I2P dev meeting, August 2, 2022 @ 20:00 UTC
eyedeekay, zzz, zlatinb, StormyCloud, R4S4S, SilicaRice, not_bob
Filazalazana feno momban'ny IRC
(04:18:08 PM) eyedeekay: 1. Hi (04:18:08 PM) eyedeekay: 2. 1.9.0 development status (04:18:08 PM) eyedeekay: 3. Apple silicon bundle status (04:18:08 PM) eyedeekay: 4. Letter to EFF to clarify what "running" a network means (04:18:08 PM) eyedeekay: 5. New Outproxy ref: http://zzz.i2p/topics/3254 (04:18:08 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) (04:18:08 PM) eyedeekay: b) Technical review and test results (zzz and others) (04:18:08 PM) eyedeekay: c) ToS and log policy review http://stormycloud.i2p/outproxy.html (all) (04:18:08 PM) eyedeekay: d) Vote to approve (all) (04:18:08 PM) eyedeekay: e) Rollout plan (if approved) (zzz, StormyCloud) (04:19:11 PM) eyedeekay: zzz zlatinb you guys here? (04:19:24 PM) zzz: hi (04:19:27 PM) zlatinb: hi yes (04:20:11 PM) eyedeekay: Sorry about that again, had a cooking accident (04:20:12 PM) eyedeekay: 2. 1.9.0 development status (04:21:23 PM) eyedeekay: We're 3 weeks from release, we pretty much settled on a date for it at ls2 meeting yesterday, it's going to be the 22nd. i2pd and/or Java I2P may enable SSU2 for new installs, or a small percentage of the network on restart like for router rekeying (04:22:21 PM) eyedeekay: 3 weeks left for bug reports and bug fixes (04:22:47 PM) eyedeekay: Anything else to add zzz, zlatinb? (04:23:54 PM) eyedeekay: 3. Apple silicon bundle status (04:23:54 PM) eyedeekay: zlatinb this one is your, please start when you are ready (04:24:23 PM) not_bob_afk is now known as not_bob (04:25:23 PM) zzz: let me add a little on 2) please (04:25:30 PM) SilicaRice: is SSU2 officially stable? :o (04:25:35 PM) eyedeekay: Ok go ahead, sorry did not mean to rush (04:25:46 PM) zzz: lag (04:25:59 PM) zzz: tag freeze will be Aug. 10, a week from tomorrow (04:26:17 PM) zzz: the SSU2 testers have been very helpful, about 50-75 of them on the network (04:26:36 PM) zzz: our goal is to enable it for a few hundred to a thousand routers in the this release (04:26:53 PM) zzz: to help us shake out the remaining bugs, while avoiding any chance of disaster (04:27:19 PM) zzz: and we'll enable it for everybody in the November release (04:27:33 PM) SilicaRice: ahh :3 (04:27:47 PM) zzz: everything else is going smoothly as well, just the usual bug fixes all over (04:28:13 PM) zzz: SSU2 is mostly finished, that doesn't mean it's mostly perfect yet (04:28:30 PM) zzz: shout out also to the i2pd team, they're working hard also (04:28:42 PM) zzz: I guess that's it unless there's any questions (04:28:56 PM) not_bob: Will the update also effect the android build? (04:29:46 PM) eyedeekay: I don't change any settings, SSU2 will technically be available but there won't be a UI to enable it (04:30:34 PM) eyedeekay: It just inherits defaults from i2p.i2p except where it has to to run on the Android environment (04:30:36 PM) zzz: sure. We may also just enable SSU2 for all Android, since it's so much less CPU than SSU1 w/ ElGamal (04:30:36 PM) not_bob: Good, good. (04:30:36 PM) zzz: that's what i2pd is thinking, we may do the same (04:30:36 PM) zzz: yeah, we're not going to put an option in the UI and then lobby like crazy for people to enable it (04:30:36 PM) zzz: we'd never get the numbers we want (04:30:36 PM) not_bob: Can we get an option to enable it if desired? Better battery life would be better. (04:30:46 PM) zzz: there's an advanced config, see zzz.i2p for info (04:30:53 PM) not_bob: Thank you. (04:30:55 PM) zzz: not sure if Android has access to advanced cnofig? (04:31:32 PM) eyedeekay: No it doesn't, you have to do weird stuff to make it work (04:31:51 PM) eyedeekay: Pretty much devs-only to manually edit non-i2ptunnel config files on Android (04:32:03 PM) not_bob: :( (04:32:26 PM) zzz: ok. anyway, might be good to enable it for android anyway, because one of the last features we need to implement is handling IP changes, so mobile routers will help us develop and test test (04:32:43 PM) not_bob: I vote for that. (04:33:25 PM) zzz: ok. to be clear, nobody's going to notice any difference with SSU2. It's mostly the same feature set, and currently a little slower than SSU1, at least