Topic: [C lang] SILC bot framework porting to current toolkit (Read 3405 times)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629220
reported security bug in the silc package for debian helped to discover, that the package has no maintainer
will be removed from debian distribution and remains not fixed. might be good stuff for a wager on the outcome

in the silcnet network you can reach me on following channels (note the # sign is not required in silc protocol)
test
mybot
samadhi
bitcoin
bounty related/monitored channels are mybot and samadhi

hi. my gut feeling says that it might reopen in June.
i'm disappoint so to speak that despite the rise in perceived value of bitcoin there's so much trouble in fixing this particular piece of software. i was willing to reserve the bounty and keep it reserved in the past (last reservation will expire in a week) and will not repeat this mistake.
since samadhi bot framework is open source, silc and silc toolkit are open source and this is an open forum, i will no longer walk the extra steps to be a nice sponsor.
In case current developing party does not qualify for the bounty (timely delivery) i will rethink the bounty.
one thing is clear, this forum will no longer be the authoritative log of development effort.

if you're willing to "have a look at it" then compile the mybot.c example and let it say hello in the officlal silc network as a proof that you can build c code for linux and that you have a copy of the toolkit downloaded. once i get a silc bump, i may comment on the issue further. there's no way around the silc protocol if you're interested. let's meet there

http://silcnet.org/software/developers/toolkit/features.php

The SILC Toolkit includes full implementation of the latest SILC protocol version 1.2. All features of the protocol are implemented and documented in the code and in reference manual.

http://www.silcnet.org/docs/toolkit/
http://www.silcnet.org/docs/toolkit/intro_reference.html
SILC Toolkit Reference Manual

FAQ http://silcnet.org/support/faq/toolkit/

email archives http://lists.silcnet.org/pipermail/silc-devel/

specs http://silcnet.org/software/developers/toolkit/specs.php

- Fully supports SILC Protocol version 1.2
- ANSI C compliant source code
- Cross-platform support with easy portable interfaces
- Clear and consistent API and coding style
- Multithread supported
- Includes full reference manual
- Includes SILC Client Library (silcclient)
- Includes SILC Protocol Core Library (silccore)
- Includes SILC Crypto Library (silccrypt)
- Includes SILC Math Library (silcmath)
- Includes SILC Key Exchange Library (silcske)
- Includes SILC SFTP Library (silcsftp)
- Includes SILC SIM Library (silcsim)
- Includes SILC Utility Library (silcutil)
- Includes SILC ASN.1 Library (silcasn1)
- Includes SILC Key Repository Library (silcskr)
- Includes SILC HTTP Server Library (silchttp)
- Includes implementation of VCard standard
- Supports SILC Key Exchange Protocol (SKE)
- Supported ciphers: AES, Twofish, Cast-256, Blowfish, RC5
- Supported hash functions: SHA-256, SHA-1, MD5
- Supported HMACs: hmac-sha256-96, hmac-sha1-96, hmac-md5-96, hmac-sha1, hmac-md5
- Supported PKCS: RSA (PKCS #1 version 1.5)
- Supports Diffie-Hellman key exchange (PKCS #3)
- Supported encryption modes: CTR, CBC, Randomized CBC
- Supported cipher key lengths: default 256 bits, 192 bits, 128 bits
- Supported public key lengths: default 2048 bits, up to 16384 bits
- Supported Diffie-Hellman groups: 1024 bits, 1536 bits, 2048 bits
- Includes cryptographically strong random number generator

there's already a samadhi project at sf.net. no need to put stuff into the metasamadhi fork. it will be requested for delete as soon as juraj replaces the 0.9.5 samadhi with 1.1.10 samadhi (preferably with an altered name ) in the download/source and project description. the user base estimate is in the single digit area. circa one request for a silc bot per year. that's not what i imagine a project audience.

