hellozeronet / documentation Goto Github PK

A request packet has its unique request ID. A ZeroNet implementation interprets a response packet with the help of the request ID. If an attacker spoofs the request ID in a malicious response packet, then the implementation cannot properly interpret the response, and may incorrectly abort the previous request. This attack works even when the attacker does not run the Internet infrastructure. Consider the following example.

When sequential request ID works:

A --> B
<getFile, req_id=0>

B --> A
<response, to_req_id=0, file_content=bytes>

A: I got a response for request 0. It has file payload in it.

When sequential request ID does not work:

A --> B
<getFile, req_id=0>

C --> A
<response, to_req_id=0, error>

B --> A
<response, to_req_id=0, file_content=bytes>

A: I got a response for request 0. I can decode this response properly. It says there is
   an error on the other side.
A: I got a response for request 0. I handled request 0 a second ago, dropping this
   response.

There are algorithms that handle request IDs more safely.

• Store an (ip_address, port, request_id) tuple as the real identifier. Does not work with connectionless sockets, such as datagram. Denies "retry," which may be a problem for the peers that have poor connectivity. This seems too restrictive.

• Generate random request IDs. Take 4 bytes of random data from os.urandom and convert them to an integer.

Which algorithm does ZeroNet use?

Please provide the specification for the big file support feature. If you don't know where to start, here are some example topics to write about.

How big files are hashed. How merkle trees are made.

Piece size, hashing algorithm, number of leaf nodes, etc.

How a big file is represented in content.json

Piece field format, hashing algorithm, keywords, etc.

Does big file support introduce changes to the network protocol?

Are big files transmitted over the current network protocol? Is the network protocol changed?

What are the preferred ways to store an incomplete big file?

How did you do it.

The status of the current specification.

Draft, pending review, recently revised, final version, etc.

As the example shows, not all fields are necessary, therefore some should be marked as optional.

Explain PEX for .onion addresses. If we get more organized we can figure out how to implement IPv6 peer exchange.

What deterministic algorithms/formatting parameters are used to format a JSON file for signing?

• Identation method?
• Sort keys?
• Which keys are removed prior to signing?

It appears as if only I can write to the database, can I make it in such a way that everyone can write to it?

Just noticed this commit! It's actually quite powerful and could be used to eliminate the need for a database (when handling data files). I'm writing a small site to show you what I mean, but for now fileList should probably be added to the API

How to use ZeroNet in Tor browser? advices telling TB to not send traffic to 127.0.1 through Tor. While this is required for ZeroNet to work, this might also allow malicious sites to fetch content from other ports and allow fingerprinting users.

I am thinking of http://127.0.0.1:631 which is CUPS/printing web interface (often used in Linux, macOS), http://127.0.0.1:8080/ can be anything (IPFS uses it by default, I have Syncthing there, I think µTorrent also uses it for remote UI), transmission-daemon uses 9091 if I recall correctly.

Currently loading the site (from the ZeroNet clone or readthedocs) asks for resources from https://fonts.googleapis.com, https://fonts.gstatic.com and http://zeronet.disqus.com.

Wouldn't it be more zeronet-like to use internal fonts/resources? That wouldn't be possible with disqus, but can't we replace it with ZeroTalk and/or ZeroChat?

New steps are:

• Start the Tor Browser
• Go to address about:config & accept risk warning
• search "no_proxies_on"
• double click the preference entry
• enter 127.0.0.1 & press OK

shapeshift.io doesnt profide namecoin anymore

Once HelloZeroNet/ZeroNet#1856 gets into a tagged release, https://zeronet.io/docs/faq/#how-can-i-register-a-bit-domain should have its JSON example updated accordingly.

MORE SCREENSHOTS on Intro Page Leads to 404

This must be placed in the documentation: HelloZeroNet/ZeroNet#1258 (comment)

I am mainly wondering:

• What commands does Zeronet issue Tor controlport/controlsocket?
• Are the created hidden services / onions persistent or are they regenerated upon Zeronet restart or when?
  • Is it possible to have accidentally HiddenServiceSingleHopMode/HiddenServiceNonAnonymousMode onions?
    • What happens if those onions are given to anonymous hidden service again? (Tor itself is said to prevent this at least for the onions generated by it).

