although fork is minimal enough for people to check it against latest official py3 commit themselves, eventually there might be need for security fixes so we need to establish a community of developers/maintainers to get things done in trust-worthy manner

Yesterday, I had played with favicon for one of my project, finally get an idea, that would be more compatible for zeronet one :)

Also, prefer some plain templates, with minimum dynamics and special effects blinking, maybe the subject for new template also. Just thoughts would be nice to make some rebranding as this project looks pretty interesting.

Replace Zeromail with Zeromailx in homepage, please
Zeromailx address:
http://127.0.0.1:43110/Mail.ZeroNetX.bit/

e.g. approaching

• 10MiB recommends 20 (makes sense)
• approaching 20 recommends 50
• ~80MiB recommends 200

etc

I had some errors on installation 0net on the one of my machines running latest Debian. Unfortunately lost raw log, just bellow.
In my case, few additional packages needed to be installed manually - it solve the issue. Maybe should be added to README or requirements file?

python3 -m pip install -U idna

and

apt install pkg-config

Just for a note.

Step 1: Please describe your environment

• ZeroNet version: 2022.03.19 zeronet-conservancy master d1198e8
• Operating system: Android 12 with Termux
• Web browser: Google Chrome
• Tor status: disabled
• Opened port: no
• Special configuration: no

Step 2: Describe the problem:

the files page and stats page not work well

Steps to reproduce:

1. start zeronet-conservancy
2. open http://127.0.0.1:43110/ in browser
3. click files or stats on the side bar

Expected Results:

• Just like that the original HelloZero.

the goal of this fork is , essentially , security . although ZeroNet used to be slightly more than one-person project , the code is still a mess and there's little reason to trust it lacks vulnerabilities (even if for some reason you believe original creator wouldn't put backdoors there)

my ultimate goal is to create a safe , easy to understand 0net-compatible alternative , but for that to happen i need (a team) to write it from scratch in a safe language . meanwhile , we're stuck with 0net and auditing code and fixing potential vulnerabilities would make the future of 0net and p2p networks at large more bright

http://127.0.0.1:43110/1DocsYf2tZVVMEMJFHiDsppmFicZCWkVv1/faq/#how-to-make-zeronet-work-with-tor-under-linux linked in home-page as Tor connection refused help page is outdated
There is no /var/run/tor/control.authcookie

OS: EndeavourOS (using arch-based distro because of pacman-bintrans. Although I think only PoW blockchain is only effective method when we dealing with system level binary transparency and not log transparency method)

the only reason it's hard to implement is because of sandboxing . that shouldn't stop us from trying though

they can expire and thus contradict the idea of data stability

• show a warning when using .bit address
• redirect all .bit usage to hash-code addresses

note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for coincurve
Failed to build gevent coincurve
ERROR: Could not build wheels for gevent, coincurve, which is required to install pyproject.toml-based projects

basically HelloZeroNet#1988

in current circumstances this has become even more important and should be possible to do by user (e.g. all nofish keys should be considered compromised and freezed by default , but on the other hand there should mechanism of still being notified of new changes with those keys to decide what to do)

Step 1: Please describe your environment

• ZeroNet version: 0.7.4
• Operating system: FreeBSD 13
• Web browser: Chrome
• Tor status: always
• Opened port: yes
• Special configuration: n/a

Step 2: Describe the problem:

Data dir is /var/db/zeronet, where downloaded websites are.
ZN is installed into /usr/local/share/zeronet.
There is a link /usr/local/share/zeronet/data -> /var/db/zeronet.

Before this was sufficient to set data_dir, now this isn't sufficient.
This is a compatibility issue. It's better to not have such compatibility problems.

this is crucial for the purposes of this project — preserving lowest trust-required 0net that keeps working with torv3 . without it , we can get lost with other one-two-patch "forks"

• mission goal description
• replace name in py code
• replace name in js code
• make custom Hello* page
• make a clearnet site
• make a new logo
• make sure branding is consistent everywhere

i've contacted a few people who previously packaged zeronet for arch (through aur), altlinux and freebsd as well as some gentoo overlay at https://github.com/leycec/raiagent

if you anyone who have previously packaged zeronet or could be interested in doing so, feel free to contact them or let me know . the only thing is that since we strive to be a transparent project , i would ask anyone promoting zeronet-conservancy to not misinform people that we're "official" or the only fork . if you prefer our fork , there are reasons for that and it's better telling them than presenting as the only choice ^_^

