I2P dev meeting, November 18, 2003 @ 21:02 UTC
Quick recap
- Present:
dm, duck, godmode0, jrand0m, mihi, Ophite1, soros, TC, tusko, yodel,
Log IRC completo
[22:02] <jrand0m> agenda:
[22:02] <jrand0m> 0) welcome
[22:02] <jrand0m> 1) i2p dev status
[22:02] <jrand0m> - 0.2.1.1 is out (peer and tunnel updating and testing, tuning enhancements, tunnel throttling, a DoS defense)
[22:02] <jrand0m> - don't use bw limiting (still some debugging)
[22:02] <jrand0m> - keep your clocks generally correct (30 minute fudge factor) [used for lease expirations and garlics]
[22:02] <jrand0m> 2) kademlia, 0.3, and idn
[22:02] <jrand0m> 3) roadmap revise (0.2.3 --> 0.4, 0.2.2 --> 0.3.1)?
[22:02] <jrand0m> 4) app status [ppp2p, i2ptunnel, im, ns, squid]
[22:02] <duck> 5) why does jrand0m drink cheap local beer?
[22:02] <jrand0m> 5) comments / questions / etc
[22:02] <jrand0m> heh
[22:02] <jrand0m> so yeah, basically that fits under 5 :)
[22:02] <mihi_> double 5 ;)
[22:03] <mihi_> oops...
[22:03] <jrand0m> 0) welcome
[22:03] * mihi_ did not look 2 the left column
[22:03] <jrand0m> hi. 65th meeting I suppose.
[22:03] <jrand0m> hehe
[22:03] <jrand0m> 1) that code stuff
[22:04] <jrand0m> 0.2.1.1 came out last night
[22:04] <jrand0m> lots of goodness in there.
[22:04] * mihi tests it atm.
[22:04] <jrand0m> tunnels are tested and fail fast, penalizing all participants so they won't likely get into the rebuild
[22:05] <jrand0m> messages in i2ptunnel are also throttled to max 64k size (larger messages caused badness)
[22:05] <jrand0m> there are some bugs being worked out with the bw limiting code, so make sure your bw limits in router.config are negative values
[22:06] <jrand0m> (i2p doesn't have enough traffic on it to cause real load atm anyway)
[22:06] <jrand0m> (but bw limiting will be unit tested and fixed for 0.2.1.2)
[22:07] <jrand0m> also, please try to keep your clocks close to correct. it sucks that we have to need that, but right now we do.
[22:07] <jrand0m> we may be able to work out a way to not require semi-sync'ed clocks, but its delicate.
[22:07] <jrand0m> 2) fun stuff
[22:08] <jrand0m> a lot of the bugs being worked out in the last few releases are related to the crappy kludge of a BroadcastNetworkDB.
[22:08] <jrand0m> since its planned for replacement in 0.3, might as well at least mention what its being replaced with
[22:09] <jrand0m> kademlia is a structured distributed hash table (DHT) that lets us insert and fetch in under O(log(N)) time, guaranteed
[22:09] <jrand0m> [with one small caveat thats still being worked out]
[22:10] <jrand0m> that kademlia code needs to get written for 0.3 so we can do insert and fetch of RouterInfo and LeaseSet structures.
[22:10] <jrand0m> however, things would be simpler if it were implemented seperately - and hence testable seperately.
[22:10] <jrand0m> (unit testing == good)
[22:11] <jrand0m> so, whats a simple way to unit test a dht? to write a simple file store/lookup service on it.
[22:11] <dm> insert fetch? are we talking about content?
[22:11] <jrand0m> enter idn: (Link: http://wiki.invisiblenet.net/iip-wiki?I2PIDN)http://wiki.invisiblenet.net/iip-wiki?I2PIDN
[22:11] <Ophite1> dm: No, only routerinfo and leaseset structures.
[22:12] <jrand0m> dm> i2p's networkDatabase currently contains only two specialized structures, as ophite said
[22:12] <dm> okay, thanks.
[22:12] <Ophite1> may or may not be useful to use it for bootstrapping other protocols too, but it's not anonymous itself. (?)
[22:12] *** grimps (~grimp@anon.iip) has joined channel #iip-dev
[22:12] <tusko> one question: which protocol is used now for networkDatabase?
[22:13] <jrand0m> sorry, phone.
[22:13] *** Signoff: godmode0 (Ping timeout)
[22:13] <jrand0m> correct, kademlia is not anonymous, but not non-anonymous either
[22:13] <Ophite1> modified kademlia will scale. random will not.
[22:13] <jrand0m> tusko> currently we do a flooded broadcast
[22:13] <duck> what about kademlia getting splitted?
[22:13] <dm> no cell phones allowed into meeting.
[22:13] <duck> <insert zooko comments>
[22:13] <Ophite1> flooded broadcast aka gnutella method definitely won't ;)
[22:13] <jrand0m> Ophite1> right, kademlia doesn't use random ones :)
[22:13] <duck> Ophite1: works better as freenet routing :)
[22:14] <jrand0m> duck> exactly (<jrand0m> [with one small caveat thats still being worked out] )
[22:14] <Ophite1> duck: i rest my case... ;)
[22:14] *** Signoff: mihi (Ping timeout)
[22:14] <tusko> is kademlia some sort of hypercube?
[22:14] <Ophite1> no, a circle.
[22:14] *** Signoff: mihi_ (Ping timeout)
[22:14] <jrand0m> and/or a xor tree :)
[22:15] <Ophite1> splits/joins... reshuffle tree? can we take a peek at emule's overnetalike for this? :)
[22:15] <jrand0m> its a fairly easy protocol, but we can definnitely look around.
[22:16] <jrand0m> icepick has implemented kademlia in python too, for ent (as kashmir)
[22:16] *** mihi (~mihi@anon.iip) has joined channel #iip-dev
[22:16] <Ophite1> consider also malicious nodes deliberately fragmenting the tree.
