simplify slug base (de)date valids

Signed-off-by: AGentooCat <agentoocat@mail.i2p>

.dockerignore

@@ -0,0 +1 @@
+.git

i2p2www/__init__.py

@@ -22,9 +22,9 @@ except ImportError:
 ###########
 # Constants
 
-CURRENT_I2P_VERSION = '1.8.0'
-CURRENT_I2P_FIREFOX_PROFILE_VERSION = '1.8.0'
-CURRENT_I2P_OSX_VERSION = '1.8.0'
+CURRENT_I2P_VERSION = '2.2.0'
+CURRENT_I2P_FIREFOX_PROFILE_VERSION = '2.1.0'
+CURRENT_I2P_OSX_VERSION = '1.9.0'
 
 CANONICAL_DOMAIN = 'geti2p.net'
 
@@ -210,9 +210,7 @@ def set_lang(endpoint, values):
 # Detect and store chosen theme
 @app.before_request
 def detect_theme():
-    theme = 'duck'
-    if 'style' in request.cookies:
-        theme = request.cookies['style']
+    theme = request.cookies.get('style', 'duck')
     if 'theme' in request.args.keys():
         theme = request.args['theme']
         # TEMPORARY: enable external themes

i2p2www/blog/2022/09/07/Meet_your_Maintainer_StormyCloud.rst

@@ -0,0 +1,201 @@
+
+============================================================
+{% trans -%}Meet Your Maintainer: StormyCloud{%- endtrans %}
+============================================================
+
+.. meta::
+   :author: sadie
+   :date: 2022-09-07
+   :category: general
+   :excerpt: {% trans %}An interview with the maintainers of the StormyCloud Outproxy{% endtrans %}
+
+{% trans -%}
+A conversation with StormyCloud Inc.
+{%- endtrans %}
+====================================
+
+{% trans -%}
+With the most recent `I2P Java
+release <https://geti2p.net/en/blog/post/2022/08/22/1.9.0-Release>`__,
+the existing outproxy, false.i2p was replaced with the new StormyCloud
+outproxy for new I2P installs. For people who are updating their router,
+changing over to the Stormycloud service can be done quickly.
+{%- endtrans %}
+
+{% trans -%}
+In your Hidden Services Manager, change both Outproxies and SSL
+Outproxies to exit.stormycloud.i2p and click on the save button at the
+bottom of the page.
+{%- endtrans %}
+
+|outproxystormy| **{% trans -%}Who is StormyCloud Inc?{%- endtrans %}**
+
+**Mission of StormyCloud Inc.**
+
+{% trans -%}
+To defend Internet access as a universal human right. By doing so, the
+group protects users’ electronic privacy and builds community by
+fostering unrestricted access to information and thus the free exchange
+of ideas across borders. This is essential because the Internet is the
+most powerful tool available for making a positive difference in the
+world.
+{%- endtrans %}
+
+**{% trans -%}Vision Statement{%- endtrans %}**
+
+{% trans -%}
+To become a pioneer in providing free and open Internet to everyone in
+the universe because Internet access is a basic human right
+`(https://stormycloud.org/about-us/) <https://stormycloud.org/about-us/>`__
+{%- endtrans %}
+
+{% trans -%}
+I met with Dustin to say hello, and to talk more about privacy, the need
+for services like StormyCloud, and what drew the company to I2P.
+{%- endtrans %}
+
+**{% trans -%}What was the inspiration behind starting StormyCloud?{%- endtrans %}**
+
+{% trans -%}
+It was late 2021, I was on the /r/tor subreddit. There was a person who
+had responded in a thread about how to use Tor who talked about how they
+relied on Tor in order to stay in contact with their family. Their
+family lived in the United States, but at the time they resided in a
+country where internet access was very restricted. They needed to be
+very cautious about who they communicated with and what they said. For
+these reasons, they relied on Tor. I thought about how I can communicate
+with people without fear or restrictions and that it should be the same
+for everyone.
+{%- endtrans %}
+
+{% trans -%}
+The goal of StormyCloud is to help as many people as we can to do that.
+{%- endtrans %}
+
+**{% trans -%}What have been some of the challenges of getting StormyCloud
+started?{%- endtrans %}**
+
+{% trans -%}
+The cost — it is ungodly expensive. We went the data centre route since
+the scale of what we are doing is not something that can be done on a
+home network. There are equipment expenses and reoccurring hosting
+costs.
+{%- endtrans %}
+
+{% trans -%}
+In regard to setting up the non-profit, we followed in Emerald Onion’s
+path and utilized some of their documents and lessons learned. The Tor
+community has many resources available that are very helpful.
+{%- endtrans %}
+
+**{% trans -%}How has the response been to your services?{%- endtrans %}**
+
+{% trans -%}
+In July we served 1.5 billion DNS requests over all of our services.
+People appreciate that there is no logging being done. The data is just
+not there, and people like that.
+{%- endtrans %}
+
+**{% trans -%}What is an outproxy?{%- endtrans %}**
+
+{% trans -%}
+An outproxy is similar to Tor’s exit nodes, it allows for clearnet
+(normal internet traffic) to be relayed through the I2P network. In
+other words, it allows I2P users to access the internet through the
+safety of the I2P network.
+{%- endtrans %}
+
+**{% trans -%}What is special about the StormyCloud I2P Outproxy?{%- endtrans %}**
+
+{% trans -%}
+To start with we are multi-homed which means we have several servers
+serving outproxy traffic. This ensures the service is always available
+to the community. All the logs on our servers are wiped every 15
+minutes. This ensures both law enforcement and ourselves do not have
+access to any data. We support visiting Tor onion links though the
+outproxy, and our outproxy is pretty fast.
+{%- endtrans %}
+
+**{% trans -%}How do you define privacy? What are some of the issues you see with
+overreach and data handling?{%- endtrans %}**
+
+{% trans -%}
+Privacy is freedom from unauthorized access. Transparency is important,
+such as opting in — the example being GDPR requirements.
+{%- endtrans %}
+
+{% trans -%}
+There are big companies hoarding data that is being used for
+`warrantless access to location
+data. <https://www.eff.org/deeplinks/2022/08/fog-revealed-guided-tour-how-cops-can-browse-your-location-data>`__
+There is overreach of tech companies into what people think is, and
+should be private, like photos or messages.
+{%- endtrans %}
+
+{% trans -%}
+It is important to keep doing outreach about how to keep your
+communication safe, and what tools or apps will help a person do so. The
+way that we interact with all of the information out there is important
+as well. We need to trust but verify.
+{%- endtrans %}
+
+**{% trans -%}How does I2P fit into StormyCloud’s Mission and Vision Statement?{%- endtrans %}**
+
+{% trans -%}
+I2P is an open source project, and what it offers aligns with the
+mission of StormyCloud Inc. I2P provides a layer of privacy and
+protection for traffic and communication, and the project believes that
+everybody has a right to privacy.
+{%- endtrans %}
+
+{% trans -%}
+We became aware of I2P in early 2022 when talking to people in the Tor
+community, and liked what the project was doing. It seemed similar to
+Tor.
+{%- endtrans %}
+
+{% trans -%}
+During our introduction to I2P and its capabilities, we saw the need for
+a reliable outproxy. We had really great support from people in the I2P
+community to create and start providing the outproxy service.
+{%- endtrans %}
+
+**{% trans -%}I am always curious about first impressions and what resources we can
+provide or improve on for people who are getting started with I2P. What
+can you tell me about your experience and suggestions for onboarding?{%- endtrans %}**
+
+{% trans -%}
+Make it easy to replicate or understand for people with limited IT
+knowledge or knowledge of I2P. Using the router, or even using email on
+I2P should be easy for everybody.
+{%- endtrans %}
+
+**{% trans -%}Conclusion{%- endtrans %}**
+
+{% trans -%}
+The need for awareness about surveilling what should be private in our
+online lives is ongoing. Collecting any data should be consensual , and
+privacy should be implicit.
+{%- endtrans %}
+
+{% trans -%}
+Where we cannot trust that our traffic or communication will not be
+observed without consent, we thankfully have access to networks that
+will by-design anonymize traffic and hide our locations.
+{%- endtrans %}
+
+{% trans -%}
+Thank you to StormyCloud and everyone who provides outproxies or nodes
+for Tor and I2P so that people can access the internet more safely when
+they need to. I look forward to more people bridging the capabilities of
+these complementary networks to create a more robust privacy ecosystem
+for everyone.
+{%- endtrans %}
+
+{% trans -%}
+Learn more about StormyCloud Inc.’s services https://stormycloud.org/
+and help support their work by making a donation
+https://stormycloud.org/donate/.
+{%- endtrans %}
+
+.. |outproxystormy| image:: https://user-images.githubusercontent.com/50714166/188997993-465b6a5a-52a0-40f0-bdff-68ca2b6c97ba.png

i2p2www/blog/2022/09/07/easy_install_bundle_1.9.5.rst

@@ -0,0 +1,27 @@
+====================================================================
+{% trans -%}Windows Easy-Install Bundle 1.9.5 Release{%- endtrans %}
+====================================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-09-07
+   :category: release
+   :excerpt: {% trans %}Windows Easy-Install Bundle 1.9.5{% endtrans %}
+
+{% trans -%}
+Bug Fixing release for Windows 11 users
+{%- endtrans %}
+=======================================
+
+{% trans -%}
+This point release includes a bug fix in the included I2P router, which resolves
+a highly obscure bug where the context clock is out of sync with the clock in
+use by the File System, resulting in a router which is unable to read the current
+state of it's own NetDB. Although this bug has only been observed on Windows 11
+so far, it is highly recommended that all users update to the new build.
+{%- endtrans %}
+
+{% trans -%}
+This release also features faster startup and times improved stability in the profile
+manager.
+{%- endtrans %}

i2p2www/blog/2022/09/26/i2p-safety-reminder.rst

@@ -0,0 +1,106 @@
+{% trans -%}
+==================================
+A Reminder to be Safe as I2P Grows
+==================================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2022-09-26
+    :category: general
+    :excerpt: {% trans %}A Reminder to be Safe as I2P Grows{% endtrans %}
+
+{% trans -%}
+A Reminder to be Safe as I2P Grows
+{%- endtrans %}
+==================================
+
+{% trans -%}
+It is an an exciting time for The Invisible Internet Project (I2P).
+We are completing our migration to modern cryptography across all of our transports, ( Java and C++), and we have recently gained a high-capacity and professional outproxy service, and there are more applications integrating I2P based functionality than ever.
+The network is poised to grow, so now is a good time to remind everyone to be smart and be safe when obtaining I2P and I2P-related software.
+We welcome new applications, implementations, and forks with new ideas, and the power of the network comes from its openness to participation by all I2P users.
+In fact, we don’t like to call you users, we like to use the word “Participants” because each of you helps the network, in your own way by contributing content, developing applications, or simply routing traffic and helping other participants find peers.
+{%- endtrans %}
+
+{% trans -%}
+You are the network, and we want you to be safe.
+{%- endtrans %}
+
+{% trans -%}
+We have become aware of attempts to impersonate I2P’s presence on the web and social media.
+To avoid offering momentum to these campaigns, we will not mention the actors affiliated with them, However, in order to help you recognize these campaigns should you encounter them in the wild, we are documenting their tactics:
+{%- endtrans %}
+
+-  Copying text directly from the I2P Web Site without acknowledging our license requirements in a way that may suggest endorsement.
+-  Involvement or promotion of an Initial Coin Offering, or ICO
+-  Crypto-Scam like language
+-  Graphics that have nothing to do with the textual content
+-  Click-farming behavior, sites that appear to have content but which instead link to other sites
+-  Attempts to get the user to register for non-I2P chat servers. We come to you or you come to us, we will not ask you to meet us at a third-party service unless you already use it(Note that this is not always true for other forks and projects, but it is true of geti2p.net).
+-  The use of bot networks to amplify any message on social media. I2P(geti2p.net) does not use bots for social media advertising.
+
+{% trans -%}
+These campaigns have had the side-effect of “shadow-banning” some legitimate I2P-related discussion on Twitter and possibly other social media.
+{%- endtrans %}
+
+{% trans -%}Our Sites{%- endtrans %}
+---------
+
+{% trans -%}
+We have official sites where people may obtain the I2P software safely:
+{%- endtrans %}
+
+-  `{% trans -%}Official Website - i2p.net{%- endtrans %}
+   <https://i2p.net>`__
+-  `{% trans -%}Official Website - geti2p.net{%- endtrans %}
+   <https://geti2p.net>`__
+-  `{% trans -%}Official Gitlab - i2pgit.org{%- endtrans %}
+   <https://i2pgit.org>`__
+-  `{% trans -%}Official Debian Repository - deb.i2p2.de{%- endtrans %}
+   <https://deb.i2p2.de>`__
+-  `{% trans -%}Official Debian Repository - deb.i2p2.no{%- endtrans %}
+   <https://deb.i2p2.no>`__
+-  `{% trans -%}Official Forums - i2pforum.net{%- endtrans %}
+   <https://i2pforum.net>`__
+
+{% trans -%}Invisible Internet Project Forums, Blogs and Social Media{%- endtrans %}
+---------------------------------------------------------
+
+{% trans -%}Hosted by the project{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~
+
+-  `{% trans -%}I2P Forums{%- endtrans %} <https://i2pforum.net>`__ - `{% trans -%}I2P{%- endtrans %}
+   Mirror <https://i2pforum.i2p>`__
+-  irc: `#i2p-dev` on Irc2P(`127.0.0.1:6668` in a standard I2P installation)
+
+{% trans -%}Hosted by Others{%- endtrans %}
+~~~~~~~~~~~~~~~~
+
+{% trans -%}
+These services are hosted by third-parties, sometimes corporations, where we participate in order to provide a social media outreach presence to I2P users who choose to participate in them.
+We will never ask you to participate in these unless you already have an account with them, prior to interacting with us.
+{%- endtrans %}
+
+-  `{% trans -%}Launchpad{%- endtrans %} : https://launchpad.net/i2p <https://launchpad.net/i2p>`__
+-  `{% trans -%}Github{%- endtrans %} : https://github.com/i2p <https://github.com/i2p>`__
+-  `{% trans -%}Twitter{%- endtrans %} : https://twitter.com/GetI2P <https://twitter.com/GetI2P>`__
+-  `{% trans -%}Reddit{%- endtrans %} :
+   https://www.reddit.com/r/i2p/ <https://www.reddit.com/r/i2p/>`__
+-  `{% trans -%}Mastodon{%- endtrans %}:
+   https://mastodon.social/@i2p <https://mastodon.social/@i2p>`__
+-  `{% trans -%}Medium{%- endtrans %}: https://i2p.medium.com/ <https://i2p.medium.com/>`__
+
+{% trans -%}Forks, Apps, and Third-Party Implementations are Not Evil.{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{% trans -%}
+This post attempts to provide ways of vetting the source for obtaining the Java I2P package represented by the source code contained in https://i2pgit.org/i2p-hackers/i2p.i2p and https://github.com/i2p/i2p.i2p, and which is available for download from the web site https://geti2p.net/.
+It is not intended to pass judgement on third-party forks, downstream projects, embedders, packagers, people experimenting in laboratories, or people who just disagree with us.
+You are all valued members of our community who are trying to protect, and not compromise, the privacy of others.
+Since we are aware of attempts to impersonate I2P project community members, you may wish to review the download, verification, and installation procedures which you recommend to your users in order to document your official sources and known mirrors.
+{%- endtrans %}
+
+{% trans -%}
+Authors Note: An earlier version of this blog post contained the TLS fingerprint of each of the services operated by the I2P Project.
+These were removed when a certificate renewal caused the fingerprints to become inaccurate.
+{%- endtrans %}

i2p2www/blog/2022/09/26/meet-your-maintainer-divaexchange.rst

@@ -0,0 +1,347 @@
+{% trans -%}
+==================================
+Meet your Maintainer: DivaExchange
+==================================
+{%- endtrans %}
+.. meta::
+    :author: sadie
+    :date: 2022-09-26
+    :category: general
+    :excerpt: {% trans %}A conversation with DivaExchange{% endtrans %}
+
+{% trans -%}
+*In this second installment of Meet Your Maintainer, I reached out to
+Konrad from DIVA.EXCHANGE to talk about DIVA’s research and services.
+DIVA.EXCHANGE is developing software with the goal of providing free
+banking technology for everyone. It is secure without a central
+infrastructure, and based on blockchain and I2P technology.*
+{%- endtrans %}
+
+**{% trans -%}What got you interested in I2P?{%- endtrans %}**
+
+{% trans -%}
+About 10 years ago I had a presentation for “Technologieforum Zug” - a
+very local technology network for business guys. I was introducing I2P
+and Tor as overlay networks to them - to show them that other
+interesting things exist out there.
+{%- endtrans %}
+
+{% trans -%}
+I was always very much interested in cryptography related technology. In
+general I can say that my core interests were and still are: networks,
+freedom and privacy on both a technical and social level, interesting
+algos, like HashCash between 2000 and 2010, which was a very well
+working Proof-of-Work algo created at Universities in the UK in the late
+90’s.
+{%- endtrans %}
+
+{% trans -%}
+I2P fascinated me because it is really carefully done - from the
+architecture to the implementation in Java and C++. Personally I prefer
+de-coupled and small programs doing one thing. Hence I was pretty
+fascinated by the C++ version, I2Pd, which is lean, fast and without
+dependencies. It works very well for me.
+{%- endtrans %}
+
+**{% trans -%}What are the qualities in its technical capacity that aligned with
+your own work or interests?{%- endtrans %}**
+
+{% trans -%}
+I adore craftsmanship. That’s art. And I2P is modern craftsmanship. I2P
+creates values for end users values which can’t be bought: autonomy,
+liberty and serenity.
+{%- endtrans %}
+
+{% trans -%}
+I2P fascinates me because it’s agnostic. Anyone can run anything on I2P
+as long as it talks TCP or UDP - and can handle some latency. Really:
+“the network is the computer” and the communication is truly private
+according to the current state of knowledge.
+{%- endtrans %}
+
+**{% trans -%}Who is DIVA for?{%- endtrans %}**
+
+{% trans -%}
+DIVA gets actively developed and therefore the project is for
+researchers, software developers, communicators (writers, illustrators…)
+and for people who want to learn really new stuff in the area of
+distributed technology.
+{%- endtrans %}
+
+{% trans -%}
+Once DIVA grows up - please don’t ask me when - DIVA will be a fully
+distributed, self-hosted bank for everyone.
+{%- endtrans %}
+
+**{% trans -%}Can you tell me about what DIVA does?{%- endtrans %}**
+
+{% trans -%}
+As said, DIVA will be a fully distributed, self-hosted bank for
+everyone. “Banking” means: savings, payments, investments, loans - so
+all that stuff everybody is doing everyday. Please note in this context:
+DIVA works without any central infrastructure and DIVA will never - as
+long as I have something to say - be a coin or token. There can’t be any
+central business model involved. If a transaction creates fees because a
+node of the distributed infrastructure did some work, then these fees
+remain at the node which did the work.
+{%- endtrans %}
+
+{% trans -%}
+Why a “bank”? Because financial liberty and autonomy is key to live a
+good and peaceful life and to be able to make all those smaller and
+larger daily decisions in freedom. Therefore people shall own their
+small and secure technology components to do whatever they like to do
+without being nudged.
+{%- endtrans %}
+
+{% trans -%}
+Well, say hello to DIVA, based on I2P.
+{%- endtrans %}
+
+**{% trans -%}What are your upcoming goals? What are your stretch goals?{%- endtrans %}**
+
+{% trans -%}
+There is a very close goal: understanding the impact of SSU2 which has
+been lately implemented in I2P. This is a technical goal for the next
+few weeks.
+{%- endtrans %}
+
+{% trans -%}
+Then, probably this year: some cryptocurrency transactions using DIVA on
+testnets. Please don’t forget: DIVA is a research project and people
+shall be motivated to do their own stuff with DIVA - the way they need
+it. We don’t run any infrastructure or alike for others except some
+transparent test networks to increase the knowledge and wisdom of
+everyone. It’s recommended to stay in touch with DIVA via social
+networks
+(`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__) or
+chats to be inspired what to do with DIVA.
+{%- endtrans %}
+
+{% trans -%}
+I also want to touch an important part for the I2P community: DIVA is
+based on divachain - which is then based on I2P. Divachain is a very
+generic fully distributed storage layer. So, just as an example: if some
+I2P developer believes that a fully distributed, trustless DNS would be
+a great idea - well, that’s yet another use case of divachain. Fully
+distributed - no trust needed - all anonymous.
+{%- endtrans %}
+
+**{% trans -%}What are some of the other services and contributions you are
+responsible for?{%- endtrans %}**
+
+{% trans -%}
+DIVA.EXCHANGE - which is the open association developing DIVA - runs a
+reseed server for I2P since a few years. So probably almost every I2P
+user got somehow in touch with us in the past. Just a note: the
+DIVA.EXCHANGE reseed server is also available as .onion service - so I2P
+bootstrapping can be done via the tor network - which is, at least from
+my perspective, an additional protection layer while entering the
+network.
+{%- endtrans %}
+
+{% trans -%}
+DIVA has also created an I2P SAM library. So developers can create any
+modern application based on I2P. It’s on github and getting more and
+more popular:
+`github.com/diva-exchange/i2p-sam/ <http://github.com/diva-exchange/i2p-sam/>`__.
+It’s complete, well documented and offers lots of examples.
+{%- endtrans %}
+
+**{% trans -%}What are some of the priorities you think that anyone who wants to
+contribute to the I2P network should consider?{%- endtrans %}**
+
+{% trans -%}
+Run your I2P node. Take a look at the different flavours, like Docker
+versions of I2Pd, or other installs available for multiple operating
+systems. There are several flavours available and it’s important to be
+comfortable with the local installation and configuration.
+{%- endtrans %}
+
+{% trans -%}
+Then: think about your skills - networking skills, programming skills,
+communication skills? I2P offers lots of interesting challenges: people
+with networking skills might want to run a reseed server - they are very
+important to the network. Programmers might help with the Go, C++ or
+Java version of I2P. And communicators are always needed: talking about
+I2P from an objective and realistic perspective is helping a lot. Every
+little bit is great.
+{%- endtrans %}
+
+{% trans -%}
+Last but not least: if you are a researcher or student - please get in
+touch with us at DIVA.EXCHANGE or the I2P team - research work is
+important for I2P.
+{%- endtrans %}
+
+**{% trans -%}Where do you see the conversation and outlook on tools like I2P now?{%- endtrans %}**
+
+{% trans -%}
+Probably I have to say something about the outlook: I2P is important to
+everyone. I hope that the I2P community - developers, communicators,
+etc. - remains motivated by the few which deeply appreciate their hard
+work on truly challenging technology.
+{%- endtrans %}
+
+{% trans -%}
+I hope that more and more developers see the benefit to develop software
+based on I2P. Because this would create more use cases for end users.
+Then I also hope, that the core I2P programs remain simple and become
+maybe even more de-coupled. Let me make an example what I mean with
+“de-coupled”: user interfaces probably should not be baked into
+applications by developers - because there are front end designers which
+do have great knowledge and years of experience. Developers should just
+create an API, like a unix or websocket or a REST interface, so that
+other services can use the program the way they want it. This makes
+developers and end users happy.
+{%- endtrans %}
+
+**{% trans -%}Can you tell me a bit about your own I2P workflow? What are your own
+use cases?{%- endtrans %}**
+
+{% trans -%}
+I am a developer, tester and researcher. So I need all my stuff in
+containers to remain flexible. I2Pd is running in 1..n containers on
+multiple systems to serve stuff like: feeding reseed requests, serving
+the diva.i2p test website, running parts of the DIVA I2P test network -
+see testnet.diva.exchange and I also have containers to serve my local
+browsers as a combined I2P and Tor proxy.
+{%- endtrans %}
+
+**{% trans -%}How can the I2P community support your work?{%- endtrans %}**
+
+{% trans -%}
+We are on social media, like
+`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__ - so
+follow us there. Additionally we would love to see even more involvement
+on `github.com/diva-exchange <http://github.com/diva-exchange>`__ - it
+already got more and more attention in the past months. Thanks a lot for
+that!
+{%- endtrans %}
+
+**{% trans -%}Glossary Of Key Terms{%- endtrans %}**
+
+**{% trans -%}I2P Terms{%- endtrans %}**
+
+**{% trans -%}Reseed Host{%- endtrans %}**
+
+{% trans -%}
+Reseed hosts are needed to for bootstrapping, that is, providing the
+initial set of I2P nodes for your I2P node to talk to. Depending on the
+status of your node it may need to bootstrap every now and then if many
+of the nodes it knows of aren’t contactable.
+{%- endtrans %}
+
+{% trans -%}
+Reseeding is done over an encrypted connection and all of the bootstrap
+information is signed by the reseed host you connect to, making it
+impossible for an unauthenticated source to provide you with false
+information.
+{%- endtrans %}
+
+**{% trans -%}Node/Peer{%- endtrans %}**
+
+{% trans -%}
+A node or peer is part of a network of computers sharing resources. When
+you download and install I2P, you participate in routing traffic for
+others. Every person using I2P is a node or peer. In some cases. people
+can supply more bandwidth or resources than others to the network.
+However, peer diversity is important and the more people who use I2P,
+the stronger the network becomes. When it comes to setting up your node,
+you can customize and configure your connection and workflow with the
+I2P network.
+{%- endtrans %}
+
+**I2Pd (I2Pdaemon)**
+
+{% trans -%}
+I2Pd is a C++ implementation of the I2P protocol is differs from the I2P
+Java software in the following ways:
+{%- endtrans %}
+
+{% trans -%}
+*Java I2P has built-in applications for torrents, e-mail and so on. i2pd
+is just a router which you can use with other software through I2CP
+interface.* *i2pd does not require Java. It’s written in C++.* *i2pd
+consumes less memory and CPU.* *i2pd can be compiled everywhere gcc or
+clang presented (including Raspberry and routers).* *i2pd has some major
+optimizations for faster cryptography which leads to less consumption of
+processor time and energy.*
+{%- endtrans %}
+
+{% trans -%}
+Citation: https://i2pd.readthedocs.io/en/latest/user-guide/FAQ/ Site:
+https://i2pd.website/
+{%- endtrans %}
+
+{% trans -%}
+In terms of the differences or benefits of using either the C++ or Java
+version of I2P, the question often comes up. Recently, idk responded to
+this question on the I2P subreddit. Ultimately, it depends on a persons
+own use case or desired workflow.
+{%- endtrans %}
+
+{% trans -%}
+*Easy-Install Bundle is the best way to use I2P on Windows for people
+just getting started. It will automatically get you from starting the
+router to successfully browsing, every time. However, it doesn’t
+register as a Windows service, so it’s not as good to use as a 24/7
+transit node yet. It contains everything you need to browse, but it’s
+designed around using I2P interactively and not running services,
+necessarily.*
+{%- endtrans %}
+
+{% trans -%}
+*i2pd on the other hand is very light and efficient and is designed
+expressly to run as a service. It’s great at being a 24/7 transit node,
+especially if you install it on your router, or on a Linux server
+somewhere. It’s got less tools built-in though, so if you want to
+torrent or browse, you will need to add those tools externally.*
+{%- endtrans %}
+
+**{% trans -%}Diva Terms{%- endtrans %}**
+
+{% trans -%}
+Konrad has provided insight into of some of the terms used during the
+conversation.
+{%- endtrans %}
+
+**{% trans -%}Bank for Everyone{%- endtrans %}**
+
+{% trans -%}
+The possibility to run locally installed software which is able to do
+everything a well-known bank can: send and receive payments for
+anything, give and receive loans, manage investments, etc. Such banking
+software shall neither be depending on any central software components
+nor supervised or censored by central components. It’s run and managed
+by its owner only with all its benefits and reliabilities. The network
+(see “Blockchain” and “Consensus”) tries to make sure that no network
+participant (a user running his own bank) is able to cheat.
+{%- endtrans %}
+
+**{% trans -%}Blockchain{%- endtrans %}**
+
+{% trans -%}
+A piece of software which is able to reliably store arbitrary data.
+Copies of the software and the storage space is distributed within a
+network of any size where the network participants do not necessarily
+trust each other (or maybe not even know each other). A synonym of
+“blockchain” is “Distributed Layer Technology (DLT)”. A blockchain has
+nothing to do with “coins” or “tokens”. These are just blockchain based
+applications. Blockchain is a base technology which mainly solves the
+problem of “trust & abuse” within a network.
+{%- endtrans %}
+
+**{% trans -%}Consensus{%- endtrans %}**
+
+{% trans -%}
+In a distributed system the majority of the participants need to agree
+on the state of data (the “truth, as defined by the majority” - from a
+data perspective). This is a continuous process driven by locally
+installed software and this is called consensus. There are multiple
+valid consensus algorithms available. Bottom line: all consensus
+algorithms cost something: CPU cycles, communication capacity etc. - in
+short: a bunch of data sets is the input and a single reliable, fully
+distributed data set valid for the majority in the network is the
+output.
+{%- endtrans %}

i2p2www/blog/2022/10/11/SSU2-Transport.rst

@@ -0,0 +1,386 @@
+===========================================
+{% trans -%}SSU2 Transport{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2022-10-11
+   :category: development
+   :excerpt: {% trans %}SSU2 Transport{% endtrans %}
+
+{% trans %}Overview{% endtrans %}
+------------------------------------
+
+{% trans -%}
+I2P has used a censorship-resistant UDP transport protocol "SSU" since 2005.
+We've had few, if any, reports of SSU being blocked in 17 years.
+However, by today's standards of security, blocking resistance,
+and performance, we can do better. Much better.
+{%- endtrans %}
+
+{% trans link1="https://i2pd.xyz/" -%}
+That's why, together with the `i2pd project <{{ link1 }}>`_, we have created and implemented "SSU2",
+a modern UDP protocol designed to the highest standards of security and blocking resistance.
+This protocol will replace SSU.
+{%- endtrans %}
+
+{% trans -%}
+We have combined industry-standard encryption with the best
+features of UDP protocols WireGuard and QUIC, together with the
+censorship resistance features of our TCP protocol "NTCP2".
+SSU2 may be one of the most secure transport protocols ever designed.
+{%- endtrans %}
+
+
+{% trans link1="/spec/proposals/159", link2="/en/docs/transport/ssu", link3="https://en.wikipedia.org/wiki/ElGamal_encryption" -%}
+The Java I2P and i2pd teams are finishing the `SSU2 transport <{{ link1 }}>`_ and we will enable it for all routers in the next release.
+This completes our decade-long plan to upgrade all the cryptography from the original
+Java I2P implementation dating back to 2003.
+SSU2 will replace `SSU <{{ link2 }}>`_, our sole remaining use of `ElGamal <{{ link3 }}>`_ cryptography.
+{%- endtrans %}
+
+- Signature types and ECDSA signatures (0.9.8, 2013)
+- Ed25519 signatures and leasesets (0.9.15, 2014)
+- Ed25519 routers (0.9.22, 2015)
+- Destination encryption types and X25519 leasesets (0.9.46, 2020)
+- Router encryption types and X25519 routers (0.9.49, 2021)
+
+{% trans link1="https://noiseprotocol.org/" -%}
+After the transition to SSU2,
+we will have migrated all our authenticated and encrypted protocols to standard `Noise Protocol <{{ link1 }}>`_ handshakes:
+{%- endtrans %}
+
+- `NTCP2 <{{ spec_url("ntcp2") }}>`_ (0.9.36, 2018)
+- `{% trans %}ECIES-X25519-Ratchet end-to-end protocol{% endtrans %} <{{ spec_url("ecies") }}>`_ (0.9.46, 2020)
+- `{% trans %}ECIES-X25519 tunnel build messages{% endtrans %} <{{ spec_url("tunnel-creation-ecies") }}>`_ (1.5.0, 2021)
+- `SSU2 <{{ proposal_url("159") }}>`_ (2.0.0, 2022)
+
+{% trans -%}
+All I2P Noise protocols use the following standard cryptographic algorithms:
+{%- endtrans %}
+
+- `X25519 <https://en.wikipedia.org/wiki/Curve25519>`_
+- `ChaCha20/Poly1305 AEAD <https://www.rfc-editor.org/rfc/rfc8439.html>`_
+- `SHA-256 <https://en.wikipedia.org/wiki/SHA-2>`_
+
+
+{% trans %}Goals{% endtrans %}
+------------------------------------
+
+- {% trans %}Upgrade the asymmetric cryptography to the much faster X25519{% endtrans %}
+- {% trans %}Use standard symmetric authenticated encryption ChaCha20/Poly1305{% endtrans %}
+- {% trans %}Improve the obfuscation and blocking resistance features of SSU{% endtrans %}
+- {% trans %}Improve the resistance to spoofed addresses by adapting strategies from QUIC{% endtrans %}
+- {% trans %}Improved handshake CPU efficiency{% endtrans %}
+- {% trans %}Improved bandwidth efficiency via smaller handshakes and acknowledgements{% endtrans %}
+- {% trans %}Improve the security of the peer test and relay features of SSU{% endtrans %}
+- {% trans %}Improve the handling of peer IP and port changes by adapting the "connection migration" feature of QUIC{% endtrans %}
+- {% trans %}Move away from heuristic code for packet handling to documented, algorithmic processing{% endtrans %}
+- {% trans %}Support a gradual network transition from SSU to SSU2{% endtrans %}
+- {% trans %}Easy extensibility using the block concept from NTCP2{% endtrans %}
+
+
+{% trans %}Design{% endtrans %}
+------------------------------------
+
+{% trans -%}
+I2P uses multiple layers of encryption to protect traffic from attackers.
+The lowest layer is the transport protocol layer, used for point-to-point links between two routers.
+We currently have two transport protocols:
+NTCP2, a modern TCP protocol introduced in 2018,
+and SSU, a UDP protocol developed in 2005.
+{%- endtrans %}
+
+
+{% trans link1="/spec/i2np" -%}
+SSU2, like previous I2P transport protocols, is not a general-purpose pipe for data.
+Its primary task is to securely deliver I2P's low-level `I2NP messages <{{ link1 }}>`_
+from one router to the next.
+Each of these point-to-point connections comprises one hop in an I2P tunnel.
+Higher-layer I2P protocols run over these point-to-point connections
+to deliver garlic messages end-to-end between I2P's destinations.
+{%- endtrans %}
+
+{% trans -%}
+Designing a UDP transport presents unique and complex challenges not present in TCP protocols.
+A UDP protocol must handle security issues caused by address spoofing,
+and must implement its own congestion control.
+Additionally, all messages must be fragmented to fit within the maximum packet size (MTU)
+of the network path, and reassembled by the receiver.
+{%- endtrans %}
+
+{% trans -%}
+We first relied heavily on our previous experience with our NTCP2, SSU, and streaming protocols.
+Then, we carefully reviewed and borrowed heavily from two recently-developed UDP protocols:
+{%- endtrans %}
+
+- QUIC (`RFC 9000 <https://www.rfc-editor.org/rfc/rfc9000.html>`_, `RFC 9001 <https://www.rfc-editor.org/rfc/rfc9001.html>`_, `RFC 9002 <https://www.rfc-editor.org/rfc/rfc9002.html>`_)
+- `WireGuard <https://www.wireguard.com/protocol/>`_
+
+{% trans -%}
+Protocol classification and blocking by adversarial on-path attackers such
+as nation-state firewalls is not an explicit part of the threat model for those protocols.
+However, it is an important part of I2P's threat model, as our mission is to
+provide an anonymous and censorship-resistant communications system to at-risk users around the world.
+Therefore, much of our design work involved combining the lessons learned from
+NTCP2 and SSU with the features and security supported by QUIC and WireGuard.
+{%- endtrans %}
+
+
+{% trans -%}
+Unlike QUIC, I2P transport protocols are peer-to-peer, with no defined server/client relationship.
+Identities and public keys are published in I2P's network database,
+and the handshake must authenticate participants to those identities.
+{%- endtrans %}
+
+
+{% trans -%}
+A complete summary of the SSU2 design is beyond the scope of this article.
+However, we highlight several features of the protocol below,
+emphasizing the challenges of UDP protocol design and threat models.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}DoS Resistance{% endtrans %}
+`````````````````````````````````````````````````
+
+{% trans -%}
+UDP protocols are especially vulnerable to Denial of Service (DoS) attacks.
+By sending a large amount of packets with spoofed source addresses to a victim,
+an attacker can induce the victim to consume large amounts of CPU and bandwidth to respond.
+In SSU2, we adapt the token concept from QUIC and WireGuard.
+When a router receives a connection request without a valid token,
+it does not perform an expensive cryptographic DH operation.
+It simply responds with small message containing a valid token using inexpensive cryptographic operations.
+If the initiator was not spoofing his address, he will receive the token and the handshake may proceed normally.
+This prevents any traffic amplification attacks using spoofed addresses.
+{%- endtrans %}
+
+
+
+{% trans %}Header Encryption{% endtrans %}
+`````````````````````````````````````````````````
+
+{% trans -%}
+SSU2's packet headers are similar to WireGuard, and are encrypted in a manner similar to that in QUIC.
+{%- endtrans %}
+
+{% trans -%}
+Header encryption is vitally important to prevent traffic classification, protocol identification, and censorship.
+Headers also contain information that would make it easier for attackers to interfere with
+or even decrypt packet contents.
+While nation-state firewalls are mostly focused on classification and possible disruption of TCP traffic,
+we anticipate that their UDP capabilities will increase to meet the challenges of
+new UDP protocols such as QUIC and WireGuard.
+Ensuring that SSU2 headers are adequately obfuscated and/or encrypted was the first task we addressed.
+{%- endtrans %}
+
+{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
+Headers are encrypted using a header protection scheme by XORing with data calculated from known keys,
+using ChaCha20, similar to QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_.
+This ensures that the encrypted headers will appear to be random, without any distinguishable pattern.
+{%- endtrans %}
+
+{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
+Unlike the QUIC RFC-9001_ header protection scheme, all parts of all headers, including destination and source connection IDs, are encrypted.
+QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_ are primarily focused on encrypting the "critical" part of the header, i.e. the packet number (ChaCha20 nonce).
+While encrypting the session ID makes incoming packet classification a little more complex, it makes some attacks more difficult.
+{%- endtrans %}
+
+{% trans -%}
+Our threat model assumes that censorship firewalls do not have real-time access to I2P's network database.
+Headers are encrypted with known keys published in the network database or calculated later.
+In the handshake phase, header encryption is for traffic classification resistance only,
+as the decryption key is public and the key and nonces are reused.
+Header encryption in this phase is effectively just obfuscation.
+Note that the header encryption is also used to obfuscate the X25519 ephemeral keys in the handshake,
+for additional protection.
+{%- endtrans %}
+
+{% trans -%}
+In the data phase, only the session ID field is encrypted with a key from the network database.
+The critical nonce field is encrypted with a key derived from the handshake,
+so it may not be decrypted even by a party with access to the network database.
+{%- endtrans %}
+
+
+
+
+{% trans %}Packet Numbering, ACKS, and Retransmission{% endtrans %}
+```````````````````````````````````````````````````````````````````````
+
+{% trans link1="/en/docs/api/streaming" -%}
+SSU2 contains several improvements over SSU for security and efficiency.
+The packet number is the AEAD nonce, and each packet number is only used once.
+Acknowledgements (ACKs) are for packet numbers, not I2NP message numbers or fragments.
+ACKs are sent in a very efficient, compact format adapted from QUIC.
+An immediate-ack request mechanism is supported, similar to SSU.
+Congestion control, windowing, timers, and retransmission strategies are not fully specified,
+to allow for implementation flexibility and improvements,
+but general guidance is taken from the RFCs for TCP.
+Additional algorithms for timers are adapted from I2P's `streaming protocol <{{ link1 }}>`_ and SSU implementations.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Connection Migration{% endtrans %}
+`````````````````````````````````````````````````
+
+{% trans -%}
+UDP protocols are susceptible to breakage from peer port and IP changes
+caused by NAT rebinding, IPv6 temporary address changes, and mobile device address changes.
+Previous SSU implementations attempted to handle some of these cases with complex and brittle heuristics.
+SSU2 provides a formal, documented process to detect and validate peer
+address changes and migrate connections to the peer's new address without data loss.
+It prevents migration caused by packet injection or modification by attackers.
+The protocol to implement connection migration is adapted and simplified from QUIC.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Peer Test and Relay{% endtrans %}
+`````````````````````````````````````````````````
+
+
+{% trans -%}
+SSU provides two important services in addition to the transport of I2NP messages.
+First, it supports Peer Test, which is a cooperative scheme to determine local IP
+and detect the presence of network address translation (NAT) and firewall devices.
+This detection is used to update router state, share that state with other transports,
+and publish current address and state in I2P's network database.
+Second, it supports Relaying, in which routers cooperate to traverse firewalls
+so that all routers may accept incoming connections.
+These two services are essentially sub-protocols within the SSU transport.
+{%- endtrans %}
+
+{% trans -%}
+SSU2 updates the security and reliability of these services by
+enhancing them to add more response codes, encryption, authentication,
+and restrictions to the design and implementation.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Performance{% endtrans %}
+--------------------------------------------
+
+{% trans -%}
+The I2P network is a complex mix of diverse routers.
+There are two primary implementations running all over the world on
+hardware ranging from high-performance data center computers to
+Raspberry Pis and Android phones.
+Routers use both TCP and UDP transports.
+While the SSU2 improvements are significant, we do not expect them
+to be apparent to the user, either locally or in end-to-end transfer speeds.
+End-to-end transfers depend on the performance of 13 other routers
+and 14 point-to-point transport links, each of which could be
+SSU2, NTCP2, or SSU.
+{%- endtrans %}
+
+{% trans -%}
+In the live network, latency and packet loss vary widely.
+Even in a test setup, performance depends on configured latency and packet loss.
+The i2pd project reports that maximum transfer rates for SSU2 were over 3 times
+faster than SSU in some tests. However, they completely redesigned their
+SSU code for SSU2 as their previous implementation was rather poor.
+The Java I2P project does not expect that their SSU2 implementation will be any faster than SSU.
+{%- endtrans %}
+
+{% trans -%}
+Very low-end platforms such as Raspberry Pis and OpenWRT may see substantial improvements
+from the elimination of SSU.
+ElGamal is extremely slow and limits performance on those platforms.
+{%- endtrans %}
+
+{% trans -%}
+SSU2 data phase encryption uses ChaCha20/Poly1305, compared to AES with a MD5 HMAC for SSU.
+Both are very fast and the change is not expected to measurably affect performance.
+{%- endtrans %}
+
+{% trans -%}
+Here are some highlights of the estimated improvements for SSU2 vs. SSU:
+{%- endtrans %}
+
+- {% trans %}40% reduction in total handshake packet size{% endtrans %}
+- {% trans %}50% or more reduction in handshake CPU{% endtrans %}
+- {% trans %}90% or more reduction in ACK overhead{% endtrans %}
+- {% trans %}50% reduction in packet fragmentation{% endtrans %}
+- {% trans %}10% reduction in data phase overhead{% endtrans %}
+
+
+
+{% trans %}Transition Plan{% endtrans %}
+--------------------------------------------
+
+{% trans -%}
+I2P strives to maintain backward compatibility, both to ensure network stability,
+and to allow older routers to continue to be useful and secure.
+However, there are limits, because compatibility increases code complexity
+and maintenance requirements.
+{%- endtrans %}
+
+
+{% trans -%}
+The Java I2P and i2pd projects will both enable SSU2 by default in their next releases (2.0.0 and 2.44.0) in late November 2022.
+However, they have different plans for disabling SSU.
+I2pd will disable SSU immediately, because SSU2 is a vast improvement over their SSU implementation.
+Java I2P plans to disable SSU in mid-2023, to support a gradual transition
+and give older routers time to upgrade.
+Because Java I2P release 0.9.36 and i2pd release 2.20.0 (2018) were the first to support NTCP2,
+routers older than that will not be able to connect to i2pd routers 2.44.0 or higher,
+as they have no compatible transports.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Summary{% endtrans %}
+------------------------------------
+
+{% trans -%}
+The founders of I2P had to make several choices for cryptographic algorithms and protocols.
+Some of those choices were better than others, but twenty years later, most are showing their age.
+Of course, we knew this was coming, and we've spent the last decade planning and implementing cryptographic upgrades.
+As the old saying goes, upgrading things while maintaining backward compatibility
+and avoiding a "flag day" is quite challenging, like changing the tires on the bus while it's rolling down the road.
+{%- endtrans %}
+
+{% trans -%}
+SSU2 was the last and most complex protocol to develop in our long upgrade path.
+UDP has a very challenging set of assumptions and threat model.
+We first designed and rolled out three other flavors of Noise protocols,
+and gained experience and deeper understanding of the security and protocol design issues.
+Finally, we had to research and fully understand other modern UDP protocols - WireGuard and QUIC.
+While the authors of those protocols didn't solve all of our problems for us,
+their documentation of the UDP threat models and their designed countermeasures gave us the
+confidence that we too would be able to complete our task.
+We thank them as well as the creators of all the cryptography we rely on to keep our users safe.
+{%- endtrans %}
+
+
+{% trans -%}
+Expect SSU2 to be enabled in the i2pd and Java I2P releases scheduled for late November 2022.
+If the update goes well, nobody will notice anything different at all.
+The performance benefits, while significant, will probably not be measurable for most people.
+{%- endtrans %}
+
+
+{% trans -%}
+As usual, we recommend that you update to the new release when it's available.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+.. _RFC-9000: https://www.rfc-editor.org/rfc/rfc9000.html
+.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
+.. _RFC-9002: https://www.rfc-editor.org/rfc/rfc9002.html

i2p2www/blog/2022/11/21/2.0.0-Release.rst

@@ -0,0 +1,87 @@
+===========================================
+{% trans -%}2.0.0 Release{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2022-11-21
+   :category: release
+   :excerpt: {% trans %}2.0.0 enables SSU2{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+I2P release 2.0.0 enables our new UDP transport SSU2 for all users, after completion of minor features, testing, and numerous bug fixes.
+{%- endtrans %}
+
+{% trans -%}
+We also have fixes all over, including for the installer, network database, adding to the private address book, the Windows browser launcher, and IPv6 UPnP.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release. The best way to
+maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}i2ptunnel: Support SHA-256 digest proxy authentication (RFC 7616){% endtrans %}
+- {% trans %}SSU2: Connection migration{% endtrans %}
+- {% trans %}SSU2: Immediate acks{% endtrans %}
+- {% trans %}SSU2: Enable by default{% endtrans %}
+
+
+
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}i2ptunnel: Fix IRC USER line filtering{% endtrans %}
+- {% trans %}Installer: Fix path for Windows service, caused local eepsite to be broken{% endtrans %}
+- {% trans %}Installer: Fix error on Windows when username contains a space{% endtrans %}
+- {% trans %}NetDB: Database store message handling fixes{% endtrans %}
+- {% trans %}NetDB: Fix reseeding when clock is skewed{% endtrans %}
+- {% trans %}Router: Deadlock fix{% endtrans %}
+- {% trans %}SSU2: Fix packets exceeding MTU{% endtrans %}
+- {% trans %}SSU2: Fix ping packets less than minimum size{% endtrans %}
+- {% trans %}SSU2: Fix handling of termination acks{% endtrans %}
+- {% trans %}SusiDNS: Fix adding entry to empty address book{% endtrans %}
+- {% trans %}SusiMail: Fix dark theme button icons{% endtrans %}
+- {% trans %}UPnP: IPv6 fix{% endtrans %}
+- {% trans %}Windows: Fix launching preferred browser at startup{% endtrans %}
+
+
+
+
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Deadlock detector improvements{% endtrans %}
+- {% trans %}Debian: Change dependency from libservlet3.1-java to libjsp-api-java and libservlet-api-java{% endtrans %}
+- {% trans %}i2psnark: Increase max pieces to 64K{% endtrans %}
+- {% trans %}i2psnark: Add links to additional instances in the console{% endtrans %}
+- {% trans %}Option to compress router logs{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.0.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+     df3cf4d7fc6c3ed06c7b9de5c8c7b9c692295ecddb0d780e31fc23107e045e5e  i2pinstall_2.0.0_windows.exe
+     b9fe281f28971de674f35cba8c483037bf8ac2d96578cb34f5ee627239d03890  i2pinstall_2.0.0.jar
+     1d50831e72a8f139cc43d5584c19ca48580d72f1894837689bf644c299df9099  i2psource_2.0.0.tar.bz2
+     053864a774470df66517826e10026787dc7a90ba871e6aded018d962ca3c068a  i2pupdate_2.0.0.zip
+     c221a9aadac400697cc79a2202130d766359518aab565ad6e99d64f29b92ff83  i2pupdate.su3
+