Suppose after some updates (maybe in requirements.txt), 0net instance crash on launch with error:

zeronet.py

Unhandled exception: argument --ui_password: conflicting option string: --ui_password

Traceback (most recent call last):
  File "/zeronet-conservancy/zeronet.py", line 52, in main
    import main
  File "/zeronet-conservancy/src/main.py", line 76, in <module>
    config.loadPlugins()
  File "/zeronet-conservancy/src/Config.py", line 546, in loadPlugins
    ConfigPlugin(self)
  File "/zeronet-conservancy/src/Config.py", line 541, in __init__
    self.createArguments()
  File "/zeronet-conservancy/plugins/disabled-UiPassword/UiPasswordPlugin.py", line 164, in createArguments
    return super(ConfigPlugin, self).createArguments()
  File "/zeronet-conservancy/plugins/Zeroname/SiteManagerPlugin.py", line 69, in createArguments
    return super(ConfigPlugin, self).createArguments()
  File "/zeronet-conservancy/plugins/UiPassword/UiPasswordPlugin.py", line 162, in createArguments
    group.add_argument('--ui_password', help='Password to access UiServer', default=None, metavar="password")
  File "/usr/lib/python3.9/argparse.py", line 1446, in add_argument
    return self._add_action(action)
  File "/usr/lib/python3.9/argparse.py", line 1648, in _add_action
    action = super(_ArgumentGroup, self)._add_action(action)
  File "/usr/lib/python3.9/argparse.py", line 1460, in _add_action
    self._check_conflict(action)
  File "/usr/lib/python3.9/argparse.py", line 1597, in _check_conflict
    conflict_handler(action, confl_optionals)
  File "/usr/lib/python3.9/argparse.py", line 1606, in _handle_conflict_error
    raise ArgumentError(action, message % conflict_string)
argparse.ArgumentError: argument --ui_password: conflicting option string: --ui_password

plugins.json

{
  "builtin": {
    "UiPassword": {
      "enabled": true
    }
  }
}

zeronet.conf pasword the same

ui_password = ***

i'm not sure whether that will ever happen during zeronet-conservancy existence or only when the project is completely migrated to riza , but letting people access the network without installing traditional software is one of an important goals

could be done either by running existing codebase through wasm or waiting til riza has a native solution or some hybrid scheme where the data sync is actually done on existing 0net , but can be accessed in browser without any specific proxy (which implies keeping private keys there)

something acts wrong when you're trying to use plugin config to enable plugins vs directory rename . the whole thing should be investigated and either fixed or non-working method should be thrown out

see e.g. #68

this will resolve the issue of losing keys and having to manually back up , as long as user chooses strong encryption method (still , most likely password cause otherwise it's a chicken-egg like problem)

environment

• ZeroNet version: last
• Operating system: win 10
• Web browser: Chrome
• Tor status: disabled
• Opened port: yes

the problem:

1. open page http://127.0.0.1:43110/Config
2. setting Trackers something
3. click save button
4. web console error:
   Uncaught TypeError: Cannot read properties of undefined (reading 'default') at UiConfig.saveValues (all.js?rev={rev}&lang=zh:1951:91) at UiConfig.saveValues (all.js?rev={rev}&lang=zh:1836:59) at UiConfig.handleSaveClick (all.js?rev={rev}&lang=zh:1999:12) at HTMLAnchorElement.<anonymous> (all.js?rev={rev}&lang=zh:1836:59) at HTMLAnchorElement.<anonymous> (all.js?rev={rev}&lang=zh:889:37)
5. open ws messages,can see this:
   ↓{"cmd": "response", "to": 3, "result": {"error": "You don't have permission to run configList"}, "id": 4}

I try to debug the code，when cmd equal 'configList', in hasCmdPermission function return False

UiPassword fails to log in with some broken cookies

<...>

it's confusing to people

please let me know if you've tried and any of them work for you

current 0hello is making life of newcomers miserable and unaware of latest stuff around 0net

• new admin page with updated sites
• propose more new sites by default
• ask for admin permissions
• admin page choice

e.g. 0.7.2 changelog is empty . it would be nice to have it completed

i can't find original issue , but 0net doesn't delete (and probably keeps seeding? needs investigating) content posted by blocked users

:43110/apple-touch-icon.png

<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">

<style>
* { font-family: Consolas, Monospace; color: #333; }
code { font-family: Consolas, Monospace; background-color: #EEE }
</style>
<h1>Not Found</h1>
<h2>src/Ui/media/img//apple-touch-icon.png</h3>

I have 24/7 virtual server and would like to participate the network support.

