Installing Java

The main turn off with Freenet for me is that it’s written in Java. Once you’ve installed it you’ll see for yourself how CPU-intensive it actually is – much more than Tor (which on the opposite isn’t too demanding). Anyway, installing Java is now a bit trickier than before, because Oracle got their reference implementation removed from official distribution repositories, but OpenJDK works just as well so that’s what we’ll pick.
apt-get install openjdk-6-jdk
(that will be about 170 MiB of stuff to install)

Installing Freenet

Even though the headless server instructions there are a bit scary, I found them quite sufficient. It’s not that complicated to install after all (also, maybe after getting warmed up by Tor’s installation I’m a little biased, too ), so I’ll just list the commands you need to type (obviously, edit the pathes), and they should be pretty self-explanatory:
cd /where/you/want/to/install/it
mkdir someFolder
cd someFolder
wget https://downloads.freenetproject.org/alpha/installer/freenet07.tar.gz --no-check-certificate
tar xzf freenet07.tar.gz
Now we need to create a user for Freenet, give it a password and assign them the freenet folder:
useradd someUserName
passwd someUserName
[enter the password twice]
chown someUserName freenet -R

First Freenet launch, configuration

Connect to the machine where you just installed Freenet as this someUserName, go to the freenet folder and run run.sh:
cd /where/you/want/to/install/it/someFolder/freenet
./run.sh
FYI (actually, more for my personal archives ^^), here’s the output:

Enabling the auto-update feature
Detecting tcp-ports availability...
Downloading update.sh
Downloading wrapper_Linux.zip
Downloading freenet-stable-latest.jar
Downloading freenet-ext.jar
Downloading the JSTUN plugin
Downloading the UPnP plugin
Downloading seednodes.fref
Installing cron job to start Freenet on reboot...
Installed cron job.
Starting Freenet 0.7...
Please visit http://127.0.0.1:8888/ to configure your node
Finished

Now, you need to connect to http://127.0.0.1:8888 to configure Freenet. If, as is likely since you’re reading this tutorial on console-based installation, it’s not on the same computer as where you are now, you have 2 options:
- follow this to allow external IPs (preferably, just a specific one: yours ) to connect to your Freenet node
- create an SSH tunnel to your machine (see the second half of this old post), and then when your browser is configured to use it (NB: don’t forget to remove “127.0.0.1″ from the exclusion list, in Firefox called “no proxy for”), going to http://127.0.0.1:8888 will actually go to your server.

Well, that’s pretty much it, now just configure it from the GUI as you wish. Here are a few hints, though:

• You should increase the RAM available to Freenet. By default it’s 128, it would be a good idea to at least double it. Actually 512 MiB would be even nicer. Note that you’ll have to restart Freenet in order for the change to be applied. The RAM can also be configured manually in wrapper.conf:
  wrapper.java.initmemory=60
wrapper.java.maxmemory=512
• You’ll probably want to review input and output bandwidth settings (although you already had the opportunity to do so during the first launch wizard)
• You’ll want to increase the datastore size (this helps the network) and the client cache (this helps you ), because during the first launch wizard you aren’t really given much choice for some reason… Respectively 50GiB and 25GiB could be fine for instance, although of course you can increase that much more. Note however that whenever you change those settings Freenet will rebuild its database, which means it will be somewhat slower for a while.
• Finally, it’s probably a good idea to install some social plugins such as WebOfTrust and Freetalk (both are official plugins), which will give you access to discussion boards. Other plugins of interest: Sone (kind of a social network), Library (search engine), Freenet Search (search engine too).

Bonus: solving the “There isn’t enough entropy available on your system… Freenet won’t start until it can gather enough.” error

Freenet seems to have massive needs for entropy, and if you happen to run out of it, it might take some time to spontaneously replenish. A quick way to boost this is to generate lots of disk access. I saw the suggestion of running find / >/dev/null, but it didn’t help a lot for me, maybe because my HD isn’t that filled. What worked great was to either copy a big directory, or even simpler, to download some large file, like: wget ftp://ftp.free.fr/mirrors/ftp.ubuntu.com/dvd/current/precise-dvd-amd64.iso

Bonus 2: restarting/stopping the node without using the web GUI

The ./run.sh script can be run with arguments, such as ./run.sh restart or ./run.sh stop