i2p2www/blog/2022/11/23/easy_install_bundle_2.0.0.rst

@@ -0,0 +1,34 @@
+==========================================================================================
+{% trans -%}Easy Install 2.0.0 for Windows, OSX delayed by 1 Month{%- endtrans %}
+==========================================================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-11-23
+   :category: release
+   :excerpt: {% trans %}Bugfixes, Stability/Compatibility Improvements and 2.0.0{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans %}
+The I2P Easy-Install bundle for Windows has been released.
+In this release, support has been added for most major browsers, including all major Firefox(Gecko) and Chromium forks.
+Compatibility with external I2P Service installs and un-bundled I2P user installs has been improved.
+The Easy-Install bundle can now detect other I2P routers and prompt the user to launch them instead, if they already have I2P.
+The browser extensions have been updated to the latest versions.
+The Easy-Install now has access to `i2p.plugins.firefox`'s usability mode via the `-usability` command-line flag.
+The default mode is the "Strict" mode where Javascript is disabled by NoScript.
+In usability mode, Javascript is restricted by JShelter.
+For more details, see the profile manager repository at i2pgit.org.
+{% endtrans %}
+
+{% trans %}
+It is recommended that you update to this release for the best security, privacy, and performance, and to help the network.
+{% endtrans %}
+
+{% trans %}
+Due to the departure of the developer/maintainer, the Easy-Install Bundle for OSX will be delayed by a month while we work out the maintainership.
+{% endtrans %}

i2p2www/blog/2022/8/22/1.9.0-Release.rst

@@ -0,0 +1,87 @@
+===========================================
+{% trans -%}1.9.0 Release{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2022-08-22
+   :category: release
+   :excerpt: {% trans %}1.9.0 with SSU2{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+We have spent the last three months working on our new UDP transport protocol "SSU2"
+with a small number of volunteer testers.
+This release completes the implementation, including relay and peer testing.
+We are enabling it by default for Android and ARM platforms, and a small percentage of other routers at random.
+This will allow us to do much more testing in the next three months, finish the connection migration feature,
+and fix any remaining issues.
+We plan to enable it for everyone in the next release scheduled for November.
+No manual configuration is necessary.
+Of course, there's the usual collection of bug fixes in this release as well.
+We also added an automatic deadlock detector that has already found a rare deadlock that is now fixed.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release. The best way to
+maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Add deadlock detector{% endtrans %}
+- {% trans %}Periodically send our RI to connected peers{% endtrans %}
+- {% trans %}SSU MTU/PMTU improvements and fixes{% endtrans %}
+- {% trans %}SSU2 base protocol fixes and improvements{% endtrans %}
+- {% trans %}SSU2 peer test and relay implementation{% endtrans %}
+- {% trans %}SSU2 published address fixes{% endtrans %}
+- {% trans %}SSU2: Enable for Android, ARM, and a small portion of others at random{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Clock: Fix deadlock after clock shift{% endtrans %}
+- {% trans %}Debian: Apparmor profile fixes{% endtrans %}
+- {% trans %}Don't allow family key errors to crash router{% endtrans %}
+- {% trans %}Fix EC family key loading on Android{% endtrans %}
+- {% trans %}Fix EdDSA key loading on Java 15+{% endtrans %}
+- {% trans %}i2psnark: Fix DHT not restarting after router restart{% endtrans %}
+- {% trans %}OSX: Prevent hangs at shutdown after dock right-click quit{% endtrans %}
+- {% trans %}SSU: Fix publishing of MTU in addresses without IPs{% endtrans %}
+- {% trans %}SSU: Fix rare HMAC NPE{% endtrans %}
+- {% trans %}SusiDNS CSS fixes{% endtrans %}
+- {% trans %}Transport: Improve processing after message delivery failure{% endtrans %}
+- {% trans %}UPnP: Don't briefly bind to all addresses at startup{% endtrans %}
+
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Set outproxy to exit.stormycloud.i2p (new installs only){% endtrans %}
+- {% trans %}Disable SSU introductions on Android{% endtrans %}
+- {% trans %}API version: 0.9.55{% endtrans %}
+- {% trans %}New translation: Spanish (Argentina){% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=1.9.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+     fdb2e471fadfda33589697536180df966ec165ab59a0d9c8a623491cc2c8eae3  i2pinstall_1.9.0_windows.exe
+     124a1d917dec1f75dc17b5a062704d5abe259b874655c595a9d8f5fd9494eafd  i2pinstall_1.9.0.jar
+     57f61815098c35593d7ede305f98b9015c4c613c72231ad084e6806a3e2aa371  i2psource_1.9.0.tar.bz2
+     31b8798c7fa75242ed09f671028b85e6acc9d5d9d0a132138debf4cdfbb08f21  i2pupdate_1.9.0.zip
+     7959f1189c50fa8968e72023f614b610016c1d544a16315f05ea6ad4b18677bc  i2pupdate.su3
+

i2p2www/blog/2022/8/28/easy_install_bundle_1.9.0.rst

@@ -0,0 +1,43 @@
+====================================================================
+{% trans -%}Windows Easy-Install Bundle 1.9.0 Release{%- endtrans %}
+====================================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-08-28
+   :category: release
+   :excerpt: {% trans %}Windows Easy-Install Bundle 1.9.0 - Major Stability/Compatibility Improvements{% endtrans %}
+
+{% trans -%}
+This update includes the new 1.9.0 router and major quality-of-life improvements for bundle users
+{%- endtrans %}
+=================================================================================================
+
+{% trans -%}
+This release includes the new I2P 1.9.0 router and is based on Java 18.02.1.
+{%- endtrans %}
+
+{% trans -%}
+The old batch scripts have been phased out in favor of a more flexible and stable solution in the jpackage itself.
+This should fix all bugs related to path-finding and path-quoting which were present in the batch scripts. After
+you upgrade, the batch scripts can be safely deleted. They will be removed by the installer in the next update.
+{%- endtrans %}
+
+{% trans -%}
+A sub-project for managing browsing tools has been started: i2p.plugins.firefox which has extensive capabilities
+for configuring I2P browsers automatically and stably on many platforms. This was used to replace the batch
+scripts but also functions as a cross-platform I2P Browser management tool. Contributions are welcome
+here: http://git.idk.i2p/idk/i2p.plugins.firefox at the source repository.
+{%- endtrans %}
+
+{% trans -%}
+This release improves compatibility with externally-running I2P routers such as those provided by the IzPack
+installer and by third-party router implementations such as i2pd. By improving external router discovery it
+requires less of a system's resources, improves start-up time, and prevents resource conflicts from occurring.
+{%- endtrans %}
+
+{% trans -%}
+Besides that, the profile has been updated to the latest version of the Arkenfox profile. I2P in Private
+Browsing and NoScript have both been updated. The profile has been restructured in order to allow for
+evaluating different configurations for different threat models.
+{%- endtrans %}

i2p2www/blog/2022/8/3/Apple-Silicon-Easy-Install.rst

@@ -0,0 +1,30 @@
+===========================================
+{% trans -%}Apple Silicon Easy Install{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zlatinb
+   :date: 2022-08-03
+   :category: beta
+   :excerpt: {% trans %}Easy Install bundle BETA for Apple Silicon Macs available{% endtrans %}
+
+{% trans -%}
+We are pleased to offer an Easy Install BETA bundle for Mac OS running on Apple Silicon hardware.  You can download it here:
+{%- endtrans %}
+
+`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %}`__
+
+__ https://geti2p.net/en/download/mac
+
+
+**{% trans -%}Speed{%- endtrans %}**
+
+{% trans -%}In our internal benchmarks the cryptographic operations are between 2 and 2.5 times faster than when running the Intel bundle under Rosetta.{%- endtrans %}
+
+**{% trans -%}Known Issues{%- endtrans %}**
+
+ - {% trans -%}Quitting I2P by right-clicking on the dock icon causes I2P to freeze and a "Force Quit" is necessary.  This issue will be fixed for the 1.9 release.{%- endtrans %}
+ - {% trans -%}If you already had an Intel bundle installed on your Mac, you need to modify some settings to prevent in-network updates from reverting you to an Intel bundle.  Please see the instructions on the download page.{%- endtrans %}
+
+**{% trans -%}Thank you for testing!{%- endtrans %}**
+

i2p2www/blog/2022/8/4/Enable-StormyCloud.rst

@@ -0,0 +1,70 @@
+=================================================
+{% trans -%}How to Switch to the StormyCloud Outproxy Service{%- endtrans %}
+=================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-08-04
+   :category: general
+   :excerpt: {% trans %}How to Switch to the StormyCloud Outproxy Service{% endtrans %}
+
+{% trans -%}
+How to Switch to the StormyCloud Outproxy Service
+{%- endtrans %}
+=================================================
+
+**{% trans %}A New, Professional Outproxy{% endtrans %}**
+
+{% trans -%}
+For years, I2P has been served by a single default outproxy, `false.i2p`
+whose reliability has been degrading. Although several competitors
+have emerged to take up some of the slack, they are mostly unable to
+volunteer to serve the clients of an entire I2P implementation by
+default. However, StormyCloud, a professional, non-profit organization
+which runs Tor exit nodes, has started a new, professional outproxy
+service which has been tested by members of the I2P community and which
+will become the new default outproxy in the upcoming release.
+{%- endtrans %}
+
+**{% trans %}Who are StormyCloud{% endtrans %}**
+
+In their own words, StormyCloud is:
+
+{% trans -%}
+  Mission of StormyCloud Inc
+  To defend Internet access as a universal human right. By doing so, the group protects users’ electronic privacy and builds community by fostering unrestricted access to information and thus the free exchange of ideas across borders. This is essential because the Internet is the most powerful tool available for making a positive difference in the world.
+{%- endtrans %}
+
+{% trans -%}
+  Hardware
+  We own all of our hardware and currently colocate at a Tier 4 data center. As of now have a 10GBps uplink with the option to upgrade to 40GBps without the need for much change. We have our own ASN and IP space (IPv4 & IPv6).
+{%- endtrans %}
+
+{% trans -%}
+To learn more about StormyCloud visit their `web site
+<https://www.stormycloud.org/>`_.
+{%- endtrans %}
+
+{% trans -%}
+Or, visit them on `I2P
+<http://stormycloud.i2p/>`_.
+{%- endtrans %}
+
+**{% trans %}Switching to the StormyCloud Outproxy on I2P{% endtrans %}**
+
+{% trans -%}
+To switch to the StormyCloud outproxy *today* you can visit `the Hidden Services Manager
+<http://127.0.0.1:7657/i2ptunnel/edit?tunnel=0>`_. Once you're there, you should change
+the value of **Outproxies** and **SSL Outproxies** to `exit.stormycloud.i2p`. Once you
+have done this, scroll down to the bottom of the page and click on the "Save" button.
+{%- endtrans %}
+
+.. class:: screenshot
+.. image:: /_static/images/stormycloudscreenshot.png
+
+**{% trans %}Thanks to StormyCloud{% endtrans %}**
+
+{% trans -%}
+We would like to thank StormyCloud for volunteering to provide high-quality outproxy
+services to the I2P network.
+{%- endtrans %}

i2p2www/blog/2023/01/09/2.1.0-Release.rst

@@ -0,0 +1,111 @@
+===========================================
+{% trans -%}2.1.0 Release{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2023-01-09
+   :category: release
+   :excerpt: {% trans %}2.1.0 with SSU2 and congestion fixes{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+We have learned several things since our 2.0.0 release in November.
+As routers have updated to that release, the network has gone from about 1% to over 60% support for our new SSU2 transport protocol.
+First, we have confirmed that SSU2 is a solid, well designed, and secure protocol.
+Second, however, we have found and fixed numerous minor or rarely-triggered bugs in the implementation of the protocol.
+Cumulatively, the effects of these bugs have reduced the performance of the network.
+{%- endtrans %}
+
+{% trans -%}
+Also, we are aware of increased tunnel count and reduced tunnel build success rate in the network,
+possibly triggered by Bitcoin's new I2P transient address feature,
+but made worse by our SSU2 bugs and other congestion control problems.
+We are working with Bitcoin and other non-Bitcoin projects to reduce I2P network demands.
+We have improved our algorithms to reduce network load during times of congestion.
+We are also collaborating with i2pd to develop common congestion control strategies.
+{%- endtrans %}
+
+{% trans -%}
+Therefore, we have accelerated this release by about six weeks, to get the fixes out to everybody.
+i2pd released their version 2.45.0 last week and the early results are encouraging.
+New protocols, and distributed networks, are difficult to develop.
+Congestion can arrive with little warning and with little clue of the cause.
+Thank you for your patience as we have diagnosed and hopefully fixed the problems.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release. The best way to
+maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Console: New status and banned peers tabs on /peers{% endtrans %}
+- {% trans %}i2ptunnel: Add torsocks support{% endtrans %}
+- {% trans %}i2ptunnel: Add SOCKS tunnel conversion to CONNECT outproxy{% endtrans %}
+- {% trans %}i2ptunnel: Add SOCKS outproxy port configuration{% endtrans %}
+- {% trans %}i2ptunnel: Update encryption type defaults{% endtrans %}
+- {% trans %}Router: Improved congestion detection and handling{% endtrans %}
+- {% trans %}Router: Use compressible padding for destinations and router infos (proposal 161){% endtrans %}
+- {% trans %}SSU: Redesign symmetric NAT detection{% endtrans %}
+
+
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Console: Fix configuration for Argentinian Spanish{% endtrans %}
+- {% trans %}Crypto: Fix LS2 encrypted leasesets, broken since 1.8.0{% endtrans %}
+- {% trans %}i2psnark: Avoid OOM starting large number of torrents{% endtrans %}
+- {% trans %}i2ptunnel: Numerous SOCKS tunnel fixes{% endtrans %}
+- {% trans %}NTCP: Fix rare termination NPE{% endtrans %}
+- {% trans %}Profiles: Fix profile load stopping after hitting corrupt file{% endtrans %}
+- {% trans %}Router: Clock skew handling fixes and improvements{% endtrans %}
+- {% trans %}SSU: Don't publish IPv4 address when configured for IPv6-only{% endtrans %}
+- {% trans %}SSU: Fix handling of banned peers{% endtrans %}
+- {% trans %}SSU2: Peer Test fixes and improvements{% endtrans %}
+- {% trans %}SSU2: Termination fixes and improvements{% endtrans %}
+- {% trans %}SSU2: Token and handshake fixes and improvements{% endtrans %}
+- {% trans %}SSU2: Fix rare packet handling NPE{% endtrans %}
+- {% trans %}SSU2: Fix rare termination IAE{% endtrans %}
+- {% trans %}SSU2: Fix retransmission of session confirmed{% endtrans %}
+- {% trans %}SSU2: Fix attempted connection to ourselves as an introducer{% endtrans %}
+- {% trans %}UPnP: Catch rare assertion error{% endtrans %}
+
+
+
+
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Console: Add leaseset lookup to advanced search form{% endtrans %}
+- {% trans %}i2psnark: Add partial Dutch translation{% endtrans %}
+- {% trans %}i2ptunnel: Allow IRCv3 ACCOUNT and CHGHOST through filter{% endtrans %}
+- {% trans %}SSU2: Preliminary support for disabling SSU1{% endtrans %}
+- {% trans %}Sybil: Add IPv6 address tests{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.1.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+      88e0d49090341f5bfa30299c3fa549c365da57a074ef694cf8201666687e583a  i2pinstall_2.1.0_windows.exe
+      153c7988e7a9f0c2affd1e001d554e2519dd439c08bd7c024643b749db1308c1  i2pinstall_2.1.0.jar
+      83098c1277204c5569284b32b37ef137656b27bfe15ef903eca2da7c269288d1  i2psource_2.1.0.tar.bz2
+      54cf3f146f3a630fc2486f79f24c9cfc59d4c9974df0c4479251624fa7bc12a1  i2pupdate_2.1.0.zip
+      28a6a2f95ba9a613a040976e6d30e6662fc90241f08607f2ce43c6332b9f71bf  i2pupdate.su3
+

i2p2www/blog/2023/01/13/i2p_easy_install_for_windows_2.1.0.rst

@@ -0,0 +1,41 @@
+=============================================================
+{% trans -%}Windows Easy-Install 2.1.0 Release{%- endtrans %}
+=============================================================
+
+.. meta::
+   :author: idk
+   :date: 2023-01-13
+   :category: release
+   :excerpt: {% trans %}Windows Easy-Install Bundle 2.1.0 released to improve stability, performance.{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+The I2P Easy-Install bundle for Windows version 2.1.0 has been released.
+As usual, this release includes an updated version of the I2P Router.
+This release of I2P provides improved strategies for dealing with network congestion.
+These should improve performance, connectivity, and secure the long-term health of the I2P network.
+{%- endtrans %}
+
+{% trans -%}
+This release features mostly under-the-hood improvements to the browser profile launcher.
+Compatibility with Tor Browser Bundle has been improved by enabling TBB configuration through environment variables.
+The Firefox profile has been updated, an the base versions of the extensions have been updated.
+Improvements have been made throughout the codebase and the deployment process.
+{%- endtrans %}
+
+{% trans -%}
+Unfortunately, this release is still an unsigned .exe installer.
+Please verify the checksum of the installer before using it.
+The updates, on the other hand are signed by my I2P signing keys and therefore safe.
+{%- endtrans %}
+
+{% trans -%}
+This release was compiled with OpenJDK 19.
+It uses i2p.plugins.firefox version 1.0.7 as a library for launching the browser.
+It uses i2p.i2p version 2.1.0 as an I2P router, and to provide applications.
+As always it is recommended that you update to the latest version of the I2P router at your earliest convenient opportunity.
+{%- endtrans %}

i2p2www/blog/2023/01/31/mac-easy-install-notarization.rst

@@ -0,0 +1,64 @@
+{% trans -%}
+=======================================
+Update on Mac Easy Install Notarization
+=======================================
+{%- endtrans %}
+.. meta::
+    :author: idk,sadie
+    :date: 2023-01-31
+    :category: release
+    :excerpt: {% trans %}{% endtrans %}
+
+{% trans -%}
+The I2P Easy-Install Bundle for Mac has been experiencing stalled updates for the past 2 releases due to the departure of its maintainer.
+For the time being, it is temporarily recommended that existing Easy-Install users delay updating and remain on 1.9.0 until the development team can successfully notarize the application and resume automatic updates.
+The updates will happen immediately once this has happened.
+For now, 1.9.0 is stable and has no known critical security issues.
+{%- endtrans %}
+
+{% trans -%}The Notarization Process For MacOS{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{% trans -%}
+There are many steps in the process of distributing an application to Apple users.
+In order to distribute an application as a .dmg securely, the application must pass a notarization process.
+In order to submit an application for notarization, a developer must sign the application using a set of certificates that includes one for code signing, and one for signing the application itself.
+This signing must take place at specific points during the build process, before the final .dmg bundle which is distributed to the end users can be created.
+{%- endtrans %}
+
+{% trans -%}
+I2P Java is a complex application, and because of this it is a process of trial and error to match the types of code used in the application to Apple's certificates, and where the signing takes place to produce a valid timestamp.
+It is due to this complexity that existing documentation for developers is falling short of helping the team understand the correct combination of factors that will result in successful notarization.
+{%- endtrans %}
+
+{% trans -%}
+These difficulties leave the timeline for completing this process difficult to predict.
+We won't know we're done until we are able to clean up the build environment and follow the process end-to-end.
+The good news is that we are down to only 4 errors during the notarization process from more than 50 during the first attempt and can reasonably predict that it will be competed before or in time for the next release in April.
+{%- endtrans %}
+
+{% trans -%}Options for New macOS I2P Installs and Updates{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{% trans -%}
+New I2P participants can still download the Easy Installer for the macOS 1.9.0 software.
+I hope to have a release ready near the end of April.
+Updates to the latest version will become available as soon as notarization is successful.
+{%- endtrans %}
+
+{% trans -%}
+The classic install options is also available.
+This will require downloading Java and the I2P software via the .jar based installer.
+{%- endtrans %}
+
+`{% trans -%}Jar Install Instructions are available here.{%- endtrans %} <https://geti2p.net/en/download/macos>`_
+
+{% trans -%}
+Easy-Install users can update to that latest version using a locally-produced development build.
+{%- endtrans %}
+
+`{% trans -%}Easy-Install Build Instructions are available here.{%- endtrans %} <https://i2pgit.org/i2p-hackers/i2p-jpackage-mac/-/blob/master/BUILD.md>`_
+
+{% trans -%}
+There is also the option to uninstall the software, remove the I2P configuration directory and reinstall I2P using the .jar installer.
+{%- endtrans %}

i2p2www/blog/2023/02/09/about_the_recent_denial_of_service_attacks.rst

@@ -0,0 +1,23 @@
+{% trans -%}
+==========================================
+About the recent Denial of Service attacks
+==========================================
+{%- endtrans %}
+.. meta::
+    :author: idk,sadie
+    :date: 2023-02-09
+    :category: release
+    :excerpt: {% trans %}I2P remains intact with impaired performance{% endtrans %}
+
+{% trans -%}
+The I2P network is currently being affected by a Denial of Service attack.
+The floodfill function of the network has been affected, resulting in responses being disrupted and tunnel build success rates dropping.
+Participants in the network have experienced difficulties connecting to I2P sites and using I2P services.
+Mitigation strategies are being investigated and implemented gradually.
+{%- endtrans %}
+
+{% trans -%}
+While the attack has degraded performance, the network remains intact and usable.
+Java I2P routers appear to be handling the issues better than i2pd routers for now.
+Various mitigations should begin to appear in dev builds of both Java and C++ routers in the next week.
+{%- endtrans %}

i2p2www/blog/2023/03/13/i2p-release-2.2.0.rst

@@ -0,0 +1,14 @@
+{% trans -%}
+=================
+I2P Release 2.2.0
+=================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-03-13
+    :category: release
+    :excerpt: {% trans %}{% endtrans %}
+
+{% trans -%}
+`This blog post has been moved here </en/blog/post/2023/03/13/new_release_2.2.0>`_
+{%- endtrans %}

i2p2www/blog/2023/03/13/new_release_2.2.0.rst

@@ -0,0 +1,89 @@
+{% trans -%}
+=================
+I2P Release 2.2.0
+=================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-03-13
+    :category: release
+    :excerpt: {% trans %}{% endtrans %}
+
+{% trans -%}
+We have elected to move forward the 2.2.0 release date, which will be occurring today, March 13, 2023.
+This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks.
+The attacks are likely to continue, but the improvements to these systems will help to mitigate the risk of DDOS attacks by helping the router identify and de-prioritize routers that appear malicious.
+{%- endtrans %}
+
+{% trans -%}
+This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
+This is a backward-compatible change, so older routers will still be able to use the streaming capabilities of newer routers.
+This issue was discovered and fixed internally, by the I2P development team, and is not related to the DDOS attacks.
+We have never encountered a replayed streaming packet in the wild and do not believe a streaming replay attack has ever taken place against the I2P network at this time.
+{%- endtrans %}
+
+{% trans -%}
+As you may have noticed, these release notes and the release itself have been signed by idk, and not zzz.
+zzz has chosen to step away from the project and his responsibilities are being taken on by other team members.
+As such, the project is working on replacing the network statistics infrastructure and moving the development forum to i2pforum.i2p.
+We thank zzz for providing these services for such a long time.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+
+**DETAILS**
+
+*Changes*
+
+- {% trans %}i2psnark: New search feature{% endtrans %}
+- {% trans %}i2psnark: New max files per torrent config{% endtrans %}
+- {% trans %}NetDB: Expiration improvements{% endtrans %}
+- {% trans %}NetDB: More restrictions on lookups and exploration{% endtrans %}
+- {% trans %}NetDB: Store handling improvements{% endtrans %}
+- {% trans %}NTCP2: Banning improvements{% endtrans %}
+- {% trans %}Profiles: Adjust capacity estimates{% endtrans %}
+- {% trans %}Profiles: Expiration improvements{% endtrans %}
+- {% trans %}Router: Initial support for congestion caps (proposal 162){% endtrans %}
+- {% trans %}Transports: Add inbound connection limiting{% endtrans %}
+- {% trans %}Tunnels: Refactor and improve peer selection{% endtrans %}
+- {% trans %}Tunnels: Improve handling of "probabalistic" rejections{% endtrans %}
+- {% trans %}Tunnels: Reduce usage of unreachable and floodfill routers{% endtrans %}
+
+
+*Bug Fixes*
+
+- {% trans %}Docker: Fix graphs not displaying{% endtrans %}
+- {% trans %}i2psnark: Fix torrents with '#' in the name{% endtrans %}
+- {% trans %}i2psnark standalone: Fix running from outside directory{% endtrans %}
+- {% trans %}i2psnark standalone: Remove "Start I2P" menu item from systray{% endtrans %}
+- {% trans %}i2ptunnel: Fix typo in HTTPS outproxy hostname{% endtrans %}
+- {% trans %}i2ptunnel: Interrupt tunnel build if stop button clicked{% endtrans %}
+- {% trans %}i2ptunnel: Return error message to IRC, HTTP, and SOCKS clients on failure to build tunnels{% endtrans %}
+- {% trans %}NTCP2: Ensure an IPv6 address is published when firewalled and IPv4 is not{% endtrans %}
+- {% trans %}Ratchet: Don't bundle wrong leaseset with ack{% endtrans %}
+- {% trans %}Router: Fixes for symmetric NAT errors on 'full cone' NAT{% endtrans %}
+- {% trans %}SAM: Interrupt tunnel build if client times out{% endtrans %}
+- {% trans %}SSU2: Fix rare peer test NPE{% endtrans %}
+- {% trans %}Sybil: Don't blame i2pd publishing ::1{% endtrans %}
+- {% trans %}Sybil: Memory usage and priority reduction{% endtrans %}
+- {% trans %}Transports: More IP checks{% endtrans %}
+
+
+*Other*
+
+- {% trans %}Blocklist efficiency improvements{% endtrans %}
+- {% trans %}Bundles: Identify Win and Mac bundles in version info{% endtrans %}
+- {% trans %}Console: Identify service installs, revision, and build time in version info{% endtrans %}
+- {% trans %}Console: NetDB search form and tunnels page improvements (advanced only){% endtrans %}
+- {% trans %}Router: Reduce stats memory usage{% endtrans %}
+- {% trans %}Tunnels: Reduce "grace period"{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.2.0

i2p2www/blog/README

@@ -24,17 +24,92 @@ index page). The following metadata is used:
 - **excerpt**: Summary of the post (generally the same as the first line for
   translation purposes). Required, it is displayed on the blog index.
 
+Please use the following standard categories:
+
+- android
+- beta
+- community
+- conferences
+- development
+- general
+- news
+- release
+- security
+
+
 How to use the blog
 -------------------
 
 1. Create a directory path matching the date of the blog post, e.g.
-   'mkdir -p 2014/01/01'
+   'mkdir -p 2014/01/01'. Day and month directories MUST be two digits!
 2. Create a file in that directory with suffix '.rst'. The name of the file and
    the directory path will together be the URL that the post will be visible at
-   e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'
+   e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'.
+   Use - for spaces in the file name.
 3. Write the blog post in reStructuredText format, taking note of the custom
    format notes above.
 
+Translations
+-------------
+
+Write your post so it may be easily translated.
+Inside {% trans -%}...{%- endtrans %} blocks, put line breaks after long sentences
+or phrases. Do not put line breaks at random places.
+
+
+Links
+-------------
+
+The goal is to keep as much formatting out of the tagged string as possible,
+so that the translators are less likely to inadvertently break the formatting,
+and we can change the link later without breaking translations.
+This also allows us to use macros for converting to .i2p links.
+
+External links:
+
+For full untranslated link text:
+
+`QUIC <https://www.rfc-editor.org/rfc/rfc9000.html>`_
+
+For full translated link text:
+
+`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %}`__
+
+__ https://geti2p.net/en/download/mac
+
+or:
+
+`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %} <https://geti2p.net/en/download/mac>`_
+
+
+For partial translated link text:
+
+{% trans link1="https://...", link2="..." -%}
+Blah blah `link text <{{ link1 }}>`_ more text.
+<%- endtrans %>
+
+Internal links:
+
+As above but use, e.g.
+   `NTCP2 <{{spec_url("ntcp2")}}>`_
+   `SSU2 <{{proposal_url("159")}}>`_
+   This does not work: {% trans link1="{{spec_url('i2np')}}" -%}
+
+
+Multiple links to the same thing:
+
+{% trans -%}
+Blah blah RFC-9001_
+and RFC-9001_ again.
+<%- endtrans %>
+
+.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
+
+
+RST guide: https://docutils.sourceforge.io/docs/user/rst/quickref.html#hyperlink-targets
+
+
+
 Writing draft posts
 -------------------
 
@@ -43,6 +118,13 @@ with this suffix will be visible at their post URL, but will not be shown in
 the blog index. To publish the draft post, change the filename to remove the
 '.draft' in the suffix (e.g. git mv foo.draft.rst foo.rst).
 
+Review your formatting before checking in with the linux tool rst2html.
+This will not process translation blocks, of course.
+
+After checking in the draft, navigate to it in your browser and verify
+the formatting is correct, including translation blocks.
+
+
 Creating shortlinks
 -------------------
 

i2p2www/blog/helpers.py

@@ -30,13 +30,13 @@ def get_blog_feed_items(num=0, category=None):
     for post in posts:
         meta = post[1]
         parts = post[2]
-        a = {}
-        a['title'] = meta['title']
-        a['content'] = meta['excerpt'] if len(meta['excerpt']) > 0 else parts['fragment']
-        a['author'] = meta['author']
-        a['url'] = url_for('blog_post', lang=g.lang, slug=post[0])
-        a['updated'] = datetime.datetime.strptime(meta['date'], '%Y-%m-%d')
-        items.append(a)
+        items.append({
+            'title': meta['title'],
+            'content': meta['excerpt'] if len(meta['excerpt']) > 0 else parts['fragment'],
+            'author': meta['author'],
+            'url': url_for('blog_post', lang=g.lang, slug=post[0]),
+            'updated': datetime.datetime.strptime(meta['date'], '%Y-%m-%d')
+            })
     return items
 
 def get_blog_posts(num=0, return_parts=False, category=None):
@@ -67,7 +67,8 @@ def get_blog_slugs(num=0):
     # walk over all directories/files
     for v in os.walk(BLOG_DIR):
         # iterate over all files
-        slugbase = os.path.relpath(v[0], BLOG_DIR)
+        slugbase = slug_base_datevalidate(os.path.relpath(v[0], BLOG_DIR))
+        
         for f in v[2]:
             # ignore all non-.rst files and drafts
             if not f.endswith('.rst') or f.endswith('.draft.rst'):
@@ -79,7 +80,38 @@ def get_blog_slugs(num=0):
         return slugs[:num]
     return slugs
 
+def _slug_base(slugbase, func):
+    parts = slugbase.split('/')
+    slugParts = []
+    for p in parts:
+        slugParts.append(func(p))
+    return "/".join(slugParts)
+
+# reads a date and if it finds a one-digit representation of a day or month,
+# lengthens it to two
+def slug_base_datevalidate(slugbase):
+    return _slug_base(slugbase, datevalidate)
+
+# turns a one-digit date unit into a two-digit date unit
+def datevalidate(slugfrag):
+    slug = str(slugfrag)
+    if len(slug) == 1:
+        slug = "0" + slug
+    return slug
+
+# turns a two-digit date unit into a one-digit date unit
+def dedatevalidate(slugfrag):
+    slug = str(slugfrag)
+    if len(slug) == 2:
+        return slug.lstrip("0")
+    return slug
+
+# reverses slug_base_datevalidate
+def slug_base_dedatevalidate(slugbase):
+    return _slug_base(slugbase, dedatevalidate)
+
 def get_date_from_slug(slug):
+    slug = slug_base_datevalidate(slug)
     parts = slug.split('/')
     return "%s-%s-%s" % (parts[0], parts[1], parts[2])
 
@@ -96,7 +128,12 @@ def render_blog_post(slug):
         # check for drafts
         path = safe_join(BLOG_DIR, slug + ".draft.rst")
         if not os.path.exists(path):
-            abort(404)
+            slug = slug_base_dedatevalidate(slug)
+            path = safe_join(BLOG_DIR, slug+".rst")
+            if not os.path.exists(path):
+                path = safe_join(BLOG_DIR, slug + ".draft.rst")
+                if not os.path.exists(path):
+                    abort(404)
 
     # read file
     with codecs.open(path, encoding='utf-8') as fd:

i2p2www/browser.py

@@ -1,6 +1,8 @@
 from flask import redirect, render_template, request
 from i2p2www import CURRENT_I2P_VERSION, MIRRORS_FILE
 
+temp = lambda a: 'site/browser/' + a + '.html'
+
 def browser_frontpage():
   useragent = request.headers.get('User-Agent')
   osname = "unknown"
@@ -10,41 +12,39 @@ def browser_frontpage():
     osname = "windows"
   elif 'Linux' in useragent:
     osname = "linux"
-  return render_template('site/browser/_front.html', user_agent=useragent, detected_os=osname)
+  return render_template(temp('_front'), user_agent=useragent, detected_os=osname)
 
+deftemp = lambda a: render_template(temp(a))
 def browser_intro():
-  return render_template('site/browser/intro.html')
+  return deftemp('intro')
 
 def browser_download():
-  return render_template('site/browser/download.html')
+  return deftemp('download')
 
 def browser_releasenotes():
-  return render_template('site/browser/releasenotes.html')
+  return deftemp('releasenotes')
 
 def browser_roadmap():
-  return render_template('site/browser/roadmap.html')
+  return deftemp('roadmap')
 
 #def browser_known_issues():
-#  return render_template('site/browser/known_issues.html')
+#  return deftemp('known_issues')
 
 #def browser_troubleshooting():
-#  return render_template('site/browser/troubleshooting.html')
+#  return deftemp('troubleshooting')
 
 #def browser_updating():
-#  return render_template('site/browser/updating.html')
+#  return deftemp('updating')
 
 def browser_develop():
-  return render_template('site/browser/develop.html')
+  return deftemp('develop')
 
 def browser_donate():
-  return render_template('site/browser/donate.html')
+  return deftemp('donate')
 
 
 def browser_faq():
-  if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
-    show_i2p_links = True
-  else:
-    show_i2p_links = False
-  return render_template('site/browser/faq.html', is_i2p_internal=show_i2p_links)
+  show_i2p_links = request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server')
+  return render_template(temp('faq'), is_i2p_internal=show_i2p_links)
 
 

i2p2www/downloads.py

@@ -20,20 +20,20 @@ DEFAULT_MIRROR = {
 #DEFAULT_MIRROR = {
 #    "net": "clearnet",
 #    "protocol": "https",
-#    "domain": "download.i2p2.de",
+#    "domain": "download.i2p2.no",
 #    "path": "/releases/%(version)s/%(file)s",
 #    "org": "sigterm.no",
-#    "org_url": "https://download.i2p2.de", 
+#    "org_url": "https://download.i2p2.no", 
 #    "country": "no",
 #}
 
-#{
- #   'net': 'clearnet',
- #   'protocol': 'https',
- #   'domain':   'download.i2p2.de',
- #   'org':      'sigterm.no',
- #   'country':  'no',
-#}
+DEFAULT_MIRROR= {
+    'net': 'clearnet',
+    'protocol': 'https',
+    'domain':   'download.i2p2.no',
+    'org':      'sigterm.no',
+    'country':  'no',
+}
 
 DEFAULT_I2P_MIRROR = {
     'net': 'i2p',
@@ -49,10 +49,8 @@ DEFAULT_I2P_MIRROR = {
 
 # Read in mirrors from file
 def read_mirrors():
-    file = open(MIRRORS_FILE, 'r')
-    dat = file.read()
-    file.close()
-    lines=dat.split('\n')
+    with open(MIRRORS_FILE, 'r') as file:
+        lines = file.read().split('\n')
     ret={}
     for line in lines:
         try:
@@ -73,80 +71,71 @@ def read_mirrors():
         ret[net][protocol][domain]=obj
     return ret
 
-# List of downloads
-def downloads_list():
+def get_mirror(request):
     # TODO: read mirror list or list of available files
     if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
-        def_mirror = DEFAULT_I2P_MIRROR
+        return DEFAULT_I2P_MIRROR
     else:
-        def_mirror = DEFAULT_MIRROR
-    return render_template('downloads/list.html', def_mirror=def_mirror)
+        return DEFAULT_MIRROR
+
+deflist = lambda a: render_template('downloads/' + a + '.html')
+deflist2 = lambda a: render_template('downloads/' + a + '.html', def_mirror=get_mirror(request))
+
+# List of downloads
+def downloads_list():
+    return deflist2('list')
 
 # Debian-specific page
 def downloads_debian():
-    return render_template('downloads/debian.html')
+    return deflist('debian')
 
 # Windows-specific page
 def downloads_windows():
-    return render_template('downloads/windows.html')
+    return deflist('windows')
+
+# MacOS-specific page
+def downloads_macos():
+    return deflist('macos')
 
 # AIO-Windows-specific page
 def downloads_easyinstall():
-    # TODO: read mirror list or list of available files
-    if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
-        def_mirror = DEFAULT_I2P_MIRROR
-    else:
-        def_mirror = DEFAULT_MIRROR
-    return render_template('downloads/easyinstall.html', def_mirror=def_mirror)
+    return deflist2('easyinstall')
 
 # Docker-specific page
 def downloads_docker():
-    return render_template('downloads/docker.html')
+    return deflist('docker')
 
 # Firefox-specific page
 def downloads_firefox():
-    # TODO: read mirror list or list of available files
-    if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
-        def_mirror = DEFAULT_I2P_MIRROR
-    else:
-        def_mirror = DEFAULT_MIRROR
-    return render_template('downloads/firefox.html', def_mirror=def_mirror)
+    return deflist2('firefox')
 
 # The Lab
 def downloads_lab():
-    # TODO: read mirror list or list of available files
-    if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
-        def_mirror = DEFAULT_I2P_MIRROR
-    else:
-        def_mirror = DEFAULT_MIRROR
-    return render_template('downloads/lab.html', def_mirror=def_mirror)
+    return deflist2('lab')
 
 # Mac DMG page
 def downloads_mac():
-    # TODO: read mirror list or list of available files
-    if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
-        def_mirror = DEFAULT_I2P_MIRROR
-    else:
-        def_mirror = DEFAULT_MIRROR
-    return render_template('downloads/mac.html', def_mirror=def_mirror)
+    return deflist2('mac')
 
 def downloads_config():
-    return render_template('downloads/config.html')
+    return deflist('config')
 
 # Specific file downloader
 def downloads_select(version, file):
     mirrors=read_mirrors()
     obj=[]
     for net in mirrors.keys():
-        a={}
-        a['key']=net
-        a['name']=net
-        a['protocols']=[]
+        a = {
+            'key': net,
+            'name': net,
+            'protocols': []
+        }
         for protocol in mirrors[net].keys():
-            b={}
-            b['key']=protocol
-            b['name']=protocol
-            b['domains']=mirrors[net][protocol]
+            b = {
+                'key': protocol,
+                'name': protocol,
+                'domains': mirrors[net][protocol]
+            }
             a['protocols'].append(b)
         obj.append(a)
     return render_template('downloads/select.html', mirrors=obj, version=version, file=file)

i2p2www/extensions.py

@@ -113,9 +113,7 @@ class HighlightExtension(Extension):
                     lang = g.lang
                 parameters['tagurlformat'] = '/spec/%(path)s%(fname)s'
 
-        if formatter == 'textspec':
-            formatter = TextSpecFormatter(**parameters)
-        else:
-            formatter = I2PHtmlFormatter(**parameters)
+        func = TextSpecFormatter if formatter == 'textspec' else I2PHtmlFormatter
+        formatter = func(**parameters)
         code = highlight(Markup(body).unescape(), lexer, formatter)
         return code

i2p2www/formatters.py

@@ -376,17 +376,19 @@ class I2PHtmlFormatter(Formatter):
 
     def __init__(self, **options):
         Formatter.__init__(self, **options)
+        dec = lambda t, d='': self._decodeifneeded(options.get(t, d))
+        getbool = lambda key, d=False: get_bool_opt(options, key, d)
         self.title = self._decodeifneeded(self.title)
-        self.nowrap = get_bool_opt(options, 'nowrap', False)
-        self.noclasses = get_bool_opt(options, 'noclasses', False)
+        self.nowrap = getbool('nowrap')
+        self.noclasses = getbool('noclasses')
         self.classprefix = options.get('classprefix', '')
-        self.cssclass = self._decodeifneeded(options.get('cssclass', 'highlight'))
-        self.cssstyles = self._decodeifneeded(options.get('cssstyles', ''))
-        self.prestyles = self._decodeifneeded(options.get('prestyles', ''))
-        self.cssfile = self._decodeifneeded(options.get('cssfile', ''))
-        self.noclobber_cssfile = get_bool_opt(options, 'noclobber_cssfile', False)
-        self.tagsfile = self._decodeifneeded(options.get('tagsfile', ''))
-        self.tagurlformat = self._decodeifneeded(options.get('tagurlformat', ''))
+        self.cssclass = dec('cssclass', 'highlight')
+        self.cssstyles = dec('cssstyles')
+        self.prestyles = dec('prestyles')
+        self.cssfile = dec('cssfile')
+        self.noclobber_cssfile = getbool('noclobber_cssfile')
+        self.tagsfile = dec('tagsfile')
+        self.tagurlformat = dec('tagurlformat')
 
         if self.tagsfile:
             if not ctags:
@@ -405,7 +407,7 @@ class I2PHtmlFormatter(Formatter):
         self.linenostart = abs(get_int_opt(options, 'linenostart', 1))
         self.linenostep = abs(get_int_opt(options, 'linenostep', 1))
         self.linenospecial = abs(get_int_opt(options, 'linenospecial', 0))
-        self.nobackground = get_bool_opt(options, 'nobackground', False)
+        self.nobackground = getbool('nobackground')
         self.lineseparator = options.get('lineseparator', '\n')
         self.lineanchors = options.get('lineanchors', '')
         self.linespans = options.get('linespans', '')
@@ -841,8 +843,9 @@ class TextSpecFormatter(Formatter):
 
     def __init__(self, **options):
         Formatter.__init__(self, **options)
-        self.tagsfile = self._decodeifneeded(options.get('tagsfile', ''))
-        self.tagurlformat = self._decodeifneeded(options.get('tagurlformat', ''))
+        dec = lambda t, d='': self._decodeifneeded(options.get(t, d))
+        self.tagsfile = dec('tagsfile', '')
+        self.tagurlformat = dec('tagurlformat', '')
 
         if self.tagsfile:
             if not ctags:
@@ -878,17 +881,14 @@ class TextSpecFormatter(Formatter):
                                                'fext': extension}
                     refs[value] = '\n[%s]: %s#%s-%s' % (value, url, kinds[kind], value.lower())
                     value = '[%s]' % value
-
             if enc:
-                outfile.write(value.encode(enc))
-            else:
-                outfile.write(value)
+                value = value.encode(enc)
+            outfile.write(value)
 
         for ref in refs.values():
             if enc:
-                outfile.write(ref.encode(enc))
-            else:
-                outfile.write(ref)
+                ref = ref.encode(enc)
+            outfile.write(ref)
 
     def _lookup_ctag(self, token):
         entry = ctags.TagEntry()

i2p2www/legacy.py

@@ -23,6 +23,7 @@ LEGACY_FUNCTIONS_MAP={
     'easyinstall':           {'function': 'downloads_easyinstall',    'params': {}},
     'nsis':           {'function': 'downloads_easyinstall',    'params': {}},
     'windows':           {'function': 'downloads_windows',    'params': {}},
+    'macos':           {'function': 'downloads_macos',    'params': {}},
     'download':      {'function': 'downloads_list',   'params': {}},
     'installation':  {'function': 'downloads_list',   'params': {}},
     'meetings':      {'function': 'meetings_index',   'params': {}},
@@ -205,16 +206,20 @@ def legacy_show(f):
         lang = g.lang
     if lang == 'zh':
         lang = 'zh_CN'
-    if f in SHORTLINKS:
-        return redirect(url_for(SHORTLINKS[f]['function'], lang=lang, **SHORTLINKS[f]['params']), 301)
-    elif f in LEGACY_FUNCTIONS_MAP:
-        return redirect(url_for(LEGACY_FUNCTIONS_MAP[f]['function'], lang=lang, **LEGACY_FUNCTIONS_MAP[f]['params']), 301)
-    elif f in LEGACY_PAGES_MAP:
-        return redirect(url_for('site_show', lang=lang, page=LEGACY_PAGES_MAP[f]), 301)
-    elif f in LEGACY_BLOG_POSTS_MAP:
+    mapit = True
+    if f in LEGACY_BLOG_POSTS_MAP:
         return legacy_blog(lang, LEGACY_BLOG_POSTS_MAP[f]['date'], LEGACY_BLOG_POSTS_MAP[f]['title'])
+    elif f in SHORTLINKS:
+        a = SHORTLINKS[f]
+    elif f in LEGACY_FUNCTIONS_MAP:
+        a = LEGACY_FUNCTIONS_MAP[f]
     else:
-        return redirect(url_for('site_show', lang=lang, page=f), 301)
+        a = 'site_show'
+        b = LEGACY_PAGES_MAP[f] if f in LEGACY_PAGES_MAP else f
+        mapit = False
+    if mapit:
+        return redirect(url_for(a['function'], lang=lang, **a['params']), 301)
+    return redirect(url_for(a, lang=lang, page=b), 301)
 
 def legacy_meeting(id):
     return redirect(url_for('meetings_show', id=id, lang='en'), 301)

i2p2www/meetings/helpers.py

@@ -15,12 +15,12 @@ def get_meetings_feed_items(num=0):
     meetings = get_meetings(num)
     items = []
     for meeting in meetings:
-        a = {}
-        a['title'] = meeting['parts']['title']
-        a['content'] = meeting['parts']['fragment']
-        a['url'] = url_for('meetings_show', lang=g.lang, id=meeting['id'])
-        a['updated'] = (meeting['date'] if meeting['date'] else datetime.datetime(0))
-        items.append(a)
+        items.append({
+            'title': meeting['parts']['title'],
+            'content': meeting['parts']['fragment'],
+            'url': url_for('meetings_show', lang=g.lang, id=meeting['id']),
+            'updated': (meeting['date'] if meeting['date'] else datetime.datetime(0))
+            })
     return items
 
 def get_meetings(num=0):
@@ -36,11 +36,11 @@ def get_meetings(num=0):
                     date = datetime.datetime.strptime(parts['title'], 'I2P dev meeting, %B %d, %Y')
                 except ValueError:
                     date = None
-            a = {}
-            a['id'] = id
-            a['date'] = date
-            a['parts'] = parts
-            meetings.append(a)
+            meetings.append({
+                'id': id,
+                'date': date,
+                'parts': parts
+                })
     return meetings
 
 def get_meetings_ids(num=0):