What exactly needed for 0net ecosystem running? Usually it's DNS seeders to share initial connections (seems that initial connections here are hardcoded), sometimes, blocks mining..

In few words, how does 0net infrastructure works and what is required to keep it going?

Understand, that to be user is enough (by the data sharing) just I'm not always online. Maybe some guide to set-up remote node?

Thanks!

originally posted on ZeroTalk: http://127.0.0.1:43110/1TaLkFrMwvbNsooF4ioKAY9EuxTBTjipT/?Topic:1648583593_13oRBYqNeUr6Tvgt4KkAT9FT4XRiKFBjnE/obsoleting+ZeroID+looking+for+consensus

so more and more users who try to join 0net discover that they can't obtain ZeroID anymore. there are a few things we can do about this: ask people to add different id providers on their sites (wouldn't work: not every actively used site is maintained), fake ZeroID or get rid of the "certificate" idea altogether.

i think we should do the latter option. certificates other than ZeroID were never meaningful: they either don't fulfil intended task (ensuring unique names and potentially validating identities) by allowing any ID to be used any number of times or haven't lived for any serious period of time. and ZeroID that at least provides unique names was never good: it was a centralized server created to emulate clearnet feel of usernames@domains. it was a crutch. we should just disable cert checking and use cryptographic IDs (at least for everyone who doesn't have an existing ID).

there are two issues with this:

• outdated nodes will not see or propagate data by users w/o certificates

• generating ids becomes 0 cost so spam attacks are more viable

first issue requires certain amount of people signing off with this. we don't need everyone's agreement, just an active majority.

second issue might be fixed by introducing alternative system. no one is going to write it though. so we have a choice of facing spam or death of the network. on the bright note, we're still to see spam attacks on kaffie hub or any other site accepting kaffie (or other similar) ids. regardless, this is short-term question. 0net is not going to last forever and its best chance is to get integrated into a better network

I'm trying to create 0net mirror of https://twisterarmy.github.io website.

But I have some problems with the rendering:

1. Getting 404 error for css, fonts and images addresses, because website running in the frame and base tag could not be applied
2. All URL links configured to use extension-less URI (without .html postfix) so can I apply some solution, without changing in the website code

The address of site is 1PdfH9GQGT5ahR9WwYMzZCyBNdxA2pFdg7
Maybe Ctrl+Shift+i say more.

Thanks for any ideas!

Android/Termux works mostly fine , but requires advanced knowledge (this is fine for now since neither 0net version is supposed to be used by users with zero tech security understanding) and there are termux issues on some setups (android system kills the process)

note that we're only interested in reproducible builds , any other attempts at making zeronet-conservancy builds for android can be considered security vulnerability . contacting f-droid project might be a good idea

this results in all pages leading to error 500 . some traceback

  File "src/Ui/UiServer.py", line 42, in run_application
    super(UiWSGIHandler, self).run_application()
  File "venv/lib/python3.9/site-packages/gevent/pywsgi.py", line 946, in run_application
    self.process_result()
  File "src/lib/gevent_ws/__init__.py", line 271, in process_result
    super(WebSocketHandler, self).process_result()
  File "venv/lib/python3.9/site-packages/gevent/pywsgi.py", line 930, in process_result
    for data in self.result:
  File "plugins/TranslateSite/TranslateSitePlugin.py", line 60, in actionPatchFile
    for part in file_generator:
  File "src/Ui/UiRequest.py", line 811, in actionFile
    block = self.replaceHtmlVariables(block, path_parts)
  File "src/Ui/UiRequest.py", line 749, in replaceHtmlVariables
    themeclass = "theme-%-6s" % re.sub("[^a-z]", "", user.settings.get("theme", "light"))

python venv , look into docker work

For right now, I'm using actual nocert branch, here is couple of warnings at the top bar:

DbQuery error: OperationalError: unrecognized token: "')" in UiWebsocket.py line 682 > SiteStorage.py line 239 > 229 > Db.py line 150 > DbCursor.py line 107