on Java. It's faster for i2pd (04:33:47 PM) eyedeekay: Battery life is a huge deal if SSU2 will make a difference at that (04:34:18 PM) eyedeekay: We could be worse about how much battery we use, but we could also be better (04:34:37 PM) zzz: the benefits are more security, less CPU, more reliable firewall detection (04:34:44 PM) zzz: I may write up a whole blog post about it, I think it's one of the most censorship-resistant protocols ever designed. We'll see (04:35:01 PM) zzz: eot (04:36:20 PM) eyedeekay: Thanks zzz. I think people are hearing "Less CPU" and instantly making an association "Easier on battery for Androids" which may be part of the interest (04:36:35 PM) eyedeekay: 3. Apple silicon bundle status (04:37:15 PM) eyedeekay: zlatinb this one's yours, go ahead when you're ready (04:37:26 PM) zlatinb: Hi, I made the bundle available for download about 6 days ago and there have been almost 100 downloads since (04:37:55 PM) zlatinb: about 30% of the mac users download the arm64 bundle which surprises me (04:40:58 PM) zlatinb: No feedback anywhere yet, but with the last known bug fixed I think this should be ready for promotion to stable (04:40:58 PM) zzz: the only thing I'd suggest is making sure the news feeds are up and working on both servers, by putting up a 'thanks for testing' news entry (04:40:58 PM) zlatinb: I'm thinking to upgrade the 1.8 bundle to 1.9 when that becomes available to test the update channel although don't expect any issues (04:40:58 PM) zlatinb: yes, can do that tomorrow after my right hand will be fully functional again (hopefully) (04:40:58 PM) zlatinb: that's about it (04:40:58 PM) zlatinb: eot (04:42:08 PM) eyedeekay: Thanks zlatinb, if you choose to do a news entry let me know and I'll update the servers (04:42:48 PM) eyedeekay: 4. Letter to EFF to clarify what "running" a network means (04:43:28 PM) zzz: so I'd say after a successful update or news entry, stable is fine. I don't expect any issues either, but we've had plenty of news glitches before (04:43:48 PM) zzz: but willing to hear other opinions ofc (04:43:48 PM) zlatinb: the only real action for promoting to stable really is removing the "BETA" label from the website (04:43:48 PM) uis is now known as Irc2PGuest3854 (04:43:48 PM) zzz: sure, it's more the principle than anything actually being different (04:43:48 PM) zzz: let's be purposeful in our labeling, that's all (04:44:07 PM) zlatinb: Yes, some background on that: (04:44:10 PM) mode (+v T3s|4) by ChanServ (04:44:34 PM) mode (+v albat) by ChanServ (04:44:48 PM) mode (+v polistern) by ChanServ (04:44:53 PM) zlatinb: eyedeekay and I met Kurt Opsahl from EFF at HOPE few weeks ago and asked him about legality of working on something like I2P (04:45:43 PM) zlatinb: He said that writing code is fine because "code == speech", however "running" the network may be a different story (04:46:21 PM) zlatinb: we didn't dig into what running the network means at HOPE (04:46:56 PM) zlatinb: but I think it's a good idea to reach out and clarify the topic as much as possible (04:47:41 PM) zzz: what would we do differently, based on conceivable responses? (04:48:38 PM) zlatinb: I'm having very hard time conceiving the responses as it's a very broad topic (04:48:44 PM) eyedeekay: It may inform who is able to run what services (04:48:50 PM) zzz: whatever "running" we're doing, it's much less than their darling Tor, and how might we do even less? (04:49:32 PM) eyedeekay: But I think one likely response is that running services to support a network is probably speech too (04:49:53 PM) eyedeekay: That may be optimistic, but it's also the one that involves the least leaps (04:50:20 PM) zzz: in my experience, ask a lawyer an informal question, you'll get good information. Send them a letter, they'll say they aren't licensed in your state, go hire somebody (04:50:51 PM) zlatinb: no idea, maybe reseeds are fine and addressbooks are not, who knows, Too many possible permutations (04:51:26 PM) zzz: if you want to follow up, follow up, but I've asked EFF for legal advice before, their answer is "we're not set up to be general purpose legal counsel. We litigate cases of interest" (04:51:59 PM) eyedeekay: Maybe I can track down somebody for an informal