i2p2www/meetings/logs/313.log

@@ -0,0 +1,119 @@
+(04:00:14 PM) eyedeekay: Hi everybody, welcome to the July 5 Meeting
+(04:00:14 PM) eyedeekay: 1. Hi
+(04:00:14 PM) eyedeekay: 2. 1.9.0 development status
+(04:00:14 PM) eyedeekay: 3. Support for Apple Silicon in the Mac easy-install bundle
+(04:00:14 PM) eyedeekay: 4. Windows easy-install bundle - out of beta?
+(04:00:32 PM) zzz: hi
+(04:00:35 PM) zlatinb: hi
+(04:00:44 PM) mode (-m ) by zzz
+(04:00:55 PM) eyedeekay: Hi guys, anybody else here today?
+(04:01:30 PM) eyedeekay: Moving right into 2. 1.9.0 development status
+(04:04:27 PM) eyedeekay: We are at a little less than 6 weeks in  I think, approx. 7 to go
+(04:04:27 PM) eyedeekay: zzz and orignal have been working hard on the implementation of SSU2 in i2p.i2p and i2pd
+(04:04:27 PM) eyedeekay: It won't be activated in 1.9.0 but if I understand correctly it's nearly done
+(04:04:27 PM) eyedeekay: I've been working on UDP tunnels again, mostly there but something's broken still, I'll probably need to ask zzz for help this week
+(04:04:50 PM) eyedeekay: zzz zlatinb anything else to add
+(04:05:09 PM) zzz: that's right, ssu2 is mostly working
+(04:05:17 PM) zzz: still fixing small bugs
+(04:06:03 PM) zzz: right now I'm working on making tunnel peer selection more efficient (unrelated to ssu2)
+(04:06:03 PM) zzz: other than that, just doing the usual bug fixing
+(04:06:06 PM) zzz: targeting a late august release
+(04:06:08 PM) zzz: EOT
+(04:06:48 PM) eyedeekay: Anyone interested in helping test should visit zzz's forum for instructions and to give feedback: http://zzz.i2p/topics/3314-how-to-enable-ssu2-in-i2p-1-8-0
+(04:07:00 PM) eyedeekay: 3. Support for Apple Silicon in the Mac easy-install bundle
+(04:07:27 PM) eyedeekay: zlatinb this is your topic, take your time
+(04:08:11 PM) zlatinb: hi, the big issue was jbigi but that is now solved via backporting the x18 register patch
+(04:08:59 PM) eyedeekay: So the easy-install bundle no longer needs to run on the emulated x86_64 mode?
+(04:09:15 PM) zlatinb: I would like to put up an official and notarized beta around end of july
+(04:09:42 PM) zlatinb: it has to be a separate download
+(04:09:46 PM) zzz: this would be a second bundle. we'd have two, one for x86 and one for arm
+(04:10:29 PM) zzz: I'm in favor, as it appears the extra dev effort would be small, and the speedup is large. Right?
+(04:10:37 PM) zlatinb: there is a caveat with updates when switching between bundle4s 
+(04:12:21 PM) zzz: sure, as long as there's instructions on how to switch, even if it's as simple as uninstall and reinstall, that should be fine
+(04:13:01 PM) zlatinb: i'll put them on /download/mac
+(04:13:23 PM) zlatinb: the news url needs to be changed manually
+(04:13:51 PM) zzz: the dev effort is small and the speedup is large, correct?
+(04:14:36 PM) zlatinb: speedup is there, also looks good to keep up with the times :)  dev effort except for notarization is small
+(04:14:48 PM) zzz: great. +1
+(04:14:54 PM) eyedeekay: +1
+(04:15:07 PM) zlatinb: thx EOT
+(04:16:02 PM) eyedeekay: Thanks zlatinb
+(04:16:02 PM) eyedeekay: 4. Windows easy-install bundle - out of beta?
+(04:16:35 PM) eyedeekay: I said ~3 months ago that I would be ready to move the easy-install bundle out-of-beta when I had a successful end-to-end update
+(04:18:05 PM) eyedeekay: I got that at 1.7.2 IIRC, but between 1.7.2 and 1.8.0 there were a number of bugs in how it worked when used with an external I2P router(i.e. a non-jpackaged router) in this situation the bundle is intended to work as a firefox-launcher only but this functionality was broken from 1.7.3-1.7.6
+(04:18:30 PM) eyedeekay: So I pushed it back again, but now I'm sure that all of the issues with running in both bundled and non-bundled modes are resolved
+(04:19:38 PM) eyedeekay: So I think it's finally ready to move out of beta, all the core functionality I thought was necessary has been established
+(04:20:49 PM) zzz: here's some things that may still need to be resolved:
+(04:21:18 PM) zzz: - is it just you that is successfully updating or are there other users that are also?
+(04:21:43 PM) zzz: - license requirements all met now?
+(04:22:27 PM) zzz: - are the windows bundle and the mac bundle now on the same JRE and roughly same release schedules?
+(04:22:58 PM) zzz: -- i.e. prepared for the 3-monthly JRE releases
+(04:23:22 PM) zzz: - and the usual question, do we have the resources to support this as an official product
+(04:23:49 PM) zzz: - also, are we removing the non-bundle download like we did for mac? or not?
+(04:23:51 PM) zzz: eot
+(04:25:46 PM) eyedeekay: License requirements are now fixed
+(04:25:46 PM) eyedeekay: I don't get a lot of feedback but at least 2 non-me updaters
+(04:25:46 PM) eyedeekay: I am sticking to LTS JRE, I think zlatinb is doing 18, but yes we are on the same schedule more-or-less
+(04:25:46 PM) eyedeekay: I do not think the resources required to work on the bundle are extensive, the hardest part is getting the build set up and it's not that hard, small investment now that it all works
+(04:25:46 PM) eyedeekay: I kind of want to remove the non-bundled download or possibly make it an "advanced installation" procedure
+(04:28:14 PM) zzz: - I don't think 2 non-you updaters is enough testers to declare it non-beta. Can you pimp it more on reddit or something?
+(04:28:25 PM) eyedeekay: Sure can do
+(04:28:43 PM) eyedeekay: I'm not in a hurry to rush it out
+(04:29:18 PM) zzz: - I'd like to see win and mac on the same JRE. Let's consolidate. I don't know which of you is right, but one of you is
+(04:29:29 PM) zzz: can you two come to an agreement?
+(04:29:43 PM) zzz: or are there reasons to be different?
+(04:30:01 PM) eyedeekay: I'm not married to my decision, I chose LTS strictly because of the statement "LTS"
+(04:30:57 PM) zzz: to be clear, not just the same version, but the same JRE supplier
+(04:31:10 PM) zzz: this will reduce the CVE review required every 3 months
+(04:31:14 PM) eyedeekay: We're both using Oracle right now to my knowledge
+(04:31:34 PM) eyedeekay: The only vendor with a similar update cycle is Amazon
+(04:31:49 PM) eyedeekay: I'd rather use Oracle than Amazon I think
+(04:33:16 PM) zzz: you two should be making these decisions together and in sync. I don't know why you're not and it sounds like you don't know either? :)
+(04:35:22 PM) eyedeekay: No I don't know. We did discuss vendors and update cycles at a couple points which is when we landed on Oracle due to releases being very quick compared to CVE's, but I don't know why I'm on 17 and zlatinb's on 18 now
+(04:36:27 PM) zlatinb: I don't remember the exact reason either
+(04:36:59 PM) zlatinb: maybe I wanted to test the ram reductions
+(04:37:28 PM) zzz: ok. I'm in favor of it coming out of beta, but let's get on the same JRE, get some more testing first and come back to us in a month or two
+(04:38:11 PM) zzz: I also want to think more about whether to remove the standard installer, maybe even worth a separate meeting about that
+(04:40:28 PM) zzz: eot
+(04:40:28 PM) eyedeekay: Re: actual reasons, perhaps a discussion for another time but I know the reason I'm on Oracle/17 is because I needed to pick a vendor who would respond to CVE's in less than 24 hours and because I wanted to ensure that I would have stability in terms of what I could expect from the API's and the JVM. I didn't really consider other reasons
+(04:40:28 PM) eyedeekay: Based on a sample of 1 event, I assessed that Oracle and Amazon were the fastest to release an update.
+(04:40:28 PM) eyedeekay: I considered Amazon because they are packaged in chocolatey which makes life on Windows a lot easier, but decided on Oracle instead
+(04:41:54 PM) eyedeekay: So that's how I landed on Oracle/17, basically out of caution
+(04:41:56 PM) eyedeekay: eot
+(04:41:57 PM) zlatinb: I can go down to 17 but really prefer to stick to oracle
+(04:42:18 PM) eyedeekay: So would I, so we're agreed
+(04:42:48 PM) zlatinb: on a related note i'll be afk until a week after the next jre release
+(04:43:28 PM) eyedeekay: Will we/can we make any arrangement for signing the bundles?
+(04:43:32 PM) zzz: I think you need 18 for the best apple arm support? if so then let's drag windows up to 18 also. But again, you two shouldn't be doing JRE vendor research and selection in separate silos. work together and decide together
+(04:43:32 PM) zlatinb: hopefully there won't be any urgent fixes
+(04:44:22 PM) zzz: we have limited resources, let's not do stuff twice for no reason
+(04:44:23 PM) zlatinb: signing requires deanon
+(04:44:28 PM) eyedeekay: I can push an unsigned bundle and tell people that they'll need to click through the pop-up in the news if need be
+(04:44:52 PM) eyedeekay: Still signed `su3` just not signed `exe`
+(04:45:21 PM) zlatinb: can't "click-through" on mac
+(04:45:31 PM) zlatinb: oh the exe signing is fine 
+(04:45:50 PM) zlatinb: we'\ll do it as  usual
+(04:46:41 PM) eyedeekay: OK then. Let me know if there's anything I can do(less rapidly deanoning) to help
+(04:47:39 PM) zlatinb: Nothing really other than take down the mac download page in the worst case
+(04:47:55 PM) eyedeekay: Well you have my signal number if you need me to do it
+(04:48:23 PM) zlatinb: ok.  it would be for a week at most
+(04:48:52 PM) zzz: eyedeekay, you're not setting the news URL in the feed, search for CHANGEME_URL_HERE :)
+(04:49:19 PM) eyedeekay: OMG I can't believe I missed that
+(04:49:29 PM) eyedeekay: Will do
+(04:49:32 PM) zzz: i put that in there a while back so you'd remember, I guess it didn't work (((
+(04:50:20 PM) eyedeekay: Re: Java 18 and Apple hardware, zzz just mentioned that 18 may have better support? If that's the case than that would be a thing I didn't know before and a reason to use 18 instead, can you confirm that?
+(04:51:39 PM) zlatinb: haven't done my homework on that sorry
+(04:51:53 PM) zzz: maybe a wild guess on my part, but don't need to decide in this meeting
+(04:52:17 PM) zlatinb: but if linux arm support is any indication it's very likely
+(04:52:34 PM) zlatinb: history of*
+(04:52:45 PM) zzz: but in general, newer is better, so isn't the point of bundling the JRE in a "easy bundle" is to have the latest?
+(04:53:19 PM) eyedeekay: I don't know, sometimes stable is better, and sometimes "easy" is somewhere in between
+(04:53:55 PM) zzz: that's why putting a LTS in a bundle doesn't make sense to me. 
+(04:58:29 PM) eyedeekay: Probably won't settle it today, but maybe I'm wrong about 17. zlatinb do you have a time that would be good this week to hammer out the 17/18 debate?
+(05:00:05 PM) zlatinb: generally any time is good and also bad because of my injury unless you want to get on a call
+(05:01:05 PM) eyedeekay: I'm happy to get on a call, we can figure out a time in private
+(05:01:18 PM) zlatinb: ack
+(05:01:43 PM) eyedeekay: Anything else for 4?
+(05:01:48 PM) eyedeekay: Or for the meeting?
+(05:01:53 PM) eyedeekay: Timeout 1m
+(05:03:46 PM) eyedeekay: All right thanks everybody for coming

i2p2www/meetings/logs/313.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, July 5, 2022 @ 20:00 UTC
+=========================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb

i2p2www/meetings/logs/314.log

@@ -0,0 +1,230 @@
+(04:18:08 PM) eyedeekay: 1. Hi 
+(04:18:08 PM) eyedeekay: 2. 1.9.0 development status
+(04:18:08 PM) eyedeekay: 3. Apple silicon bundle status 
+(04:18:08 PM) eyedeekay: 4. Letter to EFF to clarify what "running" a network means
+(04:18:08 PM) eyedeekay: 5. New Outproxy ref: http://zzz.i2p/topics/3254 
+(04:18:08 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) 
+(04:18:08 PM) eyedeekay: b) Technical review and test results (zzz and others) 
+(04:18:08 PM) eyedeekay: c) ToS and log policy review http://stormycloud.i2p/outproxy.html (all) 
+(04:18:08 PM) eyedeekay: d) Vote to approve (all) 
+(04:18:08 PM) eyedeekay: e) Rollout plan (if approved) (zzz, StormyCloud)
+(04:19:11 PM) eyedeekay: zzz zlatinb you guys here?
+(04:19:24 PM) zzz: hi
+(04:19:27 PM) zlatinb: hi yes
+(04:20:11 PM) eyedeekay: Sorry about that again, had a cooking accident
+(04:20:12 PM) eyedeekay: 2. 1.9.0 development status
+(04:21:23 PM) eyedeekay: We're 3 weeks from release, we pretty much settled on a date for it at ls2 meeting yesterday, it's going to be the 22nd. i2pd and/or Java I2P may enable SSU2 for new installs, or a small percentage of the network on restart like for router rekeying
+(04:22:21 PM) eyedeekay: 3 weeks left for bug reports and bug fixes
+(04:22:47 PM) eyedeekay: Anything else to add zzz, zlatinb?
+(04:23:54 PM) eyedeekay: 3. Apple silicon bundle status
+(04:23:54 PM) eyedeekay: zlatinb this one is your, please start when you are ready
+(04:24:23 PM) not_bob_afk is now known as not_bob
+(04:25:23 PM) zzz: let me add a little on 2) please
+(04:25:30 PM) SilicaRice: is SSU2 officially stable? :o
+(04:25:35 PM) eyedeekay: Ok go ahead, sorry did not mean to rush
+(04:25:46 PM) zzz: lag
+(04:25:59 PM) zzz: tag freeze will be Aug. 10, a week from tomorrow
+(04:26:17 PM) zzz: the SSU2 testers have been very helpful, about 50-75 of them on the network
+(04:26:36 PM) zzz: our goal is to enable it for a few hundred to a thousand routers in the this release
+(04:26:53 PM) zzz: to help us shake out the remaining bugs, while avoiding any chance of disaster
+(04:27:19 PM) zzz: and we'll enable it for everybody in the November release
+(04:27:33 PM) SilicaRice: ahh :3
+(04:27:47 PM) zzz: everything else is going smoothly as well, just the usual bug fixes all over
+(04:28:13 PM) zzz: SSU2 is mostly finished, that doesn't mean it's mostly perfect yet
+(04:28:30 PM) zzz: shout out also to the i2pd team, they're working hard also
+(04:28:42 PM) zzz: I guess that's it unless there's any questions
+(04:28:56 PM) not_bob: Will the update also effect the android build?
+(04:29:46 PM) eyedeekay: I don't change any settings, SSU2 will technically be available but there won't be a UI to enable it
+(04:30:34 PM) eyedeekay: It just inherits defaults from i2p.i2p except where it has to to run on the Android environment
+(04:30:36 PM) zzz: sure. We may also just enable SSU2 for all Android, since it's so much less CPU than SSU1 w/ ElGamal
+(04:30:36 PM) not_bob: Good, good.
+(04:30:36 PM) zzz: that's what i2pd is thinking, we may do the same
+(04:30:36 PM) zzz: yeah, we're not going to put an option in the UI and then lobby like crazy for people to enable it
+(04:30:36 PM) zzz: we'd never get the numbers we want
+(04:30:36 PM) not_bob: Can we get an option to enable it if desired?  Better battery life would be better.
+(04:30:46 PM) zzz: there's an advanced config, see zzz.i2p for info
+(04:30:53 PM) not_bob: Thank you.
+(04:30:55 PM) zzz: not sure if Android has access to advanced cnofig?
+(04:31:32 PM) eyedeekay: No it doesn't, you have to do weird stuff to make it work
+(04:31:51 PM) eyedeekay: Pretty much devs-only to manually edit non-i2ptunnel config files on Android
+(04:32:03 PM) not_bob: :(
+(04:32:26 PM) zzz: ok. anyway, might be good to enable it for android anyway, because one of the last features we need to implement is handling IP changes, so mobile routers  will help us develop and test test
+(04:32:43 PM) not_bob: I vote for that.
+(04:33:25 PM) zzz: ok. to be clear, nobody's going to notice any difference with SSU2. It's mostly the same feature set, and currently a little slower than SSU1, at least on Java. It's faster for i2pd
+(04:33:47 PM) eyedeekay: Battery life is a huge deal if SSU2 will make a difference at that
+(04:34:18 PM) eyedeekay: We could be worse about how much battery we use, but we could also be better
+(04:34:37 PM) zzz: the benefits are more security, less CPU, more reliable firewall detection
+(04:34:44 PM) zzz: I may write up a whole blog post about it, I think it's one of the most censorship-resistant protocols ever designed. We'll see
+(04:35:01 PM) zzz: eot
+(04:36:20 PM) eyedeekay: Thanks zzz. I think people are hearing "Less CPU" and instantly making an association "Easier on battery for Androids" which may be part of the interest
+(04:36:35 PM) eyedeekay: 3. Apple silicon bundle status
+(04:37:15 PM) eyedeekay: zlatinb this one's yours, go ahead when you're ready
+(04:37:26 PM) zlatinb: Hi, I made the bundle available for download about 6 days ago and there have been almost 100 downloads since
+(04:37:55 PM) zlatinb: about 30% of the mac users download the arm64 bundle which surprises me
+(04:40:58 PM) zlatinb: No feedback anywhere yet, but with the last known bug fixed I think this should be ready for promotion to stable
+(04:40:58 PM) zzz: the only thing I'd suggest is making sure the news feeds are up and working on both servers, by putting up a 'thanks for testing' news entry
+(04:40:58 PM) zlatinb: I'm thinking to upgrade the 1.8 bundle to 1.9 when that becomes available to test the update channel although don't expect any issues
+(04:40:58 PM) zlatinb: yes, can do that tomorrow after my right hand will be fully functional again (hopefully)
+(04:40:58 PM) zlatinb: that's about it
+(04:40:58 PM) zlatinb: eot
+(04:42:08 PM) eyedeekay: Thanks zlatinb, if you choose to do a news entry let me know and I'll update the servers
+(04:42:48 PM) eyedeekay: 4. Letter to EFF to clarify what "running" a network means
+(04:43:28 PM) zzz: so I'd say after a successful update or news entry, stable is fine. I don't expect any issues either, but we've had plenty of news glitches before 
+(04:43:48 PM) zzz: but willing to hear other opinions ofc
+(04:43:48 PM) zlatinb: the only real action for promoting to stable really is removing the "BETA" label from the website
+(04:43:48 PM) uis is now known as Irc2PGuest3854
+(04:43:48 PM) zzz: sure, it's more the principle than anything actually being different
+(04:43:48 PM) zzz: let's be purposeful in our labeling, that's all
+(04:44:07 PM) zlatinb: Yes, some background on that:
+(04:44:10 PM) mode (+v T3s|4) by ChanServ
+(04:44:34 PM) mode (+v albat) by ChanServ
+(04:44:48 PM) mode (+v polistern) by ChanServ
+(04:44:53 PM) zlatinb: eyedeekay and I met Kurt Opsahl from EFF at HOPE few weeks ago and asked him about legality of working on something like I2P
+(04:45:43 PM) zlatinb: He said that writing code is fine because "code == speech", however "running" the network may be a different story
+(04:46:21 PM) zlatinb: we didn't dig into what running the network means at HOPE
+(04:46:56 PM) zlatinb: but I think it's a good idea to reach out and clarify the topic as much as possible 
+(04:47:41 PM) zzz: what would we do differently, based on conceivable responses?
+(04:48:38 PM) zlatinb: I'm having very hard time conceiving the responses as it's a very broad topic
+(04:48:44 PM) eyedeekay: It may inform who is able to run what services
+(04:48:50 PM) zzz: whatever "running" we're doing, it's much less than their darling Tor, and how might we do even less?
+(04:49:32 PM) eyedeekay: But I think one likely response is that running services to support a network is probably speech too
+(04:49:53 PM) eyedeekay: That may be optimistic, but it's also the one that involves the least leaps
+(04:50:20 PM) zzz: in my experience, ask a lawyer an informal question, you'll get good information. Send them a letter, they'll say they aren't licensed in your state, go hire somebody
+(04:50:51 PM) zlatinb: no idea, maybe reseeds are fine and addressbooks are not, who knows,  Too many possible permutations
+(04:51:26 PM) zzz: if you want to follow up, follow up, but I've asked EFF for legal advice before, their answer is "we're not set up to be general purpose legal counsel. We litigate cases of interest"
+(04:51:59 PM) eyedeekay: Maybe I can track down somebody for an informal question next week then. Can't hurt to try both
+(04:52:38 PM) eyedeekay: Writing the letter would help inform the question
+(04:53:14 PM) zzz: email Kurt. He gave you a vague answer, following up is reasonable. He's always been quite nice every time I talk to him
+(04:54:00 PM) eyedeekay: Can do
+(04:54:30 PM) zzz: I just wouldn't expect anything actionable, but who knows?
+(04:54:32 PM) zlatinb: well it's worth structuring any such letter properly; also may be wise to build up the engagement gradually rather than dump a giant letter from the blue
+(04:55:31 PM) eyedeekay: zlatinb do you want to set up a time to sync up and write that letter this week?
+(04:55:34 PM) zlatinb: I suggest we start with a simple follow-up like "was nice to meet you" and then expand from there
+(04:56:32 PM) zlatinb: currently I'm thinking we should not write a giant letter describing how i2p works until we get an ack that eff is willing to work with us
+(04:56:42 PM) eyedeekay: OK
+(04:56:59 PM) zlatinb: they may decide they want a retainer, who knows
+(04:57:10 PM) zzz: see above. they don't do that
+(04:57:48 PM) zzz: you're misunderstanding how they work
+(04:58:06 PM) zlatinb: I'll shoot him a "was nice to meet you" follow up and cc you guys and take it from there.
+(04:58:18 PM) zlatinb: if they can't help at all that's fine too
+(04:59:15 PM) eyedeekay: Anything else for 4?
+(04:59:23 PM) zlatinb: no, eot
+(04:59:38 PM) eyedeekay: 5. New Outproxy ref: http://zzz.i2p/topics/3254 
+(04:59:38 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) 
+(04:59:38 PM) eyedeekay: b) Technical review and test results (zzz and others) 
+(04:59:38 PM) eyedeekay: c) ToS and log policy review http://stormycloud.i2p/outproxy.html (all) 
+(04:59:38 PM) eyedeekay: d) Vote to approve (all) 
+(04:59:38 PM) eyedeekay: e) Rollout plan (if approved) (zzz, StormyCloud)
+(04:59:51 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud)
+(05:00:10 PM) zzz: StormyCloud, you here?
+(05:00:21 PM) StormyCloud: Yes 
+(05:00:41 PM) zzz: this is a proposal to replace false.i2p, which was unreliable for years and is now dead
+(05:00:56 PM) zzz: thanks for volunteering to support a replacement
+(05:01:18 PM) zzz: please go ahead and give us a brief overview of your organization and your infrastructure
+(05:01:45 PM) StormyCloud: Who we are: We are a 501(c)(3) non-profit organization based out of Texas. Our mission is to provide privacy-based tools to allow everyone access to an unfiltered and unregulated Internet. We started this organization in 2021 and have been working closely with the TOR community by deploying exit nodes.
+(05:02:37 PM) StormyCloud: We own all of our hardware and currently colocate at a Tier 4 data center. As of now have a 10GBps uplink with the option to upgrade to 40GBps without the need for much change. We have our own ASN and IP space (IPv4 & IPv6).
+(05:02:55 PM) StormyCloud: Outproxy Infrastructure: Outproxies are run on Ubuntu 22.04 and have been optimized for I2P. The backend proxy software is TinyProxy and supports HTTP, HTTPS, I2P, and TOR onion links. Currently, the outproxy is multi-homed on two servers. We can increase this number of servers as needed. 
+(05:04:03 PM) zzz: I want to invite everyone to ask questions of StormyCloud at any point as we go through the agenda
+(05:04:15 PM) zzz: any questions at this time?
+(05:04:26 PM) not_bob: Yes
+(05:04:39 PM) not_bob: How do you deal with users who try to use your service for "really nasty stuff"?
+(05:05:46 PM) StormyCloud: Nothing, we do not filter any requests. While that does invite "bad" users we feel the internet should be a free and open place.
+(05:06:12 PM) R4SAS: And one from me: will be here SOCKS5 proxies in future?
+(05:06:48 PM) StormyCloud: R4SAS: If there is a need for a SOCKS5 proxy I am sure we can get one deployed.
+(05:07:01 PM) R4SAS: Thanks
+(05:07:45 PM) zzz: any other questions on 5a) ?
+(05:08:02 PM) not_bob: http://notbob.i2p/graphs/stormycloud.i2p.yearly.svg
+(05:08:14 PM) not_bob: I just want to note that stormycloud has been great for uptime.
+(05:08:56 PM) SilicaRice: the backend supports I2P links uh huh?
+(05:08:57 PM) not_bob: And performance is great.
+(05:09:29 PM) zzz: that brings us to 5b, yes
+(05:09:29 PM) zzz: the outproxy has been in beta for quite a while
+(05:09:29 PM) zzz: testing should ensure that the service is reliable, meets applicable standards, and is secure 
+(05:10:00 PM) zzz: we've encountered several issues over the last few months, and StormyCloud has always been responsive
+(05:10:13 PM) SilicaRice: (why would you run i2p links through an outproxy?)
+(05:10:29 PM) zzz: at this time my test results are good, and I'm recommending it to be our official outproxy
+(05:10:38 PM) dr|z3d: StormyCloud misspoke. there is no .i2p support.
+(05:10:40 PM) zzz: but let's hear any other test reports or questions
+(05:10:43 PM) StormyCloud: SilicaRice: My apologies I wrote that wrong
+(05:11:03 PM) SilicaRice: oh okay
+(05:12:00 PM) R4SAS: > We do not cooperate with any requests for information except where compelled by law, and in that event our ability to assist is limited by our logging policy.
+(05:12:19 PM) R4SAS: Will be here transparency reports in such situations?
+(05:12:45 PM) zzz: also, to be clear, this meeting is about Java I2P's default and recommendations. Any other project including i2pd may have their own processes and requirements and negotiations with the outproxy operator
+(05:13:03 PM) StormyCloud: R4SAS: Yes, we public a report quarterly on our clearnet website. That is something I can also do on our i2p site.
+(05:13:48 PM) zzz: ok, looks like we're on 5c) review of ToS and logging policies. The goal here is to ensure our users are protected.
+(05:14:00 PM) R4SAS: also, please, create in-i2p mail for contacting =)
+(05:14:03 PM) zzz: any comments or questions about the Tos?
+(05:15:41 PM) R4SAS: ah, btw, about 5b: StormyCloud, what tunnel settings are you using?
+(05:16:06 PM) R4SAS: length, amount, etc
+(05:16:11 PM) dr|z3d: 0 hop.
+(05:16:17 PM) eyedeekay: Everything it says looks pretty clear to me, although to follow up on what R4S4S it might be good to put a link to the transparency report in or after that > We do not... unless compelled by law section
+(05:16:34 PM) zzz: an outproxy operator is in a position to view all traffic, or at least all non-https traffic, so it's important that we trust the operator to protect our users
+(05:17:01 PM) StormyCloud: eyedeekay: Makes sense, ill get this added to the website
+(05:17:09 PM) zzz: it's currently two multihomed 0-hop servers, right StormyCloud ?
+(05:17:19 PM) StormyCloud: Correct
+(05:17:42 PM) not_bob: But, just to clarify, with the way i2p tunnels work, my 2-3 hops are still there.  You are just not adding any more, right?
+(05:18:07 PM) dr|z3d: the client can configure as many hops as they wish, not_bob.
+(05:18:12 PM) zzz: I also saw on zzz.i2p that it's ipv4-only but that may get fixed soon, right?
+(05:18:13 PM) anonymousmaybe is now known as Irc2PGuest54486
+(05:18:15 PM) not_bob: Yep, that's what I thought.  Thank you.
+(05:18:48 PM) StormyCloud: zzz: Correct, our upstream provider finished their upgrade. I didnt want to mess with IPv6 until all testing was done
+(05:19:49 PM) zzz: would you please elaborate on your experience running tor exits and the capacity of your tor exits?
+(05:21:00 PM) StormyCloud: Sure, we have been running tor exit since late last year, currently sitting at 130ish exits with about 1.6% of TOR exit traffic going through our servers.
+(05:21:49 PM) StormyCloud: Everything is virtualized and the process to setup has become pretty automated
+(05:22:06 PM) zzz: have you ever received any DMCA or other legal processes w.r.t. your tor exits? if so, how was it handled?
+(05:23:33 PM) StormyCloud: No legal requests and surprisingly no DMCA requests. We do get abuse complaints, we just respond and let them know this is a TOR exit and there is nothing further that can be done on our end.
+(05:23:47 PM) major: No legal requests and surprisingly no DMCA requests. We do get abuse complaints, we just respond and let them know this is a TOR exit and there is nothing further that can be done on our end.
+(05:24:27 PM) R4SAS: huh, acetone's bot has bug
+(05:24:33 PM) zzz: any other questions sor StormyCloud before we go to 5d) appproval ?
+(05:24:34 PM) R4SAS: I'll PM him
+(05:25:33 PM) zzz: normally major doesn't have +v, but I turned +m off for the meeting, no big deal
+(05:26:36 PM) zzz: ok, if there's no more questions, everybody please indicate your approval / disapproval for making StormyCloud our official outproxy
+(05:26:45 PM) not_bob: Approve
+(05:26:58 PM) zzz: approve
+(05:27:05 PM) zlatinb: approve
+(05:27:05 PM) eyedeekay: approve
+(05:27:18 PM) SilicaRice: approve (if users count for anything)
+(05:27:54 PM) R4SAS: no objections, approve
+(05:28:32 PM) zzz: ok, great
+(05:28:39 PM) zzz: 5e) rollout
+(05:28:50 PM) zzz: the two major steps are:
+(05:29:08 PM) zzz: 1) setting it as default for new installs (as early as the next release in 3 weeks)
+(05:29:23 PM) zzz: 2) recommending to existing users to change their config (probably via console news, any time)
+(05:29:30 PM) zzz: these can happen in either order
+(05:29:41 PM) zzz: and we have no idea how much traffic either would generate
+(05:29:59 PM) zzz: other products (Android, bundles), probably aren't big enough to worry about timing
+(05:30:14 PM) zzz: StormyCloud, what is your request or recommendation on when and how we proceed?
+(05:31:36 PM) StormyCloud: If the console news can be set/sent anytime then we can let existing users know to switch now (if they want) and that gives us three weeks to monitor and spin up new servers if needed.
+(05:32:12 PM) dr|z3d: console news generally published with a new release.
+(05:32:13 PM) not_bob: StormyCloud: How much traffic are you handeling for the outproxy currently?
+(05:33:10 PM) zzz: ok. it would be nice to point to a howto page with screenshots for editing the hidden services manager config. That could be hosted on stormycloud.i2p, or a i2p-projekt.i2p blog post? Any volunteers to put that together?
+(05:33:35 PM) eyedeekay: I can do it
+(05:33:35 PM) StormyCloud: Difficult to say at this time, since we dont log anything. I am monitoring network activity, but that too doesnt tell a full picture since its also passing i2p traffic.
+(05:34:18 PM) dr|z3d: StormyCloud: we keep an eye on exit traffic via graphs..
+(05:34:41 PM) dr|z3d: in short, notbob, nothing worth getting excited about.
+(05:34:59 PM) zzz: dr|z3d, you have a guess on current % utilization of your two nodes? probably very small?
+(05:35:21 PM) dr|z3d: utilization in what sense?
+(05:35:28 PM) dr|z3d: capacity-wise?
+(05:35:33 PM) zzz: yes
+(05:35:50 PM) zzz: or maybe you don't really know until you hit it...
+(05:35:51 PM) dr|z3d: very small is about right.
+(05:36:18 PM) dr|z3d: throw a few thousand concurrent users at the outproxy, we'll then know :)
+(05:36:33 PM) zzz: yeah, apologies to StormyCloud, we were unable to get any historical estimates of false.i2p bandwidth
+(05:37:06 PM) zzz: so it's a little bit of a crap shoot, as long as you're monitoring things and have an expansion plan, we should be fine
+(05:37:37 PM) StormyCloud: All good, we will adjust as more and more people start to use the outproxy
+(05:38:11 PM) dr|z3d: well, as configured, the outproxies combined can handle up to 8192 concurrent streams. so there's plenty of capacity there, and StormyCloud has plenty of stuff in the wings if required.
+(05:38:21 PM) zzz: and StormyCloud re: new installs, should we plan to make it the default in the next release late this month as well?
+(05:39:01 PM) StormyCloud: Yes, that would be fine
+(05:39:29 PM) zzz: ok then. eyedeekay let me know when you have a blog post up, and then I'll write the news entry
+(05:39:39 PM) zzz: anything else on 5e) rollout ?
+(05:39:43 PM) eyedeekay: OK, expect it tonight or tomorrow
+(05:40:14 PM) eyedeekay: Nothing from me
+(05:40:14 PM) zzz: thanks again StormyCloud 
+(05:40:18 PM) zzz: back to you eyedeekay 
+(05:41:07 PM) eyedeekay: All right that's it for the listed items, I'll be at Def Con next week in case anybody who's watching wants to meet me there lol
+(05:41:49 PM) eyedeekay: If anybody else has anything else for the meeting, please speak up, otherwise timeout 1m
+(05:42:59 PM) R4SAS: I have one question, but it is out of meeting scope
+(05:43:34 PM) zzz: oh, also thanks to dr|z3d for vital technical assistance over the testing period
+(05:43:41 PM) eyedeekay: All right thanks everybody for coming to the meeting, I've got a kind of crazy section in the middle of my log but once I fix that I'll post the logs to the web site
+(05:43:44 PM) eyedeekay: Thanks for coming
+(05:43:59 PM) not_bob: Thank you for having us.

i2p2www/meetings/logs/314.rst

@@ -0,0 +1,15 @@
+I2P dev meeting, August 2, 2022 @ 20:00 UTC
+===========================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb,
+StormyCloud,
+R4S4S,
+SilicaRice,
+not_bob

i2p2www/meetings/logs/315.log

@@ -0,0 +1,106 @@
+(04:01:46 PM) eyedeekay: Hi everybody
+(04:01:50 PM) eyedeekay: welcome to the Tuesday September 6 meeting
+(04:02:02 PM) zzz: hi
+(04:02:07 PM) mode (-m ) by zzz
+(04:02:13 PM) zlatinb: hi
+(04:02:26 PM) eyedeekay: 1. Hi 
+(04:02:26 PM) eyedeekay: 2. 1.9.0 release status 
+(04:02:26 PM) eyedeekay: 3. 1.10.0 development status
+(04:02:26 PM) eyedeekay: 4. next release 2.0.0?                                          
+(04:02:26 PM) eyedeekay: 5. Mac arm64 bundle out of beta if 1.9.0 update was successful? (followup from last meeting)                               
+(04:02:51 PM) eyedeekay: Anything else to add before we get started?
+(04:03:19 PM) eyedeekay: hi zzz, hi zlatinb
+(04:03:46 PM) eyedeekay: 2. 1.9.0 release status
+(04:05:11 PM) eyedeekay: We released about 2 weeks ago, there was a slight delay getting Android and the Easy-Install bundle out now
+(04:05:11 PM) eyedeekay: F-Droid builds are now fixed as well so people who wish to can install from F-Droid main if they choose to and the app will work
+(04:05:37 PM) not_bob: Thank you for that.
+(04:05:43 PM) eyedeekay: No problem
+(04:06:41 PM) eyedeekay: I'm going to be doing a point release for the Windows Easy-Install bundle, zlatinb found a very hard-to-spot bug which sees to affect easy-install bundle on Windows 11 slightly more than other places
+(04:07:17 PM) eyedeekay: zzz do you want to talk Debian or anything else?
+(04:07:51 PM) zzz: sure
+(04:07:53 PM) zzz: about 40% of net is updated which is typical for 2 weeks in
+(04:08:10 PM) zzz: we have a few hundred SSU2-enabled routers now, as desired/expected
+(04:08:41 PM) zzz: no major issues so far
+(04:09:06 PM) zzz: although zlatinb's bug is maybe medium-major :)
+(04:09:07 PM) zzz: EOT
+(04:10:01 PM) eyedeekay: Yeah and what I don't understand is how it went without happening much for so long, and then it hits the easy bundle twice in quick succession
+(04:10:17 PM) zlatinb: well its kind of by accident that I have to use a windows 11 laptop for a few days, itś discovered a lot of issues
+(04:11:08 PM) zlatinb: I guess the reseed problem either caused people to try again or give up on i2p off the bat
+(04:11:09 PM) zzz: that's usually the way it goes... dev gets new setup... all hell breaks loose
+(04:11:59 PM) zlatinb: there is still an unresolved forking issue with firefox on first launch
+(04:12:48 PM) zlatinb: so ideally we should try and do something about it
+(04:13:30 PM) eyedeekay: Indeed, it only happens the very first time the browser launcher is run, every subsequent time it works fine
+(04:13:36 PM) zlatinb: maybe launch headless or play with the launch options, idk
+(04:14:10 PM) eyedeekay: Yeah I could launch it headless on the first run, let it fork and close, then subsequently run with the window open
+(04:14:58 PM) eyedeekay: That's a good idea thanks zlatinb
+(04:15:15 PM) eyedeekay: Anything else on 2?
+(04:16:03 PM) goingpostal is now known as Irc2PGuest14444
+(04:16:29 PM) eyedeekay: 3. 1.10.0 development status
+(04:18:30 PM) eyedeekay: Sorry I'm a little less prepared than usual, stuck in somebody else's office all day, bear with me
+(04:21:00 PM) eyedeekay: 2 weeks in, I've been working on a number of improvements to the Windows bundle to make it more stable and intuitive to use and to help track down this clock-skew bug
+(04:21:37 PM) eyedeekay: I've also been porting the profile and launcher parts of it(less the jpackaged router) to non-Windows platforms to hopefully provide automatic browser configuration there
+(04:22:06 PM) eyedeekay: zzz has been working on SSU2, fixing bugs with the help of orignal, would you like to update us on that zzz
+(04:22:16 PM) zzz: yes, thanks. early days, but a summary of changes and fixes so far is at http://zzz.i2p/topics/3377
+(04:22:32 PM) zzz: SSU2 - added the ack-immediate flag and connection migration
+(04:22:47 PM) zzz: which are the last two things we wanted to get in before enabling for all
+(04:24:07 PM) eyedeekay: Cool so you're right on track then?
+(04:24:30 PM) zzz: the larger user base has us finding corner cases and more rare bugs, nothing too serious, fixing as we go
+(04:24:30 PM) zzz: the plans for months has been for us to enable SSU2 for everybody in the November release and we are still on track
+(04:24:30 PM) zzz: EOT
+(04:24:42 PM) zzz: yes
+(04:24:51 PM) eyedeekay: Awesome thanks for the update
+(04:25:09 PM) eyedeekay: Anything else for 3?
+(04:25:41 PM) eyedeekay: 4) next release 2.0.0?
+(04:25:52 PM) eyedeekay: zzz you added this topic, would you like to get us started?
+(04:26:12 PM) zzz: this was a suggestion from dr|z3d so if he's around I'll ask him to make his pitch
+(04:26:50 PM) zzz: but if he's not, I'll say it's not a bad idea
+(04:27:05 PM) zzz: linux is about to go from 5.19 to 6.0
+(04:27:25 PM) zzz: tor's arti just went to 1.0.0
+(04:27:26 PM) zzz: ssu2 as good an excuse as any
+(04:27:45 PM) RightNow: and I2P is going from SSU to SSU2
+(04:27:47 PM) zzz: EOT - thoughts everyone? and we don't need to decide today, we have 11 more weeks
+(04:28:30 PM) not_bob: I have no issue with it so long it works.
+(04:29:18 PM) zzz: anybody hate it? anybody love it?
+(04:29:21 PM) eyedeekay: Sure, I think it makes sense, both transports will have been modernized, it's a big milestone
+(04:29:43 PM) zlatinb: I kind of wish we had something bigger of a bang to go to 2.0
+(04:29:48 PM) RightNow is now known as RN
+(04:30:34 PM) eyedeekay: Use it for 3.0.0 maybe?
+(04:30:38 PM) zzz: there's nothing bigger on the roadmap. frankly, I hope we don't ever do anything bigger, I'm tired...
+(04:30:56 PM) zlatinb: also I have to leave now sorry, on the last topic yes I think the mac arm bundle is ready to go out of beta.  I will have the windows laptop for another day or two for testing.  Gotta bolt now, sorry
+(04:30:59 PM) zlatinb: ttyl
+(04:31:05 PM) RN: zzz, you are also thanked.
+(04:32:26 PM) eyedeekay: Yes zzz, your dedication and hard work are appreciated
+(04:32:34 PM) zzz: tell you what eyedeekay let me post in the 1.10 thread on my forum and will come back next month with a report, stick it on the agenda for next month
+(04:32:44 PM) eyedeekay: Will do zzz
+(04:33:18 PM) zzz: wasn't trying to elicit thanks, just pointing out this was the last - and hardest - of the crypto migration we've been on for about a decade
+(04:33:36 PM) eyedeekay: Didn't need to elicit it, you deserve it :)
+(04:33:52 PM) eyedeekay: But point taken, it's a huge effort
+(04:33:58 PM) RN: it is a milestone worth celebration, and yeah, you deserve it!
+(04:34:14 PM) zzz: if we'd tried to do SSU2 first it would have killed us all. we only managed due to the experience of all the rest of it
+(04:34:26 PM) zzz: shared credit to the i2pd project of course
+(04:35:01 PM) eyedeekay: Indeed. Back on track though, anything else on 4?
+(04:35:15 PM) RN: but you led the charge.
+(04:35:21 PM) zzz: if we want to do post-quantum that can be 3.0.0 :)
+(04:35:43 PM) eyedeekay: Good idea, that will be exciting
+(04:35:53 PM) zzz: nope, nothing else
+(04:36:05 PM) eyedeekay: Well 5) was: Mac arm64 bundle out of beta if 1.9.0 update was successful? (followup from last meeting)
+(04:36:43 PM) eyedeekay: Which zlatinb gave us a status update for on his way out the door, with the update being successful I see no reason against it
+(04:37:38 PM) eyedeekay: Anybody else have anything to add to this topic?
+(04:38:06 PM) zzz: I assume zlatinb meant the update worked; if so, he can remove the beta label on the web page
+(04:38:32 PM) zzz: that was the only reservation I had at the last meeting
+(04:38:33 PM) zzz: eot
+(04:39:45 PM) eyedeekay: OK. One of us should ping us when we see him online
+(04:39:52 PM) eyedeekay: Anything else for the meeting?
+(04:40:04 PM) eyedeekay: ping *him 
+(04:41:14 PM) eyedeekay: Well I guess without his git creds I may as well remove the label
+(04:41:27 PM) eyedeekay: So I'll do it
+(04:41:43 PM) zzz: do you have confirmation the update worked?
+(04:42:11 PM) zzz: because he didn't say that above
+(04:42:53 PM) eyedeekay: I don't think I do
+(04:43:01 PM) eyedeekay: Nope
+(04:43:14 PM) eyedeekay: No I've not strictly speaking heard anyone say those exact words yet
+(04:43:21 PM) eyedeekay: So I'll wait
+(04:43:26 PM) eyedeekay: And ask him
+(04:43:32 PM) zzz: ok
+(04:44:19 PM) eyedeekay: Anything else for the meeting timeout 1m?
+(04:45:44 PM) eyedeekay: All right thanks everyone for coming

i2p2www/meetings/logs/315.rst

@@ -0,0 +1,14 @@
+I2P dev meeting, September 6, 2022 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb,
+not_bob,
+RightNow,
+RN

