Merge commit '562cd8ac1f17f8c5e9640bbc6a5365a33e3af749'

Author: Lars Gierth

doc/achievements.md

@@ -21,45 +21,46 @@ Achievements expire, so if at any given time you don't qualify, you lose those p
 9. Launch and maintain a webserver on Hyperboria.
 10. Provide an RSS feed so others can subscribe for updates.
 11. Help a newb on EFNet.
-12. Read everything in [Project Meshnet's documentation repository](https://github.com/projectmeshnet/documentation).
-13. `watch` the Documentation repository so you hear about updates.
+12. Read everything in [the documentation repository](https://github.com/hyperboria/docs).
+13. `watch` the documentation repository so you hear about updates.
 14. Set up an IRC bouncer and point it at HypeIRC so you don't miss anything. Combinations of command line clients and tmux or screen are considered equivalent.
 15. Contribute to the documentation repository at least once a month.
-16. Participate in [keysigning Tuesday](#).
-17. Make (or contribute to) a meshlocal page for your area.
-18. Have a hype-enabled xmpp account
-19. Configure a persistent link between nodes independent of the internet.
-20. Blag about cjdns or Project Meshnet.
-21. Design some form of rich media for Project Meshnet (graphics, video, animation, audio, presentation slides).
-22. Discover a bug in cjdns, and give it a memorable name.
-23. Host or register a cjdns, Project Meshnet, or Mesh-local mailing list.
-24. Subscribe to any of the above lists.
-25. Learn HTML
-26. Have someone else quote you and commit the results to a HypeIRC bot's factoid system.
-27. Build cjdns on an android phone.
-28. Read all of [xkcd](http://xkcd.com/).
-29. Install at least one Linux distribution other than Ubuntu.
-30. Erase Microsoft windows from every computer you own.
-31. Host your own email server.
-32. Host your own ircd.
-33. _Don't_ run your irc client as root!
-34. Host a show on [HypeRadio](http://radio.cynical.us/hostashow.html).
-35. Cross compile cjdns for another platform.
-36. Contribute to [Hyperboria's news agency](http://news.hyperboria.net/).
-37. Document an undocumented function or component of cjdns.
-38. Implement a function or component of cjdns in an alternate language
-39. Translate an article into another language (and maintain it).
-40. Update cjdns without pinging out on IRC.
-41. Configure an authorizedPassword without restarting cjdns.
-42. Find out whether your home router can run cjdns: [OpenWrt table of hardware](http://wiki.openwrt.org/toh/start)
-43. Try out the [Meshbox firmware](https://github.com/seattlemeshnet/meshbox) on your home router.
+16. Make (or contribute to) a meshlocal page for your area.
+17. Have a hype-enabled xmpp account.
+18. Configure a persistent link between nodes independent of the internet.
+19. Blag about cjdns or Project Meshnet.
+20. Design some form of rich media for Project Meshnet (graphics, video, animation, audio, presentation slides).
+21. Discover a bug in cjdns, and give it a memorable name.
+22. Host or register a cjdns, Project Meshnet, or Mesh-local mailing list.
+23. Subscribe to any of the above lists.
+24. Learn HTML
+25. Have someone else quote you and commit the results to a HypeIRC bot's factoid system.
+26. Build cjdns on an android phone.
+27. Read all of [xkcd](http://xkcd.com/).
+28. Install at least one Linux distribution other than Ubuntu or Mint.
+29. Erase Microsoft windows from every computer you own.
+30. Host your own email server.
+31. Host your own ircd.
+32. _Don't_ run your irc client as root!
+33. Host a show on [HypeRadio](http://radio.cynical.us/hostashow.html).
+34. Cross compile cjdns for another platform.
+35. Contribute to [Hyperboria's news agency](http://news.hyperboria.net/).
+36. Document an undocumented function or component of cjdns.
+37. Implement a function or component of cjdns in an alternate language
+38. Translate an article into another language (and maintain it).
+39. Update cjdns without pinging out on IRC.
+40. Configure an authorizedPassword without restarting cjdns.
+41. Find out whether your home router can run cjdns: [OpenWrt table of hardware](http://wiki.openwrt.org/toh/start)
+42. Try out the [Meshbox firmware](https://github.com/seattlemeshnet/meshbox) on your home router.
+43. Harden your cjdns OpenWrt router by building OpenWrt with cjdns from source and make sure [seccomp](http://lwn.net/Articles/475043/), [SSP](http://lwn.net/Articles/584225/) and [RELRO](http://tk-blog.blogspot.de/2009/02/relro-not-so-well-known-memory.html) are enabled. Using [musl](http://www.musl-libc.org/) instead of [uClibc](http://www.uclibc.org/) may make you sleep even better. See [buildsdk.sh](https://github.com/SeattleMeshnet/meshbox/blob/master/buildsdk.sh) to see how this can work.
+44. Monitor your nodes' cjdns preformance and make pretty graphs with munin (hint: [here's a nice munin plugin to help](https://github.com/thefinn93/munin-plugins/blob/master/cjdns/cjdns_bandwidth.py))
 