Dealing with package manager stuff

The first step is to configure the package manager to use Tor’s repository, because distribution repositories are, as you know, always outdated. On this part, the Tor project documentation (for Ubuntu and Debian) is good enough (NB: here is the page for Fedora / CentOS / SUSE). Basically:
nano /etc/apt/sources.list
and at the bottom, add (for Ubuntu 11.10):
deb http://deb.torproject.org/torproject.org oneiric main
You can now proceed to installation:
apt-get install tor tor-geoipdb

Editing the configuration file (torrc)

Installing Tor this way also starts it, but the default configuration is not to relay any traffic. We now need to configure is as a relay. The configuration file to edit is usually, as mentioned there, /etc/tor/torrc:
nano /etc/tor/torrc
In this file, the settings you’ll want to look at are:

• uncomment Log notice file /var/log/tor/notices.log if you want to avoid a notice in ARM (see below for what ARM is)
• uncomment ControlPort 9051 so that ARM can be used to control and monitor Tor
• uncomment ORPort and (optionally but recommended, I guess) change its value to some random available port. That’s the port that will be used by other nodes to connect to yours
• optionally uncomment Nickname and give a name to your node
• set RelayBandwidthRate and RelayBandwidthBurst. Those are the maximum bandwidth that can be used by Tor constantly and in burst, respectively. For instance:

  RelayBandwidthRate 5000 KB  # Throttle traffic to 100KB/s (800Kbps)
  RelayBandwidthBurst 7000 KB # But allow bursts up to 200KB/s (1600Kbps)

  Beware those values are in Bytes, not bits.

• if you have a traffic quota (and don’t want to blow it), you’ll want to configure AccountingMax and AccountingStart
• optionally, you can put your name and (spam protected) e-mail, or even your GPG fingerprint, in ContactInfo. According to the comments it can be used to contact you in case your node goes wild or something.
• optionally, you can also configure DirPort to mirror directory information on this port.
• finally, the most important part: choose whether you want to be just a relay or an exit node. To be just a relay, set:
  ExitPolicy reject *:*
  To be an exit node, you can either leave at is, or replace the default exit policy (in order to do the later, do read the instructions carefully). Note that being an exit can bring you trouble because there’s always a risk of abuse, so at least do check your country’s law, the law of your host’s country, and your host’s TOS. But I guess you’re already aware of that anyway.

Additionally, if you want to remotely use your node to enter the Tor network to surf yourself, well, I suppose it can be configured using SocksPort, SocksListenAddress, SocksPolicy accept and SocksPolicy reject, but I haven’t figured out how to do that yet :/

ARM: a terminal-friendly GUI

Last step, let’s install a nice piece of helper software called ARM (for “anonymizing relay monitor”), which is basically a nice console-based GUI to monitor and have some control over Tor. On Ubuntu 11.10 it’s as simple as:
apt-get install tor-arm

In order to use ARM, you’ll have to enable Tor control port first. You already entered it in the configuration file (if you followed the guide properly, at least), so we just need to apply the configuration:
/etc/init.d/tor reload

Now you can just type arm to launch ARM and view some neat information about your node, like the traffic graph, inbound and outbound nodes, etc.

Bonus: what’s a stable node, what’s a guard node?

A little bonus, because that’s something that puzzled me for a while: on some Tor node listings, you can see that servers have flags, notably some servers are flagged as “guard” and some are flagged as “stable”. If you’re curious about what it means, here it is, right from the specification:

"Guard" -- A router is a possible 'Guard' if its Weighted Fractional
Uptime is at least the median for "familiar" active routers, and if
its bandwidth is at least median or at least 250KB/s.

	To calculate weighted fractional uptime, compute the fraction
	of time that the router is up in any given day, weighting so that
	downtime and uptime in the past counts less.

	A node is 'familiar' if 1/8 of all active nodes have appeared more
	recently than it, OR it has been around for a few weeks.

"Stable" -- A router is 'Stable' if it is active, and either its Weighted
MTBF is at least the median for known active routers or its Weighted MTBF
corresponds to at least 7 days. Routers are never called Stable if they are
running a version of Tor known to drop circuits stupidly.  (0.1.1.10-alpha
through 0.1.1.16-rc are stupid this way.)

