64 files changed, 1183 insertions, 1027 deletions
diff --git a/configure.ac b/configure.ac
index fd1642839..5d308c658 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1773,8 +1773,6 @@ pkgconfig/gnunetdatacache.pc
 pkgconfig/gnunetdatastore.pc
 pkgconfig/gnunetdht.pc
 pkgconfig/gnunetdns.pc
-pkgconfig/gnunetdnsparser.pc
-pkgconfig/gnunetdnsstub.pc
 pkgconfig/gnunetdv.pc
 pkgconfig/gnunetenv.pc
 pkgconfig/gnunetfragmentation.pc
@@ -1803,7 +1801,6 @@ pkgconfig/gnunetstatistics.pc
 pkgconfig/gnunettestbed.pc
 pkgconfig/gnunettesting.pc
 pkgconfig/gnunettransport.pc
-pkgconfig/gnunettun.pc
 pkgconfig/gnunetutil.pc
 pkgconfig/gnunetvpn.pc
 ])
diff --git a/contrib/conf/gnunet/no_autostart_above_core.conf b/contrib/conf/gnunet/no_autostart_above_core.conf
index 114ec83a3..245b6a47d 100644
--- a/contrib/conf/gnunet/no_autostart_above_core.conf
+++ b/contrib/conf/gnunet/no_autostart_above_core.conf
@@ -88,3 +88,6 @@ START_ON_DEMAND = NO
 [zonemaster-monitor]
 START_ON_DEMAND = NO
+[zonemaster]
+START_ON_DEMAND = NO
diff --git a/contrib/conf/gnunet/no_forcestart.conf b/contrib/conf/gnunet/no_forcestart.conf
index a069674e0..de58c6039 100644
--- a/contrib/conf/gnunet/no_forcestart.conf
+++ b/contrib/conf/gnunet/no_forcestart.conf
@@ -39,3 +39,19 @@ IMMEDIATE_START = NO
 [zonemaster-monitor]
 IMMEDIATE_START = NO
+[psyc]
+IMMEDIATE_START = NO
+[rps]
+IMMEDIATE_START = NO
+[consensus]
+IMMEDIATE_START = NO
+[set]
+IMMEDIATE_START = NO
+[nse]
+IMMEDIATE_START = NO
diff --git a/doc/documentation/Makefile.am b/doc/documentation/Makefile.am
index 12f40f147..0ee81304e 100644
--- a/doc/documentation/Makefile.am
+++ b/doc/documentation/Makefile.am
@@ -114,6 +114,7 @@ gnunet_TEXINFOS = 						\
        chapters/developer.texi                                 \
        chapters/preface.texi                           \
        chapters/philosophy.texi                                \
+        chapters/installation.texi                              \
        chapters/user.texi                                      \
        chapters/vocabulary.texi                                \
        chapters/configuration.texi                             \
diff --git a/doc/documentation/chapters/developer.texi b/doc/documentation/chapters/developer.texi
index 22b175a3f..1f74a8163 100644
--- a/doc/documentation/chapters/developer.texi
+++ b/doc/documentation/chapters/developer.texi
@@ -352,7 +352,7 @@ The DHT and other components of GNUnet
 store information in units called 'blocks'. Each block has a type and the
 type defines a particular format and how that binary format is to be
 linked to a hash code (the key for the DHT and for databases). The block
-library is a wapper around block plugins which provide the necessary
+library is a wrapper around block plugins which provide the necessary
 functions for each block type.
 @item @file{statistics/} --- statistics service
 The statistics service enables associating
@@ -400,7 +400,7 @@ external service to test the local configuration.
 Some transports (UDP and WLAN, mostly) have restrictions on the maximum
 transfer unit (MTU) for packets. The fragmentation library can be used to
 break larger packets into chunks of at most 1k and transmit the resulting
-fragments reliabily (with acknowledgement, retransmission, timeouts,
+fragments reliably (with acknowledgment, retransmission, timeouts,
 etc.).
 @item @file{transport/} --- transport service
 The transport service is responsible for managing the
@@ -425,8 +425,8 @@ the foundation for the testbed service
 @item @file{testbed/} --- testbed service
 The testbed service is used for creating small or large scale deployments
 of GNUnet peers for evaluation of protocols.
-It facilitates peer depolyments on multiple
+It facilitates peer deployments on multiple
-hosts (for example, in a cluster) and establishing varous network
+hosts (for example, in a cluster) and establishing various network
 topologies (both underlay and overlay).
 @item @file{nse/} --- Network Size Estimation
 The network size estimation (NSE) service
@@ -1038,7 +1038,7 @@ if (0 == bar && x != y)
 @end example
 @noindent
-Note that splitting the @code{if} statement above is debateable as the
+Note that splitting the @code{if} statement above is debatable as the
 @code{return x} is a very trivial statement. However, once the logic after
 the branch becomes more complicated (and is still identical), the "or"
 formulation should be used for sure.
@@ -1173,12 +1173,12 @@ for building applications under UNIX-like systems. Furthermore we
 assume that the build environment is sane and that you are aware of
 any implications actions in this process could have.
 Instructions here can be seen as notes for developers (an extension to
-the 'HACKING' section in README) as well as package mantainers.
+the 'HACKING' section in README) as well as package maintainers.
 @b{Users should rely on the available binary packages.}
 We will use Debian as an example Operating System environment. Substitute
-accordingly with your own Ooperating System environment.
+accordingly with your own Operating System environment.
-For the full list of depenendencies, consult the appropriate, up-to-date
+For the full list of dependencies, consult the appropriate, up-to-date
 section in the @file{README} file.
 First, we need to build or install (depending on your OS) the following
@@ -1442,7 +1442,7 @@ $ gnunet-gns-proxy-setup-ca
 @end example
 @noindent
-The first generates the default zones, wheras the second setups the GNS
+The first generates the default zones, whereas the second setups the GNS
 Certificate Authority with the user's browser. Now, to activate GNS in the
 normal DNS resolution process, you need to edit your
 @file{/etc/nsswitch.conf} where you should find a line like this:
@@ -1536,7 +1536,7 @@ This range can be customised with the function
 similar to @code{GNUNET_TESTING_system_create()} except that it take 2
 additional parameters --- the start and end of the port range to use.
-A TESTING system is destroyed with the funciton
+A TESTING system is destroyed with the function
 @code{GNUNET_TESTING_system_destory()}. This function takes the handle of
 the system and a flag to remove the files created in the directory used
 to generate configurations.
@@ -1545,7 +1545,7 @@ A peer is created with the function
 @code{GNUNET_TESTING_peer_configure()}. This functions takes the system
 handle, a configuration template from which the configuration for the peer
 is auto-generated and the index from where the hostkey for the peer has to
-be copied from. When successfull, this function returs a handle to the
+be copied from. When successful, this function returns a handle to the
 peer which can be used to start and stop it and to obtain the identity of
 the peer. If unsuccessful, a NULL pointer is returned with an error
 message. This function handles the generated configuration to have
@@ -1579,7 +1579,7 @@ to the handle to the peer to stop. The callback function is called with
 the given closure when the peer is stopped. Using this function
 eliminates blocking while waiting for the peer to terminate.
-An asynchronous peer stop can be cancelled by calling the function
+An asynchronous peer stop can be canceled by calling the function
 @code{GNUNET_TESTING_peer_stop_async_cancel()}. Note that calling this
 function does not prevent the peer from terminating if the termination
 signal has already been sent to it. It does, however, cancels the
@@ -1660,12 +1660,12 @@ simply load the plugin directly.
 To help avoid performance regressions, GNUnet uses Gauger. Gauger is a
 simple logging tool that allows remote hosts to send performance data to
 a central server, where this data can be analyzed and visualized. Gauger
-shows graphs of the repository revisions and the performace data recorded
+shows graphs of the repository revisions and the performance data recorded
 for each revision, so sudden performance peaks or drops can be identified
 and linked to a specific revision number.
 In the case of GNUnet, the buildbots log the performance data obtained
-during the tests after each build. The data can be accesed on GNUnet's
+during the tests after each build. The data can be accessed on GNUnet's
 Gauger page.
 The menu on the left allows to select either the results of just one
@@ -1678,7 +1678,7 @@ performance evolution across all hosts.
 Using Gauger in GNUnet and having the performance of a module tracked over
 time is very easy. First of course, the testcase must generate some
 consistent metric, which makes sense to have logged. Highly volatile or
-random dependant metrics probably are not ideal candidates for meaningful
+random dependent metrics probably are not ideal candidates for meaningful
 regression detection.
 To start logging any value, just include @code{gauger.h} in your testcase
@@ -1890,7 +1890,7 @@ random links are to be given
 @item @code{GNUNET_TESTBED_TOPOLOGY_SCALE_FREE}: Connects peers in a
 topology where peer connectivity follows power law - new peers are
-connected with high probabililty to well connected peers.
+connected with high probability to well connected peers.
 @footnote{See Emergence of Scaling in Random Networks. Science 286,
 509-512, 1999
 (@uref{https://gnunet.org/git/bibliography.git/plain/docs/emergence_of_scaling_in_random_networks__barabasi_albert_science_286__1999.pdf, pdf})}
@@ -1931,7 +1931,7 @@ ignored for the rest of the topologies.
 Topology @code{SCALE_FREE} requires the options
 @code{SCALE_FREE_TOPOLOGY_CAP} to be set to the maximum number of peers
 which can connect to a peer and @code{SCALE_FREE_TOPOLOGY_M} to be set to
-how many peers a peer should be atleast connected to.
+how many peers a peer should be at least connected to.
 Similarly, the topology @code{FROM_FILE} requires the option
 @code{OVERLAY_TOPOLOGY_FILE} to contain the path of the file containing
@@ -1977,7 +1977,7 @@ A topology file describes how peers are to be connected. It should adhere
 to the following format for testbed to parse it correctly.
 Each line should begin with the target peer id. This should be followed by
-a colon(`:') and origin peer ids seperated by `|'. All spaces except for
+a colon(`:') and origin peer ids separated by `|'. All spaces except for
 newline characters are ignored. The API will then try to connect each
 origin peer to the target peer.
@@ -2003,9 +2003,9 @@ deemed as crossed after all the peers waiting on it are notified.
 The barriers API provides the following functions:
 @itemize @bullet
 @item @strong{@code{GNUNET_TESTBED_barrier_init()}:} function to
-initialse a barrier in the experiment
+initialize a barrier in the experiment
 @item @strong{@code{GNUNET_TESTBED_barrier_cancel()}:} function to cancel
-a barrier which has been initialised before
+a barrier which has been initialized before
 @item @strong{@code{GNUNET_TESTBED_barrier_wait()}:} function to signal
 barrier service that the caller has reached a barrier and is waiting for
 it to be crossed
@@ -2122,7 +2122,7 @@ the large-scale deployment. We provide you a set of scripts you can use
 to deploy GNUnet on a set of nodes and manage your installation.
 Please also check @uref{https://gnunet.org/installation-fedora8-svn} and
-@uref{https://gnunet.org/installation-fedora12-svn} to find detailled
+@uref{https://gnunet.org/installation-fedora12-svn} to find detailed
 instructions how to install GNUnet on a PlanetLab node.
@@ -2148,7 +2148,7 @@ image, installing the buildslave software is quite some pain. For our
 PlanetLab testbed we figured out how to install the buildslave software
 best.
-@c This is a vvery terrible way to suggest installing software.
+@c This is a very terrible way to suggest installing software.
 @c FIXME: Is there an official, safer way instead of blind-piping a
 @c script?
 @c FIXME: Use newer pypi URLs below.
@@ -2354,7 +2354,7 @@ for new developers):
 @item CPS-style scheduling (scheduler.c)
 @item Program initialization (program.c)
 @item Networking (network.c, client.c, server*.c, service.c)
-@item message queueing (mq.c)
+@item message queuing (mq.c)
 @item bandwidth calculations (bandwidth.c)
 @item Other OS-related (os*.c, plugin.c, signal.c)
 @item Pseudonym management (pseudonym.c)
@@ -2425,7 +2425,7 @@ level to "loglevel". Thus it is possible to run some processes
 with -L DEBUG, for example, and others with -L ERROR to enable specific
 settings to diagnose problems with a particular process.
 @item Configuration files.  Because GNUnet
-service and deamon processes are usually launched by gnunet-arm, it is not
+service and daemon processes are usually launched by gnunet-arm, it is not
 possible to pass different custom command line options directly to every
 one of them. The options passed to @code{gnunet-arm} only affect
 gnunet-arm and not the rest of GNUnet. However, one can specify a
@@ -2717,7 +2717,7 @@ will have
 no effect. Other messages (ERROR, WARNING, INFO, etc) will be included.
 @item If @code{--enable-logging} is set to @code{verbose}, or
 @code{veryverbose} the binary will contain DEBUG messages (still, it will
-be neccessary to run with @command{-L DEBUG} or set the DEBUG config option
+be necessary to run with @command{-L DEBUG} or set the DEBUG config option
 to show
 them).
 @end itemize
@@ -2728,7 +2728,7 @@ If you are a developer:
 @item please make sure that you @code{./configure
 --enable-logging=@{verbose,veryverbose@}}, so you can see DEBUG messages.
 @item please remove the @code{#if} statements around @code{GNUNET_log
-(GNUNET_ERROR_TYPE_DEBUG, ...)} lines, to improve the readibility of your
+(GNUNET_ERROR_TYPE_DEBUG, ...)} lines, to improve the readability of your
 code.
 @end itemize
@@ -2741,7 +2741,7 @@ A suitable configuration could be:
 $ export GNUNET_FORCE_LOG="^YOUR_SUBSYSTEM$;;;;DEBUG/;;;;WARNING"
 @end example
-Which will behave almost like enabling DEBUG in that subsytem before the
+Which will behave almost like enabling DEBUG in that subsystem before the
 change. Of course you can adapt it to your particular needs, this is only
 a quick example.
@@ -2952,7 +2952,7 @@ function, which is set to @code{NULL} in most cases, and the last
 parameter is the expected size of the message of this type, usually we
 set it to 0 to accept variable size, for special cases the exact size of
 the specified message also can be set. In addition, the terminator sign
-depicted as @code{@{NULL, NULL, 0, 0@}} is set in the last aera.
+depicted as @code{@{NULL, NULL, 0, 0@}} is set in the last area.
 @c ***********************************************************************
 @node Server - Process request message
@@ -3002,7 +3002,7 @@ understand the request message, and the processing of this request would
 be terminated.
 In comparison to the aforementioned situation, when the argument is equal
-to @code{GNUNET_OK}, the service would continue to process the requst
+to @code{GNUNET_OK}, the service would continue to process the request
 message.
 @c ***********************************************************************
@@ -3151,7 +3151,7 @@ GNUnet uses SHA-512 for computing one-way hash codes. The API provides
 functions to compute a hash over a block in memory or over a file on disk.
 The crypto API also provides functions for randomizing a block of memory,
-obtaining a single random number and for generating a permuation of the
+obtaining a single random number and for generating a permutation of the
 numbers 0 to n-1. Random number generation distinguishes between WEAK and
 STRONG random number quality; WEAK random numbers are pseudo-random
 whereas STRONG random numbers use entropy gathered from the operating
@@ -3230,7 +3230,7 @@ message.
 Consider the following simple message, with the body consisting of a
 single number value.
-@c why the empy code function?
+@c why the empty code function?
 @code{}
 @example
@@ -3505,7 +3505,7 @@ or in some other transient data structure and thus having the hash map
 keep a pointer to @code{key} would not work. Only the key inside of
 @code{val} has the same lifetime as the entry in the map (this must of
 course be checked as well). Naturally, @code{val->key} must be
-intiialized before the @code{put} call. Once all @code{put} calls have
+initialized before the @code{put} call. Once all @code{put} calls have
 been converted and double-checked, you can change the call to create the
 hash map from
@@ -3893,7 +3893,7 @@ The goal of transport-level address validation is to minimize the chances
 of a successful man-in-the-middle attack against GNUnet peers on the
 transport level. Such an attack would not allow the adversary to decrypt
 the P2P transmissions, but a successful attacker could at least measure
-traffic volumes and latencies (raising the adversaries capablities by
+traffic volumes and latencies (raising the adversaries capabilities by
 those of a global passive adversary in the worst case). The scenarios we
 are concerned about is an attacker, Mallory, giving a @code{HELLO} to
 Alice that claims to be for Bob, but contains Mallory's IP address
@@ -4019,7 +4019,7 @@ connected peers, but they are sent about other knowns peers within the
 to each other about their appropriate other neighbors. They also gossip
 about the newly connected peer to previously
 connected neighbors. In order to keep the routing tables up to date,
-disconnect notifications are propogated as gossip as well (because
+disconnect notifications are propagated as gossip as well (because
 disconnects may not be sent/received, timeouts are also used remove
 stagnant routing table entries).
@@ -4210,7 +4210,7 @@ to send and receive messages.
 We have measured the performance of the UDP, TCP and SMTP transport layer
 directly and when used from an application using the GNUnet core.
-Measureing just the transport layer gives the better view of the actual
+Measuring just the transport layer gives the better view of the actual
 overhead of the protocol, whereas evaluating the transport from the
 application puts the overhead into perspective from a practical point of
 view.
@@ -4230,7 +4230,7 @@ wire have no impact on the timings. n messages were sent sequentially over
 the transport layer, sending message i+1 after the i-th message was
 received. All messages were sent over the same connection and the time to
 establish the connection was not taken into account since this overhead is
-miniscule in practice --- as long as a connection is used for a
+minuscule in practice --- as long as a connection is used for a
 significant number of messages.
 @multitable @columnfractions .20 .15 .15 .15 .15 .15
@@ -4261,9 +4261,9 @@ given time-bounds. For this benchmark we report the message loss after
 allowing t time for sending m messages. If messages were not sent (or
 received) after an overall timeout of t, they were considered lost. The
 benchmark was performed using two Xeon 2 GHZ machines running RedHat 8.0
-with sendmail. The machines were connected with a direct 100 MBit ethernet
+with sendmail. The machines were connected with a direct 100 MBit Ethernet
 connection.@ Figures udp1200, tcp1200 and smtp-MTUs show that the
-throughput for messages of size 1,200 octects is 2,343 kbps, 3,310 kbps
+throughput for messages of size 1,200 octets is 2,343 kbps, 3,310 kbps
 and 6 kbps for UDP, TCP and SMTP respectively. The high per-message
 overhead of SMTP can be improved by increasing the MTU, for example, an
 MTU of 12,000 octets improves the throughput to 13 kbps as figure
@@ -4308,7 +4308,7 @@ installed).
 For instructions about how to install the libraries you should
 check out the BlueZ site
 (@uref{http://www.bluez.org/, http://www.bluez.org}). If you don't know if
-you have the necesarry libraries, don't worry, just run the GNUnet
+you have the necessary libraries, don't worry, just run the GNUnet
 configure script and you will be able to see a notification at the end
 which will warn you if you don't have the necessary libraries.