i2p2www/meetings/logs/316.log

@@ -0,0 +1,165 @@
+(04:00:08 PM) eyedeekay: Hi everyone, welcome to the October 4 2022 meeting
+(04:00:08 PM) eyedeekay: 1. Hi
+(04:00:18 PM) zlatinb: hi
+(04:00:28 PM) zzz: hi
+(04:00:51 PM) eyedeekay: 1. Hi
+(04:00:51 PM) eyedeekay: 2. 1.10.0 development status
+(04:00:51 PM) eyedeekay: 3. next release 2.0.0?
+(04:00:51 PM) eyedeekay: 4. Publish source tarballs for bundle releases
+(04:00:51 PM) eyedeekay: 5. Free stickers for translators
+(04:00:51 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
+(04:01:05 PM) eyedeekay: 2. 1.10.0 development status
+(04:01:15 PM) eyedeekay: About 7 weeks to go
+(04:01:24 PM) eyedeekay: My big priority this month has been to get the Windows Easy-Install bundle ready to go out of beta
+(04:01:31 PM) eyedeekay: Lots of stuff on the forum about that, targeting stable updates, compatibility with existing/unbundled routers, and a more stable and flexible way to manage and launch browser profiles, more on all that in item 6
+(04:01:38 PM) eyedeekay: Also working on a "Split Tunneling" or "Per-App VPN" tool in Android(on the roadmap).
+(04:01:47 PM) eyedeekay: The utility is that it allow users to configure their browsers more easily, in a way which prevents WebRTC escapes by putting them onto an interface which corresponds to an I2P connection and not to their network provider
+(04:02:05 PM) eyedeekay: zzz, zlatinb what would you like to add that you're working on
+(04:02:30 PM) zzz: not a lot to report... SSU2 testing continues to go well...
+(04:02:53 PM) zzz: put up proposal 161 about compressible padding, we'll be discussing it in #ls2 meetings...
+(04:03:06 PM) zlatinb: Nothing specific I'm working on, just want to let everyone know that I'll be afk from 22nd Nov to 10th Dec so if the next release gets tagged on the 21st I may be able to build the mac bundles but will most likely not be able to seed the torrents
+(04:03:29 PM) eyedeekay: If you send me the files I'll seed them for you
+(04:03:32 PM) zzz: I have some peer selection efficiency improvements I'm going to try to get in soon, may or may not make it
+(04:03:43 PM) zzz: EOT
+(04:04:21 PM) eyedeekay: Thanks zzz, zlatinb, I don't want to rush anybody but we do have a long agenda today, anything else to add on 2?
+(04:04:59 PM) eyedeekay: 3. next release 2.0.0?
+(04:04:59 PM) eyedeekay: My vote is yes to 2.0.0
+(04:05:19 PM) zzz: yeah I put it up for comments on my forum and got I think 1 yes and no no's
+(04:05:36 PM) eyedeekay: I was a yes at the last meeting too I think
+(04:05:46 PM) zzz: I'd like to decide today because I have a SSU2 blog post ready to go and it would be helpful to refer to the next release by number
+(04:06:22 PM) zzz: yeah I didn't hear any strong opinions one way or the other last meeting which is why we pushed it a month
+(04:06:34 PM) zzz: I think it's a good idea
+(04:06:51 PM) zzz: so if there's no objections, let's call it 2.0.0!
+(04:07:30 PM) eyedeekay: Timeout 1m for objections
+(04:07:47 PM) zzz: make it 30 seconds :)
+(04:07:54 PM) eyedeekay: Yeah I already burned 30
+(04:08:04 PM) eyedeekay: OK there it is
+(04:08:06 PM) eyedeekay: 2.0.0
+(04:08:17 PM) eyedeekay: 4. Publish source tarballs for bundle releases
+(04:08:31 PM) zzz: yeah this was my item
+(04:08:53 PM) zzz: standard open source practice is to post source tarballs, even if we can point to a git tag
+(04:09:06 PM) zzz: I understand that the Mac source doesn't change release to release?
+(04:09:10 PM) zzz: but the windows source does?
+(04:09:46 PM) zlatinb: well the mac bundle has evolved to enable arm64 but in general it doesn't change
+(04:10:02 PM) eyedeekay: What we both do is clone a copy of the repo and check out a specific release tag, ant distclean, generate our jars, and copy them into the bundle trees
+(04:10:15 PM) zzz: anyway, my recommendation is that we generate source tarballs as part of the build process and link to them on the respective download pages
+(04:10:36 PM) zzz: if they don't change, then I guess they can be unversioned
+(04:10:50 PM) zzz: so the windows source doesn't change release-to-release either?
+(04:11:01 PM) zlatinb: I would rather just tag and then fetch the tarball from github.  I expect at least for a while the only thing changing in the mac bundle will be the changelog file
+(04:11:50 PM) zzz: you all can work out the details, but the goal is to have source and instructions so anybody can build it themselves
+(04:12:00 PM) eyedeekay: The i2p jars that get included don't change except to get updated, but the Windows source has changed in the launcher quite a lot since it started
+(04:12:12 PM) zzz: are you two willing to do that and add it to your release processes?
+(04:12:21 PM) eyedeekay: Yes absolutely
+(04:12:31 PM) eyedeekay: My release scripts and daily scripts now include tarball every time
+(04:12:36 PM) zzz: you don't need to include dependencies such as i2p, and probably shouldn't
+(04:12:37 PM) eyedeekay: zab's too IIRC
+(04:12:54 PM) zlatinb: the question is where to put the tarballs, should they be available on the site, etc.
+(04:13:25 PM) zzz: somewhere on the download server with everything else, with links on the bundle pages. You two can work out the details to be consistent
+(04:13:59 PM) zlatinb: well that's the thing, if we can just point to a gitlab tag then there's no need for any extraneous links
+(04:14:31 PM) zzz: disagree, I think it's good open source practice to publish source tarballs
+(04:14:55 PM) zlatinb: github and maybe gitlab allow tarball download off of a tag
+(04:14:57 PM) eyedeekay: It's not much more effort, I'm not against it, I tag in the same script I generate tarballs in
+(04:15:05 PM) zzz: here's the binary, here's the source, here's the gpg sigs, here's the build instructions
+(04:15:29 PM) zzz: it's also consistent with our mainline release to have tarballs
+(04:16:15 PM) zzz: sounds like zlatinb is not in agreement? should we push this off to next month?
+(04:16:38 PM) zlatinb: yeah I think it's unnecessary
+(04:16:57 PM) zlatinb: but don't mind doing it if that's what the decision is
+(04:17:11 PM) zzz: if it never changes, you only have to do it once and you're done
+(04:17:47 PM) zlatinb: it has changed very rarely historically
+(04:18:03 PM) eyedeekay: Kicking it down the road for now is fine with me, zlatinb and I can work out what we're going to do or not do in the meantime
+(04:18:33 PM) eyedeekay: This might be a situation where we have to be a little different because my bundle has been a little more rapidly-changing than his
+(04:19:27 PM) zzz: if we don't want to decide today I'll start a forum thread to solicit more opinions
+(04:20:44 PM) zlatinb: ok
+(04:20:44 PM) zzz: ok = you're oppposed for now?
+(04:21:02 PM) eyedeekay: Probably a good idea, and I'm pro tarballs
+(04:21:31 PM) zlatinb: yeah
+(04:21:31 PM) zzz: no problem, eyedeekay put it on the list for next month
+(04:21:37 PM) eyedeekay: OK can do
+(04:21:52 PM) eyedeekay: Anything else for 4?
+(04:22:38 PM) eyedeekay: 5. Free stickers for translators
+(04:22:55 PM) eyedeekay: zzz this one was also yours, take it away whenever you're ready
+(04:23:16 PM) zzz: yeah, credit sarah jamie lewis on twitter
+(04:23:32 PM) zzz: for her project which I've forgotten the name... cwtch?
+(04:24:02 PM) eyedeekay: That's the one
+(04:24:02 PM) zzz: anyway, thought it was a good idea, but we'd need a) stickers and b) people to mail them
+(04:24:17 PM) zzz: both of which we used to have but are now out of both people and stickers?
+(04:24:40 PM) zzz: so, do we want to do it, and should we order stickers (even if we don't)
+(04:24:45 PM) zzz: EOT
+(04:25:26 PM) zzz: sadie and eche|on used to be the sticker people I think
+(04:25:38 PM) eyedeekay: I went through and counted mine up, I've got maybe 35 of the old ones(Toopie) and 91 left of the run I ordered in the spring, but I'd be fine with ordering more
+(04:25:41 PM) zzz: anyway, comments please... yes/no/maybe?
+(04:26:00 PM) eyedeekay: I can mail them within the US and Canada but the EU isn't great for me
+(04:26:21 PM) zzz: we have hundreds of translators registered. only a few are probably active
+(04:26:41 PM) zzz: who is the sticker-orderer-person?
+(04:27:54 PM) eyedeekay: The last person to order stickers was probably me, but I did them on my own time/out of pocket so I would have them for conventions
+(04:28:19 PM) zzz: who's in charge of PR?
+(04:28:48 PM) zzz: who has an opinion about stickers for translators?
+(04:28:48 PM) zzz: well, you could have / should have gotten reimbursed... echelon used to be the sticker guy
+(04:29:54 PM) zzz: we're going to need his buyin both for the cost, and to make him the EU mail person, and to send half to you and half to him
+(04:30:15 PM) zzz: since he's not around, put this on the list for next month, I'll try to get his attention
+(04:30:22 PM) eyedeekay: I think that if translators request stickers we should be able to get them some stickers, but that it should be contingent on request
+(04:30:59 PM) zzz: sure, we don't have anybody's address, they have to ask. but we would have to tell them to ask
+(04:31:17 PM) uis is now known as Irc2PGuest33729
+(04:31:48 PM) zzz: if anybody's going to CCC then you need to hop on more stickers, independent of translators
+(04:32:42 PM) zzz: EOT, push it to next month, no answers today
+(04:32:47 PM) eyedeekay: Ack, I do plan to go so I'll make sure I have some stickers
+(04:32:47 PM) eyedeekay: So next step is start an email chain with Ech about it
+(04:33:09 PM) eyedeekay: EOT from me, anything else on 5?
+(04:33:50 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
+(04:33:58 PM) eyedeekay: This one's mine obviously
+(04:34:26 PM) eyedeekay: So 1.9.5 point release happened technically because of the reseed application context timer obviously
+(04:34:45 PM) eyedeekay: But it was a convenient time to also keep an eye on how the updates performed
+(04:35:54 PM) zlatinb: and how did it behave?
+(04:35:55 PM) eyedeekay: It wasn't without complications, people who were using fell into 3 groups
+(04:36:56 PM) eyedeekay: 1. People for whom it worked perfectly
+(04:36:56 PM) eyedeekay: 2. People for whom it resulted in corrupted router.config files for un-bundled routers
+(04:36:56 PM) eyedeekay: 3. People for whom it it did not update because the router.config files were from un-bundled routers
+(04:37:22 PM) eyedeekay: 2 and 3 were problems, I followed up with the fix in a forum post on zzz.i2p
+(04:37:43 PM) eyedeekay: I believe they are fixed now and cannot recur in the future
+(04:37:57 PM) eyedeekay: Therefore I think the update process will be ready by what is now 2.0.0
+(04:38:08 PM) eyedeekay: I actually think it's ready now but 7 weeks to test
+(04:38:53 PM) eyedeekay: So I would like to move it out of beta in November
+(04:39:09 PM) zzz: we don't have documented criteria for out-of-beta, really
+(04:39:17 PM) zzz: but for me it's that the release processes are solid, things aren't getting missed
+(04:39:27 PM) zzz: we're not doing point releases a week later to fix stuff
+(04:39:45 PM) zzz: but you may wish to list your own feature goals
+(04:40:21 PM) zzz: for example, are you two solid on reviewing the java updates every three months and jointly deciding to release or not?
+(04:40:40 PM) zzz: I didn't see any on-IRC discussion. did it happen off-IRC perhaps?
+(04:41:31 PM) zlatinb: the last discussion happened here, there has been no off-IRC discussion regarding jre point releases since
+(04:42:21 PM) eyedeekay: Didn't we talk about it on Whereby a little after that?
+(04:42:36 PM) eyedeekay: IIRC we only release in the Java cycle if there's a CVE which affects the last release?
+(04:42:46 PM) zzz: just to take an example, 18.0.2.1 August 18 2022 fixes a JIT bug that crashes the JRE. Are you two both on that, or did you jointly decide it wasn't necessary?
+(04:43:33 PM) zlatinb: I'm not on that I don't think
+(04:43:43 PM) zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
+(04:44:08 PM) zlatinb: 21:43:29 zlatinb: I'm not on that I don't think
+(04:44:08 PM) zlatinb: 21:43:42 zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
+(04:44:12 PM) zzz: back
+(04:45:12 PM) eyedeekay: I am on 18.0.2.1 but because I pushed back my release to try and make sure I addressed some stability issues and by that time Java had updated
+(04:45:24 PM) eyedeekay: Also my point release was built with an updated JDK
+(04:45:35 PM) eyedeekay: So that's got us out-of-sync again I think
+(04:45:54 PM) zzz: that's what I'm getting at about processes. If the build and release processes aren't yet stable and being reliably followed, these procucts aren't ready to graduate
+(04:46:01 PM) zzz: so when you updated, to 18.0.2.1, did you tell zlatinb you were doing it and suggest he do the same?
+(04:47:04 PM) eyedeekay: No I didn't, I simply let it auto-update and built with the latest version
+(04:48:13 PM) eyedeekay: So... there's another process to revise on my side
+(04:49:31 PM) zzz: I'd suggest you work on a solid bug-free release in november (together with whatever feature goals you have) and if that goes well put yourself on the agenda for december
+(04:50:00 PM) eyedeekay: OK can do
+(04:50:56 PM) zzz: or january because the release is likely to be late nov., may not have enough info by 1st week in dec.
+(04:52:02 PM) eyedeekay: If there's not enough to go on by then I'll move it
+(04:52:15 PM) eyedeekay: Anything else for 6?
+(04:52:27 PM) zzz: a brief 6a)
+(04:52:30 PM) eyedeekay: Sure
+(04:52:52 PM) zzz: zlatinb, reported that the mac arm update went well, so as far as I'm concerned it's out of beta as discussed on my forum
+(04:53:28 PM) zzz: zlatinb, you need to update your page to remove the beta label
+(04:53:28 PM) zzz: eot
+(04:53:28 PM) zlatinb: ok
+(04:53:29 PM) zlatinb: will do soon
+(04:54:24 PM) eyedeekay: All right that puts us at just shy of an hour, anything else for the meeting?
+(04:54:26 PM) eyedeekay: timeout 1m
+(04:54:41 PM) zlatinb: yes
+(04:54:57 PM) zlatinb: if StormyCloud reads the logs, I encourage them to address the concerns raised on reddit
+(04:56:15 PM) zlatinb: the longer that question stays unanswered the worse it looks
+(04:56:18 PM) eyedeekay: agreed, they do sometimes come to reddit and it would be good to hear from them
+(04:56:36 PM) zlatinb: eot
+(04:56:43 PM) eyedeekay: Thanks zlatinb
+(04:57:37 PM) eyedeekay: Anything else for the meeting(again)? timeout 30s this time
+(04:58:21 PM) eyedeekay: Thanks everyone for coming, I'll post the logs tonight, see you around IRC and same time next month

i2p2www/meetings/logs/316.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, October 04, 2022 @ 20:00 UTC
+=============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb

i2p2www/meetings/logs/317.log

@@ -0,0 +1,93 @@
+(03:00:31 PM) eyedeekay: Hi everyone, welcome to the November 8 meeting
+(03:00:31 PM) eyedeekay: 1. Hi 
+(03:00:31 PM) eyedeekay: 2. 2.0.0 development status 
+(03:00:31 PM) eyedeekay: 3. Publish source tarballs for bundle releases 
+(03:00:31 PM) eyedeekay: 4. Free Stickers for Translators
+(03:00:31 PM) eyedeekay: Anything else for the agenda?
+(03:00:39 PM) mode (-m ) by zzz
+(03:01:19 PM) zzz: hi
+(03:01:58 PM) eyedeekay: hi zzz
+(03:02:03 PM) eyedeekay: Anybody else here today?
+(03:02:08 PM) eche|on: hi
+(03:02:18 PM) eyedeekay: Hi eche|on
+(03:02:39 PM) eyedeekay: 2. 2.0.0 development status
+(03:02:58 PM) eyedeekay: We're 2 weeks from release with a tag freeze tomorrow, IIRC
+(03:03:49 PM) eyedeekay: Yes that's exactly when
+(03:04:38 PM) eyedeekay: zzz and orignal have been hard at work getting ssu2 ready, the plan is still to enable it
+(03:05:08 PM) eyedeekay: I'll be doing an unsigned release of the I2P Easy-Install for Windows
+(03:05:50 PM) eyedeekay: I don't know the Mac release status, though, are Mac users stuck on 1.9.0 until we can find a new Mac maintainer/signer?
+(03:06:25 PM) zzz: yes. There's a pretty good summary of the release at http://zzz.i2p/topics/3377
+(03:07:02 PM) zzz: the SSU2 testing in the last 3 months with 2% enabled has been a tremendous success
+(03:07:17 PM) zzz: haven't found any major issues, but we've fixed countless minor ones
+(03:08:19 PM) eche|on: go ahead with SSU2
+(03:08:35 PM) eche|on: about mac: I got a dev account and a MAC, but no idea howto currently
+(03:08:39 PM) eche|on: and less time
+(03:09:03 PM) zzz: interesting
+(03:09:31 PM) zzz: do you think you _could_ do it at some point? If so, when?
+(03:09:39 PM) eche|on: I do have the git repo of the mac inclusions, but currently not yet looked into
+(03:09:54 PM) eche|on: IF I find out howto, rather soon (tm)
+(03:10:05 PM) zzz: even if it's a month or two late, that would be fantastic
+(03:10:08 PM) eche|on: but the howto may fail in shorter terms
+(03:10:41 PM) eche|on: also no idea about whats apple going to do, but those are parts to find out
+(03:11:10 PM) eyedeekay: I'll see if I can help you, building the mac jpackages is pretty straightforward, I've never signed them but it's all in the scripts zab wrote
+(03:11:25 PM) zzz: when I do the 2.0.0 news.xml, I'll also put a news entry in the mac feed saying it will be delayed
+(03:11:42 PM) zzz: eyedeekay, do you have a mac?
+(03:11:57 PM) eyedeekay: I have an Intel Mac but no dev account
+(03:12:04 PM) eche|on: sadie has a mac, but neither idk nor sadie do want to go public with their names
+(03:12:25 PM) eche|on: getting a dev account is rather simple : give out your name and pay 100$ a year
+(03:12:28 PM) eyedeekay: I can make a dmg but it gets signed with local keys that aren't allowed on other Macs
+(03:12:32 PM) zzz: I understand. The idea is you could walk thru everything but the notarization
+(03:12:32 PM) eche|on: more or like thats it
+(03:13:12 PM) eche|on: bb 2min
+(03:13:25 PM) zzz: afaik it's the notarization that's the real pita. Hopefully the howto is clear...
+(03:14:14 PM) eyedeekay: I think the only pitfall really is getting the Java dev environments set up, there's a tool you install through brew that switches version that makes it very easy though
+(03:14:25 PM) zzz: eyedeekay, let's put this on the agenda for next month
+(03:14:36 PM) eyedeekay: Can do
+(03:15:19 PM) zzz: in the mean time, please run thru the howto as it currently exists as far as you can w/o notarization, just to test the howto and see if it needs any fixes for ech
+(03:16:10 PM) zzz: esp. to check if the arm64 side is documented
+(03:16:45 PM) eyedeekay: I will do everything I can, although I won't be able to run through the arm64 process because I do not have an arm64 Mac
+(03:16:53 PM) eche|on: I will check howto get the certs with notarization,
+(03:16:55 PM) eyedeekay: I'll do everything up to that though
+(03:17:18 PM) eche|on: eyedeekay: just order a arm64 mac. refund as usual
+(03:17:28 PM) eche|on: no need to stop at that
+(03:17:30 PM) zzz: do you need an ARM mac to build ARM? 
+(03:17:41 PM) zzz: probably...
+(03:17:59 PM) eyedeekay: I'm not quite sure on the subtleties of it all re: cross-compilation
+(03:18:02 PM) zzz: there's also a possible workflow where idk builds and ech notarizes
+(03:18:23 PM) zzz: but we don't need to work it all out here
+(03:18:44 PM) eyedeekay: But jpackage is pretty picky about architecture/OS combinations
+(03:19:28 PM) SoniEx2: raspberry pi?
+(03:19:39 PM) zzz: let's move on to next topic
+(03:19:40 PM) eyedeekay: ELF not Mach-O
+(03:19:42 PM) eyedeekay: But yes
+(03:19:45 PM) eyedeekay: 3. Publish source tarballs for bundle releases
+(03:20:24 PM) eyedeekay: Since it's just me now and I wanted to publish source tarballs the whole time, 2.0.0 Windows getting source tarballs
+(03:20:36 PM) eyedeekay: One for the bundle itself and one for the profile manager component
+(03:21:17 PM) eyedeekay: As part of going through the scripts from the Mac bundle I'll add source tarball generation as part of the process
+(03:21:18 PM) zzz: ok, and since the mac objector has left, let's add one to the mac page also
+(03:21:28 PM) eyedeekay: Will do
+(03:21:41 PM) zzz: great, I'm happy
+(03:22:38 PM) eyedeekay: 4. Free Stickers for Translators
+(03:23:27 PM) eche|on: yeah
+(03:23:49 PM) eyedeekay: eche|on and I talked about this briefly after last month's meeting by email
+(03:23:49 PM) eyedeekay: I think we were each in favor of doing it? I don't have my mail open
+(03:24:23 PM) eche|on: sure we can do this, one for each part of the wolrd
+(03:24:28 PM) zzz: it was my proposal, but it requires a) stickers and b) somebody to mail them
+(03:24:30 PM) eche|on: but my sticker ressources are limited
+(03:24:47 PM) zzz: as I understand we're essentially out of stickers
+(03:24:59 PM) eche|on: sadie/idk still do have several
+(03:25:05 PM) eche|on: I got around 400 or alike only
+(03:25:23 PM) eche|on: should be enough for 1year+, but plan ahead
+(03:25:26 PM) eyedeekay: Oh I ran myself down to like, 8 at All Things Open last week
+(03:25:30 PM) eyedeekay: I'll need to order more
+(03:25:53 PM) eche|on: ah, ok
+(03:26:10 PM) zzz: can you two coordinate on who is ordering, what the design is, and make sure each of you gets half?
+(03:26:16 PM) eyedeekay: Yes we can
+(03:26:34 PM) zzz: super
+(03:27:05 PM) zzz: when you have them in hand, holler and I'll announce on TX
+(03:27:11 PM) eche|on: good
+(03:27:22 PM) zzz: thanks guys
+(03:27:46 PM) eyedeekay: No problem
+(03:27:56 PM) eyedeekay: Anything else on 4 or for the meeting?
+(03:28:25 PM) eche|on: nope
+(03:29:14 PM) eyedeekay: All right thanks everybody for coming, I'll post the meeting in a few minutes

i2p2www/meetings/logs/317.rst

@@ -0,0 +1,12 @@
+I2P dev meeting, November 08, 2022 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+echelon,
+eyedeekay,
+zzz
+

i2p2www/meetings/logs/318.log

@@ -0,0 +1,83 @@
+(08:00:09 PM) eyedeekay: Hello everyone, welcome to the rescheduled dev meeting
+(08:00:09 PM) eyedeekay: 1. Hi 
+(08:00:09 PM) eyedeekay: 2. 2.0.0 Release Status, 2.0.0 Mac Release Status 
+(08:00:09 PM) eyedeekay: 3. 2.1.0 Development Status 
+(08:00:09 PM) eyedeekay: 4. Stickers for Translators
+(08:00:50 PM) zzz: hi
+(08:02:55 PM) eyedeekay: Doesn't seem like he's here? going to move along for now.
+(08:04:04 PM) eyedeekay: 2. 2.0.0 release status: *most* targets of 2.0.0 were released about 3 weeks ago now, including i2p.i2p, Android, Debian and Easy-Install Windows, with Easy-Install for Mac delayed by zlatinb's departure
+(08:04:04 PM) eyedeekay: Ech and I have been working on a plan to replace him in terms of maintenance, signing, and notarization of the OSX bundle, that is still expected for close to the end of this month
+(08:06:01 PM) eyedeekay: Everybody knows how to build everything, has a good idea of the signing requirements, the last remaining thing to do is notarization in practice, and we don't know everything we should expect here but I think we have a good idea
+(08:07:10 PM) eyedeekay: Android needed a point release due to a bug related to compatibility with a new API on newer devices, so Android users should make sure they've upgraded to 2.0.1
+(08:07:10 PM) eyedeekay: eot for me on 2, anything to add zzz
+(08:07:20 PM) zzz: lots
+(08:07:50 PM) uis is now known as Irc2PGuest69907
+(08:08:04 PM) zzz: I had to release a 2.0.0-2ubunutu1 debian/ubuntu build to fix an embarrassing but ultimately harmless bunch of stray symlinks in root
+(08:08:38 PM) zzz: root cause was a typo, deb lint didn't catch it, not sure what the post mortem lesson is other than be more careful, we're root on install...
+(08:09:12 PM) zzz: as far as the network, after 3 weeks, half of it has updated and is using ssu2
+(08:09:39 PM) zzz: exploratory build success has been trending straight down since the release
+(08:09:56 PM) zzz: we're concerned, and monitoring closely
+(08:10:47 PM) zzz: at this point we think it's some combination of ssu-to-ssu2 migration, ssu2 bugs on both our side and in i2pd, and a couple of routers that are spamming the network with tunnel builds
+(08:11:05 PM) zzz: i2pd is considering a mid-cycle january point release to get their fixes out
+(08:11:33 PM) zzz: for now I don't think that's necessary on our side but it's always an option should we choose to
+(08:12:18 PM) zzz: I think that's EOT but I'll have more info in a moment as a part of 3)
+(08:13:09 PM) eyedeekay: Thank you zzz
+(08:13:43 PM) eyedeekay: 3. 2.1.0 Development Status
+(08:17:12 PM) eyedeekay: We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
+(08:17:12 PM) eyedeekay: For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
+(08:18:43 PM) eyedeekay: That's what I'm working on, zzz would you like to continue with your information or 3)?
+(08:19:43 PM) dr|z3d: ... intermission ...
+(08:23:56 PM) anonymousmaybe is now known as Irc2PGuest40130
+(08:24:03 PM) eyedeekay: Welcome back
+(08:25:17 PM) eyedeekay: What was the last thing you got?
+(08:26:28 PM) zzz: back
+(08:26:28 PM) zzz: is it my turn yet? :)
+(08:26:28 PM) dr|z3d: you need to put on an apron and wheel the confectionery tray around the theater :)
+(08:26:28 PM) dr|z3d: did you go out to get us all ice cream? :)
+(08:26:28 PM) dr|z3d: recap:
+(08:26:28 PM) dr|z3d: <eyedeekay> We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
+(08:26:28 PM) dr|z3d: <eyedeekay> For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
+(08:26:28 PM) dr|z3d: <eyedeekay> That's what I'm working on, zzz would you like to continue with your information or 3)?
+(08:26:48 PM) zzz: thanks
+(08:27:04 PM) zzz: drz gave it to me
+(08:27:12 PM) zzz: ok, my turn!
+(08:27:33 PM) zzz: about a week and a half after the release, when a lot of the net had updated, I started chasing SSU2 problems
+(08:27:42 PM) zzz: and found a whole lot
+(08:27:56 PM) zzz: both ours and helped i2pd find some of theirs
+(08:27:58 PM) zzz: so it's been quite busy
+(08:28:14 PM) zzz: as a result, we're at almost 7000 lines of diff, more than the whole 2.0.0 release
+(08:28:38 PM) zzz: and whatever else I had planned for 2.1.0 I haven't gotten to yet, including promised peer selection improvements
+(08:29:50 PM) zzz: I plan to bump to -7 after the meeting
+(08:29:50 PM) zzz: while the "big changes in" deadline is early January, let's stay flexible, as we don't want a bunch of WIP in there if we're going to do a 2.0.1 release
+(08:29:59 PM) zzz: so let's try not to break things with "big changes" if possible. Big changes are fine, as long as they're isolated
+(08:30:40 PM) zzz: but things are going well and we're working closely with i2pd to track down and fix issues
+(08:31:02 PM) zzz: including one-in-a-million ones that are now popping up
+(08:31:16 PM) zzz: and one-in-a-zillion ones that dr|z3d is finding on his high speed routers
+(08:31:30 PM) zzz: that's it! EOT, any questions?
+(08:32:27 PM) eyedeekay: I'm slightly curious how often a "Million" of some things happens in in the real world but possibly a question for another time
+(08:33:17 PM) eyedeekay: Thanks zzz
+(08:34:12 PM) eyedeekay: It seems like once you get a whole bunch of routers doing a thing the odds of a rare event happening somewhere would go up very fast
+(08:35:11 PM) zzz: yeah. perhaps we should have been more cautious, and not go from 2% to 100% in one release. But we'll get through it
+(08:35:17 PM) uis is now known as Irc2PGuest38853
+(08:37:15 PM) eyedeekay: 4. Stickers for Translators
+(08:37:15 PM) eyedeekay: Only real news here is that I now have stickers for mailing, I've got a ton of them so if you're in the Americas then I am prepared to mail them
+(08:37:58 PM) zzz: would you please post something on my forum, saying who is eligible and how to request
+(08:38:17 PM) eyedeekay: Can do
+(08:38:29 PM) zzz: then I will copy paste over to transifex announcement
+(08:38:48 PM) zzz: what's the status of the euro side?
+(08:39:44 PM) eyedeekay: Don't know if he has his yet, will request an update from him tonight
+(08:40:07 PM) zzz: ok, guess I need to wait for that part of it before transifex
+(08:40:43 PM) zzz: please whack him with your baffer for making us reschedule and then not showing :)
+(08:41:07 PM) eyedeekay: Well it was my fault too but I'll make sure to let him know :)
+(08:41:32 PM) zzz: I mean yesterday to today. you're not off the hook for last week :)
+(08:42:41 PM) eyedeekay: That's all I've got for 4 and/or today, anything else for the meeting?
+(08:42:50 PM) zzz: nope
+(08:43:02 PM) zzz: are we on or off for Jan. 3?
+(08:44:26 PM) eyedeekay: All right then thanks zzz for coming, I was going to say "On" for Jan 3 but we could do the 10th instead since IIRC LS2 will be the 9th
+(08:45:01 PM) zzz: doesn't matter, your call
+(08:45:35 PM) eyedeekay: Let's have it on the 9th in January and return to first-Tuesday in February
+(08:45:52 PM) zzz: you mean 10th?
+(08:45:59 PM) eyedeekay: Yes the 10th
+(08:46:07 PM) zzz: ok
+(08:46:15 PM) zzz: meeting over?
+(08:46:25 PM) eyedeekay: Yes

i2p2www/meetings/logs/318.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, December 14, 2022 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz
+

i2p2www/meetings/logs/319.log

@@ -0,0 +1,47 @@
+(08:00:38 PM) eyedeekay: Welcome to the dev meeting, sorry again about about missing the time again yesterday
+(08:00:38 PM) eyedeekay: 1. Hi 
+(08:00:38 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status 
+(08:00:38 PM) eyedeekay: 3. 2.2.0 Development Status 
+(08:00:38 PM) eyedeekay: 4. Congestion Throttling 
+(08:00:38 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
+(08:00:46 PM) mode (-m ) by zzz
+(08:00:57 PM) eyedeekay: 1. Hi
+(08:01:00 PM) eyedeekay: Hi
+(08:01:04 PM) zzz: hi
+(08:01:29 PM) eyedeekay: tunnel_king are you here for 4 and 5?
+(08:02:10 PM) eyedeekay: OK we'll play those by ear for now then
+(08:02:21 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status
+(08:03:32 PM) eyedeekay: 2.1.0 release happened yesterday, zzz released the software and the torrent went live, the percentage of the network which has updated has gone up about 7% since then if I'm counting the time correctly(so double check)
+(08:04:07 PM) eyedeekay: I released Maven packages the same day, and will have Android updates out on all channels shortly after the end of this meeting
+(08:04:29 PM) eyedeekay: Easy-Install for Windows will follow on that, and Easy-Install for Mac will be after that
+(08:05:10 PM) eyedeekay: I believe that eche|on has given me the last clue I need to work out our notarization issue, we should know within a few days if that's true, which will correspond to a release
+(08:05:30 PM) eyedeekay: Anything to add on the topic zzz?
+(08:05:39 PM) zzz: just a little, thanks
+(08:06:10 PM) zzz: the i2pd release a week ago looks promising, but that makes looking at the effects of our release a little harder
+(08:06:22 PM) zzz: and i2pd plans a point release as early as today
+(08:06:56 PM) zzz: so we won't have great info on what our release is doing, but as long as stats keep getting better, that's the main thing
+(08:07:06 PM) zzz: far too early to say anything today, maybe in a week
+(08:07:08 PM) zzz: EOT
+(08:07:23 PM) eyedeekay: Thanks zzz
+(08:07:42 PM) eyedeekay: 3. 2.2.0 Development Status
+(08:08:52 PM) eyedeekay: I don't have a lot to say on this yet, most of my stuff has remained the same, but I believe we need to agree on a timeline for the release correct?
+(08:09:13 PM) zzz: yeah, obviously we haven't done anything on 2.2.0 yet
+(08:09:36 PM) zzz: I'd propose a standard 13 week cycle from here, unless we have any huge issues
+(08:09:43 PM) eyedeekay: Sounds good to me
+(08:09:46 PM) zzz: so that would be a release early April
+(08:10:12 PM) aeiou_ is now known as aeiou
+(08:10:14 PM) zzz: and put us firmly off our feb/may/aug/nov dates we've been on for several years, oh well
+(08:10:40 PM) zzz: but we really need some time to do everything we didn't get to in our last shortened cycle
+(08:10:48 PM) zzz: so let's pencil in 13 weeks
+(08:10:49 PM) zzz: EOT
+(08:11:22 PM) eyedeekay: Yeah, no argument here
+(08:11:34 PM) eyedeekay: Plan for early April
+(08:12:35 PM) eyedeekay: Anything else on 3?
+(08:12:48 PM) eyedeekay: 4. Congestion Throttling and 5. Hypothetical Traffic Management ( Flood of Tor Users) were both added by tunnel_king on zzz.i2p, but I don't see such a name in the room, if you're here under another name, last call
+(08:14:08 PM) eyedeekay: Anything else to discuss for the meeting?
+(08:15:15 PM) eyedeekay: All right thanks zzz for coming, I promise to set an alarm for the one next month
+(08:15:55 PM) zzz: no
+(08:16:37 PM) eyedeekay: no nothing else for the meeting or no don't stop the meeting?
+(08:16:38 PM) zzz: also I'd like to ask if eche|on is here and has anything to add on 2)
+(08:16:38 PM) zzz: nope, that's it, everybody please click your update button to get that 2.1.0 goodness
+(08:16:53 PM) zzz: nothing else, thanks

i2p2www/meetings/logs/319.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, January 10, 2023 @ 20:00 UTC
+=============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz
+

i2p2www/meetings/logs/320.log

@@ -0,0 +1,153 @@
+(08:01:07 PM) eyedeekay: Hi everybody, sorry I'm late, got disconnected right before the meeting
+(08:01:59 PM) eyedeekay: 1. Hi 
+(08:01:59 PM) eyedeekay: 2. 2.1.0 Status Report
+(08:01:59 PM) eyedeekay: 3. 2.2.0 Development Status 
+(08:01:59 PM) eyedeekay: 4. Congestion Throttling 
+(08:01:59 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
+(08:01:59 PM) eyedeekay: 6. Stickers for translators
+(08:01:59 PM) eyedeekay: zzz where do you want to do your report about the DOS? 2 or own topic?
+(08:02:45 PM) zzz: let's call it 3b)
+(08:02:46 PM) zzz: or 2b)
+(08:02:59 PM) eyedeekay: OK 2b then
+(08:03:00 PM) zzz: your choice
+(08:03:53 PM) eyedeekay: 1. Hi who all is here today besides me and zzz?
+(08:03:58 PM) zzz: hi
+(08:04:09 PM) not_bob: Here
+(08:04:18 PM) echelonMAC: here
+(08:04:18 PM) obscuratus: Hi
+(08:04:29 PM) eyedeekay: Great turnout, thanks everybody
+(08:04:30 PM) echelonMAC: on replacement system.
+(08:05:06 PM) eyedeekay: 2. 2.1.0 Status Report
+(08:05:15 PM) zzz: irc is laggier than usual so please allow a little extra time for responses
+(08:05:38 PM) eyedeekay: Thanks zzz I will keep that in mind
+(08:09:02 PM) eyedeekay: Where to even start... my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app
+(08:09:04 PM) eyedeekay: Android will get a point release on that account
+(08:10:00 PM) eyedeekay: The topic I'm sure is on everybody's mind right now is the network being under attack which has shifted everybody's attention
+(08:10:05 PM) eyedeekay: And that is topic 2b
+(08:10:59 PM) eyedeekay: Shoot I mixed up the topics, scratch that, that was supposed to go to 3. sorry, long week, lot going on
+(08:12:03 PM) eyedeekay: zzz would you do me a favor to take 2? I think I am ill-equipped to present on everything which is going on
+(08:12:28 PM) zzz: sure
+(08:12:29 PM) zzz: but before I do
+(08:12:56 PM) zzz: do you and echelonMAC have a 2.1.0 mac easy-install bundle progress report?
+(08:13:17 PM) eyedeekay: Oh yes I can do that
+(08:14:38 PM) eyedeekay: So, we've been closing in on issues, and right now echelonMAC and have different hypothesis on what's going on which we're both pursuing
+(08:14:38 PM) eyedeekay: My hypothesis is that this all stems from a stale workaround for a bug in Java 14
+(08:15:08 PM) eyedeekay: Where jpackage is supposed to sign the dylib files that are packed into a disk image(dmg) but which are in fact left unsigned
+(08:15:33 PM) echelonMAC: in short: eyedeekaym did redo the signing script, I can buiodl and sign, but still wrong signing for apple
+(08:15:55 PM) eyedeekay: zab worked around this by creating the .app directory and signing the stuff inside it then using jpackage only for the final packaging step
+(08:16:35 PM) eyedeekay: so when we upgraded Java's we started signing everything twice, and we no longer needed to do that signing step manually
+(08:16:47 PM) eyedeekay: echelonMAC correct me if I'm wrong but you think you have the wrong sort of keys?
+(08:17:10 PM) echelonMAC: maybe, maybe not, unsure about that
+(08:17:18 PM) echelonMAC: at least the logs showing this error
+(08:17:53 PM) zzz: my question was higher level, what's the ETA, is 2.1.0 still a target or has that been abandoned and you're hoping for 2.2.0, or what?
+(08:18:15 PM) echelonMAC: 2.1.0 is still the target, but currently no ETA
+(08:18:39 PM) echelonMAC: I can build nearly instant, but digging deeper is currently out of time...
+(08:18:48 PM) eyedeekay: I still want to cut a release of 2.1.0 as soon as we know we can pass notarization, IMO once we can pass it once we should be able to do it predictably
+(08:18:59 PM) zzz: eyedeekay more or less committed to early april 2.2.0 in his blog post, you're not endorsing that ETA echelonMAC ?
+(08:19:49 PM) echelonMAC: I am completely helpless and cant predict a ETA, as I do not full yunderstand signing and building yet.
+(08:20:12 PM) echelonMAC: more or less, I do follow scripts blindly, if idk can fix the signage, the notarization is a 5 min job.
+(08:20:24 PM) echelonMAC: IF the sign does work as appple expect it
+(08:20:26 PM) zzz: ok then I recommend an edit of the blog post eyedeekay, let's not promise things we can't deliver on
+(08:20:33 PM) eyedeekay: Will do
+(08:21:19 PM) zzz: ok thanks you ready for my part of 2) ?
+(08:21:41 PM) eyedeekay: Yes please
+(08:21:48 PM) zzz: great
+(08:22:00 PM) zzz: last meeting was one week after the release, now we're 4 weeks out
+(08:22:15 PM) zzz: my hope was that expl. build success would climb steadily
+(08:22:35 PM) zzz: from the low-20% to low-30%, and then "pop" out of congestion, back to low 40s
+(08:22:45 PM) zzz: only the first part happened
+(08:25:20 PM) zzz: and then we swung back and forth between low 20s and low 30s
+(08:26:56 PM) zzz: so, we have some theories, see 2b)
+(08:26:56 PM) zzz: but I'm happy with the performance of 2.1.0 otherwise
+(08:26:56 PM) zzz: not too many bug reports
+(08:26:56 PM) zzz: I'll give an overview of what we are fixing in 2b) and 3)
+(08:26:56 PM) zzz: about 50% of the network has updated to 2.1.0 or the i2pd equivalent
+(08:26:56 PM) zzz: everybody please update if you haven't
+(08:26:56 PM) zzz: that's all I have for 2a), but I'll pause for a minute for questions / comments before starting 2b)
+(08:28:33 PM) zzz: ok, 2b) current network conditions
+(08:28:33 PM) zzz: over the weekend started an unambiguous attack
+(08:28:33 PM) zzz: lots of floodfill routers
+(08:28:33 PM) zzz: for the most part, the network overall, and java routers, are handling it ok
+(08:28:33 PM) zzz: I do have one report of routers crashing with OOM (out of memory)
+(08:28:54 PM) zzz: I understand that i2pd routers are really struggling with very low tunnel build success rates
+(08:29:06 PM) not_bob: My fleet is up to date.
+(08:29:15 PM) zzz: the attack is starting / stopping / changing several times a day
+(08:29:37 PM) zzz: so we're only about 60 hours in to understanding it and discussing countermeasures
+(08:30:15 PM) zzz: remember the tunnel build problem (now much more likely to be classified as a different attack) started Dec. 19 and took us several weeks to understand and address
+(08:30:27 PM) zzz: so it's early days
+(08:30:36 PM) not_bob: I have one I2P+ router and it's done well to weather this.  But, my i2pd routers not so much.  I've seen as low as 3% tunnel build success.  I'm currently sitting around 10% on those routers.
+(08:31:17 PM) zzz: but this is a straightforward sybil / DHT attack, new to us but familiar to anybody doing peer-to-peer / DHT applications
+(08:31:53 PM) zzz: far too early to say if it will require a release ahead of schedule (for java i2p) or if so when
+(08:32:23 PM) zzz: EOT, I'll wait a couple minutes for discussion / comments / questions
+(08:33:24 PM) eyedeekay: Should people who wind up OOM increase the RAM available to their router?
+(08:36:18 PM) zzz: yeah, that's a straightforward mitigation
+(08:36:18 PM) zzz: stop your router, edit wrapper.config, restart
+(08:36:18 PM) zzz: I expect I'll have mitigations in dev builds in a few days
+(08:36:18 PM) dr|z3d: ideally you want your min heap at around 256M and your max ram at 2-3 times that.
+(08:36:18 PM) not_bob: I do not currently have any stock I2P routers running.
+(08:36:18 PM) zzz: I want to repeat what I said above that the attacks are evolving rapidly, and we want to take our time to address the overall issues
+(08:36:18 PM) zzz: not to focus too narrowly on the specifics
+(08:37:36 PM) zzz: back to you eyedeekay if there's nothing else on 2b)
+(08:38:06 PM) eyedeekay: thanks very much zzz. 3) 2.2.0 Development Status
+(08:39:51 PM) eyedeekay: As I mistakenly stated before, my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app, pretty basic stuff all things considered but all of which was due for improvement
+(08:39:57 PM) eyedeekay: or outright fixing
+(08:40:49 PM) eyedeekay: Examples being fixes for subscriptions and custom ports when building tunnels which got in several user's way after a large increase in users with 2.10
+(08:41:07 PM) dr|z3d: as an aside, and to shine some light on the size of the attack, we've got a user reporting ~30K banned routers. so it's non-trivial :)
+(08:41:07 PM) dr|z3d: (that'll be shiver, who's here)
+(08:42:36 PM) mark22k: I got 56005 banned peers.
+(08:42:58 PM) eyedeekay: Holy moley. I have 11027 and I thought that was a lot
+(08:43:08 PM) moristo: Is this the work of a nation state--the banned routers or any other noticable patten?
+(08:43:50 PM) moristo: Spectrum internet was off yesetrday in FL and Italy the day before.
+(08:43:54 PM) moristo: *yesterday.
+(08:43:55 PM) zzz: let's get back to 3) please and table further attack discussion until after the meeting
+(08:44:05 PM) echelonMAC: Banned Peers (57053)
+(08:44:22 PM) moristo: oh, is there a meeting in progress? My bad.
+(08:46:50 PM) zzz: eyedeekay, you still with us?
+(08:47:11 PM) eyedeekay: yeah I'm here
+(08:47:37 PM) zzz: you have more on 3) or is it my turn?
+(08:47:37 PM) eyedeekay: started a long one:
+(08:47:37 PM) eyedeekay: i2p.firefox(Easy-Install for Windows is also getting worked on, more of the work is being done by removal there, updates are getting simplified now that the old admin-style installs are all migrated to user-style installs
+(08:47:37 PM) eyedeekay: portable USB install support is on the horizon for 2.2.0
+(08:47:43 PM) eyedeekay: With updates
+(08:48:21 PM) eyedeekay: Other issues and user-complaints I'm addressing or deciding how to address are on that issue tracker
+(08:48:28 PM) eyedeekay: EOT for me
+(08:48:47 PM) zzz: ok you saw the NPE issue in i2p.i2p right?
+(08:49:10 PM) eyedeekay: Yes I did, hot on the trail
+(08:49:21 PM) zzz: ok holler if you need help ofc
+(08:49:24 PM) zzz: 3) for me:
+(08:49:47 PM) zzz: I finished the peer selection refactor I've been working on since september, finally
+(08:50:31 PM) zzz: I think I fixed the erroneous symmetric nat indications that were in 2.1.0, but need somebody with that problem to test and report
+(08:50:59 PM) zzz: got a cool new i2psnark search box
+(08:51:19 PM) zzz: almost done with "congestion caps" (proposal 162)
+(08:51:31 PM) echelonMAC: :-)
+(08:51:49 PM) zzz: and some more tweaks to refine our handling of tunnel build congestion
+(08:52:18 PM) zzz: late last week, I thought I was pretty much done with 2.2.0 and could relax for two months until the release
+(08:52:31 PM) zzz: so, unfortunately, now we have a lot more to do
+(08:52:48 PM) zzz: that's the way it goes sometimes
+(08:53:24 PM) not_bob: Thank you for that, a major quality of life improvement.
+(08:53:24 PM) zzz: EOT, I'll wait a minute for discussion, then back to you eyedeekay 
+(08:53:37 PM) zzz: haha not_bob you're welcome
+(08:55:00 PM) eyedeekay: Last call for 3?
+(08:55:20 PM) eyedeekay: 4. Congestion Throttling - I think this was a tunnel_king topic, is tunnel_king here?
+(08:55:42 PM) zzz: back to you eyedeekay 
+(08:57:39 PM) eyedeekay: 4. Congestion Throttling, 5. Hypothetical Traffic Management ( Flood of Tor Users) - both introduced by tunnel_king, last call for tunnel_king
+(08:59:01 PM) eyedeekay: OK last one, 6. Stickers for translators
+(08:59:01 PM) eyedeekay: Specifically rules for people receiving stickers outside of the Americas
+(08:59:58 PM) zzz: this was my topic, only because unresolved since last meeting
+(09:00:28 PM) zzz: echelonMAC you have an answer?
+(09:00:41 PM) echelonMAC: not en detail, but who wnats should receive a bunch of stickers if they sent their address
+(09:01:04 PM) echelonMAC: aka sned a announcement in transifex and send out after receive of address
+(09:01:19 PM) echelonMAC: but currently no new stickers arrivced here
+(09:01:35 PM) eyedeekay: Tracking says the 10th
+(09:01:55 PM) zzz: I'm awaiting echelonMAC to post the instructions on my forum, then I will copy/paste to transifex
+(09:02:17 PM) echelonMAC: ok
+(09:02:28 PM) zzz: that's where we've been for a month
+(09:02:42 PM) zzz: thanks
+(09:03:33 PM) eyedeekay: Anything else for 6 or for the meeting?
+(09:03:36 PM) zzz: EOT on 6) for me, back to you eyedeekay 
+(09:04:32 PM) zzz: one closing word for the meeting: zzz.i2p the best place for news and weather, I'll post there when I know more than I do now
+(09:04:32 PM) zzz: thanks
+(09:04:55 PM) eyedeekay: Thanks very much for that zzz, and thanks everybody for coming to the meeting
+(09:05:44 PM) eyedeekay: See you around IRC and same time next month
+(09:08:55 PM) zzz: thanks eyedeekay 
+(09:08:55 PM) zzz: got thru it without disconnects

i2p2www/meetings/logs/320.rst

@@ -0,0 +1,14 @@
+I2P dev meeting, February 07, 2023 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+not_bob,
+echelonMAC,
+obscuratus
+

i2p2www/pages/downloads/browser-content.html

@@ -3,6 +3,7 @@
 <h2>{{ _('Firefox Profile for Windows') }}</h2>
 <p>{% trans profile='/firefox' -%} If you are using Windows, the recommended way of accessing I2P is using the
     <a href='{{ profile }}'>Firefox profile</a>. {%- endtrans %}</p>
+<p><strong>{% trans -%} If you used the Easy-Install bundle, the Firefox profile is included and you can skip this page. {%- endtrans %}</strong></p>
 <p>{% trans -%} If you do not wish to use that profile or are not on Windows, you need to configure your browser yourself. Read below on how to that. {%- endtrans %}</p>
 
 <h2>{{ _('How to configure your browser') }}</h2>
@@ -22,7 +23,7 @@
 <p>{% trans %}It does pre-configuration of your browser by enabling some of the privacy Browser Settings like ResistFingerprinting, and enforces WebRTC proxy obedience. It also contains menus, shortcuts, and monitoring tools improving Firefox's integration
     with I2P. It should not substantially interfere with your non-I2P Firefox tabs. {% endtrans %}</p>
 <p>{% trans %}The extension, <a href="https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/">I2P in Private Browsing</a>, can be obtained from the Mozilla addon store. {% endtrans %}</p>
-<p>{% trans %}The source code for the extension is, <a href="https://i2pgit.org/idk/I2P-in-Private-Browsing-Mode-Firefox">i2pgit.org</a>. {% endtrans %}</p>
+<p>{% trans %}The source code for the extension is available at <a href="https://i2pgit.org/idk/I2P-in-Private-Browsing-Mode-Firefox">i2pgit.org</a>. {% endtrans %}</p>
 <h4>{% trans %}Instructions for Firefox 57 and above:{% endtrans %}</h4>
 <p>{% trans -%} From the Menu button in the top right, select <em>Preferences</em>. Scroll down until you see the <em>Network Proxy</em> section, as shown in the screenshot below. Click on <em>Settings</em> {%- endtrans %}</p>
 <img src="{{ url_for('static', filename='images/firefox57.preferences.png') }}" alt="{{ _('Firefox57 Network Options') }}" title="{{ _('Firefox57 Network Options') }}">
@@ -60,7 +61,7 @@ in IceRaven will proxy all your IceRaven browsing over I2P.</em>{% endtrans %}</
 <p>{% trans %}Open the IceRaven main menu, and scroll to the top until you see the "Add-Ons" submenu. Tap the "Add-Ons Manager" option in the "Add-Ons" submenu. Install the extension named <em>I2P Proxy for Android and other Systems</em>. {% endtrans %}</p>
 <p>{% trans %}Your IceRaven browser is now configured to use I2P. {% endtrans %}</p>
 <p>{% trans %}This extension also works in pre-Fenix(Pre-Firefox-68) Firefox based web browsers, if installed from the following addons.mozilla.org URL.
-    <em><a href="https://addons.mozilla.org/en-US/android/addon/i2p-proxy/">I2P Proxy for Android and Other Systems</a><em>
+    <em><a href="https://addons.mozilla.org/en-US/android/addon/i2p-proxy/">I2P Proxy for Android and Other Systems</a></em>
 {% endtrans %}</p>
 <p>{% trans %}This extension is identical to the Chromium extension and is built from the same source.{% endtrans %}</p>
 <p>{% trans %}In order to enable extension support in Firefox Nightly, you should follow
@@ -93,22 +94,17 @@ Instead, it is meant to be used as an internal network.
 {%- endtrans %}</p>
 <p>{% trans -%}
 <p><b>The I2P project itself does not run any proxies to the Internet.</b>
-The I2P software includes two outproxies: false.i2p and outproxy-tor.meeh.i2p.
-Even though domain names are different, it's the same outproxy you hit,
-multihomed/keyed for better performance. These are run by a volunteer. </p>
-<a href="http://privacysolutions.no"
-    target="_blank">http://privacysolutions.no</a>
+The I2P software includes a default outproxy: exit.stormycloud.i2p.
+These are run by a volunteer. </p>
+<a href="https://stormycloud.org"
+    target="_blank">https://stormycloud.org</a>
 {%- endtrans %}</p>
-<p>{% trans http='false.i2p', https='outproxy-tor.meeh.i2p' -%}
-By default, I2P comes with two outproxies configured: <code>{{ http }}</code>
-and <code>{{ https }}</code>. Even the domain names are different, it's the same outproxy you hit.
-(multi-homed/keyed for better performance)
+<p>{% trans http='exit.stormycloud.i2p', https='exit.stormycloud.i2p' -%}
+By default, I2P comes with one outproxy configured: <code>{{ http }}</code>.
 {%- endtrans %}</p>
 <p>{% trans -%}
-Filtering is active on these outproxies (for example, mibbit and torrent tracker
-access is blocked). I2P Sites that are accessible via .i2p addresses are also
+I2P Sites that are accessible via .i2p addresses are also
 not allowed via the outproxies.
-As a convenience, the outproxy blocks ad servers.
 {%- endtrans %}</p>
 <p>{% trans -%}
 <a href="https://www.torproject.org">Tor</a> provides a browser to use as an outproxy to the Internet.

i2p2www/pages/downloads/debian.html

@@ -111,11 +111,27 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
   | sudo tee /etc/apt/sources.list.d/i2p.list
     </code>
     </pre>
-    if you are using Debian Buster or older distributons, use the following command instead:
+    {% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
+    <pre>
+    <code>
+    # Use this command on Debian Downstreams like LMDE or ParrotOS only.
+  echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p2.de/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
+  | sudo tee /etc/apt/sources.list.d/i2p.list
+    </code>
+    </pre>
+    {% trans -%}If you are using Debian Buster or older official Debian distributons, use the following command instead:{%- endtrans %}
     <pre>
     <code>
     # Use this command on Debian Buster or older only.
   echo "deb https://deb.i2p2.de/ $(lsb_release -sc) main" \
+  | sudo tee /etc/apt/sources.list.d/i2p.list
+    </code>
+    </pre>
+    {% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
+    <pre>
+    <code>
+    # Use this command on Debian Buster or older only.
+  echo "deb https://deb.i2p2.de/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
   | sudo tee /etc/apt/sources.list.d/i2p.list
     </code>
     </pre>
@@ -150,7 +166,7 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
   <li>{% trans -%}Copy the keyring to the keyrings directory:{%- endtrans %}
     <pre>
     <code>
-  sudo cp ~/i2p-archive-keyring.gpg /usr/share/keyrings</code>
+  sudo cp i2p-archive-keyring.gpg /usr/share/keyrings</code>
     </pre>
     If you are using a distribution older than Debian Buster, you will also need
     to symlink that key to <code>/etc/apt/trusted.gpg.d</code>.

i2p2www/pages/downloads/easyinstall.html

@@ -13,6 +13,10 @@ elaborate install process. To learn more about the Firefox profile that
 comes bundled with this installer, visit <a href="{{ firefox }}">The Firefox
 Profile Page</a>.
 {%- endtrans %}</p>
+<p>{% trans -%}
+The latest I2P Easy-Install bundle for Windows has been released unsigned.
+Please verify that the hashes match the downloads when installing the bundle.
+{%- endtrans %}</p>
 <h2>{{ _('What do I need to use it?') }}</h2>
 <p><strong>{% trans -%}
 Just Firefox (Or Tor Browser).{%- endtrans %}</strong>
@@ -35,9 +39,9 @@ no need to refer to potentially unhelpful system-wide Windows settings. The I2P
 it uses is otherwise identical to the "regular" I2P.
 {%- endtrans %}</p>
 <h2>{{ _('How do I use it?') }}</h2>
-<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
+<p>{% trans firefox="https://www.mozilla.org/" -%}
 First, download and install <a href="{{ firefox }}">Firefox</a>, then,
-just download and install <a href="{{ postfilename }}">this installer</a>. To
+just download and install this installer(below). To
 start an installer, "double-click" the downloaded .exe file.
 {%- endtrans %}</p>
 <p>{% trans -%}
@@ -55,8 +59,8 @@ special configuration. You don't even need to close existing Firefox windows.
 
