data-rmap with mapc  dest-head hex. dest-tail hex. dest-back hex.
    data-ackbits @ dest-size addr>bytes dump
    endwith
    forth:cr ;
: transfer-keepalive? ( -- flag )
    o to connection
    timeout( .keepalive )

    data-rmap with mapc dest-req dup ack-advance? or to ack-advance? endwith
    dup IF
	!ticks ticker 64@ resend-all-to 64!
	[ ack-toggle# resend-toggle# or ]L net2o:do-ack-rest  THEN ;
previous

: cmd-timeout ( -- )  cmd-resend?
    IF  >next-timeout push-timeout  ELSE  ack@ .timeouts off  THEN ;

    data-rmap with mapc  dest-head hex. dest-tail hex. dest-back hex.
    data-ackbits @ dest-size addr>bytes dump
    endwith
    forth:cr ;
: transfer-keepalive? ( -- flag )
    o to connection
    timeout( .keepalive )
    data-rmap dup 0= ?EXIT
    with mapc dest-req dup ack-advance? or to ack-advance? endwith
    dup IF
	!ticks ticker 64@ resend-all-to 64!
	[ ack-toggle# resend-toggle# or ]L net2o:do-ack-rest  THEN ;
previous

: cmd-timeout ( -- )  cmd-resend?
    IF  >next-timeout push-timeout  ELSE  ack@ .timeouts off  THEN ;

: revoke-me ( addr u -- )
    \G give it your revocation secret
    +addme
    net2o-code   expect-reply replace-me, cookie+request  end-code|
    -setip net2o:send-revoke ;

: disconnect-me ( -- )  connection >o

    max-timeouts 4 umin to max-timeouts \ be impatient with disconnects
    +resend -flow-control
    net2o-code expect-reply
      connect( log .time s" Disconnect" $, type cr end-with )
      close-all ack rewind end-with disconnect
    end-code| msg( ." disconnected" forth:cr )
    net2o:dispose-context msg( ." Disposed context" forth:cr ) o> ;

: revoke-me ( addr u -- )
    \G give it your revocation secret
    +addme
    net2o-code   expect-reply replace-me, cookie+request  end-code|
    -setip net2o:send-revoke ;

: disconnect-me ( -- )
    connection >o  data-rmap 0= IF  o> EXIT  THEN
    max-timeouts 4 umin to max-timeouts \ be impatient with disconnects
    +resend -flow-control
    net2o-code expect-reply
      connect( log .time s" Disconnect" $, type cr end-with )
      close-all ack rewind end-with disconnect
    end-code| msg( ." disconnected" forth:cr )
    net2o:dispose-context msg( ." Disposed context" forth:cr ) o> ;

previous

: dvcs-greet ( -- )
    net2o-code expect-msg
    log !time end-with dvcs-join, get-ip end-code ;

: dvcs-connect ( addr u -- )
    2 dvcs-request# !  dvcs-bufs# chat#-connect dvcs-greet ;

: dvcs-connect-key ( addr u -- )
    key>group ?load-msgn
    dup 0= IF  2drop "" msg-group$ $@ msg-groups #!  THEN
    2dup search-connect ?dup-IF  >o +group rdrop 2drop  EXIT  THEN
    2dup pk-peek?  IF  dvcs-connect  ELSE  2drop  THEN ;

: dvcs-connects ( -- )
    chat-keys ['] dvcs-connect-key $[]map ;

: wait-dvcs-request ( -- )
    BEGIN  stop dvcs-request# @ 0= UNTIL ;

: +needed ( addr u -- )
    2dup enchash>filename file-status nip no-file# = IF
	dvcs( ." need: " 2dup 85type cr )
	sync-file-list[] $ins[] drop
    ELSE  dvcs( ." don't need: " 2dup 85type cr ) 2drop  THEN ;

................................................................................
	." ref: " I dvcs:refs[] $[]@ 85type cr  LOOP
    dvcs:refs[] connection .get-needed-files
    dvcs:dispose-dvcs-refs o> ;

: handle-fetch ( -- )  ?.net2o/objects
    dvcs:new-dvcs >o  pull-readin
    msg( ." === syncing metadata ===" forth:cr )
    0 >o dvcs-connects +dvcs-sync-done
    wait-dvcs-request o>
    msg( ." === syncing data ===" forth:cr )
    dvcs-data-sync
    msg( ." === data sync done ===" forth:cr )
    dvcs-ref-sync
    msg( ." === ref sync done ===" forth:cr )
    >group last# silent-leave-chat
    dvcs:dispose-dvcs o> ;

