I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

merge into: I2P_Developers:reseed-rewrite
Branches Tags
I2P_Developers:master I2P_Developers:166-identity-aware-proxies I2P_Developers:modernize I2P_Developers:2to3 I2P_Developers:debian-variants-questionable I2P_Developers:reseed-rewrite I2P_Developers:reseed-revisions I2P_Developers:debchanges I2P_Developers:dns-application I2P_Developers:download-pages-breakdown-redirect I2P_Developers:dmg-bundle-expanded I2P_Developers:style-guide AGentooCat:simplify-python AGentooCat:master AGentooCat:debian-variants-questionable AGentooCat:reseed-rewrite AGentooCat:reseed-revisions AGentooCat:debchanges AGentooCat:dns-application AGentooCat:download-pages-breakdown-redirect AGentooCat:dmg-bundle-expanded AGentooCat:style-guide
I2P_Developers:cvs-suck-import AGentooCat:cvs-suck-import
...
pull from: AGentooCat:simplify-python
Branches Tags
AGentooCat:simplify-python AGentooCat:master AGentooCat:debian-variants-questionable AGentooCat:reseed-rewrite AGentooCat:reseed-revisions AGentooCat:debchanges AGentooCat:dns-application AGentooCat:download-pages-breakdown-redirect AGentooCat:dmg-bundle-expanded AGentooCat:style-guide I2P_Developers:master I2P_Developers:166-identity-aware-proxies I2P_Developers:modernize I2P_Developers:2to3 I2P_Developers:debian-variants-questionable I2P_Developers:reseed-rewrite I2P_Developers:reseed-revisions I2P_Developers:debchanges I2P_Developers:dns-application I2P_Developers:download-pages-breakdown-redirect I2P_Developers:dmg-bundle-expanded I2P_Developers:style-guide
AGentooCat:cvs-suck-import I2P_Developers:cvs-suck-import

175 Commits
reseed-rew ... simplify-p

Author SHA1 Message Date
AGentooCat
f1d0e3e067 simplify slug base (de)date valids 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 17:29:32 +00:00
AGentooCat
ae7a7b00a4 simplify slug (de)date valids 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 17:26:56 +00:00
AGentooCat
bdb34cc646 simplify dict init of blog feeds 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 17:23:25 +00:00
AGentooCat
e98ef3f151 simplify dict init of meeting feeds (2) 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 17:16:34 +00:00
AGentooCat
050001228c simplify dict init of meeting feeds 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 17:15:20 +00:00
AGentooCat
453cc0cc14 simplify file reading in netdb.i2p2 init 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 17:11:59 +00:00
AGentooCat
bf5bb863d2 simplify dup-code of python<->html lang 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:59:47 +00:00
AGentooCat
be26e555ec simplify a small lang attachment 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:57:10 +00:00
AGentooCat
34490e41e8 simplify sitemap url appending 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:52:04 +00:00
AGentooCat
0ba93d331f fix legacy resolving 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:51:16 +00:00
AGentooCat
1f30255706 simplify the redirection returns on legacy_show 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:39:12 +00:00
AGentooCat
052ece4336 simplify the decision of encoding the output on no-formatting output 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:34:55 +00:00
AGentooCat
178f6f8c87 simplify the tower-length htmlformatter init 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:31:34 +00:00
AGentooCat
e2a3aa76b5 simplify selection of formatter classes 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:24:01 +00:00
AGentooCat
af2dfadfe6 simplify the render_template calls for downloads 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:17:50 +00:00
AGentooCat
1b01ee50d2 simplify mirror file reading 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:13:09 +00:00
AGentooCat
99cf7985b7 simplify dict inits 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:10:31 +00:00
AGentooCat
95e395daaa simplify the code on the decision of showing i2p mirror links 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:08:17 +00:00
AGentooCat
7401f930ba simplify temp-link resolving for default-args 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:04:14 +00:00
AGentooCat
d7787511bd simplify temp-link resolving 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:02:53 +00:00
AGentooCat
fadcb56439 simplify the decision of showing i2p links 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 15:00:12 +00:00
AGentooCat
34654b6954 simplify theme getting from cookies 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 14:58:23 +00:00
AGentooCat
34062eaf2d simplify $DEV check 
Signed-off-by: AGentooCat <agentoocat@mail.i2p>
 2023-03-14 14:56:05 +00:00
idk
a030fbae4a move blogpost 2023-03-14 06:07:01 +00:00
idk
224305f501 fix blog URL 2023-03-14 03:10:04 +00:00
idk
4cac8d8541 update my public key 2023-03-14 01:57:53 +00:00
idk
9e78559e80 update versions and hashes 2023-03-13 23:18:36 +00:00
idk
5cb31ea847 undraft blog post 2023-03-13 21:29:54 +00:00
idk
a618bb279d write draft release notes 2023-03-13 19:25:55 +00:00
idk
7107a2960a edit statement about release of Mac easy-install on site since release date of 2.2.0 is moved. 2023-03-08 17:00:53 +00:00
idk
5162dc2d24 unindent blog post 2023-02-12 03:37:35 +00:00
idk
980fc185d5 Blog post about Denial of Service attack 2023-02-12 03:33:07 +00:00
zzz
2bb222187d mtg 320 more log cleanup and spelling fixes 2023-02-08 22:56:10 -05:00
idk
d0459ba062 check in meeting logs 2023-02-07 22:21:03 +00:00
idk
d08ac133f8 remove logging messages from meeting log 2023-02-07 22:08:55 +00:00
idk
b8f5804525 check in meeting logs 2023-02-07 22:07:15 +00:00
idk
90a39f35d6 Add missing wizard images, add sadie to author list 2023-02-01 14:15:29 +00:00
zzz
70cc78b17f Prop. 162 updates 2023-02-01 06:57:22 -05:00
idk
d616bd3156 qualify that the recommendation might change in the future 2023-02-01 07:21:15 +00:00
idk
9942f1ddf6 add links to blog posts 2023-02-01 07:07:57 +00:00
idk
bdca9c7042 Add install guide for jar installs on MacOS 2023-02-01 06:58:31 +00:00
idk
30d9fe1622 fix missing image 2023-02-01 00:58:28 +00:00
idk
d513dcc95d add osx install guide images 2023-01-31 23:12:25 +00:00
idk
d0787a33ad Update the about/intro page with @sadie's rewrite and my revisions 2023-01-28 05:03:09 +00:00
idk
fb150533bc update the about intro page 2023-01-28 04:53:40 +00:00
idk
18c83f465a fix easy-install hash 2023-01-26 17:45:05 +00:00
zzz
9500378ef7 new proposals 2023-01-24 08:16:17 -05:00
zzz
bf1c5c2748 grammar 2023-01-23 08:58:22 -05:00
idk
38ee4bef5c Clean my GPG key 2023-01-21 03:43:30 +00:00
zzz
1e33399af4 add note on outproxies 2023-01-19 09:21:15 -05:00
zzz
e795daa239 bittorrent: more info 2023-01-17 08:19:25 -05:00
zzz
76bcd2ad15 bittorrent: Add dev guidance section, mostly copied from SAM spec 2023-01-17 08:07:21 -05:00
idk
a1914b0f97 fix hall of fame link, closes #37 2023-01-15 23:10:46 +00:00
idk
46aa306710 Merge branch 'no-more-monotone-and-trac' into 'master' 
No more monotone and trac

See merge request i2p-hackers/i2p.www!22
 2023-01-15 19:05:20 +00:00
Little Big T
65ec4eeb91 No more monotone and trac 2023-01-15 19:05:20 +00:00
idk
da6a59e3d7 Merge branch 'there-is-no-target-bundle' into 'master' 
There is no target bundle for ant, instead it seems git-bundle is the one to use

See merge request i2p-hackers/i2p.www!21
 2023-01-14 16:18:44 +00:00
zzz
8afe26a895 Streaming: Clarify when ID may be 0 2023-01-13 19:10:50 -05:00
idk
d56f43a5d0 check in my key 2023-01-13 22:56:51 +00:00
idk
5bbeb4975f update bundle versions and indicate they are unsigned 2023-01-13 17:02:58 +00:00
idk
458c609c34 Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2023-01-13 07:49:30 +00:00
idk
5c0cba3c80 fix formatting in blog post 2023-01-13 07:48:44 +00:00
idk
aa7a019f15 add blog entry 2023-01-13 07:35:43 +00:00
zzz
8b557d2557 Move deprecated RI options to a separate list 2023-01-12 16:23:04 -05:00
zzz
929d984536 Update RI spec to better-specify statistics 
ref: http://zzz.i2p/topics/3515
 2023-01-12 16:12:11 -05:00
idk
742a99d0a4 add January 10 2023 meeting 2023-01-11 23:45:58 +00:00
idk
b63cf713f1 update the android versions 2023-01-11 23:42:14 +00:00
zzz
f713b0fba1 roadmap update 2023-01-11 17:05:11 -05:00
lbt
df53d22c04 There is no target bundle for ant, instead it seems git-bundle is the one to use 2023-01-11 18:57:29 +01:00
zzz
df23610400 Mac bundle further delayed 2023-01-11 07:05:01 -05:00
idk
2a60937a3d bump version 2023-01-10 21:51:25 +00:00
idk
77f6af7fd7 update hashes 2023-01-10 21:41:10 +00:00
idk
a8b8dd9986 undraft blog post 2023-01-10 21:38:36 +00:00
zzz
fd1e3197f1 2.1.0 checksums 2023-01-10 11:01:00 -05:00
zzz
628dc88834 SSU2: Add peer test results state machine 
ref: http://zzz.i2p/topics/3489
 2023-01-09 17:13:52 -05:00
idk
c6aeacf4c5 Merge branch 'trac-is-gone' into 'master' 
Trac is gone

See merge request i2p-hackers/i2p.www!20
 2023-01-08 23:46:32 +00:00
Little Big T
b5bfe3d212 Trac is gone 2023-01-08 23:46:31 +00:00
zzz
a68eb521d2 SAM updates 2023-01-08 11:09:32 -05:00
zzz
e4fe0e24e1 2.1.0 release draft 2023-01-06 08:14:35 -05:00
idk
5e5628abeb fix missing half-step from guide 1 2023-01-05 03:13:34 +00:00
idk
565936207e fix policy page title 2023-01-05 02:36:32 +00:00
idk
ff2482318c fix policy page title 2023-01-05 02:35:28 +00:00
idk
bfd5a73faa copy requirements from old to policy 2023-01-05 02:34:17 +00:00
idk
e236e86838 Merge branch 'master' of github.com:i2p/i2p.www 2023-01-05 02:25:12 +00:00
idk
270f6135c8 comment out unfinished reseed setup guides 2023-01-05 02:23:54 +00:00
idk
3d615c4590 update tags on reseed guide pages 2023-01-05 02:10:03 +00:00
idk
7854cb4935 update tags on reseed guide pages 2023-01-05 02:08:18 +00:00
idk
ea736ff862 overhaul of reseed docs 2023-01-05 01:53:35 +00:00
zzz
b456c3c8cc grammar 2023-01-04 19:48:00 -05:00
idk
5e3d53aa4b add docker page 2023-01-04 23:35:14 +00:00
idk
574a23bf5a split out policy section 2023-01-04 23:16:22 +00:00
idk
51a89c450a Debian reseed install instructions 2023-01-04 22:36:39 +00:00
idk
a4b141e5b1 start migrating over the reseed docs from my site 2023-01-04 22:11:31 +00:00
zzz
ab52b4b197 typo fix 2023-01-04 15:55:48 -05:00
zzz
a48879e014 Embedding update re: persistence 2023-01-03 16:08:23 -05:00
zzz
ba4fa23d5d SAM minor updates 2023-01-03 08:09:28 -05:00
zzz
fc9abe46b1 More embedding guide updates 2023-01-03 07:47:37 -05:00
zzz
878893a7c3 Embedding guide updates 2023-01-03 07:36:24 -05:00
zzz
8e42416434 Put i2cp.delayOpen in the right place alphabetically 2023-01-02 14:52:28 -05:00
zzz
5b71a5fe2e SAMv3 paragraph break 2023-01-02 13:20:16 -05:00
zzz
2d8fdf54cd i2ptunnel: Add missing info on the i2cp.delayOpen option, elaborate on the i2cp.newDestOnResume option 2023-01-02 12:44:50 -05:00
zzz
28a8bf6ca1 Incorporate proposal 161 recommendations into the SAMv3 and Common Structures specs 2023-01-02 12:31:51 -05:00
zzz
cebddd1edb Roadmap update 2023-01-02 11:17:56 -05:00
zzz
d3635464fa I2NP: Note SSU2 uses 9-byte header 2022-12-31 15:41:02 -05:00
zzz
47c0876ab3 SAM: Add general guidance section 
Emphasize that i2pd and Java i2p have different defaults
 2022-12-29 12:52:48 -05:00
zzz
f84202469c Add participating tunnels picture 2022-12-29 08:18:05 -05:00
zzz
5d75104397 Add tunnel build success picture 2022-12-26 16:38:35 -05:00
zzz
bf0565230a SSU2/NTCP2 and props. 160/161 minor updates 2022-12-19 06:18:18 -05:00
idk
8d423fa1fb change copy command on Debian download page, change note on Debian Downstreams only command on Debian download page 2022-12-18 16:18:57 +00:00
idk
9c5595b2ae Trim enter/exit events from IRC logs 2022-12-14 21:11:36 +00:00
idk
5b3ee6709d add meeting logs 2022-12-14 20:56:32 +00:00
idk
559761b72b add note about easy-install bundle to browser-content page 2022-12-09 19:21:41 +00:00
zzz
78e02ad1a1 SSU2 typo 2022-12-04 08:47:25 -05:00
zzz
81f07058d2 fix roadmap date 2022-11-30 15:08:42 -05:00
zzz
919bfedd3b bump roadmap date 2022-11-30 15:07:37 -05:00
zzz
e8798bbd59 Roadmap updates 2022-11-30 14:45:18 -05:00
idk
72f06a0657 move my roadmap items 2022-11-29 00:08:59 -05:00
zzz
66f721ccc1 config: Add outproxyType for SOCKS. 
Remove dup outproxyAuth entry
 2022-11-27 11:59:48 -05:00
idk
1370863c99 update android version and hash 2022-11-23 18:50:46 -05:00
idk
575651a3fe Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2022-11-23 14:40:45 -05:00
idk
d3a0c79314 check in fix on firefox.html page 2022-11-23 14:40:24 -05:00
zzz
cffc62b93d fix markdown 2022-11-23 13:04:48 -05:00
idk
01e7f33e58 Fix Windows bundle filename 2022-11-23 07:39:29 -05:00
idk
efef0afe50 update android hash 2022-11-23 07:23:49 -05:00
idk
4345320ecc Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2022-11-23 07:05:07 -05:00
idk
45c2992a37 Update Windows easy-install bundle 2022-11-23 07:04:08 -05:00
idk
170634f082 Write blog post for Easy-Install Windows and OSX 2022-11-23 06:51:56 -05:00
zzz
274405eff0 Remove specific JRE version from Windows bundle page 2022-11-22 08:30:08 -05:00
idk
610192690e undraft blog post 2022-11-21 18:07:01 -05:00
idk
355072ebc6 update main downloads and update hashes 2022-11-21 17:33:25 -05:00
zzz
0fdc7441de add checksums to release notes 
comment out signer info
add note about OSX bundle delayed
 2022-11-21 13:50:32 -05:00
zzz
72d3d34afe 2.0.0 release draft 2022-11-18 08:59:46 -05:00
idk
959fd0112d Merge branch 'debian-variants-questionable' into 'master' 
Work with more Debian and Ubuntu variants without altering instructions

See merge request i2p-hackers/i2p.www!19
 2022-11-13 22:19:08 +00:00
idk
24ee0900b6 Work with more Debian and Ubuntu variants without altering instructions 2022-11-13 22:19:08 +00:00
zzz
bbeadab0af SAM libs update 2022-11-13 09:14:51 -05:00
zzz
f64af2c0d9 Remove draft blog post from translation 2022-11-08 17:29:39 -05:00
zzz
0358745e87 Remove old draft SSU blog so it doesn't end up in translations 2022-11-08 17:27:37 -05:00
zzz
4e74efd07d Update translation source 2022-11-08 17:20:13 -05:00
zzz
05c9ef6353 Pull updated translations 2022-11-08 17:16:20 -05:00
idk
481cf5f09b add meeting notes 2022-11-08 15:36:47 -05:00
idk
8066aece90 reinstate Mac bundle downloads 2022-11-04 22:10:10 -04:00
idk
1921519c93 reinstate Mac bundle downloads 2022-11-04 22:09:55 -04:00
idk
cbcfc37819 add source repositories for profile manager 2022-11-04 22:03:45 -04:00
zzz
4f62315d1c Temporarily disable OSX bundle downloads 2022-11-03 11:05:03 -04:00
idk
389a54cd24 Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2022-10-27 12:53:27 -04:00
idk
df566a24ae remove erroneous reference to mikal from release-signing-key 2022-10-27 12:53:14 -04:00
zzz
aea6364f8f update bibtex URLs 2022-10-27 10:37:15 -04:00
idk
e654a01672 update hashes of Mac bundles 2022-10-26 13:45:04 -04:00
zzz
992de20108 bibtex fixes 2022-10-25 09:46:31 -04:00
zzz
fe7c3b9e1a Add traffic analysis paper 2022-10-25 08:59:00 -04:00
idk
83391c174f remove TLS fingerprints from safety post, add authors note explaining why 2022-10-17 11:50:28 -04:00
idk
e0de2cd6f8 update sha256 fingerprint for forum inside i2p-safety-reminder blog post 2022-10-16 12:37:24 -04:00
zzz
ba74d33ba5 SSU2: Add note about relaying to charlie when he is behind a symmetric NAT 2022-10-16 12:18:08 -04:00
zzz
a9adb61d4d SSU2: Spec minor edits 2022-10-12 13:21:54 -04:00
zzz
10566c6271 SSU2: Copy most of prop. 159 to the spec page 2022-10-12 12:41:34 -04:00
zzz
9026f6dc2f Clarify accept header processing 2022-10-12 09:53:57 -04:00
zzz
9305ac0ff0 Final edits and undraft SSU2 blog post 2022-10-11 12:56:46 -04:00
zzz
a61b9c359a SAMv3: Add note about session IDs 
add link to bitcoin code
 2022-10-10 11:26:32 -04:00
idk
d63908d91f Add robin/Py2P to SAMv3 libs page 2022-10-07 11:08:51 -04:00
Zlatin Balevsky
662095f2c8 remove beta label from mac arm64 2022-10-06 14:17:01 +01:00
idk
24db6b6966 fix flipped meeting logs 2022-10-04 18:58:07 -04:00
idk
f3c340c04b update meeting logs 2022-10-04 18:49:53 -04:00
idk
86da2d9391 update meeting logs 2022-10-04 18:49:44 -04:00
idk
1a921e1804 update meeting logs 2022-10-04 18:01:45 -04:00
idk
5c6e0411b0 just remove redundant link from installer page and direct to installer below the message on the screen, so we don't have to call the link generation stuff twice in the same page 2022-09-30 23:40:05 -04:00
idk
99e6b20ec8 fix erroneous link on the Easy-Install page 2022-09-30 23:31:14 -04:00
idk
39efd98ea2 update line breaks and translation tags 2022-09-28 20:45:48 -04:00
zzz
cb01e85a39 New proposal 161 2022-09-28 11:22:35 -04:00
zzz
feac384bb5 roadmap update 2022-09-28 10:49:53 -04:00
zzz
25afe46878 more SSU2 draft updates 2022-09-28 10:48:42 -04:00
zzz
b7de83c891 Blog README update 2022-09-28 10:48:17 -04:00
idk
ded33b8c44 undraft divaexchange blog, fix fingerprint on i2pgit.org after adding a hostname to the certificate 2022-09-28 01:15:00 -04:00
idk
721c61b497 add DivaExchange MYM draft 2022-09-26 20:17:12 -04:00
idk
087993ed64 don't forget github 2022-09-26 15:47:22 -04:00
idk
14e4137e45 clarify language on bots for i2p-safety-reminder 2022-09-26 15:35:06 -04:00
idk
325a8f2b73 un-draft safety blog post 2022-09-26 15:29:14 -04:00
263 changed files with 66507 additions and 9527 deletions
Expand all files Collapse all files

8
i2p2www/__init__.py
View File

@ -22,8 +22,8 @@ except ImportError:
###########
# Constants
CURRENT_I2P_VERSION = '1.9.0'
CURRENT_I2P_FIREFOX_PROFILE_VERSION = '1.9.5'
CURRENT_I2P_VERSION = '2.2.0'
CURRENT_I2P_FIREFOX_PROFILE_VERSION = '2.1.0'
CURRENT_I2P_OSX_VERSION = '1.9.0'
CANONICAL_DOMAIN = 'geti2p.net'
@ -210,9 +210,7 @@ def set_lang(endpoint, values):
# Detect and store chosen theme
@app.before_request
def detect_theme():
theme = 'duck'
if 'style' in request.cookies:
theme = request.cookies['style']
theme = request.cookies.get('style', 'duck')
if 'theme' in request.args.keys():
theme = request.args['theme']
# TEMPORARY: enable external themes

135
i2p2www/blog/2022/09/26/i2p-safety-reminder.draft.rst
View File

@ -1,135 +0,0 @@
{% trans -%}
==================================
A Reminder to be Safe as I2P Grows
==================================
{%- endtrans %}
.. meta::
:author: idk
:date: 2022-09-26
:category: general
:excerpt: {% trans %}{% endtrans %}
{% trans -%}
A Reminder to be Safe as I2P Grows
{%- endtrans %}
==================================
{% trans -%}
It is an an exciting time for The Invisible Internet Project (I2P). We
are completing our migration to modern cryptography across all of our
transports, ( Java and C++), and we have recently gained a high-capacity
and professional outproxy service, and there are more applications
integrating I2P based functionality than ever. The network is poised to
grow, so now is a good time to remind everyone to be smart and be safe
when obtaining I2P and I2P-related software. We welcome new
applications, implementations, and forks with new ideas, and the power
of the network comes from its openness to participation by all I2P
users. In fact, we dont like to call you users, we like to use the word
“Participants” because each of you helps the network, in your own way by
contributing content, developing applications, or simply routing traffic
and helping other participants find peers.
{%- endtrans %}
{% trans -%}
You are the network, and we want you to be safe.
{%- endtrans %}
{% trans -%}
We have become aware of attempts to impersonate I2Ps presence on the
web and social media. To avoid offering momentum to these campaigns, we
will not mention the actors affiliated with them, However, in order to
help you recognize these campaigns should you encounter them in the
wild, we are documenting their tactics:
{%- endtrans %}
- Copying text directly from the I2P Web Site without acknowledging our
licence requirements in a way that may suggest endorsement.
- Involvement or promotion of an Intial Coin Offering, or ICO
- Crypto-Scam like language
- Graphics that have nothing to do with the textual content
- Click-farming behavior, sites that appear to have content but which
instead link to other sites
- Attempts to get the user to register for non-I2P chat servers. We
come to you or you come to us, we will not ask you to meet us at a
third-party service unless you already use it(Note that this is not
always true for other forks and projects, but it is true of
geti2p.net).
- The use of bot networks to amplify the message on social media.
I2P(geti2p.net) does not use bots to spread the message.
{% trans -%}
These campaigns have had the side-effect of “shadow-banning” some
legitimate I2P-related discussion on Twitter and possibly other social
media.
{%- endtrans %}
{% trans -%}Our Sites{%- endtrans %}
---------
{% trans -%}
We have official sites where people may obtain the I2P software safely:
{%- endtrans %}
- `Official Website - i2p.net - TLS Fingerprint(SHA256) -
5B:09:29:D9:26:64:7D:0E:33:B6:4A:9D:6F:58:FA:5E:24:EF:18:81:21:A9:A9:4F:8B:D2:CE:D8:74:91:60:8B <https://i2p.net>`__
- `Official Website - geti2p.net - TLS Fingerprint(SHA256) -
5B:09:29:D9:26:64:7D:0E:33:B6:4A:9D:6F:58:FA:5E:24:EF:18:81:21:A9:A9:4F:8B:D2:CE:D8:74:91:60:8B <https://geti2p.net>`__
- `Official Gitlab - i2pgit.org - TLS Fingerprint(SHA256) -
0E:90:B8:61:AA:38:AB:4A:A4:F3:54:07:AC:8B:B6:FF:03:3D:DC:18:31:BD:BA:EA:4C:A9:73:28:22:CB:97:30 <https://i2pgit.org>`__
- `Official Debian Repository - deb.i2p2.de - TLS
Fingerprint(SHA256) -
17:42:0B:AB:B6:4F:24:51:5E:BC:AD:10:44:9E:2C:C9:37:BB:28:89:74:62:6B:0A:9F:23:4C:5E:A5:EA:64:91 <https://deb.i2p2.de>`__
- `Official Debian Repository - deb.i2p2.no - TLS
Fingerprint(SHA256) -
EC:43:E8:DC:29:8E:BB:78:B9:88:70:ED:21:1A:8E:AD:FA:8D:6F:5E:D9:56:54:89:9F:7B:30:58:1E:03:02:CE <https://deb.i2p2.no>`__
- `Official Forums - i2pforum.net - TLS Fingerprint(SHA256) -
7B:1E:B6:5D:C7:5A:DE:32:E6:08:DB:8E:3C:4C:DB:5F:67:DB:13:A3:C8:1F:F9:26:53:C9:49:94:8E:CD:90:D1 <https://i2pforum.net>`__
{% trans -%}Invisible Internet Project Forums, Blogs and Social Media{%- endtrans %}
---------------------------------------------------------
{% trans -%}Hosted by the project{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~
- `I2P Forums <https://i2pforum.net>`__ and its `I2P
Mirror <https://i2pforum.i2p>`__
- irc: `#i2p-dev` on Irc2P(`127.0.0.1:6668` in a standard I2P
installation)
{% trans -%}Hosted by Others{%- endtrans %}
~~~~~~~~~~~~~~~~
{% trans -%}
These services are hosted by third-parties, sometimes corporations,
where we participate in order to provide a social media outreach
presence to I2P users who choose to participate in them. We will never
ask you to participate in these unless you already have an account with
them, prior to interacting with us.
{%- endtrans %}
- `Launchpad : https://launchpad.net/i2p <https://launchpad.net/i2p>`__
- `Twitter : https://twitter.com/GetI2P <https://twitter.com/GetI2P>`__
- `Reddit :
https://www.reddit.com/r/i2p/ <https://www.reddit.com/r/i2p/>`__
- `Mastodon:
https://mastodon.social/@i2p <https://mastodon.social/@i2p>`__
- `Medium: https://i2p.medium.com/ <https://i2p.medium.com/>`__
{% trans -%}Forks, Apps, and Third-Party Implementations are Not Evil.{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
This post attempts to provide ways of vetting the source for obtaining
the Java I2P package represented by the source code contained in
https://i2pgit.org/i2p-hackers/i2p.i2p and
https://github.com/i2p/i2p.i2p, and which is available for download from
the web site https://geti2p.net/en/download. It is not intended to pass
judgement on third-party forks, downstream projects, embedders,
packagers, people experimenting in laboratories, or people who just
disagree with us. You are all valued members of our community who are
trying to protect, and not compromise, the privacy of others. Since we
are aware of attempts to impersonate I2P project community members, you
may wish to review the download, verification, and installation
procedures which you recommend to your users in order to document your
official sources and known mirrors.
{%- endtrans %}

106
i2p2www/blog/2022/09/26/i2p-safety-reminder.rst Normal file
View File

@ -0,0 +1,106 @@
{% trans -%}
==================================
A Reminder to be Safe as I2P Grows
==================================
{%- endtrans %}
.. meta::
:author: idk
:date: 2022-09-26
:category: general
:excerpt: {% trans %}A Reminder to be Safe as I2P Grows{% endtrans %}
{% trans -%}
A Reminder to be Safe as I2P Grows
{%- endtrans %}
==================================
{% trans -%}
It is an an exciting time for The Invisible Internet Project (I2P).
We are completing our migration to modern cryptography across all of our transports, ( Java and C++), and we have recently gained a high-capacity and professional outproxy service, and there are more applications integrating I2P based functionality than ever.
The network is poised to grow, so now is a good time to remind everyone to be smart and be safe when obtaining I2P and I2P-related software.
We welcome new applications, implementations, and forks with new ideas, and the power of the network comes from its openness to participation by all I2P users.
In fact, we dont like to call you users, we like to use the word “Participants” because each of you helps the network, in your own way by contributing content, developing applications, or simply routing traffic and helping other participants find peers.
{%- endtrans %}
{% trans -%}
You are the network, and we want you to be safe.
{%- endtrans %}
{% trans -%}
We have become aware of attempts to impersonate I2Ps presence on the web and social media.
To avoid offering momentum to these campaigns, we will not mention the actors affiliated with them, However, in order to help you recognize these campaigns should you encounter them in the wild, we are documenting their tactics:
{%- endtrans %}
- Copying text directly from the I2P Web Site without acknowledging our license requirements in a way that may suggest endorsement.
- Involvement or promotion of an Initial Coin Offering, or ICO
- Crypto-Scam like language
- Graphics that have nothing to do with the textual content
- Click-farming behavior, sites that appear to have content but which instead link to other sites
- Attempts to get the user to register for non-I2P chat servers. We come to you or you come to us, we will not ask you to meet us at a third-party service unless you already use it(Note that this is not always true for other forks and projects, but it is true of geti2p.net).
- The use of bot networks to amplify any message on social media. I2P(geti2p.net) does not use bots for social media advertising.
{% trans -%}
These campaigns have had the side-effect of “shadow-banning” some legitimate I2P-related discussion on Twitter and possibly other social media.
{%- endtrans %}
{% trans -%}Our Sites{%- endtrans %}
---------
{% trans -%}
We have official sites where people may obtain the I2P software safely:
{%- endtrans %}
- `{% trans -%}Official Website - i2p.net{%- endtrans %}
<https://i2p.net>`__
- `{% trans -%}Official Website - geti2p.net{%- endtrans %}
<https://geti2p.net>`__
- `{% trans -%}Official Gitlab - i2pgit.org{%- endtrans %}
<https://i2pgit.org>`__
- `{% trans -%}Official Debian Repository - deb.i2p2.de{%- endtrans %}
<https://deb.i2p2.de>`__
- `{% trans -%}Official Debian Repository - deb.i2p2.no{%- endtrans %}
<https://deb.i2p2.no>`__
- `{% trans -%}Official Forums - i2pforum.net{%- endtrans %}
<https://i2pforum.net>`__
{% trans -%}Invisible Internet Project Forums, Blogs and Social Media{%- endtrans %}
---------------------------------------------------------
{% trans -%}Hosted by the project{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~
- `{% trans -%}I2P Forums{%- endtrans %} <https://i2pforum.net>`__ - `{% trans -%}I2P{%- endtrans %}
Mirror <https://i2pforum.i2p>`__
- irc: `#i2p-dev` on Irc2P(`127.0.0.1:6668` in a standard I2P installation)
{% trans -%}Hosted by Others{%- endtrans %}
~~~~~~~~~~~~~~~~
{% trans -%}
These services are hosted by third-parties, sometimes corporations, where we participate in order to provide a social media outreach presence to I2P users who choose to participate in them.
We will never ask you to participate in these unless you already have an account with them, prior to interacting with us.
{%- endtrans %}
- `{% trans -%}Launchpad{%- endtrans %} : https://launchpad.net/i2p <https://launchpad.net/i2p>`__
- `{% trans -%}Github{%- endtrans %} : https://github.com/i2p <https://github.com/i2p>`__
- `{% trans -%}Twitter{%- endtrans %} : https://twitter.com/GetI2P <https://twitter.com/GetI2P>`__
- `{% trans -%}Reddit{%- endtrans %} :
https://www.reddit.com/r/i2p/ <https://www.reddit.com/r/i2p/>`__
- `{% trans -%}Mastodon{%- endtrans %}:
https://mastodon.social/@i2p <https://mastodon.social/@i2p>`__
- `{% trans -%}Medium{%- endtrans %}: https://i2p.medium.com/ <https://i2p.medium.com/>`__
{% trans -%}Forks, Apps, and Third-Party Implementations are Not Evil.{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
This post attempts to provide ways of vetting the source for obtaining the Java I2P package represented by the source code contained in https://i2pgit.org/i2p-hackers/i2p.i2p and https://github.com/i2p/i2p.i2p, and which is available for download from the web site https://geti2p.net/.
It is not intended to pass judgement on third-party forks, downstream projects, embedders, packagers, people experimenting in laboratories, or people who just disagree with us.
You are all valued members of our community who are trying to protect, and not compromise, the privacy of others.
Since we are aware of attempts to impersonate I2P project community members, you may wish to review the download, verification, and installation procedures which you recommend to your users in order to document your official sources and known mirrors.
{%- endtrans %}
{% trans -%}
Authors Note: An earlier version of this blog post contained the TLS fingerprint of each of the services operated by the I2P Project.
These were removed when a certificate renewal caused the fingerprints to become inaccurate.
{%- endtrans %}

347
i2p2www/blog/2022/09/26/meet-your-maintainer-divaexchange.rst Normal file
View File