	To calculate weighted MTBF, compute the weighted mean of the lengths
	of all intervals when the router was observed to be up, weighting
	intervals by $\alpha^n$, where $n$ is the amount of time that has
	passed since the interval ended, and $\alpha$ is chosen so that
	measurements over approximately one month old no longer influence the
	weighted MTBF much.

	[XXXX what happens when we have less than 4 days of MTBF info.]

Sources (other than those already mentioned in the text):

• Tor – Community Ubuntu Documentation
• Ubuntu howto for CLI install of Tor relay?
• Torstatus: What does stable server mean?

JDownloader is an open source download manager, primarily aimed at downloading from captcha-protected download sites (RapidShare, Megaupload, Hotfile, Netload…) but supporting also any “normal” download (like a picture from photobucket, or actually any file from any server).
Although claiming to be open source (and actually, it’s currently under the GNU GPL), parts of it are close source. Notably because they rely on an undisclosed encryption algorithm for their encrypted links list files. I’ve never understood the point of making those lists undecipherable, particularly since anyone is able to open such a list with JDowloader and to grab the files. Only they won’t be able to easily get the location of those files.
Anyway, there are several easy ways to find the links inside a DLC:

1. The always-working method: JDownloader will never be able to prevent you from using this method, as this would require the complicity of hosters. Basically, this method involves to simply spy your own connection and record what URLs are retrieved by JDownloader. When you load a DLC links list, JDownloader will check if the files are online. With any packet sniffer you can list those links. A more detailed short video tutorial was posted on sala source. Just in case this goes offline (as other DLC decrypters have), I mirrored their video on Megaupload there [http://www.megaupload.com/?d=TJ85M6AX] (tip: if you want to save download wait time, don’t download it yet but rather watch it live on megavideo [http://www.megavideo.com/?d=TJ85M6AX]) and their toolkit too [http://www.megaupload.com/?d=BRTD1GNI].
2. The easier method, but probably not working with recent DLC files (JDownloader tend to change their encryption method regularly to avoid decrypters): a decrypter made by Seba. It was originally posted on a BlogSpot blog but eventually disappeared. But thanks to FilesTube I still managed to find it and I uploaded it here [http://www.megaupload.com/?d=26FVJVN1]. It was created around May 2009, so it should work with DLC files created before this date, and possibly during some time after. I didn’t test it with current DLC files.

For a short summary:

• DLC Decrypter version 0.7 (May 2009) by Seba (broken link, used to point to http://www.megaupload.com/?d=26FVJVN1)
• Video tutorial [http://www.megaupload.com/?d=TJ85M6AX] that (normally should) always works, and the tools [http://www.megaupload.com/?d=BRTD1GNI] that go with it

Update (2011-03-27): online DLC decrypter

As you can see from the comments, every now and then some DLC decryption sites pop up then go. Well, I think I’ve found a pretty “stable” one, or at least one which has been maintained for around 9 months now. I just tested it, and it works for the moment. It’s a bit slow, so I wouldn’t be too surprised if their inner workings were just like the “always working” method I described above: run jDownloader and analyze its network traffic! (which would mean a very high probability of remaining online as long as the owner wishes to) Or of course maybe it just means they’re on a slow server, eh… The site is dcrypt.it

Update (2011-04-17): offline DLC/CCF/RSDF decrypter

As you can see from the comments, the decrypter “by Seba” is actually developed by a company which still updates it. The current version seems to be 1.7.0.0 (the one in Seba’s pack is only 0.7) so it’s probably worth the upgrade… if you manage to run the installer (it failed to install on my Windows 7 x64, which is why I’m not exactly sure of the current version number). Their website: containerex.info

Update (2011-10-27): another online decrypter

linkdecrypter.com offers pretty much the same functions as dcrypt.it, so those 2 are pretty much interchangeable should one of them be temporarily unavailable.

Update (2012-01-31): files stolen by the FBI

As you most likely know, Megaupload was shut down by the FBI without any prior notice. Some files I linked to were hosted there without any backup… so, broken links now I guess On the plus side, the online tools as well as the self-hosted containerex.info work just as well (better indeed) as the things I hosted on Megaupload. As a memorial (and maybe in case there’s a way to get those files back), I’m leaving the original MU URLs in plain-text next to the former links.