: handle-clone ( -- )
    chat-keys [: >dir 0 chat-keys !@ >r  2dup chat-keys $+[]!
	[: @/ 2swap
	    '#' $split dup 0= IF  2drop  ELSE  2nip  THEN
	    2dup $1FF init-dir drop 2dup set-dir throw

previous

: dvcs-greet ( -- )
    net2o-code expect-msg
    log !time end-with dvcs-join, get-ip end-code ;

: dvcs-connect ( addr u -- )
    dvcs-bufs# chat#-connect? IF  2 dvcs-request# !  dvcs-greet  THEN ;

: dvcs-connect-key ( addr u -- )
    key>group ?load-msgn
    dup 0= IF  2drop "" msg-group$ $@ msg-groups #!  THEN
    2dup search-connect ?dup-IF  >o +group rdrop 2drop  EXIT  THEN
    2dup pk-peek?  IF  dvcs-connect  ELSE  2drop  THEN ;

: dvcs-connects? ( -- flag )
    chat-keys ['] dvcs-connect-key $[]map dvcs-request# @ 0> ;

: wait-dvcs-request ( -- )
    BEGIN  dvcs-request# @  WHILE  stop  REPEAT ;

: +needed ( addr u -- )
    2dup enchash>filename file-status nip no-file# = IF
	dvcs( ." need: " 2dup 85type cr )
	sync-file-list[] $ins[] drop
    ELSE  dvcs( ." don't need: " 2dup 85type cr ) 2drop  THEN ;

................................................................................
	." ref: " I dvcs:refs[] $[]@ 85type cr  LOOP
    dvcs:refs[] connection .get-needed-files
    dvcs:dispose-dvcs-refs o> ;

: handle-fetch ( -- )  ?.net2o/objects
    dvcs:new-dvcs >o  pull-readin
    msg( ." === syncing metadata ===" forth:cr )

    0 >o dvcs-connects? IF  +dvcs-sync-done  wait-dvcs-request  THEN o>
    msg( ." === syncing data ===" forth:cr )
    dvcs-data-sync
    msg( ." === data sync done ===" forth:cr )
    dvcs-ref-sync
    msg( ." === ref sync done ===" forth:cr )
    connection .data-rmap IF  msg-group$ $@ >group last# silent-leave-chat  THEN
    dvcs:dispose-dvcs o> ;

: handle-clone ( -- )
    chat-keys [: >dir 0 chat-keys !@ >r  2dup chat-keys $+[]!
	[: @/ 2swap
	    '#' $split dup 0= IF  2drop  ELSE  2nip  THEN
	    2dup $1FF init-dir drop 2dup set-dir throw

		glue*l }}glue
	    }}h box[]
	}}z box[]
	{{
	    {{
		glue*ll }}glue
		tex: vp-md
	    glue*l ' vp-md }}vp vp[] dup to project-vp
	    >o "project" to name$ font-size# dpy-w @ s>f 25% f* fdup fnegate to borderv f+ to border o o>
	dup font-size# 66% f* fdup vslider }}h box[]
	>o "project-slider" to name$ o o>
    }}v box[]
    >o "project-vbox" to name$ o o>
}}z box[]
>o "project-zbox" to name$ o o>
to post-frame

: display-file { d: prj -- }

    {{
	glue*l $000000FF color, slide-frame dup .button1
	{{

	    \large whitish prj key| ['] .key-id? $tmp }}text 40%b
	    glue*ll }}glue
	    \small prj drop keysize + le-64@ ['] .ticks $tmp }}text 40%b
	    \normal blackish
	}}h box[]
    }}z box[] project-vp .child+



    prj [ keysize $10 + ]L safe/string
    2dup "file:" string-prefix? IF
	0 to v-box
	5 /string [: ." ~+/" type ;] $tmp markdown-parse
	v-box project-vp .child+
	dpy-w @ s>f font-size# fover 25% f* f+ f2* f- p-format
    ELSE  2drop  THEN ;
................................................................................
    project-vp >o dispose-childs  0 to active-w o>
    project:branch$ $@ { d: branch }
    dvcs:new-project-log >o
    ?msg-log  last# msg-log@ 2dup { log u }
    bounds ?DO
	I $@ msg:display \ this will only set the URLs
    cell +LOOP
    glue*lll }}glue project-vp .child+
    log free
    dvcs-log:urls[] ['] display-file $[]map
    dvcs:dispose-dvcs-log o> throw ;
: .project-log ( -- )
    dvcs:new-dvcs >o  config>dvcs
    project:project$ $@ @/ 2drop 2dup load-msg
    display-project
................................................................................
[IFDEF] android also android [THEN]