question next week then. Can't hurt to try both (04:52:38 PM) eyedeekay: Writing the letter would help inform the question (04:53:14 PM) zzz: email Kurt. He gave you a vague answer, following up is reasonable. He's always been quite nice every time I talk to him (04:54:00 PM) eyedeekay: Can do (04:54:30 PM) zzz: I just wouldn't expect anything actionable, but who knows? (04:54:32 PM) zlatinb: well it's worth structuring any such letter properly; also may be wise to build up the engagement gradually rather than dump a giant letter from the blue (04:55:31 PM) eyedeekay: zlatinb do you want to set up a time to sync up and write that letter this week? (04:55:34 PM) zlatinb: I suggest we start with a simple follow-up like "was nice to meet you" and then expand from there (04:56:32 PM) zlatinb: currently I'm thinking we should not write a giant letter describing how i2p works until we get an ack that eff is willing to work with us (04:56:42 PM) eyedeekay: OK (04:56:59 PM) zlatinb: they may decide they want a retainer, who knows (04:57:10 PM) zzz: see above. they don't do that (04:57:48 PM) zzz: you're misunderstanding how they work (04:58:06 PM) zlatinb: I'll shoot him a "was nice to meet you" follow up and cc you guys and take it from there. (04:58:18 PM) zlatinb: if they can't help at all that's fine too (04:59:15 PM) eyedeekay: Anything else for 4? (04:59:23 PM) zlatinb: no, eot (04:59:38 PM) eyedeekay: 5. New Outproxy ref: http://zzz.i2p/topics/3254 (04:59:38 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) (04:59:38 PM) eyedeekay: b) Technical review and test results (zzz and others) (04:59:38 PM) eyedeekay: c) ToS and log policy review http://stormycloud.i2p/outproxy.html (all) (04:59:38 PM) eyedeekay: d) Vote to approve (all) (04:59:38 PM) eyedeekay: e) Rollout plan (if approved) (zzz, StormyCloud) (04:59:51 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) (05:00:10 PM) zzz: StormyCloud, you here? (05:00:21 PM) StormyCloud: Yes (05:00:41 PM) zzz: this is a proposal to replace false.i2p, which was unreliable for years and is now dead (05:00:56 PM) zzz: thanks for volunteering to support a replacement (05:01:18 PM) zzz: please go ahead and give us a brief overview of your organization and your infrastructure (05:01:45 PM) StormyCloud: Who we are: We are a 501(c)(3) non-profit organization based out of Texas. Our mission is to provide privacy-based tools to allow everyone access to an unfiltered and unregulated Internet. We started this organization in 2021 and have been working closely with the TOR community by deploying exit nodes. (05:02:37 PM) StormyCloud: We own all of our hardware and currently colocate at a Tier 4 data center. As of now have a 10GBps uplink with the option to upgrade to 40GBps without the need for much change. We have our own ASN and IP space (IPv4 & IPv6). (05:02:55 PM) StormyCloud: Outproxy Infrastructure: Outproxies are run on Ubuntu 22.04 and have been optimized for I2P. The backend proxy software is TinyProxy and supports HTTP, HTTPS, I2P, and TOR onion links. Currently, the outproxy is multi-homed on two servers. We can increase this number of servers as needed. (05:04:03 PM) zzz: I want to invite everyone to ask questions of StormyCloud at any point as we go through the agenda (05:04:15 PM) zzz: any questions at this time? (05:04:26 PM) not_bob: Yes (05:04:39 PM) not_bob: How do you deal with users who try to use your service for "really nasty stuff"? (05:05:46 PM) StormyCloud: Nothing, we do not filter any requests. While that does invite "bad" users we feel the internet should be a free and open place. (05:06:12 PM) R4SAS: And one from me: will be here SOCKS5 proxies in future? (05:06:48 PM) StormyCloud: R4SAS: If there is a need for a SOCKS5 proxy I am sure we can get one deployed. (05:07:01 PM) R4SAS: Thanks (05:07:45 PM) zzz: any other questions on 5a) ? (05:08:02 PM) not_bob: http://notbob.i2p/graphs/stormycloud.i2p.yearly.svg (05:08:14 PM) not_bob: I just want to note that stormycloud has been great for uptime. (05:08:56 PM) SilicaRice: the backend supports I2P links uh huh? (05:08:57 PM) not_bob: And performance is great. (05:09:29 PM) zzz: that brings us to 5b, yes (05:09:29 PM) zzz: the outproxy has been in