Use caching where possible to improve the speed:

• Getting Public keys from other users (see #19)
• ...

A easy-to-use library for caching is https://code.google.com/p/kitty-cache/

When signing with OS X and verifying the signature with Windows, the signature does not match (however, it should). Vice versa does not work either. Is there something wrong with usage of the bouncycastle's signature function?
We should fix that prior the 1.0.0 release since signatures are essentials for the security.

To enable real-time updates at logged in clients, file changes (deletions, additions, modifications) need to be sent to online clients directly. For this, we need a framework to easily broadcast the news.
In best case, clients should all be notified in parallel. However, it is not so bad if a message does not arrive (because of a network problem). A retransmission of it is optional since it's not critical.

The H2H library should provide a sort of observer that serves notifications of changes in the file system. The following requirements shall be met:

• notifications for file add, remove, modification
• notifications should be OS independent
• it should be possible to subscribe to notifications independently (Observer Pattern)

It could be interesting to adapt the idea of the Wuala concept "Cryptree" which helps with the key management of shared folders.
(http://dcg.ethz.ch/publications/srds06.pdf)

The logout routine should do the following things:

• stop all running processes
• remove the client's entry from the locations map
• persist the meta data

In case of an unfriendly leave, no master update is done here. This is done implicitly, see #15.

The process framework is good for modularization, however gets very complex for large chains. What can be improved here?

According our meeting on 20.12. we would like to extend our H2HNode interface with an information method, which shows which files and folders of the logged in user currently are stored in the network.

New data has been added on the current client node (H2H was offline) or on another (online or offline) client node. This has to be detected and trigger a synchronization.

We always update the parent meta folder if a new file is added in its directory. But maintaining a list of children there is not needed as far as I know. It is just an unnecessary overhead.
When removing this, we can simplify many processes:

• add
• remove
• move
• recover

BTW: We do not have a root meta folder.

The notification frameworks currently only supports private messages. For diverse operations on shared files users need to notify other users.
This is how we thought it:

• Client sends notification to all his own clients
• Client creates a UserProfileTask and adds it to the other user's queue in the DHT
• Client notifies master of the other client that he should check his queue

Since we changed the concept slightly during the development, the MetaFolder is not used at the moment. When adding a folder, the MetaFolder is pushed to the DHT. If the MetaFolder stays unused, we could skip this step.

The H2HNode is the first point of interaction with the user/developer. The interface should be well-organized, easy to use but still configurable and extendable.
At the moment, the H2HNode implements an IH2HNode interface, which is responsible for UserManagement and FileManagement. The H2HNode should be redesigned and split such that an object-oriented structure arises.

As a next step, the FileManager, holding the root of the current session and delivering some file search / retrieve functions could be improved: The root folder of the session should be stored in the H2HSession while the FileManager's methods become static and are moved to the FileUtil. This change may lead to many changes, especially in our test-cases, but I think it's worth it.

It is possible to configure the limit of maximum number of versions. When uploading a new version, the number of existing versions should be checked and old versions should be deleted.

By running multiple processes concurrently (file upload / modification / deletion), the user profile is fetched multiple times. This leads to massive conflicts when putting it. To overcome this problem, we suggest to have a central instance that gets and puts the user profile.

An initial framework for processes. A process can run in parallel and consists of several process steps which can be rolled back. The process manager keeps track of all running processes.

Goal: first process which checks if user id exists.

Read-Only of content in the DHT. We use signatures to verify the owner and to ensure that only the owner can modify / delete his content in the network.

We once discussed that (parallel to the H2H functionality), we probably should keep a generic Put / Get functionality. The user can store anything to the DHT; This could support the developer when creating a specific app. Support for write protection and encryption would be a nice feature.

To test and verify the whole library and its APIs, a dummy console client shall be implemented. With this, use cases like register, login, add/remove file etc. should become testable.

User should be able to move a file from a private folder into another private folder. There are some operations on the DHT necessary in order that other clients know that the file has been moved. Until the operation is implemented completely, the user could delete and re-add the file at the new directory.

According to our metting on 20.12 we proposed a join method in our IProcess interface. This method should allow the users the create dependencies between the triggered processes (one waits for another).

When a user sends a message to another user for the first time, its public key is not in the cache yet and must be fetched from the DHT. This causes an unintended timeout.
We need to accept the message provisorily and then execute it after a real check of the key.

A encryption util class which provides methods for generating keys, encrypting and decrypting.

Goal: encrypting user profile

The usage of different key sizes and encryption strengths should be consistently handled. A centralized place of definition and the usage of specific constants needs to be checked and validated.

Unsharing should ensure that the other user does not have access to the files anymore. The other user(s) could keep the keys to locate and decrypt the files, thus a copy of the data must be re-encrypted with a new key pair and uploaded to the DHT.

Add entry into location map. But don't put the map now. See #8.

A single process step where the user profile gets decrypted.

Since we store multiple versions of a file in the DHT, the user should be able to recover old versions. Thus, we should provide an operation to download a specific version, not only the newest one.

Share a folder (with all its contents) with another user. All subfolders should be shared as well (inherit the rights).

