I2P_Developers/i2p.www
3
0
Fork 5
Code Issues 27 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

merge into: I2P_Developers:reseed-rewrite
Branches Tags
I2P_Developers:master I2P_Developers:166-identity-aware-proxies I2P_Developers:modernize I2P_Developers:2to3 I2P_Developers:debian-variants-questionable I2P_Developers:reseed-rewrite I2P_Developers:reseed-revisions I2P_Developers:debchanges I2P_Developers:dns-application I2P_Developers:download-pages-breakdown-redirect I2P_Developers:dmg-bundle-expanded I2P_Developers:style-guide
I2P_Developers:cvs-suck-import
...
pull from: I2P_Developers:modernize
Branches Tags
I2P_Developers:master I2P_Developers:166-identity-aware-proxies I2P_Developers:modernize I2P_Developers:2to3 I2P_Developers:debian-variants-questionable I2P_Developers:reseed-rewrite I2P_Developers:reseed-revisions I2P_Developers:debchanges I2P_Developers:dns-application I2P_Developers:download-pages-breakdown-redirect I2P_Developers:dmg-bundle-expanded I2P_Developers:style-guide
I2P_Developers:cvs-suck-import

241 Commits
reseed-rew ... modernize

Author SHA1 Message Date
eyedeekay
deb775d243 Port it to python3 2023-11-23 09:43:42 -05:00
eyedeekay
8ebc4de1a7 Re-attempt migration with modernize 2023-11-22 14:48:24 -05:00
zzz
53b17e206f Naming: Fix missing content due to endblock in the middle 2023-11-22 06:46:19 -05:00
zzz
7fec0b308f SAM: Add note about i2pd concurrent accepts 2023-11-17 15:04:09 -05:00
zzz
8db113d0aa Blockfile: Add info on listversion 2023-11-17 08:51:38 -05:00
zzz
b1a1debef3 Blockfile spec fix 2023-11-17 08:32:32 -05:00
zzz
9772a4ed05 Add note on reachability caps 2023-11-11 09:07:01 -05:00
zzz
23bed0f483 Update checklist for tx v3 2023-11-07 13:33:18 -05:00
zzz
496b65274a Add congestion caps to netdb doc 2023-11-05 12:43:31 -05:00
zzz
7053ae1db3 Markdown fixes 2023-10-30 17:49:54 -04:00
eyedeekay
7df3407db9 Downloads: remove reference to Easy-Installer from mac install guide page 2023-10-25 16:37:57 -04:00
zzz
4e3370b852 Fill in prop. 164 and update streaming spec to match 2023-10-23 11:22:46 -04:00
zzz
c8f9788e00 dup word 2023-10-23 08:20:14 -04:00
zzz
3b0794554c i2ptunnel: Add more info on x-i2p-gzip and related topics 2023-10-23 06:46:06 -04:00
zzz
ca7351592a Copy port/protocol info to I2CP spec 
Add more info on gzip effort 0
 2023-10-23 05:47:27 -04:00
zzz
bfc73085b0 typo 2023-10-22 14:18:21 -04:00
zzz
6c0e4bb387 SAM: Add note about concurrent ACCEPTs on 3.1 2023-10-22 11:23:34 -04:00
zzz
73dc961c79 HTML fix 2023-10-21 10:30:56 -04:00
zzz
7686adfc06 Add note that deb repos are down 2023-10-21 10:23:10 -04:00
zzz
f13dc8b7ff SAM: More ports documentation 2023-10-21 09:43:28 -04:00
zzz
e2ffb5e96c SAM: Enhance ports documentation (Gitlab #456) 2023-10-21 09:30:44 -04:00
zzz
8f7b30078d Add ramble.i2p to hosts.txt 2023-10-10 11:59:01 -04:00
eyedeekay
b036f269a6 switch to files.* mirror while the other one is down 2023-10-03 20:28:46 -04:00
zzz
fa988e6f5b Renew repo key (gpg format) 2023-10-01 12:54:27 -04:00
zzz
66d51d4a57 Renew repo key 2023-10-01 11:08:35 -04:00
zzz
a8c09545ad I2NP: Add notes about minimum version increase 2023-10-01 07:17:03 -04:00
zzz
67ce4b6bb1 renew my GPG key 2023-10-01 07:12:39 -04:00
zzz
4d66666202 SAM: Add section on accept errors 
ref: Gitlab i2p.i2p #399
 2023-10-01 07:10:44 -04:00
eyedeekay
58883084a8 add a note about name changing the MASTER sessions to PRIMARY sessions. 2023-09-04 12:23:50 -04:00
idk
f3968a1e1b Merge pull request #13 from Shoalsteed/master 
Updates to Performance page, Dev docs
 2023-07-20 15:52:31 -04:00
Sadie Mascis
956ce97006 Merge branch 'i2p:master' into master 2023-07-20 11:24:28 -04:00
eyedeekay
a67f32aaca finally update the release signing keys 2023-07-19 16:44:44 -04:00
eyedeekay
41a6d50612 update easy-install download versions 2023-07-13 11:17:16 -04:00
eyedeekay
217475ddc9 update easy-install hashes 2023-07-13 11:16:43 -04:00
eyedeekay
2ab41d3c85 Use Mac OS instead of Mac OS X, update Easy-Install blog post 2023-07-13 10:19:59 -04:00
eyedeekay
c900f779d9 re-add all the pdfs 2023-07-11 19:18:33 -04:00
eyedeekay
9c9547cd60 temporarily remove some of the PDFs, will restore in 30min 2023-07-11 19:09:02 -04:00
eyedeekay
09a8ef4fa2 clean up metadata from images directory, then run them through pngcrush with debian defaults 2023-07-11 18:41:37 -04:00
eyedeekay
fedce0aef0 update translations 2023-07-11 11:49:43 -04:00
eyedeekay
96088162ed add easy-install for windows blogpost 2023-07-11 00:23:38 -04:00
eyedeekay
e81d87724b reverse order of roadmap to match expectation, newer at top. Update roadmap for 2.4.0. 2023-07-10 14:55:58 -04:00
idk
c72cbc05fc fix href links in the blog post 2023-06-30 15:24:49 -04:00
idk
8f85913228 fix mac downloads 2023-06-30 14:59:56 -04:00
idk
86053fae8d update download hashes 2023-06-30 14:47:52 -04:00
idk
f6034d6462 bump download version 2023-06-30 14:46:44 -04:00
idk
15c827b822 fix some strings, add a blog post, fix docker container 2023-06-30 12:59:25 -04:00
Sadie Mascis
b307f171de Update index.html 2023-05-30 16:59:48 -04:00
Sadie Mascis
771f2f63ae Update index.html 
Changes to Performance overview.
 2023-05-26 17:18:28 -04:00
Sadie Mascis
6b35d8f4e8 Update new-developers.html 
remove link to zzz's forum, make changes to headers and some copy.
 2023-05-26 15:08:27 -04:00
idk
300a987392 Merge pull request #12 from Vort/samv3_doc_fix 
SAM V3: make example consistent with previous text
 2023-05-25 17:07:29 -04:00
idk
12da3aee87 Merge pull request #11 from Shoalsteed/master 
Update dev-guidelines.html
 2023-05-25 17:06:41 -04:00
idk
8080799be5 remove print call from the blog renderer 2023-05-24 18:11:08 +00:00
Vort
41cc69c774 make example consistent with previous text 2023-05-15 09:46:29 +03:00
idk
84d35a67c7 never ever ever leave a {% trans %}{% endtrans %} block empty, or it will break like half the languages for some mysterious reason 2023-05-04 04:25:47 +00:00
idk
e0e6a2fa76 log when running in dev mode 2023-05-04 03:50:00 +00:00
idk
c5ec52dd1f fix missing newlines 2023-05-04 03:42:08 +00:00
idk
94d206b798 try and fix the translations 2023-05-04 02:54:33 +00:00
Sadie Mascis
8ba3b11b03 Merge branch 'i2p:master' into master 2023-04-29 13:45:04 -04:00
idk
23eb1c5489 fix missing bracket on translation tag on software.html, split up environment setup in dockerfile to trade a little space for a lot of time 2023-04-29 16:50:58 +00:00
Sadie Mascis
d68fb34dda Update index.html 2023-04-28 17:36:50 -04:00
Sadie Mascis
acc1d99b34 Update browser-content.html 2023-04-28 15:56:11 -04:00
Sadie Mascis
9ad45220b8 Update dev-guidelines.html 
remove Trac references, zzz forum, "we/ our" references , add "release manager."
 2023-04-28 15:11:44 -04:00
idk
fff7c1f9ec fix missing translation tag 2023-04-28 19:00:21 +00:00
idk
09e20cb0ba Merge pull request #10 from Shoalsteed/master 
Updates to copy
 2023-04-27 01:10:05 -04:00
idk
92edebf1fd Merge branch 'master' into master 2023-04-26 17:29:46 -04:00
idk
9bd163e3e5 fix tables on contact page 2023-04-26 21:25:52 +00:00
Sadie Mascis
9f1bb7156e Update reseed.html 2023-04-26 16:26:14 -04:00
Sadie Mascis
592c7ae638 Update anonbib.bib 2023-04-20 15:31:43 -04:00
Sadie Mascis
4579c6deed Update vrp.html 2023-04-17 15:13:40 -04:00
idk
bd2b0ae0bb update android versions 2023-04-17 16:41:48 +00:00
Sadie Mascis
173790ed7c Update faq.html 2023-04-17 11:53:19 -04:00
Sadie Mascis
37442a469e Update contact.html 2023-04-17 11:27:21 -04:00
idk
62354cbdcb fix date on blog post 2023-04-14 02:20:04 +00:00
idk
a400346f8d update version 2023-04-13 20:11:26 +00:00
idk
6eab2587a7 update hashes 2023-04-13 20:11:10 +00:00
Sadie Mascis
1f67ec12e7 Update plugins.html 2023-04-12 17:45:33 -04:00
idk
0281b67bc4 undraft blog post 2023-04-12 20:42:31 +00:00
idk
cbf762852c draft release blog post 2023-04-12 05:02:26 +00:00
Sadie Mascis
55d09a4ca6 Update index.html 2023-04-10 10:38:26 -04:00
Sadie Mascis
32ea161bdf Update index.html 2023-04-10 10:03:19 -04:00
Sadie Mascis
6e6e876750 Update software.html 2023-04-10 09:49:04 -04:00
idk
32c1addde8 remove treasury position, add zzz to past contributors 2023-03-31 21:12:56 +00:00
idk
3facee99b1 update easy-install version number and hash 2023-03-23 12:55:02 +00:00
idk
d64e3b76ab update the contact page 2023-03-21 22:28:22 +00:00
idk
a906af63f7 Merge branch 'readme-refactoring' into 'master' 
Adding overview info to README as suggested in issue

See merge request i2p-hackers/i2p.www!23
 2023-03-18 17:29:41 +00:00
idk
996953e289 Merge branch 'fix-venv' into 'master' 
fix virtualenv setup

Closes #39

See merge request i2p-hackers/i2p.www!24
 2023-03-18 17:25:20 +00:00
AGentooCat
f544a40229 fix virtualenv setup 2023-03-18 17:25:20 +00:00
idk
2f768fd6d2 update android version 2023-03-18 04:36:53 +00:00
idk
a030fbae4a move blogpost 2023-03-14 06:07:01 +00:00
idk
224305f501 fix blog URL 2023-03-14 03:10:04 +00:00
idk
4cac8d8541 update my public key 2023-03-14 01:57:53 +00:00
idk
9e78559e80 update versions and hashes 2023-03-13 23:18:36 +00:00
idk
5cb31ea847 undraft blog post 2023-03-13 21:29:54 +00:00
idk
a618bb279d write draft release notes 2023-03-13 19:25:55 +00:00
idk
7107a2960a edit statement about release of Mac easy-install on site since release date of 2.2.0 is moved. 2023-03-08 17:00:53 +00:00
idk
5162dc2d24 unindent blog post 2023-02-12 03:37:35 +00:00
idk
980fc185d5 Blog post about Denial of Service attack 2023-02-12 03:33:07 +00:00
zzz
2bb222187d mtg 320 more log cleanup and spelling fixes 2023-02-08 22:56:10 -05:00
idk
d0459ba062 check in meeting logs 2023-02-07 22:21:03 +00:00
idk
d08ac133f8 remove logging messages from meeting log 2023-02-07 22:08:55 +00:00
idk
b8f5804525 check in meeting logs 2023-02-07 22:07:15 +00:00
idk
90a39f35d6 Add missing wizard images, add sadie to author list 2023-02-01 14:15:29 +00:00
zzz
70cc78b17f Prop. 162 updates 2023-02-01 06:57:22 -05:00
idk
d616bd3156 qualify that the recommendation might change in the future 2023-02-01 07:21:15 +00:00
idk
9942f1ddf6 add links to blog posts 2023-02-01 07:07:57 +00:00
idk
bdca9c7042 Add install guide for jar installs on MacOS 2023-02-01 06:58:31 +00:00
idk
30d9fe1622 fix missing image 2023-02-01 00:58:28 +00:00
idk
d513dcc95d add osx install guide images 2023-01-31 23:12:25 +00:00
idk
d0787a33ad Update the about/intro page with @sadie's rewrite and my revisions 2023-01-28 05:03:09 +00:00
idk
fb150533bc update the about intro page 2023-01-28 04:53:40 +00:00
idk
18c83f465a fix easy-install hash 2023-01-26 17:45:05 +00:00
zzz
9500378ef7 new proposals 2023-01-24 08:16:17 -05:00
zzz
bf1c5c2748 grammar 2023-01-23 08:58:22 -05:00
lbt
194f65bdb3 Adding overview info to README as suggested in issue 2023-01-21 11:26:17 +01:00
idk
38ee4bef5c Clean my GPG key 2023-01-21 03:43:30 +00:00
zzz
1e33399af4 add note on outproxies 2023-01-19 09:21:15 -05:00
zzz
e795daa239 bittorrent: more info 2023-01-17 08:19:25 -05:00
zzz
76bcd2ad15 bittorrent: Add dev guidance section, mostly copied from SAM spec 2023-01-17 08:07:21 -05:00
idk
a1914b0f97 fix hall of fame link, closes #37 2023-01-15 23:10:46 +00:00
idk
46aa306710 Merge branch 'no-more-monotone-and-trac' into 'master' 
No more monotone and trac

See merge request i2p-hackers/i2p.www!22
 2023-01-15 19:05:20 +00:00
Little Big T
65ec4eeb91 No more monotone and trac 2023-01-15 19:05:20 +00:00
idk
da6a59e3d7 Merge branch 'there-is-no-target-bundle' into 'master' 
There is no target bundle for ant, instead it seems git-bundle is the one to use

See merge request i2p-hackers/i2p.www!21
 2023-01-14 16:18:44 +00:00
zzz
8afe26a895 Streaming: Clarify when ID may be 0 2023-01-13 19:10:50 -05:00
idk
d56f43a5d0 check in my key 2023-01-13 22:56:51 +00:00
idk
5bbeb4975f update bundle versions and indicate they are unsigned 2023-01-13 17:02:58 +00:00
idk
458c609c34 Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2023-01-13 07:49:30 +00:00
idk
5c0cba3c80 fix formatting in blog post 2023-01-13 07:48:44 +00:00
idk
aa7a019f15 add blog entry 2023-01-13 07:35:43 +00:00
zzz
8b557d2557 Move deprecated RI options to a separate list 2023-01-12 16:23:04 -05:00
zzz
929d984536 Update RI spec to better-specify statistics 
ref: http://zzz.i2p/topics/3515
 2023-01-12 16:12:11 -05:00
idk
742a99d0a4 add January 10 2023 meeting 2023-01-11 23:45:58 +00:00
idk
b63cf713f1 update the android versions 2023-01-11 23:42:14 +00:00
zzz
f713b0fba1 roadmap update 2023-01-11 17:05:11 -05:00
lbt
df53d22c04 There is no target bundle for ant, instead it seems git-bundle is the one to use 2023-01-11 18:57:29 +01:00
zzz
df23610400 Mac bundle further delayed 2023-01-11 07:05:01 -05:00
idk
2a60937a3d bump version 2023-01-10 21:51:25 +00:00
idk
77f6af7fd7 update hashes 2023-01-10 21:41:10 +00:00
idk
a8b8dd9986 undraft blog post 2023-01-10 21:38:36 +00:00
zzz
fd1e3197f1 2.1.0 checksums 2023-01-10 11:01:00 -05:00
zzz
628dc88834 SSU2: Add peer test results state machine 
ref: http://zzz.i2p/topics/3489
 2023-01-09 17:13:52 -05:00
idk
c6aeacf4c5 Merge branch 'trac-is-gone' into 'master' 
Trac is gone