@ -0,0 +1,347 @@
{% trans -%}
==================================
Meet your Maintainer: DivaExchange
==================================
{%- endtrans %}
.. meta::
:author: sadie
:date: 2022-09-26
:category: general
:excerpt: {% trans %}A conversation with DivaExchange{% endtrans %}
{% trans -%}
*In this second installment of Meet Your Maintainer, I reached out to
Konrad from DIVA.EXCHANGE to talk about DIVAs research and services.
DIVA.EXCHANGE is developing software with the goal of providing free
banking technology for everyone. It is secure without a central
infrastructure, and based on blockchain and I2P technology.*
{%- endtrans %}
**{% trans -%}What got you interested in I2P?{%- endtrans %}**
{% trans -%}
About 10 years ago I had a presentation for “Technologieforum Zug” - a
very local technology network for business guys. I was introducing I2P
and Tor as overlay networks to them - to show them that other
interesting things exist out there.
{%- endtrans %}
{% trans -%}
I was always very much interested in cryptography related technology. In
general I can say that my core interests were and still are: networks,
freedom and privacy on both a technical and social level, interesting
algos, like HashCash between 2000 and 2010, which was a very well
working Proof-of-Work algo created at Universities in the UK in the late
90s.
{%- endtrans %}
{% trans -%}
I2P fascinated me because it is really carefully done - from the
architecture to the implementation in Java and C++. Personally I prefer
de-coupled and small programs doing one thing. Hence I was pretty
fascinated by the C++ version, I2Pd, which is lean, fast and without
dependencies. It works very well for me.
{%- endtrans %}
**{% trans -%}What are the qualities in its technical capacity that aligned with
your own work or interests?{%- endtrans %}**
{% trans -%}
I adore craftsmanship. Thats art. And I2P is modern craftsmanship. I2P
creates values for end users values which cant be bought: autonomy,
liberty and serenity.
{%- endtrans %}
{% trans -%}
I2P fascinates me because its agnostic. Anyone can run anything on I2P
as long as it talks TCP or UDP - and can handle some latency. Really:
“the network is the computer” and the communication is truly private
according to the current state of knowledge.
{%- endtrans %}
**{% trans -%}Who is DIVA for?{%- endtrans %}**
{% trans -%}
DIVA gets actively developed and therefore the project is for
researchers, software developers, communicators (writers, illustrators…)
and for people who want to learn really new stuff in the area of
distributed technology.
{%- endtrans %}
{% trans -%}
Once DIVA grows up - please dont ask me when - DIVA will be a fully
distributed, self-hosted bank for everyone.
{%- endtrans %}
**{% trans -%}Can you tell me about what DIVA does?{%- endtrans %}**
{% trans -%}
As said, DIVA will be a fully distributed, self-hosted bank for
everyone. “Banking” means: savings, payments, investments, loans - so
all that stuff everybody is doing everyday. Please note in this context:
DIVA works without any central infrastructure and DIVA will never - as
long as I have something to say - be a coin or token. There cant be any
central business model involved. If a transaction creates fees because a
node of the distributed infrastructure did some work, then these fees
remain at the node which did the work.
{%- endtrans %}
{% trans -%}
Why a “bank”? Because financial liberty and autonomy is key to live a
good and peaceful life and to be able to make all those smaller and
larger daily decisions in freedom. Therefore people shall own their
small and secure technology components to do whatever they like to do
without being nudged.
{%- endtrans %}
{% trans -%}
Well, say hello to DIVA, based on I2P.
{%- endtrans %}
**{% trans -%}What are your upcoming goals? What are your stretch goals?{%- endtrans %}**
{% trans -%}
There is a very close goal: understanding the impact of SSU2 which has
been lately implemented in I2P. This is a technical goal for the next
few weeks.
{%- endtrans %}
{% trans -%}
Then, probably this year: some cryptocurrency transactions using DIVA on
testnets. Please dont forget: DIVA is a research project and people
shall be motivated to do their own stuff with DIVA - the way they need
it. We dont run any infrastructure or alike for others except some
transparent test networks to increase the knowledge and wisdom of
everyone. Its recommended to stay in touch with DIVA via social
networks
(`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__) or
chats to be inspired what to do with DIVA.
{%- endtrans %}
{% trans -%}
I also want to touch an important part for the I2P community: DIVA is
based on divachain - which is then based on I2P. Divachain is a very
generic fully distributed storage layer. So, just as an example: if some
I2P developer believes that a fully distributed, trustless DNS would be
a great idea - well, thats yet another use case of divachain. Fully
distributed - no trust needed - all anonymous.
{%- endtrans %}
**{% trans -%}What are some of the other services and contributions you are
responsible for?{%- endtrans %}**
{% trans -%}
DIVA.EXCHANGE - which is the open association developing DIVA - runs a
reseed server for I2P since a few years. So probably almost every I2P
user got somehow in touch with us in the past. Just a note: the
DIVA.EXCHANGE reseed server is also available as .onion service - so I2P
bootstrapping can be done via the tor network - which is, at least from
my perspective, an additional protection layer while entering the
network.
{%- endtrans %}
{% trans -%}
DIVA has also created an I2P SAM library. So developers can create any
modern application based on I2P. Its on github and getting more and
more popular:
`github.com/diva-exchange/i2p-sam/ <http://github.com/diva-exchange/i2p-sam/>`__.
Its complete, well documented and offers lots of examples.
{%- endtrans %}
**{% trans -%}What are some of the priorities you think that anyone who wants to
contribute to the I2P network should consider?{%- endtrans %}**
{% trans -%}
Run your I2P node. Take a look at the different flavours, like Docker
versions of I2Pd, or other installs available for multiple operating
systems. There are several flavours available and its important to be
comfortable with the local installation and configuration.
{%- endtrans %}
{% trans -%}
Then: think about your skills - networking skills, programming skills,
communication skills? I2P offers lots of interesting challenges: people
with networking skills might want to run a reseed server - they are very
important to the network. Programmers might help with the Go, C++ or
Java version of I2P. And communicators are always needed: talking about
I2P from an objective and realistic perspective is helping a lot. Every
little bit is great.
{%- endtrans %}
{% trans -%}
Last but not least: if you are a researcher or student - please get in
touch with us at DIVA.EXCHANGE or the I2P team - research work is
important for I2P.
{%- endtrans %}
**{% trans -%}Where do you see the conversation and outlook on tools like I2P now?{%- endtrans %}**
{% trans -%}
Probably I have to say something about the outlook: I2P is important to
everyone. I hope that the I2P community - developers, communicators,
etc. - remains motivated by the few which deeply appreciate their hard
work on truly challenging technology.
{%- endtrans %}
{% trans -%}
I hope that more and more developers see the benefit to develop software
based on I2P. Because this would create more use cases for end users.
Then I also hope, that the core I2P programs remain simple and become
maybe even more de-coupled. Let me make an example what I mean with
“de-coupled”: user interfaces probably should not be baked into
applications by developers - because there are front end designers which
do have great knowledge and years of experience. Developers should just
create an API, like a unix or websocket or a REST interface, so that
other services can use the program the way they want it. This makes
developers and end users happy.
{%- endtrans %}
**{% trans -%}Can you tell me a bit about your own I2P workflow? What are your own
use cases?{%- endtrans %}**
{% trans -%}
I am a developer, tester and researcher. So I need all my stuff in
containers to remain flexible. I2Pd is running in 1..n containers on
multiple systems to serve stuff like: feeding reseed requests, serving
the diva.i2p test website, running parts of the DIVA I2P test network -
see testnet.diva.exchange and I also have containers to serve my local
browsers as a combined I2P and Tor proxy.
{%- endtrans %}
**{% trans -%}How can the I2P community support your work?{%- endtrans %}**
{% trans -%}
We are on social media, like
`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__ - so
follow us there. Additionally we would love to see even more involvement
on `github.com/diva-exchange <http://github.com/diva-exchange>`__ - it
already got more and more attention in the past months. Thanks a lot for
that!
{%- endtrans %}
**{% trans -%}Glossary Of Key Terms{%- endtrans %}**
**{% trans -%}I2P Terms{%- endtrans %}**
**{% trans -%}Reseed Host{%- endtrans %}**
{% trans -%}
Reseed hosts are needed to for bootstrapping, that is, providing the
initial set of I2P nodes for your I2P node to talk to. Depending on the
status of your node it may need to bootstrap every now and then if many
of the nodes it knows of arent contactable.
{%- endtrans %}
{% trans -%}
Reseeding is done over an encrypted connection and all of the bootstrap
information is signed by the reseed host you connect to, making it
impossible for an unauthenticated source to provide you with false
information.
{%- endtrans %}
**{% trans -%}Node/Peer{%- endtrans %}**
{% trans -%}
A node or peer is part of a network of computers sharing resources. When
you download and install I2P, you participate in routing traffic for
others. Every person using I2P is a node or peer. In some cases. people
can supply more bandwidth or resources than others to the network.
However, peer diversity is important and the more people who use I2P,
the stronger the network becomes. When it comes to setting up your node,
you can customize and configure your connection and workflow with the
I2P network.
{%- endtrans %}
**I2Pd (I2Pdaemon)**
{% trans -%}
I2Pd is a C++ implementation of the I2P protocol is differs from the I2P
Java software in the following ways:
{%- endtrans %}
{% trans -%}
*Java I2P has built-in applications for torrents, e-mail and so on. i2pd
is just a router which you can use with other software through I2CP
interface.* *i2pd does not require Java. Its written in C++.* *i2pd
consumes less memory and CPU.* *i2pd can be compiled everywhere gcc or
clang presented (including Raspberry and routers).* *i2pd has some major
optimizations for faster cryptography which leads to less consumption of
processor time and energy.*
{%- endtrans %}
{% trans -%}
Citation: https://i2pd.readthedocs.io/en/latest/user-guide/FAQ/ Site:
https://i2pd.website/
{%- endtrans %}
{% trans -%}
In terms of the differences or benefits of using either the C++ or Java
version of I2P, the question often comes up. Recently, idk responded to
this question on the I2P subreddit. Ultimately, it depends on a persons
own use case or desired workflow.
{%- endtrans %}
{% trans -%}
*Easy-Install Bundle is the best way to use I2P on Windows for people
just getting started. It will automatically get you from starting the
router to successfully browsing, every time. However, it doesnt
register as a Windows service, so its not as good to use as a 24/7
transit node yet. It contains everything you need to browse, but its
designed around using I2P interactively and not running services,
necessarily.*
{%- endtrans %}
{% trans -%}
*i2pd on the other hand is very light and efficient and is designed
expressly to run as a service. Its great at being a 24/7 transit node,
especially if you install it on your router, or on a Linux server
somewhere. Its got less tools built-in though, so if you want to
torrent or browse, you will need to add those tools externally.*
{%- endtrans %}
**{% trans -%}Diva Terms{%- endtrans %}**
{% trans -%}
Konrad has provided insight into of some of the terms used during the
conversation.
{%- endtrans %}
**{% trans -%}Bank for Everyone{%- endtrans %}**
{% trans -%}
The possibility to run locally installed software which is able to do
everything a well-known bank can: send and receive payments for
anything, give and receive loans, manage investments, etc. Such banking
software shall neither be depending on any central software components
nor supervised or censored by central components. Its run and managed
by its owner only with all its benefits and reliabilities. The network
(see “Blockchain” and “Consensus”) tries to make sure that no network
participant (a user running his own bank) is able to cheat.
{%- endtrans %}
**{% trans -%}Blockchain{%- endtrans %}**
{% trans -%}
A piece of software which is able to reliably store arbitrary data.
Copies of the software and the storage space is distributed within a
network of any size where the network participants do not necessarily
trust each other (or maybe not even know each other). A synonym of
“blockchain” is “Distributed Layer Technology (DLT)”. A blockchain has
nothing to do with “coins” or “tokens”. These are just blockchain based
applications. Blockchain is a base technology which mainly solves the
problem of “trust & abuse” within a network.
{%- endtrans %}
**{% trans -%}Consensus{%- endtrans %}**
{% trans -%}
In a distributed system the majority of the participants need to agree
on the state of data (the “truth, as defined by the majority” - from a
data perspective). This is a continuous process driven by locally
installed software and this is called consensus. There are multiple
valid consensus algorithms available. Bottom line: all consensus
algorithms cost something: CPU cycles, communication capacity etc. - in
short: a bunch of data sets is the input and a single reliable, fully
distributed data set valid for the majority in the network is the
output.
{%- endtrans %}

69
i2p2www/blog/2022/09/30/SSU2-Transport.draft.rst → i2p2www/blog/2022/10/11/SSU2-Transport.rst
View File

@ -4,7 +4,7 @@
.. meta::
:author: zzz
:date: 2022-09-30
:date: 2022-10-11
:category: development
:excerpt: {% trans %}SSU2 Transport{% endtrans %}
@ -21,6 +21,7 @@ and performance, we can do better. Much better.
{% trans link1="https://i2pd.xyz/" -%}
That's why, together with the `i2pd project <{{ link1 }}>`_, we have created and implemented "SSU2",
a modern UDP protocol designed to the highest standards of security and blocking resistance.
This protocol will replace SSU.
{%- endtrans %}
{% trans -%}
@ -38,8 +39,7 @@ Java I2P implementation dating back to 2003.
SSU2 will replace `SSU <{{ link2 }}>`_, our sole remaining use of `ElGamal <{{ link3 }}>`_ cryptography.
{%- endtrans %}
- Signature types and ECDSA signatures (0.9.12, 2014)
- ECDSA routers (??)
- Signature types and ECDSA signatures (0.9.8, 2013)
- Ed25519 signatures and leasesets (0.9.15, 2014)
- Ed25519 routers (0.9.22, 2015)
- Destination encryption types and X25519 leasesets (0.9.46, 2020)
@ -51,8 +51,8 @@ we will have migrated all our authenticated and encrypted protocols to standard
{%- endtrans %}
- `NTCP2 <{{ spec_url("ntcp2") }}>`_ (0.9.36, 2018)
- `{% trans %}Ratchet end-to-end protocol{% endtrans %} <{{ spec_url("ecies") }}>`_ (0.9.46, 2020)
- `{% trans %}ECIES tunnel build messages{% endtrans %} <{{ spec_url("tunnel-creation-ecies") }}>`_ (1.5.0, 2021)
- `{% trans %}ECIES-X25519-Ratchet end-to-end protocol{% endtrans %} <{{ spec_url("ecies") }}>`_ (0.9.46, 2020)
- `{% trans %}ECIES-X25519 tunnel build messages{% endtrans %} <{{ spec_url("tunnel-creation-ecies") }}>`_ (1.5.0, 2021)
- `SSU2 <{{ proposal_url("159") }}>`_ (2.0.0, 2022)
{% trans -%}
@ -83,10 +83,19 @@ All I2P Noise protocols use the following standard cryptographic algorithms:
{% trans %}Design{% endtrans %}
------------------------------------
{% trans -%}
I2P uses multiple layers of encryption to protect traffic from attackers.
The lowest layer is the transport protocol layer, used for point-to-point links between two routers.
We currently have two transport protocols:
NTCP2, a modern TCP protocol introduced in 2018,
and SSU, a UDP protocol developed in 2005.
{%- endtrans %}
{% trans link1="/spec/i2np" -%}
SSU2, like previous I2P transport protocols, is not a general-purpose pipe for data.
Its primary job is to securely deliver I2P's low-level `I2NP messages <{{ link1 }}>`_
from one router to the next router.
Its primary task is to securely deliver I2P's low-level `I2NP messages <{{ link1 }}>`_
from one router to the next.
Each of these point-to-point connections comprises one hop in an I2P tunnel.
Higher-layer I2P protocols run over these point-to-point connections
to deliver garlic messages end-to-end between I2P's destinations.
@ -171,13 +180,13 @@ Ensuring that SSU2 headers are adequately obfuscated and/or encrypted was the fi
{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
Headers are encrypted using a header protection scheme by XORing with data calculated from known keys,
using ChaCha20, similar to QUIC [RFC-9001] and `Nonces are Noticed <{{ link1 }}>`_.
using ChaCha20, similar to QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_.
This ensures that the encrypted headers will appear to be random, without any distinguishable pattern.
{%- endtrans %}
{% trans -%}
Unlike the QUIC [RFC-9001] header protection scheme, all parts of all headers, including destination and source connection IDs, are encrypted.
QUIC [RFC-9001] and [Nonces] are primarily focused on encrypting the "critical" part of the header, i.e. the packet number (ChaCha20 nonce).
{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
Unlike the QUIC RFC-9001_ header protection scheme, all parts of all headers, including destination and source connection IDs, are encrypted.
QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_ are primarily focused on encrypting the "critical" part of the header, i.e. the packet number (ChaCha20 nonce).
While encrypting the session ID makes incoming packet classification a little more complex, it makes some attacks more difficult.
{%- endtrans %}
@ -274,31 +283,31 @@ While the SSU2 improvements are significant, we do not expect them
to be apparent to the user, either locally or in end-to-end transfer speeds.
End-to-end transfers depend on the performance of 13 other routers
and 14 point-to-point transport links, each of which could be
SSU2, NTCP2, or SSU 1.
SSU2, NTCP2, or SSU.
{%- endtrans %}
{% trans -%}
In the live network, latency and packet loss varies widely.
In the live network, latency and packet loss vary widely.
Even in a test setup, performance depends on configured latency and packet loss.
The i2pd project reports that maximum transfer rates for SSU2 were over 3 times
faster than SSU 1 in some tests. However, they completely redesigned their
SSU 1 code for SSU2 as their previous implementation was rather poor.
The Java I2P project does not expect that their SSU2 implementation will be any faster than SSU 1.
faster than SSU in some tests. However, they completely redesigned their
SSU code for SSU2 as their previous implementation was rather poor.
The Java I2P project does not expect that their SSU2 implementation will be any faster than SSU.
{%- endtrans %}
{% trans -%}
Very low-end platforms such as Raspberry Pis and OpenWRT may see substantial improvements
from the elimination of SSU 1.
from the elimination of SSU.
ElGamal is extremely slow and limits performance on those platforms.
{%- endtrans %}
{% trans -%}
SSU2 data phase encryption uses ChaCha20/Poly1305, compared to AES with a MD5 HMAC for SSU 1.
SSU2 data phase encryption uses ChaCha20/Poly1305, compared to AES with a MD5 HMAC for SSU.
Both are very fast and the change is not expected to measurably affect performance.
{%- endtrans %}
{% trans -%}
Here are some highlights of the estimated improvements for SSU2 over SSU 1:
Here are some highlights of the estimated improvements for SSU2 vs. SSU:
{%- endtrans %}
- {% trans %}40% reduction in total handshake packet size{% endtrans %}
@ -321,13 +330,14 @@ and maintenance requirements.
{% trans -%}
The Java I2P and i2pd projects will both enable SSU2 by default in their next releases (2.0.0 and 2.44.0) in November 2022.
However, they have different plans for disabling SSU 1.
I2pd will disable SSU 1 immediately, because SSU2 is a vast improvement over their SSU 1 implementation.
Java I2P plans to disable SSU 1 in mid-2023, to support a gradual transition
The Java I2P and i2pd projects will both enable SSU2 by default in their next releases (2.0.0 and 2.44.0) in late November 2022.
However, they have different plans for disabling SSU.
I2pd will disable SSU immediately, because SSU2 is a vast improvement over their SSU implementation.
Java I2P plans to disable SSU in mid-2023, to support a gradual transition
and give older routers time to upgrade.
Because Java I2P release 0.9.36 and i2pd release 2.20.0 (2018) were the first to support NTCP2,
routers older than that will not be able to connect to i2pd routers 2.44.0 or higher.
routers older than that will not be able to connect to i2pd routers 2.44.0 or higher,
as they have no compatible transports.
{%- endtrans %}
@ -342,7 +352,7 @@ The founders of I2P had to make several choices for cryptographic algorithms and
Some of those choices were better than others, but twenty years later, most are showing their age.
Of course, we knew this was coming, and we've spent the last decade planning and implementing cryptographic upgrades.
As the old saying goes, upgrading things while maintaining backward compatibility
and avoiding a "flag day" is like changing the tires on the bus while it's rolling down the road.
and avoiding a "flag day" is quite challenging, like changing the tires on the bus while it's rolling down the road.
{%- endtrans %}
{% trans -%}
@ -359,9 +369,9 @@ We thank them as well as the creators of all the cryptography we rely on to keep
{% trans -%}
Expect SSU2 to be enabled in the i2pd and Java I2P releases scheduled for November 2022.
Expect SSU2 to be enabled in the i2pd and Java I2P releases scheduled for late November 2022.
If the update goes well, nobody will notice anything different at all.
The performance benefits, while significant, will probably not be noticeable.
The performance benefits, while significant, will probably not be measurable for most people.
{%- endtrans %}
@ -369,3 +379,8 @@ The performance benefits, while significant, will probably not be noticeable.
As usual, we recommend that you update to the new release when it's available.
The best way to maintain security and help the network is to run the latest release.
{%- endtrans %}
.. _RFC-9000: https://www.rfc-editor.org/rfc/rfc9000.html
.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
.. _RFC-9002: https://www.rfc-editor.org/rfc/rfc9002.html

87
i2p2www/blog/2022/11/21/2.0.0-Release.rst Normal file
View File

@ -0,0 +1,87 @@
===========================================
{% trans -%}2.0.0 Release{%- endtrans %}
===========================================
.. meta::
:author: zzz
:date: 2022-11-21
:category: release
:excerpt: {% trans %}2.0.0 enables SSU2{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans -%}
I2P release 2.0.0 enables our new UDP transport SSU2 for all users, after completion of minor features, testing, and numerous bug fixes.
{%- endtrans %}
{% trans -%}
We also have fixes all over, including for the installer, network database, adding to the private address book, the Windows browser launcher, and IPv6 UPnP.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
{%- endtrans %}
**{% trans %}RELEASE DETAILS{% endtrans %}**
**{% trans %}Changes{% endtrans %}**
- {% trans %}i2ptunnel: Support SHA-256 digest proxy authentication (RFC 7616){% endtrans %}
- {% trans %}SSU2: Connection migration{% endtrans %}
- {% trans %}SSU2: Immediate acks{% endtrans %}
- {% trans %}SSU2: Enable by default{% endtrans %}
**{% trans %}Bug Fixes{% endtrans %}**
- {% trans %}i2ptunnel: Fix IRC USER line filtering{% endtrans %}
- {% trans %}Installer: Fix path for Windows service, caused local eepsite to be broken{% endtrans %}
- {% trans %}Installer: Fix error on Windows when username contains a space{% endtrans %}
- {% trans %}NetDB: Database store message handling fixes{% endtrans %}
- {% trans %}NetDB: Fix reseeding when clock is skewed{% endtrans %}
- {% trans %}Router: Deadlock fix{% endtrans %}
- {% trans %}SSU2: Fix packets exceeding MTU{% endtrans %}
- {% trans %}SSU2: Fix ping packets less than minimum size{% endtrans %}
- {% trans %}SSU2: Fix handling of termination acks{% endtrans %}
- {% trans %}SusiDNS: Fix adding entry to empty address book{% endtrans %}
- {% trans %}SusiMail: Fix dark theme button icons{% endtrans %}
- {% trans %}UPnP: IPv6 fix{% endtrans %}
- {% trans %}Windows: Fix launching preferred browser at startup{% endtrans %}
**{% trans %}Other{% endtrans %}**
- {% trans %}Deadlock detector improvements{% endtrans %}
- {% trans %}Debian: Change dependency from libservlet3.1-java to libjsp-api-java and libservlet-api-java{% endtrans %}
- {% trans %}i2psnark: Increase max pieces to 64K{% endtrans %}
- {% trans %}i2psnark: Add links to additional instances in the console{% endtrans %}
- {% trans %}Option to compress router logs{% endtrans %}
- {% trans %}Translation updates{% endtrans %}
`{% trans %}Full list of fixed bugs{% endtrans %}`__
__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.0.0
**{% trans %}SHA256 Checksums:{% endtrans %}**
::
df3cf4d7fc6c3ed06c7b9de5c8c7b9c692295ecddb0d780e31fc23107e045e5e i2pinstall_2.0.0_windows.exe
b9fe281f28971de674f35cba8c483037bf8ac2d96578cb34f5ee627239d03890 i2pinstall_2.0.0.jar
1d50831e72a8f139cc43d5584c19ca48580d72f1894837689bf644c299df9099 i2psource_2.0.0.tar.bz2
053864a774470df66517826e10026787dc7a90ba871e6aded018d962ca3c068a i2pupdate_2.0.0.zip
c221a9aadac400697cc79a2202130d766359518aab565ad6e99d64f29b92ff83 i2pupdate.su3

34
i2p2www/blog/2022/11/23/easy_install_bundle_2.0.0.rst Normal file
View File

@ -0,0 +1,34 @@
==========================================================================================
{% trans -%}Easy Install 2.0.0 for Windows, OSX delayed by 1 Month{%- endtrans %}
==========================================================================================
.. meta::
:author: idk
:date: 2022-11-23
:category: release
:excerpt: {% trans %}Bugfixes, Stability/Compatibility Improvements and 2.0.0{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans %}
The I2P Easy-Install bundle for Windows has been released.
In this release, support has been added for most major browsers, including all major Firefox(Gecko) and Chromium forks.
Compatibility with external I2P Service installs and un-bundled I2P user installs has been improved.
The Easy-Install bundle can now detect other I2P routers and prompt the user to launch them instead, if they already have I2P.
The browser extensions have been updated to the latest versions.
The Easy-Install now has access to `i2p.plugins.firefox`'s usability mode via the `-usability` command-line flag.
The default mode is the "Strict" mode where Javascript is disabled by NoScript.
In usability mode, Javascript is restricted by JShelter.
For more details, see the profile manager repository at i2pgit.org.
{% endtrans %}
{% trans %}
It is recommended that you update to this release for the best security, privacy, and performance, and to help the network.
{% endtrans %}
{% trans %}
Due to the departure of the developer/maintainer, the Easy-Install Bundle for OSX will be delayed by a month while we work out the maintainership.
{% endtrans %}

69
i2p2www/blog/2022/8/3/Enable-SSU2.draft.rst
View File

@ -1,69 +0,0 @@
==================================
{% trans -%}How to Enable SSU2 on I2P and i2pd{%- endtrans %}
==================================
.. meta::
:author: idk
:date: 2022-08-03
:category: ssu2
:excerpt: {% trans %}How to enable SSU2 on I2P and i2pd{% endtrans %}
{% trans -%}
Help out with SSU2 development and testing
{%- endtrans %}
============================================
{% trans -%}
I2P and i2pd developers are rapidly implementing the successor to the
venerable SSU transport protocol, SSU2. SSU2 featues many improvements on
SSU for censorship resistance, resistance to identification and blocking,
performance, and in many other areas. Users who are comfortable testing
the new protocol can enable it by following these procedures for I2P and
i2pd respectively.
{%- endtrans %}
*{% trans %}Warning: After enabling SSU2, you will publish a routerInfo which
informs other routers that you can speak SSU2. This is still a small
fraction of the network and identifies you as an early-adopter of
SSU2.*{% endtrans %}*
**{% trans %}Enabling SSU2 on I2P{% endtrans %}**
{% trans -%}
In order to enable SSU2 on Java I2P, you will need to locate your `router.config`
file. If you have enabled "Advanced Mode" in your I2P installation already, then
you can edit the `router.config` file from http://127.0.0.1:7657/configadvanced.
{%- endtrans %}
{% trans -%}
If you have not enabled advanced configuration, you'll need to edit the `router.config`
file in a text editor. That file is usually in `/var/lib/i2p/i2p-config/router.config`
on Debian, `$HOME/i2p/router.config` on other Linux,
`$HOME/Library/Application Support/i2p/router.config` on OSX,` and in
`%LOCALAPPDATA%\I2P\router.config` on Windows. Open that file in a text editor(like
`notepad.exe`` on Windows) and add the following line to the end of the file:
{%- endtrans %}
`i2np.ssu2.enable=true`
**{% trans %}Enabling SSU2 on i2pd{% endtrans %}**
{% trans -%}
In order to enable SSU2 on i2pd, you will need to locate your `i2pd.conf` file
and edit that. The `i2pd.conf` file is usually in `/etc/i2pd/i2pd.conf` on Debian,
`$HOME/i2pd/i2pd.conf` on other Linux, on Windows is: `%APPDATA%\i2pd\i2pd.conf`,
and on OSX it is: `$HOME/Library/Application Support/i2pd/i2pd.conf`. Open that,
and add the following lines to the end of the file:
{%- endtrans %}
`[SSU2]`
`enabled = true`
**{% trans %}Thanks to all Testers{% endtrans %}**
{% trans -%}
We'd like to take this moment to thank all of the testers who have helped us so
far and who will continue to help us in the future as we test SSU2 and continue
to develop the I2P network.
{%- endtrans %}

2
i2p2www/blog/2022/8/4/Enable-StormyCloud.rst
View File

@ -17,7 +17,7 @@ How to Switch to the StormyCloud Outproxy Service
{% trans -%}
For years, I2P has been served by a single default outproxy, `false.i2p`
who's reliability has been degrading. Although several competitors
whose reliability has been degrading. Although several competitors
have emerged to take up some of the slack, they are mostly unable to
volunteer to serve the clients of an entire I2P implementation by
default. However, StormyCloud, a professional, non-profit organization

111
i2p2www/blog/2023/01/09/2.1.0-Release.rst Normal file
View File

@ -0,0 +1,111 @@
===========================================
{% trans -%}2.1.0 Release{%- endtrans %}
===========================================
.. meta::
:author: zzz
:date: 2023-01-09
:category: release
:excerpt: {% trans %}2.1.0 with SSU2 and congestion fixes{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans -%}
We have learned several things since our 2.0.0 release in November.
As routers have updated to that release, the network has gone from about 1% to over 60% support for our new SSU2 transport protocol.
First, we have confirmed that SSU2 is a solid, well designed, and secure protocol.
Second, however, we have found and fixed numerous minor or rarely-triggered bugs in the implementation of the protocol.
Cumulatively, the effects of these bugs have reduced the performance of the network.
{%- endtrans %}
{% trans -%}
Also, we are aware of increased tunnel count and reduced tunnel build success rate in the network,
possibly triggered by Bitcoin's new I2P transient address feature,
but made worse by our SSU2 bugs and other congestion control problems.
We are working with Bitcoin and other non-Bitcoin projects to reduce I2P network demands.
We have improved our algorithms to reduce network load during times of congestion.
We are also collaborating with i2pd to develop common congestion control strategies.
{%- endtrans %}
{% trans -%}
Therefore, we have accelerated this release by about six weeks, to get the fixes out to everybody.
i2pd released their version 2.45.0 last week and the early results are encouraging.
New protocols, and distributed networks, are difficult to develop.
Congestion can arrive with little warning and with little clue of the cause.
Thank you for your patience as we have diagnosed and hopefully fixed the problems.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
{%- endtrans %}
**{% trans %}RELEASE DETAILS{% endtrans %}**
**{% trans %}Changes{% endtrans %}**
- {% trans %}Console: New status and banned peers tabs on /peers{% endtrans %}
- {% trans %}i2ptunnel: Add torsocks support{% endtrans %}
- {% trans %}i2ptunnel: Add SOCKS tunnel conversion to CONNECT outproxy{% endtrans %}
- {% trans %}i2ptunnel: Add SOCKS outproxy port configuration{% endtrans %}
- {% trans %}i2ptunnel: Update encryption type defaults{% endtrans %}
- {% trans %}Router: Improved congestion detection and handling{% endtrans %}
- {% trans %}Router: Use compressible padding for destinations and router infos (proposal 161){% endtrans %}
- {% trans %}SSU: Redesign symmetric NAT detection{% endtrans %}
**{% trans %}Bug Fixes{% endtrans %}**
- {% trans %}Console: Fix configuration for Argentinian Spanish{% endtrans %}
- {% trans %}Crypto: Fix LS2 encrypted leasesets, broken since 1.8.0{% endtrans %}
- {% trans %}i2psnark: Avoid OOM starting large number of torrents{% endtrans %}
- {% trans %}i2ptunnel: Numerous SOCKS tunnel fixes{% endtrans %}
- {% trans %}NTCP: Fix rare termination NPE{% endtrans %}
- {% trans %}Profiles: Fix profile load stopping after hitting corrupt file{% endtrans %}
- {% trans %}Router: Clock skew handling fixes and improvements{% endtrans %}
- {% trans %}SSU: Don't publish IPv4 address when configured for IPv6-only{% endtrans %}
- {% trans %}SSU: Fix handling of banned peers{% endtrans %}
- {% trans %}SSU2: Peer Test fixes and improvements{% endtrans %}
- {% trans %}SSU2: Termination fixes and improvements{% endtrans %}
- {% trans %}SSU2: Token and handshake fixes and improvements{% endtrans %}
- {% trans %}SSU2: Fix rare packet handling NPE{% endtrans %}
- {% trans %}SSU2: Fix rare termination IAE{% endtrans %}
- {% trans %}SSU2: Fix retransmission of session confirmed{% endtrans %}
- {% trans %}SSU2: Fix attempted connection to ourselves as an introducer{% endtrans %}
- {% trans %}UPnP: Catch rare assertion error{% endtrans %}
**{% trans %}Other{% endtrans %}**
- {% trans %}Console: Add leaseset lookup to advanced search form{% endtrans %}
- {% trans %}i2psnark: Add partial Dutch translation{% endtrans %}
- {% trans %}i2ptunnel: Allow IRCv3 ACCOUNT and CHGHOST through filter{% endtrans %}
- {% trans %}SSU2: Preliminary support for disabling SSU1{% endtrans %}
- {% trans %}Sybil: Add IPv6 address tests{% endtrans %}
- {% trans %}Translation updates{% endtrans %}
`{% trans %}Full list of fixed bugs{% endtrans %}`__
__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.1.0
**{% trans %}SHA256 Checksums:{% endtrans %}**
::
88e0d49090341f5bfa30299c3fa549c365da57a074ef694cf8201666687e583a i2pinstall_2.1.0_windows.exe
153c7988e7a9f0c2affd1e001d554e2519dd439c08bd7c024643b749db1308c1 i2pinstall_2.1.0.jar
83098c1277204c5569284b32b37ef137656b27bfe15ef903eca2da7c269288d1 i2psource_2.1.0.tar.bz2
54cf3f146f3a630fc2486f79f24c9cfc59d4c9974df0c4479251624fa7bc12a1 i2pupdate_2.1.0.zip
28a6a2f95ba9a613a040976e6d30e6662fc90241f08607f2ce43c6332b9f71bf i2pupdate.su3

41
i2p2www/blog/2023/01/13/i2p_easy_install_for_windows_2.1.0.rst Normal file
View File

@ -0,0 +1,41 @@
=============================================================
{% trans -%}Windows Easy-Install 2.1.0 Release{%- endtrans %}
=============================================================
.. meta::
:author: idk
:date: 2023-01-13
:category: release
:excerpt: {% trans %}Windows Easy-Install Bundle 2.1.0 released to improve stability, performance.{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans -%}
The I2P Easy-Install bundle for Windows version 2.1.0 has been released.
As usual, this release includes an updated version of the I2P Router.
This release of I2P provides improved strategies for dealing with network congestion.
These should improve performance, connectivity, and secure the long-term health of the I2P network.
{%- endtrans %}
{% trans -%}
This release features mostly under-the-hood improvements to the browser profile launcher.
Compatibility with Tor Browser Bundle has been improved by enabling TBB configuration through environment variables.
The Firefox profile has been updated, an the base versions of the extensions have been updated.
Improvements have been made throughout the codebase and the deployment process.
{%- endtrans %}
{% trans -%}
Unfortunately, this release is still an unsigned .exe installer.
Please verify the checksum of the installer before using it.
The updates, on the other hand are signed by my I2P signing keys and therefore safe.
{%- endtrans %}
{% trans -%}
This release was compiled with OpenJDK 19.
It uses i2p.plugins.firefox version 1.0.7 as a library for launching the browser.
It uses i2p.i2p version 2.1.0 as an I2P router, and to provide applications.
As always it is recommended that you update to the latest version of the I2P router at your earliest convenient opportunity.
{%- endtrans %}

64
i2p2www/blog/2023/01/31/mac-easy-install-notarization.rst Normal file
View File

@ -0,0 +1,64 @@
{% trans -%}
=======================================
Update on Mac Easy Install Notarization
=======================================
{%- endtrans %}
.. meta::
:author: idk,sadie
:date: 2023-01-31
:category: release
:excerpt: {% trans %}{% endtrans %}
{% trans -%}
The I2P Easy-Install Bundle for Mac has been experiencing stalled updates for the past 2 releases due to the departure of its maintainer.
For the time being, it is temporarily recommended that existing Easy-Install users delay updating and remain on 1.9.0 until the development team can successfully notarize the application and resume automatic updates.
The updates will happen immediately once this has happened.
For now, 1.9.0 is stable and has no known critical security issues.
{%- endtrans %}
{% trans -%}The Notarization Process For MacOS{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
There are many steps in the process of distributing an application to Apple users.
In order to distribute an application as a .dmg securely, the application must pass a notarization process.
In order to submit an application for notarization, a developer must sign the application using a set of certificates that includes one for code signing, and one for signing the application itself.
This signing must take place at specific points during the build process, before the final .dmg bundle which is distributed to the end users can be created.
{%- endtrans %}
{% trans -%}
I2P Java is a complex application, and because of this it is a process of trial and error to match the types of code used in the application to Apple's certificates, and where the signing takes place to produce a valid timestamp.
It is due to this complexity that existing documentation for developers is falling short of helping the team understand the correct combination of factors that will result in successful notarization.
{%- endtrans %}
{% trans -%}
These difficulties leave the timeline for completing this process difficult to predict.
We won't know we're done until we are able to clean up the build environment and follow the process end-to-end.
The good news is that we are down to only 4 errors during the notarization process from more than 50 during the first attempt and can reasonably predict that it will be competed before or in time for the next release in April.
{%- endtrans %}
{% trans -%}Options for New macOS I2P Installs and Updates{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
New I2P participants can still download the Easy Installer for the macOS 1.9.0 software.
I hope to have a release ready near the end of April.
Updates to the latest version will become available as soon as notarization is successful.
{%- endtrans %}
{% trans -%}
The classic install options is also available.
This will require downloading Java and the I2P software via the .jar based installer.
{%- endtrans %}
`{% trans -%}Jar Install Instructions are available here.{%- endtrans %} <https://geti2p.net/en/download/macos>`_
{% trans -%}
Easy-Install users can update to that latest version using a locally-produced development build.
{%- endtrans %}
`{% trans -%}Easy-Install Build Instructions are available here.{%- endtrans %} <https://i2pgit.org/i2p-hackers/i2p-jpackage-mac/-/blob/master/BUILD.md>`_
{% trans -%}
There is also the option to uninstall the software, remove the I2P configuration directory and reinstall I2P using the .jar installer.
{%- endtrans %}

23
i2p2www/blog/2023/02/09/about_the_recent_denial_of_service_attacks.rst Normal file
View File

@ -0,0 +1,23 @@
{% trans -%}
==========================================
About the recent Denial of Service attacks
==========================================
{%- endtrans %}
.. meta::
:author: idk,sadie
:date: 2023-02-09
:category: release
:excerpt: {% trans %}I2P remains intact with impaired performance{% endtrans %}
{% trans -%}
The I2P network is currently being affected by a Denial of Service attack.
The floodfill function of the network has been affected, resulting in responses being disrupted and tunnel build success rates dropping.
Participants in the network have experienced difficulties connecting to I2P sites and using I2P services.
Mitigation strategies are being investigated and implemented gradually.
{%- endtrans %}
{% trans -%}
While the attack has degraded performance, the network remains intact and usable.
Java I2P routers appear to be handling the issues better than i2pd routers for now.
Various mitigations should begin to appear in dev builds of both Java and C++ routers in the next week.
{%- endtrans %}

14
i2p2www/blog/2023/03/13/i2p-release-2.2.0.rst Normal file
View File

@ -0,0 +1,14 @@
{% trans -%}
=================
I2P Release 2.2.0
=================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-03-13
:category: release
:excerpt: {% trans %}{% endtrans %}
{% trans -%}
`This blog post has been moved here </en/blog/post/2023/03/13/new_release_2.2.0>`_
{%- endtrans %}

89
i2p2www/blog/2023/03/13/new_release_2.2.0.rst Normal file
View File

@ -0,0 +1,89 @@
{% trans -%}
=================
I2P Release 2.2.0
=================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-03-13
:category: release
:excerpt: {% trans %}{% endtrans %}
{% trans -%}
We have elected to move forward the 2.2.0 release date, which will be occurring today, March 13, 2023.
This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks.
The attacks are likely to continue, but the improvements to these systems will help to mitigate the risk of DDOS attacks by helping the router identify and de-prioritize routers that appear malicious.
{%- endtrans %}
{% trans -%}
This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
This is a backward-compatible change, so older routers will still be able to use the streaming capabilities of newer routers.
This issue was discovered and fixed internally, by the I2P development team, and is not related to the DDOS attacks.
We have never encountered a replayed streaming packet in the wild and do not believe a streaming replay attack has ever taken place against the I2P network at this time.
{%- endtrans %}
{% trans -%}
As you may have noticed, these release notes and the release itself have been signed by idk, and not zzz.
zzz has chosen to step away from the project and his responsibilities are being taken on by other team members.
As such, the project is working on replacing the network statistics infrastructure and moving the development forum to i2pforum.i2p.
We thank zzz for providing these services for such a long time.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
{%- endtrans %}
**DETAILS**
*Changes*
- {% trans %}i2psnark: New search feature{% endtrans %}
- {% trans %}i2psnark: New max files per torrent config{% endtrans %}
- {% trans %}NetDB: Expiration improvements{% endtrans %}
- {% trans %}NetDB: More restrictions on lookups and exploration{% endtrans %}
- {% trans %}NetDB: Store handling improvements{% endtrans %}
- {% trans %}NTCP2: Banning improvements{% endtrans %}
- {% trans %}Profiles: Adjust capacity estimates{% endtrans %}
- {% trans %}Profiles: Expiration improvements{% endtrans %}
- {% trans %}Router: Initial support for congestion caps (proposal 162){% endtrans %}
- {% trans %}Transports: Add inbound connection limiting{% endtrans %}
- {% trans %}Tunnels: Refactor and improve peer selection{% endtrans %}
- {% trans %}Tunnels: Improve handling of "probabalistic" rejections{% endtrans %}
- {% trans %}Tunnels: Reduce usage of unreachable and floodfill routers{% endtrans %}
*Bug Fixes*
- {% trans %}Docker: Fix graphs not displaying{% endtrans %}
- {% trans %}i2psnark: Fix torrents with '#' in the name{% endtrans %}
- {% trans %}i2psnark standalone: Fix running from outside directory{% endtrans %}
- {% trans %}i2psnark standalone: Remove "Start I2P" menu item from systray{% endtrans %}
- {% trans %}i2ptunnel: Fix typo in HTTPS outproxy hostname{% endtrans %}
- {% trans %}i2ptunnel: Interrupt tunnel build if stop button clicked{% endtrans %}
- {% trans %}i2ptunnel: Return error message to IRC, HTTP, and SOCKS clients on failure to build tunnels{% endtrans %}
- {% trans %}NTCP2: Ensure an IPv6 address is published when firewalled and IPv4 is not{% endtrans %}
- {% trans %}Ratchet: Don't bundle wrong leaseset with ack{% endtrans %}
- {% trans %}Router: Fixes for symmetric NAT errors on 'full cone' NAT{% endtrans %}
- {% trans %}SAM: Interrupt tunnel build if client times out{% endtrans %}
- {% trans %}SSU2: Fix rare peer test NPE{% endtrans %}
- {% trans %}Sybil: Don't blame i2pd publishing ::1{% endtrans %}
- {% trans %}Sybil: Memory usage and priority reduction{% endtrans %}
- {% trans %}Transports: More IP checks{% endtrans %}
*Other*
- {% trans %}Blocklist efficiency improvements{% endtrans %}
- {% trans %}Bundles: Identify Win and Mac bundles in version info{% endtrans %}
- {% trans %}Console: Identify service installs, revision, and build time in version info{% endtrans %}
- {% trans %}Console: NetDB search form and tunnels page improvements (advanced only){% endtrans %}
- {% trans %}Router: Reduce stats memory usage{% endtrans %}
- {% trans %}Tunnels: Reduce "grace period"{% endtrans %}
- {% trans %}Translation updates{% endtrans %}
Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.2.0