: chat-edit-enter ( o:edit-w -- )
    text$ dup IF  do-chat-cmd? 0= IF  avalanche-text  THEN
    ELSE  2drop  THEN
    64#-1 line-date 64!  $lastline $free ;

\ +db click( \ )
\ +db gui( \ )

{{ $80FFFFFF color, pres-frame
    {{
	{{
	    glue*l $000000FF color, slide-frame dup .button1
	    {{

		glue*l }}glue
	    }}h box[]
	}}z box[]
	{{
	    {{
		glue*ll }}glue
		tex: vp-md
	    glue*l ' vp-md }}vp dup to project-vp
	    >o "project" to name$ font-size# dpy-w @ s>f 25% f* fdup fnegate to borderv f+ to border o o>
	dup font-size# 66% f* fdup vslider }}h box[]
	>o "project-slider" to name$ o o>
    }}v box[]
    >o "project-vbox" to name$ o o>
}}z box[]
>o "project-zbox" to name$ o o>
to post-frame

: display-title { d: prj | ki -- }
    prj key>o ?dup-IF  .ke-imports @ >im-color# sfloats to ki  THEN
    {{
	glue*l imports#rgb-bg ki + sf@ slide-frame dup .button1
	{{
	    \large imports#rgb-fg ki + sf@ to x-color
	    prj key| ['] .key-id? $tmp }}text 40%b
	    glue*ll }}glue
	    \small prj drop keysize + le-64@ ['] .ticks $tmp }}text 40%b
	    \normal blackish
	}}h box[]
    }}z box[] project-vp .child+ ;

: display-file { d: prj -- }
    prj display-title
    prj [ keysize $10 + ]L safe/string
    2dup "file:" string-prefix? IF
	0 to v-box
	5 /string [: ." ~+/" type ;] $tmp markdown-parse
	v-box project-vp .child+
	dpy-w @ s>f font-size# fover 25% f* f+ f2* f- p-format
    ELSE  2drop  THEN ;
................................................................................
    project-vp >o dispose-childs  0 to active-w o>
    project:branch$ $@ { d: branch }
    dvcs:new-project-log >o
    ?msg-log  last# msg-log@ 2dup { log u }
    bounds ?DO
	I $@ msg:display \ this will only set the URLs
    cell +LOOP
    glue*lll }}glue project-vp dup .act 0= IF  vp[]  THEN  .child+
    log free
    dvcs-log:urls[] ['] display-file $[]map
    dvcs:dispose-dvcs-log o> throw ;
: .project-log ( -- )
    dvcs:new-dvcs >o  config>dvcs
    project:project$ $@ @/ 2drop 2dup load-msg
    display-project
................................................................................
[IFDEF] android also android [THEN]

: chat-edit-enter ( o:edit-w -- )
    text$ dup IF  do-chat-cmd? 0= IF  avalanche-text  THEN
    ELSE  2drop  THEN
    64#-1 line-date 64!  $lastline $free ;

+db click( \ )
\ +db gui( \ )

{{ $80FFFFFF color, pres-frame
    {{
	{{
	    glue*l $000000FF color, slide-frame dup .button1
	    {{

    3 pick IF  2drop  EXIT  THEN
    check-host? IF  insert-host  ELSE  2drop false  THEN
    rot or swap ;

: make-context ( pk u -- )
    ret0 net2o:new-context >o rdrop dest-pk ;

in net2o : pklookup ( pkaddr u -- )
    2dup keysize2 safe/string hostc$ $! key2| 2dup pkc over str= to ?myself
    2dup >d#id { id }
    id .dht-host $[]# 0= IF  2dup pk-lookup  2dup >d#id to id  THEN
    2dup make-context
    false id dup .dht-host ['] insert-host? $[]map drop


    0= !!no-address!!  2drop ;