See merge request i2p-hackers/i2p.www!20
 2023-01-08 23:46:32 +00:00
Little Big T
b5bfe3d212 Trac is gone 2023-01-08 23:46:31 +00:00
zzz
a68eb521d2 SAM updates 2023-01-08 11:09:32 -05:00
zzz
e4fe0e24e1 2.1.0 release draft 2023-01-06 08:14:35 -05:00
idk
5e5628abeb fix missing half-step from guide 1 2023-01-05 03:13:34 +00:00
idk
565936207e fix policy page title 2023-01-05 02:36:32 +00:00
idk
ff2482318c fix policy page title 2023-01-05 02:35:28 +00:00
idk
bfd5a73faa copy requirements from old to policy 2023-01-05 02:34:17 +00:00
idk
e236e86838 Merge branch 'master' of github.com:i2p/i2p.www 2023-01-05 02:25:12 +00:00
idk
270f6135c8 comment out unfinished reseed setup guides 2023-01-05 02:23:54 +00:00
idk
3d615c4590 update tags on reseed guide pages 2023-01-05 02:10:03 +00:00
idk
7854cb4935 update tags on reseed guide pages 2023-01-05 02:08:18 +00:00
idk
ea736ff862 overhaul of reseed docs 2023-01-05 01:53:35 +00:00
zzz
b456c3c8cc grammar 2023-01-04 19:48:00 -05:00
idk
5e3d53aa4b add docker page 2023-01-04 23:35:14 +00:00
idk
574a23bf5a split out policy section 2023-01-04 23:16:22 +00:00
idk
51a89c450a Debian reseed install instructions 2023-01-04 22:36:39 +00:00
idk
a4b141e5b1 start migrating over the reseed docs from my site 2023-01-04 22:11:31 +00:00
zzz
ab52b4b197 typo fix 2023-01-04 15:55:48 -05:00
zzz
a48879e014 Embedding update re: persistence 2023-01-03 16:08:23 -05:00
zzz
ba4fa23d5d SAM minor updates 2023-01-03 08:09:28 -05:00
zzz
fc9abe46b1 More embedding guide updates 2023-01-03 07:47:37 -05:00
zzz
878893a7c3 Embedding guide updates 2023-01-03 07:36:24 -05:00
zzz
8e42416434 Put i2cp.delayOpen in the right place alphabetically 2023-01-02 14:52:28 -05:00
zzz
5b71a5fe2e SAMv3 paragraph break 2023-01-02 13:20:16 -05:00
zzz
2d8fdf54cd i2ptunnel: Add missing info on the i2cp.delayOpen option, elaborate on the i2cp.newDestOnResume option 2023-01-02 12:44:50 -05:00
zzz
28a8bf6ca1 Incorporate proposal 161 recommendations into the SAMv3 and Common Structures specs 2023-01-02 12:31:51 -05:00
zzz
cebddd1edb Roadmap update 2023-01-02 11:17:56 -05:00
zzz
d3635464fa I2NP: Note SSU2 uses 9-byte header 2022-12-31 15:41:02 -05:00
zzz
47c0876ab3 SAM: Add general guidance section 
Emphasize that i2pd and Java i2p have different defaults
 2022-12-29 12:52:48 -05:00
zzz
f84202469c Add participating tunnels picture 2022-12-29 08:18:05 -05:00
zzz
5d75104397 Add tunnel build success picture 2022-12-26 16:38:35 -05:00
zzz
bf0565230a SSU2/NTCP2 and props. 160/161 minor updates 2022-12-19 06:18:18 -05:00
idk
8d423fa1fb change copy command on Debian download page, change note on Debian Downstreams only command on Debian download page 2022-12-18 16:18:57 +00:00
idk
9c5595b2ae Trim enter/exit events from IRC logs 2022-12-14 21:11:36 +00:00
idk
5b3ee6709d add meeting logs 2022-12-14 20:56:32 +00:00
idk
559761b72b add note about easy-install bundle to browser-content page 2022-12-09 19:21:41 +00:00
zzz
78e02ad1a1 SSU2 typo 2022-12-04 08:47:25 -05:00
zzz
81f07058d2 fix roadmap date 2022-11-30 15:08:42 -05:00
zzz
919bfedd3b bump roadmap date 2022-11-30 15:07:37 -05:00
zzz
e8798bbd59 Roadmap updates 2022-11-30 14:45:18 -05:00
idk
72f06a0657 move my roadmap items 2022-11-29 00:08:59 -05:00
zzz
66f721ccc1 config: Add outproxyType for SOCKS. 
Remove dup outproxyAuth entry
 2022-11-27 11:59:48 -05:00
idk
1370863c99 update android version and hash 2022-11-23 18:50:46 -05:00
idk
575651a3fe Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2022-11-23 14:40:45 -05:00
idk
d3a0c79314 check in fix on firefox.html page 2022-11-23 14:40:24 -05:00
zzz
cffc62b93d fix markdown 2022-11-23 13:04:48 -05:00
idk
01e7f33e58 Fix Windows bundle filename 2022-11-23 07:39:29 -05:00
idk
efef0afe50 update android hash 2022-11-23 07:23:49 -05:00
idk
4345320ecc Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2022-11-23 07:05:07 -05:00
idk
45c2992a37 Update Windows easy-install bundle 2022-11-23 07:04:08 -05:00
idk
170634f082 Write blog post for Easy-Install Windows and OSX 2022-11-23 06:51:56 -05:00
zzz
274405eff0 Remove specific JRE version from Windows bundle page 2022-11-22 08:30:08 -05:00
idk
610192690e undraft blog post 2022-11-21 18:07:01 -05:00
idk
355072ebc6 update main downloads and update hashes 2022-11-21 17:33:25 -05:00
zzz
0fdc7441de add checksums to release notes 
comment out signer info
add note about OSX bundle delayed
 2022-11-21 13:50:32 -05:00
zzz
72d3d34afe 2.0.0 release draft 2022-11-18 08:59:46 -05:00
idk
959fd0112d Merge branch 'debian-variants-questionable' into 'master' 
Work with more Debian and Ubuntu variants without altering instructions

See merge request i2p-hackers/i2p.www!19
 2022-11-13 22:19:08 +00:00
idk
24ee0900b6 Work with more Debian and Ubuntu variants without altering instructions 2022-11-13 22:19:08 +00:00
zzz
bbeadab0af SAM libs update 2022-11-13 09:14:51 -05:00
zzz
f64af2c0d9 Remove draft blog post from translation 2022-11-08 17:29:39 -05:00
zzz
0358745e87 Remove old draft SSU blog so it doesn't end up in translations 2022-11-08 17:27:37 -05:00
zzz
4e74efd07d Update translation source 2022-11-08 17:20:13 -05:00
zzz
05c9ef6353 Pull updated translations 2022-11-08 17:16:20 -05:00
idk
481cf5f09b add meeting notes 2022-11-08 15:36:47 -05:00
idk
8066aece90 reinstate Mac bundle downloads 2022-11-04 22:10:10 -04:00
idk
1921519c93 reinstate Mac bundle downloads 2022-11-04 22:09:55 -04:00
idk
cbcfc37819 add source repositories for profile manager 2022-11-04 22:03:45 -04:00
zzz
4f62315d1c Temporarily disable OSX bundle downloads 2022-11-03 11:05:03 -04:00
idk
389a54cd24 Merge branch 'master' of i2pgit.org:i2p-hackers/i2p.www 2022-10-27 12:53:27 -04:00
idk
df566a24ae remove erroneous reference to mikal from release-signing-key 2022-10-27 12:53:14 -04:00
zzz
aea6364f8f update bibtex URLs 2022-10-27 10:37:15 -04:00
idk
e654a01672 update hashes of Mac bundles 2022-10-26 13:45:04 -04:00
zzz
992de20108 bibtex fixes 2022-10-25 09:46:31 -04:00
zzz
fe7c3b9e1a Add traffic analysis paper 2022-10-25 08:59:00 -04:00
idk
83391c174f remove TLS fingerprints from safety post, add authors note explaining why 2022-10-17 11:50:28 -04:00
idk
e0de2cd6f8 update sha256 fingerprint for forum inside i2p-safety-reminder blog post 2022-10-16 12:37:24 -04:00
zzz
ba74d33ba5 SSU2: Add note about relaying to charlie when he is behind a symmetric NAT 2022-10-16 12:18:08 -04:00
zzz
a9adb61d4d SSU2: Spec minor edits 2022-10-12 13:21:54 -04:00
zzz
10566c6271 SSU2: Copy most of prop. 159 to the spec page 2022-10-12 12:41:34 -04:00
zzz
9026f6dc2f Clarify accept header processing 2022-10-12 09:53:57 -04:00
zzz
9305ac0ff0 Final edits and undraft SSU2 blog post 2022-10-11 12:56:46 -04:00
zzz
a61b9c359a SAMv3: Add note about session IDs 
add link to bitcoin code
 2022-10-10 11:26:32 -04:00
idk
d63908d91f Add robin/Py2P to SAMv3 libs page 2022-10-07 11:08:51 -04:00
Zlatin Balevsky
662095f2c8 remove beta label from mac arm64 2022-10-06 14:17:01 +01:00
idk
24db6b6966 fix flipped meeting logs 2022-10-04 18:58:07 -04:00
idk
f3c340c04b update meeting logs 2022-10-04 18:49:53 -04:00
idk
86da2d9391 update meeting logs 2022-10-04 18:49:44 -04:00
idk
1a921e1804 update meeting logs 2022-10-04 18:01:45 -04:00
idk
5c6e0411b0 just remove redundant link from installer page and direct to installer below the message on the screen, so we don't have to call the link generation stuff twice in the same page 2022-09-30 23:40:05 -04:00
idk
99e6b20ec8 fix erroneous link on the Easy-Install page 2022-09-30 23:31:14 -04:00
idk
39efd98ea2 update line breaks and translation tags 2022-09-28 20:45:48 -04:00
zzz
cb01e85a39 New proposal 161 2022-09-28 11:22:35 -04:00
zzz
feac384bb5 roadmap update 2022-09-28 10:49:53 -04:00
zzz
25afe46878 more SSU2 draft updates 2022-09-28 10:48:42 -04:00
zzz
b7de83c891 Blog README update 2022-09-28 10:48:17 -04:00
idk
ded33b8c44 undraft divaexchange blog, fix fingerprint on i2pgit.org after adding a hostname to the certificate 2022-09-28 01:15:00 -04:00
idk
721c61b497 add DivaExchange MYM draft 2022-09-26 20:17:12 -04:00
idk
087993ed64 don't forget github 2022-09-26 15:47:22 -04:00
idk
14e4137e45 clarify language on bots for i2p-safety-reminder 2022-09-26 15:35:06 -04:00
idk
325a8f2b73 un-draft safety blog post 2022-09-26 15:29:14 -04:00
626 changed files with 127300 additions and 79809 deletions
Expand all files Collapse all files

82
.tx/config
View File

@ -1,60 +1,60 @@
[main]
host = https://www.transifex.com
host = https://www.transifex.com
lang_map = ru_RU: ru, sv_SE: sv, tr_TR: tr, uk_UA: uk, zh_CN: zh
[I2P.website_about]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/about.po
source_file = pots/about.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_about]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/about.po
source_file = pots/about.pot
source_lang = en
type = PO
minimum_perc = 3
[I2P.website_blog]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/blog.po
source_file = pots/blog.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_blog]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/blog.po
source_file = pots/blog.pot
source_lang = en
type = PO
minimum_perc = 2
[I2P.website_comparison]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/comparison.po
source_file = pots/comparison.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_comparison]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/comparison.po
source_file = pots/comparison.pot
source_lang = en
type = PO
minimum_perc = 10
[I2P.website_docs]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/docs.po
source_file = pots/docs.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_docs]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/docs.po
source_file = pots/docs.pot
source_lang = en
type = PO
minimum_perc = 3
[I2P.website_get-involved]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/get-involved.po
source_file = pots/get-involved.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_get-involved]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/get-involved.po
source_file = pots/get-involved.pot
source_lang = en
type = PO
minimum_perc = 3
[I2P.website_misc]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/misc.po
source_file = pots/misc.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_misc]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/misc.po
source_file = pots/misc.pot
source_lang = en
type = PO
minimum_perc = 10
[I2P.website_priority]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/priority.po
source_file = pots/priority.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_priority]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/priority.po
source_file = pots/priority.pot
source_lang = en
type = PO
minimum_perc = 10
[I2P.website_research]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/research.po
source_file = pots/research.pot
source_lang = en
type = PO
[o:otf:p:I2P:r:website_research]
file_filter = i2p2www/translations/<lang>/LC_MESSAGES/research.po
source_file = pots/research.pot
source_lang = en
type = PO
minimum_perc = 10

13
Dockerfile
View File

@ -1,16 +1,19 @@
FROM debian:buster
FROM debian:oldoldstable
ENV SERVERNAME=geti2p.net
ENV SERVERMAIL=example@geti2p.net
ADD . /var/www/i2p.www
WORKDIR /var/www/i2p.www
## Install the dependencies
#RUN #grep -v security.debian /etc/apt/sources.list > /etc/apt/sources.list.bak && \
#grep -v stretch-updates /etc/apt/sources.list.bak > /etc/apt/sources.list && \
RUN apt-get update && \
apt-get -y install apache2 apache2-utils libapache2-mod-wsgi python2-dev python-pip patch python-virtualenv git python-polib && \
apt-get -y install apache2 apache2-utils libapache2-mod-wsgi python2-dev python-pip patch python-virtualenv git python-polib
ADD . /var/www/i2p.www
## Start setting up the site
rm -rfv env && \
RUN rm -rfv env && \
virtualenv --distribute env && \
. env/bin/activate && \
pip install -r etc/reqs.txt && \

49
README.md
View File

@ -1,8 +1,43 @@
# Introduction
This web-server for running the i2p-website is a collection of scripts (aka **The Python Scripts**) and content-files to:
* manage updates (based on git),
* manage translations (generating translation files before the web-server is run),
* manage tags (generating tag files before the web-server is run),
* run a web-server creating/delivering pages on-demand (using WSGI)
This is not a static web-site generator. To see the pages you will need to setup your system for the python and shell-scripts and run the web-server contained as described. Due to heavy use of tags even content changes quickly will require a *build environment* to check your changes (towards breaking the build process). Translations can be done using solely a web-site and then do not require any of this (others will integrate all changes from the web-site using these scripts).
The authors are the I2P team. For details about licensing see [LICENSE.txt](/LICENSE.txt).
# Requirements Overview
If you don't want to deal with the requirements/software, you can use a docker config (see [Dockerfile](/Dockerfile)) which will set these up automatically. Otherwise you will need to satisfy the following requirements (that Dockerfile contains the commands for Debian btw.):
* git
* python2
* pip
* virtualenv
* apache (using WSGI to call the scripts)
* ctags? (was mentioned to be needed as both, system package + python package, but it seems only the python package is being installed?)
* transifex-client? (There is a transifex-client in Debian which might be needed for the translation steps described below?)
**Note** that the scripts will install additional software packages (see /etc/reqs.txt) from outside your distribution (into the virtual environment if using docker) using pip and then do some custom patching (meaning pinned versions?).
**Note** also that the manual way described in the following suggests to use proxychains with Tor to avoid Clearnet traffic, while the Docker version seems to use Clearnet for that.
# I2P website
To run locally (for testing purposes):
- Install proxychains, configure it for Tor
- Install virtualenv and Python 2.7
- (Optional) Install proxychains, configure it for Tor
- Pull in the dependencies:
@ -21,9 +56,13 @@ To run locally (for testing purposes):
- Start the webserver:
```
$ source env/bin/activate # activates virtualenv
$ ./runserver.py
$ deactivate # ..s virtualenv
```
(if the shell in use is not bash, you can append its name to the activator if supported: `...ivate.fish`)
- Open the site at http://localhost:5000/
## Running a mirror
@ -45,7 +84,7 @@ If you want to mirror the I2P website, thanks! Here is a checklist:
## Running a mirror with Docker
It's possible to set up a mirror using apache2 inside of a Docker container.
It is intended to provide a HTTP server, to use HTTPS, using a reverse proxy
It is intended to provide a HTTP-only server. To use HTTPS, using a reverse proxy
is the easiest way. You should not need to make any modifications to the
service running inside the container, but you may make the same modifications
to the containerized mirror that you would to a normal mirror by changing your
@ -57,7 +96,7 @@ settings.
- When you have your mirror configured, add `site-updater-docker.sh` to your crontab
to keep the site up-to-date.
## Configuration
# Configuration and Translations
Configuration files for the various scripts are in `etc/`. Environment variables
in `etc/translation.vars` can be overridden by creating the file
@ -68,7 +107,7 @@ in `etc/translation.vars` can be overridden by creating the file
1. Pull new and updated translations from Transifex:
```
$ tx pull -a
$ tx pull --use-git-timestamps -a
```
2. Correctly format the translations:
@ -126,7 +165,7 @@ in `etc/translation.vars` can be overridden by creating the file
3. Push pots file changes to Transifex:
```
$ tx push -s
$ tx push --use-git-timestamps -s
```
## Updating spec tags:

61
docker-run-dev.sh
View File

@ -1,5 +1,56 @@
#! /usr/bin/env sh
virtualenv --distribute env
. env/bin/activate
#./setup_venv.sh
DEV=on ./runserver.py
#! /usr/bin/env bash
## Set additional docker run arguments by changing the variable
## i2p_www_docker_run_args in an optional file called config.sh
## for example
##
##i2p_www_docker_run_args='-d'
## to run the site in the background, or
##
##i2p_www_docker_run_args='-t'
## to emulate a TTY
## To operate a quick and easy mirror of the I2P Site in a container
## simply clone the i2p.www source to a host with Docker installed, then
## add:
##
##i2p_www_docker_run_args='-d'
## to config.sh
##
## Then add:
##
##*/10 * * * * /path/to/i2p.www/site-updater-docker.sh
##
## to a crontab belonging to a member of the `docker` group. To add yourself
## to the `docker` group use the command:
##
##sudo adduser $(whoami) docker
##
## a more secure solution may be to create a user especially to run the
## docker crontab only, who is a member of the docker group. To do this,
##
##sudo adduser --disabled-password --disabled-login --ingroup docker docker
## however the specifics may vary from distribution to distribution.
dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
if [ -f "${dir}/config.sh" ]; then
. "${dir}/config.sh"
fi
if [ -z $port ]; then
port="8090"
fi
if [ -z $i2p_www_branch ]; then
i2p_www_branch=master
fi
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" || exit
cd "$DIR" || exit
git pull origin $i2p_www_branch
docker build $i2p_www_docker_build_args -t mirror.i2p.www$suffix .
docker rm -f mirror.i2p.www$suffix
docker run -it $i2p_www_docker_run_args --env DEV:on --name mirror.i2p.www$suffix --net=host --volume $(pwd)/env:/env mirror.i2p.www$suffix ./runserver.py
docker logs -f mirror.i2p.www$suffix

7
etc/project.vars
View File

@ -1,2 +1,7 @@
export venv_dir="env"
export venv="`which virtualenv-2.7 || which virtualenv`"
export spec=""
export venv="/usr/bin/virtualenv"
#if [ x"$venv" = x ]; then
# export venv="`which virtualenv`"
# export spec="-p 2.7"
#fi

20
etc/reqs.txt
View File

@ -1,11 +1,13 @@
pytz>=2012
Flask==1.0.2
Babel==1.3
Flask-Babel==0.9
Flask-Caching==1.4.0
Jinja2==2.10
Pygments==1.6
python-ctags
docutils==0.11
Flask==3.0.0
Babel==2.13.1
Flask-Babel==4.0.0
Flask-Caching==2.1.0
Jinja2==3.1.2
Pygments>=1.6
python-ctags3
docutils==0.20.1
gunicorn==0.17.2
werkzeug==0.16.1
werkzeug>=0.16.1
markupsafe>=2.0.1
six

19
i2p2www/__init__.py
View File

@ -1,5 +1,7 @@
# -*- coding: utf-8 -*-
from flask import Flask, request, g, redirect, url_for, abort, render_template, send_from_directory, safe_join
from __future__ import absolute_import
from flask import Flask, request, g, redirect, url_for, abort, render_template, send_from_directory
from werkzeug.utils import safe_join
try:
from flaskext.babel import Babel
except ImportError:
@ -22,8 +24,8 @@ except ImportError:
###########
# Constants
CURRENT_I2P_VERSION = '1.9.0'
CURRENT_I2P_FIREFOX_PROFILE_VERSION = '1.9.5'
CURRENT_I2P_VERSION = '2.3.0'
CURRENT_I2P_FIREFOX_PROFILE_VERSION = '2.3.0'
CURRENT_I2P_OSX_VERSION = '1.9.0'
CANONICAL_DOMAIN = 'geti2p.net'
@ -140,7 +142,7 @@ cache = Cache(app, config=CACHE_CONFIG)
#################
# Babel selectors
@babel.localeselector
#@babel.localeselector
def get_locale():
# If viewing specs, require English
if request.path.startswith('/spec'):
@ -152,7 +154,7 @@ def get_locale():
# header the browser transmits. The best match wins.
return request.accept_languages.best_match(SUPPORTED_LANGS)
@babel.domainselector
#@babel.domainselector
def get_domains():
domains = []
frags = request.path.split('/', 2)
@ -167,6 +169,7 @@ def get_domains():
domains.append(DEFAULT_GETTEXT_DOMAIN)
return domains
babel.init_app(app, locale_selector=get_locale, default_domain=get_domains)
##########################
# Hooks - helper functions
@ -213,7 +216,7 @@ def detect_theme():
theme = 'duck'
if 'style' in request.cookies:
theme = request.cookies['style']
if 'theme' in request.args.keys():
if 'theme' in list(request.args.keys()):
theme = request.args['theme']
# TEMPORARY: enable external themes
# TODO: Remove this (and the corresponding lines in global/layout.html
@ -263,5 +266,5 @@ def server_error(error):
return render_template('global/error_500.html'), 500
# Import these to ensure they get loaded
import templatevars
import urls
from . import templatevars
from . import urls

99
i2p2www/anonbib/BibTeX.py
View File

@ -6,14 +6,19 @@
Based on perl code by Eddie Kohler; heavily modified.
"""
from __future__ import absolute_import
from __future__ import print_function
import cStringIO
import re
import sys
import os
import config
from . import config
import rank
from . import rank
from six.moves import map
from six.moves import range
from six.moves import zip
__all__ = [ 'ParseError', 'BibTeX', 'BibTeXEntry', 'htmlize',
'ParsedAuthor', 'FileIter', 'Parser', 'parseFile',
@ -66,7 +71,7 @@ class BibTeX:
"""Add a BibTeX entry to this file."""
k = ent.key
if self.byKey.get(ent.key.lower()):
print >> sys.stderr, "Already have an entry named %s"%k
print("Already have an entry named %s"%k, file=sys.stderr)
return
self.entries.append(ent)
self.byKey[ent.key.lower()] = ent
@ -79,7 +84,7 @@ class BibTeX:
try:
cr = self.byKey[ent['crossref'].lower()]
except KeyError:
print "No such crossref: %s"% ent['crossref']
print("No such crossref: %s"% ent['crossref'])
break
if seen.get(cr.key):
raise ParseError("Circular crossref at %s" % ent.key)
@ -87,12 +92,12 @@ class BibTeX:
del ent.entries['crossref']
if cr.entryLine < ent.entryLine:
print "Warning: crossref %s used after declaration"%cr.key
print("Warning: crossref %s used after declaration"%cr.key)
for k in cr.entries.keys():
if ent.entries.has_key(k):
print "ERROR: %s defined both in %s and in %s"%(
k,ent.key,cr.key)
if k in ent.entries:
print("ERROR: %s defined both in %s and in %s"%(
k,ent.key,cr.key))
else:
ent.entries[k] = cr.entries[k]
@ -105,7 +110,7 @@ class BibTeX:
rk = "title"
for ent in self.entries:
if ent.type in config.OMIT_ENTRIES or not ent.has_key(rk):
if ent.type in config.OMIT_ENTRIES or rk not in ent:
ent.check()
del self.byKey[ent.key.lower()]
else:
@ -130,7 +135,7 @@ def buildAuthorTable(entries):
for e in entries:
for author in e.parsedAuthor:
if result.has_key(author):
if author in result:
continue
c = author
@ -143,14 +148,14 @@ def buildAuthorTable(entries):
if 0:
for a,c in result.items():
if a != c:
print "Collapsing authors: %s => %s" % (a,c)
print("Collapsing authors: %s => %s" % (a,c))
if 0:
print parseAuthor("Franz Kaashoek")[0].collapsesTo(
parseAuthor("M. Franz Kaashoek")[0])
print parseAuthor("Paul F. Syverson")[0].collapsesTo(
parseAuthor("Paul Syverson")[0])
print parseAuthor("Paul Syverson")[0].collapsesTo(
parseAuthor("Paul F. Syverson")[0])
print(parseAuthor("Franz Kaashoek")[0].collapsesTo(
parseAuthor("M. Franz Kaashoek")[0]))
print(parseAuthor("Paul F. Syverson")[0].collapsesTo(
parseAuthor("Paul Syverson")[0]))
print(parseAuthor("Paul Syverson")[0].collapsesTo(
parseAuthor("Paul F. Syverson")[0]))
return result
@ -221,7 +226,7 @@ def splitEntriesByAuthor(entries):
htmlResult[sortkey] = secname
result.setdefault(sortkey, []).append(ent)
sortnames = result.keys()
sortnames = list(result.keys())
sortnames.sort()
sections = [ (htmlResult[n], result[n]) for n in sortnames ]
return sections, url_map
@ -255,13 +260,13 @@ def sortEntriesByDate(entries):
monthname = match.group(1)
mon = MONTHS.index(monthname)
except ValueError:
print "Unknown month %r in %s"%(ent.get("month"), ent.key)
print("Unknown month %r in %s"%(ent.get("month"), ent.key))
mon = 0
try:
date = int(ent['year'])*13 + mon
except KeyError:
print "ERROR: No year field in %s"%ent.key
print("ERROR: No year field in %s"%ent.key)
date = 10000*13
except ValueError:
date = 10000*13
@ -286,7 +291,7 @@ class BibTeXEntry:
def get(self, k, v=None):
return self.entries.get(k,v)
def has_key(self, k):
return self.entries.has_key(k)
return k in self.entries
def __getitem__(self, k):
return self.entries[k]
def __setitem__(self, k, v):
@ -318,7 +323,7 @@ class BibTeXEntry:
else:
df = DISPLAYED_FIELDS
for f in df:
if not self.entries.has_key(f):
if f not in self.entries:
continue
v = self.entries[f]
if v.startswith("<span class='bad'>"):
@ -330,7 +335,7 @@ class BibTeXEntry:
d.append("%%%%% "+("ERROR: Non-ASCII characters: '%r'\n"%np))
d.append(" ")
v = v.replace("&", "&amp;")
if invStrings.has_key(v):
if v in invStrings:
s = "%s = %s,\n" %(f, invStrings[v])
else:
s = "%s = {%s},\n" % (f, v)
@ -359,7 +364,7 @@ class BibTeXEntry:
none."""
errs = self._check()
for e in errs:
print e
print(e)
return not errs
def _check(self):
@ -396,7 +401,7 @@ class BibTeXEntry:
not self['booktitle'].startswith("{Proceedings of"):
errs.append("ERROR: %s's booktitle (%r) doesn't start with 'Proceedings of'" % (self.key, self['booktitle']))
if self.has_key("pages") and not re.search(r'\d+--\d+', self['pages']):
if "pages" in self and not re.search(r'\d+--\d+', self['pages']):
errs.append("ERROR: Misformed pages in %s"%self.key)
if self.type == 'proceedings':
@ -551,8 +556,8 @@ class BibTeXEntry:
cache_section = self.get('www_cache_section', ".")
if cache_section not in config.CACHE_SECTIONS:
if cache_section != ".":
print >>sys.stderr, "Unrecognized cache section %s"%(
cache_section)
print("Unrecognized cache section %s"%(
cache_section), file=sys.stderr)
cache_section="."
for key, name, ext in (('www_abstract_url', 'abstract','abstract'),
@ -766,13 +771,13 @@ class ParsedAuthor:
short = o.first; long = self.first
initials_s = "".join([n[0] for n in short])
initials_l = "".join([n[0] for n in long])
initials_l = "".join([n[0] for n in int])
idx = initials_l.find(initials_s)
if idx < 0:
return self
n = long[:idx]
n = int[:idx]
for i in range(idx, idx+len(short)):
a = long[i]; b = short[i-idx]
a = int[i]; b = short[i-idx]
if a == b:
n.append(a)
elif len(a) == 2 and a[1] == '.' and a[0] == b[0]:
@ -781,7 +786,7 @@ class ParsedAuthor:
n.append(a)
else:
return self
n += long[idx+len(short):]
n += int[idx+len(short):]
if n == self.first:
return self
@ -842,7 +847,7 @@ def _split(s,w=79,indent=8):
first = 1
indentation = ""
while len(s) > w:
for i in xrange(w-1, 20, -1):
for i in range(w-1, 20, -1):
if s[i] == ' ':
r.append(indentation+s[:i])
s = s[i+1:]
@ -866,7 +871,7 @@ class FileIter:
if string:
file = cStringIO.StringIO(string)
if file:
it = iter(file.xreadlines())
it = iter(file)
self.iter = it
assert self.iter
self.lineno = 0
@ -880,7 +885,7 @@ def parseAuthor(s):
try:
return _parseAuthor(s)
except:
print >>sys.stderr, "Internal error while parsing author %r"%s
print("Internal error while parsing author %r"%s, file=sys.stderr)
raise
def _parseAuthor(s):
@ -891,7 +896,7 @@ def _parseAuthor(s):
while s:
s = s.strip()
bracelevel = 0
for i in xrange(len(s)):
for i in range(len(s)):
if s[i] == '{':
bracelevel += 1
elif s[i] == '}':
@ -947,8 +952,8 @@ def _parseAuthor(s):
return parsedAuthors
ALLCHARS = "".join(map(chr,range(256)))
PRINTINGCHARS = "\t\n\r"+"".join(map(chr,range(32, 127)))
ALLCHARS = "".join(map(chr,list(range(256))))
PRINTINGCHARS = "\t\n\r"+"".join(map(chr,list(range(32, 127))))
LC_CHARS = "abcdefghijklmnopqrstuvwxyz"
SV_DELCHARS = ("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
@ -1049,7 +1054,7 @@ class Parser:
continue
data.append(line)
data.append(" ")
line = it.next()
line = next(it)
self.litStringLine = 0
elif line[0] == '{':
bracelevel += 1
@ -1076,13 +1081,13 @@ class Parser:
#print bracelevel, "C", repr(line)
data.append(line)
data.append(" ")
line = it.next()
line = next(it)
elif line[0] == '#':
print >>sys.stderr, "Weird concat on line %s"%it.lineno
print("Weird concat on line %s"%it.lineno, file=sys.stderr)
elif line[0] in "},":
if not data:
print >>sys.stderr, "No data after field on line %s"%(
it.lineno)
print("No data after field on line %s"%(
it.lineno), file=sys.stderr)
else:
m = RAW_DATA_RE.match(line)
if m:
@ -1170,7 +1175,7 @@ class Parser:
else:
key = v[0]
d = {}
for i in xrange(1,len(v),2):
for i in range(1,len(v),2):
d[v[i].lower()] = v[i+1]
ent = BibTeXEntry(self.curEntType, key, d)
ent.entryLine = self.entryLine
@ -1197,11 +1202,11 @@ class Parser:
def _parse(self):
it = self.fileiter
line = it.next()
line = next(it)
while 1:
# Skip blank lines.
while not line or line.isspace() or OUTER_COMMENT_RE.match(line):
line = it.next()
line = next(it)
# Get the first line of an entry.
m = ENTRY_BEGIN_RE.match(line)
if m:
@ -1215,7 +1220,7 @@ class Parser:
def _advance(it,line):
while not line or line.isspace() or COMMENT_RE.match(line):
line = it.next()
line = next(it)
return line
# Matches a comment line outside of an entry.
@ -1265,5 +1270,5 @@ if __name__ == '__main__':
for e in r.entries:
if e.type in ("proceedings", "journal"): continue
print e.to_html()
print(e.to_html())

3
i2p2www/anonbib/config.py
View File

@ -1,5 +1,6 @@
# Copyright 2003-2006, Nick Mathewson. See LICENSE for licensing info.
from __future__ import absolute_import
import re
_KEYS = [ "ALL_TAGS",
@ -19,7 +20,7 @@ del _k
def load(cfgFile):
mod = {}
execfile(cfgFile, mod)
exec(compile(open(cfgFile, "rb").read(), cfgFile, 'exec'), mod)
for _k in _KEYS:
try:
globals()[_k]=mod[_k]

7
i2p2www/anonbib/metaphone.py
View File

@ -8,6 +8,9 @@
Based on the original C++ metaphone implementation.)
"""
from __future__ import print_function
from six.moves import map
from six.moves import range
TRIPLES = {
'dge': 'j',
@ -45,7 +48,7 @@ SINGLETONS = {
'z': 's',
}
ALLCHARS = "".join(map(chr, range(256)))
ALLCHARS = "".join(map(chr, list(range(256))))
NONLCCHARS = "".join([c for c in ALLCHARS if not c.islower()])
def metaphone(s):
"""Return the metaphone equivalent of a provided string"""
@ -182,7 +185,7 @@ def metaphone(s):
return "".join(result)
def demo(a):
print a, "=>", metaphone(a)
print(a, "=>", metaphone(a))
if __name__ == '__main__':
demo("Nick. Mathewson")