84
i2p2www/blog/README
View File

@ -24,6 +24,19 @@ index page). The following metadata is used:
- **excerpt**: Summary of the post (generally the same as the first line for
translation purposes). Required, it is displayed on the blog index.
Please use the following standard categories:
- android
- beta
- community
- conferences
- development
- general
- news
- release
- security
How to use the blog
-------------------
@ -31,10 +44,72 @@ How to use the blog
'mkdir -p 2014/01/01'. Day and month directories MUST be two digits!
2. Create a file in that directory with suffix '.rst'. The name of the file and
the directory path will together be the URL that the post will be visible at
e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'
e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'.
Use - for spaces in the file name.
3. Write the blog post in reStructuredText format, taking note of the custom
format notes above.
Translations
-------------
Write your post so it may be easily translated.
Inside {% trans -%}...{%- endtrans %} blocks, put line breaks after long sentences
or phrases. Do not put line breaks at random places.
Links
-------------
The goal is to keep as much formatting out of the tagged string as possible,
so that the translators are less likely to inadvertently break the formatting,
and we can change the link later without breaking translations.
This also allows us to use macros for converting to .i2p links.
External links:
For full untranslated link text:
`QUIC <https://www.rfc-editor.org/rfc/rfc9000.html>`_
For full translated link text:
`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %}`__
__ https://geti2p.net/en/download/mac
or:
`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %} <https://geti2p.net/en/download/mac>`_
For partial translated link text:
{% trans link1="https://...", link2="..." -%}
Blah blah `link text <{{ link1 }}>`_ more text.
<%- endtrans %>
Internal links:
As above but use, e.g.
`NTCP2 <{{spec_url("ntcp2")}}>`_
`SSU2 <{{proposal_url("159")}}>`_
This does not work: {% trans link1="{{spec_url('i2np')}}" -%}
Multiple links to the same thing:
{% trans -%}
Blah blah RFC-9001_
and RFC-9001_ again.
<%- endtrans %>
.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
RST guide: https://docutils.sourceforge.io/docs/user/rst/quickref.html#hyperlink-targets
Writing draft posts
-------------------
@ -43,6 +118,13 @@ with this suffix will be visible at their post URL, but will not be shown in
the blog index. To publish the draft post, change the filename to remove the
'.draft' in the suffix (e.g. git mv foo.draft.rst foo.rst).
Review your formatting before checking in with the linux tool rst2html.
This will not process translation blocks, of course.
After checking in the draft, navigate to it in your browser and verify
the formatting is correct, including translation blocks.
Creating shortlinks
-------------------

49
i2p2www/blog/helpers.py
View File

@ -30,13 +30,13 @@ def get_blog_feed_items(num=0, category=None):
for post in posts:
meta = post[1]
parts = post[2]
a = {}
a['title'] = meta['title']
a['content'] = meta['excerpt'] if len(meta['excerpt']) > 0 else parts['fragment']
a['author'] = meta['author']
a['url'] = url_for('blog_post', lang=g.lang, slug=post[0])
a['updated'] = datetime.datetime.strptime(meta['date'], '%Y-%m-%d')
items.append(a)
items.append({
'title': meta['title'],
'content': meta['excerpt'] if len(meta['excerpt']) > 0 else parts['fragment'],
'author': meta['author'],
'url': url_for('blog_post', lang=g.lang, slug=post[0]),
'updated': datetime.datetime.strptime(meta['date'], '%Y-%m-%d')
})
return items
def get_blog_posts(num=0, return_parts=False, category=None):
@ -80,36 +80,35 @@ def get_blog_slugs(num=0):
return slugs[:num]
return slugs
def _slug_base(slugbase, func):
parts = slugbase.split('/')
slugParts = []
for p in parts:
slugParts.append(func(p))
return "/".join(slugParts)
# reads a date and if it finds a one-digit representation of a day or month,
# lengthens it to two
def slug_base_datevalidate(slugbase):
parts = slugbase.split('/')
slugParts = []
for p in parts:
slugParts.append(datevalidate(p))
return "/".join(slugParts)
return _slug_base(slugbase, datevalidate)
# turns a one-digit date unit into a two-digit date unit
def datevalidate(slugfrag):
if len(str(slugfrag)) == 1:
return "0"+str(slugfrag)
else:
return str(slugfrag)
slug = str(slugfrag)
if len(slug) == 1:
slug = "0" + slug
return slug
# turns a two-digit date unit into a one-digit date unit
def dedatevalidate(slugfrag):
if len(str(slugfrag)) == 2:
return str(slugfrag).lstrip("0")
else:
return str(slugfrag)
slug = str(slugfrag)
if len(slug) == 2:
return slug.lstrip("0")
return slug
# reverses slug_base_datevalidate
def slug_base_dedatevalidate(slugbase):
parts = slugbase.split('/')
slugParts = []
for p in parts:
slugParts.append(dedatevalidate(p))
return "/".join(slugParts)
return _slug_base(slugbase, dedatevalidate)
def get_date_from_slug(slug):
slug = slug_base_datevalidate(slug)

30
i2p2www/browser.py
View File

@ -1,6 +1,8 @@
from flask import redirect, render_template, request
from i2p2www import CURRENT_I2P_VERSION, MIRRORS_FILE
temp = lambda a: 'site/browser/' + a + '.html'
def browser_frontpage():
useragent = request.headers.get('User-Agent')
osname = "unknown"
@ -10,41 +12,39 @@ def browser_frontpage():
osname = "windows"
elif 'Linux' in useragent:
osname = "linux"
return render_template('site/browser/_front.html', user_agent=useragent, detected_os=osname)
return render_template(temp('_front'), user_agent=useragent, detected_os=osname)
deftemp = lambda a: render_template(temp(a))
def browser_intro():
return render_template('site/browser/intro.html')
return deftemp('intro')
def browser_download():
return render_template('site/browser/download.html')
return deftemp('download')
def browser_releasenotes():
return render_template('site/browser/releasenotes.html')
return deftemp('releasenotes')
def browser_roadmap():
return render_template('site/browser/roadmap.html')
return deftemp('roadmap')
#def browser_known_issues():
# return render_template('site/browser/known_issues.html')
# return deftemp('known_issues')
#def browser_troubleshooting():
# return render_template('site/browser/troubleshooting.html')
# return deftemp('troubleshooting')
#def browser_updating():
# return render_template('site/browser/updating.html')
# return deftemp('updating')
def browser_develop():
return render_template('site/browser/develop.html')
return deftemp('develop')
def browser_donate():
return render_template('site/browser/donate.html')
return deftemp('donate')
def browser_faq():
if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
show_i2p_links = True
else:
show_i2p_links = False
return render_template('site/browser/faq.html', is_i2p_internal=show_i2p_links)
show_i2p_links = request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server')
return render_template(temp('faq'), is_i2p_internal=show_i2p_links)

79
i2p2www/downloads.py
View File

@ -49,10 +49,8 @@ DEFAULT_I2P_MIRROR = {
# Read in mirrors from file
def read_mirrors():
file = open(MIRRORS_FILE, 'r')
dat = file.read()
file.close()
lines=dat.split('\n')
with open(MIRRORS_FILE, 'r') as file:
lines = file.read().split('\n')
ret={}
for line in lines:
try:
@ -73,80 +71,71 @@ def read_mirrors():
ret[net][protocol][domain]=obj
return ret
# List of downloads
def downloads_list():
def get_mirror(request):
# TODO: read mirror list or list of available files
if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
def_mirror = DEFAULT_I2P_MIRROR
return DEFAULT_I2P_MIRROR
else:
def_mirror = DEFAULT_MIRROR
return render_template('downloads/list.html', def_mirror=def_mirror)
return DEFAULT_MIRROR
deflist = lambda a: render_template('downloads/' + a + '.html')
deflist2 = lambda a: render_template('downloads/' + a + '.html', def_mirror=get_mirror(request))
# List of downloads
def downloads_list():
return deflist2('list')
# Debian-specific page
def downloads_debian():
return render_template('downloads/debian.html')
return deflist('debian')
# Windows-specific page
def downloads_windows():
return render_template('downloads/windows.html')
return deflist('windows')
# MacOS-specific page
def downloads_macos():
return deflist('macos')
# AIO-Windows-specific page
def downloads_easyinstall():
# TODO: read mirror list or list of available files
if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
def_mirror = DEFAULT_I2P_MIRROR
else:
def_mirror = DEFAULT_MIRROR
return render_template('downloads/easyinstall.html', def_mirror=def_mirror)
return deflist2('easyinstall')
# Docker-specific page
def downloads_docker():
return render_template('downloads/docker.html')
return deflist('docker')
# Firefox-specific page
def downloads_firefox():
# TODO: read mirror list or list of available files
if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
def_mirror = DEFAULT_I2P_MIRROR
else:
def_mirror = DEFAULT_MIRROR
return render_template('downloads/firefox.html', def_mirror=def_mirror)
return deflist2('firefox')
# The Lab
def downloads_lab():
# TODO: read mirror list or list of available files
if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
def_mirror = DEFAULT_I2P_MIRROR
else:
def_mirror = DEFAULT_MIRROR
return render_template('downloads/lab.html', def_mirror=def_mirror)
return deflist2('lab')
# Mac DMG page
def downloads_mac():
# TODO: read mirror list or list of available files
if request.headers.get('X-I2P-Desthash') and not request.headers.get('X-Forwarded-Server'):
def_mirror = DEFAULT_I2P_MIRROR
else:
def_mirror = DEFAULT_MIRROR
return render_template('downloads/mac.html', def_mirror=def_mirror)
return deflist2('mac')
def downloads_config():
return render_template('downloads/config.html')
return deflist('config')
# Specific file downloader
def downloads_select(version, file):
mirrors=read_mirrors()
obj=[]
for net in mirrors.keys():
a={}
a['key']=net
a['name']=net
a['protocols']=[]
a = {
'key': net,
'name': net,
'protocols': []
}
for protocol in mirrors[net].keys():
b={}
b['key']=protocol
b['name']=protocol
b['domains']=mirrors[net][protocol]
b = {
'key': protocol,
'name': protocol,
'domains': mirrors[net][protocol]
}
a['protocols'].append(b)
obj.append(a)
return render_template('downloads/select.html', mirrors=obj, version=version, file=file)

6
i2p2www/extensions.py
View File

@ -113,9 +113,7 @@ class HighlightExtension(Extension):
lang = g.lang
parameters['tagurlformat'] = '/spec/%(path)s%(fname)s'
if formatter == 'textspec':
formatter = TextSpecFormatter(**parameters)
else:
formatter = I2PHtmlFormatter(**parameters)
func = TextSpecFormatter if formatter == 'textspec' else I2PHtmlFormatter
formatter = func(**parameters)
code = highlight(Markup(body).unescape(), lexer, formatter)
return code

38
i2p2www/formatters.py
View File

@ -376,17 +376,19 @@ class I2PHtmlFormatter(Formatter):
def __init__(self, **options):
Formatter.__init__(self, **options)
dec = lambda t, d='': self._decodeifneeded(options.get(t, d))
getbool = lambda key, d=False: get_bool_opt(options, key, d)
self.title = self._decodeifneeded(self.title)
self.nowrap = get_bool_opt(options, 'nowrap', False)
self.noclasses = get_bool_opt(options, 'noclasses', False)
self.nowrap = getbool('nowrap')
self.noclasses = getbool('noclasses')
self.classprefix = options.get('classprefix', '')
self.cssclass = self._decodeifneeded(options.get('cssclass', 'highlight'))
self.cssstyles = self._decodeifneeded(options.get('cssstyles', ''))
self.prestyles = self._decodeifneeded(options.get('prestyles', ''))
self.cssfile = self._decodeifneeded(options.get('cssfile', ''))
self.noclobber_cssfile = get_bool_opt(options, 'noclobber_cssfile', False)
self.tagsfile = self._decodeifneeded(options.get('tagsfile', ''))
self.tagurlformat = self._decodeifneeded(options.get('tagurlformat', ''))
self.cssclass = dec('cssclass', 'highlight')
self.cssstyles = dec('cssstyles')
self.prestyles = dec('prestyles')
self.cssfile = dec('cssfile')
self.noclobber_cssfile = getbool('noclobber_cssfile')
self.tagsfile = dec('tagsfile')
self.tagurlformat = dec('tagurlformat')
if self.tagsfile:
if not ctags:
@ -405,7 +407,7 @@ class I2PHtmlFormatter(Formatter):
self.linenostart = abs(get_int_opt(options, 'linenostart', 1))
self.linenostep = abs(get_int_opt(options, 'linenostep', 1))
self.linenospecial = abs(get_int_opt(options, 'linenospecial', 0))
self.nobackground = get_bool_opt(options, 'nobackground', False)
self.nobackground = getbool('nobackground')
self.lineseparator = options.get('lineseparator', '\n')
self.lineanchors = options.get('lineanchors', '')
self.linespans = options.get('linespans', '')
@ -841,8 +843,9 @@ class TextSpecFormatter(Formatter):
def __init__(self, **options):
Formatter.__init__(self, **options)
self.tagsfile = self._decodeifneeded(options.get('tagsfile', ''))
self.tagurlformat = self._decodeifneeded(options.get('tagurlformat', ''))
dec = lambda t, d='': self._decodeifneeded(options.get(t, d))
self.tagsfile = dec('tagsfile', '')
self.tagurlformat = dec('tagurlformat', '')
if self.tagsfile:
if not ctags:
@ -878,17 +881,14 @@ class TextSpecFormatter(Formatter):
'fext': extension}
refs[value] = '\n[%s]: %s#%s-%s' % (value, url, kinds[kind], value.lower())
value = '[%s]' % value
if enc:
outfile.write(value.encode(enc))
else:
outfile.write(value)
value = value.encode(enc)
outfile.write(value)
for ref in refs.values():
if enc:
outfile.write(ref.encode(enc))
else:
outfile.write(ref)
ref = ref.encode(enc)
outfile.write(ref)
def _lookup_ctag(self, token):
entry = ctags.TagEntry()

21
i2p2www/legacy.py
View File

@ -23,6 +23,7 @@ LEGACY_FUNCTIONS_MAP={
'easyinstall': {'function': 'downloads_easyinstall', 'params': {}},
'nsis': {'function': 'downloads_easyinstall', 'params': {}},
'windows': {'function': 'downloads_windows', 'params': {}},
'macos': {'function': 'downloads_macos', 'params': {}},
'download': {'function': 'downloads_list', 'params': {}},
'installation': {'function': 'downloads_list', 'params': {}},
'meetings': {'function': 'meetings_index', 'params': {}},
@ -205,16 +206,20 @@ def legacy_show(f):
lang = g.lang
if lang == 'zh':
lang = 'zh_CN'
if f in SHORTLINKS:
return redirect(url_for(SHORTLINKS[f]['function'], lang=lang, **SHORTLINKS[f]['params']), 301)
elif f in LEGACY_FUNCTIONS_MAP:
return redirect(url_for(LEGACY_FUNCTIONS_MAP[f]['function'], lang=lang, **LEGACY_FUNCTIONS_MAP[f]['params']), 301)
elif f in LEGACY_PAGES_MAP:
return redirect(url_for('site_show', lang=lang, page=LEGACY_PAGES_MAP[f]), 301)
elif f in LEGACY_BLOG_POSTS_MAP:
mapit = True
if f in LEGACY_BLOG_POSTS_MAP:
return legacy_blog(lang, LEGACY_BLOG_POSTS_MAP[f]['date'], LEGACY_BLOG_POSTS_MAP[f]['title'])
elif f in SHORTLINKS:
a = SHORTLINKS[f]
elif f in LEGACY_FUNCTIONS_MAP:
a = LEGACY_FUNCTIONS_MAP[f]
else:
return redirect(url_for('site_show', lang=lang, page=f), 301)
a = 'site_show'
b = LEGACY_PAGES_MAP[f] if f in LEGACY_PAGES_MAP else f
mapit = False
if mapit:
return redirect(url_for(a['function'], lang=lang, **a['params']), 301)
return redirect(url_for(a, lang=lang, page=b), 301)
def legacy_meeting(id):
return redirect(url_for('meetings_show', id=id, lang='en'), 301)

22
i2p2www/meetings/helpers.py
View File

@ -15,12 +15,12 @@ def get_meetings_feed_items(num=0):
meetings = get_meetings(num)
items = []
for meeting in meetings:
a = {}
a['title'] = meeting['parts']['title']
a['content'] = meeting['parts']['fragment']
a['url'] = url_for('meetings_show', lang=g.lang, id=meeting['id'])
a['updated'] = (meeting['date'] if meeting['date'] else datetime.datetime(0))
items.append(a)
items.append({
'title': meeting['parts']['title'],
'content': meeting['parts']['fragment'],
'url': url_for('meetings_show', lang=g.lang, id=meeting['id']),
'updated': (meeting['date'] if meeting['date'] else datetime.datetime(0))
})
return items
def get_meetings(num=0):
@ -36,11 +36,11 @@ def get_meetings(num=0):
date = datetime.datetime.strptime(parts['title'], 'I2P dev meeting, %B %d, %Y')
except ValueError:
date = None
a = {}
a['id'] = id
a['date'] = date
a['parts'] = parts
meetings.append(a)
meetings.append({
'id': id,
'date': date,
'parts': parts
})
return meetings
def get_meetings_ids(num=0):

165
i2p2www/meetings/logs/316.log Normal file
View File

@ -0,0 +1,165 @@
(04:00:08 PM) eyedeekay: Hi everyone, welcome to the October 4 2022 meeting
(04:00:08 PM) eyedeekay: 1. Hi
(04:00:18 PM) zlatinb: hi
(04:00:28 PM) zzz: hi
(04:00:51 PM) eyedeekay: 1. Hi
(04:00:51 PM) eyedeekay: 2. 1.10.0 development status
(04:00:51 PM) eyedeekay: 3. next release 2.0.0?
(04:00:51 PM) eyedeekay: 4. Publish source tarballs for bundle releases
(04:00:51 PM) eyedeekay: 5. Free stickers for translators
(04:00:51 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
(04:01:05 PM) eyedeekay: 2. 1.10.0 development status
(04:01:15 PM) eyedeekay: About 7 weeks to go
(04:01:24 PM) eyedeekay: My big priority this month has been to get the Windows Easy-Install bundle ready to go out of beta
(04:01:31 PM) eyedeekay: Lots of stuff on the forum about that, targeting stable updates, compatibility with existing/unbundled routers, and a more stable and flexible way to manage and launch browser profiles, more on all that in item 6
(04:01:38 PM) eyedeekay: Also working on a "Split Tunneling" or "Per-App VPN" tool in Android(on the roadmap).
(04:01:47 PM) eyedeekay: The utility is that it allow users to configure their browsers more easily, in a way which prevents WebRTC escapes by putting them onto an interface which corresponds to an I2P connection and not to their network provider
(04:02:05 PM) eyedeekay: zzz, zlatinb what would you like to add that you're working on
(04:02:30 PM) zzz: not a lot to report... SSU2 testing continues to go well...
(04:02:53 PM) zzz: put up proposal 161 about compressible padding, we'll be discussing it in #ls2 meetings...
(04:03:06 PM) zlatinb: Nothing specific I'm working on, just want to let everyone know that I'll be afk from 22nd Nov to 10th Dec so if the next release gets tagged on the 21st I may be able to build the mac bundles but will most likely not be able to seed the torrents
(04:03:29 PM) eyedeekay: If you send me the files I'll seed them for you
(04:03:32 PM) zzz: I have some peer selection efficiency improvements I'm going to try to get in soon, may or may not make it
(04:03:43 PM) zzz: EOT
(04:04:21 PM) eyedeekay: Thanks zzz, zlatinb, I don't want to rush anybody but we do have a long agenda today, anything else to add on 2?
(04:04:59 PM) eyedeekay: 3. next release 2.0.0?
(04:04:59 PM) eyedeekay: My vote is yes to 2.0.0
(04:05:19 PM) zzz: yeah I put it up for comments on my forum and got I think 1 yes and no no's
(04:05:36 PM) eyedeekay: I was a yes at the last meeting too I think
(04:05:46 PM) zzz: I'd like to decide today because I have a SSU2 blog post ready to go and it would be helpful to refer to the next release by number
(04:06:22 PM) zzz: yeah I didn't hear any strong opinions one way or the other last meeting which is why we pushed it a month
(04:06:34 PM) zzz: I think it's a good idea
(04:06:51 PM) zzz: so if there's no objections, let's call it 2.0.0!
(04:07:30 PM) eyedeekay: Timeout 1m for objections
(04:07:47 PM) zzz: make it 30 seconds :)
(04:07:54 PM) eyedeekay: Yeah I already burned 30
(04:08:04 PM) eyedeekay: OK there it is
(04:08:06 PM) eyedeekay: 2.0.0
(04:08:17 PM) eyedeekay: 4. Publish source tarballs for bundle releases
(04:08:31 PM) zzz: yeah this was my item
(04:08:53 PM) zzz: standard open source practice is to post source tarballs, even if we can point to a git tag
(04:09:06 PM) zzz: I understand that the Mac source doesn't change release to release?
(04:09:10 PM) zzz: but the windows source does?
(04:09:46 PM) zlatinb: well the mac bundle has evolved to enable arm64 but in general it doesn't change
(04:10:02 PM) eyedeekay: What we both do is clone a copy of the repo and check out a specific release tag, ant distclean, generate our jars, and copy them into the bundle trees
(04:10:15 PM) zzz: anyway, my recommendation is that we generate source tarballs as part of the build process and link to them on the respective download pages
(04:10:36 PM) zzz: if they don't change, then I guess they can be unversioned
(04:10:50 PM) zzz: so the windows source doesn't change release-to-release either?
(04:11:01 PM) zlatinb: I would rather just tag and then fetch the tarball from github. I expect at least for a while the only thing changing in the mac bundle will be the changelog file
(04:11:50 PM) zzz: you all can work out the details, but the goal is to have source and instructions so anybody can build it themselves
(04:12:00 PM) eyedeekay: The i2p jars that get included don't change except to get updated, but the Windows source has changed in the launcher quite a lot since it started
(04:12:12 PM) zzz: are you two willing to do that and add it to your release processes?
(04:12:21 PM) eyedeekay: Yes absolutely
(04:12:31 PM) eyedeekay: My release scripts and daily scripts now include tarball every time
(04:12:36 PM) zzz: you don't need to include dependencies such as i2p, and probably shouldn't
(04:12:37 PM) eyedeekay: zab's too IIRC
(04:12:54 PM) zlatinb: the question is where to put the tarballs, should they be available on the site, etc.
(04:13:25 PM) zzz: somewhere on the download server with everything else, with links on the bundle pages. You two can work out the details to be consistent
(04:13:59 PM) zlatinb: well that's the thing, if we can just point to a gitlab tag then there's no need for any extraneous links
(04:14:31 PM) zzz: disagree, I think it's good open source practice to publish source tarballs
(04:14:55 PM) zlatinb: github and maybe gitlab allow tarball download off of a tag
(04:14:57 PM) eyedeekay: It's not much more effort, I'm not against it, I tag in the same script I generate tarballs in
(04:15:05 PM) zzz: here's the binary, here's the source, here's the gpg sigs, here's the build instructions
(04:15:29 PM) zzz: it's also consistent with our mainline release to have tarballs
(04:16:15 PM) zzz: sounds like zlatinb is not in agreement? should we push this off to next month?
(04:16:38 PM) zlatinb: yeah I think it's unnecessary
(04:16:57 PM) zlatinb: but don't mind doing it if that's what the decision is
(04:17:11 PM) zzz: if it never changes, you only have to do it once and you're done
(04:17:47 PM) zlatinb: it has changed very rarely historically
(04:18:03 PM) eyedeekay: Kicking it down the road for now is fine with me, zlatinb and I can work out what we're going to do or not do in the meantime
(04:18:33 PM) eyedeekay: This might be a situation where we have to be a little different because my bundle has been a little more rapidly-changing than his
(04:19:27 PM) zzz: if we don't want to decide today I'll start a forum thread to solicit more opinions
(04:20:44 PM) zlatinb: ok
(04:20:44 PM) zzz: ok = you're oppposed for now?
(04:21:02 PM) eyedeekay: Probably a good idea, and I'm pro tarballs
(04:21:31 PM) zlatinb: yeah
(04:21:31 PM) zzz: no problem, eyedeekay put it on the list for next month
(04:21:37 PM) eyedeekay: OK can do
(04:21:52 PM) eyedeekay: Anything else for 4?
(04:22:38 PM) eyedeekay: 5. Free stickers for translators
(04:22:55 PM) eyedeekay: zzz this one was also yours, take it away whenever you're ready
(04:23:16 PM) zzz: yeah, credit sarah jamie lewis on twitter
(04:23:32 PM) zzz: for her project which I've forgotten the name... cwtch?
(04:24:02 PM) eyedeekay: That's the one
(04:24:02 PM) zzz: anyway, thought it was a good idea, but we'd need a) stickers and b) people to mail them
(04:24:17 PM) zzz: both of which we used to have but are now out of both people and stickers?
(04:24:40 PM) zzz: so, do we want to do it, and should we order stickers (even if we don't)
(04:24:45 PM) zzz: EOT
(04:25:26 PM) zzz: sadie and eche|on used to be the sticker people I think
(04:25:38 PM) eyedeekay: I went through and counted mine up, I've got maybe 35 of the old ones(Toopie) and 91 left of the run I ordered in the spring, but I'd be fine with ordering more
(04:25:41 PM) zzz: anyway, comments please... yes/no/maybe?
(04:26:00 PM) eyedeekay: I can mail them within the US and Canada but the EU isn't great for me
(04:26:21 PM) zzz: we have hundreds of translators registered. only a few are probably active
(04:26:41 PM) zzz: who is the sticker-orderer-person?
(04:27:54 PM) eyedeekay: The last person to order stickers was probably me, but I did them on my own time/out of pocket so I would have them for conventions
(04:28:19 PM) zzz: who's in charge of PR?
(04:28:48 PM) zzz: who has an opinion about stickers for translators?
(04:28:48 PM) zzz: well, you could have / should have gotten reimbursed... echelon used to be the sticker guy
(04:29:54 PM) zzz: we're going to need his buyin both for the cost, and to make him the EU mail person, and to send half to you and half to him
(04:30:15 PM) zzz: since he's not around, put this on the list for next month, I'll try to get his attention
(04:30:22 PM) eyedeekay: I think that if translators request stickers we should be able to get them some stickers, but that it should be contingent on request
(04:30:59 PM) zzz: sure, we don't have anybody's address, they have to ask. but we would have to tell them to ask
(04:31:17 PM) uis is now known as Irc2PGuest33729
(04:31:48 PM) zzz: if anybody's going to CCC then you need to hop on more stickers, independent of translators
(04:32:42 PM) zzz: EOT, push it to next month, no answers today
(04:32:47 PM) eyedeekay: Ack, I do plan to go so I'll make sure I have some stickers
(04:32:47 PM) eyedeekay: So next step is start an email chain with Ech about it
(04:33:09 PM) eyedeekay: EOT from me, anything else on 5?
(04:33:50 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
(04:33:58 PM) eyedeekay: This one's mine obviously
(04:34:26 PM) eyedeekay: So 1.9.5 point release happened technically because of the reseed application context timer obviously
(04:34:45 PM) eyedeekay: But it was a convenient time to also keep an eye on how the updates performed
(04:35:54 PM) zlatinb: and how did it behave?
(04:35:55 PM) eyedeekay: It wasn't without complications, people who were using fell into 3 groups
(04:36:56 PM) eyedeekay: 1. People for whom it worked perfectly
(04:36:56 PM) eyedeekay: 2. People for whom it resulted in corrupted router.config files for un-bundled routers
(04:36:56 PM) eyedeekay: 3. People for whom it it did not update because the router.config files were from un-bundled routers
(04:37:22 PM) eyedeekay: 2 and 3 were problems, I followed up with the fix in a forum post on zzz.i2p
(04:37:43 PM) eyedeekay: I believe they are fixed now and cannot recur in the future
(04:37:57 PM) eyedeekay: Therefore I think the update process will be ready by what is now 2.0.0
(04:38:08 PM) eyedeekay: I actually think it's ready now but 7 weeks to test
(04:38:53 PM) eyedeekay: So I would like to move it out of beta in November
(04:39:09 PM) zzz: we don't have documented criteria for out-of-beta, really
(04:39:17 PM) zzz: but for me it's that the release processes are solid, things aren't getting missed
(04:39:27 PM) zzz: we're not doing point releases a week later to fix stuff
(04:39:45 PM) zzz: but you may wish to list your own feature goals
(04:40:21 PM) zzz: for example, are you two solid on reviewing the java updates every three months and jointly deciding to release or not?
(04:40:40 PM) zzz: I didn't see any on-IRC discussion. did it happen off-IRC perhaps?
(04:41:31 PM) zlatinb: the last discussion happened here, there has been no off-IRC discussion regarding jre point releases since
(04:42:21 PM) eyedeekay: Didn't we talk about it on Whereby a little after that?
(04:42:36 PM) eyedeekay: IIRC we only release in the Java cycle if there's a CVE which affects the last release?
(04:42:46 PM) zzz: just to take an example, 18.0.2.1 August 18 2022 fixes a JIT bug that crashes the JRE. Are you two both on that, or did you jointly decide it wasn't necessary?
(04:43:33 PM) zlatinb: I'm not on that I don't think
(04:43:43 PM) zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
(04:44:08 PM) zlatinb: 21:43:29 zlatinb: I'm not on that I don't think
(04:44:08 PM) zlatinb: 21:43:42 zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
(04:44:12 PM) zzz: back
(04:45:12 PM) eyedeekay: I am on 18.0.2.1 but because I pushed back my release to try and make sure I addressed some stability issues and by that time Java had updated
(04:45:24 PM) eyedeekay: Also my point release was built with an updated JDK
(04:45:35 PM) eyedeekay: So that's got us out-of-sync again I think
(04:45:54 PM) zzz: that's what I'm getting at about processes. If the build and release processes aren't yet stable and being reliably followed, these procucts aren't ready to graduate
(04:46:01 PM) zzz: so when you updated, to 18.0.2.1, did you tell zlatinb you were doing it and suggest he do the same?
(04:47:04 PM) eyedeekay: No I didn't, I simply let it auto-update and built with the latest version
(04:48:13 PM) eyedeekay: So... there's another process to revise on my side
(04:49:31 PM) zzz: I'd suggest you work on a solid bug-free release in november (together with whatever feature goals you have) and if that goes well put yourself on the agenda for december
(04:50:00 PM) eyedeekay: OK can do
(04:50:56 PM) zzz: or january because the release is likely to be late nov., may not have enough info by 1st week in dec.
(04:52:02 PM) eyedeekay: If there's not enough to go on by then I'll move it
(04:52:15 PM) eyedeekay: Anything else for 6?
(04:52:27 PM) zzz: a brief 6a)
(04:52:30 PM) eyedeekay: Sure
(04:52:52 PM) zzz: zlatinb, reported that the mac arm update went well, so as far as I'm concerned it's out of beta as discussed on my forum
(04:53:28 PM) zzz: zlatinb, you need to update your page to remove the beta label
(04:53:28 PM) zzz: eot
(04:53:28 PM) zlatinb: ok
(04:53:29 PM) zlatinb: will do soon
(04:54:24 PM) eyedeekay: All right that puts us at just shy of an hour, anything else for the meeting?
(04:54:26 PM) eyedeekay: timeout 1m
(04:54:41 PM) zlatinb: yes
(04:54:57 PM) zlatinb: if StormyCloud reads the logs, I encourage them to address the concerns raised on reddit
(04:56:15 PM) zlatinb: the longer that question stays unanswered the worse it looks
(04:56:18 PM) eyedeekay: agreed, they do sometimes come to reddit and it would be good to hear from them
(04:56:36 PM) zlatinb: eot
(04:56:43 PM) eyedeekay: Thanks zlatinb
(04:57:37 PM) eyedeekay: Anything else for the meeting(again)? timeout 30s this time
(04:58:21 PM) eyedeekay: Thanks everyone for coming, I'll post the logs tonight, see you around IRC and same time next month

11
i2p2www/meetings/logs/316.rst Normal file
View File

@ -0,0 +1,11 @@
I2P dev meeting, October 04, 2022 @ 20:00 UTC
=============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz,
zlatinb