 ## Penalties
 
-Avoid qualifying for these _achievements_, as they count against your score.
+*Don't do the following*, they count against your score:
 
-1. Provide peering credentials without including a means of getting in contact.
-2. Provide peering credentials with extra information in the form of line or block comments. (You should be embedding them as JSON attributes instead!)
+1. Provide peering credentials without including a means of getting in contact, such as an email address
+2. Provide peering credentials with extra information in the form of line or block comments. You should be embedding them as JSON attributes instead!
 3. Provide peering credentials without the IPV6 included. (You can get by with just a password and publicKey, and your IPV6 can always be inferred from your publicKey, but it means more work to figure out who you are).
 
 
@@ -71,5 +72,3 @@ Avoid qualifying for these _achievements_, as they count against your score.
 * **Newest is best**. Every now and then there are intentionally breaking changes. This happens when the network is suffering because of old nodes. In such cases, modifications are made which cause up to date nodes to drop old nodes' traffic. If you don't update, you might fall off the map. If you are running a protocol in between the cutoff point and the bleeding edge, you may be the link which allows older nodes to continue participating in the network. Please update so we can all use the latest features to better diagnose bugs.
 * **There is no substitute for understanding**. People build tools that streamline difficult processes, but ultimately you cannot rely on software to fix all of your problems. At some point, bad behaviour has to change, and that means understanding the principles behind security, exercising discipline, and informing those around you when they are putting themselves (and possibly others) at risk.
 * **We cannot rely entirely on the experts**. This is closely related to [Brooks' Law](http://en.wikipedia.org/wiki/Brooks%27s_law). An expert in a subject is in an excellent position to push further, and learn those things which are out of reach of those with less experience in the subject. Unfortunately, this often means they are in the position of having to choose between learning more about the subject in question, and spending their time sharing disseminating their knowledge. It is very important to understand that when people take the time to help you understand a difficult subject, they need you to help share that information with those who know are less experienced than you. In the Hypeborian community, we've taken to referring to this method as [WTFM](http://www.roaming-initiative.com/blog/posts/wtfm).
-
-

