----- Forwarded message from jrandom <[EMAIL PROTECTED]> ----- From: jrandom <[EMAIL PROTECTED]> Date: Tue, 14 Sep 2004 11:21:39 -0700 To: [EMAIL PROTECTED] Subject: [i2p] weekly status notes [sep 14]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi y'all, its that time of the week again * Index: 1) 0.4.0.1 2) Threat model updates 3) Website updates 4) Roadmap 5) Client apps 6) ??? * 1) 0.4.0.1 Since last Wednesday's 0.4.0.1 release, things have been going pretty well on the net - more than 2/3rd of the network has upgraded, and we'e been maintaining between 60 and 80 routers on the network. IRC connection times vary, but lately 4-12 hour connections have been normal. There have been some reports of funkiness starting up on OS/X though, but I believe some progress is being made on that front too. * 2) Threat model updates As mentioned in reply [1] to Toni's post [2], there has been a pretty substantial rewrite of the threat model [3]. The main difference is that rather than the old way of addressing the threats in an ad-hoc manner, I tried to follow some of the taxonomies offered within the literature [4]. The biggest problem for me was finding ways to fit the actual techniques people can use into the patterns offered - often a single attack fit within several different categories. As such, I'm not really too pleased with how the information in that page is conveyed, but its better than it was before. [1] http://dev.i2p.net/pipermail/i2p/2004-September/000442.html [2] http://dev.i2p.net/pipermail/i2p/2004-September/000441.html [3] http://www.i2p.net/how_threatmodel [4] http://freehaven.net/anonbib/topic.html * 3) Website updates Thanks to Curiosity's help, we've begun on some updates to the website - the most visible of which you can see on the homepage itself. This should help people out who stumble upon I2P and want to know right off the bat wtf this I2P thing is, rather than having to hunt and peck through the various pages. In any case, progress, ever onwards :) * 4) Roadmap Speaking of progress, I've finally thrown together a revamped roadmap [5] based upon what I feel we need to implement and upon what must be accomplished to provide for the user's needs. The major changes to the old roadmap are: * Drop AMOC altogether, replaced with UDP (however, we'll support TCP for those who can't use UDP *cough*mihi*cough*) * Kept all of the restricted route operation to the 2.0 release, rather than bring in partial restricted routes earlier. I believe we'll be able to meet the needs of many users without restricted routes, though of course with them many more users will be able to join us. Walk before run, as they say. * Pulled the streaming lib in to the 0.4.3 release, as we don't want to go 1.0 with the ~4KBps per stream limit. The bounty on this is still of course valid, but if no one claims it before 0.4.2 is done, I'll start working on it. * TCP revamp moved to 0.4.1 to address some of our uglier issues (high CPU usage when connecting to people, the whole mess with "target changed identities", adding autodetection of IP address) The other items scheduled for various 0.4.* releases have already been implemented. However, there is one other thing dropped from the roadmap... [5] http://www.i2p.net/roadmap * 5) Client apps We need client applications. Applications that are engaging, secure, scalable, and anonymous. I2P by itself doesn't do much, it merely lets two endpoints talk to each other anonymously. While I2PTunnel does offer one hell of a swiss army knife, tools like that are only really engaging to the geeks among us. We need more than that - we need something that lets people do what they actually want to do, and that helps them do it better. We need a reason for people to use I2P beyond simply because its safer. So far I've been touting MyI2P to meet that need - a distributed blogging system offering a LiveJournal-esque interface. I recently [6] discussed some of the functionality within MyI2P on the list. However, I've pulled it out of the roadmap as its just too much work for me to do and still give the base I2P network the attention it needs (we're already packed extremely tight [7]). There are a few other apps that have much promise. Stasher [8] would provide a significant infrastructure for distributed data storage, but I'm not sure how that's progressing. Even with Stasher, however, there would need to be an engaging user interface (though some FCP apps may be able to work with it). IRC is also a potent system, though has its limitations due to the server-based architecture. oOo has done some work to see about implementing transparent DCC though, so perhaps the IRC side could be used for public chat and DCC for private file transfers or serverless chat. General eepsite functionality is also important, and what we have now is completely unsatisfactory. As DrWoo points out [9], there are significant anonymity risks with the current setup, and even though oOo has made some patches filtering some headers, there is much more work to be done before eepsites can be considered secure. There are a few different approaches to addressing this, all of which can work, but all of which require work. I do know that duck mentioned he had someone working on something, though I don't know how thats coming or whether it could be bundled in with I2P for everyone to use or not. Duck? Another pair of client apps that could help would be either a swarming file transfer app (ala BitTorrent) or a more traditional file sharing app (ala DC/Napster/Gnutella/etc). This is what I suspect a large number of people want, but there are issues with each of these systems. However, they're well known and porting may not be much trouble (perhaps). Ok, so the above isn't anything new - why did I bring them all up? Well, we need to find a way to get an engaging, secure, scalable, and anonymous client application implemented, and it isn't going to happen all by itself out of the blue. I've come to accept that I'm not going to be able to do it myself, so we need to be proactive and find a way to get it done. To do so, I think our bounty system may be able to help, but I think one of the reasons we haven't seen much activity on that front (people working on implementing a bounty) is because they're spread too thin. To get the results we need, I feel we need to prioritize what we want and focus our efforts on that top item, 'sweetening the pot' so as to hopefully encourage someone to step up and work on the bounty. My personal opinion is still that a secure and distributed blogging system like MyI2P would be best. Rather than simply shoveling data back and forth anonymously, it offers a way to build communities, the lifeblood of any development effort. In addition, it offers a relatively high signal to noise ratio, low chance for abuse of the commons, and in general, a light network load. It doesn't, however, offer the full richness of normal websites, but the 1.8 million active LiveJournal users don't seem to mind. Beyond that, securing the eepsite architecture would be my next preference, allowing browsers the safety they need and letting people serve eepsites 'out of the box'. File transfer and distributed data storage are also incredibly powerful, but they don't seem to be as community oriented as we probably want for the first normal end user app. I want all of the apps listed to be implemented yesterday, as well as a thousand other apps I couldn't begin to dream of. I also want world peace, and end to hunger, the destruction of capitalism, freedom from statism, racism, sexism, homophibia, an end to the outright destruction of the environment and all that other evil stuff. However, we are only so many people and we can only accomplish so much. As such, we must prioritize and focus our efforts on achieving what we can rather than sit around overwhelmed with all we want to do. Perhaps we can discuss some ideas about what we should do in the meeting tonight. [6] http://dev.i2p.net/pipermail/i2p/2004-September/000435.html [7] http://www.i2p.net/images/plan.png [8] http://www.freenet.org.nz/python/stasher/ [9] http://brittanyworld.i2p/browsing/ * 6) ??? Well, thats all I've got for the moment, and hey, I got the status notes written up *before* the meeting! So no excuses, swing on by at 9pm GMT and barrage us all with your ideas. =jr -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQUc1OhpxS9rYd+OGEQLaYQCg0qql8muvuGEh46VICx4t69PuRl8An0Ki 3GEF2jrg/i9csiMO6VdQccxH =4Tip -----END PGP SIGNATURE----- _______________________________________________ i2p mailing list [EMAIL PROTECTED] http://i2p.dnsalias.net/mailman/listinfo/i2p ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
pgpfORc0A7rUP.pgp
Description: PGP signature
