[00:50] --> aum has joined this channel. (n=aum@???)
[00:50] <aum> hi there
[00:50] <toad_> hi
[00:50] --> FuriousRage has joined this channel.
(i=FuriousR@tor/session/direct/x-ffc3db765f8bfc7d)
[00:50] <toad_> hi both
[00:50] <toad_> okay
[00:50] <FuriousRage> hi
[00:50] <toad_> what needs to happen for an IRC reference exchange
plugin to become reality?
[00:51] <toad_> we need to decide what it should do firstly
[00:51] <toad_> aum: are you still interested in coding such things?
[00:51] <aum> i gotta be honest
[00:51] <aum> i'm interested, but i'm focused presently on the
freesitemgr gui
[00:51] <toad_> hehe, here it comes...
[00:51] <toad_> okay fair enough
[00:51] <aum> i've never done xchat plugins
[00:52] <aum> but from what i've seen and tried, it's got a great python
api
[00:52] <toad_> yeah
[00:52] <aum> i'll still have to ensure that it can create buttons, or
context menu entries etc
[00:52] <toad_> well, what does one of these plugins need to do?
[00:52] <toad_> the easy one is "exchange with somebody who has the
plugin"
[00:52] <aum> i'd see it as a context menu entry on the user
[00:52] <toad_> what happens if you try to exchange with somebody who
DOESN'T have the plugin?
[00:52] <toad_> that's the interesting part
[00:53] <aum> so you point at user's name in the list, right-click, and
see an entry 'exchange noderef'
[00:53] <toad_> yep
[00:53] <toad_> I suppose you are expected to already be chatting with
them, yes?
[00:53] <toad_> I mean privately?
[00:53] <aum> click on that, then it should privmsg the other user with
human-readable but parseable text
[00:53] <toad_> so the use scenario:
[00:53] <toad_> I talk to Joe
[00:53] <aum> well, you could right-click on a user in a public chan
[00:53] <aum> as well
[00:54] <toad_> I persuade him to install freenet
[00:54] <toad_> I then send him my reference with the right click?
[00:54] <aum> yes
[00:54] <toad_> he can't auto-add it; i doubt we can ship the plugin
with freenet
[00:54] <aum> ok, that's the simplest
[00:55] <toad_> so i'm not entirely sure how much use it is for
individuals who don't have the plugin already ...
[00:55] <toad_> so is this mostly about bot-to-bot?
[00:55] <FuriousRage> the scripts can be optional downloads on the site
thought
[00:55] <aum> i could send the ref via privmsg, which the user can
copy/paste into fproxy darknet page
[00:55] <toad_> right
[00:55] <toad_> you could do that anyway though
[00:55] <aum> that's piss-easy
[00:56] <toad_> what a script could do is notice when there's a freenet
reference and offer to add it to your node ...
[00:56] <aum> but if the other user has the plugin as well, they could
pick it up and telnet it to the node
[00:56] <toad_> okay, getting the user to install the plugin when they
install the node would be very nice
[00:56] <aum> and then the plugin could do '/me has added noderef'
[00:56] <toad_> plugins are in your home directory, they're not a global
thing, right?
[00:57] <aum> that would be the only sensible thing
[00:57] <toad_> so we could have the installer scan for .xchat etc and
offer to install plugins?
[00:57] <aum> there's a ~/.xchat dir
[00:57] <toad_> you'd have to restart your IRC client though, wouldn't
you?
[00:57] <aum> i don't know, i'm not familiar enough with xchat plugins
[00:57] <FuriousRage> mirc can load scripts without restart but the user
has to do it manually
[00:58] <toad_> well, we could have it ask the user to restart their irc
client, if it detects that it is running (recent timestamp on logs)?
[00:59] <aum> the only issue i see is in nix-land, xchat is only a small
percentage of irc userbase, there's bitchx, kvirc, jabber, even telnet
[00:59] <FuriousRage> afaik xchat can load plugins thru the gui without
restart, althought it needs user inputs/clicks
[00:59] <aum> hang on, here's an idea
[00:59] <aum> what about getting one of those open-source java applet
irc clients, and just adding the noderef swap there?
[01:00] <toad_> and if the user doesn't have the plugin, then it simply
sends them the noderef, and if anyone privmsg's you a ref, it offers to
add it?