: ?nat-done ( n -- )
    nat( ." req done, issue nat request" forth:cr )
    connect-rest +flow-control +resend ?nat ;
: no-nat-done ( n -- )
    nat( ." req done, finished" forth:cr )
    connect-rest +flow-control +resend ;
................................................................................
: direct-connect ( cmdlen datalen -- )
    cmd0( ." attempt to connect to: " return-addr .addr-path cr )
    ['] ?nat-done ['] no-nat-done ind-addr @ select rqd?
    net2o:connect nat( ." connected" forth:cr ) ;

: pk-connect ( addr u cmdlen datalen -- )
    2>r net2o:pklookup 2r> direct-connect ;



: addr-connect ( addr+key u cmdlen datalen xt -- )
    -rot 2>r >r over + 1- dup c@ dup >r -
    2dup u>= !!keysize!!
    dup r> make-context
    over - insert-addr$ 0= !!no-address!!
    r> execute 2r> net2o:connect ;

    3 pick IF  2drop  EXIT  THEN
    check-host? IF  insert-host  ELSE  2drop false  THEN
    rot or swap ;

: make-context ( pk u -- )
    ret0 net2o:new-context >o rdrop dest-pk ;

in net2o : pklookup? ( pkaddr u -- flag )
    2dup keysize2 safe/string hostc$ $! key2| 2dup pkc over str= to ?myself
    2dup >d#id { id }
    id .dht-host $[]# 0= IF  2dup pk-lookup  2dup >d#id to id  THEN
    2dup make-context
    false id dup .dht-host ['] insert-host? $[]map drop
    nip nip ;
in net2o : pklookup ( pkaddr u -- )
    net2o:pklookup? 0= !!no-address!! ;

: ?nat-done ( n -- )
    nat( ." req done, issue nat request" forth:cr )
    connect-rest +flow-control +resend ?nat ;
: no-nat-done ( n -- )
    nat( ." req done, finished" forth:cr )
    connect-rest +flow-control +resend ;
................................................................................
: direct-connect ( cmdlen datalen -- )
    cmd0( ." attempt to connect to: " return-addr .addr-path cr )
    ['] ?nat-done ['] no-nat-done ind-addr @ select rqd?
    net2o:connect nat( ." connected" forth:cr ) ;

: pk-connect ( addr u cmdlen datalen -- )
    2>r net2o:pklookup 2r> direct-connect ;
: pk-connect? ( addr u cmdlen datalen -- flag )
    2>r net2o:pklookup? dup IF   2r> direct-connect  ELSE  2rdrop  THEN ;

: addr-connect ( addr+key u cmdlen datalen xt -- )
    -rot 2>r >r over + 1- dup c@ dup >r -
    2dup u>= !!keysize!!
    dup r> make-context
    over - insert-addr$ 0= !!no-address!!
    r> execute 2r> net2o:connect ;

    comments:link{} ?dup-IF cr >o
	'[' emit link:title$ type-esc'd ." ](" link:url$ type ')' emit cr
	o>  THEN ;

0 Value img-req-fid

: .mfile { d: fn -- }
    fn basedir+name ~~ pics# #@ ~~ 2dup d0= IF
	2drop fn .url
	fn [: .url cr ;] img-req-fid outfile-execute
    ELSE
	." file:" picbase# #@ ~~ type
    THEN ;
: .csv-link { d: fn -- }
    ." ![" fn picdesc# #@ .simple-text ." ](file:" fn picbase# #@ type ." )" cr ;
: .media-file ( -- )
    media:url$ basename nip $100 > IF
	." file:" media:localFilePath$ basename type
    ELSE

    comments:link{} ?dup-IF cr >o
	'[' emit link:title$ type-esc'd ." ](" link:url$ type ')' emit cr
	o>  THEN ;

0 Value img-req-fid

: .mfile { d: fn -- }
    fn basedir+name pics# #@ 2dup d0= IF
	2drop fn .url
	fn [: .url cr ;] img-req-fid outfile-execute
    ELSE
	." file:" picbase# #@ type
    THEN ;
: .csv-link { d: fn -- }
    ." ![" fn picdesc# #@ .simple-text ." ](file:" fn picbase# #@ type ." )" cr ;
: .media-file ( -- )
    media:url$ basename nip $100 > IF
	." file:" media:localFilePath$ basename type
    ELSE

\ GNU Affero General Public License for more details.

\ You should have received a copy of the GNU Affero General Public License
\ along with this program.  If not, see <http://www.gnu.org/licenses/>.

