[i2p] weekly status notes [nov 30]

Tue Nov 30 13:07:50 PST 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi y'all

* Index
1) 0.4.2 and 0.4.2.1
2) mail.i2p
3) i2p-bt
4) eepsites
5) ???

* 1) 0.4.2 and 0.4.2.1

Since we finally pushed out 0.4.2, the network's reliability and
throughput shot up for a while, until we ran into the brand new
bugs we created.  IRC connections for most people are lasting
for hours on end, though for some who have run into some of the
problems, its been a bumpy ride.  There have been a slew of
fixes [1] though, and later on tonight or early tomorrow we'll
have a new 0.4.2.1 release ready for download.

[1] http://dev.i2p.net/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD

* 2) mail.i2p

Earlier today I got slipped a note from postman saying he had
some things he wanted to discuss - for more info, see the
meeting logs (or if you're reading this before the meeting,
swing on by).

* 3) i2p-bt

One of the downsides of the new release is that we're running into
some trouble with the i2p-bt port.  Some of the problems have been
identified found and fixed in the streaming lib, but further work
is necessary to get it where we need it to be.

* 4) eepsites

There has been some discussion over the months on the list, in the
channel, and on the forum about some problems with how eepsites
and the eepproxy work - recently some have mentioned problems with
how and what headers are filtered, others have brought up the
dangers of poorly configured browsers, and there's also DrWoo's
page [2] summarizing many of the risks.  One particularly note
worthy event is the fact that some people are actively working on
applets that will hijack the user's computer if they do not
disable applets.  (SO DISABLE JAVA AND JAVASCRIPT IN YOUR BROWSER)

This, of course, leads to a discussion of how we can secure
things.  I've heard suggestions of building our own browser or
bundling one with preconfigured secure settings, but lets be
realistic - thats a lot more work than anyone here is going to
bite into.  However, there are three other camps:

1) Use a fascist HTML filter and tie it in with the proxy
2) Use a fascist HTML filter as part of a script that fetches
   pages for you
3) Use a secure macro language

The first is pretty much like we have now, except we filter the
content rendered through something like muffin or freenet's
anonymity filter.  The downside here is that it still exposes
HTTP headers so we'd have to anonymize the HTTP side as well.

The second is much like you can see on http://duck.i2p/ with the
CGIproxy, or alternately as you can see in freenet's fproxy.  This
takes care of the HTTP side as well.

The third has its benefits and drawbacks - it lets us use much
more compelling interfaces (as we can safely use some known safe
javascript, etc), but has the downside of backwards
incompatability.  Perhaps a merge of this with a filter, allowing
you to embed the macros in filtered html?

Anyway, this is an important development effort and addresses one
of the most compelling uses of I2P - safe and anonymous
interactive websites.  Perhaps someone has some other ideas or
info as to how we could get what is needed?

[2] http://brittanyworld.i2p/browsing/

* 5) ???

Ok, I'm running late for the meeting, so I suppose I should sign
this and send it on its way, 'eh?

=jr
[lets see if I get gpg to work right...]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBrOBZGnFL2th344YRArtBAJ9YhRvP3MczO96gi4Xwnowie55HlACgzlO3
1uyX1xgZLboelTOSdermS+Q=
=e5Xv
-----END PGP SIGNATURE-----
_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]