@@ -4336,7 +4336,7 @@ helper binary used on GNU/Linux:
 @itemize @bullet
 @item it verifies if the name corresponds to a Bluetooth interface name
-@item it verifies if the iterface is up (if it is not, it tries to bring
+@item it verifies if the interface is up (if it is not, it tries to bring
 it up)
 @item it tries to enable the page and inquiry scan in order to make the
 device discoverable and to accept incoming connection requests
@@ -4377,12 +4377,12 @@ Bluetooth address has the form 00:00:00:00:00:00 it means that there is
 something wrong with the D-Bus daemon or with the Bluetooth daemon. Use
 @code{bluetoothd} tool to see the logs
-@item @code{sdptool} can be used to control and interogate SDP servers.
+@item @code{sdptool} can be used to control and interrogate SDP servers.
 If you encounter problems regarding the SDP server (like the SDP server is
 down) you should check out if the D-Bus daemon is running correctly and to
 see if the Bluetooth daemon started correctly(use @code{bluetoothd} tool).
 Also, sometimes the SDP service could work but somehow the device couldn't
-register his service. Use @code{sdptool browse [dev-address]} to see if
+register its service. Use @code{sdptool browse [dev-address]} to see if
 the service is registered. There should be a service with the name of the
 interface and GNUnet as provider.
@@ -4464,11 +4464,11 @@ then start sending data for benchmarking.
 On Windows you cannot test the plugin functionality using two Bluetooth
 devices from the same machine because after you install the drivers there
 will occur some conflicts between the Bluetooth stacks. (At least that is
-what happend on my machine : I wasn't able to use the Bluesoleil stack and
+what happened on my machine : I wasn't able to use the Bluesoleil stack and
 the WINDCOMM one in the same time).
 If you have two different machines and your configuration files are good
-you can use the same scenario presented on the begining of this section.
+you can use the same scenario presented on the beginning of this section.
 Another way to test the plugin functionality is to create your own
 application which will use the GNUnet framework with the Bluetooth
@@ -4483,8 +4483,8 @@ This page describes the implementation of the Bluetooth transport plugin.
 First I want to remind you that the Bluetooth transport plugin uses
 virtually the same code as the WLAN plugin and only the helper binary is
 different. Also the scope of the helper binary from the Bluetooth
-transport plugin is the same as the one used for the wlan transport
+transport plugin is the same as the one used for the WLAN transport
-plugin: it acceses the interface and then it forwards traffic in both
+plugin: it accesses the interface and then it forwards traffic in both
 directions between the Bluetooth interface and stdin/stdout of the
 process involved.
@@ -4525,8 +4525,8 @@ Bluetooth interface) and is separated in two stages:
 @subsubsection THE INITIALIZATION
 @itemize @bullet
-@item first, it checks if we have root privilegies
+@item first, it checks if we have root privileges
-(@emph{Remember that we need to have root privilegies in order to be able
+(@emph{Remember that we need to have root privileges in order to be able
 to bring the interface up if it is down or to change its state.}).
 @item second, it verifies if the interface with the given name exists.
@@ -4551,7 +4551,7 @@ discoverable
 devices to get the port on which this device is listening on)
 @end itemize
-@item drops the root privilegies
+@item drops the root privileges
 @strong{If the interface is not a Bluetooth interface the helper exits
 with a suitable error}
@@ -4596,7 +4596,7 @@ the STDOUT file descriptor, then we write to STDOUT the message from the
 @emph{write_std} buffer.
 To find out on which port a device is listening on we connect to the local
-SDP server and searche the registered service for that device.
+SDP server and search the registered service for that device.
 @emph{You should be aware of the fact that if the device fails to connect
 to another one when trying to send a message it will attempt one more
@@ -4659,17 +4659,17 @@ For Windows I decided to use the Microsoft Bluetooth stack which has the
 advantage of coming standard from Windows XP SP2. The main disadvantage is
 that it only supports the RFCOMM protocol so we will not be able to have
 a low level control over the Bluetooth device. Therefore it is the user
-responsability to check if the device is up and in the discoverable mode.
+responsibility to check if the device is up and in the discoverable mode.
 Also there are no tools which could be used for debugging in order to read
 the data coming from and going to a Bluetooth device, which obviously
 hindered my work. Another thing that slowed down the implementation of the
-plugin (besides that I wasn't too accomodated with the win32 API) was that
+plugin (besides that I wasn't too accommodated with the win32 API) was that
 there were some bugs on MinGW regarding the Bluetooth. Now they are solved
 but you should keep in mind that you should have the latest updates
 (especially the @emph{ws2bth} header).
 Besides the fact that it uses the Windows Sockets, the Windows
-implemenation follows the same principles as the GNU/Linux one:
+implementation follows the same principles as the GNU/Linux one:
 @itemize @bullet
 @item It has a initalization part where it initializes the
@@ -4714,7 +4714,7 @@ broadcast messages. When it receives a broadcast message it will skip it.
 @item Implement the broadcast functionality on Windows @emph{(currently
 working on)}
 @item Implement a testcase for the helper :@ @emph{The testcase
-consists of a program which emaluates the plugin and uses the helper. It
+consists of a program which emulates the plugin and uses the helper. It
 will simulate connections, disconnections and data transfers.}
 @end itemize
@@ -4902,7 +4902,7 @@ peers connecting, peers disconnecting and incoming messages) and send
 messages to connected peers using
 @code{GNUNET_CORE_notify_transmit_ready}. Note that applications must
 cancel pending transmission requests if they receive a disconnect event
-for a peer that had a transmission pending; furthermore, queueing more
+for a peer that had a transmission pending; furthermore, queuing more
 than one transmission request per peer per application using the
 service is not permitted.
@@ -5197,11 +5197,11 @@ The API is heavily base on the CORE API.
 CADET delivers messages to other peers in "channels".
 A channel is a permanent connection defined by a destination peer
 (identified by its public key) and a port number.
-Internally, CADET tunnels all channels towards a destiantion peer
+Internally, CADET tunnels all channels towards a destination peer
 using one session key and relays the data on multiple "connections",
 independent from the channels.
-Each channel has optional paramenters, the most important being the
+Each channel has optional parameters, the most important being the
 reliability flag.
 Should a message get lost on TRANSPORT/CORE level, if a channel is
 created with as reliable, CADET will retransmit the lost message and
@@ -5242,15 +5242,15 @@ case. To be alerted when a channel is online, a client can call
 @code{GNUNET_CADET_notify_transmit_ready} immediately after
 @code{GNUNET_CADET_create_channel}. When the callback is activated, it
 means that the channel is online. The callback can give 0 bytes to CADET
-if no message is to be sent, this is ok.
+if no message is to be sent, this is OK.
 If a transmission was requested but before the callback fires it is no
-longer needed, it can be cancelled with
+longer needed, it can be canceled with
 @code{GNUNET_CADET_notify_transmit_ready_cancel}, which uses the handle
 given back by @code{GNUNET_CADET_notify_transmit_ready}.
 As in the case of CORE, only one message can be requested at a time: a
 client must not call @code{GNUNET_CADET_notify_transmit_ready} again until
-the callback is called or the request is cancelled.
+the callback is called or the request is canceled.
 When a channel is no longer needed, a client can call
 @code{GNUNET_CADET_channel_destroy} to get rid of it.
@@ -5298,10 +5298,10 @@ all of the details can be found in this technical report.
 @subsection Motivation
-Some subsytems, like DHT, need to know the size of the GNUnet network to
+Some subsystems, like DHT, need to know the size of the GNUnet network to
 optimize some parameters of their own protocol. The decentralized nature
 of GNUnet makes efficient and securely counting the exact number of peers
-infeasable. Although there are several decentralized algorithms to count
+infeasible. Although there are several decentralized algorithms to count
 the number of peers in a system, so far there is none to do so securely.
 Other protocols may allow any malicious peer to manipulate the final
 result or to take advantage of the system to perform
@@ -5323,7 +5323,7 @@ GNUnet's NSE protocol avoids these drawbacks.
 The NSE subsystem is designed to be resilient against these attacks.
 It uses @uref{http://en.wikipedia.org/wiki/Proof-of-work_system, proofs of work}
 to prevent one peer from impersonating a large number of participants,
-which would otherwise allow an adversary to artifically inflate the
+which would otherwise allow an adversary to artificially inflate the
 estimate.
 The DoS protection comes from the time-based nature of the protocol:
 the estimates are calculated periodically and out-of-time traffic is
@@ -5385,7 +5385,7 @@ to all the other peers, who will calculate the estimate from it.
 The target value itself is generated by hashing the current time, rounded
 down to an agreed value. If the rounding amount is 1h (default) and the
 time is 12:34:56, the time to hash would be 12:00:00. The process is
-repeated each rouning amount (in this example would be every hour).
+repeated each rounding amount (in this example would be every hour).
 Every repetition is called a round.
 @node Timing
@@ -5397,12 +5397,12 @@ its ID all at one. Once each peer has the target random value, it
 compares its own ID to the target and calculates the hypothetical size of
 the network if that peer were to be the closest.
 Then it compares the hypothetical size with the estimate from the previous
-rounds. For each value there is an assiciated point in the period,
+rounds. For each value there is an associated point in the period,
 let's call it "broadcast time". If its own hypothetical estimate
 is the same as the previous global estimate, its "broadcast time" will be
 in the middle of the round. If its bigger it will be earlier and if its
 smaller (the most likely case) it will be later. This ensures that the
-peers closests to the target value start broadcasting their ID the first.
+peers closest to the target value start broadcasting their ID the first.
 @node Controlled Flooding
 @subsubsection Controlled Flooding
@@ -5415,7 +5415,7 @@ with a message containing the better value. Then it checks a proof of
 work that must be included in the incoming message, to ensure that the
 other peer's ID is not made up (otherwise a malicious peer could claim to
 have an ID of exactly the target value every round). Once validated, it
-compares the brodcast time of the received value with the current time
+compares the broadcast time of the received value with the current time
 and if it's not too early, sends the received value to its neighbors.
 Otherwise it stores the value until the correct broadcast time comes.
 This prevents unnecessary traffic of sub-optimal values, since a better
@@ -5429,7 +5429,7 @@ to the neighbors.
 @c %**end of header
 Once the closest ID has been spread across the network each peer gets the
-exact distance betweed this ID and the target value of the round and
+exact distance between this ID and the target value of the round and
 calculates the estimate with a mathematical formula described in the tech
 report. The estimate generated with this method for a single round is not
 very precise. Remember the case of the example, where the only peer is the
@@ -5453,7 +5453,7 @@ calls: @code{GNUNET_NSE_connect} and @code{GNUNET_NSE_disconnect}.
 The connect call gets a callback function as a parameter and this function
 is called each time the network agrees on an estimate. This usually is
 once per round, with some exceptions: if the closest peer has a late
-local clock and starts spreading his ID after everyone else agreed on a
+local clock and starts spreading its ID after everyone else agreed on a
 value, the callback might be activated twice in a round, the second value
 being always bigger than the first. The default round time is set to
 1 hour.
@@ -5503,7 +5503,7 @@ size is between one third and three times the estimate. This can of
 course vary with network conditions.
 Thus, applications may want to also consider the provided standard
 deviation value, not only the average (in particular, if the standard
-veriation is very high, the average maybe meaningless: the network size is
+variation is very high, the average maybe meaningless: the network size is
 changing rapidly).
 @node libgnunetnse - Examples
@@ -5579,12 +5579,12 @@ is what we are flooding the network with right now.
 At the beginning of each round the peer does the following:
 @itemize @bullet
-@item calculates his own distance to the target value
+@item calculates its own distance to the target value
 @item creates, signs and stores the message for the current round (unless
 it has a better message in the "next round" slot which came early in the
 previous round)
 @item calculates, based on the stored round message (own or received) when
-to stard flooding it to its neighbors
+to start flooding it to its neighbors
 @end itemize
 Upon receiving a message the peer checks the validity of the message
@@ -6085,7 +6085,7 @@ convenience API to do just that. Use @code{GNUNET_IDENTITY_ego_lookup} to
 lookup a single ego by name. Note that this is the user's name for the
 ego, not the service function. The resulting ego will be returned via a
 callback and will only be valid during that callback. The operation can
-be cancelled via @code{GNUNET_IDENTITY_ego_lookup_cancel}
+be canceled via @code{GNUNET_IDENTITY_ego_lookup_cancel}
 (cancellation is only legal before the callback is invoked).
 @node Associating egos with service functions
@@ -6215,8 +6215,8 @@ So a client has first to retrieve records, merge with existing records
 and then store the result.
 To perform a lookup operation, the client uses the
-@code{GNUNET_NAMESTORE_records_store} function. Here he has to pass the
+@code{GNUNET_NAMESTORE_records_store} function. Here it has to pass the
-namestore handle, the private key of the zone and the label. He also has
+namestore handle, the private key of the zone and the label. It also has
 to provide a callback function which will be called with the result of
 the lookup operation:
 the zone for the records, the label, and the records including the
@@ -6239,7 +6239,7 @@ by NAMESTORE.
 Here a client uses the @code{GNUNET_NAMESTORE_zone_iteration_start}
 function and passes the namestore handle, the zone to iterate over and a
 callback function to call with the result.
-If the client wants to iterate over all the, he passes NULL for the zone.
+If the client wants to iterate over all the WHAT!? FIXME, it passes NULL for the zone.
 A @code{GNUNET_NAMESTORE_ZoneIterator} handle is returned to be used to
 continue iteration.
@@ -6658,7 +6658,7 @@ The size of an element's data is limited to around 62 KB.
 Sets created by a local client can be modified and reused for multiple
 operations. As each set operation requires potentially expensive special
-auxilliary data to be computed for each element of a set, a set can only
+auxiliary data to be computed for each element of a set, a set can only
 participate in one type of set operation (i.e. union or intersection).
 The type of a set is determined upon its creation.
 If a the elements of a set are needed for an operation of a different
@@ -6778,7 +6778,7 @@ until the client calls @code{GNUNET_SET_commit}
 @c %**end of header
 To create symmetry between the two ways of starting a set operation
-(accepting and nitiating it), the operation handles returned by
+(accepting and initiating it), the operation handles returned by
 @code{GNUNET_SET_accept} and @code{GNUNET_SET_prepare} do not yet have a
 set to operate on, thus they can not do any work yet.
@@ -6935,10 +6935,10 @@ number of iterations).
 The receiver of the message removes all elements from its local set that
 do not pass the Bloom filter test.
 It then checks if the set size of the sender and the XOR over the keys
-match what is left of his own set. If they do, he sends a
+match what is left of its own set. If they do, it sends a
 @code{GNUNET_MESSAGE_TYPE_SET_INTERSECTION_P2P_DONE} back to indicate
 that the latest set is the final result.
-Otherwise, the receiver starts another Bloom fitler exchange, except
+Otherwise, the receiver starts another Bloom filter exchange, except
 this time as the sender.
 @node Salt
@@ -6946,7 +6946,7 @@ this time as the sender.
 @c %**end of header
-Bloomfilter operations are probablistic: With some non-zero probability
+Bloomfilter operations are probabilistic: With some non-zero probability
 the test may incorrectly say an element is in the set, even though it is
 not.
@@ -6999,7 +6999,7 @@ message. If the IBF fully decodes, the peer responds with a
 GNUNET_MESSAGE_TYPE_SET_UNION_P2P_DONE message instead of another
 GNUNET_MESSAGE_TYPE_SET_UNION_P2P_IBF.
-All Bloom filter operations use a salt to mingle keys before hasing them
+All Bloom filter operations use a salt to mingle keys before hashing them
 into buckets, such that future iterations have a fresh chance of
 succeeding if they failed due to collisions before.
@@ -7557,7 +7557,7 @@ already knows more than about a thousand blocks may need to send
 several of these messages. Naturally, the client should transmit these
 messages as quickly as possible after the original GET request such that
 the DHT can filter those results in the network early on. Naturally, as
-these messages are sent after the original request, it is conceivalbe
+these messages are sent after the original request, it is conceivable
 that the DHT service may return blocks that match those already known
 to the client anyway.
@@ -7670,7 +7670,7 @@ duplicate results) and when they obtain a matching, non-filtered response
 a @code{struct PeerResultMessage} of type
 @code{GNUNET_MESSAGE_TYPE_DHT_P2P_RESULT} is forwarded to the previous
 hop.
-Whenver a result is forwarded, the block plugin is used to update the
+Whenever a result is forwarded, the block plugin is used to update the
 Bloom filter accordingly, to ensure that the same result is never
 forwarded more than once.
 The DHT service may also cache forwarded results locally if the
@@ -7737,7 +7737,7 @@ record types.
 @c %**end of header
-The GNS API itself is extremely simple. Clients first connec to the
+The GNS API itself is extremely simple. Clients first connect to the
 GNS service using @code{GNUNET_GNS_connect}.
 They can then perform lookups using @code{GNUNET_GNS_lookup} or cancel
 pending lookups using @code{GNUNET_GNS_lookup_cancel}.
@@ -7786,9 +7786,9 @@ their respective zones can automatically be learned and added to the
 the shorten zone. If NULL is passed, shortening is disabled.
 @item proc This argument identifies
 the function to call with the result. It is given proc_cls, the number of
-records found (possilby zero) and the array of the records as arguments.
+records found (possibly zero) and the array of the records as arguments.
 proc will only be called once. After proc,> has been called, the lookup
-must no longer be cancelled.
+must no longer be canceled.
 @item proc_cls The closure for proc.
 @end table
@@ -7943,7 +7943,7 @@ This is merely one method for how we can obtain GNS queries.
 It is also possible to change @code{resolv.conf} to point to a machine
 running @code{gnunet-dns2gns} or to modify libc's name system switch
 (NSS) configuration to include a GNS resolution plugin.
-The method described in this chaper is more of a last-ditch catch-all
+The method described in this chapter is more of a last-ditch catch-all
 approach.
 @code{gnunet-service-dns} enables intercepting DNS traffic using policy
@@ -8111,8 +8111,8 @@ This returns the handle required for all other operations on the
 NAMECACHE. Using @code{GNUNET_NAMECACHE_block_cache} clients can insert a
 block into the cache.
 @code{GNUNET_NAMECACHE_lookup_block} can be used to lookup blocks that
-were stored in the NAMECACHE. Both operations can be cancelled using
+were stored in the NAMECACHE. Both operations can be canceled using
-@code{GNUNET_NAMECACHE_cancel}. Note that cancelling a
+@code{GNUNET_NAMECACHE_cancel}. Note that canceling a
 @code{GNUNET_NAMECACHE_block_cache} operation can result in the block
 being stored in the NAMECACHE --- or not. Cancellation primarily ensures
 that the continuation function with the result of the operation will no
@@ -8239,7 +8239,7 @@ When a revocation is performed, the revocation is first of all
 disseminated by flooding the overlay network.
 The goal is to reach every peer, so that when a peer needs to check if a
 key has been revoked, this will be purely a local operation where the
-peer looks at his local revocation list. Flooding the network is also the
+peer looks at its local revocation list. Flooding the network is also the
 most robust form of key revocation --- an adversary would have to control
 a separator of the overlay graph to restrict the propagation of the
 revocation message. Flooding is also very easy to implement --- peers that
@@ -8299,7 +8299,7 @@ revocations.