40
i2p2www/anonbib/rank.py
View File

@ -4,10 +4,12 @@
# http://scholar.google.com/scholar?as_epq=
# Take care of the caching setup
from __future__ import absolute_import
from __future__ import print_function
cache_expire = 60*60*24*30 # 30 days
# Checks
import config
from . import config
import os
import sys
from os.path import exists, isdir, join, getmtime
@ -32,8 +34,8 @@ def cache_folder():
return r
import re
from urllib2 import urlopen, build_opener
from urllib import quote
from six.moves.urllib.request import urlopen, build_opener
from six.moves.urllib.parse import quote
from datetime import date
import hashlib
@ -64,21 +66,21 @@ def getPageForTitle(title, cache=True, update=True, save=True):
# Access cache or network
if exists(join(cache_folder(), md5h(url))) and cache:
return url, file(join(cache_folder(), md5h(url)),'r').read()
return url, open(join(cache_folder(), md5h(url)),'r').read()
elif update:
print "Downloading rank for %r."%title
print("Downloading rank for %r."%title)
# Make a custom user agent (so that we are not filtered by Google)!
opener = build_opener()
opener.addheaders = [('User-agent', 'Anon.Bib.0.1')]
print "connecting..."
print("connecting...")
connection = opener.open(url)
print "reading"
print("reading")
page = connection.read()
print "done"
print("done")
if save:
file(join(cache_folder(), md5h(url)),'w').write(page)
open(join(cache_folder(), md5h(url)),'w').write(page)
return url, page
else:
return url, None
@ -140,20 +142,20 @@ def get_rank_html(title, years=None, base_url=".", update=True,
def TestScholarFormat():
# We need to ensure that Google Scholar does not change its page format under our feet
# Use some cases to check if all is good
print "Checking google scholar formats..."
print("Checking google scholar formats...")
stopAndGoCites = getCite("Stop-and-Go MIXes: Providing Probabilistic Anonymity in an Open System", False)[0]
dragonCites = getCite("Mixes protected by Dragons and Pixies: an empirical study", False, save=False)[0]
if stopAndGoCites in (0, None):
print """OOPS.\n
print("""OOPS.\n
It looks like Google Scholar changed their URL format or their output format.
I went to count the cites for the Stop-and-Go MIXes paper, and got nothing."""
I went to count the cites for the Stop-and-Go MIXes paper, and got nothing.""")
sys.exit(1)
if dragonCites != None:
print """OOPS.\n
print("""OOPS.\n
It looks like Google Scholar changed their URL format or their output format.
I went to count the cites for a fictitious paper, and found some."""
I went to count the cites for a fictitious paper, and found some.""")
sys.exit(1)
def urlIsUseless(u):
@ -170,7 +172,7 @@ URLTYPES=[ "pdf", "ps", "txt", "ps_gz", "html" ]
if __name__ == '__main__':
# First download the bibliography file.
import BibTeX
from . import BibTeX
suggest = False
if sys.argv[1] == 'suggest':
suggest = True
@ -182,7 +184,7 @@ if __name__ == '__main__':
bib = BibTeX.parseFile(config.MASTER_BIB)
remove_old()
print "Downloading missing ranks."
print("Downloading missing ranks.")
for ent in bib.entries:
getCite(ent['title'], cache=True, update=True)
@ -190,13 +192,13 @@ if __name__ == '__main__':
for ent in bib.entries:
haveOne = False
for utype in URLTYPES:
if ent.has_key("www_%s_url"%utype):
if "www_%s_url"%utype in ent:
haveOne = True
break
if haveOne:
continue
print ent.key, "has no URLs given."
print(ent.key, "has no URLs given.")
urls = [ u for u in getPaperURLs(ent['title']) if not urlIsUseless(u) ]
for u in urls:
print "\t", u
print("\t", u)

59
i2p2www/anonbib/reconcile.py
View File

@ -8,14 +8,17 @@
cleaned up a little, and all the duplicate entries commented out.
"""
from __future__ import absolute_import
from __future__ import print_function
import sys
import re
from six.moves import zip
assert sys.version_info[:3] >= (2,2,0)
import BibTeX
import config
import metaphone
from . import BibTeX
from . import config
from . import metaphone
_MPCACHE = {}
def soundsLike(s1, s2):
@ -168,16 +171,16 @@ class MasterBibTeX(BibTeX.BibTeX):
matches = m2
if not matches:
print "No match for %s"%e.key
print("No match for %s"%e.key)
if matches[-1][1] is e:
print "%s matches for %s: OK."%(len(matches), e.key)
print("%s matches for %s: OK."%(len(matches), e.key))
else:
print "%s matches for %s: %s is best!" %(len(matches), e.key,
matches[-1][1].key)
print("%s matches for %s: %s is best!" %(len(matches), e.key,
matches[-1][1].key))
if len(matches) > 1:
for g, m in matches:
print "%%%% goodness", g
print m
print("%%%% goodness", g)
print(m)
def noteToURL(note):
@ -202,7 +205,7 @@ def emit(f,ent):
global all_ok
errs = ent._check()
if master.byKey.has_key(ent.key.strip().lower()):
if ent.key.strip().lower() in master.byKey:
errs.append("ERROR: Key collision with master file")
if errs:
@ -232,61 +235,61 @@ def emit(f,ent):
if errs:
all_ok = 0
for e in errs:
print >>f, "%%%%", e
print("%%%%", e, file=f)
print >>f, ent.format(77, 4, v=1, invStrings=invStrings)
print(ent.format(77, 4, v=1, invStrings=invStrings), file=f)
def emitKnown(f, ent, matches):
print >>f, "%% Candidates are:", ", ".join([e.key for g,e in matches])
print >>f, "%%"
print >>f, "%"+(ent.format(77,4,1,invStrings).replace("\n", "\n%"))
print("%% Candidates are:", ", ".join([e.key for g,e in matches]), file=f)
print("%%", file=f)
print("%"+(ent.format(77,4,1,invStrings).replace("\n", "\n%")), file=f)
if __name__ == '__main__':
if len(sys.argv) != 3:
print "reconcile.py expects 2 arguments"
print("reconcile.py expects 2 arguments")
sys.exit(1)
config.load(sys.argv[1])
print "========= Scanning master =========="
print("========= Scanning master ==========")
master = MasterBibTeX()
master = BibTeX.parseFile(config.MASTER_BIB, result=master)
master.buildIndex()
print "========= Scanning new file ========"
print("========= Scanning new file ========")
try:
fn = sys.argv[2]
input = BibTeX.parseFile(fn)
except BibTeX.ParseError, e:
print "Error parsing %s: %s"%(fn,e)
except BibTeX.ParseError as e:
print("Error parsing %s: %s"%(fn,e))
sys.exit(1)
f = open('tmp.bib', 'w')
keys = input.newStrings.keys()
keys = list(input.newStrings.keys())
keys.sort()
for k in keys:
v = input.newStrings[k]
print >>f, "@string{%s = {%s}}"%(k,v)
print("@string{%s = {%s}}"%(k,v), file=f)
invStrings = input.invStrings
for e in input.entries:
if not (e.get('title') and e.get('author')):
print >>f, "%%\n%%%% Not enough information to search for a match: need title and author.\n%%"
print("%%\n%%%% Not enough information to search for a match: need title and author.\n%%", file=f)
emit(f, e)
continue
matches = master.includes(e, all=1)
if not matches:
print >>f, "%%\n%%%% This entry is probably new: No match found.\n%%"
print("%%\n%%%% This entry is probably new: No match found.\n%%", file=f)
emit(f, e)
else:
print >>f, "%%"
print >>f, "%%%% Possible match found for this entry; max goodness",\
matches[-1][0], "\n%%"
print("%%", file=f)
print("%%%% Possible match found for this entry; max goodness",\
matches[-1][0], "\n%%", file=f)
emitKnown(f, e, matches)
if not all_ok:
print >>f, "\n\n\nErrors remain; not finished.\n"
print("\n\n\nErrors remain; not finished.\n", file=f)
f.close()

5
i2p2www/anonbib/tests.py
View File

@ -3,8 +3,9 @@
"""Unit tests for anonbib."""
import BibTeX
import metaphone
from __future__ import absolute_import
from . import BibTeX
from . import metaphone
#import reconcile
#import writeHTML
#import updateCache

48
i2p2www/anonbib/updateCache.py
View File

@ -4,19 +4,21 @@
"""Download files in bibliography into a local cache.
"""
from __future__ import absolute_import
from __future__ import print_function
import os
import sys
import signal
import time
import gzip
import BibTeX
import config
import urllib2
from . import BibTeX
from . import config
import six.moves.urllib.request, six.moves.urllib.error, six.moves.urllib.parse
import getopt
import socket
import errno
import httplib
import six.moves.http_client
FILE_TYPES = [ "txt", "html", "pdf", "ps", "ps.gz", "abstract" ]
BIN_FILE_TYPES = [ 'pdf', 'ps.gz' ]
@ -53,12 +55,12 @@ def downloadFile(key, ftype, section, url,timeout=None):
signal.alarm(timeout)
try:
try:
infile = urllib2.urlopen(url)
except httplib.InvalidURL, e:
infile = six.moves.urllib.request.urlopen(url)
except six.moves.http_client.InvalidURL as e:
raise UIError("Invalid URL %s: %s"%(url,e))
except IOError, e:
except IOError as e:
raise UIError("Cannot connect to url %s: %s"%(url,e))
except socket.error, e:
except socket.error as e:
if getattr(e,"errno",-1) == errno.EINTR:
raise UIError("Connection timed out to url %s"%url)
else:
@ -80,9 +82,9 @@ def downloadFile(key, ftype, section, url,timeout=None):
outfile.close()
urlfile = open(fnameURL, 'w')
print >>urlfile, time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
print(time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()), file=urlfile)
if "\n" in url: url = url.replace("\n", " ")
print >>urlfile, url
print(url, file=urlfile)
urlfile.close()
os.rename(fnameTmp, fname)
@ -105,7 +107,7 @@ def getCachedURL(key, ftype, section):
lines = f.readlines()
f.close()
if len(lines) != 2:
print >>sys.stderr, "ERROR: unexpected number of lines in", urlFname
print("ERROR: unexpected number of lines in", urlFname, file=sys.stderr)
return lines[1].strip()
def downloadAll(bibtex, missingOnly=0):
@ -119,29 +121,29 @@ def downloadAll(bibtex, missingOnly=0):
if missingOnly:
cachedURL = getCachedURL(key, ftype, section)
if cachedURL == url:
print >>sys.stderr,"Skipping",url
print("Skipping",url, file=sys.stderr)
continue
elif cachedURL is not None:
print >>sys.stderr,"URL for %s.%s has changed"%(key,ftype)
print("URL for %s.%s has changed"%(key,ftype), file=sys.stderr)
else:
print >>sys.stderr,"I have no copy of %s.%s"%(key,ftype)
print("I have no copy of %s.%s"%(key,ftype), file=sys.stderr)
try:
downloadFile(key, ftype, section, url)
print "Downloaded",url
except UIError, e:
print >>sys.stderr, str(e)
print("Downloaded",url)
except UIError as e:
print(str(e), file=sys.stderr)
errors.append((key,ftype,url,str(e)))
except (IOError, socket.error), e:
except (IOError, socket.error) as e:
msg = "Error downloading %s: %s"%(url,str(e))
print >>sys.stderr, msg
print(msg, file=sys.stderr)
errors.append((key,ftype,url,msg))
if urls.has_key("ps") and not urls.has_key("ps.gz"):
if "ps" in urls and "ps.gz" not in urls:
# Say, this is something we'd like to have gzipped locally.
psFname = getCacheFname(key, "ps", section)
psGzFname = getCacheFname(key, "ps.gz", section)
if os.path.exists(psFname) and not os.path.exists(psGzFname):
# This is something we haven't gzipped yet.
print "Compressing a copy of",psFname
print("Compressing a copy of",psFname)
outf = gzip.GzipFile(psGzFname, "wb")
inf = open(psFname, "rb")
while 1:
@ -156,9 +158,9 @@ def downloadAll(bibtex, missingOnly=0):
if __name__ == '__main__':
if len(sys.argv) == 2:
print "Loading from %s"%sys.argv[1]
print("Loading from %s"%sys.argv[1])
else:
print >>sys.stderr, "Expected a single configuration file as an argument"
print("Expected a single configuration file as an argument", file=sys.stderr)
sys.exit(1)
config.load(sys.argv[1])

1
i2p2www/anonbib/views.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
from flask import render_template
from i2p2www import ANONBIB_CFG, ANONBIB_FILE

50
i2p2www/anonbib/writeHTML.py
View File

@ -3,16 +3,20 @@
"""Generate indices by author, topic, date, and BibTeX key."""
from __future__ import absolute_import
from __future__ import print_function
import sys
import re
import os
import json
from six.moves import map
from six.moves import range
assert sys.version_info[:3] >= (2,2,0)
os.umask(022)
os.umask(0o22)
import BibTeX
import config
from . import BibTeX
from . import config
def getTemplate(name):
f = open(name)
@ -39,15 +43,15 @@ def writeBody(f, sections, section_urls, cache_path, base_url):
sDisp = re.sub(r'\s+', ' ', s.strip())
sDisp = sDisp.replace(" ", "&nbsp;")
if u:
print >>f, ('<li><h3><a name="%s"></a><a href="%s">%s</a></h3>'%(
(BibTeX.url_untranslate(s), u, sDisp)))
print(('<li><h3><a name="%s"></a><a href="%s">%s</a></h3>'%(
(BibTeX.url_untranslate(s), u, sDisp))), file=f)
else:
print >>f, ('<li><h3><a name="%s">%s</a></h3>'%(
BibTeX.url_untranslate(s),sDisp))
print >>f, "<ul class='expand'>"
print(('<li><h3><a name="%s">%s</a></h3>'%(
BibTeX.url_untranslate(s),sDisp)), file=f)
print("<ul class='expand'>", file=f)
for e in entries:
print >>f, e.to_html(cache_path=cache_path, base_url=base_url)
print >>f, "</ul></li>"
print(e.to_html(cache_path=cache_path, base_url=base_url), file=f)
print("</ul></li>", file=f)
def writeHTML(f, sections, sectionType, fieldName, choices,
tag, config, cache_url_path, section_urls={}):
@ -69,7 +73,7 @@ def writeHTML(f, sections, sectionType, fieldName, choices,
#
tagListStr = []
st = config.TAG_SHORT_TITLES.keys()
st = list(config.TAG_SHORT_TITLES.keys())
st.sort()
root = "../"*pathLength(config.TAG_DIRECTORIES[tag])
if root == "": root = "."
@ -104,10 +108,10 @@ def writeHTML(f, sections, sectionType, fieldName, choices,
}
header, footer = getTemplate(config.TEMPLATE_FILE)
print >>f, header%fields
print(header%fields, file=f)
writeBody(f, sections, section_urls, cache_path=cache_url_path,
base_url=root)
print >>f, footer%fields
print(footer%fields, file=f)
def jsonDumper(obj):
if isinstance(obj, BibTeX.BibTeXEntry):
@ -125,7 +129,7 @@ def writePageSet(config, bib, tag):
bib_entries = bib.entries[:]
if not bib_entries:
print >>sys.stderr, "No entries with tag %r; skipping"%tag
print("No entries with tag %r; skipping"%tag, file=sys.stderr)
return
tagdir = config.TAG_DIRECTORIES[tag]
@ -133,7 +137,7 @@ def writePageSet(config, bib, tag):
cache_url_path = BibTeX.smartJoin("../"*pathLength(tagdir),
config.CACHE_DIR)
if not os.path.exists(outdir):
os.makedirs(outdir, 0755)
os.makedirs(outdir, 0o755)
##### Sorted views:
## By topic.
@ -174,7 +178,7 @@ def writePageSet(config, bib, tag):
except ValueError:
last_year = int(entries[-2][1][0].get('year'))
years = map(str, range(first_year, last_year+1))
years = list(map(str, list(range(first_year, last_year+1))))
if entries[-1][0] == 'Unknown':
years.append("Unknown")
@ -216,15 +220,15 @@ def writePageSet(config, bib, tag):
header,footer = getTemplate(config.BIBTEX_TEMPLATE_FILE)
f = open(os.path.join(outdir,"bibtex.html"), 'w')
print >>f, header % { 'command_line' : "",
print(header % { 'command_line' : "",
'title': config.TAG_TITLES[tag],
'root': root }
'root': root }, file=f)
for ent in entries:
print >>f, (
print((
("<tr><td class='bibtex'><a name='%s'>%s</a>"
"<pre class='bibtex'>%s</pre></td></tr>")
%(BibTeX.url_untranslate(ent.key), ent.key, ent.format(90,8,1)))
print >>f, footer
%(BibTeX.url_untranslate(ent.key), ent.key, ent.format(90,8,1))), file=f)
print(footer, file=f)
f.close()
f = open(os.path.join(outdir,"bibtex.json"), 'w')
@ -234,9 +238,9 @@ def writePageSet(config, bib, tag):
if __name__ == '__main__':
if len(sys.argv) == 2:
print "Loading from %s"%sys.argv[1]
print("Loading from %s"%sys.argv[1])
else:
print >>sys.stderr, "Expected a single configuration file as an argument"
print("Expected a single configuration file as an argument", file=sys.stderr)
sys.exit(1)
config.load(sys.argv[1])

