@eyedeekay
+R4SAS
+RN
+RN_
+Xeha
+orignal
FreeRider
Irc2PGuest22478
Irc2PGuest48042
Onn4l7h
Onn4|7h
T3s|4_
aargh3
acetone_
anon4
eyedeekay_bnc
not_bob_afk
profetikla
shiver_1
u5657
weko_
x74a6
orignal
hi
eyedeekay
Hi orignal
eyedeekay
Thanks for being punctual
eyedeekay
Hi everyone welcome to the meeting for the 17th, got a few things on the agenda from my end but let's start by seeing who's here
eyedeekay
Anybody else here today? obscuratus, not_bob, dr|zed ?
orignal
hi
eyedeekay
Hi orignal
eyedeekay
Looks like it's just you and me today
orignal
so we need to discuss these wrong addresses for routers with U
eyedeekay
OK that can be #1
orignal
correct
eyedeekay
I also have I have 2) Remaining release items 3) Multiple NetDB's for Java I2P
obscuratus
hi
eyedeekay
Hi obscuratus, thanks for coming
eyedeekay
So far the agenda is as stated above, would you like to add any items before we get started?
orignal
item #4. where is grandpa?
eyedeekay
I can't answer that question. We can talk privately about it if you like.
orignal
ofc it's a joke
eyedeekay
OK well moving on to the agenda, item 1 is wrong addresses on U caps
orignal
yes
orignal
it makes things confusing
orignal
I'm trying to find an address I'm able to connect to
orignal
and have to try non-reachable NTCP2
orignal
because they publish i
orignal
will you fix it?
orignal
because 'i' means you can connect to an address
eyedeekay
Yes per the conversation we had yesterday saltr it looks like this is being done in error and there's not a clear reason for it
dr|z3d
hi guys, am here now.
eyedeekay
Awesome, thanks for coming dr|zed
orignal
when do you think are you able to fix it?
orignal
also if you exclude i it's worth to exlude IP
orignal
for anonymity
eyedeekay
The change required to alter it is pretty small, there's no problem checking it in before our 2.4.0
obscuratus
I'll double check on my testing network later. I don't see many U routers publishing an NTCP address when browsing my NetDb
eyedeekay
Barring me(or obscuratus or dr|zed) finding a reason it needs to be otherwise I don't see a reason why it should take longer than that
orignal
I don't think it's pretty small
orignal
because you have to set it back once a router becomes reachable
eyedeekay
Perhaps I'm wrong about the difficulty, I only looked at the publishing parts so far. I'll get my hands dirty with it this week and have a clearer idea
orignal
even if you had a reason it contradicts with NTCP2 specs
eyedeekay
Still think it can be done before 2.4.0 though
orignal
nice
eyedeekay
Anything else on 1?
orignal
no
eyedeekay
OK then on to 2) remaining release items
orignal
tell us
eyedeekay
Java I2P has had an unfortunately difficult release this time in particular for Android, we're only 66% of the way through the Android release at this time
orignal
why?
eyedeekay
We have F-Droid and Freestanding APK's built and released, but unfortunately our largest Android userbase is Google Play users(roughly 6-8k users) and my Google has flagged the app for further/manual review, so those users are stuck until Google lets it out
eyedeekay
If they need to upgrade immediately, moving to F-Droid or using a freestanding APK are the best solution
orignal
may I ask you why do you even appear in th google play?
orignal
in my opinion it makes worst for I2P reputation
orignal
only SJW shit in Inclusion is worse
eyedeekay
Because we can, because it's the default, because by the time I was in charge of it there were already 6k users
dr|z3d
it's simple, orignal. no need for users to manually allow 3rd party repos. is that a good thing, I dunno, but that's the justification. that and general visibility.
orignal
people looking for anynimity and go to ... google play
orignal
why not to the Facebook? ))
dr|z3d
Sure, personally I'd host it on f-droid and forget about google.