[22:16] <jrand0m> absolutely. but its fairly attack resistant
[22:16] <Ophite1> 256 bit keyspace is more resistant to that though.
[22:17] <Ophite1> plus would have to make a lot of routeridentity structures = hard.
[22:17] <tusko> i found interesting the papers of gravepine: (Link: http://grapevine.sourceforge.net/)http://grapevine.sourceforge.net/
[22:17] <jrand0m> this is also why I want to implement it first as an application, rather than rip out the core of i2p - so we can work out all the messy details first
[22:17] <Ophite1> so I'm pleased with sec 3 of 0.9 draft.
[22:17] *** Signoff: nickthief54450 (Excess Flood)
[22:18] *** nickthief54450 (~chatzilla@anon.iip) has joined channel #iip-dev
[22:18] <tusko> look to (Link: http://grapevine.sourceforge.net/tech-overview.php)http://grapevine.sourceforge.net/tech-overview.php
[22:18] <Ophite1> though I might point out that if message 0, DatabasePing, is inplemented, you might want to include a hashcash in it.
[22:18] <jrand0m> interesting tusko, I think their economic model might require some revision, as with their sybyl defenses
[22:19] <Ophite1> (you may already; haven't ready that part)
[22:19] <jrand0m> absolutely Ophite1. I was actually thinking about putting hashcash certs into all of the messages (DatabaseLookup included)
[22:20] <Ophite1> good idea. though, be careful of performance and tuning vs. dos defense there, and you might want to run hashcash calc in a separate, lower-priority thread?
[22:21] <jrand0m> well, hashcash verification should be near instantaneous
[22:21] <jrand0m> and hashcash generation shouldn't be able to be precompiled
[22:21] <jrand0m> er, precomputed
[22:21] <dm> Ophite1 must be an avatar created by jrand0m so that he can finally talk about I2P with someone who understands wtf he's saying.
[22:22] <jrand0m> lol
[22:22] * dm is not fooled.
[22:22] *** godmode0 (~enter@anon.iip) has joined channel #iip-dev
[22:22] <Ophite1> one way of preventing that is to use derivatives of session keys as part of the hashcash..
[22:22] <jrand0m> right. and/or put in a nonce and the date
[22:22] <Ophite1> date leads to those troublesome timing problems though. that could be a real issue.
[22:22] <Ophite1> unless you feel like rewriting ntp as well ;-)
[22:22] *** Signoff: mihi (Ping timeout)
[22:23] <jrand0m> heh
[22:23] <jrand0m> well, we've already run into that a little bit
[22:23] <jrand0m> (hence the 30 minute fudge factor)
[22:23] <jrand0m> a session hash may be workable though. good idea.
[22:24] <Ophite1> and no, i'm not jrand0m's clone ;)
[22:24] <jrand0m> ok, so for idn, I'm probably only going to implement the stuff on that I2PIDN wiki page
[22:25] *** Signoff: dm (Ping timeout)
[22:25] <jrand0m> what would probably rule would be if someone would take that and run with it - make a real user interface, better get/store apps, fec/ecc/etc.
[22:25] <jrand0m> also, I had some ideas about a search network built in parallel as well
[22:26] <jrand0m> but, well, its probably more useful to i2p that I focus my time on the router
[22:26] <Ophite1> it runs on top of i2p?
[22:26] <jrand0m> (making it functional, scalable, and secure)
[22:26] <jrand0m> yes
[22:26] <jrand0m> i2p lets idn be anonymous
[22:27] <Ophite1> what were your search network ideas?
[22:27] <jrand0m> note: its not written yet, but its looking like its #2 on my task list
[22:27] <Ophite1> can another dht be built through tunnels?
[22:27] *** mihi (~mihi@anon.iip) has joined channel #iip-dev
[22:27] <jrand0m> basically a distributed replicated db, with hashcash inserts and syncs, where people store idn keys along side metadata / etc
[22:27] *** dm (~as@anon.iip) has joined channel #iip-dev
[22:28] <jrand0m> hmm, yes, certainly. but i2p isn't inherently tunnel based - its message based (i2p is IP, i2ptunnel is TCP)
[22:28] <Ophite1> if ~all node participate = very useful for "discovering" other protocols.
[22:28] <jrand0m> definitely
[22:28] <Ophite1> so, should be standard.
[22:28] <Ophite1> dhcp/zeroconf for the i2p? :)
[22:28] <jrand0m> idn would be a very good app to bundle with i2p to let people have an 'out of box experience'
[22:29] <Ophite1> If it's meant to be a fully featured communication/file transfer/storage application, I'd like to propose the name "Darknet".
[22:29] <jrand0m> :)
[22:29] <Ophite1> You, of course, probably already know where that comes from. :)
[22:30] <dm> Where does it come from?
[22:30] <Ophite1> MS Research's paper: The Darknet and the Future of Content Distribution.
[22:30] *** Signoff: godmode0 (Ping timeout)
[22:30] <TC> link?
[22:30] *** tonious (~Flag@anon.iip) has joined channel #iip-dev
[22:30] <jrand0m> well, tim may says he invented the term ~11 years ago ;)
[22:30] <tusko> where is the I2PIDN wiki page?
[22:30] <dm> (Link: http://crypto.stanford.edu/DRM2002/darknet5.doc)http://crypto.stanford.edu/DRM2002/darknet5.doc
[22:30] <jrand0m> tusko> (Link: http://wiki.invisiblenet.net/iip-wiki?I2PIDN)http://wiki.invisiblenet.net/iip-wiki?I2PIDN
[22:30] <Ophite1> also implies that the network works "in the dark" - noone knows who anyone is ;)
[22:30] <jrand0m> exactly.