 {%- set name     = 'Windows' -%}
 {%- set icon     = 'images/download/windows.png' -%}
-{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
-{%- set hash     = '0012fd31a0bbfca36c820055de00682365d7955d53b11e79432fb2b2ea05432c' -%}
+{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
+{%- set hash     = 'be3b178b745720b16c8ccd6911d3c35143eb59da4be318198d84f35ec23e494c' -%}
 
 {% call package_outer('windows', name, icon) %}
     <div class = "file">
@@ -76,18 +80,20 @@ special configuration. You don't even need to close existing Firefox windows.
     {%- endtrans %}</p>
 {% endcall %}
 
+<!--
 {% trans signer='zlatinb',
 signingkey=url_for('static', filename='zlatinb.key.crt') -%}
 The files are signed by {{ signer }},
 <a href="{{ signingkey }}">whose key is here</a>.
 {%- endtrans %}
+-->
 
 <h2>{{ _('What is in it?') }}</h2>
 <p><strong>{% trans -%}
 A Jpackaged I2P Router: {%- endtrans %}</strong>
 {% trans -%}The I2P router is "jpackaged" which means that it includes all
 the required Java components it needs to run successfully. It does not require
-a separate Java installation, because it bundles a Java 16 Runtime which is only
+a separate Java installation, because it bundles a Java Runtime which is only
 used for I2P.
 {%- endtrans %}</p>
 <p><strong>{% trans -%}
@@ -106,6 +112,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
 {%- endtrans %}</div>
 <div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
 <div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
+<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
+<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
 <div>{% trans -%}
 If you wish to file an issue about the Firefox profile, please use Gitlab to
 contact us. For security-sensitive issues, please remember to check the

i2p2www/pages/downloads/firefox.html

@@ -14,6 +14,10 @@ time it installs the browser profile. This page has been kept to document the
 motivations and design of the included Firefox profile. To learn more about the
 new bundle, visit <a href="{{ nsis }}">The Easy Install Bundle Page</a>.
 {%- endtrans %}</p>
+<p>{% trans -%}
+The latest I2P Easy-Install bundle for Windows has been released unsigned.
+Please verify that the hashes match the downloads when installing the bundle.
+{%- endtrans %}</p>
 <h2>{{ _('I2P Firefox Browser Profile') }}</h2>
 <p>{% trans -%}
 Now that you have joined the I2P network, you will want to see I2P Sites and and 
@@ -32,16 +36,16 @@ some browser features, this also reduces the attack surface available to outside
 This keeps you safer while browsing the Invisible Web.
 {%- endtrans %}</p>
 <h2>{{ _('How do I use it?') }}</h2>
-<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
+<p>{% trans firefox="https://www.mozilla.org/" -%}
 First, download and install <a href="{{ firefox }}">Firefox</a>, then,
-just download and install <a href="{{ postfilename }}">this installer</a>. To
+just download and install this installer(below). To
 start an installer, "double-click" the downloaded .exe file.
 {%- endtrans %}</p>
 
 {%- set name     = 'Windows' -%}
 {%- set icon     = 'images/download/windows.png' -%}
-{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
-{%- set hash     = 'eadb338a5895f73e6ed4985a9f7dfdac722f74c9bcdd0bd35957e7dcd5759a3a' -%}
+{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
+{%- set hash     = '862de2f2e05cfc46c2f612656b93dd9c94b6bc7a034912d732dd0ade2ad477f6' -%}
 
 {% call package_outer('windows', name, icon) %}
     <div class = "file">
@@ -61,12 +65,6 @@ start an installer, "double-click" the downloaded .exe file.
     {%- endtrans %}</p>
 {% endcall %}
 
-{% trans signer='zlatinb',
-signingkey=url_for('static', filename='zlatinb.key.crt') -%}
-The files are signed by {{ signer }},
-<a href="{{ signingkey }}">whose key is here</a>.
-{%- endtrans %}
-
 <h2>{{ _('What is in it?') }}</h2>
 <p><strong>{% trans -%}
 A Jpackaged I2P Router: {%- endtrans %}</strong>
@@ -91,6 +89,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
 {%- endtrans %}</div>
 <div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
 <div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
+<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
+<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
 <div>{% trans -%}
 If you wish to file an issue about the Firefox profile, please use Gitlab to
 contact us. For security-sensitive issues, please remember to check the

i2p2www/pages/downloads/list.html

@@ -119,10 +119,14 @@ If you would like to try the latest experimental I2P projects, visit the <a href
 
 </div>
 
-{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%} The files are signed by {{ signer }},
-<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%} The Windows installer is signed by {{ signer }},
-<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%} The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
-<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %}
+{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%}The files are signed by {{ signer }},
+<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
+<!--
+{% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%}The Windows installer is signed by {{ signer }},
+<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
+{% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%}The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
+<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
+-->
 
 <h3 id="update">{{ _('Updates from earlier releases:') }}</h3>
 

i2p2www/pages/downloads/mac.html

@@ -3,17 +3,12 @@
 {% block title %}Mac OS X Easy Install Bundle{% endblock %}
 {% block content %}
 
-<h1>{{ _('Mac OS X Easy Install Bundle') }}</h1>
+<h1>{{ _('Mac OS Easy Install Bundle') }}</h1>
 <p>{% trans -%}
-We are excited to offer you a DMG-based bundle for Mac OS X.  It installs and behaves
-the same way many other Mac OS X applications do and does not require a Java
+We are excited to offer you a DMG-based bundle for Mac OS.  It installs and behaves
+the same way many other Mac OS applications do and does not require a Java
 Runtime Environment to be available.
 {%- endtrans %}</p>
-<p>{% trans perf="https://i2pgit.org/i2p-hackers/i2p-jpackage-mac/-/issues/1" -%}
-This bundle is built for <code>x86_64(Intel)</code> Macs. It will run on
-<code>ARM(M1)</code> Macs in emulated mode, but the performance is unknown. M1 Mac
-users should report results to us at the <a href="{{ perf }}">Gitlab Repository</a>.
-{%- endtrans %}</p>
 <h2>{{ _('How do I use it?') }}</h2>
 <p>{% trans -%}
 Double-Click on the .dmg file, which you may download from this page. When a
@@ -43,11 +38,21 @@ that are familiar and built-into the operating system.
 {%- set name     = 'OSX' -%}
 {%- set icon     = 'images/download/mac-osx.png' -%}
 {%- set filename = 'I2P-%s.dmg' -%}
-{%- set hash     = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' -%}
+{%- set filename_arm64 = 'I2P-arm64-%s.dmg' -%}
+{%- set hash     = '4bd75d633d497cc25cd256ec7cfcddec2a25d87ad118d0c125c788623d23a98e' -%}
+{%- set hash_arm64 = '773bcf127a2e1c0eafee944753a772426c1f7b5c6a8fb3f4d0b7e87bdcfc840b' -%}
+
+<p><b>Important Note:</b>
+The 2.1.0 Mac OSX Easy Install Bundle release is delayed.
+Please install the 1.9.0 release below.
+You will be notified in the router console when the 2.1.0 update is available.
+Thank you for your patience.
+</p>
 
 {% call package_outer('osx', name, icon) %}
     <div class = "file">
 	    <a class = "default" href="{{ url_for('downloads_redirect', version=mver(), net=def_mirror.net, protocol=def_mirror.protocol, domain=def_mirror.domain, file=mver(filename) )}}">
+                    <span class = "name">Intel (x86-64)</span><br/>
 		    <span class = "name">{{ mver(filename) }}</span><br/>
 		    <span class="mirror">{{ _('Mirror:') }} <img src="{{ url_for('static', filename='images/flags/'+def_mirror.country+'.png') }}" /> {{ def_mirror.org }}</span>
 	    </a>
@@ -58,12 +63,44 @@ that are familiar and built-into the operating system.
 		    <code>{{ hash }}</code>
 	    </div>
     </div>
-    <p>{% trans -%}
-Download that file and double-click on it.  Accept the License Agreement, then
+{% endcall %}
+
+{% call package_outer('osx', name, icon) %}
+    <div class = "file">
+	    <a class = "default" href="{{ url_for('downloads_redirect', version=mver(), net=def_mirror.net, protocol=def_mirror.protocol, domain=def_mirror.domain, file=mver(filename_arm64) )}}">
+                    <span class = "name">Apple Silicon (arm64)</span><br/>
+		    <span class = "name">{{ mver(filename_arm64) }}</span><br/>
+		    <span class="mirror">{{ _('Mirror:') }} <img src="{{ url_for('static', filename='images/flags/'+def_mirror.country+'.png') }}" /> {{ def_mirror.org }}</span>
+	    </a>
+	    <a class="mirrors" href="{{ get_url('downloads_select', version=mver(), file=mver(filename_arm64)) }}">{{ _('select alternate mirror') }}</a>
+    </div>
+    <div class="meta">
+	    <div class="hash">
+		    <code>{{ hash_arm64 }}</code>
+	    </div>
+    </div>
+{% endcall %}
+
+<h2>{{ _('Instructions') }}</h2>
+<p>{% trans -%}
+Download the appropriate file for your Mac hardware and double-click on it.  Accept the License Agreement, then
 drag the <code>I2P</code> icon on top of the <code>Applications</code> icon.
 Launch I2P from Finder.
-    {%- endtrans %}</p>
-{% endcall %}
+{%- endtrans %}</p>
+
+<h3>{{ _('Apple Silicon Notes') }}</h3>
+<p>{% trans -%}
+If you own an Apple silicon Mac and have previously installed the Intel bundle on it you need to change the update configuration to make sure the next I2P update does not revert your bundle to Intel.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+Go to the "Configure Update" page, usually located at:
+{%- endtrans %}</p> 
+<code>http://127.0.0.1:7657/configupdate</code>
+<p>{% trans -%}
+Then copy-paste the following in the "News URL" field:
+{%- endtrans %}</p> 
+<code>http://tc73n4kivdroccekirco7rhgxdg5f3cjvbaapabupeyzrqwv5guq.b32.i2p/mac-arm64/stable/news.su3</code>
 
 <h2>{{ _('Limitations') }}</h2>
 <p>{% trans -%}

i2p2www/pages/downloads/macos.html

@@ -0,0 +1,183 @@
+{% extends "global/layout.html" %}
+{% block title %}Apple MacOS{% endblock %}
+{% block accuratefor %}0.9.47{% endblock %}
+{% block content %}
+<h1>{{ _('Separately Installing I2P and its dependencies on MacOS(The Long Way)') }}</h1>
+
+<p><strong>{% trans -%}
+    This is the long way of installing I2P for MacOS, using the IzPack based installer and a separate Java Virtual Machine installed on the host.
+    If you're new to I2P, you may want to try the Easy installer, which requires fewer total steps and automatically configures a JVM and I2P and sets up a Firefox Profile in a single step.
+    {%- endtrans %}</strong></p>
+
+<p><strong><a href="/en/download/mac">{% trans -%}Follow this link to the Easy installer{%- endtrans %}</a></strong><p>
+
+<p>{% trans -%}
+    This is a detailed, step-by-step guide to installing and configuring I2P, including all dependencies and setting up a browser, on a new MacOS system.
+    Many users will be able to skip steps if they already have Java 8 or Firefox installed.{%- endtrans %}</p>
+
+<h2>{{ _('So what are we going to do here?') }}</h2>
+
+<p>{% trans -%}We're going to finish four tasks. We are going to:{%- endtrans %}</p>
+
+<ol>
+<li><a href="#part-one-install-java">{% trans -%}Install Java{%- endtrans %}</a></li>
+<li><a href="#part-two-install-i2p">{% trans -%}Install I2P{%- endtrans %}</a></li>
+<li><a href="#part-three-configure-i2p-app">{% trans -%}Configure I2P App{%- endtrans %}</a></li>
+<li><a href="#part-four-configure-i2p-bandwidth">{% trans -%}Configure I2P Bandwidth{%- endtrans %}</a></li>
+</ol>
+
+<h3 id="part-one-install-java">{{ _('Part One: Install Java') }}</h3>
+
+<p>{% trans -%}
+    In order to use I2P, you will need a suitable Java environment.
+    This guide uses Oracle's Java 8 implementation.
+    Please install it by following the instructions below:
+{%- endtrans %}</p>
+
+<p>{% trans -%}If you already have Java installed, you may{%- endtrans %} <a href="#part-two-install-i2p">Skip This Step</a></p>
+
+<ol>
+<li>{% trans -%}Begin by downloading Java, for example, {%- endtrans %} <a href="https://java.com/en/download/">using this version from Oracle</a>.
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
+<li><img src="/_static/images/macos/1-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
+</ul></li>
+<li>{% trans -%}Double-click the installer you just downloaded and allow the installer permission to proceed.{%- endtrans %}:
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-jre.png" alt="Give the installer permission to proceed" title="" /></li>
+</ul></li>
+<li>{% trans -%}Accept the License terms.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/3-jre.png" alt="Start installing Java" title="" /></li>
+</ul></li>
+<li>{% trans -%}Java will show you some information about what it is and where it runs while you wait for it to finish installing.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/4-jre.png" alt="Wait for the installer" title="" /></li>
+</ul></li>
+<li>{% trans -%}When Java is done installing, it will look like this.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/5-jre.png" alt="Step one complete" title="" /></li>
+</ul></li>
+</ol>
+
+<h3 id="part-two-install-i2p">{{ _('Part Two: Download and Install I2P from a .jar file') }}</h3>
+
+<ol>
+<li>{% trans -%}Download I2P for Unix from{%- endtrans %} <a href="https://geti2p.net/en/download#unix">https://geti2p.net</a>.
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-i2p.png" alt="Download I2P" title="" /></li>
+<li><img src="/_static/images/macos/1-i2p.png" alt="Select your Language" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Because I2P is being installed from a .jar file, it cannot be signed by an Apple certificate.
+    You will need to allow it special permission to install.
+    Even though the installer is unsigned, the updates are signed end-to-end by I2P.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-i2p.png" alt="Introduction" title="" /></li>
+<li><img src="/_static/images/macos/3-i2p.png" alt="Exception" title="" /></li>
+<li><img src="/_static/images/macos/4-i2p.png" alt="Profit" title="" /></li>
+</ul></li>
+<li>{% trans -%}Select a language you are familiar with.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/5-i2p.png" alt="Select Components" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Now the installer is ready to start.
+    Click next to advance.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/6-i2p.png" alt="Start installing" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Accept the license.
+    I2P is Free Software, mostly in the public domain with limited use of GPL2, Creative Commons, and other Free and Open-Source Licenses.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/7-i2p.png" alt="Accept the License Agreement(or mostly lack thereof)" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Install the I2P router and base config.
+    It is recommended that you keep the install directory the default.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/8-i2p.png" alt="Install the files" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    I2P is now installed!
+    The remaining installer pages explain some aspects of running I2P on OSX.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/9-i2p.png" alt="Finish it up" title="" /></li>
+<li><img src="/_static/images/macos/10-i2p.png" alt="Finish it up" title="" /></li>
+<li><img src="/_static/images/macos/11-i2p.png" alt="Finish it up" title="" /></li>
+</ul></li>
+</ol>
+
+<h3 id="part-three-configure-i2p-app">{{ _('Part Three: Configure I2P App') }}</h3>
+
+<ol>
+<li>{% trans -%}
+    For convenience, you may want to create a shortcut to launch the I2P router.
+    Find the "i2p" directory in the "Applications" directory using Finder.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-conf.png" alt="Open the Applications dir" title="" /></li>
+</ul></li>
+<li>{% trans -%}Open the folder and find the Start Router Icon shown.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/1-conf.png" alt="Find the launcher" title="" /></li>
+</ul></li>
+<li>{% trans -%}Click the icon to start the I2P router - it will show up in your dock as shown and you can choose too keep it there.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-conf.png" alt="Add it to the launch bar" title="" /></li>
+</ul></li>
+</ol>
+
+<h3 id="part-four-configure-i2p-bandwidth">{{ _('Part Four: Configure I2P Bandwidth') }}</h3>
+
+<ol>
+<li>{% trans -%}
+    When you visit the I2P router console for the first time, it will automatically direct you to the configuration wizard.
+    Start by selecting a language for the I2P interface.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
+</ul></li>
+<li>{% trans -%}Next, pick either a dark or light theme.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/1-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    The next step is the bandwidth test.
+    The bandwidth test takes a minute to run completely.
+    During the bandwidth test, we'll need to connect to the external M-Lab Service, which makes a direct connection to a remote server(Operated by Measurement Lab) to measure your internet speed.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-wiz.png" alt="Run the bandwidth test" title="" /></li>
+<li><img src="/_static/images/macos/3-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Confirm the bandwidth measurement and adjust your share percentage.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/4-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
+</ul></li>
+<li>{% trans -%}Confirm your bandwidth settings and adjust how much of your bandwidth you wish to share.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/5-wiz.png" alt="Run the bandwidth test" title="" /></li>
+</ul></li>
+<li>{% trans -%}You're finished! I2P is now configured.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/6-wiz.png" alt="Run the bandwidth test" title="" /></li>
+</ul></li>
+</ol>
+
+<p>{% trans -%}If you want to re-run the welcome wizard after completing it, you can visit the page
+on{%- endtrans %} <a href="http://localhost:7657/welcome">your router console</a>.</p>
+
+<p>{% trans -%}That's it! You're now ready to use I2P. You can browse I2P Sites, download files, host services,
+e-mail and chat anonymously. Visit the <a href="https://localhost:7657/home">router console homepage</a> to
+get started.{%- endtrans %}</p>
+
+{% endblock %}

i2p2www/pages/downloads/macros

@@ -1,16 +1,16 @@
-{% set i2pinstall_windows_hash = '738b7608d7f2c6433dcde8a1cbd7ea025d281e90b45c8695385004625a4c88d1' %}
-{% set i2pinstall_jar_hash     = 'ee49cad06fd73e75ed25eaab342f8167e447b901205ee8593a31b5a599d892af' %}
-{% set i2psource_hash          = '525f2ad3267f130b81296b3dd24102fdcf2adf098d54272da4e1be4abd87df04' %}
-{% set i2pupdate_hash          = '3379fe757eecbf20688ee37685fe52f15ac04fd59e891c6a059a33d519c4ff19' %}
-{% set i2p_android_hash        = '0e6196e601b99455d03bca190f6df10d68ef1337f023edcad9ec8953362795a7' %}
+{% set i2pinstall_windows_hash = 'ab7efbcc5288d6df9161347277f5d5bad8a5601f70fa12c77ab518e0c0314537' %}
+{% set i2pinstall_jar_hash     = '008b38611865b2ccc9aa81cfe737ff6758babb7fd30b20bcb9f90026e466f514' %}
+{% set i2psource_hash          = 'e4ba06a6e2935a17990f057a72b8d79e452a2556a6cefe5012d5dd63466feebf' %}
+{% set i2pupdate_hash          = '4364bd0ea6d9cc35328629c3cd177d41843d0a160a5fd59d65527cf8487497a0' %}
+{% set i2p_android_hash        = '126cc7569bf22f3fe4c629cc6e3098669eddd8dad3332ec11c89ec8689e966ad' %}
 {% set i2p_macnative_hash      = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' %}
 
 {% set i2p_windows_subver = '' %}
-{% set i2p_macosx_launcher_version = '1.8.0' %}
+{% set i2p_macosx_launcher_version = '1.9.0' %}
 
-{% set i2p_android_version = '1.8.0' %}
+{% set i2p_android_version = '2.1.0' %}
 {% set i2p_android_version_kytv = '0.9.22' %}
-{% set i2p_android_version_fdroid = '0.9.50' %}
+{% set i2p_android_version_fdroid = '2.0.1' %}
 
 
 {% macro package_outer(type, name, icon) -%}

i2p2www/pages/downloads/mirrors

@@ -1,9 +1,9 @@
 {"net": "clearnet", "protocol": "https", "domain": "files.i2p-projekt.de", "path": "/%(version)s/%(file)s", "org": "i2p-projekt", "country": "de"}
+{"net": "clearnet", "protocol": "https", "domain": "download.i2p2.no", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
 {"net": "clearnet", "protocol": "https", "domain": "download.i2p2.de", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
 #{"net": "clearnet", "protocol": "https", "domain": "launchpad.net", "path": "/i2p/trunk/%(version)s/+download/%(file)s", "org": "Launchpad", "org_url": "https://launchpad.net", "country": "us"}
 {"net": "i2p", "protocol": "http", "domain": "mgp6yzdxeoqds3wucnbhfrdgpjjyqbiqjdwcfezpul3or7bzm4ga.b32.i2p", "path": "/%(version)s/%(file)s", "org": "idk.i2p"}
 {"net": "clearnet", "protocol": "http", "domain": "download.i2p2.de", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
-{"net": "clearnet", "protocol": "http", "domain": "download.i2p2.no", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
 {"net": "clearnet", "protocol": "https", "domain": "eyedeekay.github.io", "path": "/files/releases/%(version)s/%(file)s", "org": "idk.i2p"}
 #{"net": "clearnet", "protocol": "https", "domain": "dl.dropboxusercontent.com", "path": "/u/18621288/I2P/%(version)s/%(file)s", "org": "Dropbox", "country": "us"}
 #{"net": "clearnet", "protocol": "https", "domain": "googledrive.com", "path": "/host/0B4jHEq5G7_EPWV9UeERwdGplZXc/%(version)s/%(file)s", "org": "Google Drive", "country": "us"}

i2p2www/pages/downloads/windows.html

@@ -131,7 +131,11 @@ and configure Firefox for I2P.{%- endtrans %} </p>
 <h4>{{ _('Install the I2P Firefox Profile') }}</h4>
 
 <ol>
-<li>{% trans -%}Download the Firefox Profile Bundle from the I2P Web Site.{%- endtrans %}
+<li>{% trans -%}
+    Download the Firefox Profile Bundle from the I2P Web Site.
+    The I2P Firefox Profile has been replaced by the Easy Install Bundle for Windows.
+    The Easy-Installl can still be used as a profile manager for an Un-Bundled I2P router installed via this procedure.
+    {%- endtrans %}
 <ul style="list-style-type: none;">
 <li><img src="/_static/images/download/windows/profile.png" alt="Grab the Firefox Profile" title="" /></li>
 </ul></li>

i2p2www/pages/global/nav.html

@@ -132,7 +132,9 @@
                 <ul>
                   <li><a href="{{ site_url('docs/transport') }}"><div class="menuitem"><span>{{ _('Transport layer overview') }}</span></div></a></li>
                   <li><a href="{{ site_url('docs/transport/ntcp') }}"><div class="menuitem"><span>NTCP</span></div></a></li>
+                  <li><a href="/spec/ntcp2"><div class="menuitem"><span>NTCP2</span></div></a></li>
                   <li><a href="{{ site_url('docs/transport/ssu') }}"><div class="menuitem"><span>SSU</span></div></a></li>
+                  <li><a href="/spec/proposals/159-ssu2"><div class="menuitem"><span>SSU2(Proposal 159)</span></div></a></li>
                 </ul>
               </li>
               <li class="has-sub"><div class="menuitem"><span>{{ _('Tunnels') }}</span></div>

i2p2www/pages/papers/anonbib.bib

@@ -32,6 +32,22 @@
 # Proposed new sections: application privacy, data anonymization, ...
 #
 
+@article {qu2020,
+  author = {QU Yun-xuan and WANG Yi-jun and XUE Zhi},
+  title = {Analysis and Identification of I2P Anonymous Communication Traffic Characteristics},
+  journal={Communications Technology},
+  year = {2020},
+  month = {January},
+  volume={53},
+  number = {1},
+  pages={161--167},
+  doi={10.3969/j.issn.1002-0802.2020.01.028},
+  url = {http://stats.i2p/docs/AII2PACTC-eng.docx},
+  www_pdf_url = {http://stats.i2p/docs/I2P%20%E5%8C%BF%E5%90%8D%E9%80%9A%E4%BF%A1%E6%B5%81%E9%87%8F%E7%89%B9%E5%BE%81%E5%88%86%E6%9E%90%E4%B8%8E%E8%AF%86%E5%88%AB-min.pdf},
+  keywords={anonymous communication; I2P; traffic identification; statistical feature analysis},
+  www_section = traffic,
+}
+
 @inproceedings {239068,
   author = {Nguyen Phong Hoang and Sadie Doreen and Michalis Polychronakis},
   title = {Measuring I2P Censorship at a Global Scale},

i2p2www/pages/site/about/intro.html

@@ -1,50 +1,86 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('Intro') }}{% endblock %}
 {% block content %}
-<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>      
-<h2>What is I2P?</h2>
-<p>{% trans %}The Invisible Internet Project (I2P) is a fully encrypted private network layer that has been developed with privacy and security by design in order to provide protection for your activity,
-location and your identity.  The software ships with a router that connects you to the network and applications for sharing, communicating and building. {%- endtrans %}</p>
+<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>
 
-<h3>{% trans -%}I2P Cares About Privacy{%- endtrans %}</h3>
+<p>{% trans %}
+  The Invisible Internet Project began in 2002.
+  The vision for the project, as described in an interview with Lance James was for the I2P Network "to deliver full anonymity, privacy, and security at the highest level possible. Decentralized and peer to peer Internet means no more worrying about your ISP controlling your traffic. This will allow (people) to do seamless activities and change the way we look at security and even the Internet, utilizing public key cryptography, IP steganography, and message authentication. The Internet that should have been, will be soon."
+  Since then I2P has evolved to specify and implement a complete suite of network protocols capable of delivering a high level of privacy, security, and authentication to a variety of applications.
+{%- endtrans %}</p>
 
-<p>{% trans %}I2P hides the server from the user and the user from the server. All I2P traffic is internal to the I2P network. Traffic inside I2P does not interact with the Internet directly. It is a layer on top of the Internet. It uses encrypted unidirectional tunnels between you and your peers. No one can see where traffic is coming from, where it is going, or what the contents are. Additionally I2P offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.
-{%- endtrans %}</p> 
+<h3>{% trans -%}The I2P network{%- endtrans %}</h3>
+
+<p>{% trans %}
+  The I2P network is a fully encrypted peer-to-peer overlay network.
+  An observer cannot see a message's contents, source, or destination.
+  No one can see where traffic is coming from, where it is going, or what the contents are.
+  Additionally I2P transports offer resistance to recognition and blocking by censors.
+  Because the network relies on peers to route traffic, location-based blocking is a challenge that grows with the network.
+  Every router in the network participates in making the network anonymous.
+  Except in cases where it would be unsafe, everyone participates in sending and receiving network traffic.
+{%- endtrans %}</p>
 
 <h3>{% trans -%}How to Connect to the I2P Network{%- endtrans %}</h3>
 
-<p>{% trans %}The Invisible Internet Project provides software to download that connects you to the network. In addition to the network privacy benefits, I2P provides an application layer that allows people to use and create familiar apps for daily use. I2P provides its own unique DNS so that you can self host or mirror content on the network. You can create and own your own platform that you can add to the I2P directory or only invite your friends. The I2P network functions the same way the Internet does. When you download the I2P software, it includes everything you need to connect, share, and create privately.{%- endtrans %}</p>
+<p>{% trans %}
+  The core software (Java) includes a router that introduces and maintains a connection with the network.
+  It also provides applications and configuration options to personalize your experience and workflow.
+{%- endtrans %}</p>
+
+<h3>{% trans -%}What Can I Do On The I2P Network?{%- endtrans %}</h3>
+
+<p>{% trans %}
+  The network provides an application layer for services, applications, and network managment.
+  The network also has its own unique DNS that allows self hosting and mirroring of content from the Internet (Clearnet).
+  The I2P network functions the same way the Internet does.
+  The Java software includes a BitTorrent client, and email as well as a static website template.
+  Other applications can easily be added to your router console.
+{%- endtrans %}</p>
 
 <h3>{% trans -%}An Overview of the Network{%- endtrans %}</h3>
 
-<p>{% trans %}I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports. I2P tunnels use transports, NTCP2 and SSU, to hide the nature of the traffic being transported over it. Connections are encrypted from router-to-router, and from client-to-client(end-to-end). Forward-secrecy is provided for all connections. Because I2P is cryptographically addressed, I2P addresses are self-authenticating and only belong to the user who generated them.
+<p>{% trans %}
+  I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports.
+  I2P tunnels use transports, NTCP2 and SSU2, to conceal the traffic being transported over it.
+  Connections are encrypted from router-to-router, and from client-to-client(end-to-end).
+  Forward-secrecy is provided for all connections.
+  Because I2P is cryptographically addressed, I2P network addresses are self-authenticating and only belong to the user who generated them.
 {%- endtrans %}</p>
 
-<p>{% trans %}I2P is a secure and traffic protecting Internet-like layer. The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP, etc), passing messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
+<p>{% trans %}
+  The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels.
+  Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP), passing messages.
+  Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages.
+  These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network.
+  I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
 {%- endtrans %}</p>
 
-<h3>{% trans -%}About Decentralization and I2P{%- endtrans %}</h3>
+<h3>{% trans -%}About Decentralization and the I2P Network{%- endtrans %}</h3>
 
-<p>{% trans %}The I2P network is almost completely decentralized, with exception to what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.{%- endtrans %}</p>
+<p>{% trans %}
+  The I2P network is almost completely decentralized, with exception to what are called Reseed Servers.
+  This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem.
+  Basically, there is not a good and reliable way to get out of running at least one permanent bootstrap node that non-network participants can find to get started.
+  Once connected to the network, a router only discovers peers by building "exploratory" tunnels, but to make the initial connection, a reseed host is required to create connections and onboard a new router to the network.
+  Reseed servers can observe when a new router has downloaded a reseed from them, but nothing else about traffic on the I2P network.
+{%- endtrans %}</p>
 
-<h3>{% trans -%}I see IP addresses of all other I2P nodes in the router console. Does that mean my IP address is visible by others?{%- endtrans %}</h3>
+<h3>{% trans -%}The I2P Network Does Not Exit Traffic{%- endtrans %}</h3>
 
-<p>{% trans %}Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.{%- endtrans %}
-
-<h3>{% trans -%}What I2P Does Not Do{%- endtrans %}</h3>
-
-<p>{% trans %}The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.{%- endtrans %}</p>
+<p>{% trans %}
+  Outproxies to the Internet are run by volunteers, and are centralized services.
+  The privacy benefits from participating in the the I2P network come from remaining in the network and not accessing the internet.
+  Tor Browser or a trusted VPN are better options for browsing the Internet privately.
+{%- endtrans %}</p>
 
 <h3>{% trans -%}Comparisons{%- endtrans %}</h3>
 
 <p>{% trans -%}
-There are a great many other applications and projects working on anonymous 
-communication and I2P has been inspired by much of their efforts.  This is not 
-a comprehensive list of anonymity resources - both freehaven's 
-<a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a>
-and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a>
-serve that purpose well.  That said, a few systems stand out for further
-comparison. The following have individual comparison pages:
+  There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts.
+  This is not a comprehensive list of anonymity resources - both freehaven's <a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a> and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a> serve that purpose well.
+  That said, a few systems stand out for further comparison.
+  The following have individual comparison pages:
 {%- endtrans %}</p>
 
 <ul>

i2p2www/pages/site/about/team.html

@@ -403,7 +403,7 @@ network.
 	<td valign="top" colspan="2">{% trans %}&hellip; and many others{% endtrans %}</td>
 </tr>
 <tr>
-	<td><a href="site_url(about/hall-of-fame)">Hall of Fame!</a></td>
+	<td>{% trans famehall=site_url('about/hall-of-fame') -%}<a href="{{ famehall }}">Hall of Fame!</a>{%- endtrans %}</td>
 </tr>
 </table>
 {% endblock %}

i2p2www/pages/site/contact.html

@@ -33,7 +33,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 <ul>
   <li><a href="https://mastodon.social/@i2p">Mastodon - https://mastodon.social/@i2p</a></li>
   <li><a href="https://twitter.com/GetI2P">Twitter - https://twitter.com/GetI2P</a></li>
-  <li><a href="https://old.reddit.com/i2p">Reddit - https://old.reddit.com/i2p</a></li>
+  <li><a href="https://old.reddit.com/r/i2p">Reddit - https://old.reddit.com/r/i2p</a></li>
 </ul>
 {%- endtrans %}</p>
 
@@ -107,7 +107,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Download mirrors admin') }}</b></td>
-	<td valign="top">idk, Meeh</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('manage the mirrors for the download files') }}</i></td>
 </tr>
 <tr>
@@ -132,7 +132,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Packager; OSX') }}</b></td>
-	<td valign="top">Meeh</td>
+	<td valign="top">zlatinb</td>
 	<td valign="top"><i>{{ _('OSX installer packager') }}</i></td>
 </tr>
 <tr>
@@ -170,11 +170,6 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('Manage the project bug tracker') }}</i></td>
 </tr>
-<tr>
-	<td valign="top"><b><a href="https://trac.i2p2.de/">Trac</a>backup webserver admin</b></td>
-	<td valign="top">Meeh</td>
-	<td valign="top"><i>{{ _('manage the public project webservers') }}</i></td>
-</tr>
 <tr>
     <td valign="top"><b>{{ _('Translation admins') }}</b></td>
 	<td valign="top">eche|on, zzz, idk, Sadie</td>
@@ -222,7 +217,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
 	<td valign="top"><b>Google Play admin</b></td>
-	<td valign="top">idk, meeh</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i></i></td>
 </tr>
 <tr>
@@ -232,7 +227,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
 	<td valign="top"><b>Outproxy admin</b></td>
-	<td valign="top">Meeh</td>
+	<td valign="top">StormyCloud</td>
 	<td valign="top"><i></i></td>
 </tr>
 <tr>

i2p2www/pages/site/docs/api/bob.html

@@ -1,20 +1,27 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('BOB - Basic Open Bridge') }}{% endblock %}
-{% block lastupdated %}2020-08{% endblock %}
+{% block lastupdated %}2022-06{% endblock %}
 {% block content %}
 <h2>Warning - Deprecated</h2>
 <p>Not for use by new applications.
 BOB supports the DSA-SHA1 signature type only.
 BOB will not be extended to support new signature types or other advanced features.
 New applications should use <a href="{{ site_url('docs/api/samv3') }}">SAM V3</a>.
+</p><p>
+BOB is not supported in Java I2P new installs as of release 1.7.0 (2022-02).
+It will still work in Java I2P originally installed as version 1.6.1 or earlier,
+even after updates, but it is unsupported and may break at any time.
+BOB is still supported by i2pd as of 2022-06, but applications
+should still migrate to SAMv3 for the reasons above.
 </p>
 
-<p>{% trans -%}
+<p>
 At this point, most of the good ideas from BOB have been incorporated into
-SAMv3, which has more features and more real-world use. BOB still works, but it
+SAMv3, which has more features and more real-world use. BOB may still work
+on some installations (see above), but it
 is not gaining the advanced features available to SAMv3 and is essentially
-unsupported at this time.
-{%- endtrans %}</p>
+unsupported, except by i2pd.
+</p>
 
 <h2>Language libraries for the BOB API</h2>
 <ul>

i2p2www/pages/site/docs/api/i2pcontrol.html

@@ -81,7 +81,7 @@ Parameters are only provided in a named way (maps).
 		<li>Token &ndash; [String] {% trans %}Token used for authenticating the client. Is provided by the server via the 'Authenticate' RPC method.{% endtrans %}</li>
 	</ul>
 	<ul>{{ _('Response:') }}
-		<li>Result &ndash; [double] {% trans %}Returns the average value for the reuested rateStat and period.{% endtrans %}</li>
+		<li>Result &ndash; [double] {% trans %}Returns the average value for the requested rateStat and period.{% endtrans %}</li>
 	</ul>
 </ul>
 <ul>I2PControl &ndash; {% trans %}Manages I2PControl. Ports, passwords and the like.{% endtrans %}

i2p2www/pages/site/docs/api/i2ptunnel.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}I2PTunnel{% endblock %}
-{% block lastupdated %}January 2016{% endblock %}
-{% block accuratefor %}0.9.24{% endblock %}
+{% block lastupdated %}2022-10{% endblock %}
+{% block accuratefor %}0.9.56{% endblock %}
 {% block content %}
 
 <h2 id="overview">{% trans %}Overview{% endtrans %}</h2>
@@ -35,10 +35,9 @@ A HTTP proxy used for browsing I2P and the regular internet anonymously through
 Browsing internet through I2P uses a random proxy specified by the "Outproxies:" option.
 {%- endtrans %}</li>
 <li><b>Irc2P</b> - <i>localhost:6668</i> - {% trans %}An IRC tunnel to the default anonymous IRC network, Irc2P.{% endtrans %}</li>
-<li><b>mtn.i2p2.i2p</b> - <i>localhost:8998</i> - {% trans monotone='http://en.wikipedia.org/wiki/Monotone_%28software%29' -%}
-The anonymous <a href="{{ monotone }}">monotone</a>
-sourcecode repository for I2P
-{%- endtrans %}</li>
+<li><b>gitssh.idk.i2p</b> - <i>localhost:7670</i> -
+SSH access to the project Git repository
+</li>
 <li><b>smtp.postman.i2p</b> - <i>localhost:7659</i> - {% trans postman=i2pconv('hq.postman.i2p') -%}
 A SMTP service provided by postman at <a href="http://{{ postman }}/?page_id=16">{{ postman }}</a>
 {%- endtrans %}</li>
@@ -64,15 +63,58 @@ A HTTP-client tunnel. The tunnel connects to the destination specified by the UR
 in a HTTP request. Supports proxying onto internet if an outproxy is provided. Strips HTTP connections of the following headers:
 {%- endtrans %}</p>
 <ul>
-<li>{% trans -%}
-<b>Accept, Accept-Charset, Accept-Language
- and Accept-Ranges</b> as they vary greatly between browsers and can be used as an identifier.
-{%- endtrans %}</li>
+<li>
+<b>Accept*:</b> (not including "Accept" and "Accept-Encoding") as they vary greatly between browsers and can be used as an identifier.
+</li>
 <li><b>Referer:</b></li>
 <li><b>Via:</b></li>
 <li><b>From:</b></li>
 </ul>
 
+<p>
+The HTTP client proxy provides a number of services to protect the user
+and to provide a better user experience.
+</p>
+
+<ul><li>Request header processing:
+<ul><li>Strip privacy-problematic headers
+<li>Routing to local or remote outproxy
+<li>Outproxy selection, caching, and reachability tracking
+<li>Hostname to destination lookups
+<li>Host header replacement to b32
+<li>Add header to indicate support for transparent decompression
+<li>Force connection: close
+<li>RFC-compliant proxy support
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Optional digest and basic username/password authentication
+<li>Optional outproxy digest and basic username/password authentication
+<li>Buffering of all headers before passing through for efficiency
+<li>Jump server links
+<li>Jump response processing and forms (address helper)
+<li>Blinded b32 processing and credential forms
+<li>Supports standard HTTP and HTTPS (CONNECT) requests
+</ul>
+
+<li>Response header processing:
+<ul><li>Check for whether to decompress response
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>HTTP error responses:
+<ul><li>For many common and not-so-common errors, so the user knows what happened
+<li>Over 20 unique translated, styled, and formatted error pages for various errors
+<li>Internal web server to serve forms, CSS, images, and errors
+</ul>
+
+<li>Transparent response decompression:
+<ul><li>If the server-side HTTP proxy compressed the response,
+the HTTP client proxy transparently decompresses it.
+</ul>
+</ul>
+
+
 <p>
 The i2ptunnel compression is requested with the HTTP header:
 </p>
@@ -91,7 +133,7 @@ The response indicating i2ptunnel compression contains the following HTTP header
 Depending on if the tunnel is using an outproxy or not it will append the following User-Agent: 
 {%- endtrans %}</p>
 <ul>
-<li><i>{% trans %}Outproxy:{% endtrans %} </i><b>User-Agent:</b> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6</li>
+<li><i>{% trans %}Outproxy:{% endtrans %} </i><b>User-Agent:</b> Uses the user agent from a recent Firefox release on Windows</li>
 <li><i>{% trans %}Internal I2P use:{% endtrans %} </i><b>User-Agent:</b> MYOB/6.66 (AN/ON)</li>
 </ul>
 </p>
@@ -101,8 +143,8 @@ Depending on if the tunnel is using an outproxy or not it will append the follow
 Creates a connection to a random IRC server specified by the comma seprated (", ") 
 list of destinations. Only a whitelisted subset of IRC commands are allowed due to anonymity concerns.
 {%- endtrans %}
-The following whitelist is for commands inbound from the IRC server to the IRC client.
-<br>{% trans %}Whitelist:{% endtrans %}</p>
+The following allow list is for commands inbound from the IRC server to the IRC client.
+<br>Allow list:</p>
 <ul>
 <li>AUTHENTICATE</li>
 <li>CAP</li>
@@ -121,7 +163,7 @@ The following whitelist is for commands inbound from the IRC server to the IRC c
 </ul>
 
 <p>
-There is also a whitelist is for commands outbound from the IRC client to the IRC server.
+There is also an allow list is for commands outbound from the IRC client to the IRC server.
 It is quite large due to the number of IRC administrative commands.
 See the IRCFilter.java source for details.
 The outbound filter also modifies the following commands to strip identifying information:
@@ -173,7 +215,51 @@ Creates a destination to a local HTTP server ip:port. Supports gzip for requests
 Accept-encoding: x-i2p-gzip, replies with Content-encoding: x-i2p-gzip in such a request.
 {%- endtrans %}</p>
 
+<p>
+The HTTP server proxy provides a number of services to make hosting a website easier and more secure,
+and to provide a better user experience on the client side.
+</p>
+
+<ul><li>Request header processing:
+<ul><li>Header validation
+<li>Header spoof protection
+<li>Header size checks
+<li>Optional inproxy and user-agent rejection
+<li>Add X-I2P headers so the webserver knows where the request came from
+<li>Host header replacement to make webserver vhosts easier
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>DDoS protection:
+<ul><li>POST throttling
+<li>Timeouts and slowloris protection
+<li>Additional throttling happens in streaming for all tunnel types
+</ul>
+
+<li>Response header processing:
+<ul><li>Stripping of some privacy-problematic headers
+<li>Mime type and other headers check for whether to compress response
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>HTTP error responses:
+<ul><li>For many common and not-so-common errors and on throttling, so the client-side user knows what happened
+</ul>
+
+<li>Transparent response compression:
+<ul><li>The web server and/or the I2CP layer may compress, but the web server often does not,
+and it's most efficient to compress at a high layer, even if I2CP also compresses.
+The HTTP server proxy works cooperatively with the client-side proxy to transparently compress responses.
+</ul>
+</ul>
+
+
 <h3 id="server-mode-http-bidir">HTTP Bidirectional</h3>
+<p><i>Deprecated</i></p>
 <p>{% trans -%}
 Functions as both a I2PTunnel HTTP Server, and a I2PTunnel HTTP client with no outproxying
 capabilities. An example application would be a web application that does client-type

i2p2www/pages/site/docs/api/samv3.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}SAM V3{% endblock %}
-{% block lastupdated %}2022-06{% endblock %}
-{% block accuratefor %}1.8.0{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block accuratefor %}API 0.9.57{% endblock %}
 {% block content %}
 <p>SAM is a simple client protocol for interacting with I2P.
 SAM is the recommended protocol for non-Java applications to connect to the I2P network,
@@ -12,6 +12,7 @@ Java applications should use the streaming or I2CP APIs directly.
 was introduced in I2P release 0.7.3 (May 2009) and is a stable and supported interface.
 3.1 is also stable and supports the signature type option, which is strongly recommended.
 More recent 3.x versions support advanced features.
+Note that i2pd does not currently support most 3.2 and 3.3 features.
 </p><p>
 Alternatives:
 <a href="socks">SOCKS</a>,
@@ -24,6 +25,11 @@ Deprecated versions:
 </p>
 
 <h2>Known SAM libraries</h2>
+<p>
+Warning: Some of these may be very old or unsupported.
+None are tested, reviewed, or maintained by the I2P project unless noted below.
+Do your own research.
+</p>
 <table class="unwrapped-table">
 <colgroup>
 <col style="width: 8%" />
@@ -73,7 +79,7 @@ Deprecated versions:
 <td>yes</td>
 <td><a href="https://bitbucket.org/eyedeekay/sam3">bitbucket.org/eyedeekay/sam3</a></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>txi2p</td>
 <td>Python</td>
 <td>3.1</td>
@@ -82,7 +88,7 @@ Deprecated versions:
 <td>no</td>
 <td><a href="https://github.com/str4d/txi2p">github.com/str4d/txi2p</a></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>i2p.socket</td>
 <td>Python</td>
 <td>3.2</td>
@@ -91,16 +97,34 @@ Deprecated versions:
 <td>yes</td>
 <td><a href="https://github.com/majestrate/i2p.socket">github.com/majestrate/i2p.socket</a></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>i2plib</td>
 <td>Python</td>
 <td>3.1</td>
 <td>yes</td>
-<td>yes</td>
-<td>yes</td>
+<td>no</td>
+<td>no</td>
 <td><a href="https://github.com/l-n-s/i2plib">github.com/l-n-s/i2plib</a></td>
 </tr>
 <tr class="odd">
+<td>i2plib-fork</td>
+<td>Python</td>
+<td>3.1</td>
+<td>yes</td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://codeberg.org/weko/i2plib-fork">codeberg.org/weko/i2plib-fork</a></td>
+</tr>
+<tr class="even">
+<td>Py2p</td>
+<td>Python</td>
+<td>3.3</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td><a href="https://i2pgit.org/robin/Py2p">i2pgit.org/robin/Py2p</a></td>
+</tr>
+<tr class="odd">
 <td>i2p-rs</td>
 <td>Rust</td>
 <td>3.1</td>
@@ -143,7 +167,7 @@ Deprecated versions:
 <td>yes</td>
 <td>no</td>
 <td>yes</td>
-<td><a href="https://codeberg.org/diva.exchange/i2p-sam">https://codeberg.org/diva.exchange/i2p-sam</a></td>
+<td><a href="https://codeberg.org/diva.exchange/i2p-sam">codeberg.org/diva.exchange/i2p-sam</a></td>
 </tr>
 <tr class="even">
 <td>node-i2p</td>
@@ -164,6 +188,15 @@ Deprecated versions:
 <td><a href="https://github.com/eyedeekay/Jsam">github.com/eyedeekay/Jsam</a></td>
 </tr>
 <tr class="even">
+<td>I2PSharp</td>
+<td>.Net</td>
+<td>3.3</td>
+<td>yes</td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://github.com/MohA39/I2PSharp">github.com/MohA39/I2PSharp</a></td>
+</tr>
+<tr class="odd">
 <td>i2pdotnet</td>
 <td>.Net</td>
 <td>3.0</td>
@@ -172,7 +205,7 @@ Deprecated versions:
 <td>unk</td>
 <td><a href="https://github.com/SamuelFisher/i2pdotnet">github.com/SamuelFisher/i2pdotnet</a></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>i2p.rb</td>
 <td>Ruby</td>
 <td>3.0</td>
@@ -181,7 +214,7 @@ Deprecated versions:
 <td>no</td>
 <td><a href="https://github.com/dryruby/i2p.rb">github.com/dryruby/i2p.rb</a></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>solitude</td>
 <td>Rust</td>
 <td>3.1</td>
@@ -190,7 +223,7 @@ Deprecated versions:
 <td>WIP</td>
 <td><a href="https://github.com/syvita/solitude">github.com/syvita/solitude</a></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>i2pSAM-Qt</td>
 <td>C++</td>
 <td>3.1</td>
@@ -199,6 +232,15 @@ Deprecated versions:
 <td>yes</td>
 <td><a href="https://notabug.org/acetone/i2pSAM-Qt">notabug.org/acetone/i2pSAM-Qt</a></td>
 </tr>
+<tr class="odd">
+<td>bitcoin</td>
+<td>C++</td>
+<td>3.1</td>
+<td>yes</td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://github.com/bitcoin/bitcoin/blob/master/src/i2p.cpp">source (not a library, but good reference code)</a></td>
+</tr>
 </tbody>
 </table>
 
@@ -217,6 +259,43 @@ To implement a basic TCP-only, peer-to-peer application, the client must support
 
 
 
+<h2>General Guidance for Developers</h2>
+<p>
+SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
+Most applications will only need one session, created at startup and closed on exit.
+I2P is different from Tor, where circuits may be rapidly created and discarded.
+Think carefully and consult with I2P developers before designing your application
+to use more than one or two simultaneous sessions, or to rapidly create and discard them.
+Most threat models will not require a unique session for every connection.
+</p><p>
+Also, please ensure your application settings
+(and guidance to users about router settings, or router defaults if you bundle a router)
+will result in your users contributing more resources to the network than they consume.
+I2P is a peer-to-peer network, and the network cannot survive if a popular application
+drives the network into permanent congestion.
+</p><p>
+The Java I2P and i2pd router implementations are independent and have minor differences
+in behavior, feature support, and defaults.
+Please test your application with the latest version of both routers.
+</p><p>
+i2pd SAM is enabled by default; Java I2P SAM is not.
+Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
+and/or provide a good error message to the user if the initial connect fails,
+e.g. "ensure that I2P is running and the SAM interface is enabled".
+</p><p>
+The Java I2P and i2pd routers have different defaults for tunnel quantities.
+The Java default is 2 and the i2pd default is 5.
+For most low- to medium-bandwidth and low- to medium-connection counts,
+2 or 3 is sufficient.
+Please specify the tunnel quantity in the SESSION CREATE message
+to get consistent performance with the Java I2P and i2pd routers.
+See below.
+</p><p>
+For more guidance to developers on ensuring your application uses only the resources it needs, please see
+<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
+</p>
+
+
 
 
 <h2>Version 3 Changes</h2>
@@ -239,9 +318,10 @@ can forward back I2P datagrams to the client's datagram server.
 