Not sure if you've seen this, but geekless has a fork with lots of bug fixes here: https://github.com/zeronet-enhanced/ZeroNet. Some of the other contributors moved there too. It might make sense to join forces, either merging the changes from this repository there or the other way round. I believe I have owner permissions on geekless's fork if that comes in handy.

it's more complicated than i thought due to iframe issues , but it would help both with transitioning & proxies

Step 1: Please describe your environment

• ZeroNet version: 0.7.3.2 r5002, commit 072a5dd
• Operating system: Manjaro Linux
• Web browser: Firefox Nightly 99.0a1 (2022-02-09)(64-bit) and Brave (Version 1.35.100 Chromium: 98.0.4758.87 (Official Build) unknown (64-bit))
• Tor status: disabled
• Opened port: no
• Special configuration: Installed per instructions in readme.

Step 2: Describe the problem:

When trying to update settings, the configuration change button starts an never-ending "loading animation".
This lasts until site is reloaded, and no settings were changed.

Steps to reproduce:

1. Install zeronet-conservancy per instructions.
2. Go to http://127.0.0.1:43110/Config
3. Try to change any of the settings (for example port number and logging level)
4. Observe behaviour as explained.

Observed Results:

This lasts indefinately until site reload.

Expected Results:

I expected the settings to save.

Would be nice to see auto-upgrade feature with server reboot option.

Not sure how to properly implement the version check yet, I just wish to see upgrade alert & grab latest version from the current branch (or maybe from release).

Step 1: Please describe your environment

• ZeroNet version: 0.7.3 (rev5000) 69aaceb
• Operating system: EndeavourOS
• Web browser: _____
• Tor status: not available
• Opened port: Not possible by VPN

Step 2: Describe the problem:

Steps to reproduce:

1. http://127.0.0.1:43110/Talk.ZeroNetwork.bit/?Topic:1642926621_1NZftAz9VSawGF5JgMYGFv4ByoKEaQbNZu&amp;amp;amp;amp;wrapper_nonce=ba896576ae2db27d4584b014ddbe24905c5966f9728fd95a19d1e86366e9c96b&amp;amp;amp;wrapper_nonce=f93959e7702a1247c82e4013fc684a7e9478baa49a77ce49c0b2d9ae5bf830e6&amp;amp;wrapper_nonce=88cfe576d930b47c0ed7f6c4571f20e943f31ce4168c10bed9a3e54173dfbdbf&amp;wrapper_nonce=0f021b08638087326d5bff891573ee68f2fdaa982e1b94fabc59e334520252c5

Observed Results:

• Page switch between multiple pages infinitely

HelloZeroNet#2496 that brought them didn't have any previous contributor consent collected . at the same time the wording is also legally ambiguous . luckily cc-by-sa 4.0 allows relicensing to gplv3 , so we may almost completely safely remove that dubious clause

thoughts?

Suppose, the main reason of ZeroNet users lost - is unfixed issues with new ID registration.

I can't register using kxoid.bit and zeroid.bit from different IPs. Also, many same issues I've found starting from 2019:
Error while during request: Forbidden Please try again later

Maybe, something would be rewritten basically in the Auth algorithms - move out from the classical usernames to auto-generated hashes of public keys or make these services optional to start writing.

this is an umbrella issue for issues related to compatibility with nextgen p2p network

pubkeys are proper IDs , but they are hard on people . obsolete cert system was never properly designed , zeroid is centralized and alternatives either don't work (such as kxoid) or do not meet the identity requirements (kaffie etc) . a proper system might use user-maintained dictionaries of which pubkey is associated with which name (and that doesn't have to be the same for everyone – internally all user links should only refer to pubkeys)

I had registered username trough zero.bit service and then, installed new node with other certificates at the data folder.

How can I properly import my existing seed key as don't see any the UI tools for that, just creating new one?
I won't to import all folder, maybe few rows in config changing would be enough?

Thanks!

Is your feature request related to a problem? Please describe.
The legacy HelloZeroNet has a feature [Open site directory] in Sidebar. It has been removed when added [Browse files] feature. But that was convenient to open directory in system file manager.

Describe the solution you'd like
Return <a href='#Site+directory' id='link-directory' class='link-right'>{_[Open site directory]}</a> line before <a href='/ZeroNet-Internal/Zip?address={site.address}' id='link-zip' class='link-right' download='site.zip'>{_[Save as .zip]}</a> in plugins/Sidebar/SidebarPlugin.py.