135
i2p2www/blog/2022/09/26/i2p-safety-reminder.draft.rst
View File

@ -1,135 +0,0 @@
{% trans -%}
==================================
A Reminder to be Safe as I2P Grows
==================================
{%- endtrans %}
.. meta::
:author: idk
:date: 2022-09-26
:category: general
:excerpt: {% trans %}{% endtrans %}
{% trans -%}
A Reminder to be Safe as I2P Grows
{%- endtrans %}
==================================
{% trans -%}
It is an an exciting time for The Invisible Internet Project (I2P). We
are completing our migration to modern cryptography across all of our
transports, ( Java and C++), and we have recently gained a high-capacity
and professional outproxy service, and there are more applications
integrating I2P based functionality than ever. The network is poised to
grow, so now is a good time to remind everyone to be smart and be safe
when obtaining I2P and I2P-related software. We welcome new
applications, implementations, and forks with new ideas, and the power
of the network comes from its openness to participation by all I2P
users. In fact, we dont like to call you users, we like to use the word
“Participants” because each of you helps the network, in your own way by
contributing content, developing applications, or simply routing traffic
and helping other participants find peers.
{%- endtrans %}
{% trans -%}
You are the network, and we want you to be safe.
{%- endtrans %}
{% trans -%}
We have become aware of attempts to impersonate I2Ps presence on the
web and social media. To avoid offering momentum to these campaigns, we
will not mention the actors affiliated with them, However, in order to
help you recognize these campaigns should you encounter them in the
wild, we are documenting their tactics:
{%- endtrans %}
- Copying text directly from the I2P Web Site without acknowledging our
licence requirements in a way that may suggest endorsement.
- Involvement or promotion of an Intial Coin Offering, or ICO
- Crypto-Scam like language
- Graphics that have nothing to do with the textual content
- Click-farming behavior, sites that appear to have content but which
instead link to other sites
- Attempts to get the user to register for non-I2P chat servers. We
come to you or you come to us, we will not ask you to meet us at a
third-party service unless you already use it(Note that this is not
always true for other forks and projects, but it is true of
geti2p.net).
- The use of bot networks to amplify the message on social media.
I2P(geti2p.net) does not use bots to spread the message.
{% trans -%}
These campaigns have had the side-effect of “shadow-banning” some
legitimate I2P-related discussion on Twitter and possibly other social
media.
{%- endtrans %}
{% trans -%}Our Sites{%- endtrans %}
---------
{% trans -%}
We have official sites where people may obtain the I2P software safely:
{%- endtrans %}
- `Official Website - i2p.net - TLS Fingerprint(SHA256) -
5B:09:29:D9:26:64:7D:0E:33:B6:4A:9D:6F:58:FA:5E:24:EF:18:81:21:A9:A9:4F:8B:D2:CE:D8:74:91:60:8B <https://i2p.net>`__
- `Official Website - geti2p.net - TLS Fingerprint(SHA256) -
5B:09:29:D9:26:64:7D:0E:33:B6:4A:9D:6F:58:FA:5E:24:EF:18:81:21:A9:A9:4F:8B:D2:CE:D8:74:91:60:8B <https://geti2p.net>`__
- `Official Gitlab - i2pgit.org - TLS Fingerprint(SHA256) -
0E:90:B8:61:AA:38:AB:4A:A4:F3:54:07:AC:8B:B6:FF:03:3D:DC:18:31:BD:BA:EA:4C:A9:73:28:22:CB:97:30 <https://i2pgit.org>`__
- `Official Debian Repository - deb.i2p2.de - TLS
Fingerprint(SHA256) -
17:42:0B:AB:B6:4F:24:51:5E:BC:AD:10:44:9E:2C:C9:37:BB:28:89:74:62:6B:0A:9F:23:4C:5E:A5:EA:64:91 <https://deb.i2p2.de>`__
- `Official Debian Repository - deb.i2p2.no - TLS
Fingerprint(SHA256) -
EC:43:E8:DC:29:8E:BB:78:B9:88:70:ED:21:1A:8E:AD:FA:8D:6F:5E:D9:56:54:89:9F:7B:30:58:1E:03:02:CE <https://deb.i2p2.no>`__
- `Official Forums - i2pforum.net - TLS Fingerprint(SHA256) -
7B:1E:B6:5D:C7:5A:DE:32:E6:08:DB:8E:3C:4C:DB:5F:67:DB:13:A3:C8:1F:F9:26:53:C9:49:94:8E:CD:90:D1 <https://i2pforum.net>`__
{% trans -%}Invisible Internet Project Forums, Blogs and Social Media{%- endtrans %}
---------------------------------------------------------
{% trans -%}Hosted by the project{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~
- `I2P Forums <https://i2pforum.net>`__ and its `I2P
Mirror <https://i2pforum.i2p>`__
- irc: `#i2p-dev` on Irc2P(`127.0.0.1:6668` in a standard I2P
installation)
{% trans -%}Hosted by Others{%- endtrans %}
~~~~~~~~~~~~~~~~
{% trans -%}
These services are hosted by third-parties, sometimes corporations,
where we participate in order to provide a social media outreach
presence to I2P users who choose to participate in them. We will never
ask you to participate in these unless you already have an account with
them, prior to interacting with us.
{%- endtrans %}
- `Launchpad : https://launchpad.net/i2p <https://launchpad.net/i2p>`__
- `Twitter : https://twitter.com/GetI2P <https://twitter.com/GetI2P>`__
- `Reddit :
https://www.reddit.com/r/i2p/ <https://www.reddit.com/r/i2p/>`__
- `Mastodon:
https://mastodon.social/@i2p <https://mastodon.social/@i2p>`__
- `Medium: https://i2p.medium.com/ <https://i2p.medium.com/>`__
{% trans -%}Forks, Apps, and Third-Party Implementations are Not Evil.{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
This post attempts to provide ways of vetting the source for obtaining
the Java I2P package represented by the source code contained in
https://i2pgit.org/i2p-hackers/i2p.i2p and
https://github.com/i2p/i2p.i2p, and which is available for download from
the web site https://geti2p.net/en/download. It is not intended to pass
judgement on third-party forks, downstream projects, embedders,
packagers, people experimenting in laboratories, or people who just
disagree with us. You are all valued members of our community who are
trying to protect, and not compromise, the privacy of others. Since we
are aware of attempts to impersonate I2P project community members, you
may wish to review the download, verification, and installation
procedures which you recommend to your users in order to document your
official sources and known mirrors.
{%- endtrans %}

106
i2p2www/blog/2022/09/26/i2p-safety-reminder.rst Normal file
View File

@ -0,0 +1,106 @@
{% trans -%}
==================================
A Reminder to be Safe as I2P Grows
==================================
{%- endtrans %}
.. meta::
:author: idk
:date: 2022-09-26
:category: general
:excerpt: {% trans %}A Reminder to be Safe as I2P Grows{% endtrans %}
{% trans -%}
A Reminder to be Safe as I2P Grows
{%- endtrans %}
==================================
{% trans -%}
It is an an exciting time for The Invisible Internet Project (I2P).
We are completing our migration to modern cryptography across all of our transports, ( Java and C++), and we have recently gained a high-capacity and professional outproxy service, and there are more applications integrating I2P based functionality than ever.
The network is poised to grow, so now is a good time to remind everyone to be smart and be safe when obtaining I2P and I2P-related software.
We welcome new applications, implementations, and forks with new ideas, and the power of the network comes from its openness to participation by all I2P users.
In fact, we dont like to call you users, we like to use the word “Participants” because each of you helps the network, in your own way by contributing content, developing applications, or simply routing traffic and helping other participants find peers.
{%- endtrans %}
{% trans -%}
You are the network, and we want you to be safe.
{%- endtrans %}
{% trans -%}
We have become aware of attempts to impersonate I2Ps presence on the web and social media.
To avoid offering momentum to these campaigns, we will not mention the actors affiliated with them, However, in order to help you recognize these campaigns should you encounter them in the wild, we are documenting their tactics:
{%- endtrans %}
- Copying text directly from the I2P Web Site without acknowledging our license requirements in a way that may suggest endorsement.
- Involvement or promotion of an Initial Coin Offering, or ICO
- Crypto-Scam like language
- Graphics that have nothing to do with the textual content
- Click-farming behavior, sites that appear to have content but which instead link to other sites
- Attempts to get the user to register for non-I2P chat servers. We come to you or you come to us, we will not ask you to meet us at a third-party service unless you already use it(Note that this is not always true for other forks and projects, but it is true of geti2p.net).
- The use of bot networks to amplify any message on social media. I2P(geti2p.net) does not use bots for social media advertising.
{% trans -%}
These campaigns have had the side-effect of “shadow-banning” some legitimate I2P-related discussion on Twitter and possibly other social media.
{%- endtrans %}
{% trans -%}Our Sites{%- endtrans %}
---------
{% trans -%}
We have official sites where people may obtain the I2P software safely:
{%- endtrans %}
- `{% trans -%}Official Website - i2p.net{%- endtrans %}
<https://i2p.net>`__
- `{% trans -%}Official Website - geti2p.net{%- endtrans %}
<https://geti2p.net>`__
- `{% trans -%}Official Gitlab - i2pgit.org{%- endtrans %}
<https://i2pgit.org>`__
- `{% trans -%}Official Debian Repository - deb.i2p2.de{%- endtrans %}
<https://deb.i2p2.de>`__
- `{% trans -%}Official Debian Repository - deb.i2p2.no{%- endtrans %}
<https://deb.i2p2.no>`__
- `{% trans -%}Official Forums - i2pforum.net{%- endtrans %}
<https://i2pforum.net>`__
{% trans -%}Invisible Internet Project Forums, Blogs and Social Media{%- endtrans %}
---------------------------------------------------------
{% trans -%}Hosted by the project{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~
- `{% trans -%}I2P Forums{%- endtrans %} <https://i2pforum.net>`__ - `{% trans -%}I2P{%- endtrans %}
Mirror <https://i2pforum.i2p>`__
- irc: `#i2p-dev` on Irc2P(`127.0.0.1:6668` in a standard I2P installation)
{% trans -%}Hosted by Others{%- endtrans %}
~~~~~~~~~~~~~~~~
{% trans -%}
These services are hosted by third-parties, sometimes corporations, where we participate in order to provide a social media outreach presence to I2P users who choose to participate in them.
We will never ask you to participate in these unless you already have an account with them, prior to interacting with us.
{%- endtrans %}
- `{% trans -%}Launchpad{%- endtrans %} : https://launchpad.net/i2p <https://launchpad.net/i2p>`__
- `{% trans -%}Github{%- endtrans %} : https://github.com/i2p <https://github.com/i2p>`__
- `{% trans -%}Twitter{%- endtrans %} : https://twitter.com/GetI2P <https://twitter.com/GetI2P>`__
- `{% trans -%}Reddit{%- endtrans %} :
https://www.reddit.com/r/i2p/ <https://www.reddit.com/r/i2p/>`__
- `{% trans -%}Mastodon{%- endtrans %}:
https://mastodon.social/@i2p <https://mastodon.social/@i2p>`__
- `{% trans -%}Medium{%- endtrans %}: https://i2p.medium.com/ <https://i2p.medium.com/>`__
{% trans -%}Forks, Apps, and Third-Party Implementations are Not Evil.{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
This post attempts to provide ways of vetting the source for obtaining the Java I2P package represented by the source code contained in https://i2pgit.org/i2p-hackers/i2p.i2p and https://github.com/i2p/i2p.i2p, and which is available for download from the web site https://geti2p.net/.
It is not intended to pass judgement on third-party forks, downstream projects, embedders, packagers, people experimenting in laboratories, or people who just disagree with us.
You are all valued members of our community who are trying to protect, and not compromise, the privacy of others.
Since we are aware of attempts to impersonate I2P project community members, you may wish to review the download, verification, and installation procedures which you recommend to your users in order to document your official sources and known mirrors.
{%- endtrans %}
{% trans -%}
Authors Note: An earlier version of this blog post contained the TLS fingerprint of each of the services operated by the I2P Project.
These were removed when a certificate renewal caused the fingerprints to become inaccurate.
{%- endtrans %}

347
i2p2www/blog/2022/09/26/meet-your-maintainer-divaexchange.rst Normal file
View File

@ -0,0 +1,347 @@
{% trans -%}
==================================
Meet your Maintainer: DivaExchange
==================================
{%- endtrans %}
.. meta::
:author: sadie
:date: 2022-09-26
:category: general
:excerpt: {% trans %}A conversation with DivaExchange{% endtrans %}
{% trans -%}
*In this second installment of Meet Your Maintainer, I reached out to
Konrad from DIVA.EXCHANGE to talk about DIVAs research and services.
DIVA.EXCHANGE is developing software with the goal of providing free
banking technology for everyone. It is secure without a central
infrastructure, and based on blockchain and I2P technology.*
{%- endtrans %}
**{% trans -%}What got you interested in I2P?{%- endtrans %}**
{% trans -%}
About 10 years ago I had a presentation for “Technologieforum Zug” - a
very local technology network for business guys. I was introducing I2P
and Tor as overlay networks to them - to show them that other
interesting things exist out there.
{%- endtrans %}
{% trans -%}
I was always very much interested in cryptography related technology. In
general I can say that my core interests were and still are: networks,
freedom and privacy on both a technical and social level, interesting
algos, like HashCash between 2000 and 2010, which was a very well
working Proof-of-Work algo created at Universities in the UK in the late
90s.
{%- endtrans %}
{% trans -%}
I2P fascinated me because it is really carefully done - from the
architecture to the implementation in Java and C++. Personally I prefer
de-coupled and small programs doing one thing. Hence I was pretty
fascinated by the C++ version, I2Pd, which is lean, fast and without
dependencies. It works very well for me.
{%- endtrans %}
**{% trans -%}What are the qualities in its technical capacity that aligned with
your own work or interests?{%- endtrans %}**
{% trans -%}
I adore craftsmanship. Thats art. And I2P is modern craftsmanship. I2P
creates values for end users values which cant be bought: autonomy,
liberty and serenity.
{%- endtrans %}
{% trans -%}
I2P fascinates me because its agnostic. Anyone can run anything on I2P
as long as it talks TCP or UDP - and can handle some latency. Really:
“the network is the computer” and the communication is truly private
according to the current state of knowledge.
{%- endtrans %}
**{% trans -%}Who is DIVA for?{%- endtrans %}**
{% trans -%}
DIVA gets actively developed and therefore the project is for
researchers, software developers, communicators (writers, illustrators…)
and for people who want to learn really new stuff in the area of
distributed technology.
{%- endtrans %}
{% trans -%}
Once DIVA grows up - please dont ask me when - DIVA will be a fully
distributed, self-hosted bank for everyone.
{%- endtrans %}
**{% trans -%}Can you tell me about what DIVA does?{%- endtrans %}**
{% trans -%}
As said, DIVA will be a fully distributed, self-hosted bank for
everyone. “Banking” means: savings, payments, investments, loans - so
all that stuff everybody is doing everyday. Please note in this context:
DIVA works without any central infrastructure and DIVA will never - as
long as I have something to say - be a coin or token. There cant be any
central business model involved. If a transaction creates fees because a
node of the distributed infrastructure did some work, then these fees
remain at the node which did the work.
{%- endtrans %}
{% trans -%}
Why a “bank”? Because financial liberty and autonomy is key to live a
good and peaceful life and to be able to make all those smaller and
larger daily decisions in freedom. Therefore people shall own their
small and secure technology components to do whatever they like to do
without being nudged.
{%- endtrans %}
{% trans -%}
Well, say hello to DIVA, based on I2P.
{%- endtrans %}
**{% trans -%}What are your upcoming goals? What are your stretch goals?{%- endtrans %}**
{% trans -%}
There is a very close goal: understanding the impact of SSU2 which has
been lately implemented in I2P. This is a technical goal for the next
few weeks.
{%- endtrans %}
{% trans -%}
Then, probably this year: some cryptocurrency transactions using DIVA on
testnets. Please dont forget: DIVA is a research project and people
shall be motivated to do their own stuff with DIVA - the way they need
it. We dont run any infrastructure or alike for others except some
transparent test networks to increase the knowledge and wisdom of
everyone. Its recommended to stay in touch with DIVA via social
networks
(`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__) or
chats to be inspired what to do with DIVA.
{%- endtrans %}
{% trans -%}
I also want to touch an important part for the I2P community: DIVA is
based on divachain - which is then based on I2P. Divachain is a very
generic fully distributed storage layer. So, just as an example: if some
I2P developer believes that a fully distributed, trustless DNS would be
a great idea - well, thats yet another use case of divachain. Fully
distributed - no trust needed - all anonymous.
{%- endtrans %}
**{% trans -%}What are some of the other services and contributions you are
responsible for?{%- endtrans %}**
{% trans -%}
DIVA.EXCHANGE - which is the open association developing DIVA - runs a
reseed server for I2P since a few years. So probably almost every I2P
user got somehow in touch with us in the past. Just a note: the
DIVA.EXCHANGE reseed server is also available as .onion service - so I2P
bootstrapping can be done via the tor network - which is, at least from
my perspective, an additional protection layer while entering the
network.
{%- endtrans %}
{% trans -%}
DIVA has also created an I2P SAM library. So developers can create any
modern application based on I2P. Its on github and getting more and
more popular:
`github.com/diva-exchange/i2p-sam/ <http://github.com/diva-exchange/i2p-sam/>`__.
Its complete, well documented and offers lots of examples.
{%- endtrans %}
**{% trans -%}What are some of the priorities you think that anyone who wants to
contribute to the I2P network should consider?{%- endtrans %}**
{% trans -%}
Run your I2P node. Take a look at the different flavours, like Docker
versions of I2Pd, or other installs available for multiple operating
systems. There are several flavours available and its important to be
comfortable with the local installation and configuration.
{%- endtrans %}
{% trans -%}
Then: think about your skills - networking skills, programming skills,
communication skills? I2P offers lots of interesting challenges: people
with networking skills might want to run a reseed server - they are very
important to the network. Programmers might help with the Go, C++ or
Java version of I2P. And communicators are always needed: talking about
I2P from an objective and realistic perspective is helping a lot. Every
little bit is great.
{%- endtrans %}
{% trans -%}
Last but not least: if you are a researcher or student - please get in
touch with us at DIVA.EXCHANGE or the I2P team - research work is
important for I2P.
{%- endtrans %}
**{% trans -%}Where do you see the conversation and outlook on tools like I2P now?{%- endtrans %}**
{% trans -%}
Probably I have to say something about the outlook: I2P is important to
everyone. I hope that the I2P community - developers, communicators,
etc. - remains motivated by the few which deeply appreciate their hard
work on truly challenging technology.
{%- endtrans %}
{% trans -%}
I hope that more and more developers see the benefit to develop software
based on I2P. Because this would create more use cases for end users.
Then I also hope, that the core I2P programs remain simple and become
maybe even more de-coupled. Let me make an example what I mean with
“de-coupled”: user interfaces probably should not be baked into
applications by developers - because there are front end designers which
do have great knowledge and years of experience. Developers should just
create an API, like a unix or websocket or a REST interface, so that
other services can use the program the way they want it. This makes
developers and end users happy.
{%- endtrans %}
**{% trans -%}Can you tell me a bit about your own I2P workflow? What are your own
use cases?{%- endtrans %}**
{% trans -%}
I am a developer, tester and researcher. So I need all my stuff in
containers to remain flexible. I2Pd is running in 1..n containers on
multiple systems to serve stuff like: feeding reseed requests, serving
the diva.i2p test website, running parts of the DIVA I2P test network -
see testnet.diva.exchange and I also have containers to serve my local
browsers as a combined I2P and Tor proxy.
{%- endtrans %}
**{% trans -%}How can the I2P community support your work?{%- endtrans %}**
{% trans -%}
We are on social media, like
`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__ - so
follow us there. Additionally we would love to see even more involvement
on `github.com/diva-exchange <http://github.com/diva-exchange>`__ - it
already got more and more attention in the past months. Thanks a lot for
that!
{%- endtrans %}
**{% trans -%}Glossary Of Key Terms{%- endtrans %}**
**{% trans -%}I2P Terms{%- endtrans %}**
**{% trans -%}Reseed Host{%- endtrans %}**
{% trans -%}
Reseed hosts are needed to for bootstrapping, that is, providing the
initial set of I2P nodes for your I2P node to talk to. Depending on the
status of your node it may need to bootstrap every now and then if many
of the nodes it knows of arent contactable.
{%- endtrans %}
{% trans -%}
Reseeding is done over an encrypted connection and all of the bootstrap
information is signed by the reseed host you connect to, making it
impossible for an unauthenticated source to provide you with false
information.
{%- endtrans %}
**{% trans -%}Node/Peer{%- endtrans %}**
{% trans -%}
A node or peer is part of a network of computers sharing resources. When
you download and install I2P, you participate in routing traffic for
others. Every person using I2P is a node or peer. In some cases. people
can supply more bandwidth or resources than others to the network.
However, peer diversity is important and the more people who use I2P,
the stronger the network becomes. When it comes to setting up your node,
you can customize and configure your connection and workflow with the
I2P network.
{%- endtrans %}
**I2Pd (I2Pdaemon)**
{% trans -%}
I2Pd is a C++ implementation of the I2P protocol is differs from the I2P
Java software in the following ways:
{%- endtrans %}
{% trans -%}
*Java I2P has built-in applications for torrents, e-mail and so on. i2pd
is just a router which you can use with other software through I2CP
interface.* *i2pd does not require Java. Its written in C++.* *i2pd
consumes less memory and CPU.* *i2pd can be compiled everywhere gcc or
clang presented (including Raspberry and routers).* *i2pd has some major
optimizations for faster cryptography which leads to less consumption of
processor time and energy.*
{%- endtrans %}
{% trans -%}
Citation: https://i2pd.readthedocs.io/en/latest/user-guide/FAQ/ Site:
https://i2pd.website/
{%- endtrans %}
{% trans -%}
In terms of the differences or benefits of using either the C++ or Java
version of I2P, the question often comes up. Recently, idk responded to
this question on the I2P subreddit. Ultimately, it depends on a persons
own use case or desired workflow.
{%- endtrans %}
{% trans -%}
*Easy-Install Bundle is the best way to use I2P on Windows for people
just getting started. It will automatically get you from starting the
router to successfully browsing, every time. However, it doesnt
register as a Windows service, so its not as good to use as a 24/7
transit node yet. It contains everything you need to browse, but its
designed around using I2P interactively and not running services,
necessarily.*
{%- endtrans %}
{% trans -%}
*i2pd on the other hand is very light and efficient and is designed
expressly to run as a service. Its great at being a 24/7 transit node,
especially if you install it on your router, or on a Linux server
somewhere. Its got less tools built-in though, so if you want to
torrent or browse, you will need to add those tools externally.*
{%- endtrans %}
**{% trans -%}Diva Terms{%- endtrans %}**
{% trans -%}
Konrad has provided insight into of some of the terms used during the
conversation.
{%- endtrans %}
**{% trans -%}Bank for Everyone{%- endtrans %}**
{% trans -%}
The possibility to run locally installed software which is able to do
everything a well-known bank can: send and receive payments for
anything, give and receive loans, manage investments, etc. Such banking
software shall neither be depending on any central software components
nor supervised or censored by central components. Its run and managed
by its owner only with all its benefits and reliabilities. The network
(see “Blockchain” and “Consensus”) tries to make sure that no network
participant (a user running his own bank) is able to cheat.
{%- endtrans %}
**{% trans -%}Blockchain{%- endtrans %}**
{% trans -%}
A piece of software which is able to reliably store arbitrary data.
Copies of the software and the storage space is distributed within a
network of any size where the network participants do not necessarily
trust each other (or maybe not even know each other). A synonym of
“blockchain” is “Distributed Layer Technology (DLT)”. A blockchain has
nothing to do with “coins” or “tokens”. These are just blockchain based
applications. Blockchain is a base technology which mainly solves the
problem of “trust & abuse” within a network.
{%- endtrans %}
**{% trans -%}Consensus{%- endtrans %}**
{% trans -%}
In a distributed system the majority of the participants need to agree
on the state of data (the “truth, as defined by the majority” - from a
data perspective). This is a continuous process driven by locally
installed software and this is called consensus. There are multiple
valid consensus algorithms available. Bottom line: all consensus
algorithms cost something: CPU cycles, communication capacity etc. - in
short: a bunch of data sets is the input and a single reliable, fully
distributed data set valid for the majority in the network is the
output.
{%- endtrans %}

