mail-archive.com/[email protected]/msg55182.html
Mitigating the pitch black attack is supported by NLnet
as part of the NGI0 PET Fund.
For details see https://nlnet.nl/project/Freenet-Routing/
Thank you!
There are still more tests needed to ensure that the change suffices
to resolve the main objection that existed among people well-versed
in the technical background of Freenet, GNUnet, and others
against using the friend-to-friend mode of Freenet since 2007.
It used to be far too easy to break a pure friend-to-friend net
Arne Babenhauserheide
(all nodes using high-security mode). This should be resolved now.
And finally the UOM transfer max sizes were tripled,
so the windows-installer provided by Freenet nodes gets updated again,
and the annoying warning about freenet-latest-installer-windows.exe
during install and update disappears.
Thank you for using Freenet!
Arne Babenhauserheide
Developer changelog:
2021-03-14
Changes in 1490:
- inject vanilla Javascript m3u-player into Freesites
to get in-browser playlist streaming (with config to disable if needed).
Thanks to nextgens and desyncr for the review! - mitigate the pitch black attack following
https://www.mail-archive.com/[email protected]/msg55182.html
Thanks to nextgens and x for the review! - triple the UOM transfer max sizes
so the windows-installer provided by nodes gets updated again.
Thanks to desyncr for the review!
[m3u-player] inject vanilla Javascript m3u-player into Freesites
[m3u-player] adjust ContentFilterTest: header with script-source
experiments in location manager, do not compile
start experimenting with highlevelsimpleclient
Implement initial untested pitch-black defense
[m3u-player] prefetch the next three tracks to smooth segment-sizes
pitchBlack: add intra-day persistency and cleanup
pitchBlack: fix: decode yesterdays file content as base64
improve stats (missed commit)
pitchBlack: also secure the CHK store
Choose between SSK und Pubkey at random
create a local variable to hold LocalDateTime.now() and queue next job at beginning to avoid try-block
use secure random (CSPRNG) for the KSK filename
cleanup leftover removal: if deletion failed, use deleteOnExit, and only listFiles once.
replace base64 encoding of file contents by plain UTF-8 encoding.
only interpret DNF as isRequestExceptionBecauseUriIsNotAvailable (= must swap)
change prefix of status files
fix imports
skip UTF_8 and bufferedWriter: we’re dealing with raw bytes.
fix imports
add config option for the m3u-player embedding
add l10n for config option for the m3u-player embedding
triple max size for update file transfers to avoid errors due to the larger windows installer
use constants for the max sizes over update
Update default bookmark editions
Update default bookmark editions
Build 1490