debug-me - Debian packaging for debug-me

	Commit message (Collapse)	Author	Age
*	move unsafe hashing out of instance to avoid misuse	Joey Hess	2017-05-20
\| \| \| \|	Avoids breaking backwards compat and should avoid future foot-shooting.
*	simplify, removing () instance	Joey Hess	2017-05-20
\|
*	fix from nomeata's review	Joey Hess	2017-05-05
\| \| \| \| \| \|	He pointed out that Just () and Nothing would hash the same. Luckily Maybe Hash is the only Maybe type that needs to be hashed, so specialize the instance.
*	add protocol version	Joey Hess	2017-05-05
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This is distinct from the wire protocol version used in the websocket framing of messages. Versioning the high level protocol will let later features be added. The user controls the protocol version, since they send the first several messages. Developers that connect need to avoid using features from newer protocol versions. So, developers and servers will need to support the most recent version, while the user can have an old version of debug-me and it will continue to work. This commit changes the protocol buffer encoding, and is the last such free change. All changes past this point will need to be versioned. This commit was sponsored by Jochen Bartl on Patreon.
*	include gpg public key export in GpgSigned	Joey Hess	2017-05-04
\| \| \| \| \| \| \| \| \| \| \| \|	This makes debug-me not rely on the gpg keyservers at all. Before, it was only working when the user had the developer's public key already. I thought that --verify would download from --keyserver, but seems not. This is a protocol breaking change! Luckily done before any release, so ok. ProtocolBuffers renumbered. This commit was sponsored by Denis Dzyubenko on Patreon.
*	add prevEntered pointer	Joey Hess	2017-05-02
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Client requires this always point to the previous Entered it accepted, so a hash chain of Entered is built up, and there is no possibility for ambiguity about which order a client received two Entered activies in. So restoreHashes now has to try every possible combination of known hashes for both prevEntered and prevActivity. That could be significantly more work, but it would be unusual for there to be a lot of known hashes, so it should be ok. --graphviz shows this additional hash chain with grey edges (and leaves out edges identical to the other hash chain) While testing this with an artifical network lag, it turned out that signature verification was failing for Reject messages sent by the user. Didn't quite figure out what was at the bottom of that, but the Activity Entered that was sent back in a Reject message was clearly not useful, because it probably had both its prevEntered and prevActivity hashes set to Nothing (because restoreHashes didn't restore them, because the original Activity Entered was out of the expected chain). So, switched Rejected to use a Hash. (And renamed Rejected to EnteredRejected to make it more clear what it's rejecting.) Also, added a lastAccepted hash to EnteredRejected. This lets the developer find its way back to the accepted chain when some of its input gets rejected. This commit was sponsored by Trenton Cronholm on Patreon.
*	add license headers to all source files	Joey Hess	2017-04-30
\|
*	control window and chatting	Joey Hess	2017-04-28
\| \| \| \|	Works!
*	Leave the prevMessage out of Activity serialization to save BW.	Joey Hess	2017-04-27
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Do include it in the data that gets signed, so it can be recovered by trying each likely (recently seen) Activity as the prevMessage, and checking the signature. The UserState and DeveloperState already had the necessary state about recently seen hashes, so this does not impact data use. One tricky bit is that relayFromSocket needs to wait for the TMChan to be empty before calling restorePrevActivityHash. Otherwise, the hashes of items in the channel that have not been processed yet won't be tried. The TMChan is not really being used as a channel since only 1 item can be in it. It could be converted to a TMVar, but closeTMChan is used so I left it as a channel. Note that the server does not restore hashes of messages that pass through it; it's just a dumb relay. Sending a single key press now only needs 94 bytes of data to be sent, down from 169! --- Also switched to SHA512, since hashes are no longer being sent over the wire and so the larger size does not matter. SHA512 is slightly faster and more secure. This commit was sponsored by Ewen McNeill.
*	gpg sign developer session key	Joey Hess	2017-04-26
\| \| \| \| \| \|	And part of what we need to have users verify them. This commit was sponsored by andrea rota.
*	include elapsedTime in Activity	Joey Hess	2017-04-26
\| \| \| \| \| \| \| \| \| \| \| \|	Time is relative, so the debug-me proof chain doesn't prove when things happened, but it's still useful to have some idea of how long things took to happen. This makes --replay work with logs gotten by --download. Log still includes loggedTimestamp. This is a bit redundant, and is unused now, but it's useful for log files to record when messages were received. This commit was sponsored by Riku Voipio.
*	fully working signatures	Joey Hess	2017-04-19
\| \| \| \|	This commit was sponsored by Ethan Aubin.
*	reorganized message types	Joey Hess	2017-04-19
\| \| \| \| \| \| \| \| \|	Make Control messages be out-of-band async messages, without a pointer to a previous message. And then followed the type change through the code for hours.. This commit was sponsored by Nick Daly on Patreon.
*	initial Crypto	Joey Hess	2017-04-18
\| \| \| \| \|	Will use Ed25519 because it's from DJB and well regarded and in common use now.
*	improve	Joey Hess	2017-04-18
\|
*	add Rejected and tag hashes by type	Joey Hess	2017-04-17
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Need a way for the user to indicate when an Activity Entered is Rejected. Changed hashing to include type tags, so Acticity Entered and Activity Seen can never hash to the same hash. Got debug-me.hs to compile after these changes, but currently it's buggy after Activity Entered is Rejected. Started protocol.txt documentation. This commit was sponsored by Francois Marier on Patreon.
*	add --graphviz mode	Joey Hess	2017-04-14
\| \| \| \|	This commit was sponsored by Shane-o on Patreon.
*	improve JSON	Joey Hess	2017-04-14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Most of the time, ByteStrings will be able to be encoded as utf8, so avoid base64 when not needed. Adjusted some of the types in order to generate more usual JSON. In particular, removed StartActivity. The JSON now looks like this (with the signature still not populated): {"signature":{"v":""},"prevActivity":{"hashValue":{"v":"3b1abe614dd43bdb2d9a56777884e2d0f3bac9796e2d25c1ad52bb689c117286"},"hashMethod":"SHA256"},"activity":{"echoData":{"v":""},"enteredData":{"v":"l"}}} 203 bytes to send a single keystroke is not great when there's really only 1+64(hash) bytes of unique data. So, may end up adding a wire encoding on top of this. But, JSON is good to have for storage of the proofs, etc. Also, it does compress well. Two such JSON objects gzip -9 to 219 bytes, and three to 265 bytes. So, 37 bytes per keystroke. This is exactly as efficient as gzip -9 of $c$hash formatted data. This commit was sponsored by Jack Hill on Patreon.
*	add JSON serialization	Joey Hess	2017-04-14
\| \| \| \| \| \| \|	Fairly straightforward, but did have to decide how to encode all the ByteStrings, since they are not necessarily utf-8. Used base64. This commit was sponsored by Henrik Riomar on Patreon.
*	some basic data types and hashing to start debug-me	Joey Hess	2017-04-11
	This commit was sponsored by Denis Dzyubenko on Patreon.