 @code{GNUNET_REVOCATION_query} is used to check if a given ECDSA public
 key has been revoked.
 The given callback will be invoked with the result of the check.
-The query can be cancelled using @code{GNUNET_REVOCATION_query_cancel} on
+The query can be canceled using @code{GNUNET_REVOCATION_query_cancel} on
 the return value.
 @node Preparing revocations
@@ -8477,7 +8477,7 @@ metadata describing the content of the namespace.
 Instead of the name of the identifier for a potential update, it contains
 the identifier for the root of the namespace.
 The URI should always be empty. The @code{SBlock} is signed with the
-content provder's RSA private key (just like any other SBlock). Peers
+content provider's RSA private key (just like any other SBlock). Peers
 can search for @code{SBlock}s in order to find out more about a namespace.
 @node KSBlocks
@@ -8800,5 +8800,5 @@ so please make sure that endpoints are unambiguous.
 @subsection Endpoint documentation
 This is WIP. Endpoints should be documented appropriately.
-Perferably using annotations.
+Preferably using annotations.
diff --git a/doc/documentation/chapters/installation.texi b/doc/documentation/chapters/installation.texi
new file mode 100644
index 000000000..d66d72ae5
--- /dev/null
+++ b/doc/documentation/chapters/installation.texi
@@ -0,0 +1,158 @@
+@node Installing GNUnet
+@chapter Installing GNUnet
+This guide is intended for those who want to install Gnunet from source. For instructions on how to install GNUnet as a binary package please refer to the official documentation of your operating system or package manager.
+@node Getting the Source Code
+@section Installing dependencies
+GNUnet needs few libraries and applications for being able to run and another few optional ones for using certain features. Preferably they should be installed with a package manager. Just in case we include a link to the project websites.
+The mandatory libraries and applications are
+@itemize @bullet
+@item libtool
+@item autoconf >= version 2.59
+@item automake >= version 1.11.1
+@item pkg-config
+@item libgcrypt >= version 1.6
+@item libextractor
+@item libidn
+@item libmicrohttpd >= version 0.9.52
+@item libnss 
+@item libunistring
+@item gettext
+@item glibc
+@item libgmp
+@item gnutls
+@item libcurl (has to be linked to GnuTLS) or libgnurl
+@item zlib
+@end itemize
+In addition GNUnet needs one of of these three databases
+@itemize @bullet
+@item sqlite + libsqlite (the default, requires no further configuration)
+@item postgres + libpq
+@item mysql + libmysqlclient
+@end itemize
+These are the dependencies only required for certain features
+@itemize @bullet
+@item Texinfo (for building the documentation)
+@item Texlive (for building the documentation)
+@item miniupnpc (for traversing NAT boxes more reliably)
+@item libopus (for running the GNUnet conversation telephony application)
+@item libpulse (for running the GNUnet conversation telephony application)
+@item libogg (for running the GNUnet conversation telephony application)
+@item bluez (for bluetooth support)
+@item libpbc (for attribute-based encryption and the identity provider subsystem)
+@item libgabe (for attribute-based encryption and the identity provider subsystem)
+@end itemize
+@section Getting the Source Code
+You can either download the source code using git (you obviously need git installed) or as an archive.
+Using git type
+@example
+git clone https://gnunet.org/git/gnunet.git
+@end example
+The archive can be found at @uref{https://gnunet.org/downloads}. Extract it using a graphical archive tool or @code{tar}:
+@example
+tar xzvf gnunet-0.11.0pre66.tar.gz
+@end example
+In the next chapter we will assume that the source code is available in the home directory at @code{~/gnunet}.
+@section Create @code{gnunet} user and group
+The GNUnet services should be run as a dedicated user called @code{gnunet}. For using them a user should be in the same group as this system user.
+Create user @code{gnunet} who is member of the group @code{gnunet} and specify a home directory where the GNUnet services will store persistant data such as information about peers.
+@example
+$ sudo useradd --system --groups gnunet --home-dir /var/lib/gnunet
+@end example
+Now add your own user to the @code{gnunet} group.
+@example
+$ sudo adduser alice gnunet
+@end example
+@section Preparing and Compiling the Source Code
+For preparing the source code for compilation a bootstrap script and @code{configure} has to be run from the source code directory. When running @code{configure} the following options can be specified to customize the compilation and installation process:
+@itemize @bullet
+@item @code{--disable-documentation} - don't build the configuration documents
+@item @code{--enable-looging=[LOGLEVEL]} - choose a loglevel (@code{debug}, @code{info}, @code{warning} or @code{error})
+@item @code{--prefix=[PATH]} - the directory where the GNUnet libraries and binaries will be installed
+@item @code{--with-extractor=[PATH]} - the path to libextractor
+@item @code{--with-libidn=[PATH]} - the path to libidn
+@item @code{--with-microhttpd=[PATH]} - the path to libmicrohttpd
+@item @code{--with-sqlite=[PATH]} - the path to libsqlite
+@item @code{--with-zlib=[PATH]} - the path to zlib
+@item @code{--with-sudo=[PATH]} - path to the sudo binary (no need to run @code{make install} as root if specified)
+@end itemize
+The following example configures the installation prefix @code{/usr/lib} and disables building the documentation
+@example
+$ cd ~/gnunet
+$ ./bootstrap
+$ configure --prefix=/usr/lib --disable-configuration
+@end example
+After running the bootstrap script and @code{configure} successfully the source code can be compiled with make. Here @code{-j5} specifies that 5 threads should be used.
+@example
+$ make -j5
+@end example
+@section Installation
+The compiled binaries can be installed using @code{make install}. It needs to be run as root (or with sudo) because some binaries need the @code{suid} bit set. Without that some GNUnet subsystems (such as VPN) will not work.
+@example
+$ sudo make install
+@end example
+One important library is the GNS plugin for NSS (the name services switch) which allows using GNS (the GNU name system) in the normal DNS resolution process. Unfortunately NSS expects it in a specific location (probably @code{/lib}) which may differ from the installation prefix (see @code{--prefix} option in the previous section). This is why the pugin has to be installed manually.
+Find the directory where nss plugins are installed on your system, e.g.
+@example
+$ ls -l /lib/libnss_*
+/lib/libnss_mymachines.so.2
+/lib/libnss_resolve.so.2
+/lib/libnss_myhostname.so.2
+/lib/libnss_systemd.so.2
+@end example
+Copy the GNS NSS plugin to that directory:
+@example
+cp ~/gnunet/src/gns/nss/libnss_gns.so.2 /lib
+@end example
+Now, to activate the plugin, you need to edit your @code{/etc/nsswitch.conf} where you should find a line like this:
+@example
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+@end example
+The exact details may differ a bit, which is fine. Add the text @code{"gns [NOTFOUND=return]"} after @code{"files"}. 
+@example
+hosts: files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns mdns4
+@end example
+Optionally, if GNS shall be used with a browser, execute the GNS CA-setup script. It will isetup the GNS Certificate Authority with the user's browser.
+@example
+$ gnunet-gns-proxy-setup-ca
+@end example
+Finally install a configuration file in @code{~/.gnunet/gnunet.conf}. Below you find an example config which allows you to start GNUnet.
+@example
+[arm]
+SYSTEM_ONLY = NO
+USER_ONLY = NO
+[transport]
+PLUGINS = tcp
+@end example
diff --git a/doc/documentation/chapters/keyconcepts.texi b/doc/documentation/chapters/keyconcepts.texi
new file mode 100644
index 000000000..55f79f1c7
--- /dev/null
+++ b/doc/documentation/chapters/keyconcepts.texi
@@ -0,0 +1,308 @@
+@cindex Key Concepts
+@node Key Concepts
+@chapter Key Concepts
+In this section, the fundamental concepts of GNUnet are explained.
+@c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers}
+@c once we have the new bibliography + subdomain setup.
+Most of them are also described in our research papers.
+First, some of the concepts used in the GNUnet framework are detailed.
+The second part describes concepts specific to anonymous file-sharing.
+@menu
+* Authentication::
+* Accounting to Encourage Resource Sharing::
+* Confidentiality::
+* Anonymity::
+* Deniability::                       
+* Peer Identities::
+* Zones in the GNU Name System (GNS Zones)::
+* Egos::
+@end menu
+@cindex Authentication
+@node Authentication
+@section Authentication
+Almost all peer-to-peer communications in GNUnet are between mutually
+authenticated peers. The authentication works by using ECDHE, that is a
+DH (Diffie---Hellman) key exchange using ephemeral elliptic curve
+cryptography. The ephemeral ECC (Elliptic Curve Cryptography) keys are
+signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}).
+The shared secret from ECDHE is used to create a pair of session keys
+@c FIXME: Long word for HKDF. More FIXMEs: Explain MITM etc.
+(using HKDF) which are then used to encrypt the communication between the
+two peers using both 256-bit AES (Advanced Encryption Standard)
+and 256-bit Twofish (with independently derived secret keys).
+As only the two participating hosts know the shared secret, this
+authenticates each packet
+without requiring signatures each time. GNUnet uses SHA-512
+(Secure Hash Algorithm) hash codes to verify the integrity of messages.
+@c FIXME: A while back I got the feedback that I should try and integrate
+@c explanation boxes in the long-run. So we could explain
+@c "man-in-the-middle" and "man-in-the-middle attacks" and other words
+@c which are not common knowledge. MITM is not common knowledge. To be
+@c selfcontained, we should be able to explain words and concepts used in
+@c a chapter or paragraph without hinting at Wikipedia and other online
+@c sources which might not be available or accessible to everyone.
+@c On the other hand we could write an introductionary chapter or book
+@c that we could then reference in each chapter, which sound like it
+@c could be more reusable.
+In GNUnet, the identity of a host is its public key. For that reason,
+man-in-the-middle attacks will not break the authentication or accounting
+goals. Essentially, for GNUnet, the IP of the host has nothing to do with
+the identity of the host. As the public key is the only thing that truly
+matters, faking an IP, a port or any other property of the underlying
+transport protocol is irrelevant. In fact, GNUnet peers can use
+multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the
+IP protocol at all (by running directly on layer 2).
+@c FIXME: "IP protocol" feels wrong, but could be what people expect, as
+@c IP is "the number" and "IP protocol" the protocol itself in general
+@c knowledge?
+@c NOTE: For consistency we will use @code{HELLO}s throughout this Manual.
+GNUnet uses a special type of message to communicate a binding between
+public (ECC) keys to their current network address. These messages are
+commonly called @code{HELLO}s or @code{peer advertisements}.
+They contain the public key of the peer and its current network
+addresses for various transport services.
+A transport service is a special kind of shared library that
+provides (possibly unreliable, out-of-order) message delivery between
+peers.
+For the UDP and TCP transport services, a network address is an IP and a
+port.
+GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
+various other forms of addresses. Note that any node can have many
+different active transport services at the same time,
+and each of these can have a different addresses.
+Binding messages expire after at most a week (the timeout can be
+shorter if the user configures the node appropriately).
+This expiration ensures that the network will eventually get rid of
+outdated advertisements.
+@footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth.
+A Transport Layer Abstraction for Peer-to-Peer Networks
+Proceedings of the 3rd International Symposium on Cluster Computing
+and the Grid (GRID 2003), 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})}
+@cindex Accounting to Encourage Resource Sharing
+@node Accounting to Encourage Resource Sharing
+@section Accounting to Encourage Resource Sharing
+Most distributed P2P networks suffer from a lack of defenses or
+precautions against attacks in the form of freeloading.
+While the intentions of an attacker and a freeloader are different, their
+effect on the network is the same; they both render it useless.
+Most simple attacks on networks such as @command{Gnutella}
+involve flooding the network with traffic, particularly
+with queries that are, in the worst case, multiplied by the network.
+In order to ensure that freeloaders or attackers have a minimal impact
+on the network, GNUnet's file-sharing implementation (@code{FS} tries
+to distinguish good (contributing) nodes from malicious (freeloading)
+nodes. In GNUnet, every file-sharing node keeps track of the behavior
+of every other node it has been in contact with. Many requests
+(depending on the application) are transmitted with a priority (or
+importance) level.  That priority is used to establish how important
+the sender believes this request is. If a peer responds to an
+important request, the recipient will increase its trust in the
+responder: the responder contributed resources.  If a peer is too busy
+to answer all requests, it needs to prioritize.  For that, peers do
+not take the priorities of the requests received at face value.
+First, they check how much they trust the sender, and depending on
+that amount of trust they assign the request a (possibly lower)
+effective priority. Then, they drop the requests with the lowest
+effective priority to satisfy their resource constraints. This way,
+GNUnet's economic model ensures that nodes that are not currently
+considered to have a surplus in contributions will not be served if
+the network load is high.
+@footnote{Christian Grothoff. An Excess-Based Economic Model for Resource
+Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})}
+@c 2009?
+@cindex Confidentiality
+@node Confidentiality
+@section Confidentiality
+Adversaries (malicious, bad actors) outside of GNUnet are not supposed
+to know what kind of actions a peer is involved in. Only the specific
+neighbor of a peer that is the corresponding sender or recipient of a
+message may know its contents, and even then application protocols may
+place further restrictions on that knowledge.  In order to ensure
+confidentiality, GNUnet uses link encryption, that is each message
+exchanged between two peers is encrypted using a pair of keys only
+known to these two peers.  Encrypting traffic like this makes any kind
+of traffic analysis much harder. Naturally, for some applications, it
+may still be desirable if even neighbors cannot determine the concrete
+contents of a message.  In GNUnet, this problem is addressed by the
+specific application-level protocols. See for example the following
+sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity},
+and @pxref{Deniability}.
+@cindex Anonymity
+@node Anonymity
+@section Anonymity
+@menu
+* How file-sharing achieves Anonymity::
+@end menu
+Providing anonymity for users is the central goal for the anonymous
+file-sharing application. Many other design decisions follow in the
+footsteps of this requirement.
+Anonymity is never absolute. While there are various
+scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens,
+and Bart Preneel. Towards measuring anonymity.
+2002.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})}
+that can help quantify the level of anonymity that a given mechanism
+provides, there is no such thing as "complete anonymity".
+GNUnet's file-sharing implementation allows users to select for each
+operation (publish, search, download) the desired level of anonymity.
+The metric used is the amount of cover traffic available to hide the
+request.
+While this metric is not as good as, for example, the theoretical metric
+given in scientific metrics@footnote{likewise},
+it is probably the best metric available to a peer with a purely local
+view of the world that does not rely on unreliable external information.
+The default anonymity level is @code{1}, which uses anonymous routing but
+imposes no minimal requirements on cover traffic. It is possible
+to forego anonymity when this is not required. The anonymity level of
+@code{0} allows GNUnet to use more efficient, non-anonymous routing.
+@cindex How file-sharing achieves Anonymity
+@node How file-sharing achieves Anonymity
+@subsection How file-sharing achieves Anonymity
+Contrary to other designs, we do not believe that users achieve strong
+anonymity just because their requests are obfuscated by a couple of
+indirections. This is not sufficient if the adversary uses traffic
+analysis.
+The threat model used for anonymous file sharing in GNUnet assumes that
+the adversary is quite powerful.
+In particular, we assume that the adversary can see all the traffic on
+the Internet. And while we assume that the adversary
+can not break our encryption, we assume that the adversary has many
+participating nodes in the network and that it can thus see many of the
+node-to-node interactions since it controls some of the nodes. 
+The system tries to achieve anonymity based on the idea that users can be
+anonymous if they can hide their actions in the traffic created by other
+users.
+Hiding actions in the traffic of other users requires participating in the
+traffic, bringing back the traditional technique of using indirection and
+source rewriting. Source rewriting is required to gain anonymity since
+otherwise an adversary could tell if a message originated from a host by
+looking at the source address. If all packets look like they originate
+from one node, the adversary can not tell which ones originate from that
+node and which ones were routed.
+Note that in this mindset, any node can decide to break the
+source-rewriting paradigm without violating the protocol, as this
+only reduces the amount of traffic that a node can hide its own traffic
+in.
+If we want to hide our actions in the traffic of other nodes, we must make
+our traffic indistinguishable from the traffic that we route for others.
+As our queries must have us as the receiver of the reply
+(otherwise they would be useless), we must put ourselves as the receiver
+of replies that actually go to other hosts; in other words, we must
+indirect replies.
+Unlike other systems, in anonymous file-sharing as implemented on top of
+GNUnet we do not have to indirect the replies if we don't think we need
+more traffic to hide our own actions.
+This increases the efficiency of the network as we can indirect less under
+higher load.@footnote{Krista Bennett and Christian Grothoff.
+GAP --- practical anonymous networking. In Proceedings of
+Designing Privacy Enhancing Technologies, 2003.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})}
+@cindex Deniability
+@node Deniability
+@section Deniability
+Even if the user that downloads data and the server that provides data are
+anonymous, the intermediaries may still be targets. In particular, if the
+intermediaries can find out which queries or which content they are
+processing, a strong adversary could try to force them to censor
+certain materials. 
+With the file-encoding used by GNUnet's anonymous file-sharing, this
+problem does not arise.
+The reason is that queries and replies are transmitted in
+an encrypted format such that intermediaries cannot tell what the query
+is for or what the content is about.  Mind that this is not the same
+encryption as the link-encryption between the nodes.  GNUnet has
+encryption on the network layer (link encryption, confidentiality,
+authentication) and again on the application layer (provided
+by @command{gnunet-publish}, @command{gnunet-download},
+@command{gnunet-search} and @command{gnunet-gtk}).
+@footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov,
+and Jussi T. Lindgren.
+An Encoding for Censorship-Resistant Sharing.
+2009.
+(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})}
+@cindex Peer Identities
+@node Peer Identities
+@section Peer Identities
+Peer identities are used to identify peers in the network and are unique
+for each peer. The identity for a peer is simply its public key, which is
+generated along with a private key the peer is started for the first time.
+While the identity is binary data, it is often expressed as ASCII string.
+For example, the following is a peer identity as you might see it in
+various places:
+@example
+UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0
+@end example
+@noindent
+You can find your peer identity by running @command{gnunet-peerinfo -s}.
+@cindex Zones in the GNU Name System (GNS Zones)
+@node Zones in the GNU Name System (GNS Zones)
+@section Zones in the GNU Name System (GNS Zones)
+@c FIXME: Explain or link to an explanation of the concept of public keys
+@c and private keys.
+@c FIXME: Rewrite for the latest GNS changes.
+GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff.
+A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name
+System. In proceedings of 13th International Conference on Cryptology and
+Network Security (CANS 2014). 2014.
+@uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}}
+zones are similar to those of DNS zones, but instead of a hierarchy of
+authorities to governing their use, GNS zones are controlled by a private
+key.
+When you create a record in a DNS zone, that information is stored in your
+nameserver. Anyone trying to resolve your domain then gets pointed
+(hopefully) by the centralised authority to your nameserver.
+Whereas GNS, being fully decentralized by design, stores that information
+in DHT. The validity of the records is assured cryptographically, by
+signing them with the private key of the respective zone.
+Anyone trying to resolve records in a zone of your domain can then verify
+the signature of the records they get from the DHT and be assured that
+they are indeed from the respective zone.