69
i2p2www/blog/2022/09/30/SSU2-Transport.draft.rst → i2p2www/blog/2022/10/11/SSU2-Transport.rst
View File

@ -4,7 +4,7 @@
.. meta::
:author: zzz
:date: 2022-09-30
:date: 2022-10-11
:category: development
:excerpt: {% trans %}SSU2 Transport{% endtrans %}
@ -21,6 +21,7 @@ and performance, we can do better. Much better.
{% trans link1="https://i2pd.xyz/" -%}
That's why, together with the `i2pd project <{{ link1 }}>`_, we have created and implemented "SSU2",
a modern UDP protocol designed to the highest standards of security and blocking resistance.
This protocol will replace SSU.
{%- endtrans %}
{% trans -%}
@ -38,8 +39,7 @@ Java I2P implementation dating back to 2003.
SSU2 will replace `SSU <{{ link2 }}>`_, our sole remaining use of `ElGamal <{{ link3 }}>`_ cryptography.
{%- endtrans %}
- Signature types and ECDSA signatures (0.9.12, 2014)
- ECDSA routers (??)
- Signature types and ECDSA signatures (0.9.8, 2013)
- Ed25519 signatures and leasesets (0.9.15, 2014)
- Ed25519 routers (0.9.22, 2015)
- Destination encryption types and X25519 leasesets (0.9.46, 2020)
@ -51,8 +51,8 @@ we will have migrated all our authenticated and encrypted protocols to standard
{%- endtrans %}
- `NTCP2 <{{ spec_url("ntcp2") }}>`_ (0.9.36, 2018)
- `{% trans %}Ratchet end-to-end protocol{% endtrans %} <{{ spec_url("ecies") }}>`_ (0.9.46, 2020)
- `{% trans %}ECIES tunnel build messages{% endtrans %} <{{ spec_url("tunnel-creation-ecies") }}>`_ (1.5.0, 2021)
- `{% trans %}ECIES-X25519-Ratchet end-to-end protocol{% endtrans %} <{{ spec_url("ecies") }}>`_ (0.9.46, 2020)
- `{% trans %}ECIES-X25519 tunnel build messages{% endtrans %} <{{ spec_url("tunnel-creation-ecies") }}>`_ (1.5.0, 2021)
- `SSU2 <{{ proposal_url("159") }}>`_ (2.0.0, 2022)
{% trans -%}
@ -83,10 +83,19 @@ All I2P Noise protocols use the following standard cryptographic algorithms:
{% trans %}Design{% endtrans %}
------------------------------------
{% trans -%}
I2P uses multiple layers of encryption to protect traffic from attackers.
The lowest layer is the transport protocol layer, used for point-to-point links between two routers.
We currently have two transport protocols:
NTCP2, a modern TCP protocol introduced in 2018,
and SSU, a UDP protocol developed in 2005.
{%- endtrans %}
{% trans link1="/spec/i2np" -%}
SSU2, like previous I2P transport protocols, is not a general-purpose pipe for data.
Its primary job is to securely deliver I2P's low-level `I2NP messages <{{ link1 }}>`_
from one router to the next router.
Its primary task is to securely deliver I2P's low-level `I2NP messages <{{ link1 }}>`_
from one router to the next.
Each of these point-to-point connections comprises one hop in an I2P tunnel.
Higher-layer I2P protocols run over these point-to-point connections
to deliver garlic messages end-to-end between I2P's destinations.
@ -171,13 +180,13 @@ Ensuring that SSU2 headers are adequately obfuscated and/or encrypted was the fi
{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
Headers are encrypted using a header protection scheme by XORing with data calculated from known keys,
using ChaCha20, similar to QUIC [RFC-9001] and `Nonces are Noticed <{{ link1 }}>`_.
using ChaCha20, similar to QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_.
This ensures that the encrypted headers will appear to be random, without any distinguishable pattern.
{%- endtrans %}
{% trans -%}
Unlike the QUIC [RFC-9001] header protection scheme, all parts of all headers, including destination and source connection IDs, are encrypted.
QUIC [RFC-9001] and [Nonces] are primarily focused on encrypting the "critical" part of the header, i.e. the packet number (ChaCha20 nonce).
{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
Unlike the QUIC RFC-9001_ header protection scheme, all parts of all headers, including destination and source connection IDs, are encrypted.
QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_ are primarily focused on encrypting the "critical" part of the header, i.e. the packet number (ChaCha20 nonce).
While encrypting the session ID makes incoming packet classification a little more complex, it makes some attacks more difficult.
{%- endtrans %}
@ -274,31 +283,31 @@ While the SSU2 improvements are significant, we do not expect them
to be apparent to the user, either locally or in end-to-end transfer speeds.
End-to-end transfers depend on the performance of 13 other routers
and 14 point-to-point transport links, each of which could be
SSU2, NTCP2, or SSU 1.
SSU2, NTCP2, or SSU.
{%- endtrans %}
{% trans -%}
In the live network, latency and packet loss varies widely.
In the live network, latency and packet loss vary widely.
Even in a test setup, performance depends on configured latency and packet loss.
The i2pd project reports that maximum transfer rates for SSU2 were over 3 times
faster than SSU 1 in some tests. However, they completely redesigned their
SSU 1 code for SSU2 as their previous implementation was rather poor.
The Java I2P project does not expect that their SSU2 implementation will be any faster than SSU 1.
faster than SSU in some tests. However, they completely redesigned their
SSU code for SSU2 as their previous implementation was rather poor.
The Java I2P project does not expect that their SSU2 implementation will be any faster than SSU.
{%- endtrans %}
{% trans -%}
Very low-end platforms such as Raspberry Pis and OpenWRT may see substantial improvements
from the elimination of SSU 1.
from the elimination of SSU.
ElGamal is extremely slow and limits performance on those platforms.
{%- endtrans %}
{% trans -%}
SSU2 data phase encryption uses ChaCha20/Poly1305, compared to AES with a MD5 HMAC for SSU 1.
SSU2 data phase encryption uses ChaCha20/Poly1305, compared to AES with a MD5 HMAC for SSU.
Both are very fast and the change is not expected to measurably affect performance.
{%- endtrans %}
{% trans -%}
Here are some highlights of the estimated improvements for SSU2 over SSU 1:
Here are some highlights of the estimated improvements for SSU2 vs. SSU:
{%- endtrans %}
- {% trans %}40% reduction in total handshake packet size{% endtrans %}
@ -321,13 +330,14 @@ and maintenance requirements.
{% trans -%}
The Java I2P and i2pd projects will both enable SSU2 by default in their next releases (2.0.0 and 2.44.0) in November 2022.
However, they have different plans for disabling SSU 1.
I2pd will disable SSU 1 immediately, because SSU2 is a vast improvement over their SSU 1 implementation.
Java I2P plans to disable SSU 1 in mid-2023, to support a gradual transition
The Java I2P and i2pd projects will both enable SSU2 by default in their next releases (2.0.0 and 2.44.0) in late November 2022.
However, they have different plans for disabling SSU.
I2pd will disable SSU immediately, because SSU2 is a vast improvement over their SSU implementation.
Java I2P plans to disable SSU in mid-2023, to support a gradual transition
and give older routers time to upgrade.
Because Java I2P release 0.9.36 and i2pd release 2.20.0 (2018) were the first to support NTCP2,
routers older than that will not be able to connect to i2pd routers 2.44.0 or higher.
routers older than that will not be able to connect to i2pd routers 2.44.0 or higher,
as they have no compatible transports.
{%- endtrans %}
@ -342,7 +352,7 @@ The founders of I2P had to make several choices for cryptographic algorithms and
Some of those choices were better than others, but twenty years later, most are showing their age.
Of course, we knew this was coming, and we've spent the last decade planning and implementing cryptographic upgrades.
As the old saying goes, upgrading things while maintaining backward compatibility
and avoiding a "flag day" is like changing the tires on the bus while it's rolling down the road.
and avoiding a "flag day" is quite challenging, like changing the tires on the bus while it's rolling down the road.
{%- endtrans %}
{% trans -%}
@ -359,9 +369,9 @@ We thank them as well as the creators of all the cryptography we rely on to keep
{% trans -%}
Expect SSU2 to be enabled in the i2pd and Java I2P releases scheduled for November 2022.
Expect SSU2 to be enabled in the i2pd and Java I2P releases scheduled for late November 2022.
If the update goes well, nobody will notice anything different at all.
The performance benefits, while significant, will probably not be noticeable.
The performance benefits, while significant, will probably not be measurable for most people.
{%- endtrans %}
@ -369,3 +379,8 @@ The performance benefits, while significant, will probably not be noticeable.
As usual, we recommend that you update to the new release when it's available.
The best way to maintain security and help the network is to run the latest release.
{%- endtrans %}
.. _RFC-9000: https://www.rfc-editor.org/rfc/rfc9000.html
.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
.. _RFC-9002: https://www.rfc-editor.org/rfc/rfc9002.html

87
i2p2www/blog/2022/11/21/2.0.0-Release.rst Normal file
View File

@ -0,0 +1,87 @@
===========================================
{% trans -%}2.0.0 Release{%- endtrans %}
===========================================
.. meta::
:author: zzz
:date: 2022-11-21
:category: release
:excerpt: {% trans %}2.0.0 enables SSU2{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans -%}
I2P release 2.0.0 enables our new UDP transport SSU2 for all users, after completion of minor features, testing, and numerous bug fixes.
{%- endtrans %}
{% trans -%}
We also have fixes all over, including for the installer, network database, adding to the private address book, the Windows browser launcher, and IPv6 UPnP.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
{%- endtrans %}
**{% trans %}RELEASE DETAILS{% endtrans %}**
**{% trans %}Changes{% endtrans %}**
- {% trans %}i2ptunnel: Support SHA-256 digest proxy authentication (RFC 7616){% endtrans %}
- {% trans %}SSU2: Connection migration{% endtrans %}
- {% trans %}SSU2: Immediate acks{% endtrans %}
- {% trans %}SSU2: Enable by default{% endtrans %}
**{% trans %}Bug Fixes{% endtrans %}**
- {% trans %}i2ptunnel: Fix IRC USER line filtering{% endtrans %}
- {% trans %}Installer: Fix path for Windows service, caused local eepsite to be broken{% endtrans %}
- {% trans %}Installer: Fix error on Windows when username contains a space{% endtrans %}
- {% trans %}NetDB: Database store message handling fixes{% endtrans %}
- {% trans %}NetDB: Fix reseeding when clock is skewed{% endtrans %}
- {% trans %}Router: Deadlock fix{% endtrans %}
- {% trans %}SSU2: Fix packets exceeding MTU{% endtrans %}
- {% trans %}SSU2: Fix ping packets less than minimum size{% endtrans %}
- {% trans %}SSU2: Fix handling of termination acks{% endtrans %}
- {% trans %}SusiDNS: Fix adding entry to empty address book{% endtrans %}
- {% trans %}SusiMail: Fix dark theme button icons{% endtrans %}
- {% trans %}UPnP: IPv6 fix{% endtrans %}
- {% trans %}Windows: Fix launching preferred browser at startup{% endtrans %}
**{% trans %}Other{% endtrans %}**
- {% trans %}Deadlock detector improvements{% endtrans %}
- {% trans %}Debian: Change dependency from libservlet3.1-java to libjsp-api-java and libservlet-api-java{% endtrans %}
- {% trans %}i2psnark: Increase max pieces to 64K{% endtrans %}
- {% trans %}i2psnark: Add links to additional instances in the console{% endtrans %}
- {% trans %}Option to compress router logs{% endtrans %}
- {% trans %}Translation updates{% endtrans %}
`{% trans %}Full list of fixed bugs{% endtrans %}`__
__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.0.0
**{% trans %}SHA256 Checksums:{% endtrans %}**
::
df3cf4d7fc6c3ed06c7b9de5c8c7b9c692295ecddb0d780e31fc23107e045e5e i2pinstall_2.0.0_windows.exe
b9fe281f28971de674f35cba8c483037bf8ac2d96578cb34f5ee627239d03890 i2pinstall_2.0.0.jar
1d50831e72a8f139cc43d5584c19ca48580d72f1894837689bf644c299df9099 i2psource_2.0.0.tar.bz2
053864a774470df66517826e10026787dc7a90ba871e6aded018d962ca3c068a i2pupdate_2.0.0.zip
c221a9aadac400697cc79a2202130d766359518aab565ad6e99d64f29b92ff83 i2pupdate.su3