My two last questions are, because I started running multiple Tor instances on the sme host, one for single hop onions for faster SSH through NATs and one for normal client (as single hop onions require SocksPort 0). Only later I checked how to make the client be used by everything instead of the single hop onion and I wonder if the client is compromised by Zeronet even if it only hosts Zeronet services. My Zeronet instance itself is not compromised, because I am running it in both Tor and clearnet IPv6.

I think the two first questions could also interest other users in the FAQ or similar place.

JS is being loaded but yet the bars remain blank. This should be fixed before the redesign is deployed on readthedocs.

I have limited devtools at the moment, can anyone dig into this? Also broken on my running instance at https://zerodocs.amorgan.xyz/help_zeronet/donate/

In the documentation the "signers_sign" property in the data/users/content.json file states that the format of the signed string is [signers_required]:[signer address],[signer address]

Does that mean that one has to concat the text like so:

"signers_required:1LcsFJPGfirbL4x6zJ41tPJBxNQ87h9wuG,12bZndAwUbiuxENeKcXqt26ctQr81TvLBv"

(addresses are just for an example)

then sign it with the private keys associated with the addresses?

There lacks documentation on how to create your own ID provider. Explanation of user cert format and ZeroNet's interpretation of user certificate is needed.

The Multiuser plugin's ZeroFrame commands are currently undocumented.

Please explain the format of file diffs, and add the explanation/specification to the docs.

We should just download the font and put it on the site. Will be better for the ZeroNet-hosted version.

Hello,

This project looks very interesting. I'd like to build and read the doc, but on debian:11.3, the build process fails with:

mkdocs build -f mkdocs-fr.yml -d site-fr
ERROR   -  Config value: 'markdown_extensions'. Error: Failed loading extension "pymdownx.superfences".
ERROR   -  Config value: 'plugins'. Error: Plugin value: 'lang'. Error: "fr" is not a supported language code.

Aborted with 2 Configuration Errors!
make: *** [run] Error 1

I have the following mkdocs packages installed:

mkdocs mkdocs-doc mkdocs-bootstrap mkdocs-nature

Any hint ?

Hi all, I posted some messages around various groups but forgot to signal here that I'm working on the italian version of the documentation.
At the moment I forked the repository here https://github.com/mymage/Documentation/tree/master-it-documentation.
On completion I will open a PR.

I am not sure if there is a version already on zeronet ?

The documentation is failing to build due to a lack of updated mkdocs and mkdocs-material pypi packages, seen here: https://readthedocs.org/projects/zeronet/builds/7896970/

The rtd config is unfortunately not in this repo. Could you update it on the rtd side so it has those changes @HelloZeroNet?

Continuation of #95

Essentially you'll want to set up a webhook for whenever master is pushed to. This will then send out a notification, which a program like https://github.com/OllieJones/git-webhook-responder/blob/master/README.md can respond to and run a command, like mkdocs build, on.

It's not too difficult to set up and self-host. We'll also need to provide a redirect from the existing documentation URLs to the new ones. My suggestion is just replacing each page with some text that says "The documentation has moved to docs.zeronet.io. You will be redirected in 5 seconds, otherwise click here".

And then we have some JS that will take them to the exact docs page they wanted to go to, but now on the new domain.

I'm fine with writing the JS and getting that working if you're ok with doing the hosting part @HelloZeroNet?

Is this for ZeroNet's internal usage only?

In the documentation there is a section that explain everything we need to know oncontent.json. It has a subsection call signs.

See (https://github.com/HelloZeroNet/Documentation/blob/master/docs/en/site_development/content_json.md)

A code snippet in python showing how it is working would be nice to help people understand how it works.

Let me show you by giving you my thought process while reading the getting started:

It starts with the overview where I'm told that php isn't working with zeronet that alone is such turnoff that I almost closed the page and ignored zeronet. At least write "not yet" because no php means anything php related like phpBB would have to be coded from scratch in javascript. Coding something like phpBB would take years. PHP is pretty much a must, without it there is no chance casual developers will use zeronet.

Then there is that basic structure with 0 explantion.

• What is ZeroFrame.coffee? What does it contain? Why does it exist?
• MySite.coffee = it's called my site does that mean I have to write in there in coffeescript?
• all.js file Does that mean I have to put all my script files in there?

The coffee files will allow me to use ZeroFrame API. What is ZeroFrame? Why do I need
to use it?

At least the content.json is explained a bit.

Then ZeroNet Debug mode and Extra features

• I thought this is a getting started? I don't even know how to use the ZeroFrame API yet.

