IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2023/07/17
eyedeekay Hi orignal
eyedeekay Thanks for being punctual
eyedeekay Hi everyone welcome to the meeting for the 17th, got a few things on the agenda from my end but let's start by seeing who's here
eyedeekay Anybody else here today? obscuratus, not_bob, dr|zed ?
eyedeekay Hi orignal
eyedeekay Looks like it's just you and me today
orignal so we need to discuss these wrong addresses for routers with U
eyedeekay OK that can be #1
orignal correct
eyedeekay I also have I have 2) Remaining release items 3) Multiple NetDB's for Java I2P
eyedeekay Hi obscuratus, thanks for coming
eyedeekay So far the agenda is as stated above, would you like to add any items before we get started?
orignal item #4. where is grandpa?
eyedeekay I can't answer that question. We can talk privately about it if you like.
orignal ofc it's a joke
eyedeekay OK well moving on to the agenda, item 1 is wrong addresses on U caps
orignal it makes things confusing
orignal I'm trying to find an address I'm able to connect to
orignal and have to try non-reachable NTCP2
orignal because they publish i
orignal will you fix it?
orignal because 'i' means you can connect to an address
eyedeekay Yes per the conversation we had yesterday saltr it looks like this is being done in error and there's not a clear reason for it
dr|z3d hi guys, am here now.
eyedeekay Awesome, thanks for coming dr|zed
orignal when do you think are you able to fix it?
orignal also if you exclude i it's worth to exlude IP
orignal for anonymity
eyedeekay The change required to alter it is pretty small, there's no problem checking it in before our 2.4.0
obscuratus I'll double check on my testing network later. I don't see many U routers publishing an NTCP address when browsing my NetDb
eyedeekay Barring me(or obscuratus or dr|zed) finding a reason it needs to be otherwise I don't see a reason why it should take longer than that
orignal I don't think it's pretty small
orignal because you have to set it back once a router becomes reachable
eyedeekay Perhaps I'm wrong about the difficulty, I only looked at the publishing parts so far. I'll get my hands dirty with it this week and have a clearer idea
orignal even if you had a reason it contradicts with NTCP2 specs
eyedeekay Still think it can be done before 2.4.0 though
eyedeekay Anything else on 1?
eyedeekay OK then on to 2) remaining release items
orignal tell us
eyedeekay Java I2P has had an unfortunately difficult release this time in particular for Android, we're only 66% of the way through the Android release at this time
eyedeekay We have F-Droid and Freestanding APK's built and released, but unfortunately our largest Android userbase is Google Play users(roughly 6-8k users) and my Google has flagged the app for further/manual review, so those users are stuck until Google lets it out
eyedeekay If they need to upgrade immediately, moving to F-Droid or using a freestanding APK are the best solution
orignal may I ask you why do you even appear in th google play?
orignal in my opinion it makes worst for I2P reputation
orignal only SJW shit in Inclusion is worse
eyedeekay Because we can, because it's the default, because by the time I was in charge of it there were already 6k users
dr|z3d it's simple, orignal. no need for users to manually allow 3rd party repos. is that a good thing, I dunno, but that's the justification. that and general visibility.
orignal people looking for anynimity and go to ... google play
orignal why not to the Facebook? ))
dr|z3d Sure, personally I'd host it on f-droid and forget about google.
orignal dr|z3d and i2pd android has a lot of users without google play
eyedeekay I agree there are ways in which it is silly, but it would be worse of us to not provide them with updates IMO
orignal that's what we do
orignal eyedeekay I know where it came from
orignal str4d did it
orignal e.g. brought i2p to google play
orignal and if I remeber it's not avaible for Russia there )))
orignal and since we are on that page
orignal I would like to bring up I2P phylosophy
orignal what is our priority? Anonymoity, freedom of speech, fight against censorship
orignal or support faggots of all kind
orignal and sell our users to big corps?
dr|z3d calm down, orignal :)
orignal dr|z3d do you disgree?
dr|z3d I can tell you're getting a bit too excited over there. *chuckle*
eyedeekay You're not hearing me here. If we don't put updates on GPlay, GPlay users don't update.
eyedeekay It's that simple
orignal no, becuase it affects fitire of I2P
dr|z3d I think we should be entirely apolitical and leave the political statements to twitter or elsewhere, orignal
orignal eyedeekay then I missed something
orignal what do you have in Google Play?
orignal dr|z3d where do you see politics?
dr|z3d I'm also of the view that the project should own shared resources and fund them, and not individuals.
orignal about Inclusion or about Google Play?
dr|z3d politics, orignal, being the states about inclusion.
orignal it's not supposed to be there, because it makes negative impression about I2P
dr|z3d *statement
dr|z3d I agree, it's out of place.