93
i2p2www/meetings/logs/317.log Normal file
View File

@ -0,0 +1,93 @@
(03:00:31 PM) eyedeekay: Hi everyone, welcome to the November 8 meeting
(03:00:31 PM) eyedeekay: 1. Hi
(03:00:31 PM) eyedeekay: 2. 2.0.0 development status
(03:00:31 PM) eyedeekay: 3. Publish source tarballs for bundle releases
(03:00:31 PM) eyedeekay: 4. Free Stickers for Translators
(03:00:31 PM) eyedeekay: Anything else for the agenda?
(03:00:39 PM) mode (-m ) by zzz
(03:01:19 PM) zzz: hi
(03:01:58 PM) eyedeekay: hi zzz
(03:02:03 PM) eyedeekay: Anybody else here today?
(03:02:08 PM) eche|on: hi
(03:02:18 PM) eyedeekay: Hi eche|on
(03:02:39 PM) eyedeekay: 2. 2.0.0 development status
(03:02:58 PM) eyedeekay: We're 2 weeks from release with a tag freeze tomorrow, IIRC
(03:03:49 PM) eyedeekay: Yes that's exactly when
(03:04:38 PM) eyedeekay: zzz and orignal have been hard at work getting ssu2 ready, the plan is still to enable it
(03:05:08 PM) eyedeekay: I'll be doing an unsigned release of the I2P Easy-Install for Windows
(03:05:50 PM) eyedeekay: I don't know the Mac release status, though, are Mac users stuck on 1.9.0 until we can find a new Mac maintainer/signer?
(03:06:25 PM) zzz: yes. There's a pretty good summary of the release at http://zzz.i2p/topics/3377
(03:07:02 PM) zzz: the SSU2 testing in the last 3 months with 2% enabled has been a tremendous success
(03:07:17 PM) zzz: haven't found any major issues, but we've fixed countless minor ones
(03:08:19 PM) eche|on: go ahead with SSU2
(03:08:35 PM) eche|on: about mac: I got a dev account and a MAC, but no idea howto currently
(03:08:39 PM) eche|on: and less time
(03:09:03 PM) zzz: interesting
(03:09:31 PM) zzz: do you think you _could_ do it at some point? If so, when?
(03:09:39 PM) eche|on: I do have the git repo of the mac inclusions, but currently not yet looked into
(03:09:54 PM) eche|on: IF I find out howto, rather soon (tm)
(03:10:05 PM) zzz: even if it's a month or two late, that would be fantastic
(03:10:08 PM) eche|on: but the howto may fail in shorter terms
(03:10:41 PM) eche|on: also no idea about whats apple going to do, but those are parts to find out
(03:11:10 PM) eyedeekay: I'll see if I can help you, building the mac jpackages is pretty straightforward, I've never signed them but it's all in the scripts zab wrote
(03:11:25 PM) zzz: when I do the 2.0.0 news.xml, I'll also put a news entry in the mac feed saying it will be delayed
(03:11:42 PM) zzz: eyedeekay, do you have a mac?
(03:11:57 PM) eyedeekay: I have an Intel Mac but no dev account
(03:12:04 PM) eche|on: sadie has a mac, but neither idk nor sadie do want to go public with their names
(03:12:25 PM) eche|on: getting a dev account is rather simple : give out your name and pay 100$ a year
(03:12:28 PM) eyedeekay: I can make a dmg but it gets signed with local keys that aren't allowed on other Macs
(03:12:32 PM) zzz: I understand. The idea is you could walk thru everything but the notarization
(03:12:32 PM) eche|on: more or like thats it
(03:13:12 PM) eche|on: bb 2min
(03:13:25 PM) zzz: afaik it's the notarization that's the real pita. Hopefully the howto is clear...
(03:14:14 PM) eyedeekay: I think the only pitfall really is getting the Java dev environments set up, there's a tool you install through brew that switches version that makes it very easy though
(03:14:25 PM) zzz: eyedeekay, let's put this on the agenda for next month
(03:14:36 PM) eyedeekay: Can do
(03:15:19 PM) zzz: in the mean time, please run thru the howto as it currently exists as far as you can w/o notarization, just to test the howto and see if it needs any fixes for ech
(03:16:10 PM) zzz: esp. to check if the arm64 side is documented
(03:16:45 PM) eyedeekay: I will do everything I can, although I won't be able to run through the arm64 process because I do not have an arm64 Mac
(03:16:53 PM) eche|on: I will check howto get the certs with notarization,
(03:16:55 PM) eyedeekay: I'll do everything up to that though
(03:17:18 PM) eche|on: eyedeekay: just order a arm64 mac. refund as usual
(03:17:28 PM) eche|on: no need to stop at that
(03:17:30 PM) zzz: do you need an ARM mac to build ARM?
(03:17:41 PM) zzz: probably...
(03:17:59 PM) eyedeekay: I'm not quite sure on the subtleties of it all re: cross-compilation
(03:18:02 PM) zzz: there's also a possible workflow where idk builds and ech notarizes
(03:18:23 PM) zzz: but we don't need to work it all out here
(03:18:44 PM) eyedeekay: But jpackage is pretty picky about architecture/OS combinations
(03:19:28 PM) SoniEx2: raspberry pi?
(03:19:39 PM) zzz: let's move on to next topic
(03:19:40 PM) eyedeekay: ELF not Mach-O
(03:19:42 PM) eyedeekay: But yes
(03:19:45 PM) eyedeekay: 3. Publish source tarballs for bundle releases
(03:20:24 PM) eyedeekay: Since it's just me now and I wanted to publish source tarballs the whole time, 2.0.0 Windows getting source tarballs
(03:20:36 PM) eyedeekay: One for the bundle itself and one for the profile manager component
(03:21:17 PM) eyedeekay: As part of going through the scripts from the Mac bundle I'll add source tarball generation as part of the process
(03:21:18 PM) zzz: ok, and since the mac objector has left, let's add one to the mac page also
(03:21:28 PM) eyedeekay: Will do
(03:21:41 PM) zzz: great, I'm happy
(03:22:38 PM) eyedeekay: 4. Free Stickers for Translators
(03:23:27 PM) eche|on: yeah
(03:23:49 PM) eyedeekay: eche|on and I talked about this briefly after last month's meeting by email
(03:23:49 PM) eyedeekay: I think we were each in favor of doing it? I don't have my mail open
(03:24:23 PM) eche|on: sure we can do this, one for each part of the wolrd
(03:24:28 PM) zzz: it was my proposal, but it requires a) stickers and b) somebody to mail them
(03:24:30 PM) eche|on: but my sticker ressources are limited
(03:24:47 PM) zzz: as I understand we're essentially out of stickers
(03:24:59 PM) eche|on: sadie/idk still do have several
(03:25:05 PM) eche|on: I got around 400 or alike only
(03:25:23 PM) eche|on: should be enough for 1year+, but plan ahead
(03:25:26 PM) eyedeekay: Oh I ran myself down to like, 8 at All Things Open last week
(03:25:30 PM) eyedeekay: I'll need to order more
(03:25:53 PM) eche|on: ah, ok
(03:26:10 PM) zzz: can you two coordinate on who is ordering, what the design is, and make sure each of you gets half?
(03:26:16 PM) eyedeekay: Yes we can
(03:26:34 PM) zzz: super
(03:27:05 PM) zzz: when you have them in hand, holler and I'll announce on TX
(03:27:11 PM) eche|on: good
(03:27:22 PM) zzz: thanks guys
(03:27:46 PM) eyedeekay: No problem
(03:27:56 PM) eyedeekay: Anything else on 4 or for the meeting?
(03:28:25 PM) eche|on: nope
(03:29:14 PM) eyedeekay: All right thanks everybody for coming, I'll post the meeting in a few minutes

12
i2p2www/meetings/logs/317.rst Normal file
View File

@ -0,0 +1,12 @@
I2P dev meeting, November 08, 2022 @ 20:00 UTC
==============================================
Quick recap
-----------
* **Present:**
echelon,
eyedeekay,
zzz

83
i2p2www/meetings/logs/318.log Normal file
View File

@ -0,0 +1,83 @@
(08:00:09 PM) eyedeekay: Hello everyone, welcome to the rescheduled dev meeting
(08:00:09 PM) eyedeekay: 1. Hi
(08:00:09 PM) eyedeekay: 2. 2.0.0 Release Status, 2.0.0 Mac Release Status
(08:00:09 PM) eyedeekay: 3. 2.1.0 Development Status
(08:00:09 PM) eyedeekay: 4. Stickers for Translators
(08:00:50 PM) zzz: hi
(08:02:55 PM) eyedeekay: Doesn't seem like he's here? going to move along for now.
(08:04:04 PM) eyedeekay: 2. 2.0.0 release status: *most* targets of 2.0.0 were released about 3 weeks ago now, including i2p.i2p, Android, Debian and Easy-Install Windows, with Easy-Install for Mac delayed by zlatinb's departure
(08:04:04 PM) eyedeekay: Ech and I have been working on a plan to replace him in terms of maintenance, signing, and notarization of the OSX bundle, that is still expected for close to the end of this month
(08:06:01 PM) eyedeekay: Everybody knows how to build everything, has a good idea of the signing requirements, the last remaining thing to do is notarization in practice, and we don't know everything we should expect here but I think we have a good idea
(08:07:10 PM) eyedeekay: Android needed a point release due to a bug related to compatibility with a new API on newer devices, so Android users should make sure they've upgraded to 2.0.1
(08:07:10 PM) eyedeekay: eot for me on 2, anything to add zzz
(08:07:20 PM) zzz: lots
(08:07:50 PM) uis is now known as Irc2PGuest69907
(08:08:04 PM) zzz: I had to release a 2.0.0-2ubunutu1 debian/ubuntu build to fix an embarrassing but ultimately harmless bunch of stray symlinks in root
(08:08:38 PM) zzz: root cause was a typo, deb lint didn't catch it, not sure what the post mortem lesson is other than be more careful, we're root on install...
(08:09:12 PM) zzz: as far as the network, after 3 weeks, half of it has updated and is using ssu2
(08:09:39 PM) zzz: exploratory build success has been trending straight down since the release
(08:09:56 PM) zzz: we're concerned, and monitoring closely
(08:10:47 PM) zzz: at this point we think it's some combination of ssu-to-ssu2 migration, ssu2 bugs on both our side and in i2pd, and a couple of routers that are spamming the network with tunnel builds
(08:11:05 PM) zzz: i2pd is considering a mid-cycle january point release to get their fixes out
(08:11:33 PM) zzz: for now I don't think that's necessary on our side but it's always an option should we choose to
(08:12:18 PM) zzz: I think that's EOT but I'll have more info in a moment as a part of 3)
(08:13:09 PM) eyedeekay: Thank you zzz
(08:13:43 PM) eyedeekay: 3. 2.1.0 Development Status
(08:17:12 PM) eyedeekay: We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
(08:17:12 PM) eyedeekay: For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
(08:18:43 PM) eyedeekay: That's what I'm working on, zzz would you like to continue with your information or 3)?
(08:19:43 PM) dr|z3d: ... intermission ...
(08:23:56 PM) anonymousmaybe is now known as Irc2PGuest40130
(08:24:03 PM) eyedeekay: Welcome back
(08:25:17 PM) eyedeekay: What was the last thing you got?
(08:26:28 PM) zzz: back
(08:26:28 PM) zzz: is it my turn yet? :)
(08:26:28 PM) dr|z3d: you need to put on an apron and wheel the confectionery tray around the theater :)
(08:26:28 PM) dr|z3d: did you go out to get us all ice cream? :)
(08:26:28 PM) dr|z3d: recap:
(08:26:28 PM) dr|z3d: <eyedeekay> We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
(08:26:28 PM) dr|z3d: <eyedeekay> For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
(08:26:28 PM) dr|z3d: <eyedeekay> That's what I'm working on, zzz would you like to continue with your information or 3)?
(08:26:48 PM) zzz: thanks
(08:27:04 PM) zzz: drz gave it to me
(08:27:12 PM) zzz: ok, my turn!
(08:27:33 PM) zzz: about a week and a half after the release, when a lot of the net had updated, I started chasing SSU2 problems
(08:27:42 PM) zzz: and found a whole lot
(08:27:56 PM) zzz: both ours and helped i2pd find some of theirs
(08:27:58 PM) zzz: so it's been quite busy
(08:28:14 PM) zzz: as a result, we're at almost 7000 lines of diff, more than the whole 2.0.0 release
(08:28:38 PM) zzz: and whatever else I had planned for 2.1.0 I haven't gotten to yet, including promised peer selection improvements
(08:29:50 PM) zzz: I plan to bump to -7 after the meeting
(08:29:50 PM) zzz: while the "big changes in" deadline is early January, let's stay flexible, as we don't want a bunch of WIP in there if we're going to do a 2.0.1 release
(08:29:59 PM) zzz: so let's try not to break things with "big changes" if possible. Big changes are fine, as long as they're isolated
(08:30:40 PM) zzz: but things are going well and we're working closely with i2pd to track down and fix issues
(08:31:02 PM) zzz: including one-in-a-million ones that are now popping up
(08:31:16 PM) zzz: and one-in-a-zillion ones that dr|z3d is finding on his high speed routers
(08:31:30 PM) zzz: that's it! EOT, any questions?
(08:32:27 PM) eyedeekay: I'm slightly curious how often a "Million" of some things happens in in the real world but possibly a question for another time
(08:33:17 PM) eyedeekay: Thanks zzz
(08:34:12 PM) eyedeekay: It seems like once you get a whole bunch of routers doing a thing the odds of a rare event happening somewhere would go up very fast
(08:35:11 PM) zzz: yeah. perhaps we should have been more cautious, and not go from 2% to 100% in one release. But we'll get through it
(08:35:17 PM) uis is now known as Irc2PGuest38853
(08:37:15 PM) eyedeekay: 4. Stickers for Translators
(08:37:15 PM) eyedeekay: Only real news here is that I now have stickers for mailing, I've got a ton of them so if you're in the Americas then I am prepared to mail them
(08:37:58 PM) zzz: would you please post something on my forum, saying who is eligible and how to request
(08:38:17 PM) eyedeekay: Can do
(08:38:29 PM) zzz: then I will copy paste over to transifex announcement
(08:38:48 PM) zzz: what's the status of the euro side?
(08:39:44 PM) eyedeekay: Don't know if he has his yet, will request an update from him tonight
(08:40:07 PM) zzz: ok, guess I need to wait for that part of it before transifex
(08:40:43 PM) zzz: please whack him with your baffer for making us reschedule and then not showing :)
(08:41:07 PM) eyedeekay: Well it was my fault too but I'll make sure to let him know :)
(08:41:32 PM) zzz: I mean yesterday to today. you're not off the hook for last week :)
(08:42:41 PM) eyedeekay: That's all I've got for 4 and/or today, anything else for the meeting?
(08:42:50 PM) zzz: nope
(08:43:02 PM) zzz: are we on or off for Jan. 3?
(08:44:26 PM) eyedeekay: All right then thanks zzz for coming, I was going to say "On" for Jan 3 but we could do the 10th instead since IIRC LS2 will be the 9th
(08:45:01 PM) zzz: doesn't matter, your call
(08:45:35 PM) eyedeekay: Let's have it on the 9th in January and return to first-Tuesday in February
(08:45:52 PM) zzz: you mean 10th?
(08:45:59 PM) eyedeekay: Yes the 10th
(08:46:07 PM) zzz: ok
(08:46:15 PM) zzz: meeting over?
(08:46:25 PM) eyedeekay: Yes

11
i2p2www/meetings/logs/318.rst Normal file
View File

@ -0,0 +1,11 @@
I2P dev meeting, December 14, 2022 @ 20:00 UTC
==============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz

47
i2p2www/meetings/logs/319.log Normal file
View File

@ -0,0 +1,47 @@
(08:00:38 PM) eyedeekay: Welcome to the dev meeting, sorry again about about missing the time again yesterday
(08:00:38 PM) eyedeekay: 1. Hi
(08:00:38 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status
(08:00:38 PM) eyedeekay: 3. 2.2.0 Development Status
(08:00:38 PM) eyedeekay: 4. Congestion Throttling
(08:00:38 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
(08:00:46 PM) mode (-m ) by zzz
(08:00:57 PM) eyedeekay: 1. Hi
(08:01:00 PM) eyedeekay: Hi
(08:01:04 PM) zzz: hi
(08:01:29 PM) eyedeekay: tunnel_king are you here for 4 and 5?
(08:02:10 PM) eyedeekay: OK we'll play those by ear for now then
(08:02:21 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status
(08:03:32 PM) eyedeekay: 2.1.0 release happened yesterday, zzz released the software and the torrent went live, the percentage of the network which has updated has gone up about 7% since then if I'm counting the time correctly(so double check)
(08:04:07 PM) eyedeekay: I released Maven packages the same day, and will have Android updates out on all channels shortly after the end of this meeting
(08:04:29 PM) eyedeekay: Easy-Install for Windows will follow on that, and Easy-Install for Mac will be after that
(08:05:10 PM) eyedeekay: I believe that eche|on has given me the last clue I need to work out our notarization issue, we should know within a few days if that's true, which will correspond to a release
(08:05:30 PM) eyedeekay: Anything to add on the topic zzz?
(08:05:39 PM) zzz: just a little, thanks
(08:06:10 PM) zzz: the i2pd release a week ago looks promising, but that makes looking at the effects of our release a little harder
(08:06:22 PM) zzz: and i2pd plans a point release as early as today
(08:06:56 PM) zzz: so we won't have great info on what our release is doing, but as long as stats keep getting better, that's the main thing
(08:07:06 PM) zzz: far too early to say anything today, maybe in a week
(08:07:08 PM) zzz: EOT
(08:07:23 PM) eyedeekay: Thanks zzz
(08:07:42 PM) eyedeekay: 3. 2.2.0 Development Status
(08:08:52 PM) eyedeekay: I don't have a lot to say on this yet, most of my stuff has remained the same, but I believe we need to agree on a timeline for the release correct?
(08:09:13 PM) zzz: yeah, obviously we haven't done anything on 2.2.0 yet
(08:09:36 PM) zzz: I'd propose a standard 13 week cycle from here, unless we have any huge issues
(08:09:43 PM) eyedeekay: Sounds good to me
(08:09:46 PM) zzz: so that would be a release early April
(08:10:12 PM) aeiou_ is now known as aeiou
(08:10:14 PM) zzz: and put us firmly off our feb/may/aug/nov dates we've been on for several years, oh well
(08:10:40 PM) zzz: but we really need some time to do everything we didn't get to in our last shortened cycle
(08:10:48 PM) zzz: so let's pencil in 13 weeks
(08:10:49 PM) zzz: EOT
(08:11:22 PM) eyedeekay: Yeah, no argument here
(08:11:34 PM) eyedeekay: Plan for early April
(08:12:35 PM) eyedeekay: Anything else on 3?
(08:12:48 PM) eyedeekay: 4. Congestion Throttling and 5. Hypothetical Traffic Management ( Flood of Tor Users) were both added by tunnel_king on zzz.i2p, but I don't see such a name in the room, if you're here under another name, last call
(08:14:08 PM) eyedeekay: Anything else to discuss for the meeting?
(08:15:15 PM) eyedeekay: All right thanks zzz for coming, I promise to set an alarm for the one next month
(08:15:55 PM) zzz: no
(08:16:37 PM) eyedeekay: no nothing else for the meeting or no don't stop the meeting?
(08:16:38 PM) zzz: also I'd like to ask if eche|on is here and has anything to add on 2)
(08:16:38 PM) zzz: nope, that's it, everybody please click your update button to get that 2.1.0 goodness
(08:16:53 PM) zzz: nothing else, thanks

11
i2p2www/meetings/logs/319.rst Normal file
View File

@ -0,0 +1,11 @@
I2P dev meeting, January 10, 2023 @ 20:00 UTC
=============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz

153
i2p2www/meetings/logs/320.log Normal file
View File

@ -0,0 +1,153 @@
(08:01:07 PM) eyedeekay: Hi everybody, sorry I'm late, got disconnected right before the meeting
(08:01:59 PM) eyedeekay: 1. Hi
(08:01:59 PM) eyedeekay: 2. 2.1.0 Status Report
(08:01:59 PM) eyedeekay: 3. 2.2.0 Development Status
(08:01:59 PM) eyedeekay: 4. Congestion Throttling
(08:01:59 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
(08:01:59 PM) eyedeekay: 6. Stickers for translators
(08:01:59 PM) eyedeekay: zzz where do you want to do your report about the DOS? 2 or own topic?
(08:02:45 PM) zzz: let's call it 3b)
(08:02:46 PM) zzz: or 2b)
(08:02:59 PM) eyedeekay: OK 2b then
(08:03:00 PM) zzz: your choice
(08:03:53 PM) eyedeekay: 1. Hi who all is here today besides me and zzz?
(08:03:58 PM) zzz: hi
(08:04:09 PM) not_bob: Here
(08:04:18 PM) echelonMAC: here
(08:04:18 PM) obscuratus: Hi
(08:04:29 PM) eyedeekay: Great turnout, thanks everybody
(08:04:30 PM) echelonMAC: on replacement system.
(08:05:06 PM) eyedeekay: 2. 2.1.0 Status Report
(08:05:15 PM) zzz: irc is laggier than usual so please allow a little extra time for responses
(08:05:38 PM) eyedeekay: Thanks zzz I will keep that in mind
(08:09:02 PM) eyedeekay: Where to even start... my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app
(08:09:04 PM) eyedeekay: Android will get a point release on that account
(08:10:00 PM) eyedeekay: The topic I'm sure is on everybody's mind right now is the network being under attack which has shifted everybody's attention
(08:10:05 PM) eyedeekay: And that is topic 2b
(08:10:59 PM) eyedeekay: Shoot I mixed up the topics, scratch that, that was supposed to go to 3. sorry, long week, lot going on
(08:12:03 PM) eyedeekay: zzz would you do me a favor to take 2? I think I am ill-equipped to present on everything which is going on
(08:12:28 PM) zzz: sure
(08:12:29 PM) zzz: but before I do
(08:12:56 PM) zzz: do you and echelonMAC have a 2.1.0 mac easy-install bundle progress report?
(08:13:17 PM) eyedeekay: Oh yes I can do that
(08:14:38 PM) eyedeekay: So, we've been closing in on issues, and right now echelonMAC and have different hypothesis on what's going on which we're both pursuing
(08:14:38 PM) eyedeekay: My hypothesis is that this all stems from a stale workaround for a bug in Java 14
(08:15:08 PM) eyedeekay: Where jpackage is supposed to sign the dylib files that are packed into a disk image(dmg) but which are in fact left unsigned
(08:15:33 PM) echelonMAC: in short: eyedeekaym did redo the signing script, I can buiodl and sign, but still wrong signing for apple
(08:15:55 PM) eyedeekay: zab worked around this by creating the .app directory and signing the stuff inside it then using jpackage only for the final packaging step
(08:16:35 PM) eyedeekay: so when we upgraded Java's we started signing everything twice, and we no longer needed to do that signing step manually
(08:16:47 PM) eyedeekay: echelonMAC correct me if I'm wrong but you think you have the wrong sort of keys?
(08:17:10 PM) echelonMAC: maybe, maybe not, unsure about that
(08:17:18 PM) echelonMAC: at least the logs showing this error
(08:17:53 PM) zzz: my question was higher level, what's the ETA, is 2.1.0 still a target or has that been abandoned and you're hoping for 2.2.0, or what?
(08:18:15 PM) echelonMAC: 2.1.0 is still the target, but currently no ETA
(08:18:39 PM) echelonMAC: I can build nearly instant, but digging deeper is currently out of time...
(08:18:48 PM) eyedeekay: I still want to cut a release of 2.1.0 as soon as we know we can pass notarization, IMO once we can pass it once we should be able to do it predictably
(08:18:59 PM) zzz: eyedeekay more or less committed to early april 2.2.0 in his blog post, you're not endorsing that ETA echelonMAC ?
(08:19:49 PM) echelonMAC: I am completely helpless and cant predict a ETA, as I do not full yunderstand signing and building yet.
(08:20:12 PM) echelonMAC: more or less, I do follow scripts blindly, if idk can fix the signage, the notarization is a 5 min job.
(08:20:24 PM) echelonMAC: IF the sign does work as appple expect it
(08:20:26 PM) zzz: ok then I recommend an edit of the blog post eyedeekay, let's not promise things we can't deliver on
(08:20:33 PM) eyedeekay: Will do
(08:21:19 PM) zzz: ok thanks you ready for my part of 2) ?
(08:21:41 PM) eyedeekay: Yes please
(08:21:48 PM) zzz: great
(08:22:00 PM) zzz: last meeting was one week after the release, now we're 4 weeks out
(08:22:15 PM) zzz: my hope was that expl. build success would climb steadily
(08:22:35 PM) zzz: from the low-20% to low-30%, and then "pop" out of congestion, back to low 40s
(08:22:45 PM) zzz: only the first part happened
(08:25:20 PM) zzz: and then we swung back and forth between low 20s and low 30s
(08:26:56 PM) zzz: so, we have some theories, see 2b)
(08:26:56 PM) zzz: but I'm happy with the performance of 2.1.0 otherwise
(08:26:56 PM) zzz: not too many bug reports
(08:26:56 PM) zzz: I'll give an overview of what we are fixing in 2b) and 3)
(08:26:56 PM) zzz: about 50% of the network has updated to 2.1.0 or the i2pd equivalent
(08:26:56 PM) zzz: everybody please update if you haven't
(08:26:56 PM) zzz: that's all I have for 2a), but I'll pause for a minute for questions / comments before starting 2b)
(08:28:33 PM) zzz: ok, 2b) current network conditions
(08:28:33 PM) zzz: over the weekend started an unambiguous attack
(08:28:33 PM) zzz: lots of floodfill routers
(08:28:33 PM) zzz: for the most part, the network overall, and java routers, are handling it ok
(08:28:33 PM) zzz: I do have one report of routers crashing with OOM (out of memory)
(08:28:54 PM) zzz: I understand that i2pd routers are really struggling with very low tunnel build success rates
(08:29:06 PM) not_bob: My fleet is up to date.
(08:29:15 PM) zzz: the attack is starting / stopping / changing several times a day
(08:29:37 PM) zzz: so we're only about 60 hours in to understanding it and discussing countermeasures
(08:30:15 PM) zzz: remember the tunnel build problem (now much more likely to be classified as a different attack) started Dec. 19 and took us several weeks to understand and address
(08:30:27 PM) zzz: so it's early days
(08:30:36 PM) not_bob: I have one I2P+ router and it's done well to weather this. But, my i2pd routers not so much. I've seen as low as 3% tunnel build success. I'm currently sitting around 10% on those routers.
(08:31:17 PM) zzz: but this is a straightforward sybil / DHT attack, new to us but familiar to anybody doing peer-to-peer / DHT applications
(08:31:53 PM) zzz: far too early to say if it will require a release ahead of schedule (for java i2p) or if so when
(08:32:23 PM) zzz: EOT, I'll wait a couple minutes for discussion / comments / questions
(08:33:24 PM) eyedeekay: Should people who wind up OOM increase the RAM available to their router?
(08:36:18 PM) zzz: yeah, that's a straightforward mitigation
(08:36:18 PM) zzz: stop your router, edit wrapper.config, restart
(08:36:18 PM) zzz: I expect I'll have mitigations in dev builds in a few days
(08:36:18 PM) dr|z3d: ideally you want your min heap at around 256M and your max ram at 2-3 times that.
(08:36:18 PM) not_bob: I do not currently have any stock I2P routers running.
(08:36:18 PM) zzz: I want to repeat what I said above that the attacks are evolving rapidly, and we want to take our time to address the overall issues
(08:36:18 PM) zzz: not to focus too narrowly on the specifics
(08:37:36 PM) zzz: back to you eyedeekay if there's nothing else on 2b)
(08:38:06 PM) eyedeekay: thanks very much zzz. 3) 2.2.0 Development Status
(08:39:51 PM) eyedeekay: As I mistakenly stated before, my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app, pretty basic stuff all things considered but all of which was due for improvement
(08:39:57 PM) eyedeekay: or outright fixing
(08:40:49 PM) eyedeekay: Examples being fixes for subscriptions and custom ports when building tunnels which got in several user's way after a large increase in users with 2.10
(08:41:07 PM) dr|z3d: as an aside, and to shine some light on the size of the attack, we've got a user reporting ~30K banned routers. so it's non-trivial :)
(08:41:07 PM) dr|z3d: (that'll be shiver, who's here)
(08:42:36 PM) mark22k: I got 56005 banned peers.
(08:42:58 PM) eyedeekay: Holy moley. I have 11027 and I thought that was a lot
(08:43:08 PM) moristo: Is this the work of a nation state--the banned routers or any other noticable patten?
(08:43:50 PM) moristo: Spectrum internet was off yesetrday in FL and Italy the day before.
(08:43:54 PM) moristo: *yesterday.
(08:43:55 PM) zzz: let's get back to 3) please and table further attack discussion until after the meeting
(08:44:05 PM) echelonMAC: Banned Peers (57053)
(08:44:22 PM) moristo: oh, is there a meeting in progress? My bad.
(08:46:50 PM) zzz: eyedeekay, you still with us?
(08:47:11 PM) eyedeekay: yeah I'm here
(08:47:37 PM) zzz: you have more on 3) or is it my turn?
(08:47:37 PM) eyedeekay: started a long one:
(08:47:37 PM) eyedeekay: i2p.firefox(Easy-Install for Windows is also getting worked on, more of the work is being done by removal there, updates are getting simplified now that the old admin-style installs are all migrated to user-style installs
(08:47:37 PM) eyedeekay: portable USB install support is on the horizon for 2.2.0
(08:47:43 PM) eyedeekay: With updates
(08:48:21 PM) eyedeekay: Other issues and user-complaints I'm addressing or deciding how to address are on that issue tracker
(08:48:28 PM) eyedeekay: EOT for me
(08:48:47 PM) zzz: ok you saw the NPE issue in i2p.i2p right?
(08:49:10 PM) eyedeekay: Yes I did, hot on the trail
(08:49:21 PM) zzz: ok holler if you need help ofc
(08:49:24 PM) zzz: 3) for me:
(08:49:47 PM) zzz: I finished the peer selection refactor I've been working on since september, finally
(08:50:31 PM) zzz: I think I fixed the erroneous symmetric nat indications that were in 2.1.0, but need somebody with that problem to test and report
(08:50:59 PM) zzz: got a cool new i2psnark search box
(08:51:19 PM) zzz: almost done with "congestion caps" (proposal 162)
(08:51:31 PM) echelonMAC: :-)
(08:51:49 PM) zzz: and some more tweaks to refine our handling of tunnel build congestion
(08:52:18 PM) zzz: late last week, I thought I was pretty much done with 2.2.0 and could relax for two months until the release
(08:52:31 PM) zzz: so, unfortunately, now we have a lot more to do
(08:52:48 PM) zzz: that's the way it goes sometimes
(08:53:24 PM) not_bob: Thank you for that, a major quality of life improvement.
(08:53:24 PM) zzz: EOT, I'll wait a minute for discussion, then back to you eyedeekay
(08:53:37 PM) zzz: haha not_bob you're welcome
(08:55:00 PM) eyedeekay: Last call for 3?
(08:55:20 PM) eyedeekay: 4. Congestion Throttling - I think this was a tunnel_king topic, is tunnel_king here?
(08:55:42 PM) zzz: back to you eyedeekay
(08:57:39 PM) eyedeekay: 4. Congestion Throttling, 5. Hypothetical Traffic Management ( Flood of Tor Users) - both introduced by tunnel_king, last call for tunnel_king
(08:59:01 PM) eyedeekay: OK last one, 6. Stickers for translators
(08:59:01 PM) eyedeekay: Specifically rules for people receiving stickers outside of the Americas
(08:59:58 PM) zzz: this was my topic, only because unresolved since last meeting
(09:00:28 PM) zzz: echelonMAC you have an answer?
(09:00:41 PM) echelonMAC: not en detail, but who wnats should receive a bunch of stickers if they sent their address
(09:01:04 PM) echelonMAC: aka sned a announcement in transifex and send out after receive of address
(09:01:19 PM) echelonMAC: but currently no new stickers arrivced here
(09:01:35 PM) eyedeekay: Tracking says the 10th
(09:01:55 PM) zzz: I'm awaiting echelonMAC to post the instructions on my forum, then I will copy/paste to transifex
(09:02:17 PM) echelonMAC: ok
(09:02:28 PM) zzz: that's where we've been for a month
(09:02:42 PM) zzz: thanks
(09:03:33 PM) eyedeekay: Anything else for 6 or for the meeting?
(09:03:36 PM) zzz: EOT on 6) for me, back to you eyedeekay
(09:04:32 PM) zzz: one closing word for the meeting: zzz.i2p the best place for news and weather, I'll post there when I know more than I do now
(09:04:32 PM) zzz: thanks
(09:04:55 PM) eyedeekay: Thanks very much for that zzz, and thanks everybody for coming to the meeting
(09:05:44 PM) eyedeekay: See you around IRC and same time next month
(09:08:55 PM) zzz: thanks eyedeekay
(09:08:55 PM) zzz: got thru it without disconnects

14
i2p2www/meetings/logs/320.rst Normal file
View File

@ -0,0 +1,14 @@
I2P dev meeting, February 07, 2023 @ 20:00 UTC
==============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz,
not_bob,
echelonMAC,
obscuratus

1
i2p2www/pages/downloads/browser-content.html
View File

@ -3,6 +3,7 @@
<h2>{{ _('Firefox Profile for Windows') }}</h2>
<p>{% trans profile='/firefox' -%} If you are using Windows, the recommended way of accessing I2P is using the
<a href='{{ profile }}'>Firefox profile</a>. {%- endtrans %}</p>
<p><strong>{% trans -%} If you used the Easy-Install bundle, the Firefox profile is included and you can skip this page. {%- endtrans %}</strong></p>
<p>{% trans -%} If you do not wish to use that profile or are not on Windows, you need to configure your browser yourself. Read below on how to that. {%- endtrans %}</p>
<h2>{{ _('How to configure your browser') }}</h2>

20
i2p2www/pages/downloads/debian.html
View File

@ -111,11 +111,27 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
if you are using Debian Buster or older distributons, use the following command instead:
{% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
<pre>
<code>
# Use this command on Debian Downstreams like LMDE or ParrotOS only.
echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p2.de/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
{% trans -%}If you are using Debian Buster or older official Debian distributons, use the following command instead:{%- endtrans %}
<pre>
<code>
# Use this command on Debian Buster or older only.
echo "deb https://deb.i2p2.de/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
{% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
<pre>
<code>
# Use this command on Debian Buster or older only.
echo "deb https://deb.i2p2.de/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
@ -150,7 +166,7 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
<li>{% trans -%}Copy the keyring to the keyrings directory:{%- endtrans %}
<pre>
<code>
sudo cp ~/i2p-archive-keyring.gpg /usr/share/keyrings</code>
sudo cp i2p-archive-keyring.gpg /usr/share/keyrings</code>
</pre>
If you are using a distribution older than Debian Buster, you will also need
to symlink that key to <code>/etc/apt/trusted.gpg.d</code>.

18
i2p2www/pages/downloads/easyinstall.html
View File

@ -13,6 +13,10 @@ elaborate install process. To learn more about the Firefox profile that
comes bundled with this installer, visit <a href="{{ firefox }}">The Firefox
Profile Page</a>.
{%- endtrans %}</p>
<p>{% trans -%}
The latest I2P Easy-Install bundle for Windows has been released unsigned.
Please verify that the hashes match the downloads when installing the bundle.
{%- endtrans %}</p>
<h2>{{ _('What do I need to use it?') }}</h2>
<p><strong>{% trans -%}
Just Firefox (Or Tor Browser).{%- endtrans %}</strong>
@ -35,9 +39,9 @@ no need to refer to potentially unhelpful system-wide Windows settings. The I2P
it uses is otherwise identical to the "regular" I2P.
{%- endtrans %}</p>
<h2>{{ _('How do I use it?') }}</h2>
<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
<p>{% trans firefox="https://www.mozilla.org/" -%}
First, download and install <a href="{{ firefox }}">Firefox</a>, then,
just download and install <a href="{{ postfilename }}">this installer</a>. To
just download and install this installer(below). To
start an installer, "double-click" the downloaded .exe file.
{%- endtrans %}</p>
<p>{% trans -%}
@ -55,8 +59,8 @@ special configuration. You don't even need to close existing Firefox windows.
{%- set name = 'Windows' -%}
{%- set icon = 'images/download/windows.png' -%}
{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
{%- set hash = 'ee66e9cfeb393d737e79f6960fe26ba28d51e845a0148ef2544802366e8840c6' -%}
{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
{%- set hash = 'be3b178b745720b16c8ccd6911d3c35143eb59da4be318198d84f35ec23e494c' -%}
{% call package_outer('windows', name, icon) %}
<div class = "file">
@ -76,18 +80,20 @@ special configuration. You don't even need to close existing Firefox windows.
{%- endtrans %}</p>
{% endcall %}
<!--
{% trans signer='zlatinb',
signingkey=url_for('static', filename='zlatinb.key.crt') -%}
The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.
{%- endtrans %}
-->
<h2>{{ _('What is in it?') }}</h2>
<p><strong>{% trans -%}
A Jpackaged I2P Router: {%- endtrans %}</strong>
{% trans -%}The I2P router is "jpackaged" which means that it includes all
the required Java components it needs to run successfully. It does not require
a separate Java installation, because it bundles a Java 16 Runtime which is only
a separate Java installation, because it bundles a Java Runtime which is only
used for I2P.
{%- endtrans %}</p>
<p><strong>{% trans -%}
@ -106,6 +112,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
{%- endtrans %}</div>
<div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
<div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
<div>{% trans -%}
If you wish to file an issue about the Firefox profile, please use Gitlab to
contact us. For security-sensitive issues, please remember to check the

20
i2p2www/pages/downloads/firefox.html
View File

@ -14,6 +14,10 @@ time it installs the browser profile. This page has been kept to document the
motivations and design of the included Firefox profile. To learn more about the
new bundle, visit <a href="{{ nsis }}">The Easy Install Bundle Page</a>.
{%- endtrans %}</p>
<p>{% trans -%}
The latest I2P Easy-Install bundle for Windows has been released unsigned.
Please verify that the hashes match the downloads when installing the bundle.
{%- endtrans %}</p>
<h2>{{ _('I2P Firefox Browser Profile') }}</h2>
<p>{% trans -%}
Now that you have joined the I2P network, you will want to see I2P Sites and and
@ -32,16 +36,16 @@ some browser features, this also reduces the attack surface available to outside
This keeps you safer while browsing the Invisible Web.
{%- endtrans %}</p>
<h2>{{ _('How do I use it?') }}</h2>
<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
<p>{% trans firefox="https://www.mozilla.org/" -%}
First, download and install <a href="{{ firefox }}">Firefox</a>, then,
just download and install <a href="{{ postfilename }}">this installer</a>. To
just download and install this installer(below). To
start an installer, "double-click" the downloaded .exe file.
{%- endtrans %}</p>
{%- set name = 'Windows' -%}
{%- set icon = 'images/download/windows.png' -%}
{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
{%- set hash = 'eadb338a5895f73e6ed4985a9f7dfdac722f74c9bcdd0bd35957e7dcd5759a3a' -%}
{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
{%- set hash = '862de2f2e05cfc46c2f612656b93dd9c94b6bc7a034912d732dd0ade2ad477f6' -%}
{% call package_outer('windows', name, icon) %}
<div class = "file">
@ -61,12 +65,6 @@ start an installer, "double-click" the downloaded .exe file.
{%- endtrans %}</p>
{% endcall %}
{% trans signer='zlatinb',
signingkey=url_for('static', filename='zlatinb.key.crt') -%}
The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.
{%- endtrans %}
<h2>{{ _('What is in it?') }}</h2>
<p><strong>{% trans -%}
A Jpackaged I2P Router: {%- endtrans %}</strong>
@ -91,6 +89,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
{%- endtrans %}</div>
<div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
<div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
<div>{% trans -%}
If you wish to file an issue about the Firefox profile, please use Gitlab to
contact us. For security-sensitive issues, please remember to check the

12
i2p2www/pages/downloads/list.html
View File

@ -119,10 +119,14 @@ If you would like to try the latest experimental I2P projects, visit the <a href
</div>
{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%} The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%} The Windows installer is signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%} The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %}
{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%}The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
<!--
{% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%}The Windows installer is signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
{% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%}The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
-->
<h3 id="update">{{ _('Updates from earlier releases:') }}</h3>

