#ls2 (irc2p) | #ls2 I2P Protocol Development Discussion - Next Meeting Monday, October 9th 6:30 UTC

orignal hi

eyedeekay Hi orignal

eyedeekay Thanks for being punctual

eyedeekay Hi everyone welcome to the meeting for the 17th, got a few things on the agenda from my end but let's start by seeing who's here

eyedeekay Anybody else here today? obscuratus, not_bob, dr|zed ?

orignal hi

eyedeekay Hi orignal

eyedeekay Looks like it's just you and me today

orignal so we need to discuss these wrong addresses for routers with U

eyedeekay OK that can be #1

orignal correct

eyedeekay I also have I have 2) Remaining release items 3) Multiple NetDB's for Java I2P

obscuratus hi

eyedeekay Hi obscuratus, thanks for coming

eyedeekay So far the agenda is as stated above, would you like to add any items before we get started?

orignal item #4. where is grandpa?

eyedeekay I can't answer that question. We can talk privately about it if you like.

orignal ofc it's a joke

eyedeekay OK well moving on to the agenda, item 1 is wrong addresses on U caps

orignal yes

orignal it makes things confusing

orignal I'm trying to find an address I'm able to connect to

orignal and have to try non-reachable NTCP2

orignal because they publish i

orignal will you fix it?

orignal because 'i' means you can connect to an address

eyedeekay Yes per the conversation we had yesterday saltr it looks like this is being done in error and there's not a clear reason for it

dr|z3d hi guys, am here now.

eyedeekay Awesome, thanks for coming dr|zed

orignal when do you think are you able to fix it?

orignal also if you exclude i it's worth to exlude IP

orignal for anonymity

eyedeekay The change required to alter it is pretty small, there's no problem checking it in before our 2.4.0

obscuratus I'll double check on my testing network later. I don't see many U routers publishing an NTCP address when browsing my NetDb

eyedeekay Barring me(or obscuratus or dr|zed) finding a reason it needs to be otherwise I don't see a reason why it should take longer than that

orignal I don't think it's pretty small

orignal because you have to set it back once a router becomes reachable

eyedeekay Perhaps I'm wrong about the difficulty, I only looked at the publishing parts so far. I'll get my hands dirty with it this week and have a clearer idea

orignal even if you had a reason it contradicts with NTCP2 specs

eyedeekay Still think it can be done before 2.4.0 though

orignal nice

eyedeekay Anything else on 1?

orignal no

eyedeekay OK then on to 2) remaining release items

orignal tell us

eyedeekay Java I2P has had an unfortunately difficult release this time in particular for Android, we're only 66% of the way through the Android release at this time

orignal why?

eyedeekay We have F-Droid and Freestanding APK's built and released, but unfortunately our largest Android userbase is Google Play users(roughly 6-8k users) and my Google has flagged the app for further/manual review, so those users are stuck until Google lets it out

eyedeekay If they need to upgrade immediately, moving to F-Droid or using a freestanding APK are the best solution

orignal may I ask you why do you even appear in th google play?

orignal in my opinion it makes worst for I2P reputation

orignal only SJW shit in Inclusion is worse

eyedeekay Because we can, because it's the default, because by the time I was in charge of it there were already 6k users

dr|z3d it's simple, orignal. no need for users to manually allow 3rd party repos. is that a good thing, I dunno, but that's the justification. that and general visibility.

orignal people looking for anynimity and go to ... google play

orignal why not to the Facebook? ))

dr|z3d Sure, personally I'd host it on f-droid and forget about google.

orignal dr|z3d and i2pd android has a lot of users without google play

eyedeekay I agree there are ways in which it is silly, but it would be worse of us to not provide them with updates IMO

orignal that's what we do

orignal eyedeekay I know where it came from

orignal str4d did it

orignal e.g. brought i2p to google play

orignal and if I remeber it's not avaible for Russia there )))

orignal and since we are on that page

orignal I would like to bring up I2P phylosophy

orignal what is our priority? Anonymoity, freedom of speech, fight against censorship

orignal or support faggots of all kind

orignal and sell our users to big corps?

dr|z3d calm down, orignal :)

orignal dr|z3d do you disgree?

dr|z3d I can tell you're getting a bit too excited over there. *chuckle*

eyedeekay You're not hearing me here. If we don't put updates on GPlay, GPlay users don't update.

eyedeekay It's that simple

orignal no, becuase it affects fitire of I2P

dr|z3d I think we should be entirely apolitical and leave the political statements to twitter or elsewhere, orignal

orignal eyedeekay then I missed something

orignal what do you have in Google Play?

orignal dr|z3d where do you see politics?

dr|z3d I'm also of the view that the project should own shared resources and fund them, and not individuals.

orignal about Inclusion or about Google Play?

dr|z3d politics, orignal, being the states about inclusion.

orignal it's not supposed to be there, because it makes negative impression about I2P

dr|z3d *statement

dr|z3d I agree, it's out of place.

