[i2p] weekly status notes [sep 14]

jrandom jrandom at i2p.net
Tue Sep 14 11:21:39 PDT 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi y'all, its that time of the week again

* Index:

1) 0.4.0.1
2) Threat model updates
3) Website updates
4) Roadmap
5) Client apps
6) ???

* 1) 0.4.0.1

Since last Wednesday's 0.4.0.1 release, things have been going
pretty well on the net - more than 2/3rd of the network has
upgraded, and we'e been maintaining between 60 and 80 routers on
the network.  IRC connection times vary, but lately 4-12 hour
connections have been normal.  There have been some reports of
funkiness starting up on OS/X though, but I believe some
progress is being made on that front too.

* 2) Threat model updates

As mentioned in reply [1] to Toni's post [2], there has been a
pretty substantial rewrite of the threat model [3].  The main
difference is that rather than the old way of addressing the
threats in an ad-hoc manner, I tried to follow some of the
taxonomies offered within the literature [4].  The biggest
problem for me was finding ways to fit the actual techniques
people can use into the patterns offered - often a single
attack fit within several different categories.  As such, I'm
not really too pleased with how the information in that page
is conveyed, but its better than it was before.

[1] http://dev.i2p.net/pipermail/i2p/2004-September/000442.html
[2] http://dev.i2p.net/pipermail/i2p/2004-September/000441.html
[3] http://www.i2p.net/how_threatmodel
[4] http://freehaven.net/anonbib/topic.html

* 3) Website updates

Thanks to Curiosity's help, we've begun on some updates to the
website - the most visible of which you can see on the homepage
itself.  This should help people out who stumble upon I2P and
want to know right off the bat wtf this I2P thing is, rather
than having to hunt and peck through the various pages.  In any
case, progress, ever onwards :)

* 4) Roadmap

Speaking of progress, I've finally thrown together a revamped
roadmap [5] based upon what I feel we need to implement and upon
what must be accomplished to provide for the user's needs.  The
major changes to the old roadmap are:

 * Drop AMOC altogether, replaced with UDP (however, we'll support
   TCP for those who can't use UDP *cough*mihi*cough*)
 * Kept all of the restricted route operation to the 2.0 release,
   rather than bring in partial restricted routes earlier.  I
   believe we'll be able to meet the needs of many users without
   restricted routes, though of course with them many more users
   will be able to join us.  Walk before run, as they say.
 * Pulled the streaming lib in to the 0.4.3 release, as we don't
   want to go 1.0 with the ~4KBps per stream limit.  The bounty on
   this is still of course valid, but if no one claims it before
   0.4.2 is done, I'll start working on it.
 * TCP revamp moved to 0.4.1 to address some of our uglier issues
   (high CPU usage when connecting to people, the whole mess with
   "target changed identities", adding autodetection of IP address)

The other items scheduled for various 0.4.* releases have already
been implemented.  However, there is one other thing dropped from
the roadmap...

[5] http://www.i2p.net/roadmap

* 5) Client apps

We need client applications.  Applications that are engaging,
secure, scalable, and anonymous.  I2P by itself doesn't do much,
it merely lets two endpoints talk to each other anonymously.
While I2PTunnel does offer one hell of a swiss army knife, tools
like that are only really engaging to the geeks among us.  We need
more than that - we need something that lets people do what they
actually want to do, and that helps them do it better.  We need a
reason for people to use I2P beyond simply because its safer.

So far I've been touting MyI2P to meet that need - a distributed
blogging system offering a LiveJournal-esque interface.  I
recently [6] discussed some of the functionality within MyI2P on
the list.  However, I've pulled it out of the roadmap as its just
too much work for me to do and still give the base I2P network the
attention it needs (we're already packed extremely tight [7]).

There are a few other apps that have much promise.  Stasher [8]
would provide a significant infrastructure for distributed data
storage, but I'm not sure how that's progressing.  Even with
Stasher, however, there would need to be an engaging user
interface (though some FCP apps may be able to work with it).

IRC is also a potent system, though has its limitations due to
the server-based architecture.  oOo has done some work to see
about implementing transparent DCC though, so perhaps the IRC
side could be used for public chat and DCC for private file
transfers or serverless chat.

General eepsite functionality is also important, and what we
have now is completely unsatisfactory.  As DrWoo points out [9],
there are significant anonymity risks with the current setup,
and even though oOo has made some patches filtering some
headers, there is much more work to be done before eepsites can
be considered secure.  There are a few different approaches to
addressing this, all of which can work, but all of which
require work.  I do know that duck mentioned he had someone
working on something, though I don't know how thats coming or
whether it could be bundled in with I2P for everyone to use
or not.  Duck?

Another pair of client apps that could help would be either a
swarming file transfer app (ala BitTorrent) or a more
traditional file sharing app (ala DC/Napster/Gnutella/etc).
This is what I suspect a large number of people want, but there
are issues with each of these systems.  However, they're well
known and porting may not be much trouble (perhaps).

Ok, so the above isn't anything new - why did I bring them all
up?  Well, we need to find a way to get an engaging, secure,
scalable, and anonymous client application implemented, and it
isn't going to happen all by itself out of the blue.  I've come
to accept that I'm not going to be able to do it myself, so we
need to be proactive and find a way to get it done.

To do so, I think our bounty system may be able to help, but I
think one of the reasons we haven't seen much activity on that
front (people working on implementing a bounty) is because
they're spread too thin.  To get the results we need, I feel we
need to prioritize what we want and focus our efforts on that
top item, 'sweetening the pot' so as to hopefully encourage
someone to step up and work on the bounty.

My personal opinion is still that a secure and distributed
blogging system like MyI2P would be best.  Rather than simply
shoveling data back and forth anonymously, it offers a way to
build communities, the lifeblood of any development effort.  In
addition, it offers a relatively high signal to noise ratio,
low chance for abuse of the commons, and in general, a light
network load.  It doesn't, however, offer the full richness of
normal websites, but the 1.8 million active LiveJournal users
don't seem to mind.

Beyond that, securing the eepsite architecture would be my
next preference, allowing browsers the safety they need and
letting people serve eepsites 'out of the box'.

File transfer and distributed data storage are also incredibly
powerful, but they don't seem to be as community oriented as
we probably want for the first normal end user app.

I want all of the apps listed to be implemented yesterday, as
well as a thousand other apps I couldn't begin to dream of.  I
also want world peace, and end to hunger, the destruction of
capitalism, freedom from statism, racism, sexism, homophibia,
an end to the outright destruction of the environment and all
that other evil stuff.  However, we are only so many people
and we can only accomplish so much.  As such, we must
prioritize and focus our efforts on achieving what we can
rather than sit around overwhelmed with all we want to do.

Perhaps we can discuss some ideas about what we should do in
the meeting tonight.

[6] http://dev.i2p.net/pipermail/i2p/2004-September/000435.html
[7] http://www.i2p.net/images/plan.png
[8] http://www.freenet.org.nz/python/stasher/
[9] http://brittanyworld.i2p/browsing/

* 6) ???

Well, thats all I've got for the moment, and hey, I got the
status notes written up *before* the meeting!  So no excuses,
swing on by at 9pm GMT and barrage us all with your ideas.

=jr

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQUc1OhpxS9rYd+OGEQLaYQCg0qql8muvuGEh46VICx4t69PuRl8An0Ki
3GEF2jrg/i9csiMO6VdQccxH
=4Tip
-----END PGP SIGNATURE-----

_______________________________________________
i2p mailing list
i2p at i2p.net
http://i2p.dnsalias.net/mailman/listinfo/i2p

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]

More information about the cypherpunks-legacy mailing list