[01:00] <aum> toad_: can do
[01:01] <toad_> and automatically sends them a ref, if one hasn't been
sent to them
[01:01] <toad_> if you choose to add it
[01:01] <toad_> so what we want is
[01:01] <toad_> if somebody sends you a ref via privmsg
[01:01] <toad_> then it produces a dialog box asking you if you want to
add it
[01:01] <aum> that makes sense, yes
[01:01] <toad_> with a checkbox to not send one in return, if you say
yes
[01:01] <toad_> so that's the recipient end
[01:01] * aum really has to learn the xchat plugin api in depth
[01:02] <toad_> the sender end is right click and select Exchange Node
References, or something similar (needs to be easy to invoke from a
private chat)
[01:03] <toad_> which will simply send a noderef
[01:03] <toad_> so what you DON'T want to do is Exchange Node References
with everyone on the channel :)
[01:03] <aum> haha
[01:03] <FuriousRage> the bot-to-bot ref swap could be done with some
"code" so the plugin can identify another bot
[01:03] <toad_> but it's a nice optimization if they're ready to process
it
[01:03] <toad_> FuriousRage: it hardly needs to
[01:04] <aum> so no auto-swap of noderefs with the Chinese Ministry of
Information Official then? awwww...
[01:04] <toad_> FuriousRage: you right click Exchange Node References
[01:04] <toad_> FuriousRage: that sends a ref to him
[01:04] <toad_> FuriousRage: his bot recognizes it, asks him if he wants
to connect
[01:04] <toad_> he says yes
[01:04] <toad_> so it sends a ref back
[01:04] <toad_> your node recognizes the ref and adds it automatically
since you sent the ref in the first place
[01:04] <toad_> all done, very efficient
[01:04] <FuriousRage> althougth a popping up msg middle of out of
nowhere can be higly annoying
[01:05] <toad_> indeed, you shouldn't do it unless you know he WANTS a
node reference !
[01:05] <toad_> we have to go over /msg unfortunately because DCC
usually doesn't work
[01:05] <toad_> well we COULD try dcc and then try cdcc ...
[01:05] <FuriousRage> or if youre afk and you get node refs could lock
client up with msg boxes
[01:05] <aum> no dcc, it's too vulnerable to firewalls
[01:05] <toad_> but it does have the advantage that it works with manual
ref exchanges too
[01:05] <FuriousRage> cdcc?
[01:06] <toad_> FuriousRage: they're modal?
[01:06] <toad_> why do they have to be modal?
[01:06] <FuriousRage> toad_: maybe, maybe not, dunno how all clients
client do their gui's ;>
[01:06] <toad_> aum: well we could try it; if it does work it's more
secure, and it's less like /msg ...
[01:07] <toad_> well modal dialogs are pretty rare on unix
[01:07] <FuriousRage> toad_: if its an msgbox, it locks you up until you
answer, else you need to re-invent the wheel a tad
[01:07] <toad_> although they're more common on windows
[01:07] <toad_> FuriousRage: well that's not good
[01:08] <toad_> you want me to write up the strategy to the list,
anyway?
[01:08] <FuriousRage> with mirc you can use an modal msgbox, but thats
not good, but you can also make an gui with alot of code.
[01:08] <toad_> :|
[01:08] <toad_> portable code?
[01:08] <FuriousRage> yeah, just one mirc script ini/mrc
[01:09] <toad_> okay
[01:09] <FuriousRage> pure text
[01:09] <toad_> so it's not catastrophic
[01:09] <toad_> it's just more work
[01:09] <toad_> ?
[01:09] <FuriousRage> ya its a tad mode work to get the gui, althought
iirc there one or two program that can help you make the gui it self by
drawing it and it generates the code for the whole gui for you
[01:10] <FuriousRage> then you just need to add the ref swap code part
;>
[01:11] <toad_> ok...
[01:11] <aum> how dominant is mirc for irc on windows?
[01:11] <FuriousRage> about IE in comparison afaik
[01:11] <FuriousRage> ppl seams to think mIRC == irc ;>
[01:12] <toad_> :|
[01:12] <FuriousRage> (== irc as in, mirc is something unique, one
server chat irc and nothing else exists)
[01:12] <FuriousRage> tbh, i dont know any other windows irc client
right off ;>
[01:13] <toad_> ok ...