We have several Use Cases where the definition of the master client has to be done: Login, Logout and Client Node Detected As Offline (UC 7.6).
To my knowledge, we did not come up with one final solution but rather implemented this as part of the login process. We further discussed about taking the client with the lowest PeerAddress as master.
However, I propose to extract 2 separate processes to ensure consistency among all use cases:

• a process that defines the master client
• a process that periodically checks UC 7.6 and might start the process above

Further, each client should have a local flag about whether it is master or not. In my opinion, this flag should reside in the H2HStorageMemory class. Other processes, such as the handling of user messages, should respect this property and implement functionality accordingly. (i.e. also work if 2 or more masters are defined - by mistake - for a short duration)

Does somebody have any objections?

On a put conflicts should be detected. On every put the old version is taken as reference. E.g. Node A and B has version 4. Node A and B modifies the version. Both want to upload their version. Node B was faster (first serve) and stores version 5. Now node A wants to update, but sees that there is already a newer version. A conflict has been detected.

Goal: uploading user profile and location map without conflicts

According to the other issues (#11, #12, #13) we need a downloading process. This is used when a client gets notified about a new file / version or after he logs in and detects the new version himself.

A single process step gets the encrypted user profile from the network. This involves the implementation of a GetProcessStep class, which provides all functionality and failure handling. The current solution with the methods in the ProcessStep class has to be removed.

Check online users of this client and define master. It could be possible that after an unfriendly leave some out-dated entries are stored in the location map.

This issue involves a first implementation of a message step, which includes also the message failure handling.

In order to synchronize the files (i.e. using the file synchronization APIs), a file observer running on the OS should be implemented. This observer is able to react to file changes, such as add/delete/modify, and invoke the respective APIs of the synchronization (see #11, #12, #13, #14).

The class 'FileTreeNode' is pretty ugly. We should consider following points:

• FileTreeNode could be split into a class for files and a class for folders (with common parent).
• The protection keys should be inherited
• Find a good way to indicate that a folder / file is shared (probably using a flag or so).

According to our meeting of 20.12 we proposed the idea to split the H2HNode interface in two interfaces, where one is responisble for the setup and the other for the file operations. This would allow the user a more intuitiv useage.

If master, handle user message queue. This will involve a initial stub implementation, because there are currently no user message in the project. However a smart approach has to be proposed to handle a user message queue.

Sometimes I observe an error in the GetMetaDocumentStep when the fetched data should be decrypted. A stack will be added here, as soon as it happens again. Is this error because of a defective rollback?

For a better overview for the developer, we should provide methods to retrieve a list of all files of the user in the DHT and the file states on disk.

So far User Messages are all of type BaseMessage. However, due to the recent changes they are no more sent by means of the MessageManager, but rather put/get globally. Following tasks emerge:

• define UserMessage hierarchy/interfaces, might end up to be of type NetworkContent
• sign/verify UserMessage

During the Process Framework refactoring I sometimes encountered strange and random behaviour and test fails that are impossible to reproduce. However, I figured out that the problems only occur in case of multithreaded access to mutable data in some classes, like the DataManager or NetworkManager.
Such behaviour (non-reproducibility) is typical for multithreaded applications when the accesses are not synchronized!

Our library allows several configurations (size of chunks, number of versions etc.). We have to documnet that on our webpage, so that future users have an ortientation.

Some data has been modified (on the local client node while H2H was offline or on another client node). This new version has to be synchronized with the other client nodes.

Some data has been locally or remote removed. The online going client node has to remove this data locally or respectively in the network.

A user profile can be created which all contains keys (also domain key). The user profile can be encrypted by the user's password.
A location map which is public, read only and contains peer address and role (user messages).

Goal: creating initial user profile and location map

All messages sent over the network shall be asymmetrically encrypted. The message is encrypted with the receiver's public key. The receiver decrypts the message with its private key.

We implemented a process framework wih several states. We have to document them on our webpage. But this issue can wait till the process framework refactoring has been done, which certainly will change some states.

The website (hive2hive.com) only covers basic topics yet. We should extend it because it's probably the most important way to 'communicate' with users and developers. After a discussion, we came up with following tasks:

• Redo the 'Overview' section --> @Biocodr
• 'How-to-use' must be updated to the newest version (after #47 ) --> @Biocodr
• Advanced Usage: 'Model' should show basic idea --> @nicoruti
• Advanced Usage: 'Security aspects' describe all security relevant decisions and principles (Encryption, Content protection, Versioning, Concurrent Modification, Login, ...) --> @ippes
• Advanced usage: 'Implemented Functionality' (currently 'sequence diagrams') should briefly show how the functions (login, add, ...) are implemented. --> @nicoruti
• Advanced Usage: 'How-to-extend' shows how to use the code and extend the existing interfaces with custom functionality --> @Biocodr
• We should merge the 'about', 'contact' and 'roadmap' page to a single menu because they are less important

Further we need to decide what to show at the landing page. I like the way our sliders at the front page look, but they are less useful for a quick overlook. Maybe we can redo these sliders too or even remove them.

Actually, this is a bit messy. Use clear structure for our tests. Mockito could help (https://code.google.com/p/mockito/).