orignal then let me tell something
orignal if Nazi refuses to remove it
orignal and he does
orignal we should think about "new I2P"
orignal e.g. contrinue I2P fork without him and other SJW stuff
dr|z3d I2P is software. It should be apolitical. Like I said, you want to make statements about inclusion and the like, do it on twitter.
orignal I don't want to make a statement
orignal I want to discuss I2P future
dr|z3d not you personally, anyone.
orignal I'm sorry to say but without gradpa it goes to nowhere
eyedeekay Honestly I figured you would disagree with that because of 3
orignal if eyedeekay wants to become a "new grandpa" he should take the leadership to his hands
eyedeekay I'm literally proposing to do a thing grandpa didn't want to do
RN orignal> or support faggots of all kind ◀━━ that is a statement you are making
orignal RN correct
orignal that what Inclusion says
orignal not me
orignal eyedeekay great
orignal but then you must be a leader
orignal and no some strange people
obscuratus Freedom of speech is pretty much integral to I2P. Some boilerplate text about inclusion doesn't change that.
orignal obscuratus presense in GooglePlay does
orignal if you poduct is presented in Google Play it means you follow their rules
eyedeekay IMO it's a waste of time to argue about, especially here. I care about code and updates. GPlay has momentarily strangled our updates, and that's a good reason to consider axing them, but with 8k users we can't do it without a plan.
orignal manybe it's time to make a decision
eyedeekay More like a roadmap
orignal to exlclude it from Google Play for good
orignal and make a statements like "Google Play doesn't mathc I2P phylosophy anymore"
eyedeekay I'm pretty pissed off about this strangled update, but I'm not going to strand all those users either.
eyedeekay So it's a roadmap, and not a rash decision
orignal just make a statment
orignal that I2P will be removed from Google Play soon
eyedeekay Plan first, statement after
orignal then what else do you have in outstanding tasks?
dr|z3d can you push news updates to anrdoid users only, eyedeekay? does android i2p receive news subs?
dr|z3d if you can't push exclusively to android, that's fine, but a news post shortly about migrating from gplay to f-droid would be handy.
eyedeekay If we're considering axing GPlay then we need a path to migrate GPlay users
dr|z3d sure, that would be what the news post addresses.
orignal release ,apk
orignal like we do
orignal and F-droid
eyedeekay Which as dr|zed astutely observed just now, may involve android-specific news
dr|z3d no harm in informing desktop users, either. some may be on both platforms.
orignal eyedeekay do you know who are main users of i2pd-android? ))
eyedeekay We already have that orignal, we have .apk, F-Droid official support, and our own F-Droid repository
eyedeekay And mirrors
eyedeekay And github releases as of 2.3.0
eyedeekay No shortage of suppliers
orignal btw do you publish D for android?
eyedeekay Yes we do
orignal we plan to exclude android from tunnels
orignal they slow down too much
eyedeekay Your call, I totally understand why you would do that
eyedeekay Are we finally ready for 3?
eyedeekay 3) Multiple NetDB's in Java I2P - I promised a writeup for how our multiple-NetDB proposal will work for this week
eyedeekay It explains the incumbent differences between Java I2P and i2pd re: the positioning of the NetDB
eyedeekay And hopefully, how we'll be able to use i2pd to inform our design along the same lines
obscuratus FWIW, I got the latest segmented-netdb branch running on one of my test network routers.
eyedeekay orignal, you don't have to answer now, but if you have time at some point this week, would you explain where you separate your NetDB's, i.e. where the boundaries are?
orignal boundaries?
orignal it's simple
orignal every destination has it's own LeaseSets
eyedeekay obscuratus that's partly because the boundaries aren't quite real yet, everything is being dumped into the same context, what's been defined at the moment is the API itself
eyedeekay And only loosely
eyedeekay I believe I understand it but I would like to hear it from you
orignal they never overlapped
orignal and never use router's netdb for LeaseSet
orignal say you have two local destinations and first has a LeaseSet aleady
orignal if seconds need one it has to request it from floodfills
eyedeekay OK so the boundaries occur at Destinations + Router only for N+1 containers
orignal we also have one execption
eyedeekay That's what I thought
orignal "locallookup" command in our Bob extension
orignal it try to find a LeaseSet in router's netdb
orignal we use one at reg.i2p
eyedeekay OK that makes sense, I already encountered some places where I need something like that
orignal to check if address is alive
orignal no resson to request LeaseSet if you have it iin your router's netdb
eyedeekay Makes perfect sense
eyedeekay Another question I think I know the answer to but want to hear what you think
eyedeekay Does a NetDB for a destination ever need to know a RouterInfo, or will it entirely consist of LeaseSets?
orignal only LeaseSets in i2pd
obscuratus Doesn't the OBEP forward stuff directly sometimes?