15
i2p2www/pages/downloads/mac.html
View File

@ -39,8 +39,15 @@ that are familiar and built-into the operating system.
{%- set icon = 'images/download/mac-osx.png' -%}
{%- set filename = 'I2P-%s.dmg' -%}
{%- set filename_arm64 = 'I2P-arm64-%s.dmg' -%}
{%- set hash = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' -%}
{%- set hash_arm64 = '4a1b4e392a2ec272980bf88bfe6dbad2d341bc74717f94a0b26e73afc300462b' -%}
{%- set hash = '4bd75d633d497cc25cd256ec7cfcddec2a25d87ad118d0c125c788623d23a98e' -%}
{%- set hash_arm64 = '773bcf127a2e1c0eafee944753a772426c1f7b5c6a8fb3f4d0b7e87bdcfc840b' -%}
<p><b>Important Note:</b>
The 2.1.0 Mac OSX Easy Install Bundle release is delayed.
Please install the 1.9.0 release below.
You will be notified in the router console when the 2.1.0 update is available.
Thank you for your patience.
</p>
{% call package_outer('osx', name, icon) %}
<div class = "file">
@ -61,7 +68,7 @@ that are familiar and built-into the operating system.
{% call package_outer('osx', name, icon) %}
<div class = "file">
<a class = "default" href="{{ url_for('downloads_redirect', version=mver(), net=def_mirror.net, protocol=def_mirror.protocol, domain=def_mirror.domain, file=mver(filename_arm64) )}}">
<span class = "name">Apple Silicon (arm64) BETA</span><br/>
<span class = "name">Apple Silicon (arm64)</span><br/>
<span class = "name">{{ mver(filename_arm64) }}</span><br/>
<span class="mirror">{{ _('Mirror:') }} <img src="{{ url_for('static', filename='images/flags/'+def_mirror.country+'.png') }}" /> {{ def_mirror.org }}</span>
</a>
@ -83,7 +90,7 @@ Launch I2P from Finder.
<h3>{{ _('Apple Silicon Notes') }}</h3>
<p>{% trans -%}
The I2P bundle for Apple silicon is currently in BETA. If you own an Apple silicon Mac and have previously installed the Intel bundle on it you need to change the update configuration to make sure the next I2P update does not revert your bundle to Intel.
If you own an Apple silicon Mac and have previously installed the Intel bundle on it you need to change the update configuration to make sure the next I2P update does not revert your bundle to Intel.
{%- endtrans %}</p>
<p>{% trans -%}

183
i2p2www/pages/downloads/macos.html Normal file
View File

@ -0,0 +1,183 @@
{% extends "global/layout.html" %}
{% block title %}Apple MacOS{% endblock %}
{% block accuratefor %}0.9.47{% endblock %}
{% block content %}
<h1>{{ _('Separately Installing I2P and its dependencies on MacOS(The Long Way)') }}</h1>
<p><strong>{% trans -%}
This is the long way of installing I2P for MacOS, using the IzPack based installer and a separate Java Virtual Machine installed on the host.
If you're new to I2P, you may want to try the Easy installer, which requires fewer total steps and automatically configures a JVM and I2P and sets up a Firefox Profile in a single step.
{%- endtrans %}</strong></p>
<p><strong><a href="/en/download/mac">{% trans -%}Follow this link to the Easy installer{%- endtrans %}</a></strong><p>
<p>{% trans -%}
This is a detailed, step-by-step guide to installing and configuring I2P, including all dependencies and setting up a browser, on a new MacOS system.
Many users will be able to skip steps if they already have Java 8 or Firefox installed.{%- endtrans %}</p>
<h2>{{ _('So what are we going to do here?') }}</h2>
<p>{% trans -%}We're going to finish four tasks. We are going to:{%- endtrans %}</p>
<ol>
<li><a href="#part-one-install-java">{% trans -%}Install Java{%- endtrans %}</a></li>
<li><a href="#part-two-install-i2p">{% trans -%}Install I2P{%- endtrans %}</a></li>
<li><a href="#part-three-configure-i2p-app">{% trans -%}Configure I2P App{%- endtrans %}</a></li>
<li><a href="#part-four-configure-i2p-bandwidth">{% trans -%}Configure I2P Bandwidth{%- endtrans %}</a></li>
</ol>
<h3 id="part-one-install-java">{{ _('Part One: Install Java') }}</h3>
<p>{% trans -%}
In order to use I2P, you will need a suitable Java environment.
This guide uses Oracle's Java 8 implementation.
Please install it by following the instructions below:
{%- endtrans %}</p>
<p>{% trans -%}If you already have Java installed, you may{%- endtrans %} <a href="#part-two-install-i2p">Skip This Step</a></p>
<ol>
<li>{% trans -%}Begin by downloading Java, for example, {%- endtrans %} <a href="https://java.com/en/download/">using this version from Oracle</a>.
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
<li><img src="/_static/images/macos/1-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
</ul></li>
<li>{% trans -%}Double-click the installer you just downloaded and allow the installer permission to proceed.{%- endtrans %}:
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-jre.png" alt="Give the installer permission to proceed" title="" /></li>
</ul></li>
<li>{% trans -%}Accept the License terms.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/3-jre.png" alt="Start installing Java" title="" /></li>
</ul></li>
<li>{% trans -%}Java will show you some information about what it is and where it runs while you wait for it to finish installing.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/4-jre.png" alt="Wait for the installer" title="" /></li>
</ul></li>
<li>{% trans -%}When Java is done installing, it will look like this.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/5-jre.png" alt="Step one complete" title="" /></li>
</ul></li>
</ol>
<h3 id="part-two-install-i2p">{{ _('Part Two: Download and Install I2P from a .jar file') }}</h3>
<ol>
<li>{% trans -%}Download I2P for Unix from{%- endtrans %} <a href="https://geti2p.net/en/download#unix">https://geti2p.net</a>.
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-i2p.png" alt="Download I2P" title="" /></li>
<li><img src="/_static/images/macos/1-i2p.png" alt="Select your Language" title="" /></li>
</ul></li>
<li>{% trans -%}
Because I2P is being installed from a .jar file, it cannot be signed by an Apple certificate.
You will need to allow it special permission to install.
Even though the installer is unsigned, the updates are signed end-to-end by I2P.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-i2p.png" alt="Introduction" title="" /></li>
<li><img src="/_static/images/macos/3-i2p.png" alt="Exception" title="" /></li>
<li><img src="/_static/images/macos/4-i2p.png" alt="Profit" title="" /></li>
</ul></li>
<li>{% trans -%}Select a language you are familiar with.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/5-i2p.png" alt="Select Components" title="" /></li>
</ul></li>
<li>{% trans -%}
Now the installer is ready to start.
Click next to advance.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/6-i2p.png" alt="Start installing" title="" /></li>
</ul></li>
<li>{% trans -%}
Accept the license.
I2P is Free Software, mostly in the public domain with limited use of GPL2, Creative Commons, and other Free and Open-Source Licenses.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/7-i2p.png" alt="Accept the License Agreement(or mostly lack thereof)" title="" /></li>
</ul></li>
<li>{% trans -%}
Install the I2P router and base config.
It is recommended that you keep the install directory the default.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/8-i2p.png" alt="Install the files" title="" /></li>
</ul></li>
<li>{% trans -%}
I2P is now installed!
The remaining installer pages explain some aspects of running I2P on OSX.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/9-i2p.png" alt="Finish it up" title="" /></li>
<li><img src="/_static/images/macos/10-i2p.png" alt="Finish it up" title="" /></li>
<li><img src="/_static/images/macos/11-i2p.png" alt="Finish it up" title="" /></li>
</ul></li>
</ol>
<h3 id="part-three-configure-i2p-app">{{ _('Part Three: Configure I2P App') }}</h3>
<ol>
<li>{% trans -%}
For convenience, you may want to create a shortcut to launch the I2P router.
Find the "i2p" directory in the "Applications" directory using Finder.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-conf.png" alt="Open the Applications dir" title="" /></li>
</ul></li>
<li>{% trans -%}Open the folder and find the Start Router Icon shown.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/1-conf.png" alt="Find the launcher" title="" /></li>
</ul></li>
<li>{% trans -%}Click the icon to start the I2P router - it will show up in your dock as shown and you can choose too keep it there.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-conf.png" alt="Add it to the launch bar" title="" /></li>
</ul></li>
</ol>
<h3 id="part-four-configure-i2p-bandwidth">{{ _('Part Four: Configure I2P Bandwidth') }}</h3>
<ol>
<li>{% trans -%}
When you visit the I2P router console for the first time, it will automatically direct you to the configuration wizard.
Start by selecting a language for the I2P interface.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
</ul></li>
<li>{% trans -%}Next, pick either a dark or light theme.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/1-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
</ul></li>
<li>{% trans -%}
The next step is the bandwidth test.
The bandwidth test takes a minute to run completely.
During the bandwidth test, we'll need to connect to the external M-Lab Service, which makes a direct connection to a remote server(Operated by Measurement Lab) to measure your internet speed.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-wiz.png" alt="Run the bandwidth test" title="" /></li>
<li><img src="/_static/images/macos/3-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
</ul></li>
<li>{% trans -%}
Confirm the bandwidth measurement and adjust your share percentage.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/4-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
</ul></li>
<li>{% trans -%}Confirm your bandwidth settings and adjust how much of your bandwidth you wish to share.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/5-wiz.png" alt="Run the bandwidth test" title="" /></li>
</ul></li>
<li>{% trans -%}You're finished! I2P is now configured.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/6-wiz.png" alt="Run the bandwidth test" title="" /></li>
</ul></li>
</ol>
<p>{% trans -%}If you want to re-run the welcome wizard after completing it, you can visit the page
on{%- endtrans %} <a href="http://localhost:7657/welcome">your router console</a>.</p>
<p>{% trans -%}That's it! You're now ready to use I2P. You can browse I2P Sites, download files, host services,
e-mail and chat anonymously. Visit the <a href="https://localhost:7657/home">router console homepage</a> to
get started.{%- endtrans %}</p>
{% endblock %}

14
i2p2www/pages/downloads/macros
View File

@ -1,16 +1,16 @@
{% set i2pinstall_windows_hash = 'fdb2e471fadfda33589697536180df966ec165ab59a0d9c8a623491cc2c8eae3' %}
{% set i2pinstall_jar_hash = '124a1d917dec1f75dc17b5a062704d5abe259b874655c595a9d8f5fd9494eafd' %}
{% set i2psource_hash = '57f61815098c35593d7ede305f98b9015c4c613c72231ad084e6806a3e2aa371' %}
{% set i2pupdate_hash = '31b8798c7fa75242ed09f671028b85e6acc9d5d9d0a132138debf4cdfbb08f21' %}
{% set i2p_android_hash = '84dcdc33e1fb2f49040083c6449bf644cdf9eff3d55018904972d3748ad19457' %}
{% set i2pinstall_windows_hash = 'ab7efbcc5288d6df9161347277f5d5bad8a5601f70fa12c77ab518e0c0314537' %}
{% set i2pinstall_jar_hash = '008b38611865b2ccc9aa81cfe737ff6758babb7fd30b20bcb9f90026e466f514' %}
{% set i2psource_hash = 'e4ba06a6e2935a17990f057a72b8d79e452a2556a6cefe5012d5dd63466feebf' %}
{% set i2pupdate_hash = '4364bd0ea6d9cc35328629c3cd177d41843d0a160a5fd59d65527cf8487497a0' %}
{% set i2p_android_hash = '126cc7569bf22f3fe4c629cc6e3098669eddd8dad3332ec11c89ec8689e966ad' %}
{% set i2p_macnative_hash = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' %}
{% set i2p_windows_subver = '' %}
{% set i2p_macosx_launcher_version = '1.9.0' %}
{% set i2p_android_version = '1.9.0' %}
{% set i2p_android_version = '2.1.0' %}
{% set i2p_android_version_kytv = '0.9.22' %}
{% set i2p_android_version_fdroid = '0.9.50' %}
{% set i2p_android_version_fdroid = '2.0.1' %}
{% macro package_outer(type, name, icon) -%}

6
i2p2www/pages/downloads/windows.html
View File

@ -131,7 +131,11 @@ and configure Firefox for I2P.{%- endtrans %} </p>
<h4>{{ _('Install the I2P Firefox Profile') }}</h4>
<ol>
<li>{% trans -%}Download the Firefox Profile Bundle from the I2P Web Site.{%- endtrans %}
<li>{% trans -%}
Download the Firefox Profile Bundle from the I2P Web Site.
The I2P Firefox Profile has been replaced by the Easy Install Bundle for Windows.
The Easy-Installl can still be used as a profile manager for an Un-Bundled I2P router installed via this procedure.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/download/windows/profile.png" alt="Grab the Firefox Profile" title="" /></li>
</ul></li>

16
i2p2www/pages/papers/anonbib.bib
View File

@ -32,6 +32,22 @@
# Proposed new sections: application privacy, data anonymization, ...
#
@article {qu2020,
author = {QU Yun-xuan and WANG Yi-jun and XUE Zhi},
title = {Analysis and Identification of I2P Anonymous Communication Traffic Characteristics},
journal={Communications Technology},
year = {2020},
month = {January},
volume={53},
number = {1},
pages={161--167},
doi={10.3969/j.issn.1002-0802.2020.01.028},
url = {http://stats.i2p/docs/AII2PACTC-eng.docx},
www_pdf_url = {http://stats.i2p/docs/I2P%20%E5%8C%BF%E5%90%8D%E9%80%9A%E4%BF%A1%E6%B5%81%E9%87%8F%E7%89%B9%E5%BE%81%E5%88%86%E6%9E%90%E4%B8%8E%E8%AF%86%E5%88%AB-min.pdf},
keywords={anonymous communication; I2P; traffic identification; statistical feature analysis},
www_section = traffic,
}
@inproceedings {239068,
author = {Nguyen Phong Hoang and Sadie Doreen and Michalis Polychronakis},
title = {Measuring I2P Censorship at a Global Scale},

86
i2p2www/pages/site/about/intro.html
View File

@ -1,50 +1,86 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('Intro') }}{% endblock %}
{% block content %}
<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>
<h2>What is I2P?</h2>
<p>{% trans %}The Invisible Internet Project (I2P) is a fully encrypted private network layer that has been developed with privacy and security by design in order to provide protection for your activity,
location and your identity. The software ships with a router that connects you to the network and applications for sharing, communicating and building. {%- endtrans %}</p>
<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>
<h3>{% trans -%}I2P Cares About Privacy{%- endtrans %}</h3>
<p>{% trans %}
The Invisible Internet Project began in 2002.
The vision for the project, as described in an interview with Lance James was for the I2P Network "to deliver full anonymity, privacy, and security at the highest level possible. Decentralized and peer to peer Internet means no more worrying about your ISP controlling your traffic. This will allow (people) to do seamless activities and change the way we look at security and even the Internet, utilizing public key cryptography, IP steganography, and message authentication. The Internet that should have been, will be soon."
Since then I2P has evolved to specify and implement a complete suite of network protocols capable of delivering a high level of privacy, security, and authentication to a variety of applications.
{%- endtrans %}</p>
<p>{% trans %}I2P hides the server from the user and the user from the server. All I2P traffic is internal to the I2P network. Traffic inside I2P does not interact with the Internet directly. It is a layer on top of the Internet. It uses encrypted unidirectional tunnels between you and your peers. No one can see where traffic is coming from, where it is going, or what the contents are. Additionally I2P offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.
{%- endtrans %}</p>
<h3>{% trans -%}The I2P network{%- endtrans %}</h3>
<p>{% trans %}
The I2P network is a fully encrypted peer-to-peer overlay network.
An observer cannot see a message's contents, source, or destination.
No one can see where traffic is coming from, where it is going, or what the contents are.
Additionally I2P transports offer resistance to recognition and blocking by censors.
Because the network relies on peers to route traffic, location-based blocking is a challenge that grows with the network.
Every router in the network participates in making the network anonymous.
Except in cases where it would be unsafe, everyone participates in sending and receiving network traffic.
{%- endtrans %}</p>
<h3>{% trans -%}How to Connect to the I2P Network{%- endtrans %}</h3>
<p>{% trans %}The Invisible Internet Project provides software to download that connects you to the network. In addition to the network privacy benefits, I2P provides an application layer that allows people to use and create familiar apps for daily use. I2P provides its own unique DNS so that you can self host or mirror content on the network. You can create and own your own platform that you can add to the I2P directory or only invite your friends. The I2P network functions the same way the Internet does. When you download the I2P software, it includes everything you need to connect, share, and create privately.{%- endtrans %}</p>
<p>{% trans %}
The core software (Java) includes a router that introduces and maintains a connection with the network.
It also provides applications and configuration options to personalize your experience and workflow.
{%- endtrans %}</p>
<h3>{% trans -%}What Can I Do On The I2P Network?{%- endtrans %}</h3>
<p>{% trans %}
The network provides an application layer for services, applications, and network managment.
The network also has its own unique DNS that allows self hosting and mirroring of content from the Internet (Clearnet).
The I2P network functions the same way the Internet does.
The Java software includes a BitTorrent client, and email as well as a static website template.
Other applications can easily be added to your router console.
{%- endtrans %}</p>
<h3>{% trans -%}An Overview of the Network{%- endtrans %}</h3>
<p>{% trans %}I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports. I2P tunnels use transports, NTCP2 and SSU, to hide the nature of the traffic being transported over it. Connections are encrypted from router-to-router, and from client-to-client(end-to-end). Forward-secrecy is provided for all connections. Because I2P is cryptographically addressed, I2P addresses are self-authenticating and only belong to the user who generated them.
<p>{% trans %}
I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports.
I2P tunnels use transports, NTCP2 and SSU2, to conceal the traffic being transported over it.
Connections are encrypted from router-to-router, and from client-to-client(end-to-end).
Forward-secrecy is provided for all connections.
Because I2P is cryptographically addressed, I2P network addresses are self-authenticating and only belong to the user who generated them.
{%- endtrans %}</p>
<p>{% trans %}I2P is a secure and traffic protecting Internet-like layer. The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP, etc), passing messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
<p>{% trans %}
The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels.
Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP), passing messages.
Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages.
These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network.
I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
{%- endtrans %}</p>
<h3>{% trans -%}About Decentralization and I2P{%- endtrans %}</h3>
<h3>{% trans -%}About Decentralization and the I2P Network{%- endtrans %}</h3>
<p>{% trans %}The I2P network is almost completely decentralized, with exception to what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.{%- endtrans %}</p>
<p>{% trans %}
The I2P network is almost completely decentralized, with exception to what are called Reseed Servers.
This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem.
Basically, there is not a good and reliable way to get out of running at least one permanent bootstrap node that non-network participants can find to get started.
Once connected to the network, a router only discovers peers by building "exploratory" tunnels, but to make the initial connection, a reseed host is required to create connections and onboard a new router to the network.
Reseed servers can observe when a new router has downloaded a reseed from them, but nothing else about traffic on the I2P network.
{%- endtrans %}</p>
<h3>{% trans -%}I see IP addresses of all other I2P nodes in the router console. Does that mean my IP address is visible by others?{%- endtrans %}</h3>
<h3>{% trans -%}The I2P Network Does Not Exit Traffic{%- endtrans %}</h3>
<p>{% trans %}Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.{%- endtrans %}
<h3>{% trans -%}What I2P Does Not Do{%- endtrans %}</h3>
<p>{% trans %}The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.{%- endtrans %}</p>
<p>{% trans %}
Outproxies to the Internet are run by volunteers, and are centralized services.
The privacy benefits from participating in the the I2P network come from remaining in the network and not accessing the internet.
Tor Browser or a trusted VPN are better options for browsing the Internet privately.
{%- endtrans %}</p>
<h3>{% trans -%}Comparisons{%- endtrans %}</h3>
<p>{% trans -%}
There are a great many other applications and projects working on anonymous
communication and I2P has been inspired by much of their efforts. This is not
a comprehensive list of anonymity resources - both freehaven's
<a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a>
and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a>
serve that purpose well. That said, a few systems stand out for further
comparison. The following have individual comparison pages:
There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts.
This is not a comprehensive list of anonymity resources - both freehaven's <a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a> and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a> serve that purpose well.
That said, a few systems stand out for further comparison.
The following have individual comparison pages:
{%- endtrans %}</p>
<ul>

2
i2p2www/pages/site/about/team.html
View File

@ -403,7 +403,7 @@ network.
<td valign="top" colspan="2">{% trans %}&hellip; and many others{% endtrans %}</td>
</tr>
<tr>
<td><a href="site_url(about/hall-of-fame)">Hall of Fame!</a></td>
<td>{% trans famehall=site_url('about/hall-of-fame') -%}<a href="{{ famehall }}">Hall of Fame!</a>{%- endtrans %}</td>
</tr>
</table>
{% endblock %}

2
i2p2www/pages/site/docs/api/i2pcontrol.html
View File

@ -81,7 +81,7 @@ Parameters are only provided in a named way (maps).
<li>Token &ndash; [String] {% trans %}Token used for authenticating the client. Is provided by the server via the 'Authenticate' RPC method.{% endtrans %}</li>
</ul>
<ul>{{ _('Response:') }}
<li>Result &ndash; [double] {% trans %}Returns the average value for the reuested rateStat and period.{% endtrans %}</li>
<li>Result &ndash; [double] {% trans %}Returns the average value for the requested rateStat and period.{% endtrans %}</li>
</ul>
</ul>
<ul>I2PControl &ndash; {% trans %}Manages I2PControl. Ports, passwords and the like.{% endtrans %}

13
i2p2www/pages/site/docs/api/i2ptunnel.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}I2PTunnel{% endblock %}
{% block lastupdated %}2022-09{% endblock %}
{% block accuratefor %}1.9.0{% endblock %}
{% block lastupdated %}2022-10{% endblock %}
{% block accuratefor %}0.9.56{% endblock %}
{% block content %}
<h2 id="overview">{% trans %}Overview{% endtrans %}</h2>
@ -63,10 +63,9 @@ A HTTP-client tunnel. The tunnel connects to the destination specified by the UR
in a HTTP request. Supports proxying onto internet if an outproxy is provided. Strips HTTP connections of the following headers:
{%- endtrans %}</p>
<ul>
<li>{% trans -%}
<b>Accept, Accept-Charset, Accept-Language
and Accept-Ranges</b> as they vary greatly between browsers and can be used as an identifier.
{%- endtrans %}</li>
<li>
<b>Accept*:</b> (not including "Accept" and "Accept-Encoding") as they vary greatly between browsers and can be used as an identifier.
</li>
<li><b>Referer:</b></li>
<li><b>Via:</b></li>
<li><b>From:</b></li>
@ -164,7 +163,7 @@ The following allow list is for commands inbound from the IRC server to the IRC
</ul>
<p>
There is also a whitelist is for commands outbound from the IRC client to the IRC server.
There is also an allow list is for commands outbound from the IRC client to the IRC server.
It is quite large due to the number of IRC administrative commands.
See the IRCFilter.java source for details.
The outbound filter also modifies the following commands to strip identifying information:

167
i2p2www/pages/site/docs/api/samv3.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}SAM V3{% endblock %}
{% block lastupdated %}2022-09{% endblock %}
{% block accuratefor %}1.9.0{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block accuratefor %}API 0.9.57{% endblock %}
{% block content %}
<p>SAM is a simple client protocol for interacting with I2P.
SAM is the recommended protocol for non-Java applications to connect to the I2P network,
@ -12,6 +12,7 @@ Java applications should use the streaming or I2CP APIs directly.
was introduced in I2P release 0.7.3 (May 2009) and is a stable and supported interface.
3.1 is also stable and supports the signature type option, which is strongly recommended.
More recent 3.x versions support advanced features.
Note that i2pd does not currently support most 3.2 and 3.3 features.
</p><p>
Alternatives:
<a href="socks">SOCKS</a>,
@ -24,6 +25,11 @@ Deprecated versions:
</p>
<h2>Known SAM libraries</h2>
<p>
Warning: Some of these may be very old or unsupported.
None are tested, reviewed, or maintained by the I2P project unless noted below.
Do your own research.
</p>
<table class="unwrapped-table">
<colgroup>
<col style="width: 8%" />
@ -73,7 +79,7 @@ Deprecated versions:
<td>yes</td>
<td><a href="https://bitbucket.org/eyedeekay/sam3">bitbucket.org/eyedeekay/sam3</a></td>
</tr>
<tr class="even">
<tr class="odd">
<td>txi2p</td>
<td>Python</td>
<td>3.1</td>
@ -82,7 +88,7 @@ Deprecated versions:
<td>no</td>
<td><a href="https://github.com/str4d/txi2p">github.com/str4d/txi2p</a></td>
</tr>
<tr class="odd">
<tr class="even">
<td>i2p.socket</td>
<td>Python</td>
<td>3.2</td>
@ -91,16 +97,34 @@ Deprecated versions:
<td>yes</td>
<td><a href="https://github.com/majestrate/i2p.socket">github.com/majestrate/i2p.socket</a></td>
</tr>
<tr class="even">
<tr class="odd">
<td>i2plib</td>
<td>Python</td>
<td>3.1</td>
<td>yes</td>
<td>yes</td>
<td>yes</td>
<td>no</td>
<td>no</td>
<td><a href="https://github.com/l-n-s/i2plib">github.com/l-n-s/i2plib</a></td>
</tr>
<tr class="odd">
<td>i2plib-fork</td>
<td>Python</td>
<td>3.1</td>
<td>yes</td>
<td>no</td>
<td>no</td>
<td><a href="https://codeberg.org/weko/i2plib-fork">codeberg.org/weko/i2plib-fork</a></td>
</tr>
<tr class="even">
<td>Py2p</td>
<td>Python</td>
<td>3.3</td>
<td>yes</td>
<td>yes</td>
<td>yes</td>
<td><a href="https://i2pgit.org/robin/Py2p">i2pgit.org/robin/Py2p</a></td>
</tr>
<tr class="odd">
<td>i2p-rs</td>
<td>Rust</td>
<td>3.1</td>
@ -143,7 +167,7 @@ Deprecated versions:
<td>yes</td>
<td>no</td>
<td>yes</td>
<td><a href="https://codeberg.org/diva.exchange/i2p-sam">https://codeberg.org/diva.exchange/i2p-sam</a></td>
<td><a href="https://codeberg.org/diva.exchange/i2p-sam">codeberg.org/diva.exchange/i2p-sam</a></td>
</tr>
<tr class="even">
<td>node-i2p</td>
@ -208,6 +232,15 @@ Deprecated versions:
<td>yes</td>
<td><a href="https://notabug.org/acetone/i2pSAM-Qt">notabug.org/acetone/i2pSAM-Qt</a></td>
</tr>
<tr class="odd">
<td>bitcoin</td>
<td>C++</td>
<td>3.1</td>
<td>yes</td>
<td>no</td>
<td>no</td>
<td><a href="https://github.com/bitcoin/bitcoin/blob/master/src/i2p.cpp">source (not a library, but good reference code)</a></td>
</tr>
</tbody>
</table>
@ -226,6 +259,43 @@ To implement a basic TCP-only, peer-to-peer application, the client must support
<h2>General Guidance for Developers</h2>
<p>
SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
Most applications will only need one session, created at startup and closed on exit.
I2P is different from Tor, where circuits may be rapidly created and discarded.
Think carefully and consult with I2P developers before designing your application
to use more than one or two simultaneous sessions, or to rapidly create and discard them.
Most threat models will not require a unique session for every connection.
</p><p>
Also, please ensure your application settings
(and guidance to users about router settings, or router defaults if you bundle a router)
will result in your users contributing more resources to the network than they consume.
I2P is a peer-to-peer network, and the network cannot survive if a popular application
drives the network into permanent congestion.
</p><p>
The Java I2P and i2pd router implementations are independent and have minor differences
in behavior, feature support, and defaults.
Please test your application with the latest version of both routers.
</p><p>
i2pd SAM is enabled by default; Java I2P SAM is not.
Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
and/or provide a good error message to the user if the initial connect fails,
e.g. "ensure that I2P is running and the SAM interface is enabled".
</p><p>
The Java I2P and i2pd routers have different defaults for tunnel quantities.
The Java default is 2 and the i2pd default is 5.
For most low- to medium-bandwidth and low- to medium-connection counts,
2 or 3 is sufficient.
Please specify the tunnel quantity in the SESSION CREATE message
to get consistent performance with the Java I2P and i2pd routers.
See below.
</p><p>
For more guidance to developers on ensuring your application uses only the resources it needs, please see
<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
</p>
<h2>Version 3 Changes</h2>
@ -248,9 +318,10 @@ can forward back I2P datagrams to the client's datagram server.
<h3>Version 3.1 Changes</h3>
<p>
Version 3.1 was introduced in I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
Version 3.1 was introduced in Java I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
minimum SAM implementation because of its support for better signature types
than SAM 3.0.
i2pd also supports most 3.1 features.
<ul>
<li>DEST GENERATE and SESSION CREATE now support a SIGNATURE_TYPE parameter.
<li>The MIN and MAX parameters in HELLO VERSION are now optional.
@ -261,7 +332,8 @@ than SAM 3.0.
<h3>Version 3.2 Changes</h3>
<p>
Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
Version 3.2 was introduced in Java I2P release 0.9.24 (January 2016).
Note that i2pd does not currently support most 3.2 features.
</p>
<h4>I2CP Port and Protocol Support</h4>
@ -309,7 +381,8 @@ Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
<h3>Version 3.3 Changes</h3>
<p>
Version 3.3 was introduced in I2P release 0.9.25 (March 2016).
Version 3.3 was introduced in Java I2P release 0.9.25 (March 2016).
Note that i2pd does not currently support most 3.3 features.
<ul>
<li>The same session may be used for streams, datagrams, and raw simultaneously.
Incoming packets and streams will be routed based on I2P protocol and to-port.
@ -386,7 +459,7 @@ COMMAND without a SUBCOMMAND is supported for some new commands in SAM 3.2 only.
</p><p>
Key=value pairs must be separated by
a single space. (As of SAM 3.2, multiple spaces are allowed)
Values may be enclosed in double quotes if they contain spaces,
Values must be enclosed in double quotes if they contain spaces,
e.g. key="long value text".
(Prior to SAM 3.2, this did not work reliably in some implementations)
</p><p>
@ -442,7 +515,7 @@ If the SAM bridge cannot find a suitable version, it replies with:
</pre>
If some error occurred, such as a bad request format, it replies with:
<pre>
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
</pre>
</p>
@ -471,13 +544,13 @@ Clients should promptly send the HELLO and the next command after connecting.
</p><p>
If a timeout occurs before the HELLO is received, the bridge replies with:
<pre>
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
</pre>
and then disconnects.
</p><p>
If a timeout occurs after the HELLO is received but before the next command, the bridge replies with:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
</pre>
and then disconnects.
</p>
@ -512,6 +585,9 @@ and the session terminates when the socket is disconnected.
</p><p>
Each registered I2P Destination is uniquely associated with a session ID
(or nickname).
Session IDs, including subsession IDs for PRIMARY sessions, must be globally unique
on the SAM server. To prevent possible ID collisions with other clients,
best practice is for the client to generate IDs randomly.
</p><p>
Each session is uniquely associated with:
@ -554,6 +630,9 @@ optionally followed by the <a href="{{ site_url('docs/spec/common-structures') }
which is 663 or more bytes in binary and 884 or more bytes in base 64,
depending on signature type.
The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
See additional notes about the
<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
in the Destination Key Generation section below.
</p><p>
If the signing private key is all zeros, the
@ -581,7 +660,8 @@ As of version 3.1 (I2P 0.9.14), if the destination is TRANSIENT, an optional par
SIGNATURE_TYPE is supported. The SIGNATURE_TYPE value may be any name
(e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
The default is DSA_SHA1.
The default is DSA_SHA1, which is NOT what you want.
For most applications, please specify SIGNATURE_TYPE=7.
</p><p>
$nickname is the choice of the client. No whitespace is allowed.
@ -589,7 +669,17 @@ $nickname is the choice of the client. No whitespace is allowed.
</p><p>
Additional options given are passed to the I2P session
configuration if not interpreted by the SAM bridge (e.g.
outbound.length=0). These options <a href="#options">are documented below</a>.
outbound.length=0).
</p><p>
The Java I2P and i2pd routers have different defaults for tunnel quantities.
The Java default is 2 and the i2pd default is 5.
For most low- to medium-bandwidth and low- to medium-connection counts,
2 or 3 is sufficient.
Please specify the tunnel quantities in the SESSION CREATE message
to get consistent performance with the Java I2P and i2pd routers,
using the options e.g. inbound.length=3 outbound.length=3.
These and other options <a href="#options">are documented in the links below</a>.
</p><p>
</p><p>
The SAM bridge itself should already be configured with what router
@ -645,18 +735,25 @@ If the destination is not a valid private destination key:
</p><p>
If some other error has occurred:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
</pre>
</p><p>
If it's not OK, the MESSAGE should contain human-readable information
as to why the session could not be created.
</p><p>
Note that the router builds tunnels before responding with SESSION STATUS.
This could take several seconds, or, at router startup or during severe network congestion,
a minute or more.
If unsuccessful, the router will not respond with a failure message for several minutes.
Do not set a short timeout waiting for the response.
Do not abandon the session while tunnel build is in progress and retry.
</p><p>
SAM sessions live and die with the socket they are associated with.
When the socket is closed, the session dies, and all communications
using the session die at the same time. And the other way round, when
using the session die at the same time. And the other way around, when
the session dies for any reason, the SAM bridge closes the socket.
</p>
@ -751,6 +848,11 @@ peer. If the connection was not possible (timeout, etc),
RESULT will contain the appropriate error value (accompanied by an
optional human-readable MESSAGE), and the SAM bridge closes the
socket.
</p><p>
The router stream connect timeout internally is approximately one minute, implementation-dependent.
Do not set a shorter timeout waiting for the response.
</p>
<h3>SAM Virtual Streams : ACCEPT</h3>
@ -1451,7 +1553,7 @@ which is answered by
RESULT=$result
NAME=$name
[VALUE=$destination]
[MESSAGE=$message]
[MESSAGE="$message"]
</pre>
@ -1507,7 +1609,8 @@ which is answered by
As of version 3.1 (I2P 0.9.14), an optional parameter SIGNATURE_TYPE is supported.
The SIGNATURE_TYPE value may be any name (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
that is supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
The default is DSA_SHA1.
The default is DSA_SHA1, which is NOT what you want.
For most applications, please specify SIGNATURE_TYPE=7.
</p><p>
The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
@ -1522,6 +1625,22 @@ which is 884 or more base 64 characters (663 or more bytes in binary),
depending on signature type.
The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
</p><p>
Notes about the 256-byte binary
<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>:
This field has been unused since version 0.6 (2005).
SAM implementations may send random data or all zeros in this field;
do not be alarmed about a string of AAAA in the base 64.
Most applications will simply store the base 64 string and return it as-is in the SESSION CREATE, or
decode to binary for storage, then encode again for SESSION CREATE.
Applications may, however, decode the base 64, parse the binary following
the PrivateKeyFile specification, discard the 256-byte private key portion,
and then replace it with 256 bytes of random data or all zeros when re-encoding it for the SESSION CREATE.
ALL other fields in the PrivateKeyFile specification must be preserved.
This would save 256 bytes of file system storage but is probably not worth the trouble for most applications.
See proposal 161 for addtional information and background.
</p><p>
DEST GENERATE does not require that a session has been created first.
</p>
@ -1547,7 +1666,7 @@ Either side may close the session and socket if no response is received in a rea
</p><p>
If a timeout occurs waiting for a PONG from the client, the bridge may send:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
</pre>
and then disconnect.
</p><p>
@ -1628,11 +1747,11 @@ their meaning:
<h3 id="options">Tunnel, I2CP, and Streaming Options</h3>
<p>
These options may be passed in as name=value pairs at the end of a
These options may be passed in as name=value pairs in the
SAM SESSION CREATE line.
</p><p>
All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths</a>.
All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths and quantities</a>.
STREAM sessions may include <a href="{{ site_url('docs/api/streaming') }}#options">Streaming library options</a>.
</p><p>
See those references for option names and defaults.

58
i2p2www/pages/site/docs/applications/bittorrent.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}Bittorrent over I2P{% endtrans %}{% endblock %}
{% block lastupdated %}2022-01{% endblock %}
{% block accuratefor %}0.9.52{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block accuratefor %}0.9.57{% endblock %}
{% block content %}
<p>{% trans -%}
@ -23,6 +23,60 @@ We welcome additional ports of client and tracker software to I2P.
<h2>General Guidance for Developers</h2>
<p>
Most non-Java bittorrent clients will connect to I2P via <a href="{{ site_url('docs/api/samv3') }}">SAMv3</a>.
SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
Most bittorrent clients will only need one session, created at startup and closed on exit.
I2P is different from Tor, where circuits may be rapidly created and discarded.
Think carefully and consult with I2P developers before designing your application
to use more than one or two simultaneous sessions, or to rapidly create and discard them.
Bittorrent clients must not create a unique session for every connection.
Design your client to use the same session for announces and client connections.
</p><p>
Also, please ensure your client settings
(and guidance to users about router settings, or router defaults if you bundle a router)
will result in your users contributing more resources to the network than they consume.
I2P is a peer-to-peer network, and the network cannot survive if a popular application
drives the network into permanent congestion.
</p><p>
Do not provide support for bittorrent through an I2P outproxy to the clearnet
as it will probably be blocked. Consult with outproxy operators for guidance.
</p><p>
The Java I2P and i2pd router implementations are independent and have minor differences
in behavior, feature support, and defaults.
Please test your application with the latest version of both routers.
</p><p>
i2pd SAM is enabled by default; Java I2P SAM is not.
Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
and/or provide a good error message to the user if the initial connect fails,
e.g. "ensure that I2P is running and the SAM interface is enabled".
</p><p>
The Java I2P and i2pd routers have different defaults for tunnel quantities.
The Java default is 2 and the i2pd default is 5.
For most low- to medium-bandwidth and low- to medium-connection counts, 3 is sufficient.
Please specify the tunnel quantity in the SESSION CREATE message
to get consistent performance with the Java I2P and i2pd routers.
</p><p>
DHT support requires SAM v3.3 PRIMARY and SUBSESSIONS for TCP and UDP over the same session.
This will require substantial development effort on the client side, unless the client is written in Java.
i2pd does not currently support SAM v3.3.
libtorrent does not currently support SAM v3.3.
</p><p>
Without DHT support, you may wish to automatically announce to
a configurable list of known open trackers so that magnet links will work.
Consult with I2P users for information on currently-up open trackers and keep your defaults up-to-date.
Supporting the i2p_pex extension will also help alleviate the lack of DHT support.
</p><p>
For more guidance to developers on ensuring your application uses only the resources it needs, please see
the <a href="{{ site_url('docs/api/samv3') }}">SAMv3 specification</a> and
<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
Contact I2P or i2pd developers for further assistance.
</p>
<h2>{% trans %}Announces{% endtrans %}</h2>
<p>{% trans -%}
Clients generally include a fake port=6881 parameter in the announce, for compatibility with older trackers.