doc/bugs/distro-quirks.md

@@ -16,3 +16,26 @@
 ```
 
 There you have it, Macs don't autopeer via ethernet frames.
+
+This is also probably why it doesn't work on windows, either.
+
+## Raspbian
+
+### Failure to start Cjdns
+When running Cjdns on Raspberry Pi with Raspbian you can run in to problems because IPv6 is not enabled by default. This causes Cjdns to fail on startup with the following error message:
+
+```
+CRITICAL Configurator.c:107 Got error [UDPAddrIface.c:273 call to uv_udp_bind() failed [bad file descriptor]] calling [UDPInterface_new]
+```
+
+Enable IPv6 with
+
+```bash
+$ sudo modprobe ipv6
+```
+
+and Cjdns should start correctly. To keep IPv6 on after reboot add `ipv6` to the end of the file `/etc/modules`
+
+```bash
+$ sudo sh -c 'echo ipv6 >> /etc/modules'
+```

doc/bugs/horizon.md

@@ -0,0 +1,33 @@
+One of the central ideas behind the development of cjdns is that networking protocols should scale up smoothly.
+Early development dealt with problems like **not** constructing circular routes, and while that was not yet solved it made sense to limit the length of a path to what would fit within 64 bits of memory.
+
+At this point, many of the early issues that were once challenging have been dealt with, and tucked away into a list of things that we shouldn't forget, but which are no longer relevant.
+As the protocol has improved and allowed nodes to see and route further into the network, though, we have begun to encounter bugs which we previously had no opportunity to debug, and consequentially, no opportunity to fix.
+
+The **Horizon** bug is one that we knew was coming, but now we've officially started to hit its limitation.
+
+## The nature of the bug
+
+* nodes have 64 bits of memory in which they can store a path to another node
+* each node along the path consumes a variable number of bits dependiung on the number of peers between which they must distinguish (see [switchfun.txt](../switchfun.txt) for some idea of how this works)
+* your node cannot route to any node beyond this _horizon_ for the lack of bits required
+
+## So what are the implications of this bug?
+
+1. nodes with more peers consume more bits, and are generally a good thing as they reduce the number of hops to a wider audience of nodes
+2. nodes with fewer peers consume fewer bits, and result in more hops on average, however, their simpler encoding will allow your node to reach further into the network
+3. If you want to have effective routing to the greatest number of nodes possible, the onus is on you to evaluate your position in the network and peer in such a way that the nodes you wish to connect to are within a reasonable distance (via 'backhaul' links with few peers, or via hubs which connect you within a few hops to a large portion of the net)
+
+## How can we deal with this?
+
+Naturally, we can approach the problem from a few angles, so whatever your skill set is, there's likely something that you can do to help.
+
+1. help rewrite the parts of cjdns which encode the paths such that a variable number of bits can be used
+2. use the admin interface to figure out which parts of the network your node can see, and compare those results against a wider view of the network, so we can identify our blind spots
+3. evaluate your peering choices, and try to drop bad peers and pick good ones, so that we can continue to have a functional network in the meantime (we're still quite likely to have lots of paths that are out of reach, so we'll still be able to debug this issue, don't worry)
+4. talk to your friends about cjdns, and get them to join the network, so we have more opportunity to find long _shortest-paths_ to any particular node (see, you don't even need to know how to code!)
+
+## Conclusion
+
+This is great news! That we are hitting this bug at all means we've progressed quite a bit.
+Let's sort this one out so we can move on to the next and make cjdns the de facto choice for mesh networking!

doc/cjdns/nodeinfo-json.md

@@ -44,9 +44,9 @@ Sample Files:
         "webInterface" :"http://example.tld/",
         "otherthing": "cactus://example.tld/"
       },
-      "name": "MutliURI service"
+      "name": "MutliURI service",
       "description": "Some service with multiple URIs"
     }
   ]
 }
-```
+```

doc/faq/doppleganger.md

@@ -46,7 +46,7 @@ As noted above, this has not been thoroughly tested. Changes to the source code
 
 So please, give it a try, and let us know what you experience. Write about how you used this to your advantage, and go down in cjdns history!
 
-
+```
 09:55 < cow_2001> gloe-ih: yes
 09:55 < gloe-ih> check if it bounds to the tun interface
 09:56 < cow_2001> it has a build plan for x86_XVA or w/e it's called
@@ -57,5 +57,4 @@ So please, give it a try, and let us know what you experience. Write about how y