Forward avalanche-to ( addr u o:context -- )
Forward pk-connect ( key u cmdlen datalen -- )

Forward addr-connect ( key+addr u cmdlen datalen xt -- )
Forward pk-peek? ( addr u0 -- flag )

: ?hash ( addr u hash -- ) >r
    2dup r@ #@ d0= IF  "" 2swap r> #!  ELSE  2drop rdrop  THEN ;

: >group ( addr u -- )  msg-groups ?hash ;
................................................................................
    ( cookie+request ) end-code| ;

: silent-join ( -- )
    net2o-code expect-msg silent-join,
    end-code ;

: send-leave ( -- )
    net2o-code expect-msg leave, end-code| ;
: send-silent-leave ( -- )
    net2o-code expect-msg silent-leave, end-code| ;

: [group] ( xt -- flag )
    msg-group$ $@ msg-groups #@ IF
	@ >o ?msg-context .execute o> true
    ELSE
	drop "" msg-group$ $@ msg-groups #!
	0 .execute false
................................................................................
: g?join ( -- )
    msg-group$ $@len IF  send-join -timeout  THEN ;

: g?leave ( -- )
    msg-group$ $@len IF  send-leave -timeout  THEN ;

: greet ( -- )

    net2o-code expect-msg
    log !time end-with join, get-ip end-code ;

: chat-entry ( -- )  ?.net2o/chats  word-args
    <warn> ." Type ctrl-D or '/bye' as single item to quit" <default> cr ;

: wait-2s-key ( -- )
................................................................................

: load-msgn ( addr u n -- )
    >r 2dup load-msg ?msg-log r> display-lastn ;

: +group ( -- )
    msg-group$ $@ dup IF
	2dup msg-groups #@ d0<> IF
	    +unique-con
	ELSE  o { w^ group } group cell 2swap msg-groups #!  THEN
    ELSE  2drop  THEN ;

: msg-timeout ( -- )
    packets2 @  connected-timeout  packets2 @ <>
    IF  reply( ." Resend to " pubkey $@ key>nick type cr )
	timeout-expired? IF
................................................................................
    ['] msg-timeout is timeout-xt  o+timeout ;

$B $E 2Value chat-bufs#

: +chat-control ( -- )
    +resend-msg +flow-control ;

: chat#-connect ( addr u buf1 buf2 --- )
    pk-connect connection >o rdrop +chat-control  +group ;

: chat-connect ( addr u -- )
    chat-bufs# chat#-connect greet ;

: key-ctrlbit ( -- n )
    \G return a bit mask for the control key pressed
    1 key dup bl < >r lshift r> and ;

: wait-key ( -- )
    BEGIN  key-ctrlbit [ 1 ctrl L lshift 1 ctrl Z lshift or ]L

\ GNU Affero General Public License for more details.

\ You should have received a copy of the GNU Affero General Public License
\ along with this program.  If not, see <http://www.gnu.org/licenses/>.

Forward avalanche-to ( addr u o:context -- )
Forward pk-connect ( key u cmdlen datalen -- )
Forward pk-connect? ( key u cmdlen datalen -- flag )
Forward addr-connect ( key+addr u cmdlen datalen xt -- )
Forward pk-peek? ( addr u0 -- flag )

: ?hash ( addr u hash -- ) >r
    2dup r@ #@ d0= IF  "" 2swap r> #!  ELSE  2drop rdrop  THEN ;

: >group ( addr u -- )  msg-groups ?hash ;
................................................................................
    ( cookie+request ) end-code| ;

: silent-join ( -- )
    net2o-code expect-msg silent-join,
    end-code ;

: send-leave ( -- )
    connection .data-rmap IF  net2o-code expect-msg leave, end-code|  THEN ;
: send-silent-leave ( -- )
    connection .data-rmap IF  net2o-code expect-msg silent-leave, end-code|  THEN ;

: [group] ( xt -- flag )
    msg-group$ $@ msg-groups #@ IF
	@ >o ?msg-context .execute o> true
    ELSE
	drop "" msg-group$ $@ msg-groups #!
	0 .execute false
................................................................................
: g?join ( -- )
    msg-group$ $@len IF  send-join -timeout  THEN ;

: g?leave ( -- )
    msg-group$ $@len IF  send-leave -timeout  THEN ;

: greet ( -- )
    connection .data-rmap 0= ?EXIT
    net2o-code expect-msg
    log !time end-with join, get-ip end-code ;

: chat-entry ( -- )  ?.net2o/chats  word-args
    <warn> ." Type ctrl-D or '/bye' as single item to quit" <default> cr ;

: wait-2s-key ( -- )
................................................................................