orignal then let me tell something

orignal if Nazi refuses to remove it

orignal and he does

orignal we should think about "new I2P"

orignal e.g. contrinue I2P fork without him and other SJW stuff

dr|z3d I2P is software. It should be apolitical. Like I said, you want to make statements about inclusion and the like, do it on twitter.

orignal I don't want to make a statement

orignal I want to discuss I2P future

dr|z3d not you personally, anyone.

orignal I'm sorry to say but without gradpa it goes to nowhere

eyedeekay Honestly I figured you would disagree with that because of 3

orignal if eyedeekay wants to become a "new grandpa" he should take the leadership to his hands

eyedeekay I'm literally proposing to do a thing grandpa didn't want to do

RN orignal> or support faggots of all kind ◀━━ that is a statement you are making

orignal RN correct

orignal that what Inclusion says

orignal not me

orignal eyedeekay great

orignal but then you must be a leader

orignal and no some strange people

obscuratus Freedom of speech is pretty much integral to I2P. Some boilerplate text about inclusion doesn't change that.

orignal obscuratus presense in GooglePlay does

orignal if you poduct is presented in Google Play it means you follow their rules

eyedeekay IMO it's a waste of time to argue about, especially here. I care about code and updates. GPlay has momentarily strangled our updates, and that's a good reason to consider axing them, but with 8k users we can't do it without a plan.

orignal manybe it's time to make a decision

eyedeekay More like a roadmap

orignal to exlclude it from Google Play for good

orignal and make a statements like "Google Play doesn't mathc I2P phylosophy anymore"

eyedeekay I'm pretty pissed off about this strangled update, but I'm not going to strand all those users either.

eyedeekay So it's a roadmap, and not a rash decision

eyedeekay 3

orignal just make a statment

orignal that I2P will be removed from Google Play soon

eyedeekay Plan first, statement after

eyedeekay 3

orignal then what else do you have in outstanding tasks?

dr|z3d can you push news updates to anrdoid users only, eyedeekay? does android i2p receive news subs?

dr|z3d if you can't push exclusively to android, that's fine, but a news post shortly about migrating from gplay to f-droid would be handy.

eyedeekay If we're considering axing GPlay then we need a path to migrate GPlay users

dr|z3d sure, that would be what the news post addresses.

orignal release ,apk

orignal like we do

orignal and F-droid

eyedeekay Which as dr|zed astutely observed just now, may involve android-specific news

dr|z3d no harm in informing desktop users, either. some may be on both platforms.

orignal eyedeekay do you know who are main users of i2pd-android? ))

eyedeekay We already have that orignal, we have .apk, F-Droid official support, and our own F-Droid repository

eyedeekay And mirrors

eyedeekay And github releases as of 2.3.0

eyedeekay No shortage of suppliers

orignal btw do you publish D for android?

eyedeekay Yes we do

orignal we plan to exclude android from tunnels

orignal they slow down too much

eyedeekay Your call, I totally understand why you would do that

eyedeekay Are we finally ready for 3?

orignal yes

eyedeekay 3) Multiple NetDB's in Java I2P - I promised a writeup for how our multiple-NetDB proposal will work for this week

eyedeekay It's at the top of the draft MR: i2pgit.org/i2p-hackers/i2p.i2p/-/merge_requests/95

eyedeekay It explains the incumbent differences between Java I2P and i2pd re: the positioning of the NetDB

eyedeekay And hopefully, how we'll be able to use i2pd to inform our design along the same lines

obscuratus FWIW, I got the latest segmented-netdb branch running on one of my test network routers.

eyedeekay orignal, you don't have to answer now, but if you have time at some point this week, would you explain where you separate your NetDB's, i.e. where the boundaries are?

orignal boundaries?

orignal it's simple

orignal every destination has it's own LeaseSets

eyedeekay obscuratus that's partly because the boundaries aren't quite real yet, everything is being dumped into the same context, what's been defined at the moment is the API itself

eyedeekay And only loosely

eyedeekay I believe I understand it but I would like to hear it from you

orignal they never overlapped

orignal and never use router's netdb for LeaseSet

orignal say you have two local destinations and first has a LeaseSet aleady

orignal if seconds need one it has to request it from floodfills

eyedeekay OK so the boundaries occur at Destinations + Router only for N+1 containers

orignal we also have one execption

eyedeekay That's what I thought

orignal "locallookup" command in our Bob extension

orignal it try to find a LeaseSet in router's netdb

orignal we use one at reg.i2p

eyedeekay OK that makes sense, I already encountered some places where I need something like that

orignal to check if address is alive

orignal no resson to request LeaseSet if you have it iin your router's netdb

eyedeekay Makes perfect sense

eyedeekay Another question I think I know the answer to but want to hear what you think

eyedeekay Does a NetDB for a destination ever need to know a RouterInfo, or will it entirely consist of LeaseSets?

