/*
 * GNU.FREE 2001
 *
 * Copyright (c) 1999, 2000, 2001 The Free Software Foundation (www.fsf.org)
 *
 * GNU.FREE Co-ordinator: Jason Kitcat <jeep@thecouch.org>
 *
 * GNU site: http://www.gnu.org/software/gnu.free/gnufree.html
 * 
 * FREE e-democracy site: http://www.thecouch.org/free/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program (gpl.txt); if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */

NEWS

1.5		Package Free.DBPool was built to offer database connection pooling. Opening and
		closing connections is the major performance drag on database access, this
		system caches connections to remove the need for constantly opening new ones.

1.5		For some reason all Socket input was buffered but not output so this was corrected
		in all GNU.FREE applications.

1.5		Logging code has been optimised to minimise performance impact if turned off.

1.5		Free.util.StringByteTools was created for faster Byte <-> String conversions
		based on the definition of the GNU.FREE protocols being ASCII only.

1.5		A series of optimisations on String evaluation and appends were done on all
		the code. Other minor tuning tweaks have been done on areas such as Vectors.

1.5		FREE has become an official GNU package and so is renamed GNU.FREE

1.5		The Swing GUI has been ported to AWT 1.1

1.5		Various minor bugs fixed. See ChangeLog for detail. Documentation errors fixed too.

1.5		Upgraded to log4j 1.0.4 also have talked to log4j Ceki Glc to confirm that
		his project will be providing secure logs soon - thus rendering that todo
		item hopefully unnecessary.

1.5		Strong input checks on the FreeClient have been implemented.

1.5		The ERServer<->FreeClient login process has been made more secure. The PIN
		and password are communicated as SHA-1 digests and are stored on the ERServer
		as digests too.

1.5		The IP address of all client connections are logged on the servers.

1.5		Tests have shown DNS names are not needed, just IP addresses thus making
		the vote process virtually immune to certain kinds of spoofing attacks.

1.5		All database is automatically Blowfish encrypted on input/output. As a result
		a new startup frame has been built to take the runtime password. (An interesting
		usability/security tradeoff here. For the moment we lean to security with runtime
		instead of stored passwords.)

1.4		A new security paradigm has been added to the FREE architecture. Based on secure,
		private and unique authorisation keys the system protects against potential
		attacks through the reverse engineering of the client software. Incidentally it
		helps to improve the reliability of the system.

1.4		Boundary checks have been instituted for all database code and also installation
		strings.

1.4		The message authentiction codes used for tamper protection now use the superior
		SHA-1 algorithm insted of MD5.

1.4		A new verification procedure has been introduced: When a Regional server sends
		its sub-totals the ERServer is queried so that a comprison of voters registered
		as having voted agasint votes stored can be made.

1.4		The use of the deprecated Thread.stop() method has been removed

1.3		JNLP standard used with Sun's Java Web Start to offer improved delivery of the
		FREE Client software (optional)

1.2.2	Fixed a major bug in Free.ServerProtocol that resulted in security errors during
		British Summer Time.

1.2.2	A minor bug in FreeInstall has been fixed.

1.2.2	INSTALL file has been considerably expanded and improved.

1.2.1	FreeInstall has been created to automatically change key variables
		in the source to make setting up FREE easier for non-developers.

1.2.1	We have upgraded to use log4j 0.8.3

1.2.1	Several small previously outstanding bugs have been fixed.

1.2.1	We have transitioned to following the GNU release guidelines which has
		resulted in a variety of new files and practices. See www.gnu.org

1.2		The new class Free.ScreenAppender and ERServer.ScreenAppender has been
		written to extend the Appender interface from log4j so that all reporting
		is also written to screen. This provides a performance gain by letting
		us remove all the hand coded messaging and also provides a system
		aware of the categories/priorities of the file-based logging output.

1.2		A time out system has been implemented for the client functions of 
		FreeClient and RTServer which resets connections after a certain
		amount of inactivity. Replicating this functionality on the servers
		is rather more complicated and hasn't been done.

1.2		Bug fixed in ERServer.DBase.checkER() where if the voted field was NULL
		the voter authorisation process wouldn't proceed as set out by the
		specification.

1.1		A NullPointerException wasn't being caught in FreeClient.TCPClient and 
		in RTServer.TCPClient when it was thrown if a server connection couldn't
		be made. This has now been fixed and error handling made more informative.

1.1		Logging system introduced and some classes hived off into freeutil.jar
		The logging system will allow proper security audit trails.

1.0		First public version released as FREE 1.0

EOF NEWS