[22:31] *** mihi_ (~mihi@anon.iip) has joined channel #iip-dev
[22:31] <jrand0m> well, i2p itself is a darknet in that sense, but its generic messaging - it is the IP layer for such a darknet.
[22:31] <jrand0m> i2ptunnel is the TCP layer, and idn is NFS :)
[22:31] <Ophite1> i2p is the protocol that allows such a network to be created from something broadly like overnet.
[22:31] <Ophite1> speaking of which... is there a way to specify priority in messages?
[22:32] *** mihi is now known as nickthief76430
[22:32] *** mihi_ is now known as mihi
[22:32] <jrand0m> funny that you mention that :)
[22:32] *** nickthief76430 is now known as mihi_backup
[22:32] <mihi> oops...
[22:32] <jrand0m> I was just reading some of the upcoming HotNets2 papers ((Link: http://nms.lcs.mit.edu/HotNets-II/program.html)http://nms.lcs.mit.edu/HotNets-II/program.html) and got inspired for some QoS over i2p mechanisms
[22:33] <Ophite1> would a bulk/low-latency bit compromise anonymity slightly (intersection attack?) by allowing traffic linkage? well, even if it were sometimes flips?
[22:33] <Ophite1> ah, well that might work better of course =)
[22:33] <Ophite1> Don't worry about local plausible denability.
[22:33] <jrand0m> right, i2p assumes the local machine is trusted
[22:33] *** Signoff: dm (Ping timeout)
[22:33] <Ophite1> That is a problem to be solved by Rubberhose/Marutukku and Thermite, not I2P.
[22:34] <jrand0m> exactly. (otherwise, the software is compromised and it doesn't matter what we do)
[22:34] * TC hopes his local machine is trusted
[22:34] <jrand0m> heh
[22:34] <Ophite1> TC: easy way to find out; make death threats against bush and see if SS agents turn up at your door ;-)
[22:34] <jrand0m> lol
[22:34] <TC> done and done
[22:34] *** Signoff: tonious (Ping timeout)
[22:34] <jrand0m> hah!
[22:35] * jrand0m watches my squid proxy get taken down by the fbi
[22:35] <TC> its a trap!
[22:35] <jrand0m> get an axe!
[22:35] <jrand0m> :)
[22:35] <TC> anybody play uplink?
[22:35] <Ophite1> completed it. cracked it. released it.
[22:35] <Ophite1> trained it too ;)
[22:36] * jrand0m takes that as a "yes"
[22:36] *** dm (~as@anon.iip) has joined channel #iip-dev
[22:37] <Ophite1> there may be some dos possibilities in caching, in memory stuff...
[22:37] <jrand0m> ok, so thats what I'm thinking with idn/kademlia. get idn implemented and working over the 0.2. code, smash it in a bit, then implement 0.3 with that kademlia implementation
[22:37] <jrand0m> oh certainly. the todo list has 'sync pending and large messages to disk' :)
[22:37] <dm> shouldn't IDN be implemented after I2P is tested and mature?
[22:38] <jrand0m> thats one of the problems we ran into testing a large file of TC's eepsite
[22:38] <Ophite1> dm: not given as it's a testbed for the fancy db.
[22:38] <jrand0m> dm> I was thinking that too, but I need to implement the kademlia code to get 0.3 ready. basically the kademlia code IS 0.3
[22:38] <Ophite1> I do like the hybrid dht nature such a network would provide though.
[22:39] <dm> aha...
[22:39] <jrand0m> but if no one wants to toss a normal UI onto it until i2p 1.0, that might be a good idea as well
[22:39] <Ophite1> dht node discovery + ngr-like routing = scalability capable of handling critical mass
[22:39] <dm> what happened to that original milestone list. secure-->anonymous-->not harvestable, etc...
[22:39] <Ophite1> jrand0m: I will refrain from advertising it to pirates until it's ready. that enough?
[22:39] <jrand0m> well, minus the ngr-like routing :) we tunnel :)
[22:39] <TC> as long as we keep the cli
[22:39] <dm> ah scalable was one of the items in that chain.
[22:39] <jrand0m> dm> 0.3 is necessary for scalable. which is before not harvestable
[22:39] <jrand0m> thanks Ophite1 :)
[22:40] <jrand0m> definitely TC. I'll need the cli to test it
[22:40] <Ophite1> scalability of the actual anonymous stuff is directly related to choices made in the routing for the tunnels, and that's a router implementation thing?
[22:40] <jrand0m> (and, c'mon, we'll probably do software distribution / releases with idn)
[22:40] *** godmode0 (~enter@anon.iip) has joined channel #iip-dev
[22:40] <dm> alrighty... sounds okay then.
[22:40] <jrand0m> absolutely ophite.
[22:40] <Ophite1> suggestion: maximum message size?
[22:40] <jrand0m> thats the Hard problem
[22:41] <jrand0m> max message size is currently insanely large (4g) but I'm thinking of trimming it to 64k or 128k
[22:41] <jrand0m> but I don't want to resort to that yet
[22:41] * Ophite1 goes digging in notes
[22:41] <Ophite1> BitTorrent/Scone scalability notes indicate 512K.
[22:42] <jrand0m> heh ok cool. (any refs I can dig into?)
[22:42] <Ophite1> but, think of it like tcp window size.
[22:42] <jrand0m> right
[22:42] <Ophite1> not for scone, sorry - friend's research project.
[22:42] <jrand0m> coo', no worry
[22:42] *** Signoff: mihi_backup (Ping timeout)
[22:42] <Ophite1> fwiw, your kademlia is about as good as his though :)
[22:42] <jrand0m> hehe
[22:42] <jrand0m> (well, I haven't implemented it yet ;)
[22:42] <Ophite1> uh, hers I mean :/
[22:42] <jrand0m> oh wikked
[22:43] <dm> boner..
