diff --git a/CHANGESTODO b/CHANGESTODO index 0d9221f..1cada40 100644 --- a/CHANGESTODO +++ b/CHANGESTODO @@ -11,6 +11,11 @@ vim:nosmarttab:syntax=diff | Then again, no. psyced is in low maintenance mode since it roughly | does what it should and we need a distributed communication system | such as secushare.org anyway. +________________________________________________________________________ +== LIBPSYC / PSYC2 ===================================================== +¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ +- check packet and variable lengths for sanity before allocating memory + ________________________________________________________________________ == NUISANCES worth fixing, possibly ==================================== ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ diff --git a/world/net/include/net.h b/world/net/include/net.h index 87d337a..47115ca 100644 --- a/world/net/include/net.h +++ b/world/net/include/net.h @@ -102,6 +102,9 @@ # endif #endif +// virtual IP network of GNUnet exit service +#define IS_GNUNET(ip) abbrev("169.254.86.", ip) + #define HAS_PORT(PORT, PATH) (defined(PATH) && defined(PORT) && PORT - 0) // also need HAS_TLS_PORT() ? @@ -279,6 +282,7 @@ #define PRIVACY_SURVEILLED 0 #define PRIVACY_UNKNOWN -1 #define PRIVACY_MITMX509 23 -#define PRIVACY_REASONABLE 44 +#define PRIVACY_REASONABLE 42 +#define PRIVACY_GOOD 44 #endif diff --git a/world/net/library/tls.c b/world/net/library/tls.c index f98cc22..de3673b 100644 --- a/world/net/library/tls.c +++ b/world/net/library/tls.c @@ -186,14 +186,12 @@ string tls_bad_cipher(object sock, string scheme) { return 0; } -// Do not use server technologies like psyced for strong -// privacy or anonymity requirements. Get started using -// distributed technologies instead. Check out: -// http://youbroketheinternet.org -// http://secushare.org -// But if you're happy with half-baked security, here you -// have it: -// -lynX 2015 +// This function handles safety via TLS, Tor and GNUnet. The +// latter of the three is the distributed system you should +// be using. --lynX 2016 +// +// FIXME: move this function to a different library file... +// "tls" is no longer appropriate // int probably_private(object source) { // object has no TCP to it. you have to ask its circuit. @@ -214,6 +212,15 @@ int probably_private(object source) { // only the server itself could be considered secure. // ) return PRIVACY_REASONABLE; + // + // Coming from GNUnet means that we are ourselves a + // GNUnet node. This increases the chances that we + // are a private individual's machine in a private + // home rather than a server in a computing centre. + // Let's guess that is good news. + // + if (IS_GNUNET(query_ip_number(source))) return PRIVACY_GOOD; + // # if __EFUN_DEFINED__(tls_query_connection_state) // Alas, this person is using a TLS/SSL-enhanced // access protocol which, unless the client implements diff --git a/world/net/sockets.c b/world/net/sockets.c index 6f70c9d..873b6bf 100644 --- a/world/net/sockets.c +++ b/world/net/sockets.c @@ -25,6 +25,7 @@ static string safetypin(object o, string ip) { SECURE_IP_NUMBER(ip) ? "*" : #endif is_localhost(ip) ? "=" : + IS_GNUNET(ip) ? "#" : #if __EFUN_DEFINED__(tls_query_connection_state) tls_query_connection_state(o) ? "+" : #endif diff --git a/world/net/user.c b/world/net/user.c index d0d9942..ee6eb31 100644 --- a/world/net/user.c +++ b/world/net/user.c @@ -1602,6 +1602,10 @@ logon() { # endif ); } + } else { + unless (beQuiet) w("_status_circuit_encryption_good", + // FIXME: just for fun.. if we want to keep it, it belongs into the textdb + "Congratulations. You are using GNUnet's forward secret end-to-end encryption."); } #endif // cannot if (greeting) here this since jabber:iq:auth depends on this