34
i2p2www/blog/2022/11/23/easy_install_bundle_2.0.0.rst Normal file
View File

@ -0,0 +1,34 @@
==========================================================================================
{% trans -%}Easy Install 2.0.0 for Windows, OSX delayed by 1 Month{%- endtrans %}
==========================================================================================
.. meta::
:author: idk
:date: 2022-11-23
:category: release
:excerpt: {% trans %}Bugfixes, Stability/Compatibility Improvements and 2.0.0{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans %}
The I2P Easy-Install bundle for Windows has been released.
In this release, support has been added for most major browsers, including all major Firefox(Gecko) and Chromium forks.
Compatibility with external I2P Service installs and un-bundled I2P user installs has been improved.
The Easy-Install bundle can now detect other I2P routers and prompt the user to launch them instead, if they already have I2P.
The browser extensions have been updated to the latest versions.
The Easy-Install now has access to `i2p.plugins.firefox`'s usability mode via the `-usability` command-line flag.
The default mode is the "Strict" mode where Javascript is disabled by NoScript.
In usability mode, Javascript is restricted by JShelter.
For more details, see the profile manager repository at i2pgit.org.
{% endtrans %}
{% trans %}
It is recommended that you update to this release for the best security, privacy, and performance, and to help the network.
{% endtrans %}
{% trans %}
Due to the departure of the developer/maintainer, the Easy-Install Bundle for OSX will be delayed by a month while we work out the maintainership.
{% endtrans %}

69
i2p2www/blog/2022/8/3/Enable-SSU2.draft.rst
View File

@ -1,69 +0,0 @@
==================================
{% trans -%}How to Enable SSU2 on I2P and i2pd{%- endtrans %}
==================================
.. meta::
:author: idk
:date: 2022-08-03
:category: ssu2
:excerpt: {% trans %}How to enable SSU2 on I2P and i2pd{% endtrans %}
{% trans -%}
Help out with SSU2 development and testing
{%- endtrans %}
============================================
{% trans -%}
I2P and i2pd developers are rapidly implementing the successor to the
venerable SSU transport protocol, SSU2. SSU2 featues many improvements on
SSU for censorship resistance, resistance to identification and blocking,
performance, and in many other areas. Users who are comfortable testing
the new protocol can enable it by following these procedures for I2P and
i2pd respectively.
{%- endtrans %}
*{% trans %}Warning: After enabling SSU2, you will publish a routerInfo which
informs other routers that you can speak SSU2. This is still a small
fraction of the network and identifies you as an early-adopter of
SSU2.*{% endtrans %}*
**{% trans %}Enabling SSU2 on I2P{% endtrans %}**
{% trans -%}
In order to enable SSU2 on Java I2P, you will need to locate your `router.config`
file. If you have enabled "Advanced Mode" in your I2P installation already, then
you can edit the `router.config` file from http://127.0.0.1:7657/configadvanced.
{%- endtrans %}
{% trans -%}
If you have not enabled advanced configuration, you'll need to edit the `router.config`
file in a text editor. That file is usually in `/var/lib/i2p/i2p-config/router.config`
on Debian, `$HOME/i2p/router.config` on other Linux,
`$HOME/Library/Application Support/i2p/router.config` on OSX,` and in
`%LOCALAPPDATA%\I2P\router.config` on Windows. Open that file in a text editor(like
`notepad.exe`` on Windows) and add the following line to the end of the file:
{%- endtrans %}
`i2np.ssu2.enable=true`
**{% trans %}Enabling SSU2 on i2pd{% endtrans %}**
{% trans -%}
In order to enable SSU2 on i2pd, you will need to locate your `i2pd.conf` file
and edit that. The `i2pd.conf` file is usually in `/etc/i2pd/i2pd.conf` on Debian,
`$HOME/i2pd/i2pd.conf` on other Linux, on Windows is: `%APPDATA%\i2pd\i2pd.conf`,
and on OSX it is: `$HOME/Library/Application Support/i2pd/i2pd.conf`. Open that,
and add the following lines to the end of the file:
{%- endtrans %}
`[SSU2]`
`enabled = true`
**{% trans %}Thanks to all Testers{% endtrans %}**
{% trans -%}
We'd like to take this moment to thank all of the testers who have helped us so
far and who will continue to help us in the future as we test SSU2 and continue
to develop the I2P network.
{%- endtrans %}

2
i2p2www/blog/2022/8/4/Enable-StormyCloud.rst
View File

@ -17,7 +17,7 @@ How to Switch to the StormyCloud Outproxy Service
{% trans -%}
For years, I2P has been served by a single default outproxy, `false.i2p`
who's reliability has been degrading. Although several competitors
whose reliability has been degrading. Although several competitors
have emerged to take up some of the slack, they are mostly unable to
volunteer to serve the clients of an entire I2P implementation by
default. However, StormyCloud, a professional, non-profit organization

111
i2p2www/blog/2023/01/09/2.1.0-Release.rst Normal file
View File

@ -0,0 +1,111 @@
===========================================
{% trans -%}2.1.0 Release{%- endtrans %}
===========================================
.. meta::
:author: zzz
:date: 2023-01-09
:category: release
:excerpt: {% trans %}2.1.0 with SSU2 and congestion fixes{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans -%}
We have learned several things since our 2.0.0 release in November.
As routers have updated to that release, the network has gone from about 1% to over 60% support for our new SSU2 transport protocol.
First, we have confirmed that SSU2 is a solid, well designed, and secure protocol.
Second, however, we have found and fixed numerous minor or rarely-triggered bugs in the implementation of the protocol.
Cumulatively, the effects of these bugs have reduced the performance of the network.
{%- endtrans %}
{% trans -%}
Also, we are aware of increased tunnel count and reduced tunnel build success rate in the network,
possibly triggered by Bitcoin's new I2P transient address feature,
but made worse by our SSU2 bugs and other congestion control problems.
We are working with Bitcoin and other non-Bitcoin projects to reduce I2P network demands.
We have improved our algorithms to reduce network load during times of congestion.
We are also collaborating with i2pd to develop common congestion control strategies.
{%- endtrans %}
{% trans -%}
Therefore, we have accelerated this release by about six weeks, to get the fixes out to everybody.
i2pd released their version 2.45.0 last week and the early results are encouraging.
New protocols, and distributed networks, are difficult to develop.
Congestion can arrive with little warning and with little clue of the cause.
Thank you for your patience as we have diagnosed and hopefully fixed the problems.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release. The best way to
maintain security and help the network is to run the latest release.
{%- endtrans %}
**{% trans %}RELEASE DETAILS{% endtrans %}**
**{% trans %}Changes{% endtrans %}**
- {% trans %}Console: New status and banned peers tabs on /peers{% endtrans %}
- {% trans %}i2ptunnel: Add torsocks support{% endtrans %}
- {% trans %}i2ptunnel: Add SOCKS tunnel conversion to CONNECT outproxy{% endtrans %}
- {% trans %}i2ptunnel: Add SOCKS outproxy port configuration{% endtrans %}
- {% trans %}i2ptunnel: Update encryption type defaults{% endtrans %}
- {% trans %}Router: Improved congestion detection and handling{% endtrans %}
- {% trans %}Router: Use compressible padding for destinations and router infos (proposal 161){% endtrans %}
- {% trans %}SSU: Redesign symmetric NAT detection{% endtrans %}
**{% trans %}Bug Fixes{% endtrans %}**
- {% trans %}Console: Fix configuration for Argentinian Spanish{% endtrans %}
- {% trans %}Crypto: Fix LS2 encrypted leasesets, broken since 1.8.0{% endtrans %}
- {% trans %}i2psnark: Avoid OOM starting large number of torrents{% endtrans %}
- {% trans %}i2ptunnel: Numerous SOCKS tunnel fixes{% endtrans %}
- {% trans %}NTCP: Fix rare termination NPE{% endtrans %}
- {% trans %}Profiles: Fix profile load stopping after hitting corrupt file{% endtrans %}
- {% trans %}Router: Clock skew handling fixes and improvements{% endtrans %}
- {% trans %}SSU: Don't publish IPv4 address when configured for IPv6-only{% endtrans %}
- {% trans %}SSU: Fix handling of banned peers{% endtrans %}
- {% trans %}SSU2: Peer Test fixes and improvements{% endtrans %}
- {% trans %}SSU2: Termination fixes and improvements{% endtrans %}
- {% trans %}SSU2: Token and handshake fixes and improvements{% endtrans %}
- {% trans %}SSU2: Fix rare packet handling NPE{% endtrans %}
- {% trans %}SSU2: Fix rare termination IAE{% endtrans %}
- {% trans %}SSU2: Fix retransmission of session confirmed{% endtrans %}
- {% trans %}SSU2: Fix attempted connection to ourselves as an introducer{% endtrans %}
- {% trans %}UPnP: Catch rare assertion error{% endtrans %}
**{% trans %}Other{% endtrans %}**
- {% trans %}Console: Add leaseset lookup to advanced search form{% endtrans %}
- {% trans %}i2psnark: Add partial Dutch translation{% endtrans %}
- {% trans %}i2ptunnel: Allow IRCv3 ACCOUNT and CHGHOST through filter{% endtrans %}
- {% trans %}SSU2: Preliminary support for disabling SSU1{% endtrans %}
- {% trans %}Sybil: Add IPv6 address tests{% endtrans %}
- {% trans %}Translation updates{% endtrans %}
`{% trans %}Full list of fixed bugs{% endtrans %}`__
__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.1.0
**{% trans %}SHA256 Checksums:{% endtrans %}**
::
88e0d49090341f5bfa30299c3fa549c365da57a074ef694cf8201666687e583a i2pinstall_2.1.0_windows.exe
153c7988e7a9f0c2affd1e001d554e2519dd439c08bd7c024643b749db1308c1 i2pinstall_2.1.0.jar
83098c1277204c5569284b32b37ef137656b27bfe15ef903eca2da7c269288d1 i2psource_2.1.0.tar.bz2
54cf3f146f3a630fc2486f79f24c9cfc59d4c9974df0c4479251624fa7bc12a1 i2pupdate_2.1.0.zip
28a6a2f95ba9a613a040976e6d30e6662fc90241f08607f2ce43c6332b9f71bf i2pupdate.su3

41
i2p2www/blog/2023/01/13/i2p_easy_install_for_windows_2.1.0.rst Normal file
View File

@ -0,0 +1,41 @@
=============================================================
{% trans -%}Windows Easy-Install 2.1.0 Release{%- endtrans %}
=============================================================
.. meta::
:author: idk
:date: 2023-01-13
:category: release
:excerpt: {% trans %}Windows Easy-Install Bundle 2.1.0 released to improve stability, performance.{% endtrans %}
{% trans -%}
Update details
{%- endtrans %}
============================================
{% trans -%}
The I2P Easy-Install bundle for Windows version 2.1.0 has been released.
As usual, this release includes an updated version of the I2P Router.
This release of I2P provides improved strategies for dealing with network congestion.
These should improve performance, connectivity, and secure the long-term health of the I2P network.
{%- endtrans %}
{% trans -%}
This release features mostly under-the-hood improvements to the browser profile launcher.
Compatibility with Tor Browser Bundle has been improved by enabling TBB configuration through environment variables.
The Firefox profile has been updated, an the base versions of the extensions have been updated.
Improvements have been made throughout the codebase and the deployment process.
{%- endtrans %}
{% trans -%}
Unfortunately, this release is still an unsigned .exe installer.
Please verify the checksum of the installer before using it.
The updates, on the other hand are signed by my I2P signing keys and therefore safe.
{%- endtrans %}
{% trans -%}
This release was compiled with OpenJDK 19.
It uses i2p.plugins.firefox version 1.0.7 as a library for launching the browser.
It uses i2p.i2p version 2.1.0 as an I2P router, and to provide applications.
As always it is recommended that you update to the latest version of the I2P router at your earliest convenient opportunity.
{%- endtrans %}

64
i2p2www/blog/2023/01/31/mac-easy-install-notarization.rst Normal file
View File

@ -0,0 +1,64 @@
{% trans -%}
=======================================
Update on Mac Easy Install Notarization
=======================================
{%- endtrans %}
.. meta::
:author: idk,sadie
:date: 2023-01-31
:category: release
:excerpt: {% trans %}Easy Install Bundle for Mac is stalled{% endtrans %}
{% trans -%}
The I2P Easy-Install Bundle for Mac has been experiencing stalled updates for the past 2 releases due to the departure of its maintainer.
It is recommended that users of the Easy-Install bundle for Mac switch to the classic java-style installer which was recently restored to the download page.
1.9.0 has known security issues and is not suitable for hosting services or any long-term use. Users are advised to migrate away as soon as possible.
Advanced users of the Easy-Install bundle may work around this by compiling the bundle from source and self-signing the software.
{%- endtrans %}
{% trans -%}The Notarization Process For MacOS{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
There are many steps in the process of distributing an application to Apple users.
In order to distribute an application as a .dmg securely, the application must pass a notarization process.
In order to submit an application for notarization, a developer must sign the application using a set of certificates that includes one for code signing, and one for signing the application itself.
This signing must take place at specific points during the build process, before the final .dmg bundle which is distributed to the end users can be created.
{%- endtrans %}
{% trans -%}
I2P Java is a complex application, and because of this it is a process of trial and error to match the types of code used in the application to Apple's certificates, and where the signing takes place to produce a valid timestamp.
It is due to this complexity that existing documentation for developers is falling short of helping the team understand the correct combination of factors that will result in successful notarization.
{%- endtrans %}
{% trans -%}
These difficulties leave the timeline for completing this process difficult to predict.
We won't know we're done until we are able to clean up the build environment and follow the process end-to-end.
The good news is that we are down to only 4 errors during the notarization process from more than 50 during the first attempt and can reasonably predict that it will be competed before or in time for the next release in April.
{%- endtrans %}
{% trans -%}Options for New macOS I2P Installs and Updates{%- endtrans %}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
{% trans -%}
New I2P participants can still download the Easy Installer for the macOS 1.9.0 software.
I hope to have a release ready near the end of April.
Updates to the latest version will become available as soon as notarization is successful.
{%- endtrans %}
{% trans -%}
The classic install options is also available.
This will require downloading Java and the I2P software via the .jar based installer.
{%- endtrans %}
`{% trans -%}Jar Install Instructions are available here.{%- endtrans %} <https://geti2p.net/en/download/macos>`_
{% trans -%}
Easy-Install users can update to that latest version using a locally-produced development build.
{%- endtrans %}
`{% trans -%}Easy-Install Build Instructions are available here.{%- endtrans %} <https://i2pgit.org/i2p-hackers/i2p-jpackage-mac/-/blob/master/BUILD.md>`_
{% trans -%}
There is also the option to uninstall the software, remove the I2P configuration directory and reinstall I2P using the .jar installer.
{%- endtrans %}

23
i2p2www/blog/2023/02/09/about_the_recent_denial_of_service_attacks.rst Normal file
View File

@ -0,0 +1,23 @@
{% trans -%}
==========================================
About the recent Denial of Service attacks
==========================================
{%- endtrans %}
.. meta::
:author: idk,sadie
:date: 2023-02-09
:category: release
:excerpt: {% trans %}I2P remains intact with impaired performance{% endtrans %}
{% trans -%}
The I2P network is currently being affected by a Denial of Service attack.
The floodfill function of the network has been affected, resulting in responses being disrupted and tunnel build success rates dropping.
Participants in the network have experienced difficulties connecting to I2P sites and using I2P services.
Mitigation strategies are being investigated and implemented gradually.
{%- endtrans %}
{% trans -%}
While the attack has degraded performance, the network remains intact and usable.
Java I2P routers appear to be handling the issues better than i2pd routers for now.
Various mitigations should begin to appear in dev builds of both Java and C++ routers in the next week.
{%- endtrans %}

14
i2p2www/blog/2023/03/13/i2p-release-2.2.0.rst Normal file
View File

@ -0,0 +1,14 @@
{% trans -%}
=================
I2P Release 2.2.0
=================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-03-13
:category: release
:excerpt: {% trans %}Moved Post{% endtrans %}
{% trans -%}
`This blog post has been moved here </en/blog/post/2023/03/13/new_release_2.2.0>`_
{%- endtrans %}