 <h3>Version 3.1 Changes</h3>
 <p>
-Version 3.1 was introduced in I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
+Version 3.1 was introduced in Java I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
 minimum SAM implementation because of its support for better signature types
 than SAM 3.0.
+i2pd also supports most 3.1 features.
 <ul>
 <li>DEST GENERATE and SESSION CREATE now support a SIGNATURE_TYPE parameter.
 <li>The MIN and MAX parameters in HELLO VERSION are now optional.
@@ -252,7 +332,8 @@ than SAM 3.0.
 
 <h3>Version 3.2 Changes</h3>
 <p>
-Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
+Version 3.2 was introduced in Java I2P release 0.9.24 (January 2016).
+Note that i2pd does not currently support most 3.2 features.
 </p>
 
 <h4>I2CP Port and Protocol Support</h4>
@@ -300,7 +381,8 @@ Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
 
 <h3>Version 3.3 Changes</h3>
 <p>
-Version 3.3 was introduced in I2P release 0.9.25 (March 2016).
+Version 3.3 was introduced in Java I2P release 0.9.25 (March 2016).
+Note that i2pd does not currently support most 3.3 features.
 <ul>
 <li>The same session may be used for streams, datagrams, and raw simultaneously.
     Incoming packets and streams will be routed based on I2P protocol and to-port.
@@ -377,7 +459,7 @@ COMMAND without a SUBCOMMAND is supported for some new commands in SAM 3.2 only.
 </p><p>
 Key=value pairs must be separated by
 a single space. (As of SAM 3.2, multiple spaces are allowed)
-Values may be enclosed in double quotes if they contain spaces,
+Values must be enclosed in double quotes if they contain spaces,
 e.g. key="long value text".
 (Prior to SAM 3.2, this did not work reliably in some implementations)
 </p><p>
@@ -433,7 +515,7 @@ If the SAM bridge cannot find a suitable version, it replies with:
 </pre>
 If some error occurred, such as a bad request format, it replies with:
 <pre>
-&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
+&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 </p>
 
@@ -462,13 +544,13 @@ Clients should promptly send the HELLO and the next command after connecting.
 </p><p>
 If a timeout occurs before the HELLO is received, the bridge replies with:
 <pre>
-&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
+&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 and then disconnects.
 </p><p>
 If a timeout occurs after the HELLO is received but before the next command, the bridge replies with:
 <pre>
-&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
+&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 and then disconnects.
 </p>
@@ -503,6 +585,9 @@ and the session terminates when the socket is disconnected.
 </p><p>
 Each registered I2P Destination is uniquely associated with a session ID
 (or nickname).
+Session IDs, including subsession IDs for PRIMARY sessions, must be globally unique
+on the SAM server. To prevent possible ID collisions with other clients,
+best practice is for the client to generate IDs randomly.
 
 </p><p>
 Each session is uniquely associated with:
@@ -530,6 +615,8 @@ received through other forms are answered with an error message) :
           [TO_PORT=nnn]                        # SAM 3.2 or higher only, default 0
           [PROTOCOL=nnn]                       # SAM 3.2 or higher only, for STYLE=RAW only, default 18
           [HEADER={true,false}]                # SAM 3.2 or higher only, for STYLE=RAW only, default false
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, DATAGRAM/RAW only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, DATAGRAM/RAW only, default 7655
           [option=value]*                      # I2CP and streaming options
 </pre>
 
@@ -543,6 +630,9 @@ optionally followed by the <a href="{{ site_url('docs/spec/common-structures') }
 which is 663 or more bytes in binary and 884 or more bytes in base 64,
 depending on signature type.
 The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
+See additional notes about the
+<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
+in the Destination Key Generation section below.
 
 </p><p>
 If the signing private key is all zeros, the
@@ -570,7 +660,8 @@ As of version 3.1 (I2P 0.9.14), if the destination is TRANSIENT, an optional par
 SIGNATURE_TYPE is supported. The SIGNATURE_TYPE value may be any name
 (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
 supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
-The default is DSA_SHA1.
+The default is DSA_SHA1, which is NOT what you want.
+For most applications, please specify SIGNATURE_TYPE=7.
 
 </p><p>
 $nickname is the choice of the client. No whitespace is allowed.
@@ -578,7 +669,17 @@ $nickname is the choice of the client. No whitespace is allowed.
 </p><p>
 Additional options given are passed to the I2P session
 configuration if not interpreted by the SAM bridge (e.g.
-outbound.length=0). These options <a href="#options">are documented below</a>.
+outbound.length=0).
+</p><p>
+The Java I2P and i2pd routers have different defaults for tunnel quantities.
+The Java default is 2 and the i2pd default is 5.
+For most low- to medium-bandwidth and low- to medium-connection counts,
+2 or 3 is sufficient.
+Please specify the tunnel quantities in the SESSION CREATE message
+to get consistent performance with the Java I2P and i2pd routers,
+using the options e.g. inbound.length=3 outbound.length=3.
+These and other options <a href="#options">are documented in the links below</a>.
+</p><p>
 
 </p><p>
 The SAM bridge itself should already be configured with what router
@@ -634,18 +735,25 @@ If the destination is not a valid private destination key:
 </p><p>
 If some other error has occurred:
 <pre>
-&lt;-  SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
+&lt;-  SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 
 </p><p>
 If it's not OK, the MESSAGE should contain human-readable information
 as to why the session could not be created.
 
+</p><p>
+Note that the router builds tunnels before responding with SESSION STATUS.
+This could take several seconds, or, at router startup or during severe network congestion,
+a minute or more.
+If unsuccessful, the router will not respond with a failure message for several minutes.
+Do not set a short timeout waiting for the response.
+Do not abandon the session while tunnel build is in progress and retry.
 
 </p><p>
 SAM sessions live and die with the socket they are associated with.
 When the socket is closed, the session dies, and all communications
-using the session die at the same time. And the other way round, when
+using the session die at the same time. And the other way around, when
 the session dies for any reason, the SAM bridge closes the socket.
 </p>
 
@@ -740,6 +848,11 @@ peer. If the connection was not possible (timeout, etc),
 RESULT will contain the appropriate error value (accompanied by an
 optional human-readable MESSAGE), and the SAM bridge closes the
 socket.
+
+</p><p>
+The router stream connect timeout internally is approximately one minute, implementation-dependent.
+Do not set a shorter timeout waiting for the response.
+
 </p>
 
 <h3>SAM Virtual Streams : ACCEPT</h3>
@@ -981,7 +1094,7 @@ Reliability is inversely proportional to message size, perhaps even exponentiall
 
 </p><p>
 After establishing a SAM session with STYLE=DATAGRAM or STYLE=RAW, the client can
-send repliable or raw datagrams through SAM's UDP port (7655).
+send repliable or raw datagrams through SAM's UDP port (7655 by default).
 
 </p><p>
 The first line of a datagram sent through this port must be in the
@@ -1088,6 +1201,8 @@ CREATE command with PORT and HOST options:
           [FROM_PORT=nnn]                      # SAM 3.2 or higher only, default 0
           [TO_PORT=nnn]                        # SAM 3.2 or higher only, default 0
           [PROTOCOL=nnn]                       # SAM 3.2 or higher only, for STYLE=RAW only, default 18
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, default 7655
           [option=value]*                      # I2CP options
 </pre>
 
@@ -1304,6 +1419,8 @@ for DHT communication.
           STYLE=PRIMARY                        # prior to 0.9.47, use STYLE=MASTER
           ID=$nickname
           DESTINATION={$privkey,TRANSIENT}
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, default 7655
           [option=value]*                      # I2CP and streaming options
 </pre>
 
@@ -1348,6 +1465,8 @@ Using the same control socket on which the PRIMARY session was created:
           [LISTEN_PROTOCOL=nnn]                # For inbound traffic for STYLE=RAW only.
                                                # Default is the PROTOCOL value; 6 (streaming) is disallowed
           [HEADER={true,false}]                # For STYLE=RAW only, default false
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, DATAGRAM/RAW only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, DATAGRAM/RAW only, default 7655
           [option=value]*                      # I2CP and streaming options
 </pre>
 
@@ -1434,7 +1553,7 @@ which is answered by
         RESULT=$result
         NAME=$name
         [VALUE=$destination]
-        [MESSAGE=$message]
+        [MESSAGE="$message"]
 </pre>
 
 
@@ -1490,7 +1609,8 @@ which is answered by
 As of version 3.1 (I2P 0.9.14), an optional parameter SIGNATURE_TYPE is supported.
 The SIGNATURE_TYPE value may be any name (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
 that is supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
-The default is DSA_SHA1.
+The default is DSA_SHA1, which is NOT what you want.
+For most applications, please specify SIGNATURE_TYPE=7.
 
 </p><p>
 The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
@@ -1505,6 +1625,22 @@ which is 884 or more base 64 characters (663 or more bytes in binary),
 depending on signature type.
 The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
 
+</p><p>
+Notes about the 256-byte binary
+<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>:
+This field has been unused since version 0.6 (2005).
+SAM implementations may send random data or all zeros in this field;
+do not be alarmed about a string of AAAA in the base 64.
+Most applications will simply store the base 64 string and return it as-is in the SESSION CREATE, or
+decode to binary for storage, then encode again for SESSION CREATE.
+Applications may, however, decode the base 64, parse the binary following
+the PrivateKeyFile specification, discard the 256-byte private key portion,
+and then replace it with 256 bytes of random data or all zeros when re-encoding it for the SESSION CREATE.
+ALL other fields in the PrivateKeyFile specification must be preserved.
+This would save 256 bytes of file system storage but is probably not worth the trouble for most applications.
+See proposal 161 for addtional information and background.
+
+
 </p><p>
 DEST GENERATE does not require that a session has been created first.
 </p>
@@ -1530,7 +1666,7 @@ Either side may close the session and socket if no response is received in a rea
 </p><p>
 If a timeout occurs waiting for a PONG from the client, the bridge may send:
 <pre>
-&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
+&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 and then disconnect.
 </p><p>
@@ -1611,11 +1747,11 @@ their meaning:
 
 <h3 id="options">Tunnel, I2CP, and Streaming Options</h3>
 <p>
-These options may be passed in as name=value pairs at the end of a
+These options may be passed in as name=value pairs in the
 SAM SESSION CREATE line.
 
 </p><p>
-All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths</a>.
+All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths and quantities</a>.
 STREAM sessions may include <a href="{{ site_url('docs/api/streaming') }}#options">Streaming library options</a>.
 </p><p>
 See those references for option names and defaults.
@@ -1640,11 +1776,13 @@ The default SAM port is 7656. SAM is not enabled by default in the Java I2P Rout
 it must be started manually, or configured to start automatically,
 on the configure clients page in the router console, or in the clients.config file.
 The default SAM UDP port is 7655, listening on 127.0.0.1.
-These may be changed by adding the arguments sam.udp.port=nnnnn and/or
-sam.udp.host=w.x.y.z to the invocation.
+These may be changed in the Java router by adding the arguments sam.udp.port=nnnnn and/or
+sam.udp.host=w.x.y.z to the invocation, or on the SESSION line.
 
 </p><p>
 Configuration in other routers is implementation-specific.
+See <a href="https://i2pd.readthedocs.io/en/latest/user-guide/configuration/">the i2pd configuration guide here</a>.
+
 
 </p>
 {% endblock %}

i2p2www/pages/site/docs/applications/bittorrent.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Bittorrent over I2P{% endtrans %}{% endblock %}
-{% block lastupdated %}2022-01{% endblock %}
-{% block accuratefor %}0.9.52{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block accuratefor %}0.9.57{% endblock %}
 {% block content %}
 
 <p>{% trans -%}
@@ -23,6 +23,60 @@ We welcome additional ports of client and tracker software to I2P.
 
 
 
+<h2>General Guidance for Developers</h2>
+<p>
+Most non-Java bittorrent clients will connect to I2P via <a href="{{ site_url('docs/api/samv3') }}">SAMv3</a>.
+SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
+Most bittorrent clients will only need one session, created at startup and closed on exit.
+I2P is different from Tor, where circuits may be rapidly created and discarded.
+Think carefully and consult with I2P developers before designing your application
+to use more than one or two simultaneous sessions, or to rapidly create and discard them.
+Bittorrent clients must not create a unique session for every connection.
+Design your client to use the same session for announces and client connections.
+</p><p>
+Also, please ensure your client settings
+(and guidance to users about router settings, or router defaults if you bundle a router)
+will result in your users contributing more resources to the network than they consume.
+I2P is a peer-to-peer network, and the network cannot survive if a popular application
+drives the network into permanent congestion.
+</p><p>
+Do not provide support for bittorrent through an I2P outproxy to the clearnet
+as it will probably be blocked. Consult with outproxy operators for guidance.
+</p><p>
+The Java I2P and i2pd router implementations are independent and have minor differences
+in behavior, feature support, and defaults.
+Please test your application with the latest version of both routers.
+</p><p>
+i2pd SAM is enabled by default; Java I2P SAM is not.
+Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
+and/or provide a good error message to the user if the initial connect fails,
+e.g. "ensure that I2P is running and the SAM interface is enabled".
+</p><p>
+The Java I2P and i2pd routers have different defaults for tunnel quantities.
+The Java default is 2 and the i2pd default is 5.
+For most low- to medium-bandwidth and low- to medium-connection counts, 3 is sufficient.
+Please specify the tunnel quantity in the SESSION CREATE message
+to get consistent performance with the Java I2P and i2pd routers.
+</p><p>
+DHT support requires SAM v3.3 PRIMARY and SUBSESSIONS for TCP and UDP over the same session.
+This will require substantial development effort on the client side, unless the client is written in Java.
+i2pd does not currently support SAM v3.3.
+libtorrent does not currently support SAM v3.3.
+</p><p>
+Without DHT support, you may wish to automatically announce to
+a configurable list of known open trackers so that magnet links will work.
+Consult with I2P users for information on currently-up open trackers and keep your defaults up-to-date.
+Supporting the i2p_pex extension will also help alleviate the lack of DHT support.
+</p><p>
+For more guidance to developers on ensuring your application uses only the resources it needs, please see
+the <a href="{{ site_url('docs/api/samv3') }}">SAMv3 specification</a> and
+<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
+Contact I2P or i2pd developers for further assistance.
+</p>
+
+
+
+
 <h2>{% trans %}Announces{% endtrans %}</h2>
 <p>{% trans -%}
 Clients generally include a fake port=6881 parameter in the announce, for compatibility with older trackers.

i2p2www/pages/site/docs/applications/embedding.html

@@ -1,14 +1,16 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Embedding I2P in your Application{% endtrans %}{% endblock %}
-{% block lastupdated %}2019-11{% endblock %}
-{% block accuratefor %}0.9.44{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block accuratefor %}2.1.0{% endblock %}
 {% block content %}
 
 <h2>{% trans %}Overview{% endtrans %}</h2>
 <p>{% trans -%}
 This page is about bundling the entire I2P router binary with your application.
 It is not about writing an application to work with I2P (either bundled or external).
-{%- endtrans %}</p>
+{%- endtrans %}
+However, many of the guidelines may be useful even if not bundling a router.
+</p>
 
 <p>{% trans -%}
 Lots of projects are bundling, or talking about bundling, I2P. That's great if done right.
@@ -17,8 +19,10 @@ The I2P router is complex, and it can be a challenge to hide all the complexity
 This page discusses some general guidelines.
 {%- endtrans %}</p>
 
-
-
+<p>
+Most of these guidelines apply equally to Java I2P or i2pd.
+However, some guidelines are specific to Java I2P and are noted below.
+</p>
 
 <h3>{% trans %}Talk to us{% endtrans %}</h3>
 <p>{% trans -%}
@@ -41,6 +45,7 @@ Some of the following only applies to the Java router.
 Ensure you meet the license requirements of the software you are bundling.
 {%- endtrans %}</p>
 
+<h2>Configuration</h2>
 
 <h3>{% trans %}Verify default configuration{% endtrans %}</h3>
 <p>{% trans -%}
@@ -92,7 +97,20 @@ If you do this and your application gets hugely popular, it could break the netw
 You must save the router's data (netdb, configuration, etc.) between runs of the router.
 I2P does not work well if you must reseed each startup, and that's a huge load on our reseed servers, and not very good for anonymity either.
 Even if you bundle router infos, I2P needs saved profile data for best performance.
+Without persistence, your users will have a poor startup experience.
 {%- endtrans %}</p>
+<p>
+There are two possibilities if you cannot provide persistence.
+Either of these eliminates your project's load on our reseed servers and will significantly improve startup time.
+</p><p>
+1) Set up your own project reseed server(s) that serve much more than the usual number
+of router infos in the reseed, say, several hundred. Configure the router to use only your servers.
+</p><p>
+2) Bundle one to two thousand router infos in your installer.
+</p><p>
+Also, delay or stagger your tunnel startup, to give the router a chance to integrate
+before building a lot of tunnels.
+</p>
 
 
 
@@ -125,8 +143,64 @@ Be aware of possible blocking by hostile governments.
 
 
 
+<h3>Use Shared Clients</h3>
+<p>
+Java I2P i2ptunnel supports shared clients, where clients may be configured to use a single pool.
+If you require multiple clients, and if consistent with your security goals,
+configure the clients to be shared.
+</p>
+
+
+
+<h3>Limit Tunnel Quantity</h3>
+<p>
+Specify tunnel quantity explicitly with the options <tt>inbound.quantity</tt> and <tt>outbound.quantity</tt>.
+The default in Java I2P is 2; the default in i2pd is higher.
+Specify in the SESSION CREATE line using SAM to get consistent settings with both routers.
+Two each in/out is sufficient for most low-to-medium bandwidth and low-to-medium fanout applications.
+Servers and high-fanout P2P applications may need more.
+See <a href="http://zzz.i2p/topics/1584">this forum post</a> for guidance on calculating requirements
+for high-traffic servers and applications.
+</p>
+
+
+
+
+<h3>Specify SAM SIGNATURE_TYPE</h3>
+<p>
+SAM defaults to DSA_SHA1 for destinations, which is not what you want.
+Ed25519 (type 7) is the correct selection.
+Add SIGNATURE_TYPE=7 to the DEST GENERATE command,
+or to the SESSION CREATE command for DESTINATION=TRANSIENT.
+</p>
+
+
+
+
+<h3>Limit SAM Sessions</h3>
+<p>
+Most applications will only need one SAM session.
+SAM provides the ability to quickly overwhelm the local router, or even the broader network,
+if a large number of sessions are created.
+If multiple sub-services can use a single session, set them up with
+a PRIMARY session and SUBSESSIONS (not currently supported on i2pd).
+A reasonable limit to sessions is 3 or 4 total, or maybe up to 10 for rare situations.
+If you do have multiple sessions, be sure to specify a low tunnel quantity for each, see above.
+</p><p>
+In almost no situation should you require a unique session per-connection.
+Without careful design, this could quickly DDoS the network.
+Carefully consider if your security goals require unique sessions.
+Please consult with the Java I2P or i2pd developers before implementing per-connection sessions.
+</p>
+
+
 
 <h3>{% trans %}Reduce Network Resource Usage{% endtrans %}</h3>
+<p>
+Note that these options are not currently supported on i2pd.
+These options are supported via I2CP and SAM (except delay-open, which is via i2ptunnel only).
+See the I2CP documentation (and, for delay-open, the i2ptunnel configuration documentation) for details.
+</p>
 <p>{% trans -%}
 Consider setting your application tunnels to delay-open, reduce-on-idle and/or close-on-idle.
 This is straightforward if using i2ptunnel but you'll have to implement some of it yourself if using I2CP directly.
@@ -134,6 +208,7 @@ See i2psnark for code that reduces tunnel count and then closes the tunnel, even
 {%- endtrans %}</p>
 
 
+<h2>Life Cycle</h2>
 
 <h3>{% trans %}Updatability{% endtrans %}</h3>
 <p>{% trans -%}
@@ -168,6 +243,8 @@ If your average uptime is less than an hour, I2P is probably the wrong solution.
 {%- endtrans %}</p>
 
 
+<h2>User Interface</h2>
+
 
 <h3>{% trans %}Show Status{% endtrans %}</h3>
 <p>{% trans -%}
@@ -196,6 +273,8 @@ it may be helpful to provide an option or a separate package to use an external
 {%- endtrans %}</p>
 
 
+<h2>Other Topics</h2>
+
 
 <h3>{% trans %}Use of other Common Services{% endtrans %}</h3>
 <p>{% trans -%}
@@ -207,6 +286,9 @@ and talk to the people who are running them to make sure it's ok.
 
 
 <h3>{% trans %}Time / NTP Issues{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P. i2pd does not include an SNTP client.
+</p>
 <p>{% trans -%}
 I2P includes an SNTP client. I2P requires correct time to operate.
 It will compensate for a skewed system clock but this may delay startup. You may disable I2P's SNTP queries,
@@ -216,6 +298,9 @@ but this isn't advised unless your application makes sure the system clock is co
 
 
 <h3>{% trans %}Choose What and How you Bundle{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 At a minimum you will need i2p.jar, router.jar, streaming.jar, and mstreaming.jar.
 You may omit the two streaming jars for a datagram-only app.
@@ -243,15 +328,18 @@ License requirements may require you to include the LICENSES.txt file and the li
 <li>{% trans -%}
 You may also wish to bundle a hosts.txt file.
 {%- endtrans %}</li>
-<li>{% trans -%}
-Be sure to specify a Java 7 bootclasspath if compiling with Java 8.
-{%- endtrans %}</li>
+<li>
+Be sure to specify a bootclasspath if you are compiling Java I2P for your release, rather than taking our binaries.
+</li>
 </ul>
 </p>
 
 
 
 <h3>{% trans %}Android considerations{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 Our Android router app may be shared by multiple clients.
 If it is not installed, the user will be prompted when he starts a client app.
@@ -269,6 +357,9 @@ If you require assistance, please contact us.
 
 
 <h3>{% trans %}Maven jars{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 We have a limited number of our jars on <a href="http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22net.i2p%22">Maven Central</a>.
 There are numerous trac tickets for us to address that will improve and expand the released jars on Maven Central.
@@ -293,6 +384,15 @@ Build your own. If you are hardcoding seed nodes, we recommend that you have sev
 
 
 
+<h3>Outproxies</h3>
+<p>
+I2P outproxies to the clearnet are a limited resource.
+Use outproxies only for normal user-initiated web browsing or other limited traffic.
+For any other usage, consult with and get approval from the outproxy operator.
+</p>
+
+
+
 <h3>{% trans %}Comarketing{% endtrans %}</h3>
 <p>{% trans -%}
 Let's work together. Don't wait until it's done.
@@ -314,6 +414,7 @@ Hang out in IRC #i2p-dev. Post on the forums. Spread the word.
 We can help get you users, testers, translators, or even coders.
 {%- endtrans %}</p>
 
+<h2>Examples</h2>
 
 
 <h3>{% trans %}Application Examples{% endtrans %}</h3>
@@ -326,6 +427,9 @@ Other examples are: Vuze, the Nightweb Android app, iMule, TAILS, iCloak, and Mo
 
 
 <h3>{% trans %}Code Example{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 None of the above actually tells you how to write your code to
 bundle the Java router, so following is a brief example.

i2p2www/pages/site/docs/applications/git-bundle.html

@@ -28,7 +28,7 @@
 <h2 id="generating-a-bundle">{% trans -%}Generating a Bundle{%- endtrans %}</h2>
 <p>{% trans -%} First, follow the <a href="GIT.md">Git guide for Users</a> until you have a successfully <code>--unshallow</code>ed clone of clone of the i2p.i2p repository. If you already have a clone, make sure you run <code>git fetch --unshallow</code> before you generate a torrent bundle. {%- endtrans %}</p>
 <p>{% trans -%}Once you have that, simply run the corresponding ant target:{%- endtrans %}</p>
-<pre><code>ant bundle</code></pre>
+<pre><code>ant git-bundle</code></pre>
 <p>{% trans -%} and copy the resulting bundle into your I2PSnark downloads directory. For instance: {%- endtrans %}</p>
 <pre><code>cp i2p.i2p.bundle* $HOME/.i2p/i2psnark/</code></pre>
 <p>{% trans -%} In a minute or two, I2PSnark will pick up on the torrent. Click on the “Start” button to begin seeding the torrent. {%- endtrans %}</p>

i2p2www/pages/site/docs/how/intro.html

@@ -178,7 +178,7 @@ scheduled development meetings, however <a href="{{ meetings }}">archives are av
 {%- endtrans %}</p>
 
 <p>{% trans monotone=site_url('get-involved/guides/monotone') -%}
-The current source is available in <a href="{{ monotone }}">monotone</a>.
+The current source is available in <a href="{{ monotone }}">git</a>.
 {%- endtrans %}</p>
 
 <h2>{% trans %}Additional Information{% endtrans %}</h2>

i2p2www/pages/site/docs/how/network-database.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}The Network Database{% endtrans %}{% endblock %}
-{% block lastupdated %}{% trans %}August 2019{% endtrans %}{% endblock %}
-{% block accuratefor %}0.9.42{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block accuratefor %}0.9.57{% endblock %}
 {% block content %}
 <h2>{% trans %}Overview{% endtrans %}</h2>
 
@@ -61,10 +61,6 @@ to be present:
 "Shared bandwidth" == (share %) * min(in bw, out bw)
 <br>
 For compatibility with older routers, a router may publish multiple bandwidth letters, for example "PO".
-  </li>
-  <li><b>coreVersion</b>
-({% trans %}The core library version, always the same as the router version{% endtrans %})
-(Never used, removed in release 0.9.24)
   </li>
   <li><b>netId</b> = 2
 ({% trans %}Basic network compatibility - A router will refuse to communicate with a peer having a different netId{% endtrans %})
@@ -72,13 +68,21 @@ For compatibility with older routers, a router may publish multiple bandwidth le
   <li><b>router.version</b>
 ({% trans %}Used to determine compatibility with newer features and messages{% endtrans %})
   </li>
-  <li><b>stat_uptime</b> = 90m
-({% trans %}Always sent as 90m, for compatibility with an older scheme where routers published their actual uptime,
-and only sent tunnel requests to peers whose uptime was more than 60m{% endtrans %})
+</ul>
+
+Deprecated options:
+<ul>
+  <li><strike>coreVersion</strike>
+(Never used, removed in release 0.9.24)
+  </li>
+  <li><strike>stat_uptime</strike> = 90m
 (Unused since version 0.7.9, removed in release 0.9.24)
   </li>
 </ul>
 
+
+
+
 <p>{% trans -%}
 These values are used by other routers for basic decisions.
 Should we connect to this router? Should we attempt to route a tunnel through this router?
@@ -116,16 +120,60 @@ Current statistics are limited to:
   <li>{% trans %}1 hour average number of participating tunnels{% endtrans %}
 </ul>
 
-<p>{% trans -%}
-Floodfill routers publish additional data on the number of entries in their network database.
-{%- endtrans %}</p>
+<p>
+These are optional, but if included, help analysis of network-wide performance.
+As of API 0.9.58, these statistics are simplified and standardized, as follows:
+</p>
+<ul>
+  <li>Option keys are stat_(statname).(statperiod)
+  <li>Option values are ';' -separated
+  <li>Stats for event counts or normalized percentages use the 4th value;
+      the first three values are unused but must be present
+  <li>Stats for average values use the 1st value, and no ';' separator is required
+  <li>For equal weighting of all routers in stats analysis,
+      and for additional anonymity,
+      routers should include these stats only after an uptime of one hour or more,
+      and only one time every 16 times that the RI is published.
+</ul>
+
+<p>
+Example:
+<pre>
+    stat_tunnel.buildExploratoryExpire.60m = 0;0;0;53.14
+    stat_tunnel.buildExploratoryReject.60m = 0;0;0;15.51
+    stat_tunnel.buildExploratorySuccess.60m = 0;0;0;31.35
+    stat_tunnel.participatingTunnels.60m = 289.20
+</pre>
+</p>
+
+
 
 <p>{% trans -%}
-The data published can be seen in the router's user interface,
-but is not used or trusted within the router.
-As the network has matured, we have gradually removed most of the published
-statistics to improve anonymity, and we plan to remove more in future releases.
+Floodfill routers may publish additional data on the number of entries in their network database.
+These are optional, but if included, help analysis of network-wide performance.
 {%- endtrans %}</p>
+<p>
+The following two options should be included by floodfill routers in every published RI:
+</p>
+<ul>
+  <li><b>netdb.knownLeaseSets</b>
+  <li><b>netdb.knownRouters</b>
+</ul>
+<p>
+Example:
+<pre>
+    netdb.knownLeaseSets = 158
+    netdb.knownRouters = 11374
+</pre>
+</p>
+
+
+
+
+<p>
+The data published can be seen in the router's user interface,
+but is not used or trusted by any other router.
+</p>
 
 <h3>{% trans %}Family Options{% endtrans %}</h3>
 

i2p2www/pages/site/docs/index.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Index to Technical Documentation{% endtrans %}{% endblock %}
-{% block lastupdated %}2022-04{% endblock %}
-{% block accuratefor %}0.9.53{% endblock %}
+{% block lastupdated %}2022-08{% endblock %}
+{% block accuratefor %}0.9.55{% endblock %}
 {% block content %}
 <p>{% trans -%}
 Following is an index to the technical documentation for I2P.
@@ -15,6 +15,10 @@ The interface between applications and the router is the I2CP (I2P Control
 Protocol) API.
 {%- endtrans %}</p>
 
+The specifications linked below are currently supported in the network.
+See the <a href="{{ site_url('spec/proposals') }}">{{ _('Proposals') }}</a> page for
+specifications in discussion or development.
+
 <p>{% trans trac='https://i2pgit.org/i2p-hackers/i2p.www/issues' -%}
 The I2P Project is committed to maintaining accurate, current documentation.
 If you find any inaccuracies in the documents linked below, please
@@ -74,13 +78,13 @@ Streamr Proxy
 </li><li>
 HTTP Bidir Proxy
 </li><li>
-<a href="{{ site_url('docs/api/sam') }}">{{ _('SAM Protocol') }}</a>
+<a href="{{ site_url('docs/api/sam') }}">{{ _('SAM Protocol') }}</a> (Deprecated)
 </li><li>
-<a href="{{ site_url('docs/api/samv2') }}">{{ _('SAMv2 Protocol') }}</a>
+<a href="{{ site_url('docs/api/samv2') }}">{{ _('SAMv2 Protocol') }}</a> (Deprecated)
 </li><li>
 <a href="{{ site_url('docs/api/samv3') }}">{{ _('SAMv3 Protocol') }}</a>
 </li><li>
-<a href="{{ site_url('docs/api/bob') }}">{{ _('BOB Protocol') }}</a>
+<a href="{{ site_url('docs/api/bob') }}">{{ _('BOB Protocol') }}</a> (Deprecated)
 </li></ul>
 
 <h3>{% trans %}End-to-End Transport API and Protocols{% endtrans %}</h3>
@@ -180,6 +184,8 @@ Traditionally used only by Java applications and higher-level APIs.
 </li><li>
 <a href="{{ spec_url('ssu') }}">{{ _('SSU specification') }}</a>
 </li><li>
+<a href="{{ spec_url('ssu2') }}">{{ _('SSU2 specification') }}</a>
+</li><li>
 <a href="{{ site_url('docs/how/cryptography') }}#tcp">{{ _('NTCP transport encryption') }}</a>
 </li><li>
 <a href="{{ site_url('docs/how/cryptography') }}#udp">{{ _('SSU transport encryption') }}</a>

i2p2www/pages/site/docs/plugins.html

@@ -149,7 +149,7 @@ or easily add some feature.
 <h3>{% trans %}Getting Started{% endtrans %}</h3>
 <p>{% trans url='https://github.com/i2p/i2p.scripts/tree/master/plugin/makeplugin.sh' -%}
 To create a plugin from an existing binary package you will need to get
-makeplugin.sh from <a href="{{ url }}">the i2p.scripts branch in monotone</a>.
+makeplugin.sh from <a href="{{ url }}">the i2p.scripts repository in git</a>.
 {%- endtrans %}</p>
 
 

i2p2www/pages/site/docs/ports.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Ports Used by I2P{% endtrans %}{% endblock %}
-{% block lastupdated %}2020-06{% endblock %}
-{% block accuratefor %}0.9.46{% endblock %}
+{% block lastupdated %}2022-08{% endblock %}
+{% block accuratefor %}0.9.55{% endblock %}
 {% block content %}
 
 <p>{% trans -%}
@@ -46,7 +46,7 @@ in the 767x range.
 <tr><td>7657</td><td>Router Console</td></tr>
 <tr><td>7658</td><td>I2P Site</td></tr>
 <tr><td>7659</td><td>SMTP Proxy</td></tr>
-<tr><td>7660</td><td>POP Proxy</td></tr>
+<tr><td>7660</td><td>POP3 Proxy</td></tr>
 <tr><td>7661</td><td>Pebble Plugin</td></tr>
 <tr><td>7661</td><td>I2PBote Plugin SMTP</td></tr>
 <tr><td>7662</td><td>Zzzot Plugin</td></tr>
@@ -58,6 +58,7 @@ in the 767x range.
 <tr><td>7669</td><td>Garlic Farm</td></tr>
 <tr><td>7670</td><td>Git SSH</td></tr>
 <tr><td></td><td><i>{% trans %}recommended spot for new plugins/applications{% endtrans %}</i></td></tr>
+<tr><td>7680</td><td>don't use - Windows Delivery Optimization</td></tr>
 <tr><td>8002</td><td>I2PSnark (standalone install only)</td></tr>
 <tr><td>8003</td><td>I2PSnark SSL (standalone install only)</td></tr>
 <tr><td>8118</td><td>Privoxy (reserve)</td></tr>

i2p2www/pages/site/docs/transport/ssu.html

@@ -1,6 +1,6 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Secure Semireliable UDP{% endtrans %} (SSU){% endblock %}
-{% block lastupdated %}2022-06{% endblock %}
+{% block lastupdated %}2022-07{% endblock %}
 {% block accuratefor %}0.9.54{% endblock %}
 {% block content %}
 
@@ -534,8 +534,8 @@ When Bob receives a request from Alice via IPv6, Bob must select a Charlie that
 The actual Bob-Charlie communication may be via IPv4 or IPv6 (i.e., independent of Alice's address type).
 </p><p>
 As of release 0.9.50,
-If the message is over IPv6 for an IPv4 introduction,
-  or (as of release 0.9.50) over IPv4 for an IPv6 introduction,
+If the message is over IPv6 for an IPv4 peer test,
+  or (as of release 0.9.50) over IPv4 for an IPv6 peer test,
   Alice must include her introduction address and port.
 
 See <a href="/spec/proposals/158">Proposal 158</a> for details.

i2p2www/pages/site/faq.html

@@ -464,7 +464,7 @@ These are described in detail below.
           7660
         </td>
         <td>
-          Outgoing mail to smtp.postman.i2p
+          Incoming mail from pop3.postman.i2p
         </td>
         <td>
           {% trans -%}May be disabled or changed on the i2ptunnel page in the router console. 
@@ -473,13 +473,13 @@ These are described in detail below.
       </tr>
       <tr>
         <td>
-          8998
+          7670 (8998)
         </td>
         <td>
-          mtn.i2p-projekt.i2p (Monotone)
+          gitssh.idk.i2p git over ssh
         </td>
         <td>
-          {% trans -%}May be disabled or changed on the i2ptunnel page in the router console. 
+          {% trans -%}This used to be port 8998 for monotone. Elder installations may still have that and not this one. May be disabled or changed on the i2ptunnel page in the router console. 
           May also be configured to be bound to a specific interface or all interfaces.{%- endtrans %}
         </td>
       </tr>

i2p2www/pages/site/get-involved/develop/licenses.html

@@ -309,7 +309,7 @@ Except where otherwise noted, content on this site is licensed under a
 <p>{% trans git=site_url('docs/applications/git') -%}
 Developers may push changes to a distributed git repository if you
 receive permission from the person running that repository.
-See the <a href="{{ git }}">Monotone Page</a> for details.
+See the <a href="{{ git }}">Git Page</a> for details.
 {%- endtrans %}</p>
 
 <p>{% trans -%}

i2p2www/pages/site/get-involved/develop/release-signing-key.html

@@ -8,9 +8,9 @@ Windows installers for releases 0.9.38 and later are signed by zlatinb.
 </p>
 
 <p>{% trans -%}
-Mac OSX installers for releases 0.9.38 and later are signed by mikalv.
+Mac OSX installers for releases 0.9.38 and later are signed by zlatinb.
 {%- endtrans %}<br>
-<a href="{{ url_for('static', filename='mikalv.key.crt') }}" >{% trans %}Download code signing certificate{% endtrans %}</a>
+<a href="{{ url_for('static', filename='zlatinb.key.crt') }}" >{% trans %}Download code signing certificate{% endtrans %}</a>
 </p>
 
 <p>{% trans -%}

i2p2www/pages/site/get-involved/guides/new-developers.html

@@ -46,13 +46,13 @@ These will give you a good overview of how I2P is structured and what different
 
 <p>{% trans -%}
 For development on the I2P router or the embedded applications,
-there are two ways to get the source code:
+you need to get the source code:
 {%- endtrans %}</p>
 
-<h3 id="git">{% trans %}The new way: Git{% endtrans %}</h3>
+<h3 id="git">{% trans %}Our current way: Git{% endtrans %}</h3>
 
-<p>{% trans trac="https://i2pgit.org" -%}I2P now has official Git services and accepts contributions via Git at our own gitlab.
-Trac issues have also been migrated to <a href="{{ trac }}">gitlab</a>, however Trac still available for now. Two-way syncing of
+<p>{% trans trac="https://i2pgit.org" -%}I2P has official Git services and accepts contributions via Git at <a href="{{ trac }}">our own gitlab</a>.
+Trac issues have also been migrated there and the former Trac is not available anymore by now. Two-way syncing of
 issues between Gitlab and Github is a work-in-progress.{%- endtrans %}</p>
 
 <li>{% trans git_url='https://git-scm.com/' -%}
@@ -103,7 +103,7 @@ see the <a href="{{ apps }}">application development guide</a>.
 <p>{% trans zzz=i2pconv('zzz.i2p'), todo=site_url('get-involved/todo'), trac='https://i2pgit.org/i2p-hackers/i2p.i2p/issues' -%}
 See <a href="http://{{ zzz }}/forums/3">zzz's TODO lists</a>,
 <a href="{{ todo }}">this website's TODO list</a> or
-<a href="{{ trac }}">Trac</a>
+<a href="{{ trac }}">the issue list on GitLab</a>
 for ideas.
 {%- endtrans %}</p>
 

i2p2www/pages/site/get-involved/guides/new-translators.html

@@ -1,7 +1,11 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}New Translator's Guide{% endtrans %}{% endblock %}
 {% block content %}
-{% trans %}Here's a very quick guide to getting started.{% endtrans %}
+{% trans %}Here's a very quick guide to getting started. 
+Note that for both (website/console) there is an <b>easy way</b> using a 
+translation web-site (and requiring nothing else than to use that) and 
+the <b>other way</b> which requires you to set up a build-environment 
+(installing software etc.).{% endtrans %}
 
 <h2>{% trans %}How to Translate the Website{% endtrans %}</h2>
 
@@ -24,8 +28,8 @@ please update the translation status on <a href="{{ url }}">this wiki page</a>.
 {%- endtrans %}</li>
   <li>{% trans newdevs=site_url('get-involved/guides/new-developers') -%}
 Follow the <a href="{{ newdevs }}">new developer's guide</a>,
-Including the installation of monotone,
-checking out i2p.www branch, and generate your own monotone keys.
+including the installation of git and the gettext tools. You will need 
+the i2p.www repository.
 It is not required that you sign a dev agreement.
 {%- endtrans %}</li>
   </ol>
@@ -56,10 +60,9 @@ To work with .po files efficiently, you may wish to use <a href="http://www.poed
 {%- endtrans %}</li>
 
 <li>{% trans -%}
-<b>Check in:</b>
-"<code>mtn pull</code>", "<code>mtn update</code>". Then check in by "<code>mtn ci -k yourname@mail.i2p file1 file2 ...</code>"
-This collects the diff info of your changed file into your local repo. Then "<code>mtn sync mtn.i2p2.de -k yourname-transport@mail.i2p i2p.i2p</code>".
-This synchronizes your local repo with the repo on the target machine.
+<b>Git Workflow:</b>
+You can then add all new and changed files to your next commit using <code>git add .</code> (or specify which files instead of the dot).
+Please note the suggested workflow for git on our git-page.
 {%- endtrans %}</li>
 
 <li>{% trans -%}
@@ -89,8 +92,8 @@ please update the translation status on <a href="{{ url }}">this wiki page</a>.
 {%- endtrans %}</li>
   <li>{% trans newdevs=site_url('get-involved/guides/new-developers') -%}
 Follow the <a href="{{ newdevs }}">new developer's guide</a>,
-including the installation of monotone and the gettext tools,
-checking out i2p.i2p branch, and generate your own monotone keys.
+including the installation of git and the gettext tools. You will need 
+the i2p.i2p repository.
 {%- endtrans %}</li>
   <li>{% trans -%}
 Generate your own gpg key and sign the dev agreement.
@@ -149,10 +152,9 @@ To work with .po files efficiently, you may wish to use <a href="http://www.poed
 {%- endtrans %}</li>
 
 <li>{% trans -%}
-<b>Check in:</b>
-"<code>mtn pull</code>", "<code>mtn update</code>". Then check in by "<code>mtn ci -k yourname@mail.i2p file1 file2 ...</code>"
-This collects the diff info of your changed file into your local repo. Then "<code>mtn sync mtn.i2p2.de -k yourname-transport@mail.i2p i2p.i2p</code>".
-This synchronizes your local repo with the repo on the target machine.
+<b>Git Workflow:</b>
+You can then add all new and changed files to your next commit using <code>git add .</code> (or specify which files instead of the dot).
+Please note the suggested workflow for git on our git-page.
 {%- endtrans %}</li>
 
 <li>{% trans -%}
@@ -169,14 +171,14 @@ If you have questions about the meaning of the terms in the console, ask in <cod
 <h2>{% trans %}FAQ{% endtrans %}</h2>
 
 <p><b>{% trans -%}
-Q: Why do I have to install monotone, Java, jsp, learn about .po files and html, etc.? Why can't I just do a translation and email it to you?
+Q: Why do I have to install git, Java, jsp, learn about .po files and html, etc.? Why can't I just do a translation and email it to you?
 {%- endtrans %}</b></p>
 
-<p><b>{% trans %}A: Several reasons:{% endtrans %}</b></p>
+<p><b>{% trans %}A: You do not / Several reasons:{% endtrans %}</b></p>
 
 <ul>
 <li>{% trans transifex='https://www.transifex.com/projects/p/I2P/' -%}
-You might be interested in translating via Transifex. Request to join a translation team <a href="{{ transifex }}">here</a>.
+First of all: you don't have to, you can translate via Transifex (aka "using a web-site to translate"). Request to join a translation team <a href="{{ transifex }}">here</a>. Aside from that ...
 {%- endtrans %}</li>
 
 <li>{% trans -%}
@@ -200,7 +202,7 @@ HTML files are not difficult. Just ignore the html stuff and translate the text.
 {%- endtrans %}</li>
 
 <li>{% trans -%}
-Installing and using monotone is not that difficult. Several of the translators and other contributors to I2P are non-programmers, and they use monotone regularly. Monotone is simply a source control system, it is not about "coding".
+Installing and using git is not that difficult. Several of the translators and other contributors to I2P are non-programmers, and they use git regularly. Git is simply a source control system, it is not about "coding".
 {%- endtrans %}</li>
 