+To make this work, there is a 1:1 correspondence between zones and
+their public-private key pairs.
+So when we talk about the owner of a GNS zone, that's really the owner of
+the private key.
+And a user accessing a zone needs to somehow specify the corresponding
+public key first.
+@cindex Egos
+@node Egos
+@section Egos
+@c what is the difference between peer identity and egos? It seems
+@c like both are linked to public-private key pair.
+Egos are your "identities" in GNUnet. Any user can assume multiple
+identities, for example to separate their activities online. Egos can
+correspond to "pseudonyms" or "real-world identities". Technically an
+ego is first of all a key pair of a public- and private-key.
diff --git a/doc/documentation/chapters/philosophy.texi b/doc/documentation/chapters/philosophy.texi
index 148f0cd91..6d80d77ae 100644
--- a/doc/documentation/chapters/philosophy.texi
+++ b/doc/documentation/chapters/philosophy.texi
@@ -5,36 +5,28 @@
 @c NOTE: We should probably re-use some of the images lynX created
 @c for secushare, showing some of the relations and functionalities
 @c of GNUnet.
-The foremost goal of the GNUnet project is to become a widely used,
+The primary goal of the GNUnet project is to provide a reliable, open,
-reliable, open, non-discriminating, egalitarian, unconstrained and
+non-discriminating and censorship-resistant system for information
-censorship-resistant system of free information exchange.
+exchange. We value free speech above state interests and intellectual
-We value free speech above state secrets, law-enforcement or
+monopoly. GNUnet's long-term goal is to serve as a development
-intellectual monopoly.
+platform for the next generation of Internet protocols.
-GNUnet is supposed to be an anarchistic network, where the only
-limitation for participants (devices or people making use of the
+GNUnet is an anarchistic network. Participants are encouraged to
-network, in the following sometimes called peers) is
+contribute at least as much resources (storage, bandwidth) to the network
-that they must contribute enough back to the network such that
+as they consume, so that their participation does not have a negative
-their resource consumption does not have a significant impact
+impact on other users.
-on other users.
-GNUnet should be more than just another file-sharing network.
-The plan is to offer many other services and in particular
-to serve as a development platform for the next generation of
-Internet Protocols.
 @menu
-* Design Goals::
+* Design Principles::
-* Security and Privacy::
+* Privacy and Anonymity::
-* Versatility::
 * Practicality::
-* Key Concepts::
 @end menu
-@cindex Design Goals
+@cindex Design Principles
-@cindex Design Goals
+@node Design Principles
-@node Design Goals
+@section Design Principles
-@section Design Goals
-These are the core GNUnet design goals, in order of relative importance:
+These are the GNUnet design principles, in order of importance:
 @itemize
 @item GNUnet must be implemented as
@@ -44,399 +36,45 @@ These are the core GNUnet design goals, in order of relative importance:
 the program, to study and change the program in source code form,
 to redistribute exact copies, and to distribute modified versions.
 Refer to @uref{https://www.gnu.org/philosophy/free-sw.html, https://www.gnu.org/philosophy/free-sw.html}}
-@item GNUnet must only disclose the minimal amount of information
+@item GNUnet must minimize the amount of personally identifiable information exposed.
-necessary.
 @c TODO: Explain 'fully' in the terminology section.
-@item GNUnet must be fully distributed and survive
+@item GNUnet must be fully distributed and resilient to external attacks and rogue participants.
-@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, Byzantine failures}
+@item GNUnet must be self-organizing and not depend on administrators or centralized infrastructure.
-@footnote{@uref{https://en.wikipedia.org/wiki/Byzantine_fault_tolerance, https://en.wikipedia.org/wiki/Byzantine_fault_tolerance}}
+@item GNUnet must inform the user which other participants have to be trusted when establishing private communications.
-at any position in the network.
-@item GNUnet must make it explicit to the user which entities are
-considered to be trustworthy when establishing secured communications.
-@item GNUnet must use compartmentalization to protect sensitive
-information.
 @item GNUnet must be open and permit new peers to join.
-@item GNUnet must be self-organizing and not depend on administrators.
 @item GNUnet must support a diverse range of applications and devices.
-@item The GNUnet architecture must be cost effective.
+@item GNUnet must use compartmentalization to protect sensitive information.
-@item GNUnet must provide incentives for peers to contribute more
+@item The GNUnet architecture must be resource efficient.
-resources than they consume.
+@item GNUnet must provide incentives for peers to contribute more resources than they consume.
 @end itemize
-@cindex Security and Privacy
+@cindex Privacy and Anonymity
-@node Security and Privacy
+@node Privacy and Anonymity
-@section Security and Privacy
+@section Privacy and Anonymity
-GNUnet's primary design goals are to protect the privacy of its users and
-to guard itself against attacks or abuse.
-GNUnet does not have any mechanisms to control, track or censor users.
-Instead, the GNUnet protocols aim to make it as hard as possible to
-find out what is happening on the network or to disrupt operations. 
-@cindex Versatility
+The GNUnet protocols minimize the leakage of personally identifiable information of participants and
-@node Versatility
+do not allow adversaries to control, track, monitor or censor users activities. The
-@section Versatility
+GNUnet protocols also make it as hard as possible to disrupt operations by participating in the network with malicious intent. 
-We call GNUnet a peer-to-peer framework because we want to support many
+Analyzing participant's activities becomes more difficult as the number of peers and
-different forms of peer-to-peer applications. GNUnet uses a plugin
+applications that generate traffic on the network grows, even if the additional
-architecture to make the system extensible and to encourage code reuse.
+traffic generated is not related to anonymous communication. This is one of the reasons why GNUnet is developed as a peer-to-peer
-While the first versions of the system only supported anonymous
-file-sharing, other applications are being worked on and more will
-hopefully follow in the future.
-A powerful synergy regarding anonymity services is created by a large
-community utilizing many diverse applications over the same software
-infrastructure. The reason is that link encryption hides the specifics
-of the traffic for non-participating observers. This way, anonymity can
-get stronger with additional (GNUnet) traffic, even if the additional
-traffic is not related to anonymous communication. Increasing anonymity
-is the primary reason why GNUnet is developed to become a peer-to-peer
 framework where many applications share the lower layers of an
-increasingly complex protocol stack.
+increasingly complex protocol stack. The GNUnet architecture encourages many
-If merging traffic to hinder traffic analysis was not important,
+different forms of peer-to-peer applications.
-we could have just developed a dozen stand-alone applications
-and a few shared libraries. 
 @cindex Practicality
 @node Practicality
 @section Practicality
-GNUnet allows participants to trade various amounts of security in
+Whereever possible GNUnet allows the peer to adjust its operations
-exchange for increased efficiency. However, it is not possible for any
+and functionalities to specific use cases. A GNUnet peer running on
-user's security and efficiency requirements to compromise the security
+a mobile device with limited battery for example might choose not to
-and efficiency of any other user.
+relay traffic for other participants.
-For GNUnet, efficiency is not paramount. If there were a more secure and
-still practical approach, we would choose to take the more secure
-alternative. @command{telnet} is more efficient than @command{ssh}, yet
-it is obsolete.
-Hardware gets faster, and code can be optimized. Fixing security issues
-as an afterthought is much harder.
-While security is paramount, practicability is still a requirement.
-The most secure system is always the one that nobody can use.
-Similarly, any anonymous system that is extremely inefficient will only
-find few users.
-However, good anonymity requires a large and diverse user base. Since
-individual security requirements may vary, the only good solution here is
-to allow individuals to trade-off security and efficiency.
-The primary challenge in allowing this is to ensure that the economic
-incentives work properly.
-In particular, this means that it must be impossible for a user to gain
-security at the expense of other users. Many designs (e.g. anonymity via
-broadcast) fail to give users an incentive to choose a less secure but
-more efficient mode of operation.
-GNUnet should avoid where ever possible to rely on protocols that will
-only work if the participants are benevolent.
-While some designs have had widespread success while relying on parties
-to observe a protocol that may be sub-optimal for the individuals (e.g.
-TCP Nagle), a protocol that ensures that individual goals never conflict
-with the goals of the group is always preferable.
-@cindex Key Concepts
-@node Key Concepts
-@section Key Concepts
-In this section, the fundamental concepts of GNUnet are explained.
-@c FIXME: Use @uref{https://docs.gnunet.org/bib/, research papers}
-@c once we have the new bibliography + subdomain setup.
-Most of them are also described in our research papers.
-First, some of the concepts used in the GNUnet framework are detailed.
-The second part describes concepts specific to anonymous file-sharing.
-@menu
-* Authentication::
-* Accounting to Encourage Resource Sharing::
-* Confidentiality::
-* Anonymity::
-* Deniability::                       
-* Peer Identities::
-* Zones in the GNU Name System (GNS Zones)::
-* Egos::
-@end menu
-@cindex Authentication
-@node Authentication
-@subsection Authentication
-Almost all peer-to-peer communications in GNUnet are between mutually
-authenticated peers. The authentication works by using ECDHE, that is a
-DH (Diffie---Hellman) key exchange using ephemeral eliptic curve
-cryptography. The ephemeral ECC (Eliptic Curve Cryptography) keys are
-signed using ECDSA (@uref{http://en.wikipedia.org/wiki/ECDSA, ECDSA}).
-The shared secret from ECDHE is used to create a pair of session keys
-@c FIXME: LOng word for HKDF. More FIXMEs: Explain MITM etc.
-(using HKDF) which are then used to encrypt the communication between the
-two peers using both 256-bit AES (Advanced Encryption Standard)
-and 256-bit Twofish (with independently derived secret keys).
-As only the two participating hosts know the shared secret, this
-authenticates each packet
-without requiring signatures each time. GNUnet uses SHA-512
-(Secure Hash Algorithm) hash codes to verify the integrity of messages.
-@c Fixme: A while back I got the feedback that I should try and integrate
-@c explanation boxes in the long-run. So we could explain
-@c "man-in-the-middle" and "man-in-the-middle attacks" and other words
-@c which are not common knowledge. MITM is not common knowledge. To be
-@c selfcontained, we should be able to explain words and concepts used in
-@c a chapter or paragraph without hinting at wikipedia and other online
-@c sources which might not be available or accessible to everyone.
-@c On the other hand we could write an introductionary chapter or book
-@c that we could then reference in each chapter, which sound like it
-@c could be more reusable.
-In GNUnet, the identity of a host is its public key. For that reason,
-man-in-the-middle attacks will not break the authentication or accounting
-goals. Essentially, for GNUnet, the IP of the host has nothing to do with
-the identity of the host. As the public key is the only thing that truly
-matters, faking an IP, a port or any other property of the underlying
-transport protocol is irrelevant. In fact, GNUnet peers can use
-multiple IPs (IPv4 and IPv6) on multiple ports --- or even not use the
-IP protocol at all (by running directly on layer 2).
-@c FIXME: "IP protocol" feels wrong, but could be what people expect, as
-@c IP is "the number" and "IP protocol" the protocol itself in general
-@c knowledge?
-@c NOTE: For consistency we will use @code{HELLO}s throughout this Manual.
-GNUnet uses a special type of message to communicate a binding between
-public (ECC) keys to their current network address. These messages are
-commonly called @code{HELLO}s or @code{peer advertisements}.
-They contain the public key of the peer and its current network
-addresses for various transport services.
-A transport service is a special kind of shared library that
-provides (possibly unreliable, out-of-order) message delivery between
-peers.
-For the UDP and TCP transport services, a network address is an IP and a
-port.
-GNUnet can also use other transports (HTTP, HTTPS, WLAN, etc.) which use
-various other forms of addresses. Note that any node can have many
-different active transport services at the same time,
-and each of these can have a different addresses.
-Binding messages expire after at most a week (the timeout can be
-shorter if the user configures the node appropriately).
-This expiration ensures that the network will eventually get rid of
-outdated advertisements.
-@footnote{Ronaldo A. Ferreira, Christian Grothoff, and Paul Ruth.
-A Transport Layer Abstraction for Peer-to-Peer Networks
-Proceedings of the 3rd International Symposium on Cluster Computing
-and the Grid (GRID 2003), 2003.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf, https://gnunet.org/git/bibliography.git/plain/docs/transport.pdf})}
-@cindex Accounting to Encourage Resource Sharing
-@node Accounting to Encourage Resource Sharing
-@subsection Accounting to Encourage Resource Sharing
-Most distributed P2P networks suffer from a lack of defenses or
-precautions against attacks in the form of freeloading.
-While the intentions of an attacker and a freeloader are different, their
-effect on the network is the same; they both render it useless.
-Most simple attacks on networks such as @command{Gnutella}
-involve flooding the network with traffic, particularly
-with queries that are, in the worst case, multiplied by the network.
-In order to ensure that freeloaders or attackers have a minimal impact
-on the network, GNUnet's file-sharing implementation (@code{FS} tries
-to distinguish good (contributing) nodes from malicious (freeloading)
-nodes. In GNUnet, every file-sharing node keeps track of the behavior
-of every other node it has been in contact with. Many requests
-(depending on the application) are transmitted with a priority (or
-importance) level.  That priority is used to establish how important
-the sender believes this request is. If a peer responds to an
-important request, the recipient will increase its trust in the
-responder: the responder contributed resources.  If a peer is too busy
-to answer all requests, it needs to prioritize.  For that, peers do
-not take the priorities of the requests received at face value.
-First, they check how much they trust the sender, and depending on
-that amount of trust they assign the request a (possibly lower)
-effective priority. Then, they drop the requests with the lowest
-effective priority to satisfy their resource constraints. This way,
-GNUnet's economic model ensures that nodes that are not currently
-considered to have a surplus in contributions will not be served if
-the network load is high.
-@footnote{Christian Grothoff. An Excess-Based Economic Model for Resource
-Allocation in Peer-to-Peer Networks. Wirtschaftsinformatik, June 2003.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ebe.pdf})}
-@c 2009?
-@cindex Confidentiality
-@node Confidentiality
-@subsection Confidentiality
-Adversaries (malicious, bad actors) outside of GNUnet are not supposed
-to know what kind of actions a peer is involved in. Only the specific
-neighbor of a peer that is the corresponding sender or recipient of a
-message may know its contents, and even then application protocols may
-place further restrictions on that knowledge.  In order to ensure
-confidentiality, GNUnet uses link encryption, that is each message
-exchanged between two peers is encrypted using a pair of keys only
-known to these two peers.  Encrypting traffic like this makes any kind
-of traffic analysis much harder. Naturally, for some applications, it
-may still be desirable if even neighbors cannot determine the concrete
-contents of a message.  In GNUnet, this problem is addressed by the
-specific application-level protocols. See for example the following
-sections @pxref{Anonymity}, @pxref{How file-sharing achieves Anonymity},
-and @pxref{Deniability}.
-@cindex Anonymity
-@node Anonymity
-@subsection Anonymity
-@menu
+For certain applications like file-sharing GNUnet allows participants to trade degrees of anonymity in
-* How file-sharing achieves Anonymity::
+exchange for increased efficiency. However, it is not possible for any
-@end menu
+user's efficiency requirements to compromise the anonymity
+of any other user.
-Providing anonymity for users is the central goal for the anonymous
-file-sharing application. Many other design decisions follow in the
-footsteps of this requirement.
-Anonymity is never absolute. While there are various
-scientific metrics@footnote{Claudia Díaz, Stefaan Seys, Joris Claessens,
-and Bart Preneel. Towards measuring anonymity.
-2002.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf, https://gnunet.org/git/bibliography.git/plain/docs/article-89.pdf})}
-that can help quantify the level of anonymity that a given mechanism
-provides, there is no such thing as "complete anonymity".
-GNUnet's file-sharing implementation allows users to select for each
-operation (publish, search, download) the desired level of anonymity.
-The metric used is the amount of cover traffic available to hide the
-request.
-While this metric is not as good as, for example, the theoretical metric
-given in scientific metrics@footnote{likewise},
-it is probably the best metric available to a peer with a purely local
-view of the world that does not rely on unreliable external information.
-The default anonymity level is @code{1}, which uses anonymous routing but
-imposes no minimal requirements on cover traffic. It is possible
-to forego anonymity when this is not required. The anonymity level of
-@code{0} allows GNUnet to use more efficient, non-anonymous routing.
-@cindex How file-sharing achieves Anonymity
-@node How file-sharing achieves Anonymity
-@subsubsection How file-sharing achieves Anonymity
-Contrary to other designs, we do not believe that users achieve strong
-anonymity just because their requests are obfuscated by a couple of
-indirections. This is not sufficient if the adversary uses traffic
-analysis.
-The threat model used for anonymous file sharing in GNUnet assumes that
-the adversary is quite powerful.
-In particular, we assume that the adversary can see all the traffic on
-the Internet. And while we assume that the adversary
-can not break our encryption, we assume that the adversary has many
-participating nodes in the network and that it can thus see many of the
-node-to-node interactions since it controls some of the nodes. 
-The system tries to achieve anonymity based on the idea that users can be
-anonymous if they can hide their actions in the traffic created by other
-users.
-Hiding actions in the traffic of other users requires participating in the
-traffic, bringing back the traditional technique of using indirection and
-source rewriting. Source rewriting is required to gain anonymity since
-otherwise an adversary could tell if a message originated from a host by
-looking at the source address. If all packets look like they originate
-from one node, the adversary can not tell which ones originate from that
-node and which ones were routed.
-Note that in this mindset, any node can decide to break the
-source-rewriting paradigm without violating the protocol, as this
-only reduces the amount of traffic that a node can hide its own traffic
-in.
-If we want to hide our actions in the traffic of other nodes, we must make
-our traffic indistinguishable from the traffic that we route for others.
-As our queries must have us as the receiver of the reply
-(otherwise they would be useless), we must put ourselves as the receiver
-of replies that actually go to other hosts; in other words, we must
-indirect replies.
-Unlike other systems, in anonymous file-sharing as implemented on top of
-GNUnet we do not have to indirect the replies if we don't think we need
-more traffic to hide our own actions.
-This increases the efficiency of the network as we can indirect less under
-higher load.@footnote{Krista Bennett and Christian Grothoff.
-GAP --- practical anonymous networking. In Proceedings of
-Designing Privacy Enhancing Technologies, 2003.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf, https://gnunet.org/git/bibliography.git/plain/docs/aff.pdf})}
-@cindex Deniability
-@node Deniability
-@subsection Deniability
-Even if the user that downloads data and the server that provides data are
-anonymous, the intermediaries may still be targets. In particular, if the
-intermediaries can find out which queries or which content they are
-processing, a strong adversary could try to force them to censor
-certain materials. 
-With the file-encoding used by GNUnet's anonymous file-sharing, this
-problem does not arise.
-The reason is that queries and replies are transmitted in
-an encrypted format such that intermediaries cannot tell what the query
-is for or what the content is about.  Mind that this is not the same
-encryption as the link-encryption between the nodes.  GNUnet has
-encryption on the network layer (link encryption, confidentiality,
-authentication) and again on the application layer (provided
-by @command{gnunet-publish}, @command{gnunet-download},
-@command{gnunet-search} and @command{gnunet-gtk}).
-@footnote{Christian Grothoff, Krista Grothoff, Tzvetan Horozov,
-and Jussi T. Lindgren.