[01:14] <toad_> will people generally run executables that their friends
DCC to them?
[01:14] <FuriousRage> *NIX world got as many irc client that there is
dists ;>
[01:14] <toad_> is it useful to provide a means to send somebody an
installer?
[01:14] <toad_> which might include your ref built-in, and automatically
send its own back?
[01:14] <FuriousRage> toad_: most novice computer ppl double click
anything
[01:14] <toad_> well sure but they're idiots and we want to re-educate
them... :)
[01:15] <FuriousRage> toad_: or another idea perhaps, could be that you
got an seperate "console" program (perhaps gui for win)
[01:15] <FuriousRage> that does the actually ref swap
[01:15] <toad_> generally speaking we won't be able to produce a nice
distro servlet site for them because we won't be able to port forward
[01:15] <aum> i'm a bit helpless with discussing the specifics while I'm
still unfamiliar with the xchat api
[01:15] <FuriousRage> you send your IP + a port to the user you wanna
swap with and start some "server" that talks to each otehrs and add each
others, but that requires the bots know how to talk to each others
[01:16] <toad_> so it's a matter of get it from freenetproject.org, or
get it via DCC/email attachment
[01:16] <toad_> aum: we're still debating behaviour here
[01:16] <toad_> FuriousRage: well.. we're not talking about fake-opennet
here
[01:16] <toad_> we're primarily talking about making it really easy to
exchange refs with people you know
[01:16] <FuriousRage> toad_:althought ppl finding their own way to
freenet will probably hesitate running any exe even straight off freenet
site
[01:17] <toad_> FuriousRage: :)
[01:17] <toad_> FuriousRage: bazillions of people run freenet from
slashdot :)
[01:17] <toad_> i suppose that's a Reputable News Site ...
[01:17] <FuriousRage> toad_: afaik freenet installer is java, so they
can decompile everything and check the code for "bad stuff"
[01:17] <toad_> many bazillions of people run files they download off
the internet via HTTP; even I do, and I know it's completely stupid;
nobody provides binaries over SSL!
[01:18] <FuriousRage> i dont belive any other day supernovice casual
user will find freenet in the first place
[01:18] <toad_> FuriousRage: lol, yeah, or they could just compile it
from source
[01:18] <toad_> well, anyway, the question is:
[01:18] <toad_> do we want to send people to freenetproject.org or do we
want to send them a customized installer?
[01:18] <FuriousRage> but having the ref in clear text could be an issue
[01:19] <toad_> secondly, do we want to send them some sort of invite
file which authorizes them to come back, or do we want to just exchange
references?
[01:19] <toad_> invites are possible because we know their IP when we
exchange refs...
[01:19] <toad_> but I'm generally leaning in the direction of reference
exchange...
[01:19] <toad_> FuriousRage: well there's not much we can do about it
[01:19] <FuriousRage> i dont know if this works in GNU/Linux and equal,
but in windows you could associate like .fnt (=freenet ref encrypted
file or something) if you run it, a program from freenetproject reads
that file and adds the ref, then you only need to send that "text"file
[01:19] <toad_> FuriousRage: any encryption we do is both detectable and
MITMable :<
[01:19] <toad_> because there's no authentication
[01:20] <toad_> right
[01:20] <toad_> we could send a .freenet-ref file over DCC
[01:20] <FuriousRage> (basicly like notepad <anyfile top open here>)
[01:20] <toad_> of course that requires that DCC works, which as I
understand it it generally doesn't because of the #!$%ing NATs?
[01:20] <toad_> but generally speaking, making freenet a handler for
.freenet-ref files is a good thing...
[01:21] <FuriousRage> toad_: email, IM, DCC, yousendit.com ect.
[01:21] <FuriousRage> toad_: you send it = send 1 gig "over email" (more
a link to a dl)
[01:21] <toad_> creating a .freenet-invite file is an even better thing,
except that we need to know the IP address they'll come back from (and
maybe even the port number) in order to hole punch
[01:21] <FuriousRage> toad_: try keep the .xxxx to 3-4 letters for
windows imo
[01:21] <toad_> right, so .fnr and .fni :)
[01:22] <FuriousRage> toad_: the .ref file could probably contain
exactly the same info as the current ref does, but encoded/encrypted for
more safety
[01:22] <toad_> FuriousRage: you mean obfuscated?