 <li>{% trans -%}

i2p2www/pages/site/get-involved/guides/reseed-debian.html

@@ -0,0 +1,171 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('How to Set up a Reseed Server using a Debian Package') }}{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block content %}
+
+<h2>{% trans %}General Information{% endtrans %}</h2>
+
+<p>{% trans %}
+These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
+There are no other known Debian-style packages for installing and configuring a reseed server.
+{% endtrans %}</p>
+
+<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
+<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
+
+<h2>{% trans %}Reseed on Debian using {% endtrans %} <code>checkinstall</code>, <code>apt-get</code></h2>
+
+<p>{% trans %}
+It is possible to easily and automatically configure a reseed server
+with a self-signed certificate on any Debian-based operating system,
+including Ubuntu and it&rsquo;s downstreams. This is achieved using the
+{% endtrans %}<code>
+checkinstall
+</code>{% trans %}
+tool to set up the software dependencies and the operating system to
+run the
+{% endtrans %}<code>
+I2P
+</code>
+{% trans %}service and the{% endtrans %}
+<code>
+reseed
+</code>
+{% trans %}service.{% endtrans %}
+</p>
+<h2>
+{% trans %}Using a binary package{% endtrans %}
+</h2>
+<p>{% trans %}
+If you do not wish to build from source, you can use a binary package
+from me(idk). This package is built from this repo with the
+{% endtrans %}<code>
+make checkinstall
+</code>
+{% trans %}target and uploaded by me. I build it on an up-to-date Debian sid system at tag time.
+It contains a static binary and files for configuring it as a system service.
+{% endtrans %}
+</p>
+<pre><code class="language-sh">
+wget https://github.com/eyedeekay/reseed-tools/releases/download/v0.2.30/reseed-tools_0.2.30-1_amd64.deb
+# Obtain the checksum from the release web page and store it in the SHA256SUMS file
+echo &quot;38941246e980dfc0456e066f514fc96a4ba25d25a7ef993abd75130770fa4d4d reseed-tools_0.2.30-1_amd64.deb&quot; &gt; SHA256SUMS
+sha256sums -c SHA256SUMS
+sudo apt-get install ./reseed-tools_0.2.30-1_amd64.deb
+</code></pre>
+<h2>
+{% trans %}Building the .deb package from the source(Optional){% endtrans %}
+</h2>
+<p>{% trans %}
+If your software is too old, it&rsquo;s possible that the binary package I build will
+not work for you. It&rsquo;s very easy to generate your own from the source code in this
+repository.
+{% endtrans %}</p>
+<p>
+
+<strong>
+1.
+</strong>
+{% trans %}Install the build dependencies{% endtrans %}
+</p>
+<pre><code class="language-sh">
+sudo apt-get install fakeroot checkinstall go git make
+</code></pre>
+<p>
+
+<strong>
+2.
+</strong>
+{% trans %}Clone the source code{% endtrans %}
+</p>
+<pre><code class="language-sh">
+git clone https://i2pgit.org/idk/reseed-tools ~/go/src/i2pgit.org/idk/reseed-tools
+</code></pre>
+<p>
+
+<strong>
+3.
+</strong>
+{% trans %}Generate the .deb  package using the make checkinstall target {% endtrans %}
+</p>
+<pre><code class="language-sh">
+cd ~/go/src/i2pgit.org/idk/reseed-tools
+make checkinstall
+</code></pre>
+<p>
+
+<strong>
+4.
+</strong>
+{% trans %}Install the .deb package{% endtrans %}
+</p>
+<pre><code class="language-sh">
+sudo apt-get install ./reseed-tools_*.deb
+</code></pre>
+<h2>
+{% trans %}Running the Service{% endtrans %}
+</h2>
+<p>
+
+<strong>
+1.
+</strong>{% trans %}
+First, ensure that the I2P service is already running. The longer the better,
+if you have to re-start the service, or if the service has very few peers, allow it to
+run for 24 hours before advancing to step
+{% endtrans %}
+<strong>
+2.
+</strong>
+</p>
+<pre><code class="language-sh">
+sudo systemctl start i2p
+# or, if you use sysvinit
+sudo service i2p start
+</code></pre>
+<p>
+
+<strong>
+2.
+</strong>
+{% trans %}Once your I2P router is &ldquo;Well-Integrated,&rdquo; start the reseed service.{% endtrans %}
+</p>
+<pre><code class="language-sh">
+sudo systemctl start reseed
+# or, if you use sysvinit
+sudo service reseed start
+</code></pre>
+<p>
+{% trans %}Your reseed will auto-configure with a self-signed certificate on port{% endtrans %}
+<code>
+:8443
+</code>
+. {% trans %}The certificates themselves are available in{% endtrans %}
+<code>
+/var/lib/i2p/i2p-config/reseed
+</code>
+. {% trans %}When you are ready, you should copy the{% endtrans %}
+<code>
+*.crt
+</code>
+{% trans %}files from that directory and share them with the I2P community on{% endtrans %}
+<a href="http://zzz.i2p">
+<code>
+zzz.i2p
+</code>
+</a>
+. {% trans %}These will allow I2P users to authenticate your reseed services and secure the I2P network.{% endtrans %}
+</p>
+<p>
+{% trans %}Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
+Provide us with details about your new reseed server:{% endtrans %}
+<ul>
+<li>{% trans %}Reseed website URL{% endtrans %}</li>
+<li>{% trans %}Public SSL certificate{% endtrans %}</li>
+<li>{% trans %}Public reseed su3 certificate{% endtrans %}</li>
+<li>{% trans %}Your contact email{% endtrans %}</li>
+<li>{% trans %}A statement that you agree to the privacy policy above{% endtrans %}</li>
+</ul>
+<p>
+
+{% endblock %}

i2p2www/pages/site/get-involved/guides/reseed-docker.html

@@ -0,0 +1,122 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('How to Set up a Reseed Server using a Docker Image') }}{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block content %}
+
+<h2>{% trans %}General Information{% endtrans %}</h2>
+
+<p>{% trans %}
+These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
+They should be very similar to the guidelines for DivaExchange's <a href="https://codeberg.org/diva.exchange/i2p-reseed">i2p-reseed</a> server.
+
+These guidelines make use of Docker to manage the reseed server in lieu of the initsystem.
+If you are not interested in using Docker they will be of no use to you.
+{% endtrans %}</p>
+
+<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
+<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
+
+<h2>{% trans %}Installation from a Docker Image{% endtrans %}</h2>
+
+<p>{% trans %}
+To make it easier to deploy reseeds, it is possible to run the reseed-tools as a
+Docker image. Because the software requires access to a network database to host
+a reseed, you will need to mount the netDb as a volume inside your docker
+container to provide access to it, and you will need to run it as the same user
+and group inside the container as I2P.
+{% endtrans %}</p>
+<p>{% trans %}
+When you run a reseed under Docker in this fashion, it will automatically
+generate a self-signed certificate for your reseed server in a Docker volume
+named reseed-keys.{% endtrans %}
+<em>
+{% trans %}Back up this directory{% endtrans %}
+</em>
+, {% trans %}if it is lost it is impossible to reproduce.{% endtrans %}
+</p>
+<p>{% trans %}
+Additional flags can be passed to the application in the Docker container by
+appending them to the command. Please note that Docker is not currently
+compatible with .onion reseeds unless you pass the &ndash;network=host tag.
+{% endtrans %}</p>
+<h2>
+{% trans %}If I2P is running as your user, do this:{% endtrans %}
+</h2>
+<pre><code>    docker run -itd \
+        --name reseed \
+        --publish 443:8443 \
+        --restart always \
+        --volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
+        --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
+        eyedeekay/reseed \
+        --signer $YOUR_EMAIL_HERE
+</code></pre>
+<h2>
+{% trans %}If I2P is running as another user, do this:{% endtrans %}
+</h2>
+<pre><code>    docker run -itd \
+        --name reseed \
+        --user $(I2P_UID) \
+        --group-add $(I2P_GID) \
+        --publish 443:8443 \
+        --restart always \
+        --volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
+        --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
+        eyedeekay/reseed \
+        --signer $YOUR_EMAIL_HERE
+</code></pre>
+<h2>
+<strong>
+{% trans %}Debian/Ubuntu and Docker{% endtrans %}
+</strong>
+</h2>
+<p>
+{% trans %}In many cases I2P will be running as the Debian system user{% endtrans %}
+<code>
+i2psvc
+</code>
+. {% trans %}This is the case for all installs where Debian&rsquo;s Advanced Packaging Tool(apt) was used to peform the task. 
+If you used "apt-get install" this command will work for you. In that case, just copy-and-paste:{% endtrans %}
+</p>
+<pre><code>    docker run -itd \
+        --name reseed \
+        --user $(id -u i2psvc) \
+        --group-add $(id -g i2psvc) \
+        --publish 443:8443 \
+        --restart always \
+        --volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
+        --volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
+        eyedeekay/reseed \
+        --signer $YOUR_EMAIL_HERE
+</code></pre>
+<p>{% trans %}The
+certificates themselves are available in{% endtrans %}
+<code>
+reseed-keys
+</code>
+. {% trans %}When
+you are ready, you should copy the{% endtrans %}
+<code>
+*.crt
+</code>
+{% trans %}files from that volume and share them with the I2P community on{% endtrans %}
+<a href="http://zzz.i2p">
+<code>
+zzz.i2p
+</code>
+</a>
+. {% trans %}These will allow I2P users
+to authenticate your reseed services and secure the I2P network.{% endtrans %}
+</p>
+<p>
+{% trans %}Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
+Provide us with details about your new reseed server:{% endtrans %}
+<ul>
+<li>{% trans %}Reseed website URL{% endtrans %}</li>
+<li>{% trans %}Public SSL certificate{% endtrans %}</li>
+<li>{% trans %}Public reseed su3 certificate{% endtrans %}</li>
+<li>{% trans %}Your contact email{% endtrans %}</li>
+<li>{% trans %}A statement that you agree to the privacy policy above{% endtrans %}</li>
+</ul>
+<p>
+{% endblock %}

i2p2www/pages/site/get-involved/guides/reseed-old.html

@@ -0,0 +1,954 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('How to Set up a Reseed Server') }}{% endblock %}
+{% block lastupdated %}2021-12{% endblock %}
+{% block content %}
+
+<h2>{% trans %}Overview{% endtrans %}</h2>
+
+<p>{% trans -%}
+Thank you for volunteering to run an I2P reseed server.
+"Reseeding" is our term for bootstrapping new routers into the network.
+New routers fetch a bundle of peer references, or "router infos", from one or more of a hardcoded list of HTTPS URLs.
+{%- endtrans %}</p>
+
+<h2>{% trans %}Requirements{% endtrans %}</h2>
+
+<p>{% trans -%}
+At its simplest, a reseed server consists of a Java I2P router, an HTTPS web server,
+and some scripts that periodically gather router infos from the router,
+bundle and sign them into a custom file format, and deliver these files over HTTPS.
+In practice, it's a bit more complex, and a reseed operator must be fairly competent and attentive.
+A reseed server is not appropriate for a residential internet connection. The complexities include:
+{%- endtrans %}</p>
+
+<ul>
+<li>{% trans -%}
+You must have a secure SSL setup with either a self-signed certificate or a cert that chains up to a standard CA
+{%- endtrans %}</li>
+<li>{% trans -%}
+The SSL configuration must conform to current best practices on allowed ciphers and protocols, and the CN/SAN host name must match the URL
+{%- endtrans %}</li>
+<li>{% trans -%}
+The scripts are designed to deliver different router info bundles to different requestors for network diversity
+{%- endtrans %}</li>
+<li>{% trans -%}
+The scripts are designed to deliver the same bundle to the same repeated requestor to prevent scraping
+{%- endtrans %}</li>
+<li>{% trans -%}
+The reseed servers are under periodic attacks and DDoS attempts, and from other buggy I2P implementations and botnets.
+This necessitates that you run fail2ban or an equivalent solution.
+{%- endtrans %}</li>
+</ul>
+
+<h2>{% trans %}Information Required{% endtrans %}</h2>
+
+<p>{% trans -%}
+When your setup is complete and ready for testing, we will need the HTTPS URL,
+the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
+After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
+and you will start seeing traffic.
+We also will need your email address so we may continue to contact you about reseed administration issues.
+The email will not be made public but will be known to the other reseed operators.
+You should expect that your nick or name and its association with that URL or IP will become public.
+{%- endtrans %}</p>
+
+<h2>{% trans %}Privacy Policy{% endtrans %}</h2>
+
+<p>{% trans -%}
+A reseed operator is a trusted role in the network.
+While we do not yet have a formal privacy policy, you must ensure the privacy of our users
+by not publicizing logs or IPs found in those logs, except as necessary to discuss administration issues with the I2P reseed team.
+{%- endtrans %}</p>
+
+<h2>{% trans %}Financial Support{% endtrans %}</h2>
+
+<p>{% trans -%}
+Modest financial support may be available to those running reseed servers.
+This support would be in partial reimbursement for your server costs.
+Support will not be paid in advance and will probably not cover all your expenses.
+Support is only available to those who have been running reseed servers in good standing for several months, and is based on actual need.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+If you would like to discuss support, please contact echelon and CC: zzz
+{%- endtrans %}</p>
+
+
+<h2>{% trans %}Getting Started{% endtrans %}</h2>
+
+<p>{% trans -%}
+Our reseed coordinator is "zzz" and he may be contacted at zzz at mail.i2p or zzz at i2pmail.org.
+Unfortunately, he is not generally on IRC. The reseed setup is somewhat specialized, and you should direct most questions to him.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+For actual implementation, details below. We have one recommended reseed solution:
+{%- endtrans %}</p>
+
+<ul>
+<li>{% trans -%}
+A Go implementation that includes the web server and all the scripts. This is the recommended solution.
+{%- endtrans %}</li>
+
+</ul>
+
+<p>{% trans -%}
+For further information, read the information at the following links, and then contact zzz.
+Thank you!
+{%- endtrans %}</p>
+
+<ul><li>
+<a href="http://zzz.i2p/topics/1893">zzz.i2p thread</a>
+</li><li>
+<a href="http://zzz.i2p/topics/1716">zzz.i2p thread</a>
+</li><li>
+<a href="https://github.com/martin61/i2p-tools">Go reseed server source on github</a>
+</li><li>
+<a href="/en/docs/spec/updates">SU3 Reseed File Format Specification</a>
+</li></ul>
+
+<h2>{% trans %}Detailed Instructions{% endtrans %}</h2>
+
+<h3>How-to Public reseed servers - su3</h3>
+
+<ul>
+<li>Some parts of this how-to are copied from <a href="http://zzz.i2p">zzz.i2p</a> and are modified.
+<li>Fetching individual RI (dat-files -the legacy/old style-) is not part of this how-to.
+<li>Questions can be placed on <a href="http://zzz.i2p/forums/18">zzz.i2p</a> - in the Reseeding sub-forum.
+</ul>
+
+<h3>Table of contents</h3>
+
+<ol>
+<li>Introduction
+<li>Requirements
+<li>Go Solution - Quick Guide
+  <ol>
+   <li>Start Web Server
+   <li>Install git and golang
+   <li>Build and Test
+   <li>Run Reseed
+   <li>Backup Certificates and Keys
+   <li>Enable Autostart
+   <li>Connect Web Server to Reseed
+   <li>Test From Another Computer
+   <li>Send Us Your Certificates
+  </ol>
+<li>Go Solution -Detailed Guide
+  <ol>
+   <li>Overview
+   <li>Building From Source
+   <li>Run The Reseed Server
+   <li>Draft For Startup Script
+   <li>Reverse-Proxy Setup
+   <li>Convert Existing Java Keystore to crt- and pem-file
+  </ol>
+<li>Seamless SSL-Certificate Exchange
+<li>Reseed Server Domain/URL/Port Exchange
+<li>Tests
+<li>Contact Reseed Maintainer
+</ol>
+
+<h2>1. Introduction</h2>
+<p>
+Public reseed servers are necessary to bootstrap into the I2P net.
+New installed I2P routers needs one-time about one hundred RouterInfo's (RI) as jump start.
+</p>
+<p>
+RI contains IP and Port from other I2P routers and are stored in dat-files in the netDB folder.
+</p>
+<p>
+A random bunch of dat-files from the netDB are zipped, then signed to a su3-file
+and finally offered to I2P routers seeking reseed service.
+</p>
+<p>
+To secure bootstrap and enable a trusted start, HTTPS/TLS and signed su3-files are mandatory.
+</p>
+<p>
+It is essential not to publish all RI from netDB, or all RI to one client.
+</p>
+
+
+<h2>2. Requirements</h2>
+
+<p>
+Requirements for running a public reseed server:
+<ul>
+<li>Well integrated running I2P router @ 24/7
+<li>Server with static IPv4 (2 cpu/ 2GB ram is fine)
+<li>Unix to run the golang solution
+<li>Own domain, sub-domain or an anonymous third-level domain
+<li>A self-signed SSL certificate, or an SSL certificate from <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a>
+<li>Enough bandwidth and traffic volume - Around 15 GB/month as of December 2016
+<li>Up-to-date web server (Apache/nginx), HTTPS ONLY with TLS 1.2 and good ciphers
+</ul>
+Optional:
+<ul>
+<li>fail2ban to protect you from botnets
+<li>GnuPG/PGP for signed/encrypted emails
+<li>IPv6
+</ul>
+
+<p>
+This How-to is tested with Ubuntu/Debian as well as FreeBSD.
+The web server has to be public reachable from all over the world, an I2P Site inside I2P can be setup in addition.
+Also frequent or infrequent attempts to scrape all your reseed files, and of course attacks on your server.
+The web server doesn't need to listen at default SSL/TLS port 443 - any other port can be used for obfuscation.
+</p>
+
+
+<h2>3. Go Solution - Quick Guide</h2>
+
+<h3>1. Fire Up Your Favorite Webserver</h3>
+<ol><li>
+	Connect a domain, sub-domain or (anonymous) third-level-domain
+</li><li>
+	Setup a state-of-the-art TLS(SSL) certificate
+</li><li>
+	Allow access only via HTTPS/TLS, no unencrypted HTTP
+</li><li>
+  Allow only very good ciphers, compatible to Java 7/8/9. See <a href="https://cipherli.st/" target="_blank">Cipherli.st</a>
+</li></ol>
+<p>
+Note: A non default port other than 443 can be used; TLS certificate can be self signed; configure fail2ban as bot-net protection
+</p>
+
+
+<h3>2. Install git and golang-go (1.4.2 or higher)</h3>
+<pre>
+	Debian/Ubuntu:    sudo apt install git golang-go
+        Arch:             sudo pacman -s git go
+</pre>
+
+
+<h3>3. Switch To User Running I2P, Fetch the i2p-tool Source Code, Build and Test it</h3>
+<p>
+Note: Visit http://reseed.i2p and download a pre-build x86_64 binary, so you can skip step 2+3.
+</p>
+<pre>
+	export GOPATH=$HOME/go; mkdir $GOPATH; cd $GOPATH
+	go get github.com/martin61/i2p-tools
+	bin/i2p-tools -h
+</pre>
+
+
+<h3>4. Run i2p-tools locally, </h3>
+<p>
+Replace 'yourname@mail.i2p' with your email address
+Replace '/home/i/.i2p/netDb' with the path to the I2P 'netDb' in the home folder of the user running I2P
+</p>
+<pre>
+	GOPATH=$HOME/go;
+        cd $GOPATH;
+        bin/i2p-tools reseed --signer=yourname@mail.i2p \
+                             --netdb=/home/i/.i2p/netDb \
+                             --port=8443 \
+                             --ip=127.0.0.1 \
+                             --trustProxy
+</pre>
+
+
+<h3>5. Back Up New Certificates</h3>
+<p>
+Make a backup from the newly created su3-signing key and certificate found in $GOPATH (.crt/.pem/.crl) and keep it in a safe, password protected location
+</p>
+
+
+<h3>6. Enable Autostart (+restart) for i2p-tools in Your crontab</h3>
+<p>
+Replace '...' with the appropriate command-line arguments as in step 4
+</p>
+<pre>
+	@reboot   GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... &gt;/dev/null 2>&amp;1
+	9 * * * * GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... &gt;/dev/null 2>&amp;1
+</pre>
+
+<h3>7. Connect Your Webserver via Reverse-Proxy setup to the i2p-tool, Examples</h3>
+<p>
+<b>lighttpd is no longer supported due to a limitation with the 'X-Forwarded-For' HTTP Header. Please use Apache or nginx.</b>
+</p>
+<p>
+	nginx configuration example:
+</p>
+<pre>
+		location / {
+			proxy_pass http://127.0.0.1:8443;
+                        proxy_set_header X-Real-IP  $remote_addr;
+                        proxy_set_header X-Forwarded-For $remote_addr;
+		}
+</pre>
+<p>
+	Apache (untested - feedback would be appreciated)
+</p>
+<pre>
+		ProxyRequests Off
+		&lt;Proxy *&gt;
+			Order deny,allow
+			Allow from all
+		&lt;/Proxy&gt;
+		ProxyPass / http://127.0.0.1:8443/
+		ProxyPassReverse / http://127.0.0.1:8443/
+</pre>
+<p>
+Additionally, ensure that your webserver uses these suggested settings for Strong SSL Security (visit <a href="https://cipherli.st/" target="_blank">CipherLi.st</a> for the latest settings). Sample SSL settings are provided in section <b>4.5 Reverse-Proxy Setup</b>.
+</p>
+
+<p>
+Note: i2p-tool has also an build-in standalone webserver with TLS support which can be used without a webserver. Please contact (zzz at mail.i2p.de) if you need help, or stop by #i2p-dev on IRC2P and talk to other reseed operators.
+</p>
+
+
+<h3>8. Final Test From Another Computer With I2P Running</h3>
+<ol><li>
+	Place your su3-certificate (*.crt) in i2p/certificates/reseed/
+</li><li>
+	Place your TLS-certificate (*.crt) in i2p/certificates/ssl/
+</li><li>
+	Visit with your web browser http://localhost:7657/configreseed
+</li><li>
+	Enter your new reseed-url and delete all others, hit "Save changes and reseed now"
+</li><li>
+	Check the I2P logs for "Reseed got 77 router infos from ... with 0 errors, Reseed complete, 77 received"
+</li></ol>
+
+
+<h3>9. Send Us Your Information</h3>
+<ol><li>
+	Domain/URL/Port
+</li><li>
+	su3-signing certificate
+</li><li>
+	TLS certificate (if self signed)
+</li></ol>
+<p>
+Send an email: zzz at mail.i2p, PGP signed welcome :-)
+
+
+<h2>4. Go Solution - Detailed Instructions</h2>
+
+<h3>1. Overview</h3>
+
+<p>
+The previous steps for reseeding involves many steps, scripts and programs.
+Most of them are easy and plain straight forward, but overall you can call it a little confusing.
+
+<p>
+Here comes now an all-in-one solution from matt (Big Thanks!) for providing
+a reseed server which merges the following functions into one binary:
+
+<ul>
+<li>Create su3-files
+<li>Create su3 signer certificate+key
+<li>Create SSL-certificate+key
+<li>Replaces the http-server and the PHP code (or run next to them in parallel)
+</ul>
+
+<p>
+Almost all previous used scripts and described steps are not needed with this solution,
+but to understand the overall reseed process it is recommended to read them too :-)
+
+<ul>
+<li>If you already have an SSL-certificate and su3-signer-key you can reuse them, see one of the following chapter.
+<li>For testing and new reseeders the required certs and keys are created automatically at first start.
+<li>Also take a look at the content and the naming scheme of these pem and crt files.
+</ul>
+
+<p>
+Of course you need an up-to-date netDB folder with routerinfos from a running I2P router.
+I2P does not have to be running on the same machine as this reseed binary.
+In this case you can setup a cronjob to transfer the netDB from the I2P machine to the reseed machine.
+
+<p>
+Matt's go solution can be used in parallel next to an already running http-server.
+For this leave the http-server running at normal port 80 and 443,
+and configure Go solution too use another port, e.g. port 8443.
+
+<p>
+More: at github, README.md, https://github.com/martin61/i2p-tools
+
+
+<h3>2. Building From Source</h3>
+
+<p>
+Requirements:
+<ul>
+<li>go1.4.2 (older versions may not work)
+</ul>
+
+<p>
+Install go from https://golang.org/doc/install, example for 64 bit Ubuntu/Debian:
+<ul>
+<li>wget https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz
+<li>sudo tar -C /usr/local -xzf go1.4.2.linux-amd64.tar.gz
+<li>mkdir $HOME/go
+<li>edit /etc/profile and add:
+<pre>
+	export GOPATH=$HOME/go
+	export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
+</pre>
+</ul>
+
+<p>
+Verify go:
+<pre>
+$ go version
+</pre>
+which should state something like: "go version go1.4.2"
+
+<p>
+Install Go solution from https://github.com/martin61/i2p-tools into $HOME/go:
+<pre>
+$ go get github.com/martin61/i2p-tools
+</pre>
+
+<p>
+This will install a binary to $GOPATH/bin/i2p-tools
+
+<p>
+Run the go solution, the usage/help should be displayed, nothing more:
+<pre>
+$ i2p-tools
+</pre>
+
+<h3>3. Run the Reseed Server</h3>
+
+<pre>
+$ i2p-tools reseed --tlsHost=myserver.com --signer=myemail@mail.i2p --netdb=$HOME/.i2p/netDb
+</pre>
+
+<ul>
+<li>Replace myserver.com with your real domain
+<li>Replace myemail@mail.i2p with a valid existing email, which you want to use for reseeding purpose
+<li>New TLS certificate+key will be created (if they do not exist)
+<li>New signing certificate+key will be created (if they do not exist)
+<li>netdb=... should point to the netdb folder of your running I2P with the routerinfos
+<li>To use another port append "--port=443" to the command, default is port 8443
+</ul>
+
+<p>
+Output:
+<pre>
+2015/03/15 12:28:25 Rebuilding su3 cache...
+2015/03/15 12:28:25 Building 200 su3 files each containing 75 out of 3180 routerInfos.
+2015/03/15 12:28:35 Done rebuilding.
+2015/03/15 12:28:35 HTTPS server started on 0.0.0.0:8443
+</pre>
+
+<p>
+So you can now test to reach the server at port 8443, see a previous chapter about proper testing.
+
+<p>
+Some remarks:
+<ul>
+<li>Don't run the server daemon as root
+<li>Every port between 1024 and 49151 is fine for I2P.
+<li>If you want to use the privileged (https-default) port 443, create a port redirect, e.g.
+    <pre>'iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443'</pre>
+<li>Redirect the output from the go solution to a logfile, format is default apache-style combined logs
+<li>Add a logrotate for the logfiles, since they grow big :-(
+<li>Logfiles can be used by fail2ban
+<li>Both of the certificates (*.crt) will need to be sent to the reseed maintainer
+in order for your reseed server to be included in the standard I2P package.
+<li>Add a proper startup script, to run the reseed server, see next chapter
+</ul>
+
+
+<h3>4. Draft for Startup Script "seedserver"</h3>
+
+<p>
+The reseed server should be started automatically, so you need a init.d or some sort of
+startscript, here named as "seedserver".
+This is only a very first draft for a simple startscript (it could be done better :-))
+<p>
+Login as I2P user:
+<ul>
+<li>Place the shell-script "seedserver" in the /home/i2p/bin folder (next to i2p-tools)
+<li>Make it executable: chmod u+x /home/i2p/bin/seedserver
+</ul>
+Update the header "# Your settings" with your individual settings.
+
+<p>
+Now you can use the shell-script:
+<pre>
+seedserver start
+</pre>
+<p>
+And then (give it some seconds) take a look at the status:
+<pre>
+seedserver status
+seedserver showlog
+</pre>
+
+<p>
+Some short explanation about seedserver:
+<ul>
+<li>runs i2p-tools in the background
+<li>creates logfiles
+<li>take care of all settings
+</ul>
+
+<p>
+If this is working fine, you can put the script in your personal crontab, to run it by auto-start
+and to do logrotes simply by restarting it regularly once a week to avoid too big logfiles.
+If you already reboot your server regularly, you can skip of course the "restart" command line.
+
+<p>
+Login as I2P user, edit your crontab:
+<pre>
+crontab -e
+</pre>
+<p>
+and add these 3 lines at the end:
+<pre>
+@reboot /home/i2p/bin/seedserver startdelayed
+04 14 * * 2 /home/i2p/bin/seedserver restart
+#end
+</pre>
+
+<p>
+Save and close the editor. It would be good to check if this is properly working when you reboot your machine.
+
+<p>
+"seedserver" shell script:
+
+<pre>
+######################################################################################################
+#!/bin/sh
+
+# Your settings
+toolpath=/home/i2p/bin
+tlsHost=myserver.com
+signer=myemail@mail.i2p
+netdb="/home/i2p/.i2p/netDb"
+
+
+tool=i2p-tools
+logpath="$toolpath/${tool}.log"
+logfile="$logpath/reseed.log"
+errfile="$logpath/reseed.error"
+
+cd "$toolpath"
+mkdir --parents "$logpath"
+
+
+do_status() {
+/bin/sleep 1
+if [ -n "$(pgrep -x "$tool")" ]; then
+echo "$tool running, pid $(pgrep "$tool")"
+else
+echo "$tool not running."
+fi;
+}
+
+do_start() {
+if [ -z "$(pgrep -x "$tool")" ]; then
+do_logrotate
+nohup "$toolpath/$tool" reseed -tlsHost="$tlsHost" --signer="$signer" --netdb="$netdb" &gt; "$logfile" 2&gt; "$errfile" &
+fi;
+do_status
+}
+
+do_stop() {
+if [ -n "$(pgrep -x "$tool")" ]; then
+pkill "$tool"
+fi;
+do_status
+}
+
+do_startdelayed() {
+echo "waiting 20s..."
+/bin/sleep 20
+do_start
+}
+
+do_restart() {
+do_status
+do_stop
+do_start
+}
+
+do_logrotate() {
+do_status
+if [ -z "$(pgrep -x "$tool")" ]; then
+mv --force "${logfile}.6" "${logfile}.7" 2&gt;/dev/null
+mv --force "${logfile}.5" "${logfile}.6" 2&gt;/dev/null
+mv --force "${logfile}.4" "${logfile}.5" 2&gt;/dev/null
+mv --force "${logfile}.3" "${logfile}.4" 2&gt;/dev/null
+mv --force "${logfile}.2" "${logfile}.3" 2&gt;/dev/null
+mv --force "${logfile}.1" "${logfile}.2" 2&gt;/dev/null
+mv --force "${logfile}" "${logfile}.1" 2&gt;/dev/null
+mv --force "${errfile}.6" "${errfile}.7" 2&gt;/dev/null
+mv --force "${errfile}.5" "${errfile}.6" 2&gt;/dev/null
+mv --force "${errfile}.4" "${errfile}.5" 2&gt;/dev/null
+mv --force "${errfile}.3" "${errfile}.4" 2&gt;/dev/null
+mv --force "${errfile}.2" "${errfile}.3" 2&gt;/dev/null
+mv --force "${errfile}.1" "${errfile}.2" 2&gt;/dev/null
+mv --force "${errfile}" "${errfile}.1" 2&gt;/dev/null
+echo "log-rotate done."
+else
+echo "log-rotate not possible."
+fi;
+}
+
+do_showlog() {
+echo "-------------------------------------------------------------------------------"
+tail "$errfile"
+echo "-------------------------------------------------------------------------------"
+tail "$logfile"
+echo "-------------------------------------------------------------------------------"
+}
+
+
+do_usage() {
+echo "Usage: {start|stop|status|restart|logrotate|startdelayed|showlog}"
+}
+
+case "$1" in
+start)
+do_start
+;;
+stop)
+do_stop
+;;
+status)
+do_status
+;;
+restart)
+do_restart
+;;
+startdelayed)
+do_startdelayed
+;;
+logrotate)
+do_logrotate
+;;
+showlog)
+do_showlog
+;;
+*)
+do_usage
+;;
+esac
+
+exit 0
+######################################################################################################
+</pre>
+
+
+<h3>5. Reverse-Proxy Setup</h3>
+
+<p>
+You can run i2p-tools also behind your normal web-server (reverse-proxy).
+
+<p>
+The web-server handles the TLS handshake, encryption, SSL Certificate and the logfiles.
+But you don't need the scripts su3.php and the shell cronjob for creating su3-files.
+i2p-tools is running "behind" the web-server, without TLS management, only bind to
+local interface 127.0.0.1 and is handling complete building and handling of su3-files.
+
+
+<p>
+Run i2p-tools with this command:
+
+<pre>
+i2p-tools reseed --signer test@test.de \
+                 --key /path_to/test_at_test.de.pem \
+                 --netdb /path_to/netDb \
+                 --port=8443 \
+                 --ip 127.0.0.1 \
+                 --trustProxy
+</pre>
+
+
+Important notes for this special setup:
+<ul>
+<li>do *not* specify  --tlsHost, --tlsCert or --tlsKey on the command-line
+<li>"ip 127.0.0.1" binds the program only to local interface
+<li>"trustProxy" uses the "X-Forwarded-For" to get the real client IP
+</ul>
+
+"trustProxy" uses the "X-Forwarded-For" to get the real client IP
+<p>
+	nginx configuration example:
+</p>
+<pre>
+		location / {
+			proxy_pass http://127.0.0.1:8443;
+                        proxy_set_header X-Real-IP  $remote_addr;
+                        proxy_set_header X-Forwarded-For $remote_addr;
+		}
+</pre>
+<p>
+	Apache (untested - feedback would be appreciated)
+</p>
+<pre>
+		ProxyRequests Off
+		&lt;Proxy *&gt;
+			Order deny,allow
+			Allow from all
+		&lt;/Proxy&gt;
+		ProxyPass / http://127.0.0.1:8443/
+		ProxyPassReverse / http://127.0.0.1:8443/
+</pre>
+<p>
+
+<p>
+and for X-Forwarded-For:
+<pre>
+     proxy_set_header        X-Real-IP       $remote_addr;
+     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+</pre>
+
+<p>
+Additionally, ensure that your webserver uses these suggested settings for Strong SSL Security (visit <a href="https://cipherli.st/" target="_blank">CipherLi.st</a> for the latest settings). A sample configuration is provided below.
+</p>
+<p>
+Apache
+</p>
+<pre>
+SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
+SSLProtocol All -SSLv2 -SSLv3
+SSLHonorCipherOrder On
+Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
+Header always set X-Frame-Options DENY
+Header always set X-Content-Type-Options nosniff
+# Requires Apache >= 2.4
+SSLCompression off 
+SSLUseStapling on 
+SSLStaplingCache "shmcb:logs/stapling-cache(150000)" 
+# Requires Apache >= 2.4.11
+SSLSessionTickets Off
+</pre>
+<p>
+nginx (remember to replace '$DNS-IP-1' & '$DNS-IP-2' with 2 trusted DNS servers)
+</p>
+<pre>
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off; # Requires nginx >= 1.5.9
+ssl_stapling on; # Requires nginx >= 1.3.7
+ssl_stapling_verify on; # Requires nginx => 1.3.7
+resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
+resolver_timeout 5s;
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+</pre>
+<p>
+Complete nginx configuration (sample)
+<p>
+<pre>
+user nobody;
+worker_processes 1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+
+    server {
+        listen $IP_ADDRESS:443 ssl;
+        server_name $DOMAIN;
+
+        ssl_certificate keys/fullchain.pem;
+        ssl_certificate_key keys/privkey.pem;
+
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+        ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
+        ssl_session_cache shared:SSL:10m;
+        ssl_session_tickets off; # Requires nginx >= 1.5.9
+        ssl_stapling on; # Requires nginx >= 1.3.7
+        ssl_stapling_verify on; # Requires nginx => 1.3.7
+        resolver $DNS_IP_1 $DNS_IP_2 valid=300s;
+        resolver_timeout 5s;
+        ssl_prefer_server_ciphers on;
+        ssl_dhparam keys/dh.pem;
+        server_tokens off;
+
+        charset utf8;
+
+        location /i2pseeds.su3 {
+                proxy_pass http://127.0.0.1:8443;
+                proxy_set_header X-Real-IP  $remote_addr;
+                proxy_set_header X-Forwarded-For $remote_addr;
+	  }
+	}
+}
+</pre>
+
+
+<h3>6. Convert Existing Java Keystore to crt- and pem-file</h3>
+
+<p>
+This describes how to convert your existing Java keystore with your su3 signing key to a plain crt- and pem-file.
+This is only needed, when you already have a Java keystore and want to use Go solution.
+If you create new keys+certs with matt's solution you can skip this chapter!
+
+<p>
+Requirements:
+<ul>
+<li>Java keytool
+<li>openssl
+<li>and of course your secret password for the keystore
+</ul>
+
+<p>
+Keep in mind: the Java keystore has two passwords:
+<ul>
+<li>The secret key password you have entered while creating your keystore the first time (SU3File keygen ...)
+<li>And a "storage" password, which is most probably default "changeit".
+</ul>
+
+<p>
+This works in a Ubuntu/Debian shell:
+
+<pre>
+######################################################################################################
+file="keystore.ks"
+pass_jks=changeit
+
+# List the keystore content, show the included (email) alias
+keytool -list -storepass $pass_jks -keystore $file
+
+# Convert jks --&gt; pkcs12, specify the correct email alias (xxxxx@mail.i2p):
+keytool -importkeystore \
+        -srcalias xxxxx@mail.i2p \
+        -srckeystore $file \
+        -srcstoretype jks \
+        -srcstorepass $pass_jks \
+        -destkeystore ${file}.p12 \
+        -deststoretype pkcs12 \
+        -deststorepass $pass_jks \
+        -destkeypass $pass_jks
+
+# Show the pkcs12 content:
+openssl pkcs12 -passin pass:$pass_jks -in ${file}.p12 -nodes -info
+
+# Convert pkcs12 --&gt; pem
+openssl pkcs12 -passin pass:$pass_jks -in ${file}.p12 -nodes -out ${file}.pem
+
+# Decrypt the pem
+openssl rsa  -in ${file}.pem -out xxxxx_at_mail.i2p.pem
+
+# Extract the certificate
+openssl x509 -in ${file}.pem -out xxxxx_at_mail.i2p.crt
+######################################################################################################
+</pre>
+
+
+<h3>5. Seamless SSL-Certificate Exchange</h3>
+
+<p>
+The update/exchange of an already existing self-signed certificates has to be correct timed
+on server *and* client side. Considering thousands of clients (many with older I2P version) the exchange
+will not be seamless possible and will have very bad impact on many clients: reseed won't work for them.
+
+<p>
+To avoid this issue and make the exchange as smooth as possible follow these simple steps:
+
+<ol>
+<li>Generate a new SSL-certificate NOW, but do NOT implement it on server
+<li>Send the new SSL-certificate to us to perform a roll-out towards clients NOW
+<li>WAIT some month, e.g. 3-4 i2p-releases
+<li>New SSL-certificate is now hopefully present on many clients (in parallel to the current/old one)
+<li>THEN exchange the SSL-certificate on server
+</ol>
+
+<p>
+This idea based on the fact, that you can provide in i2p/certificates/ssl more than one crt-file for a server, e.g.
+server.com.crt and server.com2.crt
+
+
+<h3>6. Reseed Server Domain/URL/Port Exchange</h3>
+
+
+<p>
+You are already operating a reseed server but want to change your Domain/URL/Port?
+To make the exchange as smooth as possible for many clients please follow these steps if possible:
+
+<ol>
+<li>Setup an additional reseed instance at the new Domain/URL/Port
+<li>We include the new URL into I2P source NOW and delete the old URL NOW
+<li>Both of your reseed instances have to run some time in parallel
+<li>WAIT some month, e.g. 3-4 i2p-releases
+<li>New URL is now hopefully present on many clients
+<li>THEN shutdown the old reseed instance
+</ol>
+
+
+<h3>7. Tests</h3>
+
+<p>
+Some simple pre-test: test the website and fetch
+<pre>
+	wget --user-agent="Wget/1.11.4" \
+             -O /tmp/test.su3 \
+             --no-check-certificate https://your-server.com:PORT/i2pseeds.su3
+</pre>
+Replace "PORT" with default 443 or your chosen server setting.
+Inspect the fetched file.:
+Some simple pre-test: test the website and fetch
+<pre>
+	zipinfo -z /tmp/test.su3
+</pre>
+
+<p>
+Replace "--no-check-certificate" with "--ca-certificate=~/i2p/certificates/ssl/your-server.com.crt"
+which contains the path to your local public SSL-certificate to check also your ssl-certificate chain.
+
+<p>
+Confirm the following:
+<ul>
+<li>SSL-certificate chain valid?
+<li>The su3-files can be downloaded?
+<li>Contains &gt; 50 dat-files?
+<li>And is always the same for one client-IP?
+<li>Other client-IP's gets another file?
+<li>Clients has no direct access to complete folder e.g. https://your-server.com/su3/ ?
+</ul>
+
+<p>
+Do a real reseed test on *another* I2P router machine:
+<ul>
+<li>Include manually new SSL-certificate into i2p installation:	~/i2p/certificates/ssl/
+<li>Include manually new public reseed key into i2p installation:	~/i2p/certificates/reseed/
+<li>http://localhost:7657/configreseed --&gt; remove all reseed hosts
+<li>Add the new reseed host e.g. "https://your-server.com/" *without* trailing "i2pseeds.su3"
+<li>Save and Shutdown router.
+<li>Clear netdb: empty folder ./i2p/netDb.
+<li>Restart I2P and watch the I2P router log:
+<pre>
+2014/10/13 23:01:02 | Reseed start
+2014/10/13 23:01:02 | Reseeding from https://your-server/i2pseeds.su3
+2014/10/13 23:01:05 | INFO: xx files extracted to /tmp/i2p-V2qudTbd.tmp/reseeds-1010682701
+2014/10/13 23:01:05 | Reseed got xx router infos from https://your-server.com/i2pseeds.su3 with 0 errors
+2014/10/13 23:01:06 | Reseed complete, xx received
+</pre>
+</ul>
+
+<h3>8. Contact Reseed Maintainer</h3>
+
+<p>
+Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
+Provide us with details about your new reseed server:
+<ul>
+<li>Reseed website URL
+<li>Public SSL certificate
+    (Only required if selfsigned, which is not recommended. Please use Lets Encrypt or other CA)
+<li>Public reseed su3 certificate
+<li>Your contact email
+<li>A statement that you agree to the privacy policy above
+</ul>
+<p>
+Feel free to contact zzz at mail.i2p in case of questions or problems or post your question at zzz's forum in the reseed section.
+
+{% endblock %}

i2p2www/pages/site/get-involved/guides/reseed-plugin.html

@@ -0,0 +1,20 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('How to Set up a Reseed Server using an I2P Console Plugin') }}{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block content %}
+
+<h2>{% trans %}General Information{% endtrans %}</h2>
+
+<p>{% trans %}
+These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
+There are no other known I2P Console Plugin packages for installing and configuring a reseed server.
+{% endtrans %}</p>
+
+<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
+<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
+
+<h2>{% trans %}Installation from an I2P console plugin{% endtrans %}</h2>
+
+<!--TODO: port over plugin install docs-->
+
+{% endblock %}

i2p2www/pages/site/get-involved/guides/reseed-policy.html

@@ -0,0 +1,72 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('I2P Reseed Server Policy Requirements and Guidelines') }}{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block content %}
+
+<h2>{% trans %}Reseed Policy Information{% endtrans %}</h2>
+
+<h3>Requirements</h3>
+
+<p>
+Requirements for running a public reseed server:
+</p>
+<ul>
+<li>Well integrated running I2P router @ 24/7</li>
+<li>Server with static IPv4 (2 cpu/ 2GB ram is fine)</li>
+<li>Unix to run the golang solution</li>
+<li>Own domain, sub-domain or an anonymous third-level domain</li>
+<li>A self-signed SSL certificate, or an SSL certificate from <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a></li>
+<li>Enough bandwidth and traffic volume - Around 15 GB/month as of December 2016</li>
+<li>Up-to-date web server (Apache/nginx), HTTPS ONLY with TLS 1.2 and good ciphers</li>
+</ul>
+Optional:
+<ul>
+<li>fail2ban to protect you from botnets</li>
+<li>GnuPG/PGP for signed/encrypted emails</li>
+<li>IPv6</li>
+</ul>
+
+<p>{% trans -%}
+When your setup is complete and ready for testing, we will need the HTTPS URL,
+the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
+After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
+and you will start seeing traffic.
+We also will need your email address so we may continue to contact you about reseed administration issues.
+The email will not be made public but will be known to the other reseed operators.
+You should expect that your nick or name and its association with that URL or IP will become public.
+{%- endtrans %}</p>
+
+<h3>{% trans %}Information Required{% endtrans %}</h3>
+
+<p>{% trans -%}
+When your setup is complete and ready for testing, we will need the HTTPS URL,
+the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
+After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
+and you will start seeing traffic.
+We also will need your email address so we may continue to contact you about reseed administration issues.
+The email will not be made public but will be known to the other reseed operators.
+You should expect that your nick or name and its association with that URL or IP will become public.
+{%- endtrans %}</p>
+
+<h3>{% trans %}Privacy Policy{% endtrans %}</h3>
+
+<p>{% trans -%}
+A reseed operator is a trusted role in the network.
+While we do not yet have a formal privacy policy, you must ensure the privacy of our users
+by not publicizing logs or IPs found in those logs, except as necessary to discuss administration issues with the I2P reseed team.
+{%- endtrans %}</p>
+
+<h3>{% trans %}Financial Support{% endtrans %}</h3>
+
+<p>{% trans -%}
+Modest financial support may be available to those running reseed servers.
+This support would be in partial reimbursement for your server costs.
+Support will not be paid in advance and will probably not cover all your expenses.
+Support is only available to those who have been running reseed servers in good standing for several months, and is based on actual need.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+If you would like to discuss support, please contact echelon and CC: zzz
+{%- endtrans %}</p>
+
+{% endblock %}

i2p2www/pages/site/get-involved/guides/reseed-proxy.html

@@ -0,0 +1,25 @@
+{% extends "global/layout.html" %}
+{% block title %}{{ _('How to Set up a Reseed Server using a Reverse Proxy') }}{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block content %}
+
+<h2>{% trans %}General Information{% endtrans %}</h2>
+
+<p>{% trans %}
+These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
+They should be very similar to the guidelines for DivaExchange's <a href="https://codeberg.org/diva.exchange/i2p-reseed">i2p-reseed</a> server.
+{% endtrans %}</p>
+<p>{% trans %}
+These guidelines will help you to configure your reseed server behind a reverse proxy like Apache2 or nginx.
+These will allow you to configure additional behaviors like filtering, adding and removing headers, or temporary logging to debug issues.
+The specifics of customizing your reverse proxy are outside the scope of this document.
+{% endtrans %}</p>
+
+<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
+<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
+
+<h2>{% trans %}Reseed Installation using a Reverse Proxy{% endtrans %}</h2>
+
+<!--TODO: port over reverse proxy install docs-->
+
+{% endblock %}

i2p2www/pages/site/get-involved/roadmap.html

@@ -1,6 +1,6 @@
 {% extends "global/layout.html" %} 
 {% block title %} {{ _('Roadmap') }}{% endblock %}
-{% block lastupdated %}2021-03{% endblock %} {% block content %}
+{% block lastupdated %}2022-11{% endblock %} {% block content %}
 
 <p>
     This is the official project roadmap for the desktop and Android Java I2P releases only. Some related tasks for resources such as the website and plugins may be included.
@@ -152,39 +152,172 @@
 
 
 <h2 id="1.8.0">1.8.0 (API 0.9.54)</h2>
-<p><b>Target release: May 2022</b></p>
+<p><b>Released: May 23, 2022</b></p>
 <ul>
+    <li>
+        Router family fixes and improvements
+    </li>
+    <li>
+        Soft restart fixes
+    </li>
+    <li>
+        SSU fixes and performance improvements
+    </li>
+    <li>
+        I2PSnark standalond fixes and improvements
+    </li>
+    <li>
+        Avoid Sybil penalty for trusted families
+    </li>
+    <li>
+        Reduce tunnel build reply timeout
+    </li>
+    <li>
+        UPnP fixes
+    </li>
+    <li>
+        Remove BOB source
+    </li>
+    <li>
+        Certificate import fixes
+    </li>
+    <li>
+        Tomcat 9.0.62
+    </li>
     <li>
         Refactoring to support SSU2 (proposal 159)
     </li>
     <li>
-        Continue implementation of SSU2 (proposal 159)
-    </li>
-    <li>
-        i2psnark UDP tracker support (proposal 160)
-    </li>
-    <li>
-        Improved outproxy support?
-    </li>
-    <li>
-        UDP Hidden Service/Client support in Hidden Services Manager
+        Initial implementation of SSU2 base protocol (proposal 159)
     </li>
     <li>
         SAM authorization popup for Android apps
     </li>
+    <li>
+        Improve support for custom directory installs in i2p.firefox
+    </li>
+</ul>
+
+
+
+
+<h2 id="1.9.0">1.9.0 (API 0.9.55)</h2>
+<p><b>Released: August 22, 2022</b></p>
+<ul>
+    <li>
+        SSU2 peer test and relay implementation
+    </li>
+    <li>
+        SSU2 fixes
+    </li>
+    <li>
+        SSU MTU/PMTU improvements
+    </li>
+    <li>
+        Enable SSU2 for a small portion of routers
+    </li>
+    <li>
+        Add deadlock detector
+    </li>
+    <li>
+        More certificate import fixes
+    </li>
+    <li>
+        Fix i2psnark DHT restart after router restart
+    </li>
+</ul>
+
+
+
+
+
+<h2 id="2.0.0">2.0.0 (API 0.9.56)</h2>
+<p><b>Released: November 21, 2022</b></p>
+<ul>
+    <li>
+        SSU2 connection migration
+    </li>
+    <li>
+        SSU2 immediate acks
+    </li>
+    <li>
+        Enable SSU2 by default
+    </li>
+    <li>
+        SHA-256 digest proxy authentication in i2ptunnel
+    </li>
+    <li>
+        Update Android build process to use modern AGP, end need of deprecated Maven plugin in Android build
+    </li>
+    <li>
+        Cross-Platform(Desktop) I2P browser auto-configuration support
+    </li>
+</ul>
+
+
+
+
+<h2 id="2.1.0">2.1.0 (API 0.9.57)</h2>
+<p><b>Released: January 10, 2023</b></p>
+<ul>
+    <li>
+        SSU2 fixes
+    </li>
+    <li>
+        Tunnel build congestion fixes
+    </li>
+    <li>
+        SSU peer test and symmetric NAT detction fixes
+    </li>
+    <li>
+        Fix broken LS2 encrypted leasesets
+    </li>
+    <li>
+        Option to disable SSU 1 (preliminary)
+    </li>
+    <li>
+        Compressible padding (proposal 161)
+    </li>
+    <li>
+        New console peers status tab
+    </li>
+    <li>
+        Add torsocks support to SOCKS proxy and other SOCKS improvements and fixes
+    </li>
+</ul>
+
+
+
+<h2 id="2.2.0">2.2.0 (API 0.9.58)</h2>
+<p><b>Target release: April 2023</b></p>
+<ul>
+    <li>
+        Tunnel peer selection improvements
+    </li>
+    <li>
+        i2psnark UDP tracker support (proposal 160) ?
+    </li>
     <li>
         Custom reseed service entry for Android
     </li>
     <li>
-        Improve support for custom directory installs in i2p.firefox
+        UDP Hidden Service/Client support in Hidden Services Manager
     </li>
     <li>
         Automatic reseed servers from .onion URLs
     </li>
     <li>
-        Yggdrasil support in Go reseed server equivalent to Python version
+        VPN-Mode Support in Android for browser configuration
+    </li>
+    <li>
+        Fix WebSockets in HTTP Server Tunnels
     </li>
 </ul>
 
+
+
+
+
+
 <h4><a href="roadmap-archive">{% trans %}Looking for older releases? Check the roadmap archive by following this link.{% endtrans %}</a></h4>
 {% endblock %}

i2p2www/sitemap.py

@@ -48,6 +48,10 @@ def render_sitemap():
     # Main site urls
     # --------------
     # walk over all directories/files
+    def xappend(path):
+        urls.append({
+            'path': path
+            })
     for v in os.walk(SITE_DIR):
         # iterate over all files
         pathbase = os.path.relpath(v[0], SITE_DIR)
@@ -62,68 +66,36 @@ def render_sitemap():
                 path = path[1:]
             if not path.startswith('/'):
                 path = '/%s' % path
-            urls.append({
-                'path': path,
-                })
+            xappend(path)
 
     # -----------
     # Papers urls
     # -----------
-    urls.append({
-        'path': '/papers/',
-        })
-    urls.append({
-        'path': '/papers/bibtex',
-        })
+    xappend('/papers/')
+    xappend('/papers/bibtex')
 
     # ---------
     # Blog urls
     # ---------
-    urls.append({
-        'path': '/blog/',
-        })
+    xappend('/blog/')
     blog_slugs = get_blog_slugs()
     for slug in blog_slugs:
-        urls.append({
-            'path': '/blog/post/%s' % slug,
-            })
+        xappend('/blog/post/%s' % slug)
 
     # -------------
     # Meetings urls
     # -------------
-    urls.append({
-        'path': '/meetings/',
-        })
+    xappend('/meetings/')
     meetings = get_meetings_ids()
     for id in meetings:
-        urls.append({
-            'path': '/meetings/%d' % id,
-            })
+        xappend('/meetings/%d' % id)
 
     # --------------
     # Downloads urls
     # --------------
-    urls.append({
-        'path': '/download',
-        })
-    urls.append({
-        'path': '/download/debian',
-        })
-    urls.append({
-        'path': '/download/firefox',
-        })
-    urls.append({
-        'path': '/download/lab',
-        })
-    urls.append({
-        'path': '/download/mac',
-        })
-    urls.append({
-        'path': '/download/easyinstall',
-        })
-    urls.append({
-        'path': '/download/windows',
-        })
+    xappend('/download')
+    for i in ['debian', 'firefox', 'lab', 'mac', 'easyinstall', 'windows', 'macos']:
+        xappend('/download/%s' % i)
     # Render and return the sitemap
     response = make_response(render_template('global/sitemap.xml', url_root=url_root, langs=LANG_FRAGS,
                                              curlang=to_url(g.lang), urls=urls))

i2p2www/spec/common-structures.rst

@@ -3,8 +3,8 @@ Common structures Specification
 ===============================
 .. meta::
     :category: Design
-    :lastupdated: 2021-04
-    :accuratefor: 0.9.49
+    :lastupdated: 2023-01
+    :accuratefor: 0.9.57
 
 .. contents::
 
@@ -635,6 +635,50 @@ A PublicKey_ followed by a SigningPublicKey_ and then a Certificate_.
   total length: 387+ bytes
 {% endhighlight %}
 
+
+Padding Generation Guidelines
+`````````````````````````````````
+These guidelines were proposed in Proposal 161 and implemented in API version 0.9.57.
+These guidelines are backward-compatible with all versions since 0.6 (2005).
+See Proposal 161 for background and further information.
+
+For any currently-used combination of key types other than ElGamal + DSA-SHA1,
+padding will be present. Additionally, for destinations, the 256-byte
+public key field has been unused since version 0.6 (2005).
+
+Implementers should generate the random data for
+Destination public keys, and Destination and Router Identity padding,
+so that it is compressible in various I2P protocols while
+still being secure, and without having Base 64 representations appear to be corrupt or insecure.
+This provides most of the benefits of removing the padding fields without any
+disruptive protocol changes.
+
+Strictly speaking, the 32-byte signing public key alone (in both Destinations and Router Identities)
+and the 32-byte encryption public key (in Router Identities only) is a random number
+that provides all the entropy necessary for the SHA-256 hashes of these structures
+to be cryptographically strong and randomly distributed in the network database DHT.
+
+However, out of an abundance of caution, we recommend a minimum of 32 bytes of random data
+be used in the ElG public key field and padding. Additionally, if the fields were all zeros,
+Base 64 destinations would contain long runs of AAAA characters, which may cause alarm
+or confusion to users.
+
+Repeat the 32 bytes of random data as necessary so the full KeysAndCert structure is highly compressible
+in I2P protocols such as I2NP Database Store Message, Streaming SYN, SSU2 handshake, and repliable Datagrams.
+
+Examples:
+
+* A Router Identity with X25519 encryption type and Ed25519 signature type
+  will contain 10 copies (320 bytes) of the random data, for a savings of approximately 288 bytes when compressed.
+
+* A Destination with Ed25519 signature type
+  will contain 11 copies (352 bytes) of the random data, for a savings of approximately 320 bytes when compressed.
+
+Implementations must, of course, store the full 387+ byte structure because the SHA-256 hash of the structure
+covers the full contents.
+
+
+
 Notes
 `````
 * Do not assume that these are always 387 bytes! They are 387 bytes plus the
@@ -662,6 +706,9 @@ Contents
 ````````
 Identical to KeysAndCert.
 