-An Encoding for Censorship-Resistant Sharing.
-2009.
-(@uref{https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/ecrs.pdf})}
-@cindex Peer Identities
-@node Peer Identities
-@subsection Peer Identities
-Peer identities are used to identify peers in the network and are unique
-for each peer. The identity for a peer is simply its public key, which is
-generated along with a private key the peer is started for the first time.
-While the identity is binary data, it is often expressed as ASCII string.
-For example, the following is a peer identity as you might see it in
-various places:
-@example
-UAT1S6PMPITLBKSJ2DGV341JI6KF7B66AC4JVCN9811NNEGQLUN0
-@end example
-@noindent
-You can find your peer identity by running @command{gnunet-peerinfo -s}.
-@cindex Zones in the GNU Name System (GNS Zones)
-@node Zones in the GNU Name System (GNS Zones)
-@subsection Zones in the GNU Name System (GNS Zones)
-@c FIXME: Explain or link to an explanation of the concept of public keys
-@c and private keys.
-@c FIXME: Rewrite for the latest GNS changes.
-GNS@footnote{Matthias Wachs, Martin Schanzenbach, and Christian Grothoff.
-A Censorship-Resistant, Privacy-Enhancing and Fully Decentralized Name
-System. In proceedings of 13th International Conference on Cryptology and
-Network Security (CANS 2014). 2014.
-@uref{https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf, https://gnunet.org/git/bibliography.git/plain/docs/gns2014wachs.pdf}}
-zones are similar to those of DNS zones, but instead of a hierarchy of
-authorities to governing their use, GNS zones are controlled by a private
-key.
-When you create a record in a DNS zone, that information is stored in your
-nameserver. Anyone trying to resolve your domain then gets pointed
-(hopefully) by the centralised authority to your nameserver.
-Whereas GNS, being fully decentralized by design, stores that information
-in DHT. The validity of the records is assured cryptographically, by
-signing them with the private key of the respective zone.
-Anyone trying to resolve records in a zone of your domain can then verify
-the signature of the records they get from the DHT and be assured that
-they are indeed from the respective zone.
-To make this work, there is a 1:1 correspondence between zones and
-their public-private key pairs.
-So when we talk about the owner of a GNS zone, that's really the owner of
-the private key.
-And a user accessing a zone needs to somehow specify the corresponding
-public key first.
-@cindex Egos
-@node Egos
-@subsection Egos
-@c what is the difference between peer identity and egos? It seems
-@c like both are linked to public-private key pair.
-Egos are your "identities" in GNUnet. Any user can assume multiple
-identities, for example to separate their activities online. Egos can
-correspond to "pseudonyms" or "real-world identities". Technically an
-ego is first of all a key pair of a public- and private-key.
diff --git a/doc/documentation/chapters/user.texi b/doc/documentation/chapters/user.texi
index f2dc5b35d..2dd6cbcb5 100644
--- a/doc/documentation/chapters/user.texi
+++ b/doc/documentation/chapters/user.texi
@@ -20,232 +20,32 @@ always welcome.
 @menu
-* Checking the Installation::
+* Start and stop GNUnet::
-* First steps - File-sharing::
 * First steps - Using the GNU Name System::
 * First steps - Using GNUnet Conversation::
 * First steps - Using the GNUnet VPN::
 * File-sharing::
 * The GNU Name System::
 * Using the Virtual Public Network::
-* The graphical configuration interface::
+* MOVE TO INSTALL The graphical configuration interface::
-* How to start and stop a GNUnet peer::
+* MOVE TO INSTALL Checking the Installation::
+* MOVE TO INSTALL Config Leftovers::
 @end menu
-@node Checking the Installation
+@node Start and stop GNUnet
-@section Checking the Installation
+@section Start and stop GNUnet
-@c %**end of header
-This section describes a quick, casual way to check if your GNUnet
-installation works. However, if it does not, we do not cover
-steps for recovery --- for this, please study the instructions
-provided in the developer handbook as well as the system-specific
-instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}.
+Previous to use any GNUnet-based application, one has to start a node:
-@menu
-* gnunet-gtk::
-* Statistics::
-* Peer Information::
-@end menu
-@cindex GNUnet GTK
-@cindex GTK
-@cindex GTK user interface
-@node gnunet-gtk
-@subsection gnunet-gtk
-@c %**end of header
-The @command{gnunet-gtk} package contains several graphical
-user interfaces for the respective GNUnet applications.
-Currently these interfaces cover:
-@itemize @bullet
-@item Statistics
-@item Peer Information
-@item GNU Name System
-@item File Sharing
-@item Identity Management
-@item Conversation
-@end itemize
-@node Statistics
-@subsection Statistics
-@c %**end of header
-First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}.
-You can do this from the command-line by typing
 @example
-gnunet-statistics-gtk
+$ gnunet-arm -s -l gnunet.log
 @end example
-If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.}
+To stop GNUnet:
-is running correctly, you should see a bunch of lines,
-all of which should be ``significantly'' above zero (at least if your
-peer has been running for more than a few seconds). The lines indicate
-how many other peers your peer is connected to (via different
-mechanisms) and how large the entire overlay network is currently
-estimated to be. The X-axis represents time (in seconds since the
-start of @command{gnunet-gtk}).
-You can click on "Traffic" to see information about the amount of
-bandwidth your peer has consumed, and on "Storage" to check the amount
-of storage available and used by your peer. Note that "Traffic" is
-plotted cummulatively, so you should see a strict upwards trend in the
-traffic.
-@node Peer Information
-@subsection Peer Information
-@c %**end of header
-First, you should launch the graphical user interface.  You can do
-this from the command-line by typing
 @example
-$ gnunet-peerinfo-gtk
+$ gnunet-arm -e
 @end example
-Once you have done this, you will see a list of known peers (by the
-first four characters of their public key), their friend status (all
-should be marked as not-friends initially), their connectivity (green
-is connected, red is disconnected), assigned bandwidth, country of
-origin (if determined) and address information. If hardly any peers
-are listed and/or if there are very few peers with a green light for
-connectivity, there is likely a problem with your network
-configuration.
-@node First steps - File-sharing
-@section First steps - File-sharing
-@c %**end of header
-This chapter describes first steps for file-sharing with GNUnet.
-To start, you should launch @command{gnunet-fs-gtk}.
-As we want to be sure that the network contains the data that we are
-looking for for testing, we need to begin by publishing a file.
-@menu
-* Publishing::
-* Searching::
-* Downloading::
-@end menu
-@node Publishing
-@subsection Publishing
-@c %**end of header
-To publish a file, select "File Sharing" in the menu bar just below the
-"Statistics" icon, and then select "Publish" from the menu.
-Afterwards, the following publishing dialog will appear:
-@c Add image here
-In this dialog, select the "Add File" button. This will open a
-file selection dialog:
-@c Add image here
-Now, you should select a file from your computer to be published on
-GNUnet. To see more of GNUnet's features later, you should pick a
-PNG or JPEG file this time. You can leave all of the other options
-in the dialog unchanged. Confirm your selection by pressing the "OK"
-button in the bottom right corner. Now, you will briefly see a
-"Messages..." dialog pop up, but most likely it will be too short for
-you to really read anything. That dialog is showing you progress
-information as GNUnet takes a first look at the selected file(s).
-For a normal image, this is virtually instant, but if you later
-import a larger directory you might be interested in the progress dialog
-and potential errors that might be encountered during processing.
-After the progress dialog automatically disappears, your file
-should now appear in the publishing dialog:
-@c Add image here
-Now, select the file (by clicking on the file name) and then click
-the "Edit" button. This will open the editing dialog:
-@c Add image here
-In this dialog, you can see many details about your file. In the
-top left area, you can see meta data extracted about the file,
-such as the original filename, the mimetype and the size of the image.
-In the top right, you should see a preview for the image
-(if GNU libextractor was installed correctly with the
-respective plugins). Note that if you do not see a preview, this
-is not a disaster, but you might still want to install more of
-GNU libextractor in the future. In the bottom left, the dialog contains
-a list of keywords. These are the keywords under which the file will be
-made available. The initial list will be based on the extracted meta data.
-Additional publishing options are in the right bottom corner. We will
-now add an additional keyword to the list of keywords. This is done by
-entering the keyword above the keyword list between the label "Keyword"
-and the "Add keyword" button. Enter "test" and select "Add keyword".
-Note that the keyword will appear at the bottom of the existing keyword
-list, so you might have to scroll down to see it. Afterwards, push the
-"OK" button at the bottom right of the dialog.
-You should now be back at the "Publish content on GNUnet" dialog. Select
-"Execute" in the bottom right to close the dialog and publish your file
-on GNUnet! Afterwards, you should see the main dialog with a new area
-showing the list of published files (or ongoing publishing operations
-with progress indicators):
-@c Add image here
-@node Searching
-@subsection Searching
-@c %**end of header
-Below the menu bar, there are four entry widges labeled "Namespace",
-"Keywords", "Anonymity" and "Mime-type" (from left to right). These
-widgets are used to control searching for files in GNUnet. Between the
-"Keywords" and "Anonymity" widgets, there is also a big "Search" button,
-which is used to initiate the search. We will ignore the "Namespace",
-"Anonymity" and "Mime-type" options in this tutorial, please leave them
-empty. Instead, simply enter "test" under "Keywords" and press "Search".
-Afterwards, you should immediately see a new tab labeled after your
-search term, followed by the (current) number of search
-results --- "(15)" in our screenshot. Note that your results may
-vary depending on what other users may have shared and how your
-peer is connected.
-You can now select one of the search results. Once you do this,
-additional information about the result should be displayed on the
-right. If available, a preview image should appear on the top right.
-Meta data describing the file will be listed at the bottom right.
-Once a file is selected, at the bottom of the search result list
-a little area for downloading appears.
-@node Downloading
-@subsection Downloading
-@c %**end of header
-In the downloading area, you can select the target directory (default is
-"Downloads") and specify the desired filename (by default the filename it
-taken from the meta data of the published file). Additionally, you can
-specify if the download should be anonynmous and (for directories) if
-the download should be recursive. In most cases, you can simply start
-the download with the "Download!" button.
-Once you selected download, the progress of the download will be
-displayed with the search result. You may need to resize the result
-list or scroll to the right. The "Status" column shows the current
-status of the download, and "Progress" how much has been completed.
-When you close the search tab (by clicking on the "X" button next to
-the "test" label), ongoing and completed downloads are not aborted
-but moved to a special "*" tab.
-You can remove completed downloads from the "*" tab by clicking the
-cleanup button next to the "*". You can also abort downloads by right
-clicking on the respective download and selecting "Abort download"
-from the menu.
-That's it, you now know the basics for file-sharing with GNUnet!
 @node First steps - Using the GNU Name System
 @section First steps - Using the GNU Name System
 @c %**end of header
@@ -899,24 +699,198 @@ the searcher/downloader specify "no anonymity", non-anonymous
 file-sharing is used. If either user specifies some desired degree
 of anonymity, anonymous file-sharing will be used.
-In this chapter, we will first look at the various concepts in GNUnet's
+After a short introduction, we will first look at the various concepts in
-file-sharing implementation. Then, we will discuss specifics as to
+GNUnet's file-sharing implementation. Then, we will discuss specifics as to how
-how they impact users that publish, search or download files.
+they impact users that publish, search or download files.
 @menu
-* File-sharing Concepts::
+* fs-Searching::
-* File-sharing Publishing::
+* fs-Downloading::
-* File-sharing Searching::
+* fs-Publishing::
-* File-sharing Downloading::
+* fs-Concepts::
-* File-sharing Directories::
+* fs-Directories::
-* File-sharing Namespace Management::
+* Namespace Management::
 * File-Sharing URIs::
+* GTK User Interface::
+@end menu
+@node fs-Searching
+@subsection Searching
+@c %**end of header
+The command @command{gnunet-search} can be used to search
+for content on GNUnet. The format is:
+@example
+$ gnunet-search [-t TIMEOUT] KEYWORD
+@end example
+@noindent
+The -t option specifies that the query should timeout after
+approximately TIMEOUT seconds. A value of zero is interpreted
+as @emph{no timeout}, which is also the default. In this case,
+gnunet-search will never terminate (unless you press CTRL-C).
+If multiple words are passed as keywords, they will all be
+considered optional. Prefix keywords with a "+" to make them mandatory.
+Note that searching using
+@example
+$ gnunet-search Das Kapital
+@end example
+@noindent
+is not the same as searching for
+@example
+$ gnunet-search "Das Kapital"
+@end example
+@noindent
+as the first will match files shared under the keywords
+"Das" or "Kapital" whereas the second will match files
+shared under the keyword "Das Kapital".
+Search results are printed by gnunet-search like this:
+@c it will be better the avoid the ellipsis altogether because I don't
+@c understand the explanation below that
+@example
+#15:
+gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
+@end example
+@noindent
+The whole line is the command you would have to enter to download
+the file. The argument passed to @code{-o} is the suggested
+filename (you may change it to whatever you like).
+It is followed by the key for decrypting the file, the query for searching the
+file, a checksum (in hexadecimal) finally the size of the file in bytes.
+@node fs-Downloading
+@subsection Downloading
+@c %**end of header
+In order to download a file, you need the whole line returned by
+@command{gnunet-search}.
+You can then use the tool @command{gnunet-download} to obtain the file:
+@example
+$ gnunet-download -o <FILENAME> <GNUNET-URL>
+@end example
+@noindent
+FILENAME specifies the name of the file where GNUnet is supposed
+to write the result. Existing files are overwritten. If the
+existing file contains blocks that are identical to the
+desired download, those blocks will not be downloaded again
+(automatic resume).
+If you want to download the GPL from the previous example,
+you do the following:
+@example
+$ gnunet-download -o "COPYING" gnunet://fs/chk/PGK8M...3EK130.75446
+@end example
+@noindent
+If you ever have to abort a download, you can continue it at any time by
+re-issuing @command{gnunet-download} with the same filename.
+In that case, GNUnet will @strong{not} download blocks again that are
+already present.
+GNUnet's file-encoding mechanism will ensure file integrity, even if the
+existing file was not downloaded from GNUnet in the first place.
+You may want to use the @command{-V} switch  to turn on verbose reporting. In
+this case, @command{gnunet-download} will print the current number of bytes
+downloaded whenever new data was received.
+@node fs-Publishing
+@subsection Publishing
+@c %**end of header
+The command @command{gnunet-publish} can be used to add content
+to the network. The basic format of the command is
+@example
+$ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME
+@end example
+For example
+@example
+$ gnunet-publish -m "description:GNU License" -k gpl -k test -m "mimetype:text/plain" COPYING
+@end example
+@menu
+* Important command-line options::
+* Indexing vs. Inserting::
 @end menu
-@node File-sharing Concepts
+@node Important command-line options
-@subsection File-sharing Concepts
+@subsubsection Important command-line options
+@c %**end of header
+The option @code{-k} is used to specify keywords for the file that
+should be inserted. You can supply any number of keywords,
+and each of the keywords will be sufficient to locate and
+retrieve the file. Please note that you must use the @code{-k} option 
+more than once -- one for each expression you use as a keyword for
+the filename.
+The -m option is used to specify meta-data, such as descriptions.
+You can use -m multiple times. The TYPE passed must be from the
+list of meta-data types known to libextractor. You can obtain this
+list by running @command{extract -L}. Use quotes around the entire
+meta-data argument if the value contains spaces. The meta-data
+is displayed to other users when they select which files to
+download. The meta-data and the keywords are optional and
+maybe inferred using @code{GNU libextractor}.
+gnunet-publish has a few additional options to handle namespaces and
+directories. See the man-page for details.
+@node Indexing vs. Inserting
+@subsubsection Indexing vs Inserting
+@c %**end of header
+By default, GNUnet indexes a file instead of making a full copy.
+This is much more efficient, but requries the file to stay unaltered
+at the location where it was when it was indexed. If you intend to move,
+delete or alter a file, consider using the option @code{-n} which will
+force GNUnet to make a copy of the file in the database.
+Since it is much less efficient, this is strongly discouraged for large
+files. When GNUnet indexes a file (default), GNUnet does @strong{not}
+create an additional encrypted copy of the file but just computes a
+summary (or index) of the file. That summary is approximately two percent
+of the size of the original file and is stored in GNUnet's database.
+Whenever a request for a part of an indexed file reaches GNUnet,
+this part is encrypted on-demand and send out. This way, there is no
+need for an additional encrypted copy of the file to stay anywhere
+on the drive. This is different from other systems, such as Freenet,
+where each file that is put online must be in Freenet's database in
+encrypted format, doubling the space requirements if the user wants
+to preseve a directly accessible copy in plaintext.
+Thus indexing should be used for all files where the user will keep
+using this file (at the location given to gnunet-publish) and does
+not want to retrieve it back from GNUnet each time. If you want to
+remove a file that you have indexed from the local peer, use the tool
+@command{gnunet-unindex} to un-index the file.
+The option @code{-n} may be used if the user fears that the file might
+be found on their drive (assuming the computer comes under the control
+of an adversary). When used with the @code{-n} flag, the user has a
+much better chance of denying knowledge of the existence of the file,
+even if it is still (encrypted) on the drive and the adversary is
+able to crack the encryption (e.g. by guessing the keyword.
+@node fs-Concepts
+@subsection Concepts
 @c %**end of header
 Sharing files in GNUnet is not quite as simple as in traditional
@@ -1072,184 +1046,9 @@ replication level into the network, and then decrement the replication
 level by one. If all blocks reach replication level zero, the
 selection is simply random.
-@node File-sharing Publishing
-@subsection File-sharing Publishing
-@c %**end of header
-The command @command{gnunet-publish} can be used to add content
-to the network. The basic format of the command is
-@example
-$ gnunet-publish [-n] [-k KEYWORDS]* [-m TYPE:VALUE] FILENAME
-@end example
-@menu
-* Important command-line options::
-* Indexing vs. Inserting::
-@end menu
-@node Important command-line options
-@subsubsection Important command-line options
-@c %**end of header
-The option @code{-k} is used to specify keywords for the file that
-should be inserted. You can supply any number of keywords,
-and each of the keywords will be sufficient to locate and
-retrieve the file. Please note that you must use the @code{-k} option 
-more than once -- one for each expression you use as a keyword for
-the filename.
-The -m option is used to specify meta-data, such as descriptions.
-You can use -m multiple times. The TYPE passed must be from the
-list of meta-data types known to libextractor. You can obtain this
-list by running @command{extract -L}. Use quotes around the entire
-meta-data argument if the value contains spaces. The meta-data
-is displayed to other users when they select which files to
-download. The meta-data and the keywords are optional and
-maybe inferred using @code{GNU libextractor}.
-gnunet-publish has a few additional options to handle namespaces and
-directories. See the man-page for details.
-@node Indexing vs. Inserting
-@subsubsection Indexing vs Inserting
-@c %**end of header
-By default, GNUnet indexes a file instead of making a full copy.
-This is much more efficient, but requries the file to stay unaltered
-at the location where it was when it was indexed. If you intend to move,
-delete or alter a file, consider using the option @code{-n} which will
-force GNUnet to make a copy of the file in the database.