orignal if I need to request more floodfills I do it trough router's exploratory tunnels
orignal but I also need to think about it
orignal when destination takes floodfills from router's netdb
orignal is some attack possible?
orignal like forcing destination to request some floodfill with fake ident on your own floodfill
eyedeekay obscuratus yes I think so but I also think I need to look at when/why to do this change
eyedeekay OK that answers my big questions for this week on 3 then
eyedeekay Anything else on 3?
orignal not sure yet how it can help attacker
obscuratus OK, so exploratory tunnels handle RI, client tunnels (destinations) don't need to? I can see that.
orignal correct
orignal RI are always done through exploratory
orignal ofc if destination receives RI instead LS it will be dropped
eyedeekay Re: Attacks not that we know of right now, but we've had a couple problems recently this is a historical weak-point of ours. If we can make it easier to defend I would like to.
eyedeekay If you mean in i2pd, I don't think so, at most it might disclose that an i2pd user is using i2pd which doesn't seem like that big a deal
eyedeekay Last call for 3
eyedeekay OK thanks everybody for coming to the meeting, I will update the topic as soon as my cable comes back
eyedeekay BTW to the folks observing in particular Opicaak sorry I was not about to -v the channel today due to being stuck on a mobile device
eyedeekay Next meeting will be the 31st same time
obscuratus Some quick follow-up on #1, I confirmed that orignal is correct, we publish NTCP IP when firewalled.
eyedeekay Thanks for confirming that for us obscuratus
orignal obscuratus IP is not a problem, "i" is a problem
dr|z3d yeah, the i cap, introducers active, shouldn't be used with a declared ip. the 2 should be mutually exclusive.
obscuratus So, with the direction Java I2P currently appears to be taking (and, yeah, it's early yet), with completely divorced netDb tables, the client is going to have to maintain RI at least for the FF it intends to use for looking up Leasesets.
orignal dr|z3d techically it could be
orignal yous SSU2 uses introducers and NTCP2 is reachable from outside
dr|z3d orignal, yeah, if ssu is firewalled and ntcp isn't.. that's what you're driving at?
orignal my network confoguration for example
orignal I can forward TCP port and cann't forward UDP
dr|z3d yeah, I'm sure your network is highly confogged ;)
orignal not mine
orignal but you know today networks have different configuration
dr|z3d sure, but I'm agreeing with you when you say if we're firewalled on both tcp and udp, we shouldn't be publishing our ip.
orignal the problem that you publish "i" and this address is really not reachable from outside
obscuratus orignal: In I2PD, when a destination needs to craft a DatabaseSearchMessage to look up a Lease Set, where does it look for the FF RI it will need to use for the query?
orignal from router's netdb
dr|z3d sure, that's one issue. the other issue is that you're publishing any ip when you're firewalled, from a privacy perspective. if I'm firewalled, intentionally or otherwise, my own ip should be unknown.
orignal as I said we should think about possible attacks
dr|z3d (except to my introducer)
orignal dr|z3d yes
obscuratus dr|z3d: But the people you connect to will know your IP, so it's not that secret.
orignal I never publish IP/port is firewalled
orignal obscuratus however people collecting netdb will not find your IP there
dr|z3d obscuratus: only via introducers, sure, but definitely my ip shouldn't be discovered in the netdb.
dr|z3d *discoverable
obscuratus That's security through obscurity. It its critical your actual IP address is hidden, then we're not doing it.
dr|z3d not really, it's about discoverability.
dr|z3d take this example: I'm firewalled, in hidden mode, because I'm in China..
dr|z3d so being in China, I'm avoiding any other Chinese ips for my tunnels and direct connections.
orignal you can't hide your acrual IP
orignal and it's musch easier to harvest netdb
dr|z3d so my expectation is that routers won't be able to discover my ip through a scan of the netdb.
orignal that run bunch of routers to collect all hidden IPs
obscuratus It makes it more difficult, but not impossible. I'm nearly positive China wouldn't hesitate to set up a VPS outside of China, and collect IP addresses of U routers if they wanted to.
dr|z3d sure, not impossible. just more work required.
orignal that's why we offer I2P over yggdrasil ))
orignal they get an IP ... starting from 2xx
obscuratus But, just to be clear, I have no problem with leaving the IP address out when the router is U.
orignal up to you, but "i" is not supposed to be there if your IP/port is not reacnable
obscuratus Haha, I'm looking at a XU router with an IPv6 address of ::1
obscuratus I thought we banned those.
orignal yes we do
obscuratus I guess since they also have IPv4 with introducers, we ignore the fact they have a ::1 address for IPv6
eyedeekay I thought so too
obscuratus XxLxwG6Xr3I-nnvIeQekavlwpwT1QWEK2XD3~D2on7E=
eyedeekay Hm, sure enough