[22:43] *** mihi_backup (~mihi@anon.iip) has joined channel #iip-dev
[22:43] <jrand0m> heh
[22:43] <jrand0m> so, thats 2) kademlia, 0.3, and idn
[22:43] <Ophite1> she named her toys after puddings. custard, crumble (Waste-like), strudel.. her bittorrent-a-like was the fastest pudding in the world - 'scone ;)
[22:43] <jrand0m> haha
[22:45] <Ophite1> she's a math.
[22:45] <jrand0m> even better
[22:45] <jrand0m> there's a lot of stats gathering / analysis that will be coming up for advanced peer selection
[22:45] <Ophite1> but I'll see if I can bounce stuff past her. scalability from i2np 0.9 was from her - she likes it.
[22:45] <jrand0m> (unfortunately we can't cheat like mnet, mixminion, and tor)
[22:46] <jrand0m> great to hear
[22:46] <Ophite1> one comment - dsa?
[22:46] *** nickthief54450 (~chatzilla@anon.iip) has joined channel #iip-dev
[22:46] <Ophite1> dsa 1024 bit, as in SHA-1?
[22:46] <jrand0m> yea
[22:47] <Ophite1> 'spose it is tried and tested.
[22:47] <Ophite1> also small.
[22:47] <jrand0m> right. but I'm not 100% tied to our particular crypto impls
[22:47] <Ophite1> anyway. to roadmap.
[22:47] <TC> haha, lets name a windows version 'Microsoft Darknet (r)'
[22:47] <jrand0m> heh tc
[22:48] <jrand0m> ok, 3) roadmap revise (0.2.3 --> 0.4, 0.2.2 --> 0.3.1)?
[22:48] <jrand0m> because of all the bugs I've been running into wrt the broadcast db, I want to escalate the 0.3 (kademlia db) release
[22:48] <TC> its nice not being limmited by trademarks like a normal open source project
[22:49] *** tonious (~Flag@anon.iip) has joined channel #iip-dev
[22:49] <jrand0m> 0.2.3 is restricted routes / trusted peers, and probably not a hard feature requirement that anyone here has. it can be shuffled out to 0.4 without problem, I think
[22:50] <jrand0m> 0.2.2 is tunnel mods, but I think a lot of the pressure to get that implemented will be eased with the 0.2.1.1 release (which tests and rebuilds tunnels as necessary, rather than waiting 10 minutes)
[22:50] <Ophite1> trusted peers is an area that needs some revision imho.
[22:50] <jrand0m> agreed.
[22:50] *** dm_backup (~as@anon.iip) has joined channel #iip-dev
[22:50] <Ophite1> only area that doesn't give me warm fuzzies.
[22:50] <Ophite1> though that may just be the word "trusted". :)
[22:50] <jrand0m> basically my current thoughts are to publish tunnels to routers
[22:50] <jrand0m> heh
[22:51] <jrand0m> (if we publish tunnels to routers, we can get away with untrusted gateways, which drops the 'trusted' from trusted peers)
[22:51] *** Signoff: dm (Ping timeout)
[22:51] *** dm_backup is now known as dm
[22:51] <Ophite1> need to analyse anonymity implications of that.
[22:51] <jrand0m> but trusted peers is inherently necessary in a militant grade anon system, where /all/ nodes you can contact are considered attackers.
[22:52] <Ophite1> don't think that is truly possible...
[22:52] <jrand0m> certainly. yet another reason it should get 0.4
[22:52] <jrand0m> Ophite1> trusted nodes with timed / triggered self destruct.
[22:52] <jrand0m> set up a patsy, route through it, kill it
[22:52] <jrand0m> exactly, if patsies delete their logs after N hours / N bytes / N messages
[22:52] <Ophite1> I mean if you want me to release a worm that sets up a couple of million...
[22:53] <Ophite1> logs? what logs?
[22:53] <jrand0m> :)
[22:53] <jrand0m> ok, format the disks ;)
[22:53] * Ophite1 wrote kernel-level stealth trojan
[22:53] <jrand0m> nice
[22:53] * dm wrote kernel level outlook calendar plugin.
[22:53] <Ophite1> ...when I was 19 :)
[22:53] <Ophite1> still works. :)
[22:54] <Ophite1> not going to include it in this though, don't worry, or, uh, check my code, which would probably be a Good Thing To Do anyway ;)
[22:54] <dm> when I was 12.
[22:54] <jrand0m> I don't think i2p will want /that/ large distribution until after 1.0 is stable and heavily peer reviewed
[22:54] <jrand0m> heh Ophite1
[22:54] <jrand0m> heh dm
[22:54] <Ophite1> frankly, think that is a fluff feature.
[22:54] <jrand0m> perhaps.
[22:55] <jrand0m> restricted routes is a necessity though
[22:55] <jrand0m> its basic functionality for people behind firewalls
[22:55] <jrand0m> (very restrictive firewalls)
[22:55] <Ophite1> hello, transports.
[22:55] <Ophite1> we'll get to that.
[22:55] <Ophite1> or is now the appropriate time to discuss them?
[22:55] <jrand0m> sure, lets dig in :)
[22:56] <jrand0m> we've already run into a problem with an unreachable peer that could be solved with restricted routes
[22:56] *** tusko has left #iip-dev
[22:56] <jrand0m> even though it was due to misconfiguration, it could be more common
[22:57] <Ophite1> Also: given two cooperating peers behind inbound-filtering firewalls that drop bad packets, and one cooperating peer which is not behind a firewall and can send packets with forged IP source addresses to both of the other peers...
[22:57] <Ophite1> You can establish a TCP connection between the two firewalled peers that both firewalls think is outbound.
[22:57] <jrand0m> definitely
[22:57] <dm> forged IP addresses?!?
