/*
 * GNU.FREE 2002
 *
 * Copyright (c) 1999, 2000, 2001, 2002
 * The Free Software Foundation (www.fsf.org)
 *
 * GNU.FREE Co-ordinator: Jason Kitcat <jeep@free-project.org>
 *
 * GNU site: http://www.gnu.org/software/free/
 * 
 * FREE e-democracy site: http://www.free-project.org
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program (COPYING); if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 */

NEWS

1.9		GNU.FREE now supports multiple voting systems - currently Borda and FPTP. The FreeClient
		interface has been accordingly modified.

1.9		XML support has now been integrated so that FreeInstall uses an XML file to know how to
		configure GNU.FREE for a specific election.

1.8		Preliminary work on XML election description system to allow for support of multiple voting
		and counting systems.

1.8		Major protocol overhaul resulting in the use of HMAC system with initialisation packets,
		packet counters, HMAC seeds and HMAC keys. The resulting protocol should be much more 
		resistant to attack.

1.8		Object updates - Free.util.Packet has been added to resulting in cleaned up code elswhere.

1.8		Several major and minor bug fixes including removing break in FreeInstall and some
		server concurrency issues.

1.8		MacOS X Compatibility acheived. (Tested on 10.0.4 Server)

1.7		Communications level encryption of all data transmitted has been implemented
		using a public key system to encrypt session keys for Blowfish to encrypt the
		main data portion.

1.7		Some protocol bugs fixed, including improving the coverage of the MAC.

1.7		PollManager created to allow polling station managers to use GNU.FREE services
		in a ballot.

1.7		Update Electoral Roll database table to store more information.

1.7		User feedback given if invalid syntax used in import users file.

1.6		Internationalisation support has been added to the FreeClient.

1.6		Logs now have tamper resistance thanks to a message digest system. Using FreeTest
		any log can be checked to see which line tampering starts at.

1.6		The key data-structures have been improved to remove a large amount of redundant
		code throughout the codebase.

1.6		GNU.FREE now has built in support for PostgreSQL and MySQL from the Installer.

1.6		The FreeInstall program now supports multiple ports so that RTServer and ERServer
		can be run on the same physical machine.

1.6		Test Ballots can now be created. These are to prove that voting XXXX actually
		registers XXXX. This is blind in that the servers don't know it's a test vote
		until the very last step so that it isn't registered as a real vote.

1.6		The GNU.FREE Testing Suite (FreeTest) has been massively updated to support
		stress testing with the new AuthKey architecture. It also now generates user
		data and key for import into ERServer.

1.6		Menus have been added to the server interfaces making regular use much smoother.

1.6		The logging information display has been vastly improved with the inclusion of the
		new TextView replacing TextArea. We have auto-scrolling, word wrap and the long
		awaited return of colour!

1.6		Automated Electoral Roll import has been created to ease setup. Reads CSV format
		files.
		
1.5		Package Free.DBPool was built to offer database connection pooling. Opening and
		closing connections is the major performance drag on database access, this
		system caches connections to remove the need for constantly opening new ones.

1.5		For some reason all Socket input was buffered but not output so this was corrected
		in all GNU.FREE applications.

1.5		Logging code has been optimised to minimise performance impact if turned off.

1.5		Free.util.StringByteTools was created for faster Byte <-> String conversions
		based on the definition of the GNU.FREE protocols being ASCII only.

1.5		A series of optimisations on String evaluation and appends were done on all
		the code. Other minor tuning tweaks have been done on areas such as Vectors.

1.5		FREE has become an official GNU package and so is renamed GNU.FREE

1.5		The Swing GUI has been ported to AWT 1.1

1.5		Various minor bugs fixed. See ChangeLog for detail. Documentation errors fixed too.

1.5		Upgraded to log4j 1.0.4 also have talked to log4j Ceki Glc to confirm that
		his project will be providing secure logs soon - thus rendering that todo
		item hopefully unnecessary.

1.5		Strong input checks on the FreeClient have been implemented.

1.5		The ERServer<->FreeClient login process has been made more secure. The PIN
		and password are communicated as SHA-1 digests and are stored on the ERServer
		as digests too.

1.5		The IP address of all client connections are logged on the servers.

1.5		Tests have shown DNS names are not needed, just IP addresses thus making
		the vote process virtually immune to certain kinds of spoofing attacks.

1.5		All database info is automatically Blowfish encrypted on input/output. As a result
		a new startup frame has been built to take the runtime password. (An interesting
		usability/security tradeoff here. For the moment we lean to security with runtime
		instead of stored passwords.)

1.4		A new security paradigm has been added to the FREE architecture. Based on secure,
		private and unique authorisation keys the system protects against potential
		attacks through the reverse engineering of the client software. Incidentally it
		helps to improve the reliability of the system.

1.4		Boundary checks have been instituted for all database code and also installation
		strings.

1.4		The message authentiction codes used for tamper protection now uses the superior
		SHA-1 algorithm insted of MD5.

1.4		A new verification procedure has been introduced: When a Regional server sends
		its sub-totals the ERServer is queried so that a comprison of voters registered
		as having voted against votes stored can be made.

1.4		The use of the deprecated Thread.stop() method has been removed

1.3		JNLP standard used with Sun's Java Web Start to offer improved delivery of the
		FREE Client software (optional)

1.2.2	Fixed a major bug in Free.ServerProtocol that resulted in security errors during
		British Summer Time.

1.2.2	A minor bug in FreeInstall has been fixed.

1.2.2	INSTALL file has been considerably expanded and improved.

1.2.1	FreeInstall has been created to automatically change key variables
		in the source to make setting up FREE easier for non-developers.

1.2.1	We have upgraded to use log4j 0.8.3

1.2.1	Several small previously outstanding bugs have been fixed.

1.2.1	We have transitioned to following the GNU release guidelines which has
		resulted in a variety of new files and practices. See www.gnu.org

1.2		The new class Free.ScreenAppender and ERServer.ScreenAppender has been
		written to extend the Appender interface from log4j so that all reporting
		is also written to screen. This provides a performance gain by letting
		us remove all the hand coded messaging and also provides a system
		aware of the categories/priorities of the file-based logging output.

1.2		A time out system has been implemented for the client functions of 
		FreeClient and RTServer which resets connections after a certain
		amount of inactivity. Replicating this functionality on the servers
		is rather more complicated and hasn't been done.

1.2		Bug fixed in ERServer.DBase.checkER() where if the voted field was NULL
		the voter authorisation process wouldn't proceed as set out by the
		specification.

1.1		A NullPointerException wasn't being caught in FreeClient.TCPClient and 
		in RTServer.TCPClient when it was thrown if a server connection couldn't
		be made. This has now been fixed and error handling made more informative.

1.1		Logging system introduced and some classes hived off into freeutil.jar
		The logging system will allow proper security audit trails.

1.0		First public version released as FREE 1.0

EOF NEWS