orignal
dr|z3d and i2pd android has a lot of users without google play
eyedeekay
I agree there are ways in which it is silly, but it would be worse of us to not provide them with updates IMO
orignal
that's what we do
orignal
eyedeekay I know where it came from
orignal
str4d did it
orignal
e.g. brought i2p to google play
orignal
and if I remeber it's not avaible for Russia there )))
orignal
and since we are on that page
orignal
I would like to bring up I2P phylosophy
orignal
what is our priority? Anonymoity, freedom of speech, fight against censorship
orignal
or support faggots of all kind
orignal
and sell our users to big corps?
dr|z3d
calm down, orignal :)
orignal
dr|z3d do you disgree?
dr|z3d
I can tell you're getting a bit too excited over there. *chuckle*
eyedeekay
You're not hearing me here. If we don't put updates on GPlay, GPlay users don't update.
eyedeekay
It's that simple
orignal
no, becuase it affects fitire of I2P
dr|z3d
I think we should be entirely apolitical and leave the political statements to twitter or elsewhere, orignal
orignal
eyedeekay then I missed something
orignal
what do you have in Google Play?
orignal
dr|z3d where do you see politics?
dr|z3d
I'm also of the view that the project should own shared resources and fund them, and not individuals.
orignal
about Inclusion or about Google Play?
dr|z3d
politics, orignal, being the states about inclusion.
orignal
it's not supposed to be there, because it makes negative impression about I2P
dr|z3d
*statement
dr|z3d
I agree, it's out of place.
orignal
then let me tell something
orignal
if Nazi refuses to remove it
orignal
and he does
orignal
we should think about "new I2P"
orignal
e.g. contrinue I2P fork without him and other SJW stuff
dr|z3d
I2P is software. It should be apolitical. Like I said, you want to make statements about inclusion and the like, do it on twitter.
orignal
I don't want to make a statement
orignal
I want to discuss I2P future
dr|z3d
not you personally, anyone.
orignal
I'm sorry to say but without gradpa it goes to nowhere
eyedeekay
Honestly I figured you would disagree with that because of 3
orignal
if eyedeekay wants to become a "new grandpa" he should take the leadership to his hands
eyedeekay
I'm literally proposing to do a thing grandpa didn't want to do
RN
orignal> or support faggots of all kind ◀━━ that is a statement you are making
orignal
RN correct
orignal
that what Inclusion says
orignal
not me
orignal
eyedeekay great
orignal
but then you must be a leader
orignal
and no some strange people
obscuratus
Freedom of speech is pretty much integral to I2P. Some boilerplate text about inclusion doesn't change that.
orignal
obscuratus presense in GooglePlay does
orignal
if you poduct is presented in Google Play it means you follow their rules
eyedeekay
IMO it's a waste of time to argue about, especially here. I care about code and updates. GPlay has momentarily strangled our updates, and that's a good reason to consider axing them, but with 8k users we can't do it without a plan.
orignal
manybe it's time to make a decision
eyedeekay
More like a roadmap
orignal
to exlclude it from Google Play for good
orignal
and make a statements like "Google Play doesn't mathc I2P phylosophy anymore"
eyedeekay
I'm pretty pissed off about this strangled update, but I'm not going to strand all those users either.
eyedeekay
So it's a roadmap, and not a rash decision
orignal
just make a statment
orignal
that I2P will be removed from Google Play soon
eyedeekay
Plan first, statement after
orignal
then what else do you have in outstanding tasks?
dr|z3d
can you push news updates to anrdoid users only, eyedeekay? does android i2p receive news subs?
dr|z3d
if you can't push exclusively to android, that's fine, but a news post shortly about migrating from gplay to f-droid would be handy.
eyedeekay
If we're considering axing GPlay then we need a path to migrate GPlay users
dr|z3d
sure, that would be what the news post addresses.