[22:58] <Ophite1> believe me, firewalls are a VERY common problem.
[22:58] <Ophite1> sometimes they are user-controlled but the user is a doofus. that can be handled with the installer handling the firewall :)
[22:58] <dm> I2P is gonna use IP spoofing? :)
[22:58] <jrand0m> definitely. if i2p can't operate behind firewalls / NATs / proxies, there's no reason to continue.
[22:59] <Ophite1> sometimes they are actively hostile, corporate or educational gateways seeking to deliberately mess up everything. It's got to traverse those, and traverse them cleanly.
[22:59] <jrand0m> dm> transport options
[22:59] <jrand0m> absolutely Ophite1
[22:59] <Ophite1> dm: I have a working implementation - in the Direct Connect protocol.
[22:59] <jrand0m> i2p wants to be the battleground for that code.
[22:59] <Ophite1> dm: If *that* can handle it, i2p can.
[22:59] *** Signoff: tonious (Ping timeout)
[23:00] <Ophite1> I suggest leaving it turned off by default though. Only a very few want it turned on, and it would be nice if they can advertise which they are so requests can be routed to them.
[23:00] <dm> you can't spoof IPs without native code can you?
[23:00] <Ophite1> the advantage is that they don't have to route *through*, just help the setup.
[23:00] <Ophite1> = massive speed boost.
[23:01] <jrand0m> definitely Ophite1, thats what the RouterInfo.routerAddress[] structure is for
[23:01] <Ophite1> dm: yeah, like this isn't going to be rewritten?
[23:01] *** tonious (~Flag@anon.iip) has joined channel #iip-dev
[23:01] <dm> okay, just checking...
[23:01] <jrand0m> right dm, I have no qualms whatsoever with including native code in i2p
[23:01] <Ophite1> I would like to state that I don't think java is a permanent solution.
[23:01] <Ophite1> And that I regard java router as testbed/prototype.
[23:01] <jrand0m> thats fine. if it gets us to 1.0, works out the protocol, etc, good enough.
[23:02] <Ophite1> ...and hope it doesn't get stuck there as freenet has ;)
[23:02] <dm> IPAddress.Spoof(192.168.32.1);
[23:02] *** alient (alient@anon.iip) has joined channel #iip-dev
[23:02] <jrand0m> lol dm
[23:02] <dm> import IPSpoofing;
[23:02] <Ophite1> mmm... raw sockets in java ;)
[23:02] <jrand0m> fcntl / ioctl in java... mmMMmm
[23:02] <mihi> hmm, raw sockets require root on unix, don't they?
[23:02] <dm> women with large breasts lickig my penis.. mmMMmmm
[23:02] <jrand0m> so we include a rootkit
[23:03] <jrand0m> ;)
[23:03] <Ophite1> jrand0m: got it covered =)
[23:03] <jrand0m> heh
[23:03] <Ophite1> besides as I said; only a few need it.
[23:03] <jrand0m> right
[23:04] <jrand0m> and only for legitimate reasons, of course.
[23:04] <Ophite1> on my dc hub, only one (bot) had the capability, and the hub told it when passives wanted to connect to passives.
[23:04] <Ophite1> caused a bit of amazement that did.
[23:04] <jrand0m> hehe
[23:04] <Ophite1> also got the bot's host shut down, hence my suggestion to perhaps turn it off by default :)
[23:04] <jrand0m> thats definitely a good feature to have avail
[23:04] <jrand0m> lol
[23:05] *** Signoff: nickthief54450 (Excess Flood)
[23:05] <jrand0m> ok, so with restricted routes pushed to 0.4, we have a month or so to continue the debate as to whether the functionality is necessary
[23:06] <jrand0m> any other thoughts / things that should be in the roadmap that aren't, things that are in the wrong place, etc?
[23:06] <Ophite1> I say push it to 0.4 definitely. It will cause firewall issues at the moment but we are still in testing...
[23:06] <Ophite1> ...someone that can't open a firewall port probably shouldn't be trying it yet.
[23:06] *** nickthief54450 (~chatzilla@anon.iip) has joined channel #iip-dev
[23:06] <jrand0m> right. and even with firewalls, PHTTP lets them through.
[23:07] <Ophite1> though need to test phttp against hostile proxies.
[23:07] * jrand0m is behind a firewall I don't control and I participate fully in i2p
[23:07] <dm> hax0r
[23:07] <jrand0m> well, yes, hostile proxies can fake confirm, but its all signed, so the message can't go to the wrong place / etc
[23:08] <jrand0m> but the phttp relay and transport does have a lot of features needed
[23:08] <Ophite1> in particular, to examine the future possibilities application level routers might have at detecting/fucking up the protocol.
[23:08] <jrand0m> hm?
[23:08] <Ophite1> have some experience with firewall tunnelling though.
[23:08] <Ophite1> might want to include a GET fallback.
[23:09] <jrand0m> hmm. GET goes into logs. but perhaps as a fallback
[23:09] <jrand0m> (POST can be to /index.html)
[23:09] <Ophite1> jrand0m: but it's all signed/encrypted if noderefs are cool...?
[23:10] <Ophite1> unless the proxy becomes an active attacker too, that's going to be quite hard for it.
[23:10] <jrand0m> all messages are encrypted to the destination router, and the designation as to what phttp relay to go through is signed in the routerInfo
[23:10] <jrand0m> right. phttp proxy as is certainly isn't strong enough to go against an active attacker
[23:11] *** Signoff: grimps (Leaving)
[23:12] <jrand0m> I think it'd be great if people posted some alternate transport ideas to the wiki :)
[23:12] <jrand0m> ok, 4) app status [ppp2p, i2ptunnel, im, ns, squid]
[23:12] <jrand0m> damn, tusko left
[23:12] <jrand0m> tusko wrote a python script (ppp2p) to let people run ppp over i2p via i2ptunnel
[23:13] <Ophite1> Told you someone would do that :)
[23:13] <dm> ppp over i2p?