[01:22] <toad_> FuriousRage: i suppose, i'm not sure i see the point
though
[01:22] <toad_> just stick it in a passworded zip inside a passworded
zip, that'll get it over the Great Wall even at the moment :)
[01:22] <FuriousRage> toad_: just check throughly that you dont take a
really taken/common extention, i hate that 14 programs uses the same
extention for diff data (not .txt, but .dat can be any shit and
associate to wrong program sux=) ;>
[01:23] <FuriousRage> obfuscated <-- i dont speak latin
[01:23] <toad_> yeah we need to check the three letter extension we use
[01:23] <toad_> .fnr is almost certainly taken for example
[01:23] <toad_> something to do with fonts :)
[01:23] <FuriousRage> fnt
[01:23] <FuriousRage> fon
[01:23] <FuriousRage> for fonts iirc
[01:23] <toad_> 1. To darken; to obscure; to becloud.
[01:23] <toad_> [1913 Webster]
[01:24] <toad_> (obfuscate)
[01:24] <toad_> we cannot encrypt the references because we cannot
establish a key securely
[01:24] <FuriousRage> toad_: ya, so its alteast not in clear text, BUT
using zip passwording sux, easilly cracked unless you use a password of
50+ chars
[01:24] <toad_> FuriousRage: sure, but antivirus and firewalls don't do
it
[01:25] <FuriousRage> toad_: but you secret police might ;>
[01:25] <FuriousRage> +r somewhere there ;<
[01:25] <toad_> sure but not on every message
[01:25] <FuriousRage> if it goes like it did i france, it might
[01:25] <FuriousRage> not that im 100% up to date with their laws now ;>
[01:26] <FuriousRage> but i guess zip in zip would cover the clear text
part anyways
[01:26] <toad_> well anyway
[01:26] <toad_> we can add a handler for .ref files
[01:26] <toad_> for simple references
[01:26] <toad_> the problem is we need to exchange both ways
[01:27] <FuriousRage>
http://filext.com/detaillist.php?extdetail=ref&Search=Search
[01:27] <FuriousRage> ref taken by adaware
[01:27] <toad_> FuriousRage: and fnr?
[01:27] <FuriousRage> none afaik
[01:27] <FuriousRage> afais*
[01:27] <toad_> the problem with .fnr files (or whatever extension) is
that we need to send one back to the other end in order to complete the
transaction
[01:27] <FuriousRage> but 6 programs is know to use ref
[01:27] <toad_> right, so .fnr
[01:28] <toad_> application/x-freenet-reference :)
[01:28] <toad_> how's .fni?
[01:28] <FuriousRage> toad_: almost like current trade, but it wont be
in clear text anyways, which is a start
[01:28] <toad_> well i suppose
[01:28] <toad_> we can bolt on obfuscation support later if we need it
[01:28] <FuriousRage> but then either freenet dev needs to make a
program to handle .fnr, which gives you ppl more work ;>
[01:29] <FuriousRage> toad_: perhaps if ppl WANTS, they chould add an
"password" to be able to add that ref, like
[01:29] <FuriousRage> i msg toad_ with wish to trade ref
[01:29] <FuriousRage> we both agree on a password (for "more security")
[01:29] <toad_> right
[01:29] <toad_> you send the zip
[01:29] <toad_> i unpack it
[01:29] <FuriousRage> without that password, you shouldnt be able to add
that ref file
[01:29] <toad_> i double click on the unzipped file
[01:31] <FuriousRage> with win-win ref tade you could use an program to
encrypt the ref with agreed password with perhaps RSA or *FISH dunno
about win-nix-win
[01:31] <toad_> right
[01:31] <FuriousRage> then it wouldnt beed scripts for each irc client
[01:31] <toad_> well I think .fnr should at least initially just be
plain text
[01:31] <FuriousRage> just need a program that runs on nix/win to cover
it
[01:32] <toad_> and if people need to obfuscate it then they can agree a
password or something
[01:33] <toad_> now, invites
[01:33] <toad_> an invite is:
[01:33] <toad_> - a freenet reference
[01:33] <toad_> - a cryptographic token
[01:33] <toad_> - a few temporary port numbers
[01:33] <toad_> the cryptographic token lets it get into the node, and
send its own reference back
[01:33] <toad_> the temporary port numbers are ports which the other
node will be sending packets to to punch a hole
[01:33] <aum> guys - i have to go for a bit, wife just arrived, any
chance one of you can save a log of this chat and email me?