-Since it is much less efficient, this is strongly discouraged for large
-files. When GNUnet indexes a file (default), GNUnet does @strong{not}
-create an additional encrypted copy of the file but just computes a
-summary (or index) of the file. That summary is approximately two percent
-of the size of the original file and is stored in GNUnet's database.
-Whenever a request for a part of an indexed file reaches GNUnet,
-this part is encrypted on-demand and send out. This way, there is no
-need for an additional encrypted copy of the file to stay anywhere
-on the drive. This is different from other systems, such as Freenet,
-where each file that is put online must be in Freenet's database in
-encrypted format, doubling the space requirements if the user wants
-to preseve a directly accessible copy in plaintext.
-Thus indexing should be used for all files where the user will keep
-using this file (at the location given to gnunet-publish) and does
-not want to retrieve it back from GNUnet each time. If you want to
-remove a file that you have indexed from the local peer, use the tool
-@command{gnunet-unindex} to un-index the file.
-The option @code{-n} may be used if the user fears that the file might
-be found on their drive (assuming the computer comes under the control
-of an adversary). When used with the @code{-n} flag, the user has a
-much better chance of denying knowledge of the existence of the file,
-even if it is still (encrypted) on the drive and the adversary is
-able to crack the encryption (e.g. by guessing the keyword.
-@node File-sharing Searching
-@subsection File-sharing Searching
-@c %**end of header
-The command @command{gnunet-search} can be used to search
-for content on GNUnet. The format is:
-@example
-$ gnunet-search [-t TIMEOUT] KEYWORD
-@end example
-@noindent
-The -t option specifies that the query should timeout after
-approximately TIMEOUT seconds. A value of zero is interpreted
-as @emph{no timeout}, which is also the default. In this case,
-gnunet-search will never terminate (unless you press CTRL-C).
-If multiple words are passed as keywords, they will all be
-considered optional. Prefix keywords with a "+" to make them mandatory.
-Note that searching using
-@example
-$ gnunet-search Das Kapital
-@end example
-@noindent
-is not the same as searching for
-@example
-$ gnunet-search "Das Kapital"
-@end example
-@noindent
-as the first will match files shared under the keywords
-"Das" or "Kapital" whereas the second will match files
-shared under the keyword "Das Kapital".
-Search results are printed by gnunet-search like this:
-@c it will be better the avoid the ellipsis altogether because I don't
-@c understand the explanation below that
-@example
-$ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...C92.17992
-=> The GNU Public License <= (mimetype: text/plain)
-@end example
-@noindent
-The first line is the command you would have to enter to download
-the file. The argument passed to @code{-o} is the suggested
-filename (you may change it to whatever you like).
-@c except it's triple dash in the above example ---
-The @code{--} is followed by key for decrypting the file,
-the query for searching the file, a checksum (in hexadecimal)
-finally the size of the file in bytes.
-The second line contains the description of the file; here this is
-"The GNU Public License" and the mime-type (see the options for
-gnunet-publish on how to specify these).
-@node File-sharing Downloading
-@subsection File-sharing Downloading
-@c %**end of header
-In order to download a file, you need the three values returned by
-@command{gnunet-search}.
-You can then use the tool @command{gnunet-download} to obtain the file:
-@example
-$ gnunet-download -o FILENAME --- GNUNETURL
-@end example
-@noindent
-FILENAME specifies the name of the file where GNUnet is supposed
-to write the result. Existing files are overwritten. If the
-existing file contains blocks that are identical to the
-desired download, those blocks will not be downloaded again
-(automatic resume).
-If you want to download the GPL from the previous example,
-you do the following:
-@example
-$ gnunet-download -o "COPYING" --- gnunet://fs/chk/N8...92.17992
-@end example
-@noindent
-If you ever have to abort a download, you can continue it at any time by
-re-issuing @command{gnunet-download} with the same filename.
-In that case, GNUnet will @strong{not} download blocks again that are
-already present.
-GNUnet's file-encoding mechanism will ensure file integrity, even if the
+@node fs-Directories
-existing file was not downloaded from GNUnet in the first place.
+@subsection Directories
-You may want to use the @command{-V} switch (must be added before
-@c Same as above it's triple dash
-the @command{--}) to turn on verbose reporting. In this case,
-@command{gnunet-download} will print the current number of
-bytes downloaded whenever new data was received.
-@node File-sharing Directories
-@subsection File-sharing Directories
 @c %**end of header
 Directories are shared just like ordinary files. If you download a
@@ -1264,8 +1063,8 @@ typically includes the mime-type, description, a filename and
 other meta information, and possibly even the full original file
 (if it was small).
-@node File-sharing Namespace Management
+@node Namespace Management
-@subsection File-sharing Namespace Management
+@subsection Namespace Management
 @c %**end of header
 @b{Please note that the text in this subsection is outdated and needs}
@@ -1436,6 +1235,135 @@ chosen keyword (or password!). A commonly used identifier is
 "root" which by convention refers to some kind of index or other
 entry point into the namespace.
+@node GTK User Interface
+@subsection GTK User Interface
+This chapter describes first steps for file-sharing with GNUnet.
+To start, you should launch @command{gnunet-fs-gtk}.
+As we want to be sure that the network contains the data that we are
+looking for for testing, we need to begin by publishing a file.
+@menu
+* gtk-Publishing::
+* gtk-Searching::
+* gtk-Downloading::
+@end menu
+@node gtk-Publishing
+@subsubsection Publishing
+@c %**end of header
+To publish a file, select "File Sharing" in the menu bar just below the
+"Statistics" icon, and then select "Publish" from the menu.
+Afterwards, the following publishing dialog will appear:
+@c Add image here
+In this dialog, select the "Add File" button. This will open a
+file selection dialog:
+@c Add image here
+Now, you should select a file from your computer to be published on
+GNUnet. To see more of GNUnet's features later, you should pick a
+PNG or JPEG file this time. You can leave all of the other options
+in the dialog unchanged. Confirm your selection by pressing the "OK"
+button in the bottom right corner. Now, you will briefly see a
+"Messages..." dialog pop up, but most likely it will be too short for
+you to really read anything. That dialog is showing you progress
+information as GNUnet takes a first look at the selected file(s).
+For a normal image, this is virtually instant, but if you later
+import a larger directory you might be interested in the progress dialog
+and potential errors that might be encountered during processing.
+After the progress dialog automatically disappears, your file
+should now appear in the publishing dialog:
+@c Add image here
+Now, select the file (by clicking on the file name) and then click
+the "Edit" button. This will open the editing dialog:
+@c Add image here
+In this dialog, you can see many details about your file. In the
+top left area, you can see meta data extracted about the file,
+such as the original filename, the mimetype and the size of the image.
+In the top right, you should see a preview for the image
+(if GNU libextractor was installed correctly with the
+respective plugins). Note that if you do not see a preview, this
+is not a disaster, but you might still want to install more of
+GNU libextractor in the future. In the bottom left, the dialog contains
+a list of keywords. These are the keywords under which the file will be
+made available. The initial list will be based on the extracted meta data.
+Additional publishing options are in the right bottom corner. We will
+now add an additional keyword to the list of keywords. This is done by
+entering the keyword above the keyword list between the label "Keyword"
+and the "Add keyword" button. Enter "test" and select "Add keyword".
+Note that the keyword will appear at the bottom of the existing keyword
+list, so you might have to scroll down to see it. Afterwards, push the
+"OK" button at the bottom right of the dialog.
+You should now be back at the "Publish content on GNUnet" dialog. Select
+"Execute" in the bottom right to close the dialog and publish your file
+on GNUnet! Afterwards, you should see the main dialog with a new area
+showing the list of published files (or ongoing publishing operations
+with progress indicators):
+@c Add image here
+@node gtk-Searching
+@subsubsection Searching
+@c %**end of header
+Below the menu bar, there are four entry widges labeled "Namespace",
+"Keywords", "Anonymity" and "Mime-type" (from left to right). These
+widgets are used to control searching for files in GNUnet. Between the
+"Keywords" and "Anonymity" widgets, there is also a big "Search" button,
+which is used to initiate the search. We will ignore the "Namespace",
+"Anonymity" and "Mime-type" options in this tutorial, please leave them
+empty. Instead, simply enter "test" under "Keywords" and press "Search".
+Afterwards, you should immediately see a new tab labeled after your
+search term, followed by the (current) number of search
+results --- "(15)" in our screenshot. Note that your results may
+vary depending on what other users may have shared and how your
+peer is connected.
+You can now select one of the search results. Once you do this,
+additional information about the result should be displayed on the
+right. If available, a preview image should appear on the top right.
+Meta data describing the file will be listed at the bottom right.
+Once a file is selected, at the bottom of the search result list
+a little area for downloading appears.
+@node gtk-Downloading
+@subsubsection Downloading
+@c %**end of header
+In the downloading area, you can select the target directory (default is
+"Downloads") and specify the desired filename (by default the filename it
+taken from the meta data of the published file). Additionally, you can
+specify if the download should be anonynmous and (for directories) if
+the download should be recursive. In most cases, you can simply start
+the download with the "Download!" button.
+Once you selected download, the progress of the download will be
+displayed with the search result. You may need to resize the result
+list or scroll to the right. The "Status" column shows the current
+status of the download, and "Progress" how much has been completed.
+When you close the search tab (by clicking on the "X" button next to
+the "test" label), ongoing and completed downloads are not aborted
+but moved to a special "*" tab.
+You can remove completed downloads from the "*" tab by clicking the
+cleanup button next to the "*". You can also abort downloads by right
+clicking on the respective download and selecting "Abort download"
+from the menu.
+That's it, you now know the basics for file-sharing with GNUnet!
 @node The GNU Name System
 @section The GNU Name System
 @c %**end of header
@@ -2032,8 +1960,8 @@ that will terminate at the respective peer's service.
 @c NOTE: Inserted from Installation Handbook in original ``order'':
 @c FIXME: Move this to User Handbook.
-@node The graphical configuration interface
+@node MOVE TO INSTALL The graphical configuration interface
-@section The graphical configuration interface
+@section MOVE TO INSTALL The graphical configuration interface
 If you also would like to use @command{gnunet-gtk} and
 @command{gnunet-setup} (highly recommended for beginners), do:
@@ -3619,8 +3547,91 @@ desktop-user to "sudo" (i.e. using gtksudo) to the "gnunet" user account
 and then runs "gnunet-arm -e", "gnunet-setup" and "gnunet-arm -s" in
 sequence.
-@node How to start and stop a GNUnet peer
+@node MOVE TO INSTALL Checking the Installation
-@section How to start and stop a GNUnet peer
+@section MOVE TO INSTALL Checking the Installation
+@c %**end of header
+This section describes a quick, casual way to check if your GNUnet
+installation works. However, if it does not, we do not cover
+steps for recovery --- for this, please study the instructions
+provided in the developer handbook as well as the system-specific
+instruction in the source code repository@footnote{The system specific instructions are not provided as part of this handbook!}.
+@menu
+* gnunet-gtk::
+* Statistics::
+* Peer Information::
+@end menu
+@cindex GNUnet GTK
+@cindex GTK
+@cindex GTK user interface
+@node gnunet-gtk
+@subsection gnunet-gtk
+@c %**end of header
+The @command{gnunet-gtk} package contains several graphical
+user interfaces for the respective GNUnet applications.
+Currently these interfaces cover:
+@itemize @bullet
+@item Statistics
+@item Peer Information
+@item GNU Name System
+@item File Sharing
+@item Identity Management
+@item Conversation
+@end itemize
+@node Statistics
+@subsection Statistics
+@c %**end of header
+First, you should launch GNUnet gtk@footnote{Obviously you should also start gnunet, via gnunet-arm or the system provided method}.
+You can do this from the command-line by typing
+@example
+gnunet-statistics-gtk
+@end example
+If your peer@footnote{The term ``peer'' is a common word used in federated and distributed networks to describe a participating device which is connected to the network. Thus, your Personal Computer or whatever it is you are looking at the Gtk+ interface describes a ``Peer'' or a ``Node''.}
+is running correctly, you should see a bunch of lines,
+all of which should be ``significantly'' above zero (at least if your
+peer has been running for more than a few seconds). The lines indicate
+how many other peers your peer is connected to (via different
+mechanisms) and how large the entire overlay network is currently
+estimated to be. The X-axis represents time (in seconds since the
+start of @command{gnunet-gtk}).
+You can click on "Traffic" to see information about the amount of
+bandwidth your peer has consumed, and on "Storage" to check the amount
+of storage available and used by your peer. Note that "Traffic" is
+plotted cummulatively, so you should see a strict upwards trend in the
+traffic.
+@node Peer Information
+@subsection Peer Information
+@c %**end of header
+First, you should launch the graphical user interface.  You can do
+this from the command-line by typing
+@example
+$ gnunet-peerinfo-gtk
+@end example
+Once you have done this, you will see a list of known peers (by the
+first four characters of their public key), their friend status (all
+should be marked as not-friends initially), their connectivity (green
+is connected, red is disconnected), assigned bandwidth, country of
+origin (if determined) and address information. If hardly any peers
+are listed and/or if there are very few peers with a green light for
+connectivity, there is likely a problem with your network
+configuration.
+@node MOVE TO INSTALL Config Leftovers
+@section MOVE TO INSTALL Config Leftovers
 This section describes how to start a GNUnet peer. It assumes that you
 have already compiled and installed GNUnet and its' dependencies.
@@ -3949,3 +3960,4 @@ Furthermore, 'make install' will silently fail to set the DNS binaries to
 be owned by group "gnunetdns" unless that group already exists (!).
 An alternative name for the "gnunetdns" group can be specified using the
 @code{--with-gnunetdns=GRPNAME} configure option.
diff --git a/doc/documentation/gnunet.texi b/doc/documentation/gnunet.texi
index cd2f04399..5ba6f6b15 100644
--- a/doc/documentation/gnunet.texi
+++ b/doc/documentation/gnunet.texi
@@ -82,7 +82,9 @@ This document is the Reference Manual for GNUnet version @value{VERSION}.
 * Preface::                         Chapter 0
 * Philosophy::                      About GNUnet
+* Key Concepts::                    Key concepts of GNUnet
 @c * Vocabulary::                      Vocabulary
+* Installing GNUnet::               Installing GNUnet
 * Using GNUnet::                    Using GNUnet
 @c * Configuration Handbook::          Configuring GNUnet
 * GNUnet Contributors Handbook::    Contributing to GNUnet
@@ -104,11 +106,12 @@ Preface
 Philosophy
-* Design Goals::
+* Design Principles::
-* Security and Privacy::
+* Privacy and Anonymity::
-* Versatility::
+* Practicality:: 
-* Practicality::
-* Key Concepts::
+Key Concepts
 * Authentication::
 * Accounting to Encourage Resource Sharing::
 * Confidentiality::
@@ -120,18 +123,20 @@ Philosophy
 * Backup of Identities and Egos::
 * Revocation::
+Installing GNUnet
 Using GNUnet
-* Checking the Installation::
+* Start and stop GNUnet::
-* First steps - File-sharing::
 * First steps - Using the GNU Name System::
 * First steps - Using GNUnet Conversation::
 * First steps - Using the GNUnet VPN::
 * File-sharing::
 * The GNU Name System::
 * Using the Virtual Public Network::
-* The graphical configuration interface::
+* MOVE TO INSTALL The graphical configuration interface::
-* How to start and stop a GNUnet peer::
+* MOVE TO INSTALL Checking the Installation::
+* MOVE TO INSTALL Config Leftovers::
 GNUnet Contributors Handbook
@@ -193,6 +198,14 @@ GNUnet Developer Handbook
 @c *********************************************************************
 @c *********************************************************************
+@include chapters/keyconcepts.texi
+@c *********************************************************************
+@c *********************************************************************
+@include chapters/installation.texi
+@c *********************************************************************
+@c *********************************************************************
 @include chapters/user.texi
 @c *********************************************************************
diff --git a/doc/man/gnunet-revocation.1 b/doc/man/gnunet-revocation.1
index 017b019fd..b963b2dc0 100644
--- a/doc/man/gnunet-revocation.1
+++ b/doc/man/gnunet-revocation.1
@@ -15,7 +15,7 @@ instantly revoke a key and to use a pre-generated revocation
 certificate to revoke a key.  Upon successful revocation, all peers
 will be informed about the invalidity of the key.  As this is an
 expensive operation, GNUnet requires the issuer of the revocation to
-perform an expensive proof-of-work computation before he will be
+perform an expensive proof-of-work computation before they will be
 allowed to perform the revocation.  gnunet\-revocation will perform
 this computation.  The computation can be performed ahead of time,
 with the resulting revocation certificate being stored in a file for
diff --git a/doc/release_policy.rfc.txt b/doc/release_policy.rfc.txt
index fd4118742..b3d72bac4 100644
--- a/doc/release_policy.rfc.txt
+++ b/doc/release_policy.rfc.txt
@@ -117,7 +117,7 @@ platforms.  It also doubt it will give you the recognition you crave.
 More importantly, what you describe is already happening, and
 partially has contributed to the problems. Bart kept his own CADET
 hacks in his personal branch for years, hence without much feedback or
-review.  The SecuShare team kept their patches in their own branch,
+review.  The secushare team kept their patches in their own branch,
 hence revealing interesting failure modes when it was finally merged.
 Martin kept some of his ABE-logic in his own branch (that one was
 merged without me noticing major problems).  Anyway, what you propose
diff --git a/m4/iconv.m4 b/m4/iconv.m4
index a50364656..41aa44a56 100644
--- a/m4/iconv.m4
+++ b/m4/iconv.m4
@@ -29,7 +29,7 @@ AC_DEFUN([AM_ICONV_LINK],
  dnl Add $INCICONV to CPPFLAGS before performing the following checks,
  dnl because if the user has installed libiconv and not disabled its use
-  dnl via --without-libiconv-prefix, he wants to use it. The first
+  dnl via --without-libiconv-prefix, they want to use it. The first
  dnl AC_LINK_IFELSE will then fail, the second AC_LINK_IFELSE will succeed.
  am_save_CPPFLAGS="$CPPFLAGS"
  AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
diff --git a/m4/lib-link.m4 b/m4/lib-link.m4
index 073f04050..d963149b0 100644
--- a/m4/lib-link.m4
+++ b/m4/lib-link.m4
@@ -68,7 +68,7 @@ AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
  dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
  dnl because if the user has installed lib[]Name and not disabled its use
-  dnl via --without-lib[]Name-prefix, he wants to use it.