orignal only LeaseSets in i2pd

obscuratus Doesn't the OBEP forward stuff directly sometimes?

orignal if I need to request more floodfills I do it trough router's exploratory tunnels

orignal but I also need to think about it

orignal when destination takes floodfills from router's netdb

orignal is some attack possible?

orignal like forcing destination to request some floodfill with fake ident on your own floodfill

eyedeekay obscuratus yes I think so but I also think I need to look at when/why to do this change

eyedeekay OK that answers my big questions for this week on 3 then

eyedeekay Anything else on 3?

orignal not sure yet how it can help attacker

obscuratus OK, so exploratory tunnels handle RI, client tunnels (destinations) don't need to? I can see that.

orignal correct

orignal RI are always done through exploratory

orignal ofc if destination receives RI instead LS it will be dropped

eyedeekay Re: Attacks not that we know of right now, but we've had a couple problems recently this is a historical weak-point of ours. If we can make it easier to defend I would like to.

eyedeekay If you mean in i2pd, I don't think so, at most it might disclose that an i2pd user is using i2pd which doesn't seem like that big a deal

eyedeekay Last call for 3

orignal nice

eyedeekay OK thanks everybody for coming to the meeting, I will update the topic as soon as my cable comes back

eyedeekay BTW to the folks observing in particular Opicaak sorry I was not about to -v the channel today due to being stuck on a mobile device

eyedeekay Next meeting will be the 31st same time

obscuratus Some quick follow-up on #1, I confirmed that orignal is correct, we publish NTCP IP when firewalled.

eyedeekay Thanks for confirming that for us obscuratus

orignal obscuratus IP is not a problem, "i" is a problem

dr|z3d yeah, the i cap, introducers active, shouldn't be used with a declared ip. the 2 should be mutually exclusive.

obscuratus So, with the direction Java I2P currently appears to be taking (and, yeah, it's early yet), with completely divorced netDb tables, the client is going to have to maintain RI at least for the FF it intends to use for looking up Leasesets.

orignal dr|z3d techically it could be

orignal yous SSU2 uses introducers and NTCP2 is reachable from outside

dr|z3d orignal, yeah, if ssu is firewalled and ntcp isn't.. that's what you're driving at?

orignal my network confoguration for example

orignal I can forward TCP port and cann't forward UDP

dr|z3d yeah, I'm sure your network is highly confogged ;)

orignal not mine

orignal but you know today networks have different configuration

dr|z3d sure, but I'm agreeing with you when you say if we're firewalled on both tcp and udp, we shouldn't be publishing our ip.

orignal the problem that you publish "i" and this address is really not reachable from outside

obscuratus orignal: In I2PD, when a destination needs to craft a DatabaseSearchMessage to look up a Lease Set, where does it look for the FF RI it will need to use for the query?

orignal from router's netdb

dr|z3d sure, that's one issue. the other issue is that you're publishing any ip when you're firewalled, from a privacy perspective. if I'm firewalled, intentionally or otherwise, my own ip should be unknown.

orignal as I said we should think about possible attacks

dr|z3d (except to my introducer)

orignal dr|z3d yes

obscuratus dr|z3d: But the people you connect to will know your IP, so it's not that secret.

orignal I never publish IP/port is firewalled

orignal obscuratus however people collecting netdb will not find your IP there

dr|z3d obscuratus: only via introducers, sure, but definitely my ip shouldn't be discovered in the netdb.

dr|z3d *discoverable

obscuratus That's security through obscurity. It its critical your actual IP address is hidden, then we're not doing it.

dr|z3d not really, it's about discoverability.

dr|z3d take this example: I'm firewalled, in hidden mode, because I'm in China..

dr|z3d so being in China, I'm avoiding any other Chinese ips for my tunnels and direct connections.

orignal you can't hide your acrual IP

orignal and it's musch easier to harvest netdb

dr|z3d so my expectation is that routers won't be able to discover my ip through a scan of the netdb.

orignal that run bunch of routers to collect all hidden IPs

obscuratus It makes it more difficult, but not impossible. I'm nearly positive China wouldn't hesitate to set up a VPS outside of China, and collect IP addresses of U routers if they wanted to.

orignal ofc

dr|z3d sure, not impossible. just more work required.

orignal that's why we offer I2P over yggdrasil ))

orignal they get an IP ... starting from 2xx

obscuratus But, just to be clear, I have no problem with leaving the IP address out when the router is U.

orignal up to you, but "i" is not supposed to be there if your IP/port is not reacnable

obscuratus Haha, I'm looking at a XU router with an IPv6 address of ::1

obscuratus I thought we banned those.

orignal yes we do

obscuratus I guess since they also have IPv4 with introducers, we ignore the fact they have a ::1 address for IPv6

eyedeekay I thought so too

obscuratus XxLxwG6Xr3I-nnvIeQekavlwpwT1QWEK2XD3~D2on7E=

eyedeekay Hm, sure enough