+See KeysAndCert_ for guidelines on generating the random data for
+the padding field.
+
 Notes
 `````
 * The certificate for a RouterIdentity was always NULL until release 0.9.12.
@@ -694,12 +741,16 @@ for secure delivery.
 
 Contents
 ````````
-Identical to KeysAndCert_.
+Identical to KeysAndCert_, except that the public key is never used,
+and may contain random data instead of a valid ElGamal Public Key.
+
+See KeysAndCert_ for guidelines on generating the random data for
+the public key and padding fields.
 
 Notes
 `````
 * The public key of the destination was used for the old i2cp-to-i2cp
-  encryption which was disabled in version 0.6, it is currently unused except
+  encryption which was disabled in version 0.6 (2005), it is currently unused except
   for the IV for LeaseSet encryption, which is deprecated. The public key in
   the LeaseSet is used instead.
 

i2p2www/spec/configuration.rst

@@ -3,8 +3,8 @@ Configuration File Specification
 ================================
 .. meta::
     :category: Formats
-    :lastupdated: March 2020
-    :accuratefor: 0.9.45
+    :lastupdated: 2023-01
+    :accuratefor: 0.9.57
 
 .. contents::
 
@@ -170,6 +170,8 @@ Properties are as follows::
     logger.flushInterval=nnn
     # d = date, c = class, t = thread name, p = priority, m = message
     logger.format={dctpm}*
+    # As of 0.9.56. Default false
+    logger.gzip=true|false
     # Max to buffer before flushing. Default 1024
     logger.logBufferSize=n
     # Default logs/log-@.txt; @ replaced with number
@@ -179,6 +181,8 @@ Properties are as follows::
     logger.logFileSize=nnn[K|M|G]
     # Highest file number. Default 2
     logger.logRotationLimit=n
+    # As of 0.9.56. Default 65536 (bytes)
+    logger.minGzipSize=nnnnn
     # Default CRIT
     logger.minimumOnScreenLevel=CRIT|ERROR|WARN|INFO|DEBUG
     logger.record.{class}=CRIT|ERROR|WARN|INFO|DEBUG
@@ -244,6 +248,11 @@ individual configuration files for each tunnel in the i2ptunnel.config.d directo
 After being split, the properties in the individual files are NOT prefixed
 with "tunnel.N.".
 
+Note: "tunnel.N.option.i2cp.*" options, while appearing to be I2CP options,
+are implemented in i2ptunnel, and are NOT supported via other interfaces
+or APIs such as I2CP or SAM.
+
+
 Properties are as follows::
 
     # Display description for UI
@@ -268,13 +277,22 @@ Properties are as follows::
     # unique IP per-remote-destination.
     tunnel.N.option.enableUniqueLocal=true|false
 
+    # Clients only. Do not open the socket manager and build tunnels
+    # until the first socket is opened on the local port.
+    # Default false
+    tunnel.N.option.i2cp.delayOpen=true|false
+
     # Servers only. Persistent private leaseset key
     tunnel.N.option.i2cp.leaseSetPrivateKey=base64
 
     # Servers only. Persistent private leaseset key
     tunnel.N.option.i2cp.leaseSetSigningPrivateKey=sigtype:base64
 
-    # Clients only. Create a new destination when reopening the socket manager
+    # Clients only. Create a new destination when reopening the socket manager,
+    # after it was previously closed due to an idle timeout.
+    # Default false
+    # When true, requires I2CP option i2cp.closeOnIdle=true
+    # When true, tunnel.N.option.persistentClientKey must be unset or false
     tunnel.N.option.i2cp.newDestOnResume=true|false
 
     # Servers only. The maximum size of the thread pool, default 65. Ignored
@@ -292,6 +310,7 @@ Properties are as follows::
     tunnel.N.option.i2ptunnel.httpclient.jumpServers=http://example.i2p/jump
 
     # HTTP client only. Whether to pass Accept* headers through. Default false.
+    # Note: Does not affect "Accept" and "Accept-Encoding".
     tunnel.N.option.i2ptunnel.httpclient.sendAccept=true|false
 
     # HTTP client only. Whether to pass Referer headers through. Default false.
@@ -382,12 +401,13 @@ Properties are as follows::
     # HTTP Clients only. The username for the outproxy authorization.
     tunnel.N.option.outproxyUsername=
 
-    # HTTP Clients only. Whether to send authorization to an outproxy. Default
-    # false.
-    tunnel.N.option.outproxyAuth=true|false
+    # SOCKS client only. The type of the configured outproxies: socks or connect (HTTPS).
+    # Default socks. As of 0.9.57.
+    tunnel.N.option.outproxyType=socks|connect
 
     # Clients only. Whether to store a destination in a private key file and
     # reuse it. Default false.
+    # When true, tunnel.N.option.newDestOnResume must be unset or false
     tunnel.N.option.persistentClientKey=true|false
 
     # HTTP Server only. Time period for banning POSTs from a single destination
@@ -408,7 +428,11 @@ Properties are as follows::
 
     # HTTP Clients only. The MD5 of the password for local authorization for
     # user USER.
-    tunnel.N.option.proxy.auth.USER.md5=
+    tunnel.N.option.proxy.auth.USER.md5=(32 char lowercase hex)
+
+    # HTTP Clients only. The SHA-256 of the password for local authorization for
+    # user USER. (RFC 7616) Since 0.9.56
+    tunnel.N.option.proxy.auth.USER.sha256=(64 char lowercase hex)
 
     # HTTP Servers only. Whether to reject incoming connections apparently via
     # an inproxy. Default false.

i2p2www/spec/i2np.rst

@@ -3,8 +3,8 @@ I2NP Specification
 ==================
 .. meta::
     :category: Protocols
-    :lastupdated: 2022-06
-    :accuratefor: 0.9.54
+    :lastupdated: 2022-12
+    :accuratefor: 0.9.57
 
 .. contents::
 
@@ -45,6 +45,8 @@ below.
 ==============  ================================================================
  API Version    Required I2NP Features
 ==============  ================================================================
+   0.9.55       SSU2 transport support (if published in router info)
+
    0.9.51       Short tunnel build messages for ECIES-X25519 routers
 
    0.9.49       Garlic messages to ECIES-X25519 routers
@@ -67,7 +69,7 @@ below.
    0.9.38       DSM type bits 3-0 now contain the type;
                 LeaseSet2 may be sent in a DSM
 
-   0.9.36       NTCP2 transport support (if advertised in router address)
+   0.9.36       NTCP2 transport support (if published in router info)
 
                 Minimum peers will build tunnels through, as of 0.9.46
 
@@ -163,7 +165,7 @@ Standard (16 bytes):
   |type| short_expiration  |
   +----+----+----+----+----+
 
-  Short (NTCP2, 9 bytes):
+  Short (NTCP2 and SSU2, 9 bytes):
 
   +----+----+----+----+----+----+----+----+
   |type|      msg_id       | short_expira-
@@ -211,9 +213,9 @@ Notes
   and size are incorporated in the SSU data packet format.
   The checksum is not required since errors are caught in decryption.
 
-* When transmitted over [NTCP2]_, the 16-byte standard header is not used. Only a
+* When transmitted over [NTCP2]_ or [SSU2]_, the 16-byte standard header is not used. Only a
   1-byte type, 4-byte message id, and a 4-byte expiration in seconds are included.
-  The size is incorporated in the NTCP2 data packet format.
+  The size is incorporated in the NTCP2 and SSU2 data packet formats.
   The checksum is not required since errors are caught in decryption.
 
 * The standard header is also required for I2NP messages contained in other
@@ -1700,6 +1702,9 @@ References
 .. [SSU-ED]
     {{ site_url('docs/transport/ssu', True) }}#establishDirect
 
+.. [SSU2]
+    {{ spec_url('ssu2') }}
+
 .. [TMDI]
     {{ ctags_url('TunnelMessageDeliveryInstructions') }}
 

i2p2www/spec/ntcp2.rst

@@ -3,8 +3,8 @@ NTCP 2
 ======
 .. meta::
     :category: Transports
-    :lastupdated: 2022-01
-    :accuratefor: 0.9.53
+    :lastupdated: 2022-12
+    :accuratefor: 0.9.56
 
 .. contents::
 
@@ -1475,6 +1475,7 @@ Special case for time synchronization:
 
 {% endhighlight %}
 
+NOTE: Implementations must round to the nearest second to prevent clock bias in the network.
 
 Options
 ```````
@@ -1748,6 +1749,7 @@ If present, this must be the last block in the frame.
 
 Notes
 `````
+- Size = 0 is allowed.
 - Padding strategies TBD.
 - Minimum padding TBD.
 - Padding-only frames are allowed.

i2p2www/spec/proposals/160-udp-trackers.rst

@@ -5,9 +5,9 @@ UDP Trackers
     :author: zzz
     :created: 2022-01-03
     :thread: http://zzz.i2p/topics/1634
-    :lastupdated: 2022-01-17
+    :lastupdated: 2022-12-19
     :status: Open
-    :target: 0.9.54
+    :target: 0.9.58
 
 .. contents::
 
@@ -116,6 +116,22 @@ Client                        Tracker
 This mode omits a round-trip, but requires every announce request to be repliable.
 
 
+Security Analysis
+------------------
+
+The primary goal of an announce protocol is to impose a cost on address spoofing.
+In compatibility mode, the client must actually exist and bundle a real leaseset.
+It must have inbound tunnels to receive the Connect Response.
+These tunnels could be zero-hop and built instantly, but that would
+expose the creator.
+
+However, in fast mode, the destination and leaseset could be fake.
+Multiple fake destinations and leasesets can be rapidly generated without
+actually building tunnels. The Announce Request messages could then be sent out
+any tunnel.
+
+
+
 
 Specification
 =============
@@ -231,9 +247,9 @@ Offset  Size            Name            Value
   12          32-bit integer  leechers
   16          32-bit integer  seeders
   20          16-bit integer  count of hashes to follow
-  22 + 32 * n 32-byte hash    binary hashes
+  22   32 * n 32-byte hash    binary hashes
   ...
-  22 + 32 * c TBD             additional data TBD
+  22 + 32 * n TBD             additional data TBD
 
 {% endhighlight %}
 

i2p2www/spec/proposals/161-ri-dest-padding.rst

@@ -0,0 +1,318 @@
+========================================
+RI and Destination Padding
+========================================
+.. meta::
+    :author: zzz
+    :created: 2022-09-28
+    :thread: http://zzz.i2p/topics/3279
+    :lastupdated: 2023-01-02
+    :status: Open
+    :target: 0.9.57
+
+.. contents::
+
+
+Status
+========
+
+Implemented in 0.9.57.
+Leaving this proposal open so we may enhance and discuss the ideas in the "Future Planning" section.
+
+
+Overview
+========
+
+
+Summary
+-------
+
+The ElGamal public key in Destinations has been unused since release 0.6 (2005).
+While our specifications do say that it is unused, they do NOT say that implementations can avoid
+generating an ElGamal key pair and simply fill the field with random data.
+
+We propose changing the specifications to say that
+the field is ignored and that implementations MAY fill the field with random data.
+This change is backward-compatible. There is no known implementation that validates
+the ElGamal public key.
+
+Additionally, this proposal offers guidance to implementers on how to generate the
+random data for Destination AND Router Identity padding so that it is compressible while
+still being secure, and without having Base 64 representations appear to be corrupt or insecure.
+This provides most of the benefits of removing the padding fields without any
+disruptive protocol changes.
+Compressible Destinations reduces streaming SYN and repliable datagram size;
+compressible Router Identities reduce Database Store Messages, SSU2 Session Confirmed messages,
+and reseed su3 files.
+
+Finally, the proposal discusses possibilities for new Destination and Router Identity formats
+that would eliminate the padding altogether. There is also a brief discussion of post-quantum
+crypto and how that may affect future planning.
+
+
+
+Goals
+-----
+
+- Eliminate requirement to generate ElGamal keypair for Destinations
+- Recommend best practices so Destinations and Router Identities are highly compressible,
+  yet do not display obvious patterns in Base 64 representations.
+- Encourage adoption of best practices by all implementations so
+  the fields are not distinguishable
+- Reduce streaming SYN size
+- Reduce repliable datagram size
+- Reduce SSU2 RI block size
+- Reduce SSU2 Session Confirmed size and fragmentation frequency
+- Reduce Database Store Message (with RI) size
+- Reduce reseed file size
+- Maintain compatibility in all protocols and APIs
+- Update specifications
+- Discuss alternatives for new Destination and Router Identity formats
+
+By eliminating the requirement to generate ElGamal keys, implementations may
+be able to completely remove ElGamal code, subject to backward-compatibility considerations
+in other protocols.
+
+
+
+Design
+======
+
+Strictly speaking, the 32-byte signing public key alone (in both Destinations and Router Identities)
+and the 32-byte encryption public key (in Router Identities only) is a random number
+that provides all the entropy necessary for the SHA-256 hashes of these structures
+to be cryptographically strong and randomly distributed in the network database DHT.
+
+However, out of an abundance of caution, we recommend a minimum of 32 bytes of random data
+be used in the ElG public key field and padding. Additionally, if the fields were all zeros,
+Base 64 destinations would contain long runs of AAAA characters, which may cause alarm
+or confusion to users.
+
+For Ed25519 signature type and X25519 encryption type:
+Destinations will contain 11 copies (352 bytes) of the random data.
+Router Identities will contain 10 copies (320 bytes) of the random data.
+
+
+
+Estimated Savings
+---------------------
+
+Destinations are included in every streaming SYN [Streaming]_
+and repliable datagram [Datagram]_.
+Router Infos (containing Router Identities) are included in Database Store Messages [I2NP]_
+and in the Session Confirmed messages in [NTCP2]_ and [SSU2]_.
+
+NTCP2 does not compress the Router Info.
+RIs in Database Store Messages and SSU2 Session Confirmed messages are gzipped.
+Router Infos are zipped in reseed SU3 files.
+
+Destinations in Database Store Messages are not compressed.
+Streaming SYN messages are gzipped at the I2CP layer.
+
+For Ed25519 signature type and X25519 encryption type,
+estimated savings:
+
+===============  ===========   =============  ====================   ==================  ===========  =============
+Data Type        Total Size    Keys and Cert  Uncompressed Padding   Compressed Padding  Size         Savings
+===============  ===========   =============  ====================   ==================  ===========  =============
+Destination      391           39             352                    32                  71           320 bytes (82%)
+Router Identity  391           71             320                    32                  103          288 bytes (74%)
+Router Info      1000 typ.     71             320                    32                  722 typ.     288 bytes (29%)
+===============  ===========   =============  ====================   ==================  ===========  =============
+
+Notes: Assumes 7-byte certificate is not compressible, zero additional gzip overhead.
+Neither is true, but effects will be small.
+Ignores other compressible parts of the Router Info.
+
+
+
+Specification
+=============
+
+Proposed changes to our current specifications are documented below.
+
+
+Common Structures
+------------------
+Change the common structures specification [COMMON]_
+to specify that the 256-byte Destination public key field is ignored and may
+contain random data.
+
+Add a section to the common structures specification [COMMON]_
+recommending best practice for the Destination public key field and the
+padding fields in the Destination and Router Identity, as follows:
+
+Generate 32 bytes of random data using a strong cryptographic pseudo-random number generator (PRNG)
+and repeat those 32 bytes as necessary to fill the public key field (for Destinations)
+and the padding field (for Destinations and Router Identities).
+
+Private Key File
+--------------------
+The private key file (eepPriv.dat) format is not an official part of our specifications
+but it is documented in the Java I2P javadocs [PKF]_
+and other implementations do support it.
+This enables portability of private keys to different implementations.
+Add a note to that javadoc that the encryption public key may be random padding
+and the encryption private key may be all zeros or random data.
+
+SAM
+------
+Note in [SAM]_ that the encryption private key is unused and may be ignored.
+Any random data may be returned by the client.
+The SAM Bridge may send random data on creation (with DEST GENERATE or SESSION CREATE DESTINATION=TRANSIENT)
+rather than all zeros, so the Base 64 representation does not have a string of AAAA characters
+and look broken.
+
+
+I2CP
+------
+No changes required to [I2CP]_. The private key for the encryption public key in the Destination
+is not sent to the router.
+
+
+Future Planning
+==================
+
+
+Protocol Changes
+------------------
+
+At a cost of protocol changes and a lack of backward compatibility, we could
+change our protocols and specifications to eliminate the padding field in
+the Destination, Router Identity, or both.
+
+This proposal bears some similarity to the "b33" encrypted leaseset format,
+containing only a key and a type field.
+
+To maintain some compatibility, certain protocol layers could "expand" the padding field
+with all zeros to present to other protocol layers.
+
+For Destinations, we could also remove the encryption type field in the key certificate,
+at a savings of two bytes.
+Alternatively, Destinations could get a new encryption type in the key certificate,
+indicating a zero public key (and padding).
+
+If compatibility conversion between old and new formats is not included at some protocol layer,
+the following specifications, APIs, protocols, and applications would be affected:
+
+- Common structures spec
+- I2NP
+- I2CP
+- NTCP2
+- SSU2
+- Ratchet
+- Streaming
+- SAM
+- Bittorrent
+- Reseeding
+- Private Key File
+- Java core and router API
+- i2pd API
+- Third-party SAM libraries
+- Bundled and third-party tools
+- Several Java plugins
+- User interfaces
+- P2P applications e.g. MuWire, bitcoin, monero
+- hosts.txt, addressbook, and subscriptions
+
+If conversion is specified at some layer, the list would be reduced.
+
+The costs and benefits of these changes are not clear.
+
+Specific proposals TBD:
+
+
+
+
+
+PQ Keys
+------------------
+
+Post-Quantum (PQ) encryption public keys, for any anticipated algorithm,
+are larger than 256 bytes. This would eliminate any padding and any savings from proposed
+changes above, for Router Identities.
+
+In a "hybrid" PQ approach, like what SSL is doing, the PQ keys would be ephemeral only,
+and would not appear in the Router Identity.
+
+PQ signing keys are not viable,
+and Destinations do not contain encryption public keys.
+Static keys for ratchet are in the Lease Set, not the Destination.
+so we may eliminate Destinations from the following discussion.
+
+So PQ only affects Router Infos, and only for PQ static (not ephemeral) keys, not for PQ hybrid.
+This would be for a new encryption type and would affect NTCP2, SSU2, and
+encrypted Database Lookup Messages and replies.
+Estimated time frame for design, development, and rollout of that would be ????????
+But would be after hybrid or ratchet ????????????
+
+For further discussion see [PQ]_.
+
+
+
+
+Issues
+======
+
+It may be desirable to rekey the network at a slow rate, to provide cover for new routers.
+"Rekeying" could mean simply changing the padding, not really changing the keys.
+
+It is not possible to rekey existing Destinations.
+
+Should Router Identities with padding in the public key field be identified with a different
+encryption type in the key certificate? This would cause compatibility issues.
+
+
+
+
+Migration
+=========
+
+No backward compatibility issues for replacing the ElGamal key with padding.
+
+Rekeying, if implemented, would be similar to that done
+in three previous router identity transitions:
+From DSA-SHA1 to ECDSA signatures, then to
+EdDSA signatures, then to X25519 encryption.
+
+Subject to backward compatibility issues, and after disabling SSU,
+implementations may remove ElGamal code completely.
+Approximately 14% of routers in the network are ElGamal encryption type, including many floodfills.
+
+A draft merge request for Java I2P is at [MR]_.
+
+
+References
+==========
+
+.. [Common]
+    {{ spec_url('common-structures') }}
+
+.. [Datagram]
+    {{ spec_url('datagrams') }}
+
+.. [I2CP]
+    {{ spec_url('i2cp') }}
+
+.. [I2NP]
+    {{ spec_url('i2np') }}
+
+.. [MR]
+    http://git.idk.i2p/i2p-hackers/i2p.i2p/-/merge_requests/66
+
+.. [NTCP2]
+    {{ spec_url('ntcp2') }}
+
+.. [PKF]
+    http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html
+
+.. [PQ]
+    http://zzz.i2p/topics/3294
+
+.. [SAM]
+    {{ site_url('docs/api/samv3') }}
+
+.. [SSU2]
+    {{ spec_url('ssu2') }}
+
+.. [Streaming]
+    {{ spec_url('streaming') }}

i2p2www/spec/proposals/162-congestion-caps.rst

@@ -0,0 +1,149 @@
+============================
+Congestion Caps
+============================
+.. meta::
+    :author: dr|z3d, idk, orignal, zzz
+    :created: 2023-01-24
+    :thread: http://zzz.i2p/topics/3516
+    :lastupdated: 2023-02-01
+    :status: Open
+    :target: 0.9.59
+
+.. contents::
+
+
+
+Overview
+========
+
+Add congestion indicators to the published Router Info (RI).
+
+
+
+
+Motivation
+==========
+
+Bandwidth "caps" (capabilities) indicate share bandwidth limits and reachability but not congestion state.
+A congestion indicator will help routers avoid attempting to build through a congested router,
+which contributes to more congestion and reduced tunnel build success.
+
+
+
+Design
+======
+
+Define new caps to indicate various levels of congestion or capacity issues.
+These will go in the top-level RI caps, not the address caps.
+
+
+Congestion Definition
+----------------------
+
+Congestion, in general, means that the peer is unlikely to
+receive and accept a tunnel build request.
+How to define or classify congestion levels is implementation-specific.
+
+Implementations may consider one or more of the following:
+
+- At or near bandwidth limits
+- At or near max participating tunnels
+- At or near max connections on one or more transports
+- Over threshold for queue depth, latency, or CPU usage; internal queue overflow
+- Base platform / OS CPU and memory capabilities
+- Perceived network congestion
+- Network state such as firewalled or symmetric NAT or hidden or proxied
+- Configured not to accept tunnels
+
+Congestion state should be based on an average of conditions
+over several minutes, not an instantaneous measurement.
+
+
+
+Specification
+=============
+
+Update [NETDB]_ as follows:
+
+
+.. raw:: html
+
+  {% highlight %}
+D: Medium congestion, or a low-performance router (e.g. Android, Raspberry Pi)
+     Other routers should downgrade or limit this router's
+     apparent tunnel capacity in the profile.
+
+  E: High congestion, this router is near or at some limit,
+     and is rejecting or dropping most tunnel requests.
+     If this RI was published in the last 15 minutes, other routers
+     should severely downgrade or limit this router's capacity.
+     If this RI is older than 15 minutes, treat as 'D'.
+
+  G: This router is temporarily or permanently rejecting all tunnels.
+     Do not attempt to build a tunnel through this router,
+     until a new RI is received without the 'G'.
+{% endhighlight %}
+
+For consistency, implementations should add any congestion cap
+at the end (after R or U).
+
+
+
+Security Analysis
+=================
+
+Any published peer information cannot be trusted.
+Caps, like anything else in the Router Info, may be spoofed.
+We never use anything in the Router Info to up-rate a router's perceived capacity.
+
+Publishing congestion indicators, telling peers to avoid this router, is inherently
+much more secure than permissive or capacity indicators solicting more tunnels.
+
+The current bandwidth capacity indicators (L-P, X) are trusted only to avoid
+very low-bandwidth routers. The "U" (unreachable) cap has a similar effect.
+
+Any published congestion indicator should have the same effect as
+rejecting or dropping a tunnel build request, with similar security properties.
+
+
+
+Notes
+=====
+
+Peers must not to completely avoid 'D' routers, only derate them.
+
+Care must be taken not to completely avoid 'E' routers,
+so when the whole network is in congestion and publishing 'E',
+things don't completely break.
+
+Routers may use different strategies for what types of tunnels to build through 'D' and 'E' routers,
+for example exploratory vs. client, or high vs. low bandwidth client tunnels.
+
+Routers should probably not publish a congestion cap at startup or shutdown by default,
+even if their network state is unknown, to prevent restart detection by peers.
+
+
+
+
+Compatibility
+===============
+
+No issues, all implementations ignore unknown caps.
+
+
+Migration
+=========
+
+Implementations may add support at any time, no coordination needed.
+
+Preliminary plan:
+Publish caps in 0.9.58 (April 2023);
+act on published caps in 0.9.59 (July 2023).
+
+
+
+References
+==========
+
+.. [NETDB]
+    {{ site_url('docs/how/network-database', True) }}

i2p2www/spec/proposals/163-datagram2.rst

@@ -0,0 +1,154 @@
+===================================
+Datagram2 Protocol
+===================================
+.. meta::
+    :author: zzz
+    :created: 2023-01-24
+    :thread: http://zzz.i2p/topics/3540
+    :lastupdated: 2023-01-24
+    :status: Open
+    :target: 0.9.60
+
+.. contents::
+
+
+
+Overview
+========
+
+Pulled out from [Prop123]_ as a separate proposal. Copied from [Prop123]_:
+
+Offline signatures cannot be verified in the repliable datagram processing.
+Needs a flag to indicate offline signed but there's no place to put a flag.
+
+Will require a completely new protocol number and format.
+to be added to the [DATAGRAMS]_ specification.
+Let's call it "Datagram2".
+
+
+Motivation
+==========
+
+Left over from LS2 work otherwise completed in 2019.
+
+
+
+Design
+======
+
+Define new protocol 19 - Repliable datagram with options.
+
+New signature specification.
+
+
+
+Specification
+=============
+
+Add Datagram2 to [DATAGRAMS]_ as follows:
+
+
+Format
+-------
+
+Preliminary, copied from [Prop123]_:
+
+.. raw:: html
+
+  {% highlight %}
+From (387+ bytes)
+
+  Flags (2 bytes)
+  Bit order: 15 14 ... 3 2 1 0
+  Bit 0: If 0, no offline keys; if 1, offline keys
+  Bits 1-15: set to 0 for compatibility with future uses
+  If flag indicates offline keys, the offline signature section:
+
+  Expires timestamp
+  (4 bytes, big endian, seconds since epoch, rolls over in 2106)
+
+  Transient sig type (2 bytes, big endian)
+
+  Transient signing public key (length as implied by sig type)
+
+  Signature of expires timestamp, transient sig type,
+  and public key, by the destination public key,
+  length as implied by destination public key sig type.
+  This section can, and should, be generated offline.
+
+  Payload
+
+  Signature
+{% endhighlight %}
+
+
+
+Signatures
+----------
+
+TBD
+
+Prelude: "DatagramProtocol" ?
+
+
+
+
+SAM
+---
+
+Add STYLE=DATAGRAM2
+
+
+
+Security Analysis
+=================
+
+
+
+
+Notes
+=====
+
+
+
+Compatibility
+===============
+
+None
+
+
+Migration
+=========
+
+Each UDP application must separately detect support and migrate.
+
+Bittorrent DHT: Needs extension flag probably,
+e.g. i2p_dg2, coordinate with BiglyBT
+
+Bittorrent UDP Announces [Prop160]_: Design in from the beginning?
+Coorindate with BiglyBT, i2psnark, zzzot
+
+Bote: Unlikely
+
+Streamr: Just switch, nobody's using it
+
+SAM UDP apps: None known
+
+
+References
+==========
+
+.. [DATAGRAMS]
+    {{ spec_url('datagrams') }}
+
+.. [I2CP]
+    {{ spec_url('i2cp') }}
+
+.. [Prop123]
+    {{ proposal_url('123') }}
+
+.. [Prop160]
+    {{ proposal_url('160') }}
+
+.. [BT-SPEC]
+    {{ site_url('docs/applications/bittorrent', True) }}

i2p2www/spec/proposals/164-streaming.rst

@@ -0,0 +1,65 @@
+===================================
+Streaming Updates
+===================================
+.. meta::
+    :author: zzz
+    :created: 2023-01-24
+    :thread: http://zzz.i2p/topics/3541
+    :lastupdated: 2023-01-24
+    :status: Open
+    :target: 0.9.58
+
+.. contents::
+
+
+
+Overview
+========
+
+
+
+Motivation
+==========
+
+
+
+Design
+======
+
+
+
+Specification
+=============
+
+Update [STREAMING]_ as follows:
+
+
+
+Security Analysis
+=================
+
+
+
+Notes
+=====
+
+
+
+Compatibility
+===============
+
+No issues, all implementations ignore.
+
+
+Migration
+=========
+
+Implementations may add support at any time, no coordination needed.
+
+
+
+References
+==========
+
+.. [STREAMING]
+    {{ spec_url('streaming') }}

i2p2www/spec/streaming.rst

@@ -3,8 +3,8 @@ Streaming Protocol Specification
 ================================
 .. meta::
     :category: Protocols
-    :lastupdated: 2022-04
-    :accuratefor: 0.9.53
+    :lastupdated: 2023-01
+    :accuratefor: 0.9.57
 
 .. contents::
 
@@ -88,15 +88,15 @@ Framing is provided by the lower layers - I2CP and I2NP.
   sendStreamId :: 4 byte `Integer`
                   Random number selected by the packet recipient before sending
                   the first SYN reply packet and constant for the life of the
-                  connection. 0 in the SYN message sent by the connection
+                  connection, greater than zero. 0 in the SYN message sent by the connection
                   originator, and in subsequent messages, until a SYN reply is
                   received, containing the peer's stream ID.
 
   receiveStreamId :: 4 byte `Integer`
                      Random number selected by the packet originator before
                      sending the first SYN packet and constant for the life of
-                     the connection. May be 0 if unknown, for example in a RESET
-                     packet.
+                     the connection, greater than zero.
+                     May be 0 if unknown, for example in a RESET packet.
 
   sequenceNum :: 4 byte `Integer`
                  The sequence for this message, starting at 0 in the SYN

i2p2www/spec/updates.rst

@@ -3,8 +3,8 @@ Software Update Specification
 =============================
 .. meta::
     :category: Design
-    :lastupdated: 2022-02
-    :accuratefor: 0.9.53
+    :lastupdated: 2022-08
+    :accuratefor: 0.9.55
 
 .. contents::
 
@@ -315,9 +315,8 @@ SU3 Details
 
 * SU3 Version: The router version
 
-* Jar and war files in the zip are compressed with pack200 as documented above
-  for "su2" files. If the client does not support pack200, it must download the
-  update in a "sud" format.
+* Jar and war files in the zip are no longer compressed with pack200 as documented above
+  for "su2" files, because recent Java runtimes no longer support it.
 
 Notes
 `````
@@ -338,7 +337,7 @@ Goals
   man-in-the-middle attacks that could boot victims into a separate, untrusted
   network.
 
-* Use su3 file format already used for updates, reseeding, and plugins
+* Use su3 file format already used for updates and plugins
 
 * Single compressed file to speed up reseeding, which was slow to fetch 200 files
 
@@ -362,7 +361,8 @@ SU3 Details
 
 * SU3 File Type: 0 (ZIP)
 
-* SU3 Version: Seconds since the epoch, in ASCII (date +%s)
+* SU3 Version: Seconds since the epoch, in ASCII (date +%s).
+  Does NOT roll over in 2038 or 2106.
 
 * Router info files in the zip file must be at the "top level". No directories
   are in the zip file.
@@ -386,8 +386,8 @@ SU3 Details
 
 * SU3 Version: The plugin version, must match that in plugin.config.
 
-* Jar and war files in the zip are compressed with pack200 as documented above
-  for "su2" files.
+* Jar and war files in the zip should not be compressed with pack200 as documented above
+  for "su2" files, as recent Java runtimes no longer support it.
 
 SU3 News File Specification
 ---------------------------
@@ -415,7 +415,8 @@ SU3 Details
 
 * SU3 File Type: 1 (XML) or 3 (XML.GZ)
 
-* SU3 Version: Seconds since the epoch, in ASCII (date +%s)
+* SU3 Version: Seconds since the epoch, in ASCII (date +%s).
+  Does NOT roll over in 2038 or 2106.
 
 * File Format: XML or gzipped XML, containing an [RFC-4287]_ (Atom) XML Feed.
   Charset must be UTF-8.
@@ -637,7 +638,8 @@ then each unblock entry in the order received with a newline after each.
 Blocklist File Specification
 ----------------------------
 
-TBD, unimplemented, see proposal 130
+TBD, unimplemented, see proposal 130.
+Blocklist updates are delivered in the news file, see above.
 
 
 

i2p2www/static/idk.key.asc

@@ -0,0 +1,98 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsBNBFllPP4BCAC00FYAOPuUWVbUcli+MY5U62AHhg3qXu2FMwdi4WJPP38e4Py1
+bYXv3q8kgc4mq/wG2Y0KQtbpJ1sx4ZHv26Ipa2bZH6WyBX+hUc5tzXEe98kBjdXO
+Pv/RYfUryhfsLpTdzaH0zvaC24gYxP3lpv046X91PvJ9nRgtgRrmGlFnybtDApeA
+JEdY144EAqt3SVP/tMMGCmrM+0guaDR1N6iLNF0RdpLoplJ/8FrjCwIn7fvvx0gR
+94anhYBkW3I33NMArQTFDf7blbw3LryVyHtH/3/xnbrQ8d3ISYy2CfP5l8pTNKQh
+kaSi18O27fL5KS45VxPdt6IuApn0bEqYC8bbABEBAAHNI2V5ZWRlZWtheSA8ZXll
+ZGVla2F5QHNhZmUtbWFpbC5uZXQ+wsCXBBMBCABBAhsDBQsJCAcCBhUICQoLAgQW
+AgMBAh4BAheAAhkBFiEEcNIGBzi++AUjrK/311wDs5teFOEFAmPLYTQFCRPMJbYA
+CgkQ11wDs5teFOH7+Af/TTrB2ks956RAViq5RxJzYDldh/3e8DVFtynIMqRDQYh4
+Z56Jt9Z9KtcrHJXY8Dos3VhuTlP82JQNXpnIxvcylTLiOWwahqN+g+LgLzFIfmrz
+nudOYEfGYTEre9EEl1uvZZMLe9N48PeK234P2TkmuhHiUwkoKPoq3wUkcvGyLmvj
+OCgi0qZAwDb1ZPD1w9VUxLW7xUefobk0To8O1FbZ4AQvBaNY6VXofqL5wYpeYPNE
+8slenFaFRSFht5h53fw2W9dBO8DdgCpdVqM/qdgS+T5uxGzg1Dnd7upLStKPEKQZ
+FWaVk+CSeNLrOfK39NRye0IYwUWOsPMcn/BgUsGVP8LAlwQTAQgAQQIbAwULCQgH
+AgYVCAkKCwIEFgIDAQIeAQIXgAIZARYhBHDSBgc4vvgFI6yv99dcA7ObXhThBQJe
+Eh8cBQkKUHyeAAoJENdcA7ObXhThudEIAKIOkKi52dNvGfAFTyQkD+RFQts3L+zd
+DcJHGjTgOo9pR5qoDMFRH2gQA3aC7UNkXNV9uGgqLAY3ndAe8CttJHug3j1RHeLs
+jPQV6a7Cb5WT1a/yIm1g/Ruq+9yganZoXgfiVJsgfbSiAFsJKSSQOjSEFY2Tp9hi
+IgUA20tl9gjM9FkJXIoiPC6ChZDFYTbqqgH3BQAoFDB2rCleUwdwmzMrjJ6kKGUG
+LXh7Y9+BKrnS59fVSj+9qE803YksYaWLFMuPWqO3L1L5iyi/nev7q5sYXFOQkNbL
+L/F/6OBE/GIZqUjKK1uw7ptFPHXP7JHdOVuf6gJmpO3V4F6gMXjTbjnNI2V5ZWRl
+ZWtheSA8aGFua2hpbGwxOTU4MEBnbWFpbC5jb20+wsCUBBMBCgA+AhsDBQsJCAcC
+BhUKCQgLAgQWAgMBAh4BAheAFiEEcNIGBzi++AUjrK/311wDs5teFOEFAmPLYTQF
+CRPMJbYACgkQ11wDs5teFOHkpgf6A5rmxVpBt5p7rRvIiMP2WUArSqFceBKkvCmf
+ieMkvl7fa94uGXpo3w7UyvXGFvkuXFdzT9r7w6+IB3YjBjSZVhW079PWZu/nsK1B
+cNGSEAbcv7MvWDKySa7l+OhLX2de/X0cnFNMZMZID5vOmx7wRm0OYAqAun8dS2QF
+BbXcmtkwNo966HOf4e/djbJbQPgQ5zZchLNpkMrBeuXzqVcKHzKU4MLneq99+utD
+IEgF5Pl+g3/bfOY/vMh8OdTPHmI2LRWNowMnC1EnxmWdkNaibyumCnd25davCLsE
+fWILoQrABGLGGF9hSDzeCKzek4pAdo2eIO/SiRACNRVPQ63epcLAlAQTAQoAPgIb
+AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHDSBgc4vvgFI6yv99dcA7ObXhTh
+BQJeEh8dBQkKUHyeAAoJENdcA7ObXhTh9kUH/3Q5PH4ZaXXkpRnHx88BVgsMwjNq
+QvMw6z8Hi4fgFu4/KpcOV+JS5AahuGP05wl+MxEbgVtKNd8v9rLDVatIW0pjMidb
+VjubreqARM/E/g8kRExr2KB0pf3ChaH0o/qXSxhrjjIi2IHRI2Yji4tjo1e+2C2P
+Y4x4Vqhweap5VTMezjOQhkE7ROepIN7nut1joUfjZAwnBLkMbmt/gx6epYidS62p
+6yOeN17hIq7UlAtIKyycd/Ry8LE271Cekxjgx301IMJmWRCb62HNvI3ucIWoQubg
+ukf3QppGuzNXayVlMwpSYTv8qOFrG0y0u56aYHwhkdrHNamnUbDuz8vJAsnCwJQE
+EwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRw0gYHOL74BSOsr/fX
+XAOzm14U4QUCXTYlpgUJB5NPpQAKCRDXXAOzm14U4aUNCACq17h2WCYKvVfChRjr
+ACr32wRWOk0Zcs0ZFEfvoLjyaSzZegS0xhoI+/VZJTMNhs5Cm6w+XU8J3T+yF+rn
+OioAni0Sl3G9wxaZzs+QGqJgizhqVeDAeG3CdvOc9VPno1Rlrm++B9BUOqCdR1fY
+lvBI0buHB4MwXPCofRDQo+dV4Rvu5W07JohS67Zt/wb0xJtkEC9WkMeUNRr5sLcV
+ekuIn6drXZcI0Hy7yc/XQpj1sl2hU29MgITlgF8ldiXHCJ6lJ3D+/W3ZfVQxiBtr
+73EDRZp4CcjH1+9KzG5E4xAcnaIK7/B3FhuMGaKpnQ9W/IuMD3+74FMuEcPC/Fmy
+7sqDzSlleWVkZWVrYXkgPHByb2JsZW1zb2x2ZXJAb3Blbm1haWxib3gub3JnPsLA
+lAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBHDSBgc4vvgFI6yv
+99dcA7ObXhThBQJjy2E0BQkTzCW2AAoJENdcA7ObXhTh+rcH/RY3LYAgOQwzaae7
+J+zJBXko0msn6K7/WExGXRDmsZxInhsFxWm5D6mtd56VjBb41bjYqX9R0edJcQJo
+8M4sOWe1DHT5efe8oY7xCI4KxRCVHLRK2xzj6EkYfTUvNkatjRIw/2s/gMqCIyO9
+L00YJo7oLPMXCORVwYFSPncXCP1r+jZHmHyBKN5O0GXgFMabzO1XYiW5cT8Lg2Yh
+z4OkCKkKJkBidknYLkuSbIaNPjzfocw8BnKGTCQJizFlByktHzYuZonNkY2dIuk4
+ChVEGVOBOZ9lU3J21jPX5slNpAiC2zguCqwI7/98k2RlpK4UqxkQLzUDg1Ld3kp2
+yop2M67CwJQEEwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQRw0gYH
+OL74BSOsr/fXXAOzm14U4QUCXhIfHQUJClB8ngAKCRDXXAOzm14U4Zv2B/9rPzSv
+GE2NNndkLKt/tGbsMaunCEkmq0ztwBJQopL5gRHkZ5dhx7i3NyXhLkmpLKeyZ/QY
+0E4AwLhUdSthovFflWdY48toOqexiNmkn1fcGsCVRzWIfys0AQMclICFDSOem+SN
+qvhs1/39CpqKctW3hnQ7DOomOIFekgtrf4neggtstseUra98SfL7haSW3k3DX6aa
+CB7r9pdu5DsfsB25XEX/G7lFrnthyqLDYQb08YSpk4YiEzIW8VNKZ82iFftJdDOC
+qp7f4vnOHAhLLozxxBfBdVC2MHgI5j1p+sTECSF1PBsSI2PV6QP/KO5uryj0U/b4
+7gglDWHvhCPlJ1LkzTpleWVkZWVrYXkgKGFsaWFzIGZvciBpZGtpMnBAaTJwbWFp
+bC5vcmcpIDxpZGtpMnBAbWFpbC5pMnA+wsCUBBMBCgA+AhsDBQsJCAcCBhUKCQgL
+AgQWAgMBAh4BAheAFiEEcNIGBzi++AUjrK/311wDs5teFOEFAmPLYTQFCRPMJbYA
+CgkQ11wDs5teFOGZTQgAlS3rrCQ5t2ipdYbrW+Il1y8XQelK0mRZMmYBx/IgkOty
+J+ewSOnLgXR4q2IdF+gFWikfrUFiUirSViCdy5BUrRXwW35E8pchAs8ph+/3MXHQ
+n0C5J61s9s38HMeK/M5txk7yaHKYo81yeCQGtfq8IFsyw/GdrrFfEDBnP/rwXgtf
+oHX/oSuqGbySx//qPxqGpRX/qdbgP2KPrPdImFp3ACUUofOeuflmi8V/drT4FXa8
+mG8qk6Uhp4h15XgBtkrUBaC9C1pc7aevtpty2wAlG8DlMee9W5EzxxYfzp4rwX5U
+J/BTXJLP98eElGAAxCELNLwp1QAX9WYSpjkHdpoqLs06ZXllZGVla2F5IChhbGlh
+cyBmb3IgaWRraTJwQG1haWwuaTJwKSA8aWRraTJwQGkycG1haWwub3JnPsLAlAQT
+AQoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHDSBgc4vvgFI6yv99dc
+A7ObXhThBQJjy2E0BQkTzCW2AAoJENdcA7ObXhTh6XoH/ic44i9eGk3PRmiBaDF9
++M2QJRekcEXN9YU0Dj9H/8ENdLk8uOcCM3i/DB43Fol+4w3asc9A0zZ6Z1zvHt+7
+1cF/xKJQGidyWTc42mOn84H9qbSsNizUJxBMVWEDztR96UBI4RG8IsG6qQ45GI++
+0xzD1sPblHypKU2LaJtALSQpP1nCTd6N4fsMWrYdQVQgp91+Kz9BjZEAX6tz/bcg
+SwnA6lL2DKf4dHAWRXhLohYn9oHsEHdHaL1TraT+ldQ2kv140lKHYT6NydQON7xz
+qe7iROScoM7W7hG+ZTVvUXw4WSp3A4S05h5YUMdtqpp54brDF++vw9yAcIwJBfyU
+lpvOwE0EWWU8/gEIALmUpJ9JUR8ZEtyIbV6MGEREG0KvYyHOdZ2Db2p4GxUyuBKK
+s1Rwj+njBS6/UbW58bww/P1Z09ikdgFsiualiFf2bBbAEoT8wimOU2nnrNmT+XFe
+Aj0B+aSUKtLSn7ve5SgJM2MbX/3+aCn/kjJy2oU5J1W7C+CQSY5P498zOLi9Fhmu
+rBBn+kvgHEs83dbNWvTNtZG1MBe8RZvjYfnvP7xk+WXCiVuwArMoXDcpvarDTWjv
+0iKn/RXpz7DO4F2u/As1tFx9Q1UgaFG6Z58xrfPJBZQRwql76jaykbDEM8SSViSd
+WgJuGdAjqTlO5ur7SJqKLUI69P/0LSEkrqSkEnsAEQEAAcLAfAQYAQgAJgIbDBYh
+BHDSBgc4vvgFI6yv99dcA7ObXhThBQJjy2EaBQkTzCWcAAoJENdcA7ObXhTh4ekH
+/28QFIKR8HVB4w7Fw3aGwZfKRPE1SVAwq2rN8MBvkA8JyuEYk6osnkxpycC7vu5j
+TBlFmMtrppp/LPVavj0bQAf7jLLUT/1qae8HmmkF4M/irL4RNiRZRU5vmtdTUnwW
+8Bwogo+e0WguWDu1PimM228Qdjo16+xg6OKdtRThm/w9huRQ/GpCRZfHhpBmhMt0
+M3ZwMmfr+9ROPTINdABetQoj1W5Fl1caR65JZe16uc0aKP5ww+7NiGXuINa24dGI
+5hP3/3dvz9DKkTrt7YQ+7ICRBxbBlLQVBMhiGWjwDiaLXqdW6wmsSN6jxerom9UG
+kp0p/E4LDzHQhoIIBIj0vabCwHwEGAEIACYCGwwWIQRw0gYHOL74BSOsr/fXXAOz
+m14U4QUCXhIfHQUJClB8nwAKCRDXXAOzm14U4cuCB/9UTshnHll+FEJYAHfWm7q2
+2nBVnq8fbrxCVTKIwONi39fAbrO81CigEU1/Owk1Q0BOgySTXuumv/f9TX979D3X
+L5pOGXZnzg5VFKoZ8gGAMEoz0nX104az/ixujBVagdnm8+PMZMwKM0RzNbgyqu71
+Z2eVq4W9x1VK8rW8xPmyP9MQSp42VOIrDlX0xA5NnMXKW6+uGkBLYfA/y+rjI1Gn
+98PlVueKh1t/YzwgQM58Enh1GZ1/YtPcixgzmyO99o/q1qFI1WSNF4TXTtll9Kik
+fR64nvYLVmfFguNQUz7oca8f8scSjkpj8/cNGoDjxeuj/oNDaZqqyJhwDD4f3/TC
+=i+Zz
+-----END PGP PUBLIC KEY BLOCK-----