Copy ZeroFrame.coffee to your site's js/lib/ directory

-link to ZeroFrame.coffee is broken, thus ending the whole tutorial. Oh well I can still rad a bit further.

-The code block has 0 comments So do I need to learn coffescript just to be able to make a website
for zero net? Ill just press next and see how it goes further.

ZeroFrame API Reference

• Where did the tutorial go? Great an API without any kind of explanation. The examples are just blobs of code without any comments.

There is written: These commands handled by wrapper frame and does not sent to UiServer using websocket.

Which makes it worse:

-What is the wrapper? How does the wrapper work? Why does it not send to UIServer. What is the UiServer?

With this kind of getting started nobody will be able to make websites for zeronet. The result is that ppl leave and wait for zeronet to get more userfriendly. Or join your irc channel and bother you like I did.

please add this line into 如何在Tor浏览器中使用ZeroNet？

对于Tor浏览器 9.0 以后的版本，请按如下设置：

• 在地址栏输入： about:config 并接受风险警示
• 搜索项目 no_proxies_on
• 双击并修改为127.0.0.1，接受修改
• 重新打开http://127.0.0.1:43110

which is the translation from the new english version in order to help the new users with Tor Browser 9.0.X

The Zeronet logo on the nav bar is missing for english documentation.

Section How to make ZeroNet work with Tor under Linux/MacOS? go

Install Tor for your OS following Tor's official guidelines: Linux Mac.

Link to official guidelines for Linux gives 404 Not Found

We have to add a vitrualenv and replace the lunr.min.js in mkdocs package directory.

Non-Admin Commands:

• announcerInfo - no params
• ping - sends pong to zite
• siteReload inner_path
• dirList inner_path - Lists directories in a directory

Admin Commands:

• serverGetWrapperNonce - Create a new wrapper nonce that allows to load html file
• announcerStats
• permissionAdd permission
• permissionRemove permission
• permissionDetails permission
• siteList connecting_sites=false - List all site info
• siteAdd address
• siteSetLimit size_limit
• userGetGlobalSettings
• userSetGlobalSettings settings
• serverShowdirectory directory="backup", inner_path

Async Commands:

• fileGet
• fileList
• dirList
• fileNeed

Let's make sure the documentation respect the Web Content Accessibility Guidelines (https://www.w3.org/WAI/standards-guidelines/wcag/).

It could also be mentioned in the documentation. It should be set as a standard.

Is it worth it to keep the comments?

Pros:

• Allows people to discuss a single page of the docs
• Easy to access and see

Cons:

• Discussion can happen on GitHub instead
• Lots of people begging for crypto in comments
• Connecting to centralized Disqus may annoy some decentralized enthusiasts

How to use ZeroNet with the Tor browser?¶

In Tor mode it is recommended to use ZeroNet from within the Tor Browser:

Start the Tor Browser
Go to address about:preferences#advanced
Click Settings...
Enter 127.0.0.1 to field No proxy for
Open http://127.0.0.1:43110 in the browser

If you still see a blank page: - Click on NoScript's button (first on the toolbar) - Choose "Temporary allow all this page" - Reload the page

what settings?

I'm trying to launch the site after I fork and clone the project. When I run py start.py I get the error:

Traceback (most recent call last):
   File "E:/Workspace/Intellij/Documentation/start.py", line 6, in <module>
     from mkdocs.cli import cli
ImportError: No module named mkdocs.cli

So what is this mkdocs.cli thing? Is there something missing in the code? I'm running on Windows 7 and using both Python 2.7 and Python 3.5 and I've had mkdocs 0.17.3 installed.

According to the documentation,

max 512 bytes got sent in a request, so you need multiple requests for larger files.

However, there is an experimental option

--stream_downloads Stream download directly to files (experimental)

I would insist on using the former method, since it is easier to implement, and it allows portage to datagram sockets.

Edit: Thanks for clarification. It turns out in streaming mode, the file data is appended after, not nested into, the response.

For example, in datagram programming, you write:

data, address = sock.recvfrom(32*1024)

Then you hope one or more ZeroNet packets will fit into your 32k buffer.

 Buffer                (32k)
+---------------------------+
|###########################|   [ # ] - filled
|##################         |   [   ] - empty
|                           |
+---------------------------+

Make it a stream and parse it until exhausted:

stream = BytesIO(data)

If a packet is bigger than the buffer, then there is no way to fully receive the packet. It will be truncated, and the oversize part will be thrown away by the kernel.