[01:33] <FuriousRage> that would need to be built in the node then i
belive
[01:33] <toad_> i.e. ports which it can use to send it from
[01:34] <toad_> aum: sure
[01:34] <toad_> aum: seeya
[01:34] <toad_> FuriousRage: .fnr handling would have to be built in
[01:34] <toad_> FuriousRage: don't worry about it, it's not hard
[01:34] <toad_> invites are a bit harder
[01:34] <toad_> but if they are widely usable then cool
[01:34] <FuriousRage> lets compare to windows xp's remote desktop help,
there you can email an invite to others, they click a link or something,
and they get your ref, but your node need to add its ref
[01:35] <toad_> FuriousRage: huh?
[01:35] <FuriousRage> althought then the insecurity comes to mind, that
anyone that intercept your invite could add their node to yours before
the real invted one can
[01:35] <FuriousRage> with windows xp, theres an built in "remote help
me app" where you can send an invite to help you (like vnc) either thru
msn or email
[01:36] <FuriousRage> with that email link they can connect to your
remote desktop and help you (like vnc) (if allowed from your side)
[01:36] <toad_> right
[01:37] <FuriousRage> but an invite leaves your node open to get added
by anyone as far i can see unless that can be worked out safely
[01:37] <toad_> the invite includes what exactly? your IP address, and
some sort of cryptographic token, right?
[01:37] <FuriousRage> probably something like your ref or close to
[01:37] <FuriousRage> but your email *could* get intercepted by that
'evil' goverment that wants no-anonymousness
[01:37] <toad_> FuriousRage: well it lets it be added by the *first
person* to use the invite, yes
[01:38] <toad_> if They have machinery set up to intercept invites and
exploit them, then we need to take further measures
[01:38] <toad_> firstly to disguise it
[01:38] <toad_> secondly we may want some sort of out of band
verification
[01:38] <FuriousRage> it could be some password to add that "any node"
but then most ppl would probably add the same password as the invite
[01:39] <FuriousRage> and if the invite is intercepted, and you send the
password seperatly thru clean text email, it could be taken too
[01:39] <toad_> right
[01:39] <FuriousRage> but
[01:39] <toad_> well what if you call them by phone?
[01:39] <toad_> that'd be hard to intercept
[01:39] <FuriousRage> if you do the email invite like imagined now
[01:40] <FuriousRage> adding first node that has the right "code" from
the invite
[01:40] <toad_> can we do something like checking fingerprints over the
phone on GPG?
[01:40] <toad_> FuriousRage: yes...?
[01:40] <FuriousRage> but leaves that node disabled until the node owner
enables that one
[01:40] <FuriousRage> which in this case could make you be able to
verify that node reall yis the invited one
[01:40] <FuriousRage> thru email, im or w/e
[01:41] <toad_> hmmm
[01:41] <toad_> not sure i follow
[01:41] <FuriousRage> i mean like this
[01:42] <FuriousRage> i send an invite to aum thru email, he clicks the
link ro w/e to add me, his node connects to mines, he is the first one
to connect to that temp port with the right "key" from the email
[01:42] <FuriousRage> but then i need manually to enable his node/ref
after that, so not anyone could get added by me and get connected by
default
[01:43] <toad_> how about the invitee sends a fingerprint out of band,
which is then verified by a challenge/response protocol? for example ...
Alice sends an invite to Bob. Bob adds the ref. Bob creates a secret.
Bob sends the secret out of band to Alice. the connection completes?
[01:43] <FuriousRage> if the ref adds as disabled/waiting as defailt, i
could perhaps call aum on the telephone the veryfi that this invite node
named "xx" is his node and not any other unknown party's
[01:44] <toad_> right
[01:44] <toad_> so we have two security mechanisms
[01:44] <FuriousRage> toad_: well, if the secret is sent over email its
too easilly intercepted by anyone with little knowledge, u nless you had
something else in mind
[01:44] <toad_> 1. it's the first to use it.
[01:44] <toad_> 2. we verify a secret out of band.
[01:44] <FuriousRage> toad_: out of band, you mean like over im or phone
or similar?