orignal
release ,apk
orignal
like we do
orignal
and F-droid
eyedeekay
Which as dr|zed astutely observed just now, may involve android-specific news
dr|z3d
no harm in informing desktop users, either. some may be on both platforms.
orignal
eyedeekay do you know who are main users of i2pd-android? ))
eyedeekay
We already have that orignal, we have .apk, F-Droid official support, and our own F-Droid repository
eyedeekay
And mirrors
eyedeekay
And github releases as of 2.3.0
eyedeekay
No shortage of suppliers
orignal
btw do you publish D for android?
eyedeekay
Yes we do
orignal
we plan to exclude android from tunnels
orignal
they slow down too much
eyedeekay
Your call, I totally understand why you would do that
eyedeekay
Are we finally ready for 3?
orignal
yes
eyedeekay
3) Multiple NetDB's in Java I2P - I promised a writeup for how our multiple-NetDB proposal will work for this week
eyedeekay
It's at the top of the draft MR: i2pgit.org/i2p-hackers/i2p.i2p/-/merge_requests/95
eyedeekay
It explains the incumbent differences between Java I2P and i2pd re: the positioning of the NetDB
eyedeekay
And hopefully, how we'll be able to use i2pd to inform our design along the same lines
obscuratus
FWIW, I got the latest segmented-netdb branch running on one of my test network routers.
eyedeekay
orignal, you don't have to answer now, but if you have time at some point this week, would you explain where you separate your NetDB's, i.e. where the boundaries are?
orignal
boundaries?
orignal
it's simple
orignal
every destination has it's own LeaseSets
eyedeekay
obscuratus that's partly because the boundaries aren't quite real yet, everything is being dumped into the same context, what's been defined at the moment is the API itself
eyedeekay
And only loosely
eyedeekay
I believe I understand it but I would like to hear it from you
orignal
they never overlapped
orignal
and never use router's netdb for LeaseSet
orignal
say you have two local destinations and first has a LeaseSet aleady
orignal
if seconds need one it has to request it from floodfills
eyedeekay
OK so the boundaries occur at Destinations + Router only for N+1 containers
orignal
we also have one execption
eyedeekay
That's what I thought
orignal
"locallookup" command in our Bob extension
orignal
it try to find a LeaseSet in router's netdb
orignal
we use one at reg.i2p
eyedeekay
OK that makes sense, I already encountered some places where I need something like that
orignal
to check if address is alive
orignal
no resson to request LeaseSet if you have it iin your router's netdb
eyedeekay
Makes perfect sense
eyedeekay
Another question I think I know the answer to but want to hear what you think
eyedeekay
Does a NetDB for a destination ever need to know a RouterInfo, or will it entirely consist of LeaseSets?
orignal
only LeaseSets in i2pd
obscuratus
Doesn't the OBEP forward stuff directly sometimes?
orignal
if I need to request more floodfills I do it trough router's exploratory tunnels
orignal
but I also need to think about it
orignal
when destination takes floodfills from router's netdb
orignal
is some attack possible?
orignal
like forcing destination to request some floodfill with fake ident on your own floodfill
eyedeekay
obscuratus yes I think so but I also think I need to look at when/why to do this change
eyedeekay
OK that answers my big questions for this week on 3 then
eyedeekay
Anything else on 3?
orignal
not sure yet how it can help attacker
obscuratus
OK, so exploratory tunnels handle RI, client tunnels (destinations) don't need to? I can see that.
orignal
correct
orignal
RI are always done through exploratory
orignal
ofc if destination receives RI instead LS it will be dropped
eyedeekay
Re: Attacks not that we know of right now, but we've had a couple problems recently this is a historical weak-point of ours. If we can make it easier to defend I would like to.