 09:56 < cow_2001> i'm reading on configuration of the cjdroute.conf
 09:57 < cow_2001> i've set up a tun thing for the cjdns user
 09:57 < gloe-ih> you'll have to add addresses / routes manually
-
-
+```

doc/index.md

@@ -37,14 +37,15 @@ You can contribute to its documentaion: https://github.com/hyperboria/docs
   - [Security Specification](security_specification.md)
 - Installation
   - [Most Linuxes](install/linux.md) *TODO*
-  - [OpenWrt](openwrt.md)
+  - [OpenWrt](install/openwrt.md)
   - [Android](install/android.md) *TODO*
   - [Firefox OS](install/firefoxos.md) *TODO*
-  - [OS X](install/osx.md) *TODO*
-  - [Debian Wheezy](debian-wheezy.md)
+  - [OS X](install/osx.md)
+  - [Debian Wheezy](install/debian-wheezy.md)
+  - [Debian Jessie](install/debian-jessie.md)
   - [FreeBSD](install/freebsd.md) *TODO*
   - [OpenBSD](install/openbsd.md) *TODO*
-  - [Windows](windows.md)
+  - [Windows](install/windows.md)
     - [Building *on* Windows](notes/build-on-windows.md)
     - [Securing your Windows system](notes/windows-firewall.md)
 - Usage

doc/install/debian-jessie.md

@@ -0,0 +1,20 @@
+# Installing cjdns on debian jessie
+
+This is a short guide how to setup a debian jessie cjdns box.
+
+## Install packages
+
+	apt install nodejs build-essential git
+
+## Clone, compile, install
+
+	cd /opt
+	git clone https://github.com/cjdelisle/cjdns.git
+	cd cjdns
+	./do
+	ln -s /opt/cjdns/cjdroute /usr/bin
+	(umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
+	cp contrib/systemd/cjdns.service /etc/systemd/system/
+	systemctl enable cjdns
+	systemctl start cjdns
+

doc/debian-wheezy.md doc/install/debian-wheezy.md

@@ -21,7 +21,7 @@ This is a short guide how to setup a debian wheezy cjdns box.
 	cd cjdns
 	./do
 	ln -s /opt/cjdns/cjdroute /usr/bin
-	./cjdroute --genconf > /etc/cjdroute.conf
+	(umask 077 && ./cjdroute --genconf > /etc/cjdroute.conf)
 	cp contrib/systemd/cjdns.service /etc/systemd/system/
 	systemctl enable cjdns
 

doc/openwrt.md doc/install/openwrt.md

@@ -0,0 +1,14 @@
+# Installing on Mac OS X
+
+There is now a [brew](http://brew.sh/) formula for cjdns.
+
+To get the latest brew formulae:
+
+`brew update`
+
+Then you should be able to:
+
+`brew install cjdns`
+
+...after which you should have a cjdroute binary available at `/usr/local/Cellar/cjdns/<version>/bin/cjdroute`.
+

doc/install/osx.md

@@ -53,6 +53,7 @@ Now might be a good time to actually figure out how we're going to move forward.
   - https://www.youtube.com/watch?v=uhIybhAQ8lY (30c3 lecture)
   - https://gnunet.org/sites/default/files/schanzen2012msc.pdf (masters thesis proposing GADS) (read this if you need to kill an afternoon)
 - .p2p (from TPB people) - http://p2pfoundation.net/Dot-P2P http://dot-p2p.org
+- https://github.com/mwarning/KadNode - P2P DNS and more, written in C, based on the Kad DHT with optional support for signed records using libsodium
 - http://couch.syrinxist.org/share/dns-idea.txt #ircerr's idea
 
 ### proposed/extant TLDs...
@@ -510,4 +511,4 @@ Codename *lgdns*
 <larsg> good night!
 <larsg> thanks for the thoughts
 <larsg> ... and so lgdns was born
-```
+```

doc/windows.md doc/install/windows.md

@@ -38,6 +38,9 @@ If you see something listed here that has been taken care of, please knock it of
   + cjdns/node_build/make.js
 * in the media
 * [FAQ](../faq/)
+  + how does cjdns choose which path to take? latency? number of hops?
+    * choosing paths presupposes knowing them, which can get in the way of finding the _optimal_ path. Paths to nodes are stored preferentially based on the [xor metric](../cjdns/functions/Address_xorcmp.md).
+    * the path choice metric is a combination of various factors (latency and number of hops are among them). This is poorly documented, and we need someone to explore the exact details. Contributions should go in `../cjdns/functions/`
   + My service doesn't like ipv6. how can I get it to run on hype? [6tunnel?](http://toxygen.net/6tunnel/)
     * inet6 with tcp6 and netcat
   + How can I help?

doc/notes/dns.md

@@ -13,5 +13,18 @@ Comment the _router.interface_ section <!-- elaboration required --> of the conf
 
 You have the option of configuring your TUN device manually. It will require root, but once established, cjdroute can otherwise run as an unprivileged user.
 
+#### Lint the configuration using JSHint/jsonlint
 
+This is a little trick that will lint the configuration file (`cjdroute.conf`) before starting cjdns.
 
+##### JSHint
+Will allow comments, note that JSHint is designed for JS and may not display errors and warnings etc. in all cases.
+```Bash
+jshint ./cjdroute.conf; if [[ $? == 0 ]]; then ./cjdroute < ./cjdroute.conf; fi
+```
+
+##### jsonlint
+No comments or other JS exclusive object quirks will be allowed.
+```Bash
+jsonlint ./cjdroute.conf; if [[ $? == 0 ]]; then ./cjdroute < ./cjdroute.conf; fi
+```