[23:13] <jrand0m> I haven't looked at it, but last I heard he was running a vpn over i2p with 5s ping times
[23:13] <jrand0m> heh yeah
[23:13] <Ophite1> dm: of course.
[23:13] <dm> when could you use that?
[23:13] <dm> could/would
[23:13] <jrand0m> dm> anonymous outproxy
[23:13] <Ophite1> dm: anonymous ANYTHING.
[23:13] <jrand0m> to, say, run a kazaa node anonymously, or whatever
[23:13] * Ophite1 points out that anyone running an outbound i2p->ppp link is insane and will probably be blacklisted/hunted down
[23:13] <dm> ah, I understand.
[23:13] <jrand0m> definitely Ophite1
[23:14] <jrand0m> so right now, its only for trusted peers.
[23:14] <Ophite1> see also: the dresden JAP cascade... :)
[23:14] <jrand0m> which, well, doesnt really make sense for anonymity...
[23:14] <jrand0m> heh
[23:14] <Ophite1> also most of the stuff going out of their node will be unencrypted...
[23:14] * jrand0m thinks about ike over ppp over i2p
[23:15] * jrand0m watches my head explode
[23:15] *** fiaga (~po@anon.iip) has joined channel #iip-dev
[23:15] <Ophite1> jrand0m: why not i2p over ppp over i2p?
[23:15] <jrand0m> definitely doable. aint recursion fun?
[23:15] <soros> i2p over i2p :-o
[23:15] <jrand0m> or i2p over ppp over i2p over i2p over freenet over kazaa
[23:15] <Ophite1> now that's just silly. Freenet wouldn't possibly work ;)
[23:16] <godmode0> over slow connect :)
[23:16] <jrand0m> heh it'd have latency issues, certainly :)
[23:16] <mihi> ... over an icmp tunnel over ...
[23:16] <Ophite1> ooh yes, loki :)
[23:16] <Ophite1> 0ldsk00l :)
[23:17] <Ophite1> I2P addresses, being the public keys, are ... rather long.
[23:17] <jrand0m> yes.
[23:17] <jrand0m> actually, since we're on agenda item 4: ns
[23:17] <Ophite1> As in an I2P www url being actually too long to paste into any sane place (>512 chars?!!)
[23:17] <mihi> co promised to write a naming service...
[23:17] <jrand0m> yeah.
[23:17] <jrand0m> I think with idn implemented, it would be very easy for someone to adapt the kademlia code into a distributed dns
[23:17] <mihi> Ophite1: post them to the eepsite forum.
[23:18] <Ophite1> trouble with namespace as I can figure it out is that there has to be either some degree of central control OR you have to allow collisions.
[23:18] *** Signoff: fiaga (Ping timeout)
[23:18] <jrand0m> (just toss on a CA or WoT CAs, and voila. (Link: www.mihi.i2p)www.mihi.i2p)
[23:18] <jrand0m> not necessarily.
[23:18] <Ophite1> please enlighten me with your better ideas then.
[23:18] <jrand0m> Ophite1> check out co/wiht's specs on the iip-dev list.
[23:19] <Ophite1> best I could come up with is root key creates signed namespaces. dnssec stylee.
[23:19] <jrand0m> he doesn't go the full route with a dht, but he manages groups
[23:19] <jrand0m> just like how we do now - we /all/ can choose who our root dns servers are.
[23:19] <jrand0m> in the same vein, we /all/ should be able to choose who our CA (or CA WoT) is
[23:20] <jrand0m> so I guess technically there /could/ be collisions, but only once there are multiple CA groups that don't interact
[23:20] * Ophite1 notes that is unlikely
[23:20] <jrand0m> agreed
[23:20] <Ophite1> you either trust the root CA or you don't.
[23:20] <jrand0m> and if you don't trust the root, you create your own
[23:21] <jrand0m> (or find another)
[23:21] <Ophite1> and if you don't trust the root CA it's for a reason, a reason that will rapidly get around.
[23:21] <jrand0m> exactly
[23:21] <jrand0m> especially when there's anonymous publishing :)
[23:21] <Ophite1> being as CA's only real purpose is to insure anti-collision - like Trent...
[23:21] <jrand0m> right
[23:22] <Ophite1> about the only thing that would cause lack of trust in CA is (1) key leakage or (2) refusal to register something that isn't already registered.
[23:22] * jrand0m notes verisign's "trustworthiness"
[23:23] * Ophite1 notes that Verisign purports to verify the identity of the certificate holder - one of the properties that an I2P namespace is in fact guaranteed NOT to do
[23:23] <jrand0m> self signed certs+++
[23:24] <Ophite1> also I'd point out that distributed systems - like Darknet, as I will call it from here on in until it sticks :) - built on top of i2p probably wouldn't use the namespace.
[23:24] <Ophite1> It's for servers, really.
[23:24] <jrand0m> heh
[23:24] <jrand0m> right
[23:24] <Ophite1> Servers don't scale. That problem will be in i2p as much as in IP.
[23:24] <Ophite1> so, I think that the usage in practice will actually be surprisingly limited.
[23:24] <jrand0m> the idn ("darknet") would keep references to destinations - the full 387 bits of their keys, not some pretty name
[23:24] <jrand0m> agreed.
[23:25] <jrand0m> except / until someone writes a distributed outproxy system
[23:25] <jrand0m> aka o-r / freedom over i2p
[23:25] <TC> how many diffrent keys can we have?