beta for quite a while (05:09:29 PM) zzz: testing should ensure that the service is reliable, meets applicable standards, and is secure (05:10:00 PM) zzz: we've encountered several issues over the last few months, and StormyCloud has always been responsive (05:10:13 PM) SilicaRice: (why would you run i2p links through an outproxy?) (05:10:29 PM) zzz: at this time my test results are good, and I'm recommending it to be our official outproxy (05:10:38 PM) dr|z3d: StormyCloud misspoke. there is no .i2p support. (05:10:40 PM) zzz: but let's hear any other test reports or questions (05:10:43 PM) StormyCloud: SilicaRice: My apologies I wrote that wrong (05:11:03 PM) SilicaRice: oh okay (05:12:00 PM) R4SAS: > We do not cooperate with any requests for information except where compelled by law, and in that event our ability to assist is limited by our logging policy. (05:12:19 PM) R4SAS: Will be here transparency reports in such situations? (05:12:45 PM) zzz: also, to be clear, this meeting is about Java I2P's default and recommendations. Any other project including i2pd may have their own processes and requirements and negotiations with the outproxy operator (05:13:03 PM) StormyCloud: R4SAS: Yes, we public a report quarterly on our clearnet website. That is something I can also do on our i2p site. (05:13:48 PM) zzz: ok, looks like we're on 5c) review of ToS and logging policies. The goal here is to ensure our users are protected. (05:14:00 PM) R4SAS: also, please, create in-i2p mail for contacting =) (05:14:03 PM) zzz: any comments or questions about the Tos? (05:15:41 PM) R4SAS: ah, btw, about 5b: StormyCloud, what tunnel settings are you using? (05:16:06 PM) R4SAS: length, amount, etc (05:16:11 PM) dr|z3d: 0 hop. (05:16:17 PM) eyedeekay: Everything it says looks pretty clear to me, although to follow up on what R4S4S it might be good to put a link to the transparency report in or after that > We do not... unless compelled by law section (05:16:34 PM) zzz: an outproxy operator is in a position to view all traffic, or at least all non-https traffic, so it's important that we trust the operator to protect our users (05:17:01 PM) StormyCloud: eyedeekay: Makes sense, ill get this added to the website (05:17:09 PM) zzz: it's currently two multihomed 0-hop servers, right StormyCloud ? (05:17:19 PM) StormyCloud: Correct (05:17:42 PM) not_bob: But, just to clarify, with the way i2p tunnels work, my 2-3 hops are still there. You are just not adding any more, right? (05:18:07 PM) dr|z3d: the client can configure as many hops as they wish, not_bob. (05:18:12 PM) zzz: I also saw on zzz.i2p that it's ipv4-only but that may get fixed soon, right? (05:18:13 PM) anonymousmaybe is now known as Irc2PGuest54486 (05:18:15 PM) not_bob: Yep, that's what I thought. Thank you. (05:18:48 PM) StormyCloud: zzz: Correct, our upstream provider finished their upgrade. I didnt want to mess with IPv6 until all testing was done (05:19:49 PM) zzz: would you please elaborate on your experience running tor exits and the capacity of your tor exits? (05:21:00 PM) StormyCloud: Sure, we have been running tor exit since late last year, currently sitting at 130ish exits with about 1.6% of TOR exit traffic going through our servers. (05:21:49 PM) StormyCloud: Everything is virtualized and the process to setup has become pretty automated (05:22:06 PM) zzz: have you ever received any DMCA or other legal processes w.r.t. your tor exits? if so, how was it handled? (05:23:33 PM) StormyCloud: No legal requests and surprisingly no DMCA requests. We do get abuse complaints, we just respond and let them know this is a TOR exit and there is nothing further that can be done on our end. (05:23:47 PM) major: No legal requests and surprisingly no DMCA requests. We do get abuse complaints, we just respond and let them know this is a TOR exit and there is nothing further that can be done on our end. (05:24:27 PM) R4SAS: huh, acetone's bot has bug (05:24:33 PM) zzz: any other questions sor StormyCloud before we go to 5d) appproval ? (05:24:34 PM) R4SAS: I'll PM him (05:25:33 PM) zzz: normally major doesn't have +v, but I turned +m off for the meeting, no big deal (05:26:36 PM) zzz: ok, if there's no more questions, everybody please