ZeroNet Documentation http://zeronet.readthedocs.org/ --> ZeroNet Documentation https://zeronet.readthedocs.org/

See #112

Not entirely sure if this is a large or small amount of work, but if I'm not mistaken, it should be possible to control ZeroNet's python daemon by speaking Websocket to it from places outside of the browser? Such as a C++ websockets library?

If so, some documentations of commands accepted by the Websockets server would be appreciated. I imagine they're very similar to those in the ZeroFrame API, but some guidance on the formatting for the actual Websocket request would most definitely be appreciated!

Hello,

on the top right of the page https://zeronet.readthedocs.io/en/latest/ is "Edit on GitHub" but it points to:
https://github.com/HelloZeroNet/ZeroNet
instead of:
https://github.com/HelloZeroNet/Documentation

i found only one related file: /Documentation/readthedocs/breadcrumbs.html

if this is intended, i apologize, please close this

Hello,

instructions on how to setup Zeronet with Tor on Linux:
https://github.com/HelloZeroNet/Documentation/blob/a6f0aff9277ba0abab59fff1dd323d904ce77ca2/docs/en/faq.md#how-to-make-zeronet-work-with-tor-under-linuxmacos

but these instructions may not be sufficing to make it working, per this comment:
HelloZeroNet/ZeroNet#1440 (comment)

so how to change the instructions to be more universal and simple?

Can the command like the following be more efficient for various Linux distributions?

I know it means more things to fail, but i still think that it would mean higher chances people get Tor working.

1. sudo su

toruser="$(ls -l /var/lib/tor|tail -n1|awk '{print $3}')" && for var in CacheDirectoryGroupReadable CookieAuthFileGroupReadable DataDirectoryGroupReadable ExtORPortCookieAuthFileGroupReadable;do if [ "$(grep -v \"#\" /etc/tor/torrc)" != *"$var 1"* ];then sed -i "/$var/d" /etc/tor/torrc && echo "$var 1" >> /etc/tor/torrc;fi;done;sed -i "/User /d" /etc/tor/torrc && echo "User $toruser" >> /etc/tor/torrc;sudo sed -i "s|#ControlPort|ControlPort|g" /etc/tor/torrc;sudo sed -i "s|#CookieAuthentication|CookieAuthentication|g" /etc/tor/torrc;exit

More readable format:

toruser="$(ls -l /var/lib/tor|tail -n1|awk '{print $3}')"
for var in CacheDirectoryGroupReadable CookieAuthFileGroupReadable DataDirectoryGroupReadable ExtORPortCookieAuthFileGroupReadable;do
 if [ "$(grep -v \"#\" /etc/tor/torrc)" != *"$var 1"* ];then
  sed -i "/$var/d" /etc/tor/torrc && echo "$var 1" >> /etc/tor/torrc;
 fi
done
sed -i "/User /d" /etc/tor/torrc && echo "User $toruser" >> /etc/tor/torrc
sudo sed -i "s|#ControlPort|ControlPort|g" /etc/tor/torrc;sudo sed -i "s|#CookieAuthentication|CookieAuthentication|g" /etc/tor/torrc
exit

Description:
It gets the Tor username
checks torrc for 4 enabled variables that may be needed for the things to work (per the issue linked above)
If not enabled, it will enable these
It will add Tor username into the torrc (i have found on my Linux that this was necessary for the Tor to work)
Then uncomment two necessary variabled in torrc

Or can some installation wizard script be part of the zeronet or the command like above would be put into github script and people just instructed to run the script ( wget --no-check-certificate https://github/script.sh -O - | sh ). I do not like sudo part in it, but to modify Torrc is needed?

Those that I know about:

• prompt
  • Reply with "to" (the request's ID number) and "result" (any type, or just string?) fields
• notification
• response (the standard)
• confirm
• setSiteInfo

People like these, and apparently they work on Desktop and Mobile now.

Not super high priority for something to keep in the TODO list.

The following is metadata that can be included in <head> to customize the PWA icon and signify it is a PWA in the first place.

<link rel="apple-touch-icon-precomposed" href="../bat.png?v=2.2" />
  <meta name="apple-mobile-web-app-capable" content="yes" />
  <meta name="mobile-web-app-capable" content="yes" />