: load-msgn ( addr u n -- )
    >r 2dup load-msg ?msg-log r> display-lastn ;

: +group ( -- )
    msg-group$ $@ dup IF
	2dup msg-groups #@ d0<> IF
	    +unique-con 2drop
	ELSE  o { w^ group } group cell 2swap msg-groups #!  THEN
    ELSE  2drop  THEN ;

: msg-timeout ( -- )
    packets2 @  connected-timeout  packets2 @ <>
    IF  reply( ." Resend to " pubkey $@ key>nick type cr )
	timeout-expired? IF
................................................................................
    ['] msg-timeout is timeout-xt  o+timeout ;

$B $E 2Value chat-bufs#

: +chat-control ( -- )
    +resend-msg +flow-control ;

: chat#-connect? ( addr u buf1 buf2 --- flag )
    pk-connect? dup IF  connection >o rdrop +chat-control  +group  THEN ;

: chat-connect ( addr u -- )
    chat-bufs# chat#-connect? IF  greet  THEN ;

: key-ctrlbit ( -- n )
    \G return a bit mask for the control key pressed
    1 key dup bl < >r lshift r> and ;

: wait-key ( -- )
    BEGIN  key-ctrlbit [ 1 ctrl L lshift 1 ctrl Z lshift or ]L

Random number generators are a known attack vector to weaken cryptography.  I
use all techniques I know to make sure net2o uses a cryptographically strong
random number (CSPRNG).

## What do you need for a CSPRNG?

  + An entropy source — I use the OS for that, ''/dev/urandom'' is known good.
  + A secure, non-reversible expansion algorithm — I use keccak, which
    encrypts again and again the same output buffer using an ever-changing
    secret state (key erasure).  An attacker should not be able to guess past
    random numbers from the current state, and should have difficulties to
    guess future ones after re-injection of entropy.

These two things are good enough, but here's about the seat belts, the
additional level of security to make sure even if one of these two fails
suddenly, it's not a debacle.

## Detection of low-entropy PRNG

................................................................................
## Key erasure and rolling tag

I store an initializing state for the PRNG, first generated together with your
sekret key.  This is the time when a low-entropy system can ask the user to
add more entropy by e.g. moving the mouse or walking over the keyboard.  That
initial state then has enough randomness.

On every start of net2o, I mix it together with entropy from ''/dev/random''
and replace the previous saved content.  This is to prevent a forward security
attack.  To make sure the initial state can't be used to recover forward
secrecy, it's just a part of the overall state, and overwritten by generating
more random numbers afterwards; generating more random numbers will replace
the secret state with a new one.  This technique is called _“key erasing
PRNG”_.  This is important.

Note that a revision controlling file system can know the save time and all

Random number generators are a known attack vector to weaken cryptography.  I
use all techniques I know to make sure net2o uses a cryptographically strong
random number (CSPRNG).

## What do you need for a CSPRNG?

* An entropy source — I use the OS for that, `/dev/urandom` is known good.
* A secure, non-reversible expansion algorithm — I use keccak, which
  encrypts again and again the same output buffer using an ever-changing
  secret state (key erasure).  An attacker should not be able to guess past
  random numbers from the current state, and should have difficulties to
  guess future ones after re-injection of entropy.

These two things are good enough, but here's about the seat belts, the
additional level of security to make sure even if one of these two fails
suddenly, it's not a debacle.

## Detection of low-entropy PRNG

................................................................................
## Key erasure and rolling tag

I store an initializing state for the PRNG, first generated together with your
sekret key.  This is the time when a low-entropy system can ask the user to
add more entropy by e.g. moving the mouse or walking over the keyboard.  That
initial state then has enough randomness.

On every start of net2o, I mix it together with entropy from `/dev/random`
and replace the previous saved content.  This is to prevent a forward secrecy
attack.  To make sure the initial state can't be used to recover forward
secrecy, it's just a part of the overall state, and overwritten by generating
more random numbers afterwards; generating more random numbers will replace
the secret state with a new one.  This technique is called _“key erasing
PRNG”_.  This is important.

Note that a revision controlling file system can know the save time and all