To summarize why the bounty is taken and where it stands
after topic update and plea for PMs with offers
May 4th received an offer for coding partial tasks from id 11261 (null pointer)
May 5th received offer for the whole bounty from id 6020 (wolciph)

On the 5th of May the bounty was reserved for wolciph.

the initial budget of 100 for the bounty + 100 for keeping the code "closed source" was rearranged to 150 for the bounty (just fix it someone) and 50 to split as reward for the first guy working on it (received 15 btc so far without me even looking at the code) and hopefully he'll get more when I look at his contribution and if it helps me to move forward.

I've updated the conf files in the svn repository so that they point to the silc network and channels test or samadhi. I have joined those channels and also to the mybot channel in case someone's bot compiles, works, connects to the network etc. Right now I'm looking forward to study the previous entry (does not compile (yet)) and perhaps reward it more. It's a pity that it's still not done.

SILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services on the Internet over insecure channel. SILC superficially resembles IRC, although they are very different internally. They both provide conferencing services and have almost the same set of commands. Other than that, they are nothing alike. The SILC is secure and the network model is entirely different compared to IRC.

SILC provides security services that any other conferencing protocol does not offer today. The most popular conferencing service, IRC, is entirely insecure. If you need secure place to talk to some person or to group of people over the Internet, IRC or any other conferencing service, for that matter, cannot be used. Anyone can see the messages and their contents in the IRC network. And the most worse case, some is able to change the contents of the messages. Also, all the authentication data, such as, passwords are sent plaintext in IRC.

SILC is much more than just about `encrypting the traffic'. That is easy enough to do with IRC and SSL hybrids, but even then the entire network cannot be secured, only part of it. SILC provides security services, such as sending private messages entirely secure; no one can see the message except you and the real receiver of the message. SILC also provides same functionality for channels; no one except those clients joined to the channel may see the messages destined to the channel. Communication between client and server is also secured with session keys and all commands, authentication data (such as passwords etc.) and other traffic is entirely secured. The entire network, and all parts of it, is secured. We are not aware of any other conferencing protocol providing same features at the present time.

SILC has secure key exchange protocol that is used to create the session keys for each connection. SILC also provides strong authentication based on either passwords or public key authentication. All authentication data is always encrypted in the SILC network. Each connection has their own session keys, all channels have channel specific keys, and all private messages can be secured with private message specific keys.

Samadhi tries to fill the hole in the current applications of SILC protocol. Currently, in IRC and other chatting networks, you can find those little artificial friends, which provide you with some services. If you want to look up a unix manual page, record some news to be displayed on the webpage of a channel or just want to keep your channel safe from intruders, these little programs can come handy.

SILC is designed as a secure and safe place to live, so some things like preventing channel takeovers are not really essential. But since SILC comes with security bundled in, Samadhi can come handy in various other issues, that were not possible before. Think about remote interactive system administration (sending commands to groups of machines, remote logging, etc.), transmit of secure information, distributed anonymous web browsing, and so on. Samadhi can also hold up the job of what you were used to in IRC - providing information, collecting statistics about the community or just keeping up the webpage of community/channel up to date with latest information.

What does it do?

What you program it to do. Samadhi is a framework for programming bots, not a bot itself. You can make it to do what you need to do and in programming language used to (currently supported is C, Perl and Python are in progress).

The license

Samadhi is a free software distributed under the terms of GNU GPL v2. It is (c) 2002 Juraj Bednar

i wonder if bitcoin2silc would have any users. imo not worth the effort.

silc - secure internet live conferencing
fully encrypted conferencing similar to IRC but far less popular. on the other side it has security and crypto built in.
...

0) using SILC Client Library 
http://www.silcnet.org/docs/toolkit/silcclient_using.html
Including Library Headers
Creating Client
Initializing the Client
Running the Client
...
Creating Connection to Server
Debugging

1) two short jumps to get over gap
porting from 0.9.x to 1.0 and from 1.0 to 1.1
http://silcnet.org/docs/toolkit-1.0/intro_reference.html
it was decided to merge the porting effort to a single goal. the next release shall work with 1.1.10, skipping compatibility with 1.0 toolkit

2) assumptions
we assume all messages are coming from a known user via an expected route (like a private, invite only channel - assuming the name is known and the sender is key is known and trusted)
handling of keys, private messages, key exchange etc are outside of scope of this project.
will be executed as a user with shell account & write access to her home directory.
no gui (terminal window, command line), the main loop is inside the client.