+  dnl via --without-lib[]Name-prefix, they want to use it.
  ac_save_CPPFLAGS="$CPPFLAGS"
  AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
diff --git a/m4/lib-prefix.m4 b/m4/lib-prefix.m4
index 60908e8fb..855ca9317 100644
--- a/m4/lib-prefix.m4
+++ b/m4/lib-prefix.m4
@@ -15,7 +15,7 @@ ifdef([AC_HELP_STRING],
 dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
 dnl to access previously installed libraries. The basic assumption is that
-dnl a user will want packages to use other packages he previously installed
+dnl a user will want packages to use other packages they previously installed
 dnl with the same --prefix option.
 dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
 dnl libraries, but is otherwise very convenient.
diff --git a/pkgconfig/Makefile.am b/pkgconfig/Makefile.am
index 9c9eb5c6b..3a3102f0a 100644
--- a/pkgconfig/Makefile.am
+++ b/pkgconfig/Makefile.am
@@ -10,8 +10,6 @@ pcfiles = \
       gnunetdatastore.pc \
       gnunetdht.pc \
       gnunetdns.pc \
-       gnunetdnsparser.pc \
-       gnunetdnsstub.pc \
       gnunetdv.pc \
       gnunetenv.pc \
       gnunetfragmentation.pc \
@@ -39,7 +37,6 @@ pcfiles = \
       gnunettestbed.pc \
       gnunettesting.pc \
       gnunettransport.pc \
-       gnunettun.pc \
       gnunetutil.pc \
       gnunetvpn.pc 
diff --git a/pkgconfig/gnunetdnsparser.pc.in b/pkgconfig/gnunetdnsparser.pc.in
deleted file mode 100644
index ffb5fca8b..000000000
--- a/pkgconfig/gnunetdnsparser.pc.in
+++ /dev/null
@@ -1,12 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-Name: GNUnet DNS parser
-Description: Provides API for parsing and serializing DNS packets
-URL: http://gnunet.org
-Version: @VERSION@
-Requires:
-Libs: -L${libdir} -lgnunetdnsparser
-Cflags: -I${includedir}
diff --git a/pkgconfig/gnunetdnsstub.pc.in b/pkgconfig/gnunetdnsstub.pc.in
deleted file mode 100644
index b1da343ea..000000000
--- a/pkgconfig/gnunetdnsstub.pc.in
+++ /dev/null
@@ -1,12 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-Name: GNUnet DNS stub
-Description: Provides API for asynchronous DNS resolution (DNS stub resolver)
-URL: http://gnunet.org
-Version: @VERSION@
-Requires:
-Libs: -L${libdir} -lgnunetdnsstub
-Cflags: -I${includedir}
diff --git a/pkgconfig/gnunettun.pc.in b/pkgconfig/gnunettun.pc.in
deleted file mode 100644
index 2a3bd5213..000000000
--- a/pkgconfig/gnunettun.pc.in
+++ /dev/null
@@ -1,12 +0,0 @@
-prefix=@prefix@
-exec_prefix=@exec_prefix@
-libdir=@libdir@
-includedir=@includedir@
-Name: GNUnet TUN
-Description: Provides API for parsing IP packets for Linux TUN interface interaction
-URL: http://gnunet.org
-Version: @VERSION@
-Requires:
-Libs: -L${libdir} -lgnunettun
-Cflags: -I${includedir}
diff --git a/po/de.po b/po/de.po
index f7642c20b..779cb248b 100644
--- a/po/de.po
+++ b/po/de.po
@@ -914,8 +914,8 @@ msgstr ""
 #: src/conversation/gnunet-conversation.c:720
 #, c-format
-msgid "We are calling `%s', his phone should be ringing.\n"
+msgid "We are calling `%s', their phone should be ringing.\n"
-msgstr ""
+msgstr "Wir rufen `%s' an, deren Telefon sollte jetzt klingeln.\n"
 #: src/conversation/gnunet-conversation.c:739
 msgid "Calls waiting:\n"
diff --git a/po/es.po b/po/es.po
index 967484138..e68990fc7 100644
--- a/po/es.po
+++ b/po/es.po
@@ -980,7 +980,7 @@ msgstr "Detectada dirección de la red interna «%s».\n"
 #: src/conversation/gnunet-conversation.c:720
 #, c-format
-msgid "We are calling `%s', his phone should be ringing.\n"
+msgid "We are calling `%s', their phone should be ringing.\n"
 msgstr ""
 #: src/conversation/gnunet-conversation.c:739
diff --git a/po/fr.po b/po/fr.po
index 138204d94..eb4d32303 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -899,7 +899,7 @@ msgstr ""
 #: src/conversation/gnunet-conversation.c:720
 #, c-format
-msgid "We are calling `%s', his phone should be ringing.\n"
+msgid "We are calling `%s', their phone should be ringing.\n"
 msgstr ""
 #: src/conversation/gnunet-conversation.c:739
diff --git a/po/sv.po b/po/sv.po
index f4ceafbc4..acb0c0197 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -924,7 +924,7 @@ msgstr ""
 #: src/conversation/gnunet-conversation.c:720
 #, c-format
-msgid "We are calling `%s', his phone should be ringing.\n"
+msgid "We are calling `%s', their phone should be ringing.\n"
 msgstr ""
 #: src/conversation/gnunet-conversation.c:739
diff --git a/po/vi.po b/po/vi.po
index da28c66b4..176ac4c8b 100644
--- a/po/vi.po
+++ b/po/vi.po
@@ -933,7 +933,7 @@ msgstr "GNUnet bây giờ sử dụng địa chỉ IP %s.\n"
 #: src/conversation/gnunet-conversation.c:720
 #, c-format
-msgid "We are calling `%s', his phone should be ringing.\n"
+msgid "We are calling `%s', their phone should be ringing.\n"
 msgstr ""
 #: src/conversation/gnunet-conversation.c:739
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 80d7e1996..d27d6f0a0 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -915,7 +915,7 @@ msgstr "GNUnet 现在使用 IP 地址 %s。\n"
 #: src/conversation/gnunet-conversation.c:720
 #, c-format
-msgid "We are calling `%s', his phone should be ringing.\n"
+msgid "We are calling `%s', their phone should be ringing.\n"
 msgstr ""
 #: src/conversation/gnunet-conversation.c:739
diff --git a/src/ats/gnunet-service-ats_addresses.h b/src/ats/gnunet-service-ats_addresses.h
index d90ca1375..d4dc483eb 100644
--- a/src/ats/gnunet-service-ats_addresses.h
+++ b/src/ats/gnunet-service-ats_addresses.h
@@ -151,7 +151,7 @@
 *     1.7 Address management
 *
 *    Transport service notifies ATS about changes to the addresses known to
- *    him.
+ *    it.
 *
 *       1.7.1 Adding an address
 *
diff --git a/src/cadet/gnunet-cadet.c b/src/cadet/gnunet-cadet.c
index 67cebf02b..b22881907 100644
--- a/src/cadet/gnunet-cadet.c
+++ b/src/cadet/gnunet-cadet.c
@@ -27,6 +27,7 @@
 #include "gnunet_cadet_service.h"
 #include "cadet.h"
+#define STREAM_BUFFER_SIZE 1024  // Pakets
 /**
 * Option -P.
@@ -123,6 +124,8 @@ static struct GNUNET_SCHEDULER_Task *rd_task;
 */
 static struct GNUNET_SCHEDULER_Task *job;
+static unsigned int sent_pkt;
 /**
 * Wait for input on STDIO and send it out over the #ch.
@@ -228,6 +231,12 @@ shutdown_task (void *cls)
  }
 }
+void *
+mq_cb(void *cls)
+{
+  listen_stdio ();
+}
 /**
 * Task run in stdio mode, after some data is available at stdin.
@@ -248,6 +257,8 @@ read_stdio (void *cls)
                    60000);
  if (data_size < 1)
  {
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+                "read() returned  %s\n", strerror(errno));
    GNUNET_SCHEDULER_shutdown();
    return;
  }
@@ -262,9 +273,21 @@ read_stdio (void *cls)
                 data_size);
  GNUNET_MQ_send (GNUNET_CADET_get_mq (ch),
                  env);
+  sent_pkt++;
  if (GNUNET_NO == echo)
  {
-    listen_stdio ();
+    // Use MQ's notification if too much data of stdin is pooring in too fast.
+    if (STREAM_BUFFER_SIZE < sent_pkt) 
+    {
+      GNUNET_MQ_notify_sent (env, mq_cb, cls);
+      sent_pkt = 0;
+    }
+    else 
+    {
+      listen_stdio ();
+    }
  }
  else
  {
diff --git a/src/cadet/gnunet-service-cadet.c b/src/cadet/gnunet-service-cadet.c
index 8ccf4ae07..712c6339a 100644
--- a/src/cadet/gnunet-service-cadet.c
+++ b/src/cadet/gnunet-service-cadet.c
@@ -927,29 +927,23 @@ get_peer_info (void *cls,
  struct CadetClient *c = cls;
  struct GNUNET_MQ_Envelope *env;
  struct GNUNET_CADET_LocalInfoPeer *msg;
  
  env = GNUNET_MQ_msg (msg,
                       GNUNET_MESSAGE_TYPE_CADET_LOCAL_INFO_PEER);
-  
  msg->offset = htons(0);
  msg->destination = *peer;
  msg->paths = htons (GCP_count_paths (p));
  msg->tunnel = htons (NULL != GCP_get_tunnel (p,
                                               GNUNET_NO));
  msg->finished_with_paths = htons(0);
-  
  GNUNET_MQ_send (c->mq,
                  env);
-  
+  GCP_iterate_indirect_paths (p,
-  GCP_iterate_indirect_paths(p,
+                              &path_info_iterator,
-                            &path_info_iterator,
+                              c->mq);  
-                            c->mq);
-  
 }
 /**
 * Handler for client's SHOW_PEER request.
 *
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c
index 09dfcd4d7..b375d51ca 100644
--- a/src/cadet/gnunet-service-cadet_peer.c
+++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -1217,6 +1217,8 @@ GCP_iterate_paths (struct CadetPeer *cp,
       (NULL == cp->core_mq) ? "" : " including direct link");
  if (NULL != cp->core_mq)
  {
+    /* FIXME: this branch seems to duplicate the 
+       i=0 case below (direct link). Leave out!??? -CG */
    struct CadetPeerPath *path;
    path = GCPP_get_path_from_route (1,
diff --git a/src/consensus/gnunet-service-consensus.c b/src/consensus/gnunet-service-consensus.c
index 86d056aaf..afbefdc5a 100644
--- a/src/consensus/gnunet-service-consensus.c
+++ b/src/consensus/gnunet-service-consensus.c
@@ -2821,7 +2821,7 @@ construct_task_graph_gradecast (struct ConsensusSession *session,
    }
    /* We run this task to make sure that the leader
       has the stored the SET_KIND_LEADER set of himself,
-       so he can participate in the rest of the gradecast
+       so it can participate in the rest of the gradecast
       without the code having to handle any special cases. */
    task = ((struct TaskEntry) {
      .step = step,
diff --git a/src/conversation/gnunet-conversation.c b/src/conversation/gnunet-conversation.c
index 92a435d55..bb4946720 100644
--- a/src/conversation/gnunet-conversation.c
+++ b/src/conversation/gnunet-conversation.c
@@ -264,6 +264,13 @@ phone_event_handler (void *cls,
  switch (code)
  {
  case GNUNET_CONVERSATION_EC_PHONE_RING:
+    /*
+     * FIXME: we should be playing our ringtones from contrib/sounds now!
+     *
+    ring_my_bell();
+     *
+     * see https://gstreamer.freedesktop.org/documentation/application-development/highlevel/playback-components.html on how to play a wav using the gst framework being used here
+     */
    FPRINTF (stdout,
             _("Incoming call from `%s'. Please /accept %u or /cancel %u the call.\n"),
             GNUNET_GNSRECORD_pkey_to_zkey (caller_id),
@@ -717,7 +724,7 @@ do_status (const char *args)
      break;
    case CS_RINGING:
      FPRINTF (stdout,
-               _("We are calling `%s', his phone should be ringing.\n"),
+               _("We are calling `%s', their phone should be ringing.\n"),
               peer_name);
      break;
    case CS_CONNECTED:
diff --git a/src/core/core.h b/src/core/core.h
index a2c05d4af..2ce77244e 100644
--- a/src/core/core.h
+++ b/src/core/core.h
@@ -172,7 +172,7 @@ struct DisconnectNotifyMessage
 * messages being received or transmitted.  This overall message is
 * followed by the real message, or just the header of the real
 * message (depending on the client's preferences).  The receiver can
- * tell if he got the full message or only a partial message by
+ * tell if it got the full message or only a partial message by
 * looking at the size field in the header of NotifyTrafficMessage and
 * checking it with the size field in the message that follows.
 */
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c
index 0afc75add..a033f9fac 100644
--- a/src/core/gnunet-service-core.c
+++ b/src/core/gnunet-service-core.c
@@ -230,7 +230,7 @@ handle_client_init (void *cls,
 /**
 * We will never be ready to transmit the given message in (disconnect
 * or invalid request).  Frees resources associated with @a car.  We
- * don't explicitly tell the client, he'll learn with the disconnect
+ * don't explicitly tell the client, it'll learn with the disconnect
 * (or violated the protocol).
 *
 * @param car request that now permanently failed; the
diff --git a/src/core/gnunet-service-core.h b/src/core/gnunet-service-core.h
index 81e73ec39..fd1a88e75 100644
--- a/src/core/gnunet-service-core.h
+++ b/src/core/gnunet-service-core.h
@@ -113,7 +113,7 @@ GSC_CLIENTS_solicit_request (struct GSC_ClientActiveRequest *car);
 /**
 * We will never be ready to transmit the given message in (disconnect
 * or invalid request).  Frees resources associated with @a car.  We
- * don't explicitly tell the client, he'll learn with the disconnect
+ * don't explicitly tell the client, it'll learn with the disconnect
 * (or violated the protocol).
 *
 * @param car request that now permanently failed; the
diff --git a/src/core/gnunet-service-core_kx.c b/src/core/gnunet-service-core_kx.c
index 6e713cf61..c017e0c23 100644
--- a/src/core/gnunet-service-core_kx.c
+++ b/src/core/gnunet-service-core_kx.c
@@ -123,7 +123,7 @@ struct EphemeralKeyMessage
 /**
- * We're sending an (encrypted) PING to the other peer to check if he
+ * We're sending an (encrypted) PING to the other peer to check if it
 * can decrypt.  The other peer should respond with a PONG with the
 * same content, except this time encrypted with the receiver's key.
 */
@@ -854,8 +854,8 @@ handle_transport_notify_connect (void *cls,
  }
  else
  {
-    /* peer with "higher" identity starts a delayed  KX, if the "lower" peer
+    /* peer with "higher" identity starts a delayed KX, if the "lower" peer
-     * does not start a KX since he sees no reasons to do so  */
+     * does not start a KX since it sees no reasons to do so  */
    kx->retry_set_key_task
      = GNUNET_SCHEDULER_add_delayed (GNUNET_TIME_UNIT_SECONDS,
                                      &set_key_retry_task,
diff --git a/src/core/gnunet-service-core_sessions.c b/src/core/gnunet-service-core_sessions.c
index 41fe4dfb7..16f9a092d 100644
--- a/src/core/gnunet-service-core_sessions.c
+++ b/src/core/gnunet-service-core_sessions.c
@@ -356,7 +356,7 @@ GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer,
 /**
- * The other peer has indicated that he 'lost' the session
+ * The other peer has indicated that it 'lost' the session
 * (KX down), reinitialize the session on our end, in particular
 * this means to restart the typemap transmission.
 *
diff --git a/src/core/gnunet-service-core_sessions.h b/src/core/gnunet-service-core_sessions.h
index 845edac69..be862b71f 100644
--- a/src/core/gnunet-service-core_sessions.h
+++ b/src/core/gnunet-service-core_sessions.h
@@ -40,7 +40,7 @@ GSC_SESSIONS_create (const struct GNUNET_PeerIdentity *peer,
 /**
- * The other peer has indicated that he 'lost' the session
+ * The other peer has indicated that it 'lost' the session
 * (KX down), reinitialize the session on our end, in particular
 * this means to restart the typemap transmission.
 *
diff --git a/src/datastore/perf_datastore_api.c b/src/datastore/perf_datastore_api.c
index f659dedff..6a0ff231b 100644
--- a/src/datastore/perf_datastore_api.c
+++ b/src/datastore/perf_datastore_api.c
@@ -172,7 +172,7 @@ struct CpsRunContext
  /**
   * Counts the number of items put in the current phase.
-   * Once it hits #PUT_10, we progress tot he #RP_CUT phase
+   * Once it hits #PUT_10, we progress to the #RP_CUT phase
   * or are done if @e i reaches #ITERATIONS.
   */
  unsigned int j;
diff --git a/src/datastore/plugin_datastore_mysql.c b/src/datastore/plugin_datastore_mysql.c
index b09fd1af3..3568ebe8f 100644
--- a/src/datastore/plugin_datastore_mysql.c
+++ b/src/datastore/plugin_datastore_mysql.c
@@ -76,7 +76,7 @@
 * a safe partition etc. The $HOME/.my.cnf can of course be a symbolic
 * link. Even greater security risk can be achieved by setting no
 * password for $USER.  Luckily $USER has only priviledges to mess
- * up GNUnet's tables, nothing else (unless you give him more,
+ * up GNUnet's tables, nothing else (unless you give them more,
 * of course).<p>
 *
 * 4) Still, perhaps you should briefly try if the DB connection
diff --git a/src/fs/gnunet-service-fs_cp.h b/src/fs/gnunet-service-fs_cp.h
index 5e98f4940..dc7e03f4a 100644
--- a/src/fs/gnunet-service-fs_cp.h
+++ b/src/fs/gnunet-service-fs_cp.h
@@ -84,7 +84,7 @@ struct GSF_PeerPerformanceData
  /**
   * If we get content we already have from this peer, for how
-   * long do we block him?  Adjusted based on the fraction of
+   * long do we block it?  Adjusted based on the fraction of
   * redundant data we receive, between 1s and 1h.
   */
  struct GNUNET_TIME_Relative migration_delay;
diff --git a/src/include/block_dns.h b/src/include/block_dns.h
index f54a51232..234ed502d 100644
--- a/src/include/block_dns.h
+++ b/src/include/block_dns.h
@@ -38,7 +38,7 @@ GNUNET_NETWORK_STRUCT_BEGIN
 struct GNUNET_DNS_Advertisement
 {
  /**
-   * Signature of the peer affirming that he is offering the service.
+   * Signature of the peer affirming that it is offering the service.
   */
  struct GNUNET_CRYPTO_EddsaSignature signature;
diff --git a/src/include/gnunet_core_service.h b/src/include/gnunet_core_service.h
index e25043d17..b38f38b69 100644
--- a/src/include/gnunet_core_service.h
+++ b/src/include/gnunet_core_service.h
@@ -232,7 +232,7 @@ enum GNUNET_CORE_KxState
  /**
   * The other peer has confirmed our session key + PING with a PONG
-   * message encrypted with his session key (which we got).  Key
+   * message encrypted with their session key (which we got).  Key
   * exchange is done.
   */
  GNUNET_CORE_KX_STATE_UP,
diff --git a/src/include/gnunet_os_lib.h b/src/include/gnunet_os_lib.h
index 86957a25c..98469a156 100644
--- a/src/include/gnunet_os_lib.h
+++ b/src/include/gnunet_os_lib.h
@@ -556,7 +556,7 @@ GNUNET_OS_command_run (GNUNET_OS_LineProcessor proc,
 /**
- * Retrieve the status of a process, waiting on him if dead.