eyedeekay
If you mean in i2pd, I don't think so, at most it might disclose that an i2pd user is using i2pd which doesn't seem like that big a deal
eyedeekay
Last call for 3
orignal
nice
eyedeekay
OK thanks everybody for coming to the meeting, I will update the topic as soon as my cable comes back
eyedeekay
BTW to the folks observing in particular Opicaak sorry I was not about to -v the channel today due to being stuck on a mobile device
eyedeekay
Next meeting will be the 31st same time
obscuratus
Some quick follow-up on #1, I confirmed that orignal is correct, we publish NTCP IP when firewalled.
eyedeekay
Thanks for confirming that for us obscuratus
orignal
obscuratus IP is not a problem, "i" is a problem
dr|z3d
yeah, the i cap, introducers active, shouldn't be used with a declared ip. the 2 should be mutually exclusive.
obscuratus
So, with the direction Java I2P currently appears to be taking (and, yeah, it's early yet), with completely divorced netDb tables, the client is going to have to maintain RI at least for the FF it intends to use for looking up Leasesets.
orignal
dr|z3d techically it could be
orignal
yous SSU2 uses introducers and NTCP2 is reachable from outside
dr|z3d
orignal, yeah, if ssu is firewalled and ntcp isn't.. that's what you're driving at?
orignal
my network confoguration for example
orignal
I can forward TCP port and cann't forward UDP
dr|z3d
yeah, I'm sure your network is highly confogged ;)
orignal
not mine
orignal
but you know today networks have different configuration
dr|z3d
sure, but I'm agreeing with you when you say if we're firewalled on both tcp and udp, we shouldn't be publishing our ip.
orignal
the problem that you publish "i" and this address is really not reachable from outside
obscuratus
orignal: In I2PD, when a destination needs to craft a DatabaseSearchMessage to look up a Lease Set, where does it look for the FF RI it will need to use for the query?
orignal
from router's netdb
dr|z3d
sure, that's one issue. the other issue is that you're publishing any ip when you're firewalled, from a privacy perspective. if I'm firewalled, intentionally or otherwise, my own ip should be unknown.
orignal
as I said we should think about possible attacks
dr|z3d
(except to my introducer)
orignal
dr|z3d yes
obscuratus
dr|z3d: But the people you connect to will know your IP, so it's not that secret.
orignal
I never publish IP/port is firewalled
orignal
obscuratus however people collecting netdb will not find your IP there
dr|z3d
obscuratus: only via introducers, sure, but definitely my ip shouldn't be discovered in the netdb.
dr|z3d
*discoverable
obscuratus
That's security through obscurity. It its critical your actual IP address is hidden, then we're not doing it.
dr|z3d
not really, it's about discoverability.
dr|z3d
take this example: I'm firewalled, in hidden mode, because I'm in China..
dr|z3d
so being in China, I'm avoiding any other Chinese ips for my tunnels and direct connections.
orignal
you can't hide your acrual IP
orignal
and it's musch easier to harvest netdb
dr|z3d
so my expectation is that routers won't be able to discover my ip through a scan of the netdb.
orignal
that run bunch of routers to collect all hidden IPs
obscuratus
It makes it more difficult, but not impossible. I'm nearly positive China wouldn't hesitate to set up a VPS outside of China, and collect IP addresses of U routers if they wanted to.
orignal
ofc
dr|z3d
sure, not impossible. just more work required.
orignal
that's why we offer I2P over yggdrasil ))
orignal
they get an IP ... starting from 2xx
obscuratus
But, just to be clear, I have no problem with leaving the IP address out when the router is U.
orignal
up to you, but "i" is not supposed to be there if your IP/port is not reacnable
obscuratus
Haha, I'm looking at a XU router with an IPv6 address of ::1
obscuratus
I thought we banned those.
orignal
yes we do
obscuratus
I guess since they also have IPv4 with introducers, we ignore the fact they have a ::1 address for IPv6
eyedeekay
I thought so too
obscuratus
XxLxwG6Xr3I-nnvIeQekavlwpwT1QWEK2XD3~D2on7E=
eyedeekay
Hm, sure enough