indicate your approval / disapproval for making StormyCloud our official outproxy (05:26:45 PM) not_bob: Approve (05:26:58 PM) zzz: approve (05:27:05 PM) zlatinb: approve (05:27:05 PM) eyedeekay: approve (05:27:18 PM) SilicaRice: approve (if users count for anything) (05:27:54 PM) R4SAS: no objections, approve (05:28:32 PM) zzz: ok, great (05:28:39 PM) zzz: 5e) rollout (05:28:50 PM) zzz: the two major steps are: (05:29:08 PM) zzz: 1) setting it as default for new installs (as early as the next release in 3 weeks) (05:29:23 PM) zzz: 2) recommending to existing users to change their config (probably via console news, any time) (05:29:30 PM) zzz: these can happen in either order (05:29:41 PM) zzz: and we have no idea how much traffic either would generate (05:29:59 PM) zzz: other products (Android, bundles), probably aren't big enough to worry about timing (05:30:14 PM) zzz: StormyCloud, what is your request or recommendation on when and how we proceed? (05:31:36 PM) StormyCloud: If the console news can be set/sent anytime then we can let existing users know to switch now (if they want) and that gives us three weeks to monitor and spin up new servers if needed. (05:32:12 PM) dr|z3d: console news generally published with a new release. (05:32:13 PM) not_bob: StormyCloud: How much traffic are you handeling for the outproxy currently? (05:33:10 PM) zzz: ok. it would be nice to point to a howto page with screenshots for editing the hidden services manager config. That could be hosted on stormycloud.i2p, or a i2p-projekt.i2p blog post? Any volunteers to put that together? (05:33:35 PM) eyedeekay: I can do it (05:33:35 PM) StormyCloud: Difficult to say at this time, since we dont log anything. I am monitoring network activity, but that too doesnt tell a full picture since its also passing i2p traffic. (05:34:18 PM) dr|z3d: StormyCloud: we keep an eye on exit traffic via graphs.. (05:34:41 PM) dr|z3d: in short, notbob, nothing worth getting excited about. (05:34:59 PM) zzz: dr|z3d, you have a guess on current % utilization of your two nodes? probably very small? (05:35:21 PM) dr|z3d: utilization in what sense? (05:35:28 PM) dr|z3d: capacity-wise? (05:35:33 PM) zzz: yes (05:35:50 PM) zzz: or maybe you don't really know until you hit it... (05:35:51 PM) dr|z3d: very small is about right. (05:36:18 PM) dr|z3d: throw a few thousand concurrent users at the outproxy, we'll then know :) (05:36:33 PM) zzz: yeah, apologies to StormyCloud, we were unable to get any historical estimates of false.i2p bandwidth (05:37:06 PM) zzz: so it's a little bit of a crap shoot, as long as you're monitoring things and have an expansion plan, we should be fine (05:37:37 PM) StormyCloud: All good, we will adjust as more and more people start to use the outproxy (05:38:11 PM) dr|z3d: well, as configured, the outproxies combined can handle up to 8192 concurrent streams. so there's plenty of capacity there, and StormyCloud has plenty of stuff in the wings if required. (05:38:21 PM) zzz: and StormyCloud re: new installs, should we plan to make it the default in the next release late this month as well? (05:39:01 PM) StormyCloud: Yes, that would be fine (05:39:29 PM) zzz: ok then. eyedeekay let me know when you have a blog post up, and then I'll write the news entry (05:39:39 PM) zzz: anything else on 5e) rollout ? (05:39:43 PM) eyedeekay: OK, expect it tonight or tomorrow (05:40:14 PM) eyedeekay: Nothing from me (05:40:14 PM) zzz: thanks again StormyCloud (05:40:18 PM) zzz: back to you eyedeekay (05:41:07 PM) eyedeekay: All right that's it for the listed items, I'll be at Def Con next week in case anybody who's watching wants to meet me there lol (05:41:49 PM) eyedeekay: If anybody else has anything else for the meeting, please speak up, otherwise timeout 1m (05:42:59 PM) R4SAS: I have one question, but it is out of meeting scope (05:43:34 PM) zzz: oh, also thanks to dr|z3d for vital technical assistance over the testing period (05:43:41 PM) eyedeekay: All right thanks everybody for coming to the meeting, I've got a kind of crazy section in the middle of my log but once I fix that I'll post the logs to the web site (05:43:44 PM) eyedeekay: Thanks for coming (05:43:59 PM) not_bob: Thank you for having us.