+ * Retrieve the status of a process, waiting on it if dead.
 * Nonblocking version.
 *
 * @param proc pointer to process structure
@@ -586,7 +586,7 @@ GNUNET_OS_process_wait (struct GNUNET_OS_Process *proc);
 /**
- * Retrieve the status of a process, waiting on him if dead.
+ * Retrieve the status of a process, waiting on it if dead.
 * Blocking version.
 *
 * @param proc pointer to process structure
diff --git a/src/include/gnunet_psyc_service.h b/src/include/gnunet_psyc_service.h
index f31de0e67..053fe4495 100644
--- a/src/include/gnunet_psyc_service.h
+++ b/src/include/gnunet_psyc_service.h
@@ -135,7 +135,7 @@ enum GNUNET_PSYC_ChannelFlags
 enum GNUNET_PSYC_Policy
 {
  /**
-   * Anyone can join the channel, without announcing his presence;
+   * Anyone can join the channel, without announcing their presence;
   * all messages are always public and can be distributed freely.
   * Joins may be announced, but this is not required.
   */
diff --git a/src/include/gnunet_secretsharing_service.h b/src/include/gnunet_secretsharing_service.h
index bd11df982..a3f44222e 100644
--- a/src/include/gnunet_secretsharing_service.h
+++ b/src/include/gnunet_secretsharing_service.h
@@ -248,7 +248,7 @@ GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *publi
 * published the same value, it will be decrypted.
 *
 * When the operation is canceled, the decrypt_cb is not called anymore, but the calling
- * peer may already have irrevocably contributed his share for the decryption of the value.
+ * peer may already have irrevocably contributed its share for the decryption of the value.
 *
 * @param cfg configuration to use
 * @param share our secret share to use for decryption
@@ -273,7 +273,7 @@ GNUNET_SECRETSHARING_decrypt (const struct GNUNET_CONFIGURATION_Handle *cfg,
 * Cancel a decryption.
 *
 * The decrypt_cb is not called anymore, but the calling
- * peer may already have irrevocably contributed his share for the decryption of the value.
+ * peer may already have irrevocably contributed its share for the decryption of the value.
 *
 * @param dh to cancel
 */
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index bc9e3dc16..d7accaf2c 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -134,7 +134,7 @@ extern "C"
 /**
 * Accept state in regex DFA.  Peer affirms that
- * he offers the matching service.
+ * it offers the matching service.
 */
 #define GNUNET_SIGNATURE_PURPOSE_REGEX_ACCEPT 18
diff --git a/src/namestore/test_namestore_api_sqlite.conf b/src/namestore/test_namestore_api_sqlite.conf
index 8c0e557e7..cd4822097 100644
--- a/src/namestore/test_namestore_api_sqlite.conf
+++ b/src/namestore/test_namestore_api_sqlite.conf
@@ -2,7 +2,7 @@
 [namestore]
 DATABASE = sqlite
-PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/v_log 
+# PREFIX = valgrind --leak-check=full --track-origins=yes --log-file=/tmp/v_log 
 [namestore-sqlite]
 FILENAME = $GNUNET_TEST_HOME/namestore/sqlite_test.db
diff --git a/src/nat/gnunet-helper-nat-server.c b/src/nat/gnunet-helper-nat-server.c
index 44817ede7..c5c6b563e 100644
--- a/src/nat/gnunet-helper-nat-server.c
+++ b/src/nat/gnunet-helper-nat-server.c
@@ -683,7 +683,10 @@ main (int argc,
    if (1 == getppid ())        /* Check the parent process id, if 1 the parent has died, so we should die too */
      break;
    if (FD_ISSET (icmpsock, &rs))
+    {
      process_icmp_response ();
+      continue;
+    }
    if (0 == (++alt % 2))
      send_icmp_echo (&external);
    else
diff --git a/src/rps/gnunet-rps.c b/src/rps/gnunet-rps.c
index 739f71dac..b3785a733 100644
--- a/src/rps/gnunet-rps.c
+++ b/src/rps/gnunet-rps.c
@@ -150,6 +150,11 @@ run (void *cls,
  static struct GNUNET_PeerIdentity zero_pid;
  rps_handle = GNUNET_RPS_connect (cfg);
+  if (NULL == rps_handle)
+  {
+    FPRINTF (stderr, "Failed to connect to the rps service\n");
+    return;
+  }
  if ((0 == memcmp (&zero_pid, &peer_id, sizeof (peer_id))) &&
      (!view_update))
diff --git a/src/rps/gnunet-service-rps.c b/src/rps/gnunet-service-rps.c
index 33d4e4fc3..84fb33be2 100644
--- a/src/rps/gnunet-service-rps.c
+++ b/src/rps/gnunet-service-rps.c
@@ -243,7 +243,7 @@ struct PeerContext
  /**
   * This is pobably followed by 'statistical' data (when we first saw
-   * him, how did we get his ID, how many pushes (in a timeinterval),
+   * it, how did we get its ID, how many pushes (in a timeinterval),
   * ...)
   */
 };
@@ -724,7 +724,6 @@ mq_liveliness_check_successful (void *cls)
    LOG (GNUNET_ERROR_TYPE_DEBUG,
        "Liveliness check for peer %s was successfull\n",
        GNUNET_i2s (&peer_ctx->peer_id));
-    //GNUNET_free (peer_ctx->liveliness_check_pending);
    remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES);
    peer_ctx->liveliness_check_pending = NULL;
    set_peer_live (peer_ctx);
@@ -747,10 +746,6 @@ check_peer_live (struct PeerContext *peer_ctx)
  struct GNUNET_MQ_Envelope *ev;
  ev = GNUNET_MQ_msg_header (GNUNET_MESSAGE_TYPE_RPS_PP_CHECK_LIVE);
-  //peer_ctx->liveliness_check_pending = GNUNET_new (struct PendingMessage);
-  //peer_ctx->liveliness_check_pending->ev = ev;
-  //peer_ctx->liveliness_check_pending->peer_ctx = peer_ctx;
-  //peer_ctx->liveliness_check_pending->type = "Check liveliness";
  peer_ctx->liveliness_check_pending =
    insert_pending_message (&peer_ctx->peer_id, ev, "Check liveliness");
  mq = get_mq (&peer_ctx->peer_id);
@@ -1261,6 +1256,13 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
        "Removing unsent %s\n",
        peer_ctx->pending_messages_head->type);
    /* Cancle pending message, too */
+    if ( (NULL != peer_ctx->liveliness_check_pending) &&
+         (0 == memcmp (peer_ctx->pending_messages_head,
+                     peer_ctx->liveliness_check_pending,
+                     sizeof (struct PendingMessage))) )
+      {
+        peer_ctx->liveliness_check_pending = NULL;
+      }
    remove_pending_message (peer_ctx->pending_messages_head, GNUNET_YES);
  }
  /* If we are still waiting for notification whether this peer is live
@@ -1272,7 +1274,7 @@ Peers_remove_peer (const struct GNUNET_PeerIdentity *peer)
         GNUNET_i2s (&peer_ctx->peer_id));
    // TODO wait until cadet sets mq->cancel_impl
    //GNUNET_MQ_send_cancel (peer_ctx->liveliness_check_pending->ev);
-    GNUNET_free (peer_ctx->liveliness_check_pending);
+    remove_pending_message (peer_ctx->liveliness_check_pending, GNUNET_YES);
    peer_ctx->liveliness_check_pending = NULL;
  }
  channel_flag = Peers_get_channel_flag (peer, Peers_CHANNEL_ROLE_SENDING);
@@ -2733,7 +2735,7 @@ cleanup_destroyed_channel (void *cls,
      return;
    }
    else
-    { /* Other peer destroyed our sending channel that he is supposed to keep
+    { /* Other peer destroyed our sending channel that it is supposed to keep
       * open. It probably went down. Remove it from our knowledge. */
      Peers_cleanup_destroyed_channel (cls, channel);
      remove_peer (peer);
@@ -3214,6 +3216,10 @@ handle_peer_push (void *cls,
                                   tmp_att_peer);
      add_peer_array_to_set (peer, 1, att_peer_set);
    }
+    else
+    {
+      GNUNET_free (tmp_att_peer);
+    }
  }
@@ -3592,6 +3598,7 @@ handle_client_act_malicious (void *cls,
    num_mal_peers_sent = ntohl (msg->num_peers) - 1;
    num_mal_peers_old = num_mal_peers;
+    GNUNET_assert (GNUNET_MAX_MALLOC_CHECKED > num_mal_peers_sent);
    GNUNET_array_grow (mal_peers,
                       num_mal_peers,
                       num_mal_peers + num_mal_peers_sent);
diff --git a/src/rps/test_rps.c b/src/rps/test_rps.c
index e7b82458a..08424022f 100644
--- a/src/rps/test_rps.c
+++ b/src/rps/test_rps.c
@@ -841,6 +841,13 @@ seed_peers (void *cls)
  unsigned int amount;
  unsigned int i;
+  if (GNUNET_YES == in_shutdown || GNUNET_YES == post_test)
+  {
+    return;
+  }
+  GNUNET_assert (NULL != peer->rps_handle);
  // TODO if malicious don't seed mal peers
  amount = round (.5 * num_peers);
@@ -998,9 +1005,11 @@ rps_connect_adapter (void *cls,
  struct GNUNET_RPS_Handle *h;
  h = GNUNET_RPS_connect (cfg);
+  GNUNET_assert (NULL != h);
  if (NULL != cur_test_run.pre_test)
    cur_test_run.pre_test (cls, h);
+  GNUNET_assert (NULL != h);
  return h;
 }
diff --git a/src/secretsharing/gnunet-service-secretsharing.c b/src/secretsharing/gnunet-service-secretsharing.c
index 505af0fba..1f565cfeb 100644
--- a/src/secretsharing/gnunet-service-secretsharing.c
+++ b/src/secretsharing/gnunet-service-secretsharing.c
@@ -51,7 +51,7 @@ struct KeygenPeerInfo
  struct GNUNET_CRYPTO_PaillierPublicKey paillier_public_key;
  /**
-   * The peer's commitment to his presecret.
+   * The peer's commitment to its presecret.
   */
  gcry_mpi_t presecret_commitment;
diff --git a/src/secretsharing/secretsharing_api.c b/src/secretsharing/secretsharing_api.c
index cfb13f520..2a828f08d 100644
--- a/src/secretsharing/secretsharing_api.c
+++ b/src/secretsharing/secretsharing_api.c
@@ -314,7 +314,7 @@ handle_decrypt_done (void *cls,
 * published the same value, it will be decrypted.
 *
 * When the operation is canceled, the decrypt_cb is not called anymore, but the calling
- * peer may already have irrevocably contributed his share for the decryption of the value.
+ * peer may already have irrevocably contributed its share for the decryption of the value.
 *
 * @param share our secret share to use for decryption
 * @param ciphertext ciphertext to publish in order to decrypt it (if enough peers agree)
@@ -485,7 +485,7 @@ GNUNET_SECRETSHARING_encrypt (const struct GNUNET_SECRETSHARING_PublicKey *publi
 * Cancel a decryption.
 *
 * The decrypt_cb is not called anymore, but the calling
- * peer may already have irrevocably contributed his share for the decryption of the value.
+ * peer may already have irrevocably contributed its share for the decryption of the value.
 *
 * @param dh to cancel
 */
diff --git a/src/secretsharing/secretsharing_protocol.h b/src/secretsharing/secretsharing_protocol.h
index 7627deb30..da1454ec0 100644
--- a/src/secretsharing/secretsharing_protocol.h
+++ b/src/secretsharing/secretsharing_protocol.h
@@ -58,7 +58,7 @@ struct GNUNET_SECRETSHARING_KeygenCommitData
   */
  struct GNUNET_CRYPTO_PaillierPublicKey pubkey;
  /**
-   * Commitment of 'peer' to his presecret.
+   * Commitment of 'peer' to its presecret.
   */
  struct GNUNET_HashCode commitment GNUNET_PACKED;
 };
diff --git a/src/set/gnunet-service-set.h b/src/set/gnunet-service-set.h
index c9e59b441..f7c262eac 100644
--- a/src/set/gnunet-service-set.h
+++ b/src/set/gnunet-service-set.h
@@ -125,7 +125,7 @@ typedef struct OperationState *
 * @param op operation that is created, should be initialized to
 *        begin the evaluation
 * @param opaque_context message to be transmitted to the listener
- *        to convince him to accept, may be NULL
+ *        to convince it to accept, may be NULL
 * @return operation-specific state to keep in @a op
 */
 typedef struct OperationState *
diff --git a/src/set/gnunet-service-set_intersection.c b/src/set/gnunet-service-set_intersection.c
index 0561df406..254763b45 100644
--- a/src/set/gnunet-service-set_intersection.c
+++ b/src/set/gnunet-service-set_intersection.c
@@ -695,7 +695,7 @@ initialize_map_unfiltered (void *cls,
 /**
 * Send our element count to the peer, in case our element count is
- * lower than his.
+ * lower than theirs.
 *
 * @param op intersection operation
 */
@@ -1077,7 +1077,7 @@ handle_intersection_p2p_done (void *cls,
 * @param op operation that is created, should be initialized to
 *        begin the evaluation
 * @param opaque_context message to be transmitted to the listener
- *        to convince him to accept, may be NULL
+ *        to convince it to accept, may be NULL
 * @return operation-specific state to keep in @a op
 */
 static struct OperationState *
diff --git a/src/set/gnunet-service-set_union.c b/src/set/gnunet-service-set_union.c
index 7af220374..c3c14f1ba 100644
--- a/src/set/gnunet-service-set_union.c
+++ b/src/set/gnunet-service-set_union.c
@@ -2149,7 +2149,7 @@ handle_union_p2p_done (void *cls,
     *
     * We should notify the active peer once
     * all our demands are satisfied, so that the active
-     * peer can quit if we gave him everything.
+     * peer can quit if we gave it everything.
     */
    GNUNET_CADET_receive_done (op->channel);
    maybe_finish (op);
@@ -2194,7 +2194,7 @@ handle_union_p2p_over (void *cls,
 *
 * @param op operation to perform (to be initialized)
 * @param opaque_context message to be transmitted to the listener
- *        to convince him to accept, may be NULL
+ *        to convince it to accept, may be NULL
 */
 static struct OperationState *
 union_evaluate (struct Operation *op,
diff --git a/src/topology/gnunet-daemon-topology.c b/src/topology/gnunet-daemon-topology.c
index 829fb5352..f7a4e4525 100644
--- a/src/topology/gnunet-daemon-topology.c
+++ b/src/topology/gnunet-daemon-topology.c
@@ -111,7 +111,7 @@ struct Peer
  uint32_t strength;
  /**
-   * Is this peer listed here because he is a friend?
+   * Is this peer listed here because it is a friend?
   */
  int is_friend;
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c
index 6ebc6da8c..8c4f33fd0 100644
--- a/src/transport/gnunet-service-transport.c
+++ b/src/transport/gnunet-service-transport.c
@@ -612,7 +612,7 @@ notify_client_about_neighbour (void *cls,
 /**
 * Initialize a normal client.  We got a start message from this
- * client, add him to the list of clients for broadcasting of inbound
+ * client, add it to the list of clients for broadcasting of inbound
 * messages.
 *
 * @param cls the client
@@ -2173,7 +2173,7 @@ test_connection_ok (void *cls,
 /**
 * Initialize a blacklisting client.  We got a blacklist-init
- * message from this client, add him to the list of clients
+ * message from this client, add it to the list of clients
 * to query for blacklisting.
 *
 * @param cls the client
diff --git a/src/transport/gnunet-service-transport_neighbours.c b/src/transport/gnunet-service-transport_neighbours.c
index b1f3965ad..3965bc13e 100644
--- a/src/transport/gnunet-service-transport_neighbours.c
+++ b/src/transport/gnunet-service-transport_neighbours.c
@@ -179,7 +179,7 @@ struct GNUNET_ATS_SessionQuotaMessage
 /**
- * Message we send to the other peer to notify him that we intentionally
+ * Message we send to the other peer to notify it that we intentionally
 * are disconnecting (to reduce timeouts).  This is just a friendly
 * notification, peers must not rely on always receiving disconnect
 * messages.
@@ -3081,7 +3081,7 @@ master_task (void *cls)
 /**
 * Send a ACK message to the neighbour to confirm that we
- * got his SYN_ACK.
+ * got its SYN_ACK.
 *
 * @param n neighbour to send the ACK to
 */
diff --git a/src/transport/transport.conf.in b/src/transport/transport.conf.in
index 4185acc29..c6b207ad7 100644
--- a/src/transport/transport.conf.in
+++ b/src/transport/transport.conf.in
@@ -9,7 +9,8 @@ BINARY = gnunet-service-transport
 NEIGHBOUR_LIMIT = 50
 ACCEPT_FROM = 127.0.0.1;
 ACCEPT_FROM6 = ::1;
-PLUGINS = tcp udp
+# TCP is the only transport plugin known to work "reliably"
+PLUGINS = tcp
 UNIXPATH = $GNUNET_RUNTIME_DIR/gnunet-service-transport.sock
 BLACKLIST_FILE = $GNUNET_CONFIG_HOME/transport/blacklist
 UNIX_MATCH_UID = NO
diff --git a/src/util/common_allocation.c b/src/util/common_allocation.c
index fc7953df2..53e1a6707 100644
--- a/src/util/common_allocation.c
+++ b/src/util/common_allocation.c
@@ -486,7 +486,6 @@ GNUNET_asprintf (char **buf,
  *buf = GNUNET_malloc (ret + 1);
  va_start (args, format);
  ret = VSPRINTF (*buf, format, args);
-  GNUNET_free (buf);
  va_end (args);
  return ret;
 }
diff --git a/src/util/disk.c b/src/util/disk.c
index 26b615df9..e0227be70 100644
--- a/src/util/disk.c
+++ b/src/util/disk.c
@@ -605,7 +605,6 @@ GNUNET_DISK_mktemp (const char *t)
  umask (omask);
  if (0 != CLOSE (fd))
    LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "close", fn);
-  GNUNET_free (fn);
  return fn;
 }
diff --git a/src/util/os_priority.c b/src/util/os_priority.c
index d13991334..a758f24f1 100644
--- a/src/util/os_priority.c
+++ b/src/util/os_priority.c
@@ -1588,7 +1588,7 @@ GNUNET_OS_start_process_s (int pipe_control,
 /**
- * Retrieve the status of a process, waiting on him if dead.
+ * Retrieve the status of a process, waiting on it if dead.
 * Nonblocking version.
 *
 * @param proc process ID
@@ -1705,7 +1705,7 @@ process_status (struct GNUNET_OS_Process *proc,
 /**
- * Retrieve the status of a process, waiting on him if dead.
+ * Retrieve the status of a process, waiting on it if dead.
 * Nonblocking version.
 *
 * @param proc process ID
@@ -1726,7 +1726,7 @@ GNUNET_OS_process_status (struct GNUNET_OS_Process *proc,
 /**
- * Retrieve the status of a process, waiting on him if dead.
+ * Retrieve the status of a process, waiting on it if dead.
 * Blocking version.
 *
 * @param proc pointer to process structure