120
i2p2www/pages/site/docs/applications/embedding.html
View File

@ -1,14 +1,16 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}Embedding I2P in your Application{% endtrans %}{% endblock %}
{% block lastupdated %}2019-11{% endblock %}
{% block accuratefor %}0.9.44{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block accuratefor %}2.1.0{% endblock %}
{% block content %}
<h2>{% trans %}Overview{% endtrans %}</h2>
<p>{% trans -%}
This page is about bundling the entire I2P router binary with your application.
It is not about writing an application to work with I2P (either bundled or external).
{%- endtrans %}</p>
{%- endtrans %}
However, many of the guidelines may be useful even if not bundling a router.
</p>
<p>{% trans -%}
Lots of projects are bundling, or talking about bundling, I2P. That's great if done right.
@ -17,8 +19,10 @@ The I2P router is complex, and it can be a challenge to hide all the complexity
This page discusses some general guidelines.
{%- endtrans %}</p>
<p>
Most of these guidelines apply equally to Java I2P or i2pd.
However, some guidelines are specific to Java I2P and are noted below.
</p>
<h3>{% trans %}Talk to us{% endtrans %}</h3>
<p>{% trans -%}
@ -41,6 +45,7 @@ Some of the following only applies to the Java router.
Ensure you meet the license requirements of the software you are bundling.
{%- endtrans %}</p>
<h2>Configuration</h2>
<h3>{% trans %}Verify default configuration{% endtrans %}</h3>
<p>{% trans -%}
@ -92,7 +97,20 @@ If you do this and your application gets hugely popular, it could break the netw
You must save the router's data (netdb, configuration, etc.) between runs of the router.
I2P does not work well if you must reseed each startup, and that's a huge load on our reseed servers, and not very good for anonymity either.
Even if you bundle router infos, I2P needs saved profile data for best performance.
Without persistence, your users will have a poor startup experience.
{%- endtrans %}</p>
<p>
There are two possibilities if you cannot provide persistence.
Either of these eliminates your project's load on our reseed servers and will significantly improve startup time.
</p><p>
1) Set up your own project reseed server(s) that serve much more than the usual number
of router infos in the reseed, say, several hundred. Configure the router to use only your servers.
</p><p>
2) Bundle one to two thousand router infos in your installer.
</p><p>
Also, delay or stagger your tunnel startup, to give the router a chance to integrate
before building a lot of tunnels.
</p>
@ -125,8 +143,64 @@ Be aware of possible blocking by hostile governments.
<h3>Use Shared Clients</h3>
<p>
Java I2P i2ptunnel supports shared clients, where clients may be configured to use a single pool.
If you require multiple clients, and if consistent with your security goals,
configure the clients to be shared.
</p>
<h3>Limit Tunnel Quantity</h3>
<p>
Specify tunnel quantity explicitly with the options <tt>inbound.quantity</tt> and <tt>outbound.quantity</tt>.
The default in Java I2P is 2; the default in i2pd is higher.
Specify in the SESSION CREATE line using SAM to get consistent settings with both routers.
Two each in/out is sufficient for most low-to-medium bandwidth and low-to-medium fanout applications.
Servers and high-fanout P2P applications may need more.
See <a href="http://zzz.i2p/topics/1584">this forum post</a> for guidance on calculating requirements
for high-traffic servers and applications.
</p>
<h3>Specify SAM SIGNATURE_TYPE</h3>
<p>
SAM defaults to DSA_SHA1 for destinations, which is not what you want.
Ed25519 (type 7) is the correct selection.
Add SIGNATURE_TYPE=7 to the DEST GENERATE command,
or to the SESSION CREATE command for DESTINATION=TRANSIENT.
</p>
<h3>Limit SAM Sessions</h3>
<p>
Most applications will only need one SAM session.
SAM provides the ability to quickly overwhelm the local router, or even the broader network,
if a large number of sessions are created.
If multiple sub-services can use a single session, set them up with
a PRIMARY session and SUBSESSIONS (not currently supported on i2pd).
A reasonable limit to sessions is 3 or 4 total, or maybe up to 10 for rare situations.
If you do have multiple sessions, be sure to specify a low tunnel quantity for each, see above.
</p><p>
In almost no situation should you require a unique session per-connection.
Without careful design, this could quickly DDoS the network.
Carefully consider if your security goals require unique sessions.
Please consult with the Java I2P or i2pd developers before implementing per-connection sessions.
</p>
<h3>{% trans %}Reduce Network Resource Usage{% endtrans %}</h3>
<p>
Note that these options are not currently supported on i2pd.
These options are supported via I2CP and SAM (except delay-open, which is via i2ptunnel only).
See the I2CP documentation (and, for delay-open, the i2ptunnel configuration documentation) for details.
</p>
<p>{% trans -%}
Consider setting your application tunnels to delay-open, reduce-on-idle and/or close-on-idle.
This is straightforward if using i2ptunnel but you'll have to implement some of it yourself if using I2CP directly.
@ -134,6 +208,7 @@ See i2psnark for code that reduces tunnel count and then closes the tunnel, even
{%- endtrans %}</p>
<h2>Life Cycle</h2>
<h3>{% trans %}Updatability{% endtrans %}</h3>
<p>{% trans -%}
@ -168,6 +243,8 @@ If your average uptime is less than an hour, I2P is probably the wrong solution.
{%- endtrans %}</p>
<h2>User Interface</h2>
<h3>{% trans %}Show Status{% endtrans %}</h3>
<p>{% trans -%}
@ -196,6 +273,8 @@ it may be helpful to provide an option or a separate package to use an external
{%- endtrans %}</p>
<h2>Other Topics</h2>
<h3>{% trans %}Use of other Common Services{% endtrans %}</h3>
<p>{% trans -%}
@ -207,6 +286,9 @@ and talk to the people who are running them to make sure it's ok.
<h3>{% trans %}Time / NTP Issues{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P. i2pd does not include an SNTP client.
</p>
<p>{% trans -%}
I2P includes an SNTP client. I2P requires correct time to operate.
It will compensate for a skewed system clock but this may delay startup. You may disable I2P's SNTP queries,
@ -216,6 +298,9 @@ but this isn't advised unless your application makes sure the system clock is co
<h3>{% trans %}Choose What and How you Bundle{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
At a minimum you will need i2p.jar, router.jar, streaming.jar, and mstreaming.jar.
You may omit the two streaming jars for a datagram-only app.
@ -243,15 +328,18 @@ License requirements may require you to include the LICENSES.txt file and the li
<li>{% trans -%}
You may also wish to bundle a hosts.txt file.
{%- endtrans %}</li>
<li>{% trans -%}
Be sure to specify a Java 7 bootclasspath if compiling with Java 8.
{%- endtrans %}</li>
<li>
Be sure to specify a bootclasspath if you are compiling Java I2P for your release, rather than taking our binaries.
</li>
</ul>
</p>
<h3>{% trans %}Android considerations{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
Our Android router app may be shared by multiple clients.
If it is not installed, the user will be prompted when he starts a client app.
@ -269,6 +357,9 @@ If you require assistance, please contact us.
<h3>{% trans %}Maven jars{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
We have a limited number of our jars on <a href="http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22net.i2p%22">Maven Central</a>.
There are numerous trac tickets for us to address that will improve and expand the released jars on Maven Central.
@ -293,6 +384,15 @@ Build your own. If you are hardcoding seed nodes, we recommend that you have sev
<h3>Outproxies</h3>
<p>
I2P outproxies to the clearnet are a limited resource.
Use outproxies only for normal user-initiated web browsing or other limited traffic.
For any other usage, consult with and get approval from the outproxy operator.
</p>
<h3>{% trans %}Comarketing{% endtrans %}</h3>
<p>{% trans -%}
Let's work together. Don't wait until it's done.
@ -314,6 +414,7 @@ Hang out in IRC #i2p-dev. Post on the forums. Spread the word.
We can help get you users, testers, translators, or even coders.
{%- endtrans %}</p>
<h2>Examples</h2>
<h3>{% trans %}Application Examples{% endtrans %}</h3>
@ -326,6 +427,9 @@ Other examples are: Vuze, the Nightweb Android app, iMule, TAILS, iCloak, and Mo
<h3>{% trans %}Code Example{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
None of the above actually tells you how to write your code to
bundle the Java router, so following is a brief example.

2
i2p2www/pages/site/docs/applications/git-bundle.html
View File

@ -28,7 +28,7 @@
<h2 id="generating-a-bundle">{% trans -%}Generating a Bundle{%- endtrans %}</h2>
<p>{% trans -%} First, follow the <a href="GIT.md">Git guide for Users</a> until you have a successfully <code>--unshallow</code>ed clone of clone of the i2p.i2p repository. If you already have a clone, make sure you run <code>git fetch --unshallow</code> before you generate a torrent bundle. {%- endtrans %}</p>
<p>{% trans -%}Once you have that, simply run the corresponding ant target:{%- endtrans %}</p>
<pre><code>ant bundle</code></pre>
<pre><code>ant git-bundle</code></pre>
<p>{% trans -%} and copy the resulting bundle into your I2PSnark downloads directory. For instance: {%- endtrans %}</p>
<pre><code>cp i2p.i2p.bundle* $HOME/.i2p/i2psnark/</code></pre>
<p>{% trans -%} In a minute or two, I2PSnark will pick up on the torrent. Click on the “Start” button to begin seeding the torrent. {%- endtrans %}</p>

2
i2p2www/pages/site/docs/how/intro.html
View File

@ -178,7 +178,7 @@ scheduled development meetings, however <a href="{{ meetings }}">archives are av
{%- endtrans %}</p>
<p>{% trans monotone=site_url('get-involved/guides/monotone') -%}
The current source is available in <a href="{{ monotone }}">monotone</a>.
The current source is available in <a href="{{ monotone }}">git</a>.
{%- endtrans %}</p>
<h2>{% trans %}Additional Information{% endtrans %}</h2>

80
i2p2www/pages/site/docs/how/network-database.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}The Network Database{% endtrans %}{% endblock %}
{% block lastupdated %}{% trans %}August 2019{% endtrans %}{% endblock %}
{% block accuratefor %}0.9.42{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block accuratefor %}0.9.57{% endblock %}
{% block content %}
<h2>{% trans %}Overview{% endtrans %}</h2>
@ -61,10 +61,6 @@ to be present:
"Shared bandwidth" == (share %) * min(in bw, out bw)
<br>
For compatibility with older routers, a router may publish multiple bandwidth letters, for example "PO".
</li>
<li><b>coreVersion</b>
({% trans %}The core library version, always the same as the router version{% endtrans %})
(Never used, removed in release 0.9.24)
</li>
<li><b>netId</b> = 2
({% trans %}Basic network compatibility - A router will refuse to communicate with a peer having a different netId{% endtrans %})
@ -72,13 +68,21 @@ For compatibility with older routers, a router may publish multiple bandwidth le
<li><b>router.version</b>
({% trans %}Used to determine compatibility with newer features and messages{% endtrans %})
</li>
<li><b>stat_uptime</b> = 90m
({% trans %}Always sent as 90m, for compatibility with an older scheme where routers published their actual uptime,
and only sent tunnel requests to peers whose uptime was more than 60m{% endtrans %})
</ul>
Deprecated options:
<ul>
<li><strike>coreVersion</strike>
(Never used, removed in release 0.9.24)
</li>
<li><strike>stat_uptime</strike> = 90m
(Unused since version 0.7.9, removed in release 0.9.24)
</li>
</ul>
<p>{% trans -%}
These values are used by other routers for basic decisions.
Should we connect to this router? Should we attempt to route a tunnel through this router?
@ -116,16 +120,60 @@ Current statistics are limited to:
<li>{% trans %}1 hour average number of participating tunnels{% endtrans %}
</ul>
<p>{% trans -%}
Floodfill routers publish additional data on the number of entries in their network database.
{%- endtrans %}</p>
<p>
These are optional, but if included, help analysis of network-wide performance.
As of API 0.9.58, these statistics are simplified and standardized, as follows:
</p>
<ul>
<li>Option keys are stat_(statname).(statperiod)
<li>Option values are ';' -separated
<li>Stats for event counts or normalized percentages use the 4th value;
the first three values are unused but must be present
<li>Stats for average values use the 1st value, and no ';' separator is required
<li>For equal weighting of all routers in stats analysis,
and for additional anonymity,
routers should include these stats only after an uptime of one hour or more,
and only one time every 16 times that the RI is published.
</ul>
<p>
Example:
<pre>
stat_tunnel.buildExploratoryExpire.60m = 0;0;0;53.14
stat_tunnel.buildExploratoryReject.60m = 0;0;0;15.51
stat_tunnel.buildExploratorySuccess.60m = 0;0;0;31.35
stat_tunnel.participatingTunnels.60m = 289.20
</pre>
</p>
<p>{% trans -%}
The data published can be seen in the router's user interface,
but is not used or trusted within the router.
As the network has matured, we have gradually removed most of the published
statistics to improve anonymity, and we plan to remove more in future releases.
Floodfill routers may publish additional data on the number of entries in their network database.
These are optional, but if included, help analysis of network-wide performance.
{%- endtrans %}</p>
<p>
The following two options should be included by floodfill routers in every published RI:
</p>
<ul>
<li><b>netdb.knownLeaseSets</b>
<li><b>netdb.knownRouters</b>
</ul>
<p>
Example:
<pre>
netdb.knownLeaseSets = 158
netdb.knownRouters = 11374
</pre>
</p>
<p>
The data published can be seen in the router's user interface,
but is not used or trusted by any other router.
</p>
<h3>{% trans %}Family Options{% endtrans %}</h3>

2
i2p2www/pages/site/docs/plugins.html
View File

@ -149,7 +149,7 @@ or easily add some feature.
<h3>{% trans %}Getting Started{% endtrans %}</h3>
<p>{% trans url='https://github.com/i2p/i2p.scripts/tree/master/plugin/makeplugin.sh' -%}
To create a plugin from an existing binary package you will need to get
makeplugin.sh from <a href="{{ url }}">the i2p.scripts branch in monotone</a>.
makeplugin.sh from <a href="{{ url }}">the i2p.scripts repository in git</a>.
{%- endtrans %}</p>

6
i2p2www/pages/site/faq.html
View File

@ -473,13 +473,13 @@ These are described in detail below.
</tr>
<tr>
<td>
8998
7670 (8998)
</td>
<td>
mtn.i2p-projekt.i2p (Monotone)
gitssh.idk.i2p git over ssh
</td>
<td>
{% trans -%}May be disabled or changed on the i2ptunnel page in the router console.
{% trans -%}This used to be port 8998 for monotone. Elder installations may still have that and not this one. May be disabled or changed on the i2ptunnel page in the router console.
May also be configured to be bound to a specific interface or all interfaces.{%- endtrans %}
</td>
</tr>

2
i2p2www/pages/site/get-involved/develop/licenses.html
View File

@ -309,7 +309,7 @@ Except where otherwise noted, content on this site is licensed under a
<p>{% trans git=site_url('docs/applications/git') -%}
Developers may push changes to a distributed git repository if you
receive permission from the person running that repository.
See the <a href="{{ git }}">Monotone Page</a> for details.
See the <a href="{{ git }}">Git Page</a> for details.
{%- endtrans %}</p>
<p>{% trans -%}

4
i2p2www/pages/site/get-involved/develop/release-signing-key.html
View File

@ -8,9 +8,9 @@ Windows installers for releases 0.9.38 and later are signed by zlatinb.
</p>
<p>{% trans -%}
Mac OSX installers for releases 0.9.38 and later are signed by mikalv.
Mac OSX installers for releases 0.9.38 and later are signed by zlatinb.
{%- endtrans %}<br>
<a href="{{ url_for('static', filename='mikalv.key.crt') }}" >{% trans %}Download code signing certificate{% endtrans %}</a>
<a href="{{ url_for('static', filename='zlatinb.key.crt') }}" >{% trans %}Download code signing certificate{% endtrans %}</a>
</p>
<p>{% trans -%}

10
i2p2www/pages/site/get-involved/guides/new-developers.html
View File

@ -46,13 +46,13 @@ These will give you a good overview of how I2P is structured and what different
<p>{% trans -%}
For development on the I2P router or the embedded applications,
there are two ways to get the source code:
you need to get the source code:
{%- endtrans %}</p>
<h3 id="git">{% trans %}The new way: Git{% endtrans %}</h3>
<h3 id="git">{% trans %}Our current way: Git{% endtrans %}</h3>
<p>{% trans trac="https://i2pgit.org" -%}I2P now has official Git services and accepts contributions via Git at our own gitlab.
Trac issues have also been migrated to <a href="{{ trac }}">gitlab</a>, however Trac still available for now. Two-way syncing of
<p>{% trans trac="https://i2pgit.org" -%}I2P has official Git services and accepts contributions via Git at <a href="{{ trac }}">our own gitlab</a>.
Trac issues have also been migrated there and the former Trac is not available anymore by now. Two-way syncing of
issues between Gitlab and Github is a work-in-progress.{%- endtrans %}</p>
<li>{% trans git_url='https://git-scm.com/' -%}
@ -103,7 +103,7 @@ see the <a href="{{ apps }}">application development guide</a>.
<p>{% trans zzz=i2pconv('zzz.i2p'), todo=site_url('get-involved/todo'), trac='https://i2pgit.org/i2p-hackers/i2p.i2p/issues' -%}
See <a href="http://{{ zzz }}/forums/3">zzz's TODO lists</a>,
<a href="{{ todo }}">this website's TODO list</a> or
<a href="{{ trac }}">Trac</a>
<a href="{{ trac }}">the issue list on GitLab</a>
for ideas.
{%- endtrans %}</p>

36
i2p2www/pages/site/get-involved/guides/new-translators.html
View File

@ -1,7 +1,11 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}New Translator's Guide{% endtrans %}{% endblock %}
{% block content %}
{% trans %}Here's a very quick guide to getting started.{% endtrans %}
{% trans %}Here's a very quick guide to getting started.
Note that for both (website/console) there is an <b>easy way</b> using a
translation web-site (and requiring nothing else than to use that) and
the <b>other way</b> which requires you to set up a build-environment
(installing software etc.).{% endtrans %}
<h2>{% trans %}How to Translate the Website{% endtrans %}</h2>
@ -24,8 +28,8 @@ please update the translation status on <a href="{{ url }}">this wiki page</a>.
{%- endtrans %}</li>
<li>{% trans newdevs=site_url('get-involved/guides/new-developers') -%}
Follow the <a href="{{ newdevs }}">new developer's guide</a>,
Including the installation of monotone,
checking out i2p.www branch, and generate your own monotone keys.
including the installation of git and the gettext tools. You will need
the i2p.www repository.
It is not required that you sign a dev agreement.
{%- endtrans %}</li>
</ol>
@ -56,10 +60,9 @@ To work with .po files efficiently, you may wish to use <a href="http://www.poed
{%- endtrans %}</li>
<li>{% trans -%}
<b>Check in:</b>
"<code>mtn pull</code>", "<code>mtn update</code>". Then check in by "<code>mtn ci -k yourname@mail.i2p file1 file2 ...</code>"
This collects the diff info of your changed file into your local repo. Then "<code>mtn sync mtn.i2p2.de -k yourname-transport@mail.i2p i2p.i2p</code>".
This synchronizes your local repo with the repo on the target machine.
<b>Git Workflow:</b>
You can then add all new and changed files to your next commit using <code>git add .</code> (or specify which files instead of the dot).
Please note the suggested workflow for git on our git-page.
{%- endtrans %}</li>
<li>{% trans -%}
@ -89,8 +92,8 @@ please update the translation status on <a href="{{ url }}">this wiki page</a>.
{%- endtrans %}</li>
<li>{% trans newdevs=site_url('get-involved/guides/new-developers') -%}
Follow the <a href="{{ newdevs }}">new developer's guide</a>,
including the installation of monotone and the gettext tools,
checking out i2p.i2p branch, and generate your own monotone keys.
including the installation of git and the gettext tools. You will need
the i2p.i2p repository.
{%- endtrans %}</li>
<li>{% trans -%}
Generate your own gpg key and sign the dev agreement.
@ -149,10 +152,9 @@ To work with .po files efficiently, you may wish to use <a href="http://www.poed
{%- endtrans %}</li>
<li>{% trans -%}
<b>Check in:</b>
"<code>mtn pull</code>", "<code>mtn update</code>". Then check in by "<code>mtn ci -k yourname@mail.i2p file1 file2 ...</code>"
This collects the diff info of your changed file into your local repo. Then "<code>mtn sync mtn.i2p2.de -k yourname-transport@mail.i2p i2p.i2p</code>".
This synchronizes your local repo with the repo on the target machine.
<b>Git Workflow:</b>
You can then add all new and changed files to your next commit using <code>git add .</code> (or specify which files instead of the dot).
Please note the suggested workflow for git on our git-page.
{%- endtrans %}</li>
<li>{% trans -%}
@ -169,14 +171,14 @@ If you have questions about the meaning of the terms in the console, ask in <cod
<h2>{% trans %}FAQ{% endtrans %}</h2>
<p><b>{% trans -%}
Q: Why do I have to install monotone, Java, jsp, learn about .po files and html, etc.? Why can't I just do a translation and email it to you?
Q: Why do I have to install git, Java, jsp, learn about .po files and html, etc.? Why can't I just do a translation and email it to you?
{%- endtrans %}</b></p>
<p><b>{% trans %}A: Several reasons:{% endtrans %}</b></p>
<p><b>{% trans %}A: You do not / Several reasons:{% endtrans %}</b></p>
<ul>
<li>{% trans transifex='https://www.transifex.com/projects/p/I2P/' -%}
You might be interested in translating via Transifex. Request to join a translation team <a href="{{ transifex }}">here</a>.
First of all: you don't have to, you can translate via Transifex (aka "using a web-site to translate"). Request to join a translation team <a href="{{ transifex }}">here</a>. Aside from that ...
{%- endtrans %}</li>
<li>{% trans -%}
@ -200,7 +202,7 @@ HTML files are not difficult. Just ignore the html stuff and translate the text.
{%- endtrans %}</li>
<li>{% trans -%}
Installing and using monotone is not that difficult. Several of the translators and other contributors to I2P are non-programmers, and they use monotone regularly. Monotone is simply a source control system, it is not about "coding".
Installing and using git is not that difficult. Several of the translators and other contributors to I2P are non-programmers, and they use git regularly. Git is simply a source control system, it is not about "coding".
{%- endtrans %}</li>
<li>{% trans -%}

171
i2p2www/pages/site/get-involved/guides/reseed-debian.html Normal file
View File

@ -0,0 +1,171 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using a Debian Package') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
There are no other known Debian-style packages for installing and configuring a reseed server.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Reseed on Debian using {% endtrans %} <code>checkinstall</code>, <code>apt-get</code></h2>
<p>{% trans %}
It is possible to easily and automatically configure a reseed server
with a self-signed certificate on any Debian-based operating system,
including Ubuntu and it&rsquo;s downstreams. This is achieved using the
{% endtrans %}<code>
checkinstall
</code>{% trans %}
tool to set up the software dependencies and the operating system to
run the
{% endtrans %}<code>
I2P
</code>
{% trans %}service and the{% endtrans %}
<code>
reseed
</code>
{% trans %}service.{% endtrans %}
</p>
<h2>
{% trans %}Using a binary package{% endtrans %}
</h2>
<p>{% trans %}
If you do not wish to build from source, you can use a binary package
from me(idk). This package is built from this repo with the
{% endtrans %}<code>
make checkinstall
</code>
{% trans %}target and uploaded by me. I build it on an up-to-date Debian sid system at tag time.
It contains a static binary and files for configuring it as a system service.
{% endtrans %}
</p>
<pre><code class="language-sh">
wget https://github.com/eyedeekay/reseed-tools/releases/download/v0.2.30/reseed-tools_0.2.30-1_amd64.deb
# Obtain the checksum from the release web page and store it in the SHA256SUMS file
echo &quot;38941246e980dfc0456e066f514fc96a4ba25d25a7ef993abd75130770fa4d4d reseed-tools_0.2.30-1_amd64.deb&quot; &gt; SHA256SUMS
sha256sums -c SHA256SUMS
sudo apt-get install ./reseed-tools_0.2.30-1_amd64.deb
</code></pre>
<h2>
{% trans %}Building the .deb package from the source(Optional){% endtrans %}
</h2>
<p>{% trans %}
If your software is too old, it&rsquo;s possible that the binary package I build will
not work for you. It&rsquo;s very easy to generate your own from the source code in this
repository.
{% endtrans %}</p>
<p>
<strong>
1.
</strong>
{% trans %}Install the build dependencies{% endtrans %}
</p>
<pre><code class="language-sh">
sudo apt-get install fakeroot checkinstall go git make
</code></pre>
<p>
<strong>
2.
</strong>
{% trans %}Clone the source code{% endtrans %}
</p>
<pre><code class="language-sh">
git clone https://i2pgit.org/idk/reseed-tools ~/go/src/i2pgit.org/idk/reseed-tools
</code></pre>
<p>
<strong>
3.
</strong>
{% trans %}Generate the .deb package using the make checkinstall target {% endtrans %}
</p>
<pre><code class="language-sh">
cd ~/go/src/i2pgit.org/idk/reseed-tools
make checkinstall
</code></pre>
<p>
<strong>
4.
</strong>
{% trans %}Install the .deb package{% endtrans %}
</p>
<pre><code class="language-sh">
sudo apt-get install ./reseed-tools_*.deb
</code></pre>
<h2>
{% trans %}Running the Service{% endtrans %}
</h2>
<p>
<strong>
1.
</strong>{% trans %}
First, ensure that the I2P service is already running. The longer the better,
if you have to re-start the service, or if the service has very few peers, allow it to
run for 24 hours before advancing to step
{% endtrans %}
<strong>
2.
</strong>
</p>
<pre><code class="language-sh">
sudo systemctl start i2p
# or, if you use sysvinit
sudo service i2p start
</code></pre>
<p>
<strong>
2.
</strong>
{% trans %}Once your I2P router is &ldquo;Well-Integrated,&rdquo; start the reseed service.{% endtrans %}
</p>
<pre><code class="language-sh">
sudo systemctl start reseed
# or, if you use sysvinit
sudo service reseed start
</code></pre>
<p>
{% trans %}Your reseed will auto-configure with a self-signed certificate on port{% endtrans %}
<code>
:8443
</code>
. {% trans %}The certificates themselves are available in{% endtrans %}
<code>
/var/lib/i2p/i2p-config/reseed
</code>
. {% trans %}When you are ready, you should copy the{% endtrans %}
<code>
*.crt
</code>
{% trans %}files from that directory and share them with the I2P community on{% endtrans %}
<a href="http://zzz.i2p">
<code>
zzz.i2p
</code>
</a>
. {% trans %}These will allow I2P users to authenticate your reseed services and secure the I2P network.{% endtrans %}
</p>
<p>
{% trans %}Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
Provide us with details about your new reseed server:{% endtrans %}
<ul>
<li>{% trans %}Reseed website URL{% endtrans %}</li>
<li>{% trans %}Public SSL certificate{% endtrans %}</li>
<li>{% trans %}Public reseed su3 certificate{% endtrans %}</li>
<li>{% trans %}Your contact email{% endtrans %}</li>
<li>{% trans %}A statement that you agree to the privacy policy above{% endtrans %}</li>
</ul>
<p>
{% endblock %}

122
i2p2www/pages/site/get-involved/guides/reseed-docker.html Normal file
View File

@ -0,0 +1,122 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using a Docker Image') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
They should be very similar to the guidelines for DivaExchange's <a href="https://codeberg.org/diva.exchange/i2p-reseed">i2p-reseed</a> server.
These guidelines make use of Docker to manage the reseed server in lieu of the initsystem.
If you are not interested in using Docker they will be of no use to you.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Installation from a Docker Image{% endtrans %}</h2>
<p>{% trans %}
To make it easier to deploy reseeds, it is possible to run the reseed-tools as a
Docker image. Because the software requires access to a network database to host
a reseed, you will need to mount the netDb as a volume inside your docker
container to provide access to it, and you will need to run it as the same user
and group inside the container as I2P.
{% endtrans %}</p>
<p>{% trans %}
When you run a reseed under Docker in this fashion, it will automatically
generate a self-signed certificate for your reseed server in a Docker volume
named reseed-keys.{% endtrans %}
<em>
{% trans %}Back up this directory{% endtrans %}
</em>
, {% trans %}if it is lost it is impossible to reproduce.{% endtrans %}
</p>
<p>{% trans %}
Additional flags can be passed to the application in the Docker container by
appending them to the command. Please note that Docker is not currently
compatible with .onion reseeds unless you pass the &ndash;network=host tag.
{% endtrans %}</p>
<h2>
{% trans %}If I2P is running as your user, do this:{% endtrans %}
</h2>
<pre><code> docker run -itd \
--name reseed \
--publish 443:8443 \
--restart always \
--volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
</code></pre>
<h2>
{% trans %}If I2P is running as another user, do this:{% endtrans %}
</h2>
<pre><code> docker run -itd \
--name reseed \
--user $(I2P_UID) \
--group-add $(I2P_GID) \
--publish 443:8443 \
--restart always \
--volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
</code></pre>
<h2>
<strong>
{% trans %}Debian/Ubuntu and Docker{% endtrans %}
</strong>
</h2>
<p>
{% trans %}In many cases I2P will be running as the Debian system user{% endtrans %}
<code>
i2psvc
</code>
. {% trans %}This is the case for all installs where Debian&rsquo;s Advanced Packaging Tool(apt) was used to peform the task.
If you used "apt-get install" this command will work for you. In that case, just copy-and-paste:{% endtrans %}
</p>
<pre><code> docker run -itd \
--name reseed \
--user $(id -u i2psvc) \
--group-add $(id -g i2psvc) \
--publish 443:8443 \
--restart always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
</code></pre>
<p>{% trans %}The
certificates themselves are available in{% endtrans %}
<code>
reseed-keys
</code>
. {% trans %}When
you are ready, you should copy the{% endtrans %}
<code>
*.crt
</code>
{% trans %}files from that volume and share them with the I2P community on{% endtrans %}
<a href="http://zzz.i2p">
<code>
zzz.i2p
</code>
</a>
. {% trans %}These will allow I2P users
to authenticate your reseed services and secure the I2P network.{% endtrans %}
</p>
<p>
{% trans %}Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
Provide us with details about your new reseed server:{% endtrans %}
<ul>
<li>{% trans %}Reseed website URL{% endtrans %}</li>
<li>{% trans %}Public SSL certificate{% endtrans %}</li>
<li>{% trans %}Public reseed su3 certificate{% endtrans %}</li>
<li>{% trans %}Your contact email{% endtrans %}</li>
<li>{% trans %}A statement that you agree to the privacy policy above{% endtrans %}</li>
</ul>
<p>
{% endblock %}