[01:45] <toad_> yeah
[01:45] <toad_> over phone, like with GPG
[01:45] <toad_> GPG fingerprints
[01:45] <toad_> there are ways to make it reasonably non-unpleasant :)
[01:45] <toad_> or we just password the whole process
[01:45] <FuriousRage> like
[01:45] <toad_> with a sufficiently creative password, it can be
reasonably secure
[01:45] <FuriousRage> 1. i send email invitation
[01:46] <FuriousRage> 2. you add me
[01:46] <toad_> no
[01:46] <FuriousRage> 3. you need to enter a password we agreed on over
phone or chat or w/e
[01:46] <toad_> 2. you create a node, add me, and it connects back to
me.
[01:46] <FuriousRage> 4. i can see you entered the correct pass, and i
choose to enable your node to connect
[01:46] <toad_> right, something like that
[01:47] <toad_> Alice sends an invite to Bob
[01:47] <toad_> Bob installs a node, which connects to Alice, and tells
Alice its noderef
[01:47] <toad_> Alice sends a password out of band (over the phone) to
Bob.
[01:48] <toad_> Bob then sends a hash of this password back to Alice
(in-line), and Alice accepts Bob as not an impostor
[01:48] <toad_> that protects Alice from accepting a bogus Bob
[01:48] <FuriousRage> but then another problem arises, many isp, just
like mine, blocks "any" outgoing port 25 other then perhaps their own
smtp'servers, so alice need to enter her isp's smtp info to send the
invite, unless you want then to get an text to paste into their email
program.
[01:49] <toad_> how do we protect Bob from a bogus Alice? public key
fingerprint, I suppose ...
[01:49] <toad_> FuriousRage: get a file to attach to their email...
[01:49] <toad_> FuriousRage: or send it over IM
[01:49] <toad_> FuriousRage: IM is much more practical than email anyway
[01:49] <FuriousRage> mm, might be better then send invite form the node
it self.
[01:49] <toad_> I think email is largely a nonstarter outside the geek
community
[01:49] <toad_> because of NATs
[01:50] <toad_> we must know the other side's IP address!
[01:50] <FuriousRage> althought then it comes down to that Bob perhaps
is behind a NAT, and he needs to open the port(s)..
[01:50] <toad_> if both sides know the other's IP and port then we can
do UDP hole punching
[01:51] <toad_> brb
[01:51] <FuriousRage> dunno really what that udp hole punching does, but
afaik a "broadband router" wont let much inside unless you open it
[01:51] <FuriousRage> its getting late here (2:51am now)
[01:56] <toad_> ok i'm back
[01:56] <toad_> well
[01:57] <toad_> yeah i need to go to bed soon
[01:57] <toad_> one last thing
[01:57] <toad_> all we have to do above is verify the pubkey
fingerprints in both directions
[01:57] <toad_> we can make this easy
[01:57] <FuriousRage> ye
[01:57] <toad_> however if we're putting users through that, then
there's not so much point in saving the extra round trip
[01:57] <FuriousRage> should be easy for the end user else you scare
everyone off except the geeks ;>
[01:57] <toad_> so we may as well simply send the user a copy of the
node, with our reference
[01:58] <toad_> and then when the node is installed, we remind the user
to send a copy of their new ref back
[01:58] <toad_> we generate the file and tell them to send it back
[01:58] <toad_> that will even work over email
[01:59] <FuriousRage> mm
[01:59] <toad_> beyond that, the only way to make it really smooth on
non-real-time media such as email is to hook into the email system and
send the ref back; this is good as it means we can send an invite from
within the code, but it's unrealistic
[01:59] <toad_> because most people use webmail
[01:59] <toad_> and even if they don't it's extra hassle
[01:59] <toad_> although we can automate it ... until it changes!
[02:00] <toad_> okay
[02:00] <toad_> i'll stick the irc log somewhere
[02:00] <toad_> and write up what i can
[02:00] <toad_> good night
[02:00] <toad_> suggest you go to bed
[02:01] <FuriousRage> maybe the email list for darktools
[02:01] <FuriousRage> nn
[02:01] <toad_> right
[02:01] <toad_> good night
[02:01] <-- FuriousRage has left this server. ()
--
Matthew J Toseland - toad@???
Freenet Project Official Codemonkey - http://freenetproject.org/
ICTHUS - Nothing is impossible. Our Boss says so.