[23:25] * jrand0m looks forward to that day
[23:25] <jrand0m> tc> 2^2048
[23:25] <Ophite1> jrand0m: at which point the root key signs them a namespace: .proxy.i2p
[23:26] <dm> This must be the most hypothetical/megalomaniac open source development meeting ever :)
[23:26] <jrand0m> aint subspaces grand :)
[23:26] <jrand0m> lol dm
[23:26] <jrand0m> hey, we're alowed to aim high, aint we?
[23:26] <dm> I'm sure most devl meetings are like: "So, do we put 3 bits for the mpeg-5 header or 4?"
[23:26] <Ophite1> jrand0m: oddly as it may seem, not every number works for elgamal ;-)
[23:26] <TC> dm, youve seen debian meetings right?
[23:26] <jrand0m> awww c'mon, 000000000000000000000000000 is a secure key
[23:26] * Ophite1 hands out Chocolate Digestives
[23:26] <dm> TC: no, what are the like?
[23:26] <Ophite1> jrand0m: ooh, identity.
[23:26] <TC> dm, i dont know, i was asking
[23:27] <jrand0m> ok. thecrypto isn't here either... anyone have im thoughts?
[23:27] <Ophite1> damn, I was about to ask about that.
[23:27] <Ophite1> quite an important app.
[23:27] <dm> Anyway, this type of meeting is more lurker-friendly, so I'm all for it.
[23:27] * dm is entertained.
[23:27] <jrand0m> heh
[23:27] <TC> where is co?
[23:27] <Ophite1> as many people will expect i2p to be iip's successor.
[23:28] <jrand0m> iip over i2p is fairly easy, if we don't want dcc
[23:28] <Ophite1> (I guess it could be, if we just run an iip irc server over i2p...)
[23:28] <jrand0m> iip over i2p with dcc requires a new app
[23:28] <jrand0m> exactly Ophite1
[23:28] <jrand0m> 0 coding
[23:28] <TC> cant we just run irc over i2p?
[23:28] <Ophite1> I don't like that idea 'cause ... well, it doesn't give us anything we don't already have :)
[23:28] <jrand0m> but last I heard, thecrypto was doing some work on an IM app
[23:28] <jrand0m> certainly tc
[23:29] <jrand0m> right Ophite1, and it doesn't scale
[23:29] <jrand0m> (all the traffic gets funneled to the ircd)
[23:29] <Ophite1> Also the IRCd can spy on traffic.
[23:29] <TC> ah, goodpoint
[23:29] <jrand0m> (this would be when UserX should show up and discuss his ideas for iip2.0)
[23:29] <jrand0m> right Ophite1
[23:29] <jrand0m> all the problems of the current iip
[23:29] <Ophite1> jrand0m: And absolutely nothing different.
[23:29] <jrand0m> more lag.
[23:30] <Ophite1> except it's in java. lovely. :)
[23:30] <jrand0m> heh
[23:30] <Ophite1> Now, shitloads of people have cut their undergraduate teeth trying and failing to build distributed chat applications.
[23:30] <jrand0m> ok, so someone should either help thecrypto out or push him along some more :)
[23:30] * Ophite1 points out IRC3
[23:30] <jrand0m> yeah, its a perfect school project
[23:30] <Ophite1> ..and SILC...
[23:30] <Ophite1> ...and...
[23:31] <Ophite1> well about a gazillion others.
[23:31] <jrand0m> 'zactly
[23:31] <Ophite1> Literally all of these, I might add, are pre-DHT as far as I can tell.
[23:31] <jrand0m> yup
[23:31] <Ophite1> That's disappointing 'cause that's a freakishly useful structure.
[23:31] <jrand0m> a DHT for lookup / P3P, and then direct con for IM
[23:31] <jrand0m> group chat is harder though, but not too hard
[23:31] <Ophite1> well, direct in the i2p sense :)
[23:31] <jrand0m> heh right
[23:32] <Ophite1> what about darkmail/i2pmail?
[23:32] <soros> group sex too
[23:32] <dm> soros: agreed.
[23:32] <jrand0m> group sex isn't that hard soros ;)
[23:32] <jrand0m> lol
[23:32] <jrand0m> email over i2p is easy. someone just needs to run a pop server
[23:32] <jrand0m> or webmail
[23:32] <jrand0m> hahah
[23:33] <Ophite1> jrand0m: sure, as long as literally everyone is okay with bloody pgp :)
[23:33] * Ophite1 gets CKT nightmares again
[23:33] <jrand0m> oh, true. that'd expose the contents to hte server ;)
[23:33] <Ophite1> Also... spam.
[23:33] <jrand0m> yup
[23:33] <Ophite1> We have this thing called hashcash.
[23:33] <Ophite1> They sort of fit together, no?
[23:34] <jrand0m> ok, so yeah, someone should get working on an i2p specific email app :)
[23:34] <Ophite1> obviously that would work best as part of the im.
[23:34] <Ophite1> What, after all, is the distinction between irc and email?
[23:34] <jrand0m> true, like an IM VMB
[23:34] <Ophite1> Whether or not you can page up and see what you missed after you rejoin...
[23:34] <jrand0m> placed into the dht
[23:34] <jrand0m> good point
[23:35] * jrand0m wishes we had a team of a dozen coders
[23:35] <Ophite1> note, however, that mail requires storage, as it is offline communication. irc requires no storage, as it is online communication.
[23:35] <dm> also email has a lot more penis enlargement adverts.
[23:35] <Ophite1> jrand0m: ask around for funding.
[23:35] <Ophite1> dm: see above re: hashcash.
[23:35] <jrand0m> right, the P3P could contain pending messages
[23:36] <Ophite1> dm: A primitive that was not available to the bloke who hacked up email in a night.
[23:36] <Ophite1> (At least we won't have to use ! paths to specify the tunnel manually. heh. heh. heh.)
[23:36] * dm is gonna miss clear-text dead simple protocols.