954
i2p2www/pages/site/get-involved/guides/reseed-old.html Normal file
View File

@ -0,0 +1,954 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server') }}{% endblock %}
{% block lastupdated %}2021-12{% endblock %}
{% block content %}
<h2>{% trans %}Overview{% endtrans %}</h2>
<p>{% trans -%}
Thank you for volunteering to run an I2P reseed server.
"Reseeding" is our term for bootstrapping new routers into the network.
New routers fetch a bundle of peer references, or "router infos", from one or more of a hardcoded list of HTTPS URLs.
{%- endtrans %}</p>
<h2>{% trans %}Requirements{% endtrans %}</h2>
<p>{% trans -%}
At its simplest, a reseed server consists of a Java I2P router, an HTTPS web server,
and some scripts that periodically gather router infos from the router,
bundle and sign them into a custom file format, and deliver these files over HTTPS.
In practice, it's a bit more complex, and a reseed operator must be fairly competent and attentive.
A reseed server is not appropriate for a residential internet connection. The complexities include:
{%- endtrans %}</p>
<ul>
<li>{% trans -%}
You must have a secure SSL setup with either a self-signed certificate or a cert that chains up to a standard CA
{%- endtrans %}</li>
<li>{% trans -%}
The SSL configuration must conform to current best practices on allowed ciphers and protocols, and the CN/SAN host name must match the URL
{%- endtrans %}</li>
<li>{% trans -%}
The scripts are designed to deliver different router info bundles to different requestors for network diversity
{%- endtrans %}</li>
<li>{% trans -%}
The scripts are designed to deliver the same bundle to the same repeated requestor to prevent scraping
{%- endtrans %}</li>
<li>{% trans -%}
The reseed servers are under periodic attacks and DDoS attempts, and from other buggy I2P implementations and botnets.
This necessitates that you run fail2ban or an equivalent solution.
{%- endtrans %}</li>
</ul>
<h2>{% trans %}Information Required{% endtrans %}</h2>
<p>{% trans -%}
When your setup is complete and ready for testing, we will need the HTTPS URL,
the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
and you will start seeing traffic.
We also will need your email address so we may continue to contact you about reseed administration issues.
The email will not be made public but will be known to the other reseed operators.
You should expect that your nick or name and its association with that URL or IP will become public.
{%- endtrans %}</p>
<h2>{% trans %}Privacy Policy{% endtrans %}</h2>
<p>{% trans -%}
A reseed operator is a trusted role in the network.
While we do not yet have a formal privacy policy, you must ensure the privacy of our users
by not publicizing logs or IPs found in those logs, except as necessary to discuss administration issues with the I2P reseed team.
{%- endtrans %}</p>
<h2>{% trans %}Financial Support{% endtrans %}</h2>
<p>{% trans -%}
Modest financial support may be available to those running reseed servers.
This support would be in partial reimbursement for your server costs.
Support will not be paid in advance and will probably not cover all your expenses.
Support is only available to those who have been running reseed servers in good standing for several months, and is based on actual need.
{%- endtrans %}</p>
<p>{% trans -%}
If you would like to discuss support, please contact echelon and CC: zzz
{%- endtrans %}</p>
<h2>{% trans %}Getting Started{% endtrans %}</h2>
<p>{% trans -%}
Our reseed coordinator is "zzz" and he may be contacted at zzz at mail.i2p or zzz at i2pmail.org.
Unfortunately, he is not generally on IRC. The reseed setup is somewhat specialized, and you should direct most questions to him.
{%- endtrans %}</p>
<p>{% trans -%}
For actual implementation, details below. We have one recommended reseed solution:
{%- endtrans %}</p>
<ul>
<li>{% trans -%}
A Go implementation that includes the web server and all the scripts. This is the recommended solution.
{%- endtrans %}</li>
</ul>
<p>{% trans -%}
For further information, read the information at the following links, and then contact zzz.
Thank you!
{%- endtrans %}</p>
<ul><li>
<a href="http://zzz.i2p/topics/1893">zzz.i2p thread</a>
</li><li>
<a href="http://zzz.i2p/topics/1716">zzz.i2p thread</a>
</li><li>
<a href="https://github.com/martin61/i2p-tools">Go reseed server source on github</a>
</li><li>
<a href="/en/docs/spec/updates">SU3 Reseed File Format Specification</a>
</li></ul>
<h2>{% trans %}Detailed Instructions{% endtrans %}</h2>
<h3>How-to Public reseed servers - su3</h3>
<ul>
<li>Some parts of this how-to are copied from <a href="http://zzz.i2p">zzz.i2p</a> and are modified.
<li>Fetching individual RI (dat-files -the legacy/old style-) is not part of this how-to.
<li>Questions can be placed on <a href="http://zzz.i2p/forums/18">zzz.i2p</a> - in the Reseeding sub-forum.
</ul>
<h3>Table of contents</h3>
<ol>
<li>Introduction
<li>Requirements
<li>Go Solution - Quick Guide
<ol>
<li>Start Web Server
<li>Install git and golang
<li>Build and Test
<li>Run Reseed
<li>Backup Certificates and Keys
<li>Enable Autostart
<li>Connect Web Server to Reseed
<li>Test From Another Computer
<li>Send Us Your Certificates
</ol>
<li>Go Solution -Detailed Guide
<ol>
<li>Overview
<li>Building From Source
<li>Run The Reseed Server
<li>Draft For Startup Script
<li>Reverse-Proxy Setup
<li>Convert Existing Java Keystore to crt- and pem-file
</ol>
<li>Seamless SSL-Certificate Exchange
<li>Reseed Server Domain/URL/Port Exchange
<li>Tests
<li>Contact Reseed Maintainer
</ol>
<h2>1. Introduction</h2>
<p>
Public reseed servers are necessary to bootstrap into the I2P net.
New installed I2P routers needs one-time about one hundred RouterInfo's (RI) as jump start.
</p>
<p>
RI contains IP and Port from other I2P routers and are stored in dat-files in the netDB folder.
</p>
<p>
A random bunch of dat-files from the netDB are zipped, then signed to a su3-file
and finally offered to I2P routers seeking reseed service.
</p>
<p>
To secure bootstrap and enable a trusted start, HTTPS/TLS and signed su3-files are mandatory.
</p>
<p>
It is essential not to publish all RI from netDB, or all RI to one client.
</p>
<h2>2. Requirements</h2>
<p>
Requirements for running a public reseed server:
<ul>
<li>Well integrated running I2P router @ 24/7
<li>Server with static IPv4 (2 cpu/ 2GB ram is fine)
<li>Unix to run the golang solution
<li>Own domain, sub-domain or an anonymous third-level domain
<li>A self-signed SSL certificate, or an SSL certificate from <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a>
<li>Enough bandwidth and traffic volume - Around 15 GB/month as of December 2016
<li>Up-to-date web server (Apache/nginx), HTTPS ONLY with TLS 1.2 and good ciphers
</ul>
Optional:
<ul>
<li>fail2ban to protect you from botnets
<li>GnuPG/PGP for signed/encrypted emails
<li>IPv6
</ul>
<p>
This How-to is tested with Ubuntu/Debian as well as FreeBSD.
The web server has to be public reachable from all over the world, an I2P Site inside I2P can be setup in addition.
Also frequent or infrequent attempts to scrape all your reseed files, and of course attacks on your server.
The web server doesn't need to listen at default SSL/TLS port 443 - any other port can be used for obfuscation.
</p>
<h2>3. Go Solution - Quick Guide</h2>
<h3>1. Fire Up Your Favorite Webserver</h3>
<ol><li>
Connect a domain, sub-domain or (anonymous) third-level-domain
</li><li>
Setup a state-of-the-art TLS(SSL) certificate
</li><li>
Allow access only via HTTPS/TLS, no unencrypted HTTP
</li><li>
Allow only very good ciphers, compatible to Java 7/8/9. See <a href="https://cipherli.st/" target="_blank">Cipherli.st</a>
</li></ol>
<p>
Note: A non default port other than 443 can be used; TLS certificate can be self signed; configure fail2ban as bot-net protection
</p>
<h3>2. Install git and golang-go (1.4.2 or higher)</h3>
<pre>
Debian/Ubuntu: sudo apt install git golang-go
Arch: sudo pacman -s git go
</pre>
<h3>3. Switch To User Running I2P, Fetch the i2p-tool Source Code, Build and Test it</h3>
<p>
Note: Visit http://reseed.i2p and download a pre-build x86_64 binary, so you can skip step 2+3.
</p>
<pre>
export GOPATH=$HOME/go; mkdir $GOPATH; cd $GOPATH
go get github.com/martin61/i2p-tools
bin/i2p-tools -h
</pre>
<h3>4. Run i2p-tools locally, </h3>
<p>
Replace 'yourname@mail.i2p' with your email address
Replace '/home/i/.i2p/netDb' with the path to the I2P 'netDb' in the home folder of the user running I2P
</p>
<pre>
GOPATH=$HOME/go;
cd $GOPATH;
bin/i2p-tools reseed --signer=yourname@mail.i2p \
--netdb=/home/i/.i2p/netDb \
--port=8443 \
--ip=127.0.0.1 \
--trustProxy
</pre>
<h3>5. Back Up New Certificates</h3>
<p>
Make a backup from the newly created su3-signing key and certificate found in $GOPATH (.crt/.pem/.crl) and keep it in a safe, password protected location
</p>
<h3>6. Enable Autostart (+restart) for i2p-tools in Your crontab</h3>
<p>
Replace '...' with the appropriate command-line arguments as in step 4
</p>
<pre>
@reboot GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... &gt;/dev/null 2>&amp;1
9 * * * * GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... &gt;/dev/null 2>&amp;1
</pre>
<h3>7. Connect Your Webserver via Reverse-Proxy setup to the i2p-tool, Examples</h3>
<p>
<b>lighttpd is no longer supported due to a limitation with the 'X-Forwarded-For' HTTP Header. Please use Apache or nginx.</b>
</p>
<p>
nginx configuration example:
</p>
<pre>
location / {
proxy_pass http://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
</pre>
<p>
Apache (untested - feedback would be appreciated)
</p>
<pre>
ProxyRequests Off
&lt;Proxy *&gt;
Order deny,allow
Allow from all
&lt;/Proxy&gt;
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</pre>
<p>
Additionally, ensure that your webserver uses these suggested settings for Strong SSL Security (visit <a href="https://cipherli.st/" target="_blank">CipherLi.st</a> for the latest settings). Sample SSL settings are provided in section <b>4.5 Reverse-Proxy Setup</b>.
</p>
<p>
Note: i2p-tool has also an build-in standalone webserver with TLS support which can be used without a webserver. Please contact (zzz at mail.i2p.de) if you need help, or stop by #i2p-dev on IRC2P and talk to other reseed operators.
</p>
<h3>8. Final Test From Another Computer With I2P Running</h3>
<ol><li>
Place your su3-certificate (*.crt) in i2p/certificates/reseed/
</li><li>
Place your TLS-certificate (*.crt) in i2p/certificates/ssl/
</li><li>
Visit with your web browser http://localhost:7657/configreseed
</li><li>
Enter your new reseed-url and delete all others, hit "Save changes and reseed now"
</li><li>
Check the I2P logs for "Reseed got 77 router infos from ... with 0 errors, Reseed complete, 77 received"
</li></ol>
<h3>9. Send Us Your Information</h3>
<ol><li>
Domain/URL/Port
</li><li>
su3-signing certificate
</li><li>
TLS certificate (if self signed)
</li></ol>
<p>
Send an email: zzz at mail.i2p, PGP signed welcome :-)
<h2>4. Go Solution - Detailed Instructions</h2>
<h3>1. Overview</h3>
<p>
The previous steps for reseeding involves many steps, scripts and programs.
Most of them are easy and plain straight forward, but overall you can call it a little confusing.
<p>
Here comes now an all-in-one solution from matt (Big Thanks!) for providing
a reseed server which merges the following functions into one binary:
<ul>
<li>Create su3-files
<li>Create su3 signer certificate+key
<li>Create SSL-certificate+key
<li>Replaces the http-server and the PHP code (or run next to them in parallel)
</ul>
<p>
Almost all previous used scripts and described steps are not needed with this solution,
but to understand the overall reseed process it is recommended to read them too :-)
<ul>
<li>If you already have an SSL-certificate and su3-signer-key you can reuse them, see one of the following chapter.
<li>For testing and new reseeders the required certs and keys are created automatically at first start.
<li>Also take a look at the content and the naming scheme of these pem and crt files.
</ul>
<p>
Of course you need an up-to-date netDB folder with routerinfos from a running I2P router.
I2P does not have to be running on the same machine as this reseed binary.
In this case you can setup a cronjob to transfer the netDB from the I2P machine to the reseed machine.
<p>
Matt's go solution can be used in parallel next to an already running http-server.
For this leave the http-server running at normal port 80 and 443,
and configure Go solution too use another port, e.g. port 8443.
<p>
More: at github, README.md, https://github.com/martin61/i2p-tools
<h3>2. Building From Source</h3>
<p>
Requirements:
<ul>
<li>go1.4.2 (older versions may not work)
</ul>
<p>
Install go from https://golang.org/doc/install, example for 64 bit Ubuntu/Debian:
<ul>
<li>wget https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz
<li>sudo tar -C /usr/local -xzf go1.4.2.linux-amd64.tar.gz
<li>mkdir $HOME/go
<li>edit /etc/profile and add:
<pre>
export GOPATH=$HOME/go
export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
</pre>
</ul>
<p>
Verify go:
<pre>
$ go version
</pre>
which should state something like: "go version go1.4.2"
<p>
Install Go solution from https://github.com/martin61/i2p-tools into $HOME/go:
<pre>
$ go get github.com/martin61/i2p-tools
</pre>
<p>
This will install a binary to $GOPATH/bin/i2p-tools
<p>
Run the go solution, the usage/help should be displayed, nothing more:
<pre>
$ i2p-tools
</pre>
<h3>3. Run the Reseed Server</h3>
<pre>
$ i2p-tools reseed --tlsHost=myserver.com --signer=myemail@mail.i2p --netdb=$HOME/.i2p/netDb
</pre>
<ul>
<li>Replace myserver.com with your real domain
<li>Replace myemail@mail.i2p with a valid existing email, which you want to use for reseeding purpose
<li>New TLS certificate+key will be created (if they do not exist)
<li>New signing certificate+key will be created (if they do not exist)
<li>netdb=... should point to the netdb folder of your running I2P with the routerinfos
<li>To use another port append "--port=443" to the command, default is port 8443
</ul>
<p>
Output:
<pre>
2015/03/15 12:28:25 Rebuilding su3 cache...
2015/03/15 12:28:25 Building 200 su3 files each containing 75 out of 3180 routerInfos.
2015/03/15 12:28:35 Done rebuilding.
2015/03/15 12:28:35 HTTPS server started on 0.0.0.0:8443
</pre>
<p>
So you can now test to reach the server at port 8443, see a previous chapter about proper testing.
<p>
Some remarks:
<ul>
<li>Don't run the server daemon as root
<li>Every port between 1024 and 49151 is fine for I2P.
<li>If you want to use the privileged (https-default) port 443, create a port redirect, e.g.
<pre>'iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443'</pre>
<li>Redirect the output from the go solution to a logfile, format is default apache-style combined logs
<li>Add a logrotate for the logfiles, since they grow big :-(
<li>Logfiles can be used by fail2ban
<li>Both of the certificates (*.crt) will need to be sent to the reseed maintainer
in order for your reseed server to be included in the standard I2P package.
<li>Add a proper startup script, to run the reseed server, see next chapter
</ul>
<h3>4. Draft for Startup Script "seedserver"</h3>
<p>
The reseed server should be started automatically, so you need a init.d or some sort of
startscript, here named as "seedserver".
This is only a very first draft for a simple startscript (it could be done better :-))
<p>
Login as I2P user:
<ul>
<li>Place the shell-script "seedserver" in the /home/i2p/bin folder (next to i2p-tools)
<li>Make it executable: chmod u+x /home/i2p/bin/seedserver
</ul>
Update the header "# Your settings" with your individual settings.
<p>
Now you can use the shell-script:
<pre>
seedserver start
</pre>
<p>
And then (give it some seconds) take a look at the status:
<pre>
seedserver status
seedserver showlog
</pre>
<p>
Some short explanation about seedserver:
<ul>
<li>runs i2p-tools in the background
<li>creates logfiles
<li>take care of all settings
</ul>
<p>
If this is working fine, you can put the script in your personal crontab, to run it by auto-start
and to do logrotes simply by restarting it regularly once a week to avoid too big logfiles.
If you already reboot your server regularly, you can skip of course the "restart" command line.
<p>
Login as I2P user, edit your crontab:
<pre>
crontab -e
</pre>
<p>
and add these 3 lines at the end:
<pre>
@reboot /home/i2p/bin/seedserver startdelayed
04 14 * * 2 /home/i2p/bin/seedserver restart
#end
</pre>
<p>
Save and close the editor. It would be good to check if this is properly working when you reboot your machine.
<p>
"seedserver" shell script:
<pre>
######################################################################################################
#!/bin/sh
# Your settings
toolpath=/home/i2p/bin
tlsHost=myserver.com
signer=myemail@mail.i2p
netdb="/home/i2p/.i2p/netDb"
tool=i2p-tools
logpath="$toolpath/${tool}.log"
logfile="$logpath/reseed.log"
errfile="$logpath/reseed.error"
cd "$toolpath"
mkdir --parents "$logpath"
do_status() {
/bin/sleep 1
if [ -n "$(pgrep -x "$tool")" ]; then
echo "$tool running, pid $(pgrep "$tool")"
else
echo "$tool not running."
fi;
}
do_start() {
if [ -z "$(pgrep -x "$tool")" ]; then
do_logrotate
nohup "$toolpath/$tool" reseed -tlsHost="$tlsHost" --signer="$signer" --netdb="$netdb" &gt; "$logfile" 2&gt; "$errfile" &
fi;
do_status
}
do_stop() {
if [ -n "$(pgrep -x "$tool")" ]; then
pkill "$tool"
fi;
do_status
}
do_startdelayed() {
echo "waiting 20s..."
/bin/sleep 20
do_start
}
do_restart() {
do_status
do_stop
do_start
}
do_logrotate() {
do_status
if [ -z "$(pgrep -x "$tool")" ]; then
mv --force "${logfile}.6" "${logfile}.7" 2&gt;/dev/null
mv --force "${logfile}.5" "${logfile}.6" 2&gt;/dev/null
mv --force "${logfile}.4" "${logfile}.5" 2&gt;/dev/null
mv --force "${logfile}.3" "${logfile}.4" 2&gt;/dev/null
mv --force "${logfile}.2" "${logfile}.3" 2&gt;/dev/null
mv --force "${logfile}.1" "${logfile}.2" 2&gt;/dev/null
mv --force "${logfile}" "${logfile}.1" 2&gt;/dev/null
mv --force "${errfile}.6" "${errfile}.7" 2&gt;/dev/null
mv --force "${errfile}.5" "${errfile}.6" 2&gt;/dev/null
mv --force "${errfile}.4" "${errfile}.5" 2&gt;/dev/null
mv --force "${errfile}.3" "${errfile}.4" 2&gt;/dev/null
mv --force "${errfile}.2" "${errfile}.3" 2&gt;/dev/null
mv --force "${errfile}.1" "${errfile}.2" 2&gt;/dev/null
mv --force "${errfile}" "${errfile}.1" 2&gt;/dev/null
echo "log-rotate done."
else
echo "log-rotate not possible."
fi;
}
do_showlog() {
echo "-------------------------------------------------------------------------------"
tail "$errfile"
echo "-------------------------------------------------------------------------------"
tail "$logfile"
echo "-------------------------------------------------------------------------------"
}
do_usage() {
echo "Usage: {start|stop|status|restart|logrotate|startdelayed|showlog}"
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
status)
do_status
;;
restart)
do_restart
;;
startdelayed)
do_startdelayed
;;
logrotate)
do_logrotate
;;
showlog)
do_showlog
;;
*)
do_usage
;;
esac
exit 0
######################################################################################################
</pre>
<h3>5. Reverse-Proxy Setup</h3>
<p>
You can run i2p-tools also behind your normal web-server (reverse-proxy).
<p>
The web-server handles the TLS handshake, encryption, SSL Certificate and the logfiles.
But you don't need the scripts su3.php and the shell cronjob for creating su3-files.
i2p-tools is running "behind" the web-server, without TLS management, only bind to
local interface 127.0.0.1 and is handling complete building and handling of su3-files.
<p>
Run i2p-tools with this command:
<pre>
i2p-tools reseed --signer test@test.de \
--key /path_to/test_at_test.de.pem \
--netdb /path_to/netDb \
--port=8443 \
--ip 127.0.0.1 \
--trustProxy
</pre>
Important notes for this special setup:
<ul>
<li>do *not* specify --tlsHost, --tlsCert or --tlsKey on the command-line
<li>"ip 127.0.0.1" binds the program only to local interface
<li>"trustProxy" uses the "X-Forwarded-For" to get the real client IP
</ul>
"trustProxy" uses the "X-Forwarded-For" to get the real client IP
<p>
nginx configuration example:
</p>
<pre>
location / {
proxy_pass http://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
</pre>
<p>
Apache (untested - feedback would be appreciated)
</p>
<pre>
ProxyRequests Off
&lt;Proxy *&gt;
Order deny,allow
Allow from all
&lt;/Proxy&gt;
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</pre>
<p>
<p>
and for X-Forwarded-For:
<pre>
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</pre>
<p>
Additionally, ensure that your webserver uses these suggested settings for Strong SSL Security (visit <a href="https://cipherli.st/" target="_blank">CipherLi.st</a> for the latest settings). A sample configuration is provided below.
</p>
<p>
Apache
</p>
<pre>
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
</pre>
<p>
nginx (remember to replace '$DNS-IP-1' & '$DNS-IP-2' with 2 trusted DNS servers)
</p>
<pre>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
</pre>
<p>
Complete nginx configuration (sample)
<p>
<pre>
user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen $IP_ADDRESS:443 ssl;
server_name $DOMAIN;
ssl_certificate keys/fullchain.pem;
ssl_certificate_key keys/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS_IP_1 $DNS_IP_2 valid=300s;
resolver_timeout 5s;
ssl_prefer_server_ciphers on;
ssl_dhparam keys/dh.pem;
server_tokens off;
charset utf8;
location /i2pseeds.su3 {
proxy_pass http://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
</pre>
<h3>6. Convert Existing Java Keystore to crt- and pem-file</h3>
<p>
This describes how to convert your existing Java keystore with your su3 signing key to a plain crt- and pem-file.
This is only needed, when you already have a Java keystore and want to use Go solution.
If you create new keys+certs with matt's solution you can skip this chapter!
<p>
Requirements:
<ul>
<li>Java keytool
<li>openssl
<li>and of course your secret password for the keystore
</ul>
<p>
Keep in mind: the Java keystore has two passwords:
<ul>
<li>The secret key password you have entered while creating your keystore the first time (SU3File keygen ...)
<li>And a "storage" password, which is most probably default "changeit".
</ul>
<p>
This works in a Ubuntu/Debian shell:
<pre>
######################################################################################################
file="keystore.ks"
pass_jks=changeit
# List the keystore content, show the included (email) alias
keytool -list -storepass $pass_jks -keystore $file
# Convert jks --&gt; pkcs12, specify the correct email alias (xxxxx@mail.i2p):
keytool -importkeystore \
-srcalias xxxxx@mail.i2p \
-srckeystore $file \
-srcstoretype jks \
-srcstorepass $pass_jks \
-destkeystore ${file}.p12 \
-deststoretype pkcs12 \
-deststorepass $pass_jks \
-destkeypass $pass_jks
# Show the pkcs12 content:
openssl pkcs12 -passin pass:$pass_jks -in ${file}.p12 -nodes -info
# Convert pkcs12 --&gt; pem
openssl pkcs12 -passin pass:$pass_jks -in ${file}.p12 -nodes -out ${file}.pem
# Decrypt the pem
openssl rsa -in ${file}.pem -out xxxxx_at_mail.i2p.pem
# Extract the certificate
openssl x509 -in ${file}.pem -out xxxxx_at_mail.i2p.crt
######################################################################################################
</pre>
<h3>5. Seamless SSL-Certificate Exchange</h3>
<p>
The update/exchange of an already existing self-signed certificates has to be correct timed
on server *and* client side. Considering thousands of clients (many with older I2P version) the exchange
will not be seamless possible and will have very bad impact on many clients: reseed won't work for them.
<p>
To avoid this issue and make the exchange as smooth as possible follow these simple steps:
<ol>
<li>Generate a new SSL-certificate NOW, but do NOT implement it on server
<li>Send the new SSL-certificate to us to perform a roll-out towards clients NOW
<li>WAIT some month, e.g. 3-4 i2p-releases
<li>New SSL-certificate is now hopefully present on many clients (in parallel to the current/old one)
<li>THEN exchange the SSL-certificate on server
</ol>
<p>
This idea based on the fact, that you can provide in i2p/certificates/ssl more than one crt-file for a server, e.g.
server.com.crt and server.com2.crt
<h3>6. Reseed Server Domain/URL/Port Exchange</h3>
<p>
You are already operating a reseed server but want to change your Domain/URL/Port?
To make the exchange as smooth as possible for many clients please follow these steps if possible:
<ol>
<li>Setup an additional reseed instance at the new Domain/URL/Port
<li>We include the new URL into I2P source NOW and delete the old URL NOW
<li>Both of your reseed instances have to run some time in parallel
<li>WAIT some month, e.g. 3-4 i2p-releases
<li>New URL is now hopefully present on many clients
<li>THEN shutdown the old reseed instance
</ol>
<h3>7. Tests</h3>
<p>
Some simple pre-test: test the website and fetch
<pre>
wget --user-agent="Wget/1.11.4" \
-O /tmp/test.su3 \
--no-check-certificate https://your-server.com:PORT/i2pseeds.su3
</pre>
Replace "PORT" with default 443 or your chosen server setting.
Inspect the fetched file.:
Some simple pre-test: test the website and fetch
<pre>
zipinfo -z /tmp/test.su3
</pre>
<p>
Replace "--no-check-certificate" with "--ca-certificate=~/i2p/certificates/ssl/your-server.com.crt"
which contains the path to your local public SSL-certificate to check also your ssl-certificate chain.
<p>
Confirm the following:
<ul>
<li>SSL-certificate chain valid?
<li>The su3-files can be downloaded?
<li>Contains &gt; 50 dat-files?
<li>And is always the same for one client-IP?
<li>Other client-IP's gets another file?
<li>Clients has no direct access to complete folder e.g. https://your-server.com/su3/ ?
</ul>
<p>
Do a real reseed test on *another* I2P router machine:
<ul>
<li>Include manually new SSL-certificate into i2p installation: ~/i2p/certificates/ssl/
<li>Include manually new public reseed key into i2p installation: ~/i2p/certificates/reseed/
<li>http://localhost:7657/configreseed --&gt; remove all reseed hosts
<li>Add the new reseed host e.g. "https://your-server.com/" *without* trailing "i2pseeds.su3"
<li>Save and Shutdown router.
<li>Clear netdb: empty folder ./i2p/netDb.
<li>Restart I2P and watch the I2P router log:
<pre>
2014/10/13 23:01:02 | Reseed start
2014/10/13 23:01:02 | Reseeding from https://your-server/i2pseeds.su3
2014/10/13 23:01:05 | INFO: xx files extracted to /tmp/i2p-V2qudTbd.tmp/reseeds-1010682701
2014/10/13 23:01:05 | Reseed got xx router infos from https://your-server.com/i2pseeds.su3 with 0 errors
2014/10/13 23:01:06 | Reseed complete, xx received
</pre>
</ul>
<h3>8. Contact Reseed Maintainer</h3>
<p>
Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
Provide us with details about your new reseed server:
<ul>
<li>Reseed website URL
<li>Public SSL certificate
(Only required if selfsigned, which is not recommended. Please use Lets Encrypt or other CA)
<li>Public reseed su3 certificate
<li>Your contact email
<li>A statement that you agree to the privacy policy above
</ul>
<p>
Feel free to contact zzz at mail.i2p in case of questions or problems or post your question at zzz's forum in the reseed section.
{% endblock %}

20
i2p2www/pages/site/get-involved/guides/reseed-plugin.html Normal file
View File

@ -0,0 +1,20 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using an I2P Console Plugin') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
There are no other known I2P Console Plugin packages for installing and configuring a reseed server.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Installation from an I2P console plugin{% endtrans %}</h2>
<!--TODO: port over plugin install docs-->
{% endblock %}

72
i2p2www/pages/site/get-involved/guides/reseed-policy.html Normal file
View File

@ -0,0 +1,72 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('I2P Reseed Server Policy Requirements and Guidelines') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}Reseed Policy Information{% endtrans %}</h2>
<h3>Requirements</h3>
<p>
Requirements for running a public reseed server:
</p>
<ul>
<li>Well integrated running I2P router @ 24/7</li>
<li>Server with static IPv4 (2 cpu/ 2GB ram is fine)</li>
<li>Unix to run the golang solution</li>
<li>Own domain, sub-domain or an anonymous third-level domain</li>
<li>A self-signed SSL certificate, or an SSL certificate from <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a></li>
<li>Enough bandwidth and traffic volume - Around 15 GB/month as of December 2016</li>
<li>Up-to-date web server (Apache/nginx), HTTPS ONLY with TLS 1.2 and good ciphers</li>
</ul>
Optional:
<ul>
<li>fail2ban to protect you from botnets</li>
<li>GnuPG/PGP for signed/encrypted emails</li>
<li>IPv6</li>
</ul>
<p>{% trans -%}
When your setup is complete and ready for testing, we will need the HTTPS URL,
the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
and you will start seeing traffic.
We also will need your email address so we may continue to contact you about reseed administration issues.
The email will not be made public but will be known to the other reseed operators.
You should expect that your nick or name and its association with that URL or IP will become public.
{%- endtrans %}</p>
<h3>{% trans %}Information Required{% endtrans %}</h3>
<p>{% trans -%}
When your setup is complete and ready for testing, we will need the HTTPS URL,
the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
and you will start seeing traffic.
We also will need your email address so we may continue to contact you about reseed administration issues.
The email will not be made public but will be known to the other reseed operators.
You should expect that your nick or name and its association with that URL or IP will become public.
{%- endtrans %}</p>
<h3>{% trans %}Privacy Policy{% endtrans %}</h3>
<p>{% trans -%}
A reseed operator is a trusted role in the network.
While we do not yet have a formal privacy policy, you must ensure the privacy of our users
by not publicizing logs or IPs found in those logs, except as necessary to discuss administration issues with the I2P reseed team.
{%- endtrans %}</p>
<h3>{% trans %}Financial Support{% endtrans %}</h3>
<p>{% trans -%}
Modest financial support may be available to those running reseed servers.
This support would be in partial reimbursement for your server costs.
Support will not be paid in advance and will probably not cover all your expenses.
Support is only available to those who have been running reseed servers in good standing for several months, and is based on actual need.
{%- endtrans %}</p>
<p>{% trans -%}
If you would like to discuss support, please contact echelon and CC: zzz
{%- endtrans %}</p>
{% endblock %}

25
i2p2www/pages/site/get-involved/guides/reseed-proxy.html Normal file
View File

@ -0,0 +1,25 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using a Reverse Proxy') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
They should be very similar to the guidelines for DivaExchange's <a href="https://codeberg.org/diva.exchange/i2p-reseed">i2p-reseed</a> server.
{% endtrans %}</p>
<p>{% trans %}
These guidelines will help you to configure your reseed server behind a reverse proxy like Apache2 or nginx.
These will allow you to configure additional behaviors like filtering, adding and removing headers, or temporary logging to debug issues.
The specifics of customizing your reverse proxy are outside the scope of this document.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Reseed Installation using a Reverse Proxy{% endtrans %}</h2>
<!--TODO: port over reverse proxy install docs-->
{% endblock %}

1067
i2p2www/pages/site/get-involved/guides/reseed.html
View File

File diff suppressed because it is too large Load Diff

75
i2p2www/pages/site/get-involved/roadmap.html
View File

@ -1,6 +1,6 @@
{% extends "global/layout.html" %}
{% block title %} {{ _('Roadmap') }}{% endblock %}
{% block lastupdated %}2021-08{% endblock %} {% block content %}
{% block lastupdated %}2022-11{% endblock %} {% block content %}
<p>
This is the official project roadmap for the desktop and Android Java I2P releases only. Some related tasks for resources such as the website and plugins may be included.
@ -231,15 +231,69 @@
<h2 id="1.10.0">1.10.0 (API 0.9.56)</h2>
<p><b>Target release: November 2022</b></p>
<h2 id="2.0.0">2.0.0 (API 0.9.56)</h2>
<p><b>Released: November 21, 2022</b></p>
<ul>
<li>
SSU2 connection migration
</li>
<li>
SSU2 immediate acks
</li>
<li>
Enable SSU2 by default
</li>
<li>
SHA-256 digest proxy authentication in i2ptunnel
</li>
<li>
Update Android build process to use modern AGP, end need of deprecated Maven plugin in Android build
</li>
<li>
Cross-Platform(Desktop) I2P browser auto-configuration support
</li>
</ul>
<h2 id="2.1.0">2.1.0 (API 0.9.57)</h2>
<p><b>Released: January 10, 2023</b></p>
<ul>
<li>
SSU2 fixes
</li>
<li>
Tunnel build congestion fixes
</li>
<li>
SSU peer test and symmetric NAT detction fixes
</li>
<li>
Fix broken LS2 encrypted leasesets
</li>
<li>
Option to disable SSU 1 (preliminary)
</li>
<li>
Compressible padding (proposal 161)
</li>
<li>
New console peers status tab
</li>
<li>
Add torsocks support to SOCKS proxy and other SOCKS improvements and fixes
</li>
</ul>
<h2 id="2.2.0">2.2.0 (API 0.9.58)</h2>
<p><b>Target release: April 2023</b></p>
<ul>
<li>
Tunnel peer selection improvements
</li>
<li>
i2psnark UDP tracker support (proposal 160) ?
</li>
@ -256,23 +310,10 @@
VPN-Mode Support in Android for browser configuration
</li>
<li>
Update Android build process to use modern AGP, end need of deprecated Maven plugin in Android build
</li>
<li>
Cross-Platform(Desktop) I2P browser auto-configuration support
Fix WebSockets in HTTP Server Tunnels
</li>
</ul>
<h2 id="1.11.0">1.11.0 (API 0.9.57)</h2>
<p><b>Target release: February 2023</b></p>
<ul>
<li>
TBD
</li>
</ul>

56
i2p2www/sitemap.py
View File

@ -48,6 +48,10 @@ def render_sitemap():
# Main site urls
# --------------
# walk over all directories/files
def xappend(path):
urls.append({
'path': path
})
for v in os.walk(SITE_DIR):
# iterate over all files
pathbase = os.path.relpath(v[0], SITE_DIR)
@ -62,68 +66,36 @@ def render_sitemap():
path = path[1:]
if not path.startswith('/'):
path = '/%s' % path
urls.append({
'path': path,
})
xappend(path)
# -----------
# Papers urls
# -----------
urls.append({
'path': '/papers/',
})
urls.append({
'path': '/papers/bibtex',
})
xappend('/papers/')
xappend('/papers/bibtex')
# ---------
# Blog urls
# ---------
urls.append({
'path': '/blog/',
})
xappend('/blog/')
blog_slugs = get_blog_slugs()
for slug in blog_slugs:
urls.append({
'path': '/blog/post/%s' % slug,
})
xappend('/blog/post/%s' % slug)
# -------------
# Meetings urls
# -------------
urls.append({
'path': '/meetings/',
})
xappend('/meetings/')
meetings = get_meetings_ids()
for id in meetings:
urls.append({
'path': '/meetings/%d' % id,
})
xappend('/meetings/%d' % id)
# --------------
# Downloads urls
# --------------
urls.append({
'path': '/download',
})
urls.append({
'path': '/download/debian',
})
urls.append({
'path': '/download/firefox',
})
urls.append({
'path': '/download/lab',
})
urls.append({
'path': '/download/mac',
})
urls.append({
'path': '/download/easyinstall',
})
urls.append({
'path': '/download/windows',
})
xappend('/download')
for i in ['debian', 'firefox', 'lab', 'mac', 'easyinstall', 'windows', 'macos']:
xappend('/download/%s' % i)
# Render and return the sitemap
response = make_response(render_template('global/sitemap.xml', url_root=url_root, langs=LANG_FRAGS,
curlang=to_url(g.lang), urls=urls))

59
i2p2www/spec/common-structures.rst
View File

@ -3,8 +3,8 @@ Common structures Specification
===============================
.. meta::
:category: Design
:lastupdated: 2021-04
:accuratefor: 0.9.49
:lastupdated: 2023-01
:accuratefor: 0.9.57
.. contents::
@ -635,6 +635,50 @@ A PublicKey_ followed by a SigningPublicKey_ and then a Certificate_.
total length: 387+ bytes
{% endhighlight %}
Padding Generation Guidelines
`````````````````````````````````
These guidelines were proposed in Proposal 161 and implemented in API version 0.9.57.
These guidelines are backward-compatible with all versions since 0.6 (2005).
See Proposal 161 for background and further information.
For any currently-used combination of key types other than ElGamal + DSA-SHA1,
padding will be present. Additionally, for destinations, the 256-byte
public key field has been unused since version 0.6 (2005).
Implementers should generate the random data for
Destination public keys, and Destination and Router Identity padding,
so that it is compressible in various I2P protocols while
still being secure, and without having Base 64 representations appear to be corrupt or insecure.
This provides most of the benefits of removing the padding fields without any
disruptive protocol changes.
Strictly speaking, the 32-byte signing public key alone (in both Destinations and Router Identities)
and the 32-byte encryption public key (in Router Identities only) is a random number
that provides all the entropy necessary for the SHA-256 hashes of these structures
to be cryptographically strong and randomly distributed in the network database DHT.
However, out of an abundance of caution, we recommend a minimum of 32 bytes of random data
be used in the ElG public key field and padding. Additionally, if the fields were all zeros,
Base 64 destinations would contain long runs of AAAA characters, which may cause alarm
or confusion to users.
Repeat the 32 bytes of random data as necessary so the full KeysAndCert structure is highly compressible
in I2P protocols such as I2NP Database Store Message, Streaming SYN, SSU2 handshake, and repliable Datagrams.
Examples:
* A Router Identity with X25519 encryption type and Ed25519 signature type
will contain 10 copies (320 bytes) of the random data, for a savings of approximately 288 bytes when compressed.
* A Destination with Ed25519 signature type
will contain 11 copies (352 bytes) of the random data, for a savings of approximately 320 bytes when compressed.
Implementations must, of course, store the full 387+ byte structure because the SHA-256 hash of the structure
covers the full contents.
Notes
`````
* Do not assume that these are always 387 bytes! They are 387 bytes plus the
@ -662,6 +706,9 @@ Contents
````````
Identical to KeysAndCert.
See KeysAndCert_ for guidelines on generating the random data for
the padding field.
Notes
`````
* The certificate for a RouterIdentity was always NULL until release 0.9.12.
@ -694,12 +741,16 @@ for secure delivery.
Contents
````````
Identical to KeysAndCert_.
Identical to KeysAndCert_, except that the public key is never used,
and may contain random data instead of a valid ElGamal Public Key.
See KeysAndCert_ for guidelines on generating the random data for
the public key and padding fields.
Notes
`````
* The public key of the destination was used for the old i2cp-to-i2cp
encryption which was disabled in version 0.6, it is currently unused except
encryption which was disabled in version 0.6 (2005), it is currently unused except
for the IV for LeaseSet encryption, which is deprecated. The public key in
the LeaseSet is used instead.

28
i2p2www/spec/configuration.rst
View File

@ -3,8 +3,8 @@ Configuration File Specification
================================
.. meta::
:category: Formats
:lastupdated: September 2022
:accuratefor: 0.9.56
:lastupdated: 2023-01
:accuratefor: 0.9.57
.. contents::
@ -248,6 +248,11 @@ individual configuration files for each tunnel in the i2ptunnel.config.d directo
After being split, the properties in the individual files are NOT prefixed
with "tunnel.N.".
Note: "tunnel.N.option.i2cp.*" options, while appearing to be I2CP options,
are implemented in i2ptunnel, and are NOT supported via other interfaces
or APIs such as I2CP or SAM.
Properties are as follows::
# Display description for UI
@ -272,13 +277,22 @@ Properties are as follows::
# unique IP per-remote-destination.
tunnel.N.option.enableUniqueLocal=true|false
# Clients only. Do not open the socket manager and build tunnels
# until the first socket is opened on the local port.
# Default false
tunnel.N.option.i2cp.delayOpen=true|false
# Servers only. Persistent private leaseset key
tunnel.N.option.i2cp.leaseSetPrivateKey=base64
# Servers only. Persistent private leaseset key
tunnel.N.option.i2cp.leaseSetSigningPrivateKey=sigtype:base64
# Clients only. Create a new destination when reopening the socket manager
# Clients only. Create a new destination when reopening the socket manager,
# after it was previously closed due to an idle timeout.
# Default false
# When true, requires I2CP option i2cp.closeOnIdle=true
# When true, tunnel.N.option.persistentClientKey must be unset or false
tunnel.N.option.i2cp.newDestOnResume=true|false
# Servers only. The maximum size of the thread pool, default 65. Ignored
@ -296,6 +310,7 @@ Properties are as follows::
tunnel.N.option.i2ptunnel.httpclient.jumpServers=http://example.i2p/jump
# HTTP client only. Whether to pass Accept* headers through. Default false.
# Note: Does not affect "Accept" and "Accept-Encoding".
tunnel.N.option.i2ptunnel.httpclient.sendAccept=true|false
# HTTP client only. Whether to pass Referer headers through. Default false.
@ -386,12 +401,13 @@ Properties are as follows::
# HTTP Clients only. The username for the outproxy authorization.
tunnel.N.option.outproxyUsername=
# HTTP Clients only. Whether to send authorization to an outproxy. Default
# false.
tunnel.N.option.outproxyAuth=true|false
# SOCKS client only. The type of the configured outproxies: socks or connect (HTTPS).
# Default socks. As of 0.9.57.
tunnel.N.option.outproxyType=socks|connect
# Clients only. Whether to store a destination in a private key file and
# reuse it. Default false.
# When true, tunnel.N.option.newDestOnResume must be unset or false
tunnel.N.option.persistentClientKey=true|false
# HTTP Server only. Time period for banning POSTs from a single destination

17
i2p2www/spec/i2np.rst
View File

@ -3,8 +3,8 @@ I2NP Specification
==================
.. meta::
:category: Protocols
:lastupdated: 2022-06
:accuratefor: 0.9.54
:lastupdated: 2022-12
:accuratefor: 0.9.57
.. contents::
@ -45,6 +45,8 @@ below.
============== ================================================================
API Version Required I2NP Features
============== ================================================================
0.9.55 SSU2 transport support (if published in router info)
0.9.51 Short tunnel build messages for ECIES-X25519 routers
0.9.49 Garlic messages to ECIES-X25519 routers
@ -67,7 +69,7 @@ below.
0.9.38 DSM type bits 3-0 now contain the type;
LeaseSet2 may be sent in a DSM
0.9.36 NTCP2 transport support (if advertised in router address)
0.9.36 NTCP2 transport support (if published in router info)
Minimum peers will build tunnels through, as of 0.9.46
@ -163,7 +165,7 @@ Standard (16 bytes):
|type| short_expiration |
+----+----+----+----+----+
Short (NTCP2, 9 bytes):
Short (NTCP2 and SSU2, 9 bytes):
+----+----+----+----+----+----+----+----+
|type| msg_id | short_expira-
@ -211,9 +213,9 @@ Notes
and size are incorporated in the SSU data packet format.
The checksum is not required since errors are caught in decryption.
* When transmitted over [NTCP2]_, the 16-byte standard header is not used. Only a
* When transmitted over [NTCP2]_ or [SSU2]_, the 16-byte standard header is not used. Only a
1-byte type, 4-byte message id, and a 4-byte expiration in seconds are included.
The size is incorporated in the NTCP2 data packet format.
The size is incorporated in the NTCP2 and SSU2 data packet formats.
The checksum is not required since errors are caught in decryption.
* The standard header is also required for I2NP messages contained in other
@ -1700,6 +1702,9 @@ References
.. [SSU-ED]
{{ site_url('docs/transport/ssu', True) }}#establishDirect
.. [SSU2]
{{ spec_url('ssu2') }}
.. [TMDI]
{{ ctags_url('TunnelMessageDeliveryInstructions') }}

6
i2p2www/spec/ntcp2.rst
View File

@ -3,8 +3,8 @@ NTCP 2
======
.. meta::
:category: Transports
:lastupdated: 2022-01
:accuratefor: 0.9.53
:lastupdated: 2022-12
:accuratefor: 0.9.56
.. contents::
@ -1475,6 +1475,7 @@ Special case for time synchronization:
{% endhighlight %}
NOTE: Implementations must round to the nearest second to prevent clock bias in the network.
Options
```````
@ -1748,6 +1749,7 @@ If present, this must be the last block in the frame.
Notes
`````
- Size = 0 is allowed.
- Padding strategies TBD.
- Minimum padding TBD.
- Padding-only frames are allowed.