3) environment
let's say ubuntu 10.4, 1 GB RAM, 30 GB HDD.

4) degree of implementation
it's fine to start small. just make stuff working that corresponds to 2002-2003 level of usability (messaging over silc, support of perl and python loaders). See 0.9.5 bot framework for list of features that do not have to be implemented.

5) further resources
JIRA, SILC, SVN. PM me for access details

what about bitcoin2silc plugin that would reply to basic query messages similar to blockexplorer?
30 btc for that

bot evaluates incoming messages and when one of them contains a valid bitcoin address then it checks if it is known in the transaction tree (has been already used) and returns the summary. the plugin itself would not do any transactions (no key / wallet handling) but must be able to work either offline (with a local copy of blockchain) or online (working with live p2p data stream).

optionally you don't have to wait for the samadhi bot to be ported, if the final bitcoin2silc bot works standalone, it's fine as well.
i'll go and setup a pledge account that.

This looks interesting. Let me know if this becomes available again.

not using git for this project yet. might be a good idea but it makes little sense to duplicate version control of a broken piece of code. the silc project did not release any news in 18 months. it's known to crash from time to time and rumor goes round some functions are not documented. priorities are 1) downloadable working release for the sourceforge site 2) help page 3) everything else. i can add you (basically anyone interested) to the sf project list but for real work.

would you mind to add me as developer on the sf project?
btw your git repo there is empty. I'd start with moving the latest svn revision's content to git
also there's garbage in the conf files to start with
PM sent

edit: what about the sf.net project?

edited 02 & 06 May 2011
available bounty adjusted to 150 BTC.
i've changed the thread name to match some popular keywords to make it appealing in search results and started spreading words to find a suitable person or collective to finish this bounty.

hint for the start
the code of an existing mybot example silc client was ported, you may look at the diffs of mybot to get an overview of what has changed in the toolkit between versions and where the code needs to be touched.

my house, my rules
if ever this thread becomes crowded with unrelevant posts the bounty will decrease by 1 btc for each post after 15 days of noticing such post (keep it worth reading, feel free to delete after yourself o). the idea is feel free to discuss final details here but avoid offers to write it in C#, java, C++, php, bash whatever else.

the code is C, evolution of the toolkit (two major releases 1.0 and 1.1) broke that thing and i'm offering reward for whoever fixes it. the original idea was to offer 100 for fixing and 100 for keeping it private for a year but i give a bigger bounty right away to speed up the process

silc protokol has not really been updated for a long time silcnet.org
the bot itself was written in 2003 as a school project and was not maintained.
when it worked, the bot framework would connect to silc network as a client and would process incoming messages as events. there's a loop down there that processes incoming network traffic. back in the old days it was able to load scripts written in python and perl. out of the box you could run p.ex. the eliza bot.

there's an old silc bot written in C that was working with silc toolkit 0.9.5
current toolkit required by silc network is 1.1.10

goal is to make it working again.
PM /me for additional info

edits:
2011-02-06 @rdb welcome!
2011-02-21 1 developer; btc bounty paid: 0/200; forum views: 86
2011-03-09 1 developer; bounty paid: 0/200; forum views: 126
2011-03-21 1 developer; bounty paid: 0/200; forum views: 171
2011-05-02 @rdb bye! 0 developers; bounty paid TBD; forum views: 228
2011-05-05 1 developer, bounty adjustment 150 btc, forum views 282
06 May bounty reserved for current developer
16 May -||-
06 June current developer resigned.
i forgot to update forum views but that does not matter anyway anymore

Bot framework project halted for go/no_go & rethinking periond.
see SILC debian package security issue not patched, SILC package will be removed from distribution
SILC project might be not alive (network is still up & running) and the need of the ported bot framework
from the original author was not confirmed. PM me for additional info