[23:36] <jrand0m> jrandom%ophite!dm!mihi
[23:37] <Ophite1> no, this is i2p. Insert ~520 garbage characters between the bangs then you're closer ;)
[23:37] <jrand0m> haha
[23:37] <Ophite1> several of these things *are* sort of related.
[23:37] <jrand0m> true, 387 bytes base64 encoded...
[23:38] <Ophite1> or to put it another way, ELONGURL :)
[23:38] <jrand0m> heh
[23:38] <Ophite1> [does IE chop at 512?]
[23:38] <jrand0m> naw, works fine
[23:38] <Ophite1> you admit to using IE?
[23:38] <Ophite1> To browse anonymously?!
[23:38] <jrand0m> ;)
[23:38] * Ophite1 pulls out six of Liu De Yiu's best and waits =)
[23:38] * jrand0m uses ie for eppsites, moz for squiding
[23:39] <duck> what item are we now?
[23:39] <duck> 4?
[23:39] <jrand0m> yeah, ok ok
[23:39] <Ophite1> still 4 I think.
[23:39] <jrand0m> i2ptunnel. still kicks ass.
[23:39] <jrand0m> any thoughts? any comments mihi?
[23:40] <jrand0m> one thing I want to note wrt the squid outproxy is that I've updated the header filtering to ALLOW COOKIES and replace the user agent with something silly
[23:40] * mihi just waits for naming service...
[23:40] <jrand0m> mihi (or someone else)> it'd be really easy to bootstrap such a naming service with an /etc/hosts style i2p ns
[23:41] <mihi> btw: are there any other public dests except your squid and tc's eepsite?
[23:41] <jrand0m> i2pcvs.dest
[23:41] <jrand0m> (points at the i2p cvs pserver)
[23:41] <jrand0m> (but isn't always up)
[23:41] *** yodel (yodel@anon.iip) has joined channel #iip-dev
[23:41] <jrand0m> hola yodel
[23:41] <yodel> hela
[23:42] <jrand0m> ok, I think thats it for 4) apps
[23:42] <jrand0m> 5) comments / questions / etc
[23:42] <mihi> gui installer?
[23:42] <TC> hi yodel
[23:43] <yodel> I have to start experimenting putting the xml-rpc over i2p
[23:43] <yodel> should work with httptunnel
[23:43] <jrand0m> good question mihi. last I heard MrEcho had some of it working
[23:43] <jrand0m> awesome yodel
[23:43] <jrand0m> definitely.
[23:43] <jrand0m> how large are the streams?
[23:43] <jrand0m> (aka how chatty is the protocol?)
[23:44] * Ophite1 plans to try BitTorrent over I2P as a stress test
[23:44] <yodel> xml over http
[23:44] <yodel> the ssl layer wont be needed with i2p
[23:44] <Ophite1> so, uh, very chatty? :)
[23:44] <jrand0m> ah cool, large POST or large replies?
[23:44] <jrand0m> (or just small and small?)
[23:45] <jrand0m> damn you Ophite1 :)
[23:45] <yodel> equal sizes
[23:45] <yodel> does httptunnel support gzipped http?
[23:45] <jrand0m> but doesn't bt use IP addresses?
[23:45] <jrand0m> hmm, httptunnel doesn't have any inherent compression, its just a bitstream
[23:45] <TC> hmm, package i2p+ppp\vpn+gui as a security solution for wireless windows shares
[23:45] <yodel> so should work...
[23:45] <godmode0> jrand0m> you test i2p in nntp news server ?
[23:45] <jrand0m> yup yodel
[23:45] <yodel> 500-1000 byte send, same for reply
[23:46] <jrand0m> hmm I haven't tested that yet godmode0
[23:46] <yodel> much less when zipped
[23:46] <jrand0m> oh cool yodel, that'll work without any problem
[23:46] <yodel> what is the latency for a single msg/package/whatever?
[23:46] <jrand0m> 2-5s, sometimes up to 10s
[23:46] <jrand0m> (currently)
[23:46] <Ophite1> not bad for a pre-dht :)
[23:46] <yodel> so 20s roundtime?
[23:47] <jrand0m> I usually pull up a web page in 5-10s
[23:47] <yodel> ah
[23:47] <yodel> goo
[23:47] <yodel> +d
[23:48] <jrand0m> damn, we're coming up to the 2 hour mark. anyone have any other questions / thoughts?
[23:48] <Ophite1> Pie is good.
[23:48] <duck> jrand0m: why do you drink cheap local beer?
[23:48] <Ophite1> Orgy and pie is better.
[23:48] <jrand0m> rofl duck
[23:49] <Ophite1> duck: It's better than Tesco Value Lager?
[23:49] * Ophite1 spits from reflex
[23:49] <jrand0m> heh
[23:49] * duck is concerned about jrand0m's health
[23:49] <jrand0m> you're concerned about my cheap beer habits but not my good whiskey habits?
[23:50] * Ophite1 reminds about the single malt on Cary Sherman's head
[23:50] <duck> do you eat well?
[23:50] <godmode0> corona
[23:50] <duck> do you do your daily exercises?
[23:50] <jrand0m> well, i'm one of those veggies
[23:50] <Ophite1> Isn't that a personal question, duck?
[23:50] <jrand0m> does typing count?
[23:50] <duck> you did drink that much already?
[23:50] <duck> that you became a veggie
[23:50] <jrand0m> heh
[23:50] <Ophite1> cheap beer will do that.
[23:51] <duck> Ophite1: jrand0m's health should concern us all, since it is essential for I2P
[23:51] *** Signoff: mihi_backup (mihi hands jrand0m the *BAF*er)
[23:51] <jrand0m> heh ok ok mihi
[23:51] * jrand0m winds up
[23:51] * jrand0m *baf*s the meeting closed