32
i2p2www/spec/proposals/159-ssu2.rst
View File

@ -5,7 +5,7 @@ SSU2
:author: eyedeekay, orignal, zlatinb, zzz
:created: 2021-09-12
:thread: http://zzz.i2p/topics/2612
:lastupdated: 2022-08-31
:lastupdated: 2022-12-19
:status: Open
:target: 0.9.56
@ -16,7 +16,7 @@ SSU2
Status
========
Preliminary rollout plan:
Rollout plan:
========================== ===================== ====================
@ -33,11 +33,13 @@ New Token 0.9.55 2022-08 0.9.57 2022-11
Freeze extended protocol 0.9.55 2022-08
Relay 0.9.55 2022-08 0.9.56 2022-11
Peer Test 0.9.55 2022-08 0.9.56 2022-11
Enable for random 2% 0.9.55 2022-08
Path Validation 0.9.55+ dev 0.9.56 2022-11
Connection Migration 0.9.55+ dev 0.9.56 2022-11
Immediate ACK flag 0.9.55+ dev 0.9.56 2022-11
Key Rotation 0.9.57 2023-02 0.9.58 2023-05
Disable SSU 1 0.9.58 2023-05 0.9.59 2023-08
Disable SSU 1 (i2pd) 0.9.56 2022-11
Disable SSU 1 (Java I2P) 0.9.58 2023-05 0.9.59 2023-08
========================== ===================== ====================
Basic Session includes the handshake and data phase.
@ -4290,7 +4292,7 @@ Bob may perform several required checks:
Unfortunately, the Router Info, even when gzip compressed in the RI block, may exceed the MTU.
Therefore, the Session Confirmed may be fragmented across two or more packets.
This is the ONLY case in the SSU2 protcol where an AEAD-protected payload is fragmented
This is the ONLY case in the SSU2 protocol where an AEAD-protected payload is fragmented
across two or more packets.
The headers for each packet are constructed as follows:
@ -5213,10 +5215,11 @@ For time synchronization:
Notes:
Unlike in SSU 1, there is no timestamp in the packet header
for the data phase in SSU 2.
Implementations should periodically send DateTime blocks
in the data phase.
- Unlike in SSU 1, there is no timestamp in the packet header
for the data phase in SSU 2.
- Implementations should periodically send DateTime blocks
in the data phase.
- Implementations must round to the nearest second to prevent clock bias in the network.
Options
@ -6387,6 +6390,7 @@ If present, this must be the last block in the payload.
Notes:
- Size = 0 is allowed.
- Padding strategies TBD.
- Minimum padding TBD.
- Padding-only payloads are allowed.
@ -6544,7 +6548,7 @@ Recommended timeout: 15 seconds total
Retry
---------
If no Session Confirmed is received by Bob:
If no Session Request is received by Bob:
A Retry message is not retransmitted on timeout, to reduce the impacts
of spoofed source addresses.
@ -6776,8 +6780,13 @@ EXCEPT for the following are ack-eliciting:
- DateTime block
- Padding block
- Termination block
- Any blocks in the same packet as a Termination block
- Others?
Packets containing a Termination block with a reason other than
"termination received" are acknowledged with a packet containing
a Termination block with "termination received".
Out-of session packets, including handshake messages
and peer test messages 5-7, have their own acknowledgement mechanisms.
See below.
@ -7843,6 +7852,11 @@ there are several options to validate the signature:
to that in the Relay Response, if already received
- Don't validate the signature at all
If Charlie is behind a symmetric NAT, his reported port in the Relay Response and Hole Punch
may not be accurate. Therefore, Alice should check the UDP source port of the Hole Punch
message, and use that if it is different than the reported port.
Tag Requests by Bob
------------------------

24
i2p2www/spec/proposals/160-udp-trackers.rst
View File

@ -5,9 +5,9 @@ UDP Trackers
:author: zzz
:created: 2022-01-03
:thread: http://zzz.i2p/topics/1634
:lastupdated: 2022-01-17
:lastupdated: 2022-12-19
:status: Open
:target: 0.9.54
:target: 0.9.58
.. contents::
@ -116,6 +116,22 @@ Client Tracker
This mode omits a round-trip, but requires every announce request to be repliable.
Security Analysis
------------------
The primary goal of an announce protocol is to impose a cost on address spoofing.
In compatibility mode, the client must actually exist and bundle a real leaseset.
It must have inbound tunnels to receive the Connect Response.
These tunnels could be zero-hop and built instantly, but that would
expose the creator.
However, in fast mode, the destination and leaseset could be fake.
Multiple fake destinations and leasesets can be rapidly generated without
actually building tunnels. The Announce Request messages could then be sent out
any tunnel.
Specification
=============
@ -231,9 +247,9 @@ Offset Size Name Value
12 32-bit integer leechers
16 32-bit integer seeders
20 16-bit integer count of hashes to follow
22 + 32 * n 32-byte hash binary hashes
22 32 * n 32-byte hash binary hashes
...
22 + 32 * c TBD additional data TBD
22 + 32 * n TBD additional data TBD
{% endhighlight %}

318
i2p2www/spec/proposals/161-ri-dest-padding.rst Normal file
View File

@ -0,0 +1,318 @@
========================================
RI and Destination Padding
========================================
.. meta::
:author: zzz
:created: 2022-09-28
:thread: http://zzz.i2p/topics/3279
:lastupdated: 2023-01-02
:status: Open
:target: 0.9.57
.. contents::
Status
========
Implemented in 0.9.57.
Leaving this proposal open so we may enhance and discuss the ideas in the "Future Planning" section.
Overview
========
Summary
-------
The ElGamal public key in Destinations has been unused since release 0.6 (2005).
While our specifications do say that it is unused, they do NOT say that implementations can avoid
generating an ElGamal key pair and simply fill the field with random data.
We propose changing the specifications to say that
the field is ignored and that implementations MAY fill the field with random data.
This change is backward-compatible. There is no known implementation that validates
the ElGamal public key.
Additionally, this proposal offers guidance to implementers on how to generate the
random data for Destination AND Router Identity padding so that it is compressible while
still being secure, and without having Base 64 representations appear to be corrupt or insecure.
This provides most of the benefits of removing the padding fields without any
disruptive protocol changes.
Compressible Destinations reduces streaming SYN and repliable datagram size;
compressible Router Identities reduce Database Store Messages, SSU2 Session Confirmed messages,
and reseed su3 files.
Finally, the proposal discusses possibilities for new Destination and Router Identity formats
that would eliminate the padding altogether. There is also a brief discussion of post-quantum
crypto and how that may affect future planning.
Goals
-----
- Eliminate requirement to generate ElGamal keypair for Destinations
- Recommend best practices so Destinations and Router Identities are highly compressible,
yet do not display obvious patterns in Base 64 representations.
- Encourage adoption of best practices by all implementations so
the fields are not distinguishable
- Reduce streaming SYN size
- Reduce repliable datagram size
- Reduce SSU2 RI block size
- Reduce SSU2 Session Confirmed size and fragmentation frequency
- Reduce Database Store Message (with RI) size
- Reduce reseed file size
- Maintain compatibility in all protocols and APIs
- Update specifications
- Discuss alternatives for new Destination and Router Identity formats
By eliminating the requirement to generate ElGamal keys, implementations may
be able to completely remove ElGamal code, subject to backward-compatibility considerations
in other protocols.
Design
======
Strictly speaking, the 32-byte signing public key alone (in both Destinations and Router Identities)
and the 32-byte encryption public key (in Router Identities only) is a random number
that provides all the entropy necessary for the SHA-256 hashes of these structures
to be cryptographically strong and randomly distributed in the network database DHT.
However, out of an abundance of caution, we recommend a minimum of 32 bytes of random data
be used in the ElG public key field and padding. Additionally, if the fields were all zeros,
Base 64 destinations would contain long runs of AAAA characters, which may cause alarm
or confusion to users.
For Ed25519 signature type and X25519 encryption type:
Destinations will contain 11 copies (352 bytes) of the random data.
Router Identities will contain 10 copies (320 bytes) of the random data.
Estimated Savings
---------------------
Destinations are included in every streaming SYN [Streaming]_
and repliable datagram [Datagram]_.
Router Infos (containing Router Identities) are included in Database Store Messages [I2NP]_
and in the Session Confirmed messages in [NTCP2]_ and [SSU2]_.
NTCP2 does not compress the Router Info.
RIs in Database Store Messages and SSU2 Session Confirmed messages are gzipped.
Router Infos are zipped in reseed SU3 files.
Destinations in Database Store Messages are not compressed.
Streaming SYN messages are gzipped at the I2CP layer.
For Ed25519 signature type and X25519 encryption type,
estimated savings:
=============== =========== ============= ==================== ================== =========== =============
Data Type Total Size Keys and Cert Uncompressed Padding Compressed Padding Size Savings
=============== =========== ============= ==================== ================== =========== =============
Destination 391 39 352 32 71 320 bytes (82%)
Router Identity 391 71 320 32 103 288 bytes (74%)
Router Info 1000 typ. 71 320 32 722 typ. 288 bytes (29%)
=============== =========== ============= ==================== ================== =========== =============
Notes: Assumes 7-byte certificate is not compressible, zero additional gzip overhead.
Neither is true, but effects will be small.
Ignores other compressible parts of the Router Info.
Specification
=============
Proposed changes to our current specifications are documented below.
Common Structures
------------------
Change the common structures specification [COMMON]_
to specify that the 256-byte Destination public key field is ignored and may
contain random data.
Add a section to the common structures specification [COMMON]_
recommending best practice for the Destination public key field and the
padding fields in the Destination and Router Identity, as follows:
Generate 32 bytes of random data using a strong cryptographic pseudo-random number generator (PRNG)
and repeat those 32 bytes as necessary to fill the public key field (for Destinations)
and the padding field (for Destinations and Router Identities).
Private Key File
--------------------
The private key file (eepPriv.dat) format is not an official part of our specifications
but it is documented in the Java I2P javadocs [PKF]_
and other implementations do support it.
This enables portability of private keys to different implementations.
Add a note to that javadoc that the encryption public key may be random padding
and the encryption private key may be all zeros or random data.
SAM
------
Note in [SAM]_ that the encryption private key is unused and may be ignored.
Any random data may be returned by the client.
The SAM Bridge may send random data on creation (with DEST GENERATE or SESSION CREATE DESTINATION=TRANSIENT)
rather than all zeros, so the Base 64 representation does not have a string of AAAA characters
and look broken.
I2CP
------
No changes required to [I2CP]_. The private key for the encryption public key in the Destination
is not sent to the router.
Future Planning
==================
Protocol Changes
------------------
At a cost of protocol changes and a lack of backward compatibility, we could
change our protocols and specifications to eliminate the padding field in
the Destination, Router Identity, or both.
This proposal bears some similarity to the "b33" encrypted leaseset format,
containing only a key and a type field.
To maintain some compatibility, certain protocol layers could "expand" the padding field
with all zeros to present to other protocol layers.
For Destinations, we could also remove the encryption type field in the key certificate,
at a savings of two bytes.
Alternatively, Destinations could get a new encryption type in the key certificate,
indicating a zero public key (and padding).
If compatibility conversion between old and new formats is not included at some protocol layer,
the following specifications, APIs, protocols, and applications would be affected:
- Common structures spec
- I2NP
- I2CP
- NTCP2
- SSU2
- Ratchet
- Streaming
- SAM
- Bittorrent
- Reseeding
- Private Key File
- Java core and router API
- i2pd API
- Third-party SAM libraries
- Bundled and third-party tools
- Several Java plugins
- User interfaces
- P2P applications e.g. MuWire, bitcoin, monero
- hosts.txt, addressbook, and subscriptions
If conversion is specified at some layer, the list would be reduced.
The costs and benefits of these changes are not clear.
Specific proposals TBD:
PQ Keys
------------------
Post-Quantum (PQ) encryption public keys, for any anticipated algorithm,
are larger than 256 bytes. This would eliminate any padding and any savings from proposed
changes above, for Router Identities.
In a "hybrid" PQ approach, like what SSL is doing, the PQ keys would be ephemeral only,
and would not appear in the Router Identity.
PQ signing keys are not viable,
and Destinations do not contain encryption public keys.
Static keys for ratchet are in the Lease Set, not the Destination.
so we may eliminate Destinations from the following discussion.
So PQ only affects Router Infos, and only for PQ static (not ephemeral) keys, not for PQ hybrid.
This would be for a new encryption type and would affect NTCP2, SSU2, and
encrypted Database Lookup Messages and replies.
Estimated time frame for design, development, and rollout of that would be ????????
But would be after hybrid or ratchet ????????????
For further discussion see [PQ]_.
Issues
======
It may be desirable to rekey the network at a slow rate, to provide cover for new routers.
"Rekeying" could mean simply changing the padding, not really changing the keys.
It is not possible to rekey existing Destinations.
Should Router Identities with padding in the public key field be identified with a different
encryption type in the key certificate? This would cause compatibility issues.
Migration
=========
No backward compatibility issues for replacing the ElGamal key with padding.
Rekeying, if implemented, would be similar to that done
in three previous router identity transitions:
From DSA-SHA1 to ECDSA signatures, then to
EdDSA signatures, then to X25519 encryption.
Subject to backward compatibility issues, and after disabling SSU,
implementations may remove ElGamal code completely.
Approximately 14% of routers in the network are ElGamal encryption type, including many floodfills.
A draft merge request for Java I2P is at [MR]_.
References
==========
.. [Common]
{{ spec_url('common-structures') }}
.. [Datagram]
{{ spec_url('datagrams') }}
.. [I2CP]
{{ spec_url('i2cp') }}
.. [I2NP]
{{ spec_url('i2np') }}
.. [MR]
http://git.idk.i2p/i2p-hackers/i2p.i2p/-/merge_requests/66
.. [NTCP2]
{{ spec_url('ntcp2') }}
.. [PKF]
http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html
.. [PQ]
http://zzz.i2p/topics/3294
.. [SAM]
{{ site_url('docs/api/samv3') }}
.. [SSU2]
{{ spec_url('ssu2') }}
.. [Streaming]
{{ spec_url('streaming') }}

149
i2p2www/spec/proposals/162-congestion-caps.rst Normal file
View File

@ -0,0 +1,149 @@
============================
Congestion Caps
============================
.. meta::
:author: dr|z3d, idk, orignal, zzz
:created: 2023-01-24
:thread: http://zzz.i2p/topics/3516
:lastupdated: 2023-02-01
:status: Open
:target: 0.9.59
.. contents::
Overview
========
Add congestion indicators to the published Router Info (RI).
Motivation
==========
Bandwidth "caps" (capabilities) indicate share bandwidth limits and reachability but not congestion state.
A congestion indicator will help routers avoid attempting to build through a congested router,
which contributes to more congestion and reduced tunnel build success.
Design
======
Define new caps to indicate various levels of congestion or capacity issues.
These will go in the top-level RI caps, not the address caps.
Congestion Definition
----------------------
Congestion, in general, means that the peer is unlikely to
receive and accept a tunnel build request.
How to define or classify congestion levels is implementation-specific.
Implementations may consider one or more of the following:
- At or near bandwidth limits
- At or near max participating tunnels
- At or near max connections on one or more transports
- Over threshold for queue depth, latency, or CPU usage; internal queue overflow
- Base platform / OS CPU and memory capabilities
- Perceived network congestion
- Network state such as firewalled or symmetric NAT or hidden or proxied
- Configured not to accept tunnels
Congestion state should be based on an average of conditions
over several minutes, not an instantaneous measurement.
Specification
=============
Update [NETDB]_ as follows:
.. raw:: html
{% highlight %}
D: Medium congestion, or a low-performance router (e.g. Android, Raspberry Pi)
Other routers should downgrade or limit this router's
apparent tunnel capacity in the profile.
E: High congestion, this router is near or at some limit,
and is rejecting or dropping most tunnel requests.
If this RI was published in the last 15 minutes, other routers
should severely downgrade or limit this router's capacity.
If this RI is older than 15 minutes, treat as 'D'.
G: This router is temporarily or permanently rejecting all tunnels.
Do not attempt to build a tunnel through this router,
until a new RI is received without the 'G'.
{% endhighlight %}
For consistency, implementations should add any congestion cap
at the end (after R or U).
Security Analysis
=================
Any published peer information cannot be trusted.
Caps, like anything else in the Router Info, may be spoofed.
We never use anything in the Router Info to up-rate a router's perceived capacity.
Publishing congestion indicators, telling peers to avoid this router, is inherently
much more secure than permissive or capacity indicators solicting more tunnels.
The current bandwidth capacity indicators (L-P, X) are trusted only to avoid
very low-bandwidth routers. The "U" (unreachable) cap has a similar effect.
Any published congestion indicator should have the same effect as
rejecting or dropping a tunnel build request, with similar security properties.
Notes
=====
Peers must not to completely avoid 'D' routers, only derate them.
Care must be taken not to completely avoid 'E' routers,
so when the whole network is in congestion and publishing 'E',
things don't completely break.
Routers may use different strategies for what types of tunnels to build through 'D' and 'E' routers,
for example exploratory vs. client, or high vs. low bandwidth client tunnels.
Routers should probably not publish a congestion cap at startup or shutdown by default,
even if their network state is unknown, to prevent restart detection by peers.
Compatibility
===============
No issues, all implementations ignore unknown caps.
Migration
=========
Implementations may add support at any time, no coordination needed.
Preliminary plan:
Publish caps in 0.9.58 (April 2023);
act on published caps in 0.9.59 (July 2023).
References
==========
.. [NETDB]
{{ site_url('docs/how/network-database', True) }}

154
i2p2www/spec/proposals/163-datagram2.rst Normal file
View File

@ -0,0 +1,154 @@
===================================
Datagram2 Protocol
===================================
.. meta::
:author: zzz
:created: 2023-01-24
:thread: http://zzz.i2p/topics/3540
:lastupdated: 2023-01-24
:status: Open
:target: 0.9.60
.. contents::
Overview
========
Pulled out from [Prop123]_ as a separate proposal. Copied from [Prop123]_:
Offline signatures cannot be verified in the repliable datagram processing.
Needs a flag to indicate offline signed but there's no place to put a flag.
Will require a completely new protocol number and format.
to be added to the [DATAGRAMS]_ specification.
Let's call it "Datagram2".
Motivation
==========
Left over from LS2 work otherwise completed in 2019.
Design
======
Define new protocol 19 - Repliable datagram with options.
New signature specification.
Specification
=============
Add Datagram2 to [DATAGRAMS]_ as follows:
Format
-------
Preliminary, copied from [Prop123]_:
.. raw:: html
{% highlight %}
From (387+ bytes)
Flags (2 bytes)
Bit order: 15 14 ... 3 2 1 0
Bit 0: If 0, no offline keys; if 1, offline keys
Bits 1-15: set to 0 for compatibility with future uses
If flag indicates offline keys, the offline signature section:
Expires timestamp
(4 bytes, big endian, seconds since epoch, rolls over in 2106)
Transient sig type (2 bytes, big endian)
Transient signing public key (length as implied by sig type)
Signature of expires timestamp, transient sig type,
and public key, by the destination public key,
length as implied by destination public key sig type.
This section can, and should, be generated offline.
Payload
Signature
{% endhighlight %}
Signatures
----------
TBD
Prelude: "DatagramProtocol" ?
SAM
---
Add STYLE=DATAGRAM2
Security Analysis
=================
Notes
=====
Compatibility
===============
None
Migration
=========
Each UDP application must separately detect support and migrate.
Bittorrent DHT: Needs extension flag probably,
e.g. i2p_dg2, coordinate with BiglyBT
Bittorrent UDP Announces [Prop160]_: Design in from the beginning?
Coorindate with BiglyBT, i2psnark, zzzot
Bote: Unlikely
Streamr: Just switch, nobody's using it
SAM UDP apps: None known
References
==========
.. [DATAGRAMS]
{{ spec_url('datagrams') }}
.. [I2CP]
{{ spec_url('i2cp') }}
.. [Prop123]
{{ proposal_url('123') }}
.. [Prop160]
{{ proposal_url('160') }}
.. [BT-SPEC]
{{ site_url('docs/applications/bittorrent', True) }}

65
i2p2www/spec/proposals/164-streaming.rst Normal file
View File

@ -0,0 +1,65 @@
===================================
Streaming Updates
===================================
.. meta::
:author: zzz
:created: 2023-01-24
:thread: http://zzz.i2p/topics/3541
:lastupdated: 2023-01-24
:status: Open
:target: 0.9.58
.. contents::
Overview
========
Motivation
==========
Design
======
Specification
=============
Update [STREAMING]_ as follows:
Security Analysis
=================
Notes
=====
Compatibility
===============
No issues, all implementations ignore.
Migration
=========
Implementations may add support at any time, no coordination needed.
References
==========
.. [STREAMING]
{{ spec_url('streaming') }}

6189
i2p2www/spec/ssu2.rst
View File

File diff suppressed because it is too large Load Diff

10
i2p2www/spec/streaming.rst
View File

@ -3,8 +3,8 @@ Streaming Protocol Specification
================================
.. meta::
:category: Protocols
:lastupdated: 2022-04
:accuratefor: 0.9.53
:lastupdated: 2023-01
:accuratefor: 0.9.57
.. contents::
@ -88,15 +88,15 @@ Framing is provided by the lower layers - I2CP and I2NP.
sendStreamId :: 4 byte `Integer`
Random number selected by the packet recipient before sending
the first SYN reply packet and constant for the life of the
connection. 0 in the SYN message sent by the connection
connection, greater than zero. 0 in the SYN message sent by the connection
originator, and in subsequent messages, until a SYN reply is
received, containing the peer's stream ID.
receiveStreamId :: 4 byte `Integer`
Random number selected by the packet originator before
sending the first SYN packet and constant for the life of
the connection. May be 0 if unknown, for example in a RESET
packet.
the connection, greater than zero.
May be 0 if unknown, for example in a RESET packet.
sequenceNum :: 4 byte `Integer`
The sequence for this message, starting at 0 in the SYN

98
i2p2www/static/idk.key.asc Normal file
View File

@ -0,0 +1,98 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBFllPP4BCAC00FYAOPuUWVbUcli+MY5U62AHhg3qXu2FMwdi4WJPP38e4Py1
bYXv3q8kgc4mq/wG2Y0KQtbpJ1sx4ZHv26Ipa2bZH6WyBX+hUc5tzXEe98kBjdXO
Pv/RYfUryhfsLpTdzaH0zvaC24gYxP3lpv046X91PvJ9nRgtgRrmGlFnybtDApeA
JEdY144EAqt3SVP/tMMGCmrM+0guaDR1N6iLNF0RdpLoplJ/8FrjCwIn7fvvx0gR
94anhYBkW3I33NMArQTFDf7blbw3LryVyHtH/3/xnbrQ8d3ISYy2CfP5l8pTNKQh
kaSi18O27fL5KS45VxPdt6IuApn0bEqYC8bbABEBAAHNI2V5ZWRlZWtheSA8ZXll
ZGVla2F5QHNhZmUtbWFpbC5uZXQ+wsCXBBMBCABBAhsDBQsJCAcCBhUICQoLAgQW
AgMBAh4BAheAAhkBFiEEcNIGBzi++AUjrK/311wDs5teFOEFAmPLYTQFCRPMJbYA
CgkQ11wDs5teFOH7+Af/TTrB2ks956RAViq5RxJzYDldh/3e8DVFtynIMqRDQYh4
Z56Jt9Z9KtcrHJXY8Dos3VhuTlP82JQNXpnIxvcylTLiOWwahqN+g+LgLzFIfmrz
nudOYEfGYTEre9EEl1uvZZMLe9N48PeK234P2TkmuhHiUwkoKPoq3wUkcvGyLmvj
OCgi0qZAwDb1ZPD1w9VUxLW7xUefobk0To8O1FbZ4AQvBaNY6VXofqL5wYpeYPNE
8slenFaFRSFht5h53fw2W9dBO8DdgCpdVqM/qdgS+T5uxGzg1Dnd7upLStKPEKQZ
FWaVk+CSeNLrOfK39NRye0IYwUWOsPMcn/BgUsGVP8LAlwQTAQgAQQIbAwULCQgH
AgYVCAkKCwIEFgIDAQIeAQIXgAIZARYhBHDSBgc4vvgFI6yv99dcA7ObXhThBQJe
Eh8cBQkKUHyeAAoJENdcA7ObXhThudEIAKIOkKi52dNvGfAFTyQkD+RFQts3L+zd
DcJHGjTgOo9pR5qoDMFRH2gQA3aC7UNkXNV9uGgqLAY3ndAe8CttJHug3j1RHeLs
jPQV6a7Cb5WT1a/yIm1g/Ruq+9yganZoXgfiVJsgfbSiAFsJKSSQOjSEFY2Tp9hi
IgUA20tl9gjM9FkJXIoiPC6ChZDFYTbqqgH3BQAoFDB2rCleUwdwmzMrjJ6kKGUG
LXh7Y9+BKrnS59fVSj+9qE803YksYaWLFMuPWqO3L1L5iyi/nev7q5sYXFOQkNbL
L/F/6OBE/GIZqUjKK1uw7ptFPHXP7JHdOVuf6gJmpO3V4F6gMXjTbjnNI2V5ZWRl
ZWtheSA8aGFua2hpbGwxOTU4MEBnbWFpbC5jb20+wsCUBBMBCgA+AhsDBQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAFiEEcNIGBzi++AUjrK/311wDs5teFOEFAmPLYTQF
CRPMJbYACgkQ11wDs5teFOHkpgf6A5rmxVpBt5p7rRvIiMP2WUArSqFceBKkvCmf
ieMkvl7fa94uGXpo3w7UyvXGFvkuXFdzT9r7w6+IB3YjBjSZVhW079PWZu/nsK1B
cNGSEAbcv7MvWDKySa7l+OhLX2de/X0cnFNMZMZID5vOmx7wRm0OYAqAun8dS2QF
BbXcmtkwNo966HOf4e/djbJbQPgQ5zZchLNpkMrBeuXzqVcKHzKU4MLneq99+utD
IEgF5Pl+g3/bfOY/vMh8OdTPHmI2LRWNowMnC1EnxmWdkNaibyumCnd25davCLsE
fWILoQrABGLGGF9hSDzeCKzek4pAdo2eIO/SiRACNRVPQ63epcLAlAQTAQoAPgIb
AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHDSBgc4vvgFI6yv99dcA7ObXhTh
BQJeEh8dBQkKUHyeAAoJENdcA7ObXhTh9kUH/3Q5PH4ZaXXkpRnHx88BVgsMwjNq
QvMw6z8Hi4fgFu4/KpcOV+JS5AahuGP05wl+MxEbgVtKNd8v9rLDVatIW0pjMidb
VjubreqARM/E/g8kRExr2KB0pf3ChaH0o/qXSxhrjjIi2IHRI2Yji4tjo1e+2C2P
Y4x4Vqhweap5VTMezjOQhkE7ROepIN7nut1joUfjZAwnBLkMbmt/gx6epYidS62p
6yOeN17hIq7UlAtIKyycd/Ry8LE271Cekxjgx301IMJmWRCb62HNvI3ucIWoQubg
ukf3QppGuzNXayVlMwpSYTv8qOFrG0y0u56aYHwhkdrHNamnUbDuz8vJAsnCwJQE
EwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRw0gYHOL74BSOsr/fX
XAOzm14U4QUCXTYlpgUJB5NPpQAKCRDXXAOzm14U4aUNCACq17h2WCYKvVfChRjr
ACr32wRWOk0Zcs0ZFEfvoLjyaSzZegS0xhoI+/VZJTMNhs5Cm6w+XU8J3T+yF+rn
OioAni0Sl3G9wxaZzs+QGqJgizhqVeDAeG3CdvOc9VPno1Rlrm++B9BUOqCdR1fY
lvBI0buHB4MwXPCofRDQo+dV4Rvu5W07JohS67Zt/wb0xJtkEC9WkMeUNRr5sLcV
ekuIn6drXZcI0Hy7yc/XQpj1sl2hU29MgITlgF8ldiXHCJ6lJ3D+/W3ZfVQxiBtr
73EDRZp4CcjH1+9KzG5E4xAcnaIK7/B3FhuMGaKpnQ9W/IuMD3+74FMuEcPC/Fmy
7sqDzSlleWVkZWVrYXkgPHByb2JsZW1zb2x2ZXJAb3Blbm1haWxib3gub3JnPsLA
lAQTAQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBHDSBgc4vvgFI6yv
99dcA7ObXhThBQJjy2E0BQkTzCW2AAoJENdcA7ObXhTh+rcH/RY3LYAgOQwzaae7
J+zJBXko0msn6K7/WExGXRDmsZxInhsFxWm5D6mtd56VjBb41bjYqX9R0edJcQJo
8M4sOWe1DHT5efe8oY7xCI4KxRCVHLRK2xzj6EkYfTUvNkatjRIw/2s/gMqCIyO9
L00YJo7oLPMXCORVwYFSPncXCP1r+jZHmHyBKN5O0GXgFMabzO1XYiW5cT8Lg2Yh
z4OkCKkKJkBidknYLkuSbIaNPjzfocw8BnKGTCQJizFlByktHzYuZonNkY2dIuk4
ChVEGVOBOZ9lU3J21jPX5slNpAiC2zguCqwI7/98k2RlpK4UqxkQLzUDg1Ld3kp2
yop2M67CwJQEEwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQRw0gYH
OL74BSOsr/fXXAOzm14U4QUCXhIfHQUJClB8ngAKCRDXXAOzm14U4Zv2B/9rPzSv
GE2NNndkLKt/tGbsMaunCEkmq0ztwBJQopL5gRHkZ5dhx7i3NyXhLkmpLKeyZ/QY
0E4AwLhUdSthovFflWdY48toOqexiNmkn1fcGsCVRzWIfys0AQMclICFDSOem+SN
qvhs1/39CpqKctW3hnQ7DOomOIFekgtrf4neggtstseUra98SfL7haSW3k3DX6aa
CB7r9pdu5DsfsB25XEX/G7lFrnthyqLDYQb08YSpk4YiEzIW8VNKZ82iFftJdDOC
qp7f4vnOHAhLLozxxBfBdVC2MHgI5j1p+sTECSF1PBsSI2PV6QP/KO5uryj0U/b4
7gglDWHvhCPlJ1LkzTpleWVkZWVrYXkgKGFsaWFzIGZvciBpZGtpMnBAaTJwbWFp
bC5vcmcpIDxpZGtpMnBAbWFpbC5pMnA+wsCUBBMBCgA+AhsDBQsJCAcCBhUKCQgL
AgQWAgMBAh4BAheAFiEEcNIGBzi++AUjrK/311wDs5teFOEFAmPLYTQFCRPMJbYA
CgkQ11wDs5teFOGZTQgAlS3rrCQ5t2ipdYbrW+Il1y8XQelK0mRZMmYBx/IgkOty
J+ewSOnLgXR4q2IdF+gFWikfrUFiUirSViCdy5BUrRXwW35E8pchAs8ph+/3MXHQ
n0C5J61s9s38HMeK/M5txk7yaHKYo81yeCQGtfq8IFsyw/GdrrFfEDBnP/rwXgtf
oHX/oSuqGbySx//qPxqGpRX/qdbgP2KPrPdImFp3ACUUofOeuflmi8V/drT4FXa8
mG8qk6Uhp4h15XgBtkrUBaC9C1pc7aevtpty2wAlG8DlMee9W5EzxxYfzp4rwX5U
J/BTXJLP98eElGAAxCELNLwp1QAX9WYSpjkHdpoqLs06ZXllZGVla2F5IChhbGlh
cyBmb3IgaWRraTJwQG1haWwuaTJwKSA8aWRraTJwQGkycG1haWwub3JnPsLAlAQT
AQoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBHDSBgc4vvgFI6yv99dc
A7ObXhThBQJjy2E0BQkTzCW2AAoJENdcA7ObXhTh6XoH/ic44i9eGk3PRmiBaDF9
+M2QJRekcEXN9YU0Dj9H/8ENdLk8uOcCM3i/DB43Fol+4w3asc9A0zZ6Z1zvHt+7
1cF/xKJQGidyWTc42mOn84H9qbSsNizUJxBMVWEDztR96UBI4RG8IsG6qQ45GI++
0xzD1sPblHypKU2LaJtALSQpP1nCTd6N4fsMWrYdQVQgp91+Kz9BjZEAX6tz/bcg
SwnA6lL2DKf4dHAWRXhLohYn9oHsEHdHaL1TraT+ldQ2kv140lKHYT6NydQON7xz
qe7iROScoM7W7hG+ZTVvUXw4WSp3A4S05h5YUMdtqpp54brDF++vw9yAcIwJBfyU
lpvOwE0EWWU8/gEIALmUpJ9JUR8ZEtyIbV6MGEREG0KvYyHOdZ2Db2p4GxUyuBKK
s1Rwj+njBS6/UbW58bww/P1Z09ikdgFsiualiFf2bBbAEoT8wimOU2nnrNmT+XFe
Aj0B+aSUKtLSn7ve5SgJM2MbX/3+aCn/kjJy2oU5J1W7C+CQSY5P498zOLi9Fhmu
rBBn+kvgHEs83dbNWvTNtZG1MBe8RZvjYfnvP7xk+WXCiVuwArMoXDcpvarDTWjv
0iKn/RXpz7DO4F2u/As1tFx9Q1UgaFG6Z58xrfPJBZQRwql76jaykbDEM8SSViSd
WgJuGdAjqTlO5ur7SJqKLUI69P/0LSEkrqSkEnsAEQEAAcLAfAQYAQgAJgIbDBYh
BHDSBgc4vvgFI6yv99dcA7ObXhThBQJjy2EaBQkTzCWcAAoJENdcA7ObXhTh4ekH
/28QFIKR8HVB4w7Fw3aGwZfKRPE1SVAwq2rN8MBvkA8JyuEYk6osnkxpycC7vu5j
TBlFmMtrppp/LPVavj0bQAf7jLLUT/1qae8HmmkF4M/irL4RNiRZRU5vmtdTUnwW
8Bwogo+e0WguWDu1PimM228Qdjo16+xg6OKdtRThm/w9huRQ/GpCRZfHhpBmhMt0
M3ZwMmfr+9ROPTINdABetQoj1W5Fl1caR65JZe16uc0aKP5ww+7NiGXuINa24dGI
5hP3/3dvz9DKkTrt7YQ+7ICRBxbBlLQVBMhiGWjwDiaLXqdW6wmsSN6jxerom9UG
kp0p/E4LDzHQhoIIBIj0vabCwHwEGAEIACYCGwwWIQRw0gYHOL74BSOsr/fXXAOz
m14U4QUCXhIfHQUJClB8nwAKCRDXXAOzm14U4cuCB/9UTshnHll+FEJYAHfWm7q2
2nBVnq8fbrxCVTKIwONi39fAbrO81CigEU1/Owk1Q0BOgySTXuumv/f9TX979D3X
L5pOGXZnzg5VFKoZ8gGAMEoz0nX104az/ixujBVagdnm8+PMZMwKM0RzNbgyqu71
Z2eVq4W9x1VK8rW8xPmyP9MQSp42VOIrDlX0xA5NnMXKW6+uGkBLYfA/y+rjI1Gn
98PlVueKh1t/YzwgQM58Enh1GZ1/YtPcixgzmyO99o/q1qFI1WSNF4TXTtll9Kik
fR64nvYLVmfFguNQUz7oca8f8scSjkpj8/cNGoDjxeuj/oNDaZqqyJhwDD4f3/TC
=i+Zz
-----END PGP PUBLIC KEY BLOCK-----

BIN
i2p2www/static/images/00-wizard.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 115 KiB

After

Width:  |  Height:  |  Size: 119 KiB

BIN
i2p2www/static/images/01-select.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 50 KiB

After

Width:  |  Height:  |  Size: 53 KiB

BIN
i2p2www/static/images/02-http.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 65 KiB

After

Width:  |  Height:  |  Size: 68 KiB

BIN
i2p2www/static/images/03-name.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 45 KiB

After

Width:  |  Height:  |  Size: 48 KiB

BIN
i2p2www/static/images/04-port.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 47 KiB

BIN
i2p2www/static/images/05-auto.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 43 KiB

After

Width:  |  Height:  |  Size: 46 KiB

BIN
i2p2www/static/images/06-finish.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 75 KiB

After

Width:  |  Height:  |  Size: 79 KiB

BIN
i2p2www/static/images/07-finished.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 140 KiB

After

Width:  |  Height:  |  Size: 172 KiB

BIN
i2p2www/static/images/I2PTunnel-streamr.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 4.6 KiB

After

Width:  |  Height:  |  Size: 6.1 KiB

BIN
i2p2www/static/images/add-key-terminal.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
i2p2www/static/images/anonlevel.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 24 KiB

BIN
i2p2www/static/images/approve.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 77 KiB

BIN
i2p2www/static/images/autostart.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 44 KiB

BIN
i2p2www/static/images/bandwidth2009.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.8 KiB

After

Width:  |  Height:  |  Size: 11 KiB

BIN
i2p2www/static/images/bidir-1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 66 KiB

After

Width:  |  Height:  |  Size: 81 KiB

BIN
i2p2www/static/images/bidir-2.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 14 KiB

BIN
i2p2www/static/images/btn_left.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 699 B

After

Width:  |  Height:  |  Size: 695 B

BIN
i2p2www/static/images/btn_right.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 686 B

After

Width:  |  Height:  |  Size: 692 B

BIN
i2p2www/static/images/btn_stretch.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 212 B

After

Width:  |  Height:  |  Size: 175 B

Some files were not shown because too many files have changed in this diff Show More