89
i2p2www/blog/2023/03/13/new_release_2.2.0.rst Normal file
View File

@ -0,0 +1,89 @@
{% trans -%}
=================
I2P Release 2.2.0
=================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-03-13
:category: release
:excerpt: {% trans %}DDoS Mitigations, New Release Maintainer{% endtrans %}
{% trans -%}
We have elected to move forward the 2.2.0 release date, which will be occurring today, March 13, 2023.
This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks.
The attacks are likely to continue, but the improvements to these systems will help to mitigate the risk of DDOS attacks by helping the router identify and de-prioritize routers that appear malicious.
{%- endtrans %}
{% trans -%}
This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
This is a backward-compatible change, so older routers will still be able to use the streaming capabilities of newer routers.
This issue was discovered and fixed internally, by the I2P development team, and is not related to the DDOS attacks.
We have never encountered a replayed streaming packet in the wild and do not believe a streaming replay attack has ever taken place against the I2P network at this time.
{%- endtrans %}
{% trans -%}
As you may have noticed, these release notes and the release itself have been signed by idk, and not zzz.
zzz has chosen to step away from the project and his responsibilities are being taken on by other team members.
As such, the project is working on replacing the network statistics infrastructure and moving the development forum to i2pforum.i2p.
We thank zzz for providing these services for such a long time.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
{%- endtrans %}
**DETAILS**
*Changes*
- {% trans %}i2psnark: New search feature{% endtrans %}
- {% trans %}i2psnark: New max files per torrent config{% endtrans %}
- {% trans %}NetDB: Expiration improvements{% endtrans %}
- {% trans %}NetDB: More restrictions on lookups and exploration{% endtrans %}
- {% trans %}NetDB: Store handling improvements{% endtrans %}
- {% trans %}NTCP2: Banning improvements{% endtrans %}
- {% trans %}Profiles: Adjust capacity estimates{% endtrans %}
- {% trans %}Profiles: Expiration improvements{% endtrans %}
- {% trans %}Router: Initial support for congestion caps (proposal 162){% endtrans %}
- {% trans %}Transports: Add inbound connection limiting{% endtrans %}
- {% trans %}Tunnels: Refactor and improve peer selection{% endtrans %}
- {% trans %}Tunnels: Improve handling of "probabalistic" rejections{% endtrans %}
- {% trans %}Tunnels: Reduce usage of unreachable and floodfill routers{% endtrans %}
*Bug Fixes*
- {% trans %}Docker: Fix graphs not displaying{% endtrans %}
- {% trans %}i2psnark: Fix torrents with '#' in the name{% endtrans %}
- {% trans %}i2psnark standalone: Fix running from outside directory{% endtrans %}
- {% trans %}i2psnark standalone: Remove "Start I2P" menu item from systray{% endtrans %}
- {% trans %}i2ptunnel: Fix typo in HTTPS outproxy hostname{% endtrans %}
- {% trans %}i2ptunnel: Interrupt tunnel build if stop button clicked{% endtrans %}
- {% trans %}i2ptunnel: Return error message to IRC, HTTP, and SOCKS clients on failure to build tunnels{% endtrans %}
- {% trans %}NTCP2: Ensure an IPv6 address is published when firewalled and IPv4 is not{% endtrans %}
- {% trans %}Ratchet: Don't bundle wrong leaseset with ack{% endtrans %}
- {% trans %}Router: Fixes for symmetric NAT errors on 'full cone' NAT{% endtrans %}
- {% trans %}SAM: Interrupt tunnel build if client times out{% endtrans %}
- {% trans %}SSU2: Fix rare peer test NPE{% endtrans %}
- {% trans %}Sybil: Don't blame i2pd publishing ::1{% endtrans %}
- {% trans %}Sybil: Memory usage and priority reduction{% endtrans %}
- {% trans %}Transports: More IP checks{% endtrans %}
*Other*
- {% trans %}Blocklist efficiency improvements{% endtrans %}
- {% trans %}Bundles: Identify Win and Mac bundles in version info{% endtrans %}
- {% trans %}Console: Identify service installs, revision, and build time in version info{% endtrans %}
- {% trans %}Console: NetDB search form and tunnels page improvements (advanced only){% endtrans %}
- {% trans %}Router: Reduce stats memory usage{% endtrans %}
- {% trans %}Tunnels: Reduce "grace period"{% endtrans %}
- {% trans %}Translation updates{% endtrans %}
Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.2.0

67
i2p2www/blog/2023/06/25/new_release_2.3.0.rst Normal file
View File

@ -0,0 +1,67 @@
{% trans -%}
=================
I2P Release 2.3.0
=================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-06-25
:category: release
:excerpt: {% trans %}I2P 2.3.0: Security Fixes, Tweakable Blocklists{% endtrans %}
{% trans -%}
This release contains fixes for CVE-2023-36325.
CVE-2023-36325 is a context-confusion bug which occurred in the bloom filter.
An attacker crafts an I2NP message containing a unique messageID, and sends that messageID to a client.
The message, after passing through the bloom filter, is not allowed to be re-used in a second message.
The attacker then sends the same message directly to the router.
The router passes the message to the bloom filter, and is dropped.
This leaks the information that the messageID has been seen before, giving the attacker a strong reason to believe that the router is hosting the client.
This has been fixed by separting the bloom filter's functionality into different contexts based on whether a message came down a client tunnel, an exploratory tunnel, was sent to the router directly.
Under normal circumstances, this attack takes several days to perform successfully and may be confounded by several factors such as routers restarting during the attack phase and sensitivity to false-positives.
Users of Java I2P are recommended to update immediately to avoid the attack.
{%- endtrans %}
{% trans -%}
In the course of fixing this context confusion bug, we have revised some of our strategies to code defensively, against these types of leaks.
This includes tweaks to the netDb, the rate-limiting mechanisms, and the behavior of floodfill routers.
{%- endtrans %}
{% trans -%}
This release adds not_bob as a second default hosts provider, and adds `notbob.i2p <http://notbob.i2p>`_ and `ramble.i2p <http://ramble.i2p>`_ to the console homepage.
{%- endtrans %}
{% trans -%}
This release also contains a tweakable blocklist.
Blocklisting is semi-permanent, each blocked IP address is normally blocked until the router is restarted.
Users who observe explosive blocklist growth during sybil attacks may opt-in to shorter timeouts by configuring the blocklist to expire entries at an interval.
This feature is off-by-default and is only recommended for advanced users at this time.
{%- endtrans %}
{% trans -%}
This release also includes an API for plugins to modify with the Desktop GUI(DTG).
It is now possible to add menu items to the system tray, enabling more intuitive launching of plugins which use native application interfaces.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
{%- endtrans %}
**DETAILS**
*Changes*
- {% trans %}netDb: Throttle bursts of netDB lookups{% endtrans %}
- {% trans %}Sybil/Blocklist: Allow users to override blocklist expiration with an interval{% endtrans %}
- {% trans %}DTG: Provide an API for extending DTG with a plugin{% endtrans %}
- {% trans %}Addressbook: add notbob's main addressbook to the default subscriptions.{% endtrans %}
- {% trans %}Console: Add Ramble and notbob to console homepage{% endtrans %}
*Bug Fixes*
- {% trans %}Fix replay attack: CVE-2023-36325{% endtrans %}
- {% trans %}Implement handling of multihomed routers in the netDb{% endtrans %}
- {% trans %}Fully copy new leaseSets when a leaseSet recievedAsPublished overwrites a leaseSet recievedAsReply{% endtrans %}
Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.3.0

45
i2p2www/blog/2023/07/10/easy-install_for_windows_release_2.3.0.rst Normal file
View File

@ -0,0 +1,45 @@
{% trans -%}
=======================================
Easy-Install for Windows 2.3.0 Released
=======================================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-07-10
:category: release
:excerpt: {% trans %}Easy-Install for Windows 2.3.0 Released{% endtrans %}
{% trans -%}
The I2P Easy-Install bundle for Windows version 2.3.0 has now been released.
As usual, this release includes an updated version of the I2P router.
This extends to security issues which affect people hosting services on the network.
{%- endtrans %}
{% trans -%}
This will be the last release of the Easy-Install bundle which will be incompatible with the I2P Desktop GUI.
It has been updated to include new versions of all included webextensions.
A longstanding bug in I2P in Private Browsing which makes it incompatible with custom themes has been fixed.
Users are still advised to *not* install custom themes.
Snark tabs are not automatically pinned to the top of the tab order in Firefox.
Except for using alternate cookieStores, Snark tabs now behave as normal browser tabs.
{%- endtrans %}
{% trans -%}
**Unfortunately, this release is still an unsigned `.exe` installer.**
Please verify the checksum of the installer before using it.
**The updates, on the other hand** are signed by my I2P signing keys and therefore safe.
{%- endtrans %}
{% trans -%}
This release was compiled with OpenJDK 20.
It uses i2p.plugins.firefox version 1.1.0 as a library for launching the browser.
It uses i2p.i2p version 2.3.0 as an I2P router, and to provide applications.
As always it is recommended that you update to the latest version of the I2P router at your earliest convenient opportunity.
{%- endtrans %}
- `Easy-Install Bundle Source <http://git.idk.i2p/i2p-hackers/i2p.firefox/-/tree/i2p-firefox-2.3.0>`_
- `Router Source <http://git.idk.i2p/i2p-hackers/i2p.i2p/-/tree/i2p-2.3.0>`_
- `Profile Manager Source <http://git.idk.i2p/i2p-hackers/i2p.plugins.firefox/-/tree/1.1.0>`_

40
i2p2www/blog/2023/4/12/new_release_2.2.1.rst Normal file
View File

@ -0,0 +1,40 @@
{% trans -%}
=================
I2P Release 2.2.1
=================
{%- endtrans %}
.. meta::
:author: idk
:date: 2023-04-12
:category: release
:excerpt: {% trans %}Packaging Fixes{% endtrans %}
{% trans -%}
After the I2P 2.2.0 release, which was moved forward to accelerate mitigations for the DDOS attacks, we learned about a few developing issues which made it necessary to build and release new packages.
This release fixes an issue within Ubuntu Lunar and Debian Sid where the router console was inaccessible using an updated version of the jakarta package.
Docker packages were not reading arguments correctly, resulting in inaccessible configuration files.
This issue has also been resolved.
The docker container is now also compatible with Podman.
{%- endtrans %}
{% trans -%}
This release syncs translations with transifex and updates the GeoIP database.
{%- endtrans %}
{% trans -%}
As usual, we recommend that you update to this release.
The best way to maintain security and help the network is to run the latest release.
{%- endtrans %}
**DETAILS**
*Changes*
- {% trans %}Fix missing Java options in docker/rootfs/startapp.sh{% endtrans %}
- {% trans %}Detect when running in Podman instead of regular Docker{% endtrans %}
- {% trans %}Update Tor Browser User-Agent String{% endtrans %}
- {% trans %}Update local GeoIP database{% endtrans %}
- {% trans %}Remove invalid signing keys from old installs{% endtrans %}
- {% trans %}Update Tomcat version in Ubuntu Lunar and Debian Sid{% endtrans %}
Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.2.1

84
i2p2www/blog/README
View File

@ -24,6 +24,19 @@ index page). The following metadata is used:
- **excerpt**: Summary of the post (generally the same as the first line for
translation purposes). Required, it is displayed on the blog index.
Please use the following standard categories:
- android
- beta
- community
- conferences
- development
- general
- news
- release
- security
How to use the blog
-------------------
@ -31,10 +44,72 @@ How to use the blog
'mkdir -p 2014/01/01'. Day and month directories MUST be two digits!
2. Create a file in that directory with suffix '.rst'. The name of the file and
the directory path will together be the URL that the post will be visible at
e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'
e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'.
Use - for spaces in the file name.
3. Write the blog post in reStructuredText format, taking note of the custom
format notes above.
Translations
-------------
Write your post so it may be easily translated.
Inside {% trans -%}...{%- endtrans %} blocks, put line breaks after long sentences
or phrases. Do not put line breaks at random places.
Links
-------------
The goal is to keep as much formatting out of the tagged string as possible,
so that the translators are less likely to inadvertently break the formatting,
and we can change the link later without breaking translations.
This also allows us to use macros for converting to .i2p links.
External links:
For full untranslated link text:
`QUIC <https://www.rfc-editor.org/rfc/rfc9000.html>`_
For full translated link text:
`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %}`__
__ https://geti2p.net/en/download/mac
or:
`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %} <https://geti2p.net/en/download/mac>`_
For partial translated link text:
{% trans link1="https://...", link2="..." -%}
Blah blah `link text <{{ link1 }}>`_ more text.
<%- endtrans %>
Internal links:
As above but use, e.g.
`NTCP2 <{{spec_url("ntcp2")}}>`_
`SSU2 <{{proposal_url("159")}}>`_
This does not work: {% trans link1="{{spec_url('i2np')}}" -%}
Multiple links to the same thing:
{% trans -%}
Blah blah RFC-9001_
and RFC-9001_ again.
<%- endtrans %>
.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
RST guide: https://docutils.sourceforge.io/docs/user/rst/quickref.html#hyperlink-targets
Writing draft posts
-------------------
@ -43,6 +118,13 @@ with this suffix will be visible at their post URL, but will not be shown in
the blog index. To publish the draft post, change the filename to remove the
'.draft' in the suffix (e.g. git mv foo.draft.rst foo.rst).
Review your formatting before checking in with the linux tool rst2html.
This will not process translation blocks, of course.
After checking in the draft, navigate to it in your browser and verify
the formatting is correct, including translation blocks.
Creating shortlinks
-------------------

3
i2p2www/blog/helpers.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
import codecs
import datetime
from docutils.core import publish_parts
@ -140,6 +141,8 @@ def render_blog_post(slug):
with codecs.open(path, encoding='utf-8') as fd:
content = fd.read()
#print(content)
# render the post with Jinja2 to handle URLs etc.
rendered_content = render_template_string(content)

1
i2p2www/blog/views.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
from flask import abort, g, redirect, render_template, request, url_for
from werkzeug.contrib.atom import AtomFeed

1
i2p2www/browser.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
from flask import redirect, render_template, request
from i2p2www import CURRENT_I2P_VERSION, MIRRORS_FILE

23
i2p2www/downloads.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
from flask import abort, redirect, render_template, request
try:
import json
@ -27,13 +28,13 @@ DEFAULT_MIRROR = {
# "country": "no",
#}
DEFAULT_MIRROR= {
'net': 'clearnet',
'protocol': 'https',
'domain': 'download.i2p2.no',
'org': 'sigterm.no',
'country': 'no',
}
#DEFAULT_MIRROR= {
# 'net': 'clearnet',
# 'protocol': 'https',
# 'domain': 'download.i2p2.no',
# 'org': 'sigterm.no',
# 'country': 'no',
#}
DEFAULT_I2P_MIRROR = {
'net': 'i2p',
@ -90,6 +91,10 @@ def downloads_debian():
def downloads_windows():
return render_template('downloads/windows.html')
# MacOS-specific page
def downloads_macos():
return render_template('downloads/macos.html')
# AIO-Windows-specific page
def downloads_easyinstall():
# TODO: read mirror list or list of available files
@ -162,13 +167,13 @@ def downloads_redirect(version, net, protocol, domain, file):
}
if not protocol:
protocol = mirrors.keys()[randint(0, len(mirrors) - 1)]
protocol = list(mirrors.keys())[randint(0, len(mirrors) - 1)]
if not protocol in mirrors:
abort(404)
mirrors=mirrors[protocol]
if not domain:
domain = mirrors.keys()[randint(0, len(mirrors) - 1)]
domain = list(mirrors.keys())[randint(0, len(mirrors) - 1)]
if not domain in mirrors:
abort(404)
return render_template('downloads/redirect.html',

7
i2p2www/extensions.py
View File

@ -1,5 +1,7 @@
# -*- coding: utf8 -*-
from __future__ import absolute_import
from __future__ import print_function
import os
import sys
from jinja2 import nodes
@ -9,6 +11,7 @@ from pygments import highlight
from pygments.lexers import get_lexer_by_name, guess_lexer
from pygments.formatters import HtmlFormatter
from pygments.util import ClassNotFound
import six
try:
import ctags
@ -29,8 +32,8 @@ def we_are_frozen():
def module_path():
encoding = sys.getfilesystemencoding()
if we_are_frozen():
return os.path.dirname(unicode(sys.executable, encoding))
return os.path.dirname(unicode(__file__, encoding))
return os.path.dirname(six.text_type(sys.executable, encoding))
return os.path.dirname(six.text_type(__file__, encoding))
class HighlightExtension(Extension):

21
i2p2www/formatters.py
View File

@ -9,14 +9,21 @@
:license: BSD, see LICENSE for details.
"""
from __future__ import absolute_import
from __future__ import print_function
import os
import sys
import os.path
import StringIO
try:
from StringIO import StringIO
except ImportError:
from io import StringIO
from pygments.formatter import Formatter
from pygments.token import Token, Text, STANDARD_TYPES
from pygments.util import get_bool_opt, get_int_opt, get_list_opt, bytes
from pygments.util import get_bool_opt, get_int_opt, get_list_opt#, bytes
import six
from six.moves import range
try:
import ctags
@ -459,7 +466,7 @@ class I2PHtmlFormatter(Formatter):
"""
if arg is None:
arg = ('cssclass' in self.options and '.'+self.cssclass or '')
if isinstance(arg, basestring):
if isinstance(arg, six.string_types):
args = [arg]
else:
args = list(arg)
@ -473,7 +480,7 @@ class I2PHtmlFormatter(Formatter):
return ', '.join(tmp)
styles = [(level, ttype, cls, style)
for cls, (style, ttype, level) in self.class2style.iteritems()
for cls, (style, ttype, level) in six.iteritems(self.class2style)
if cls and style]
styles.sort()
lines = ['%s { %s } /* %s */' % (prefix(cls), style, repr(ttype)[6:])
@ -511,8 +518,8 @@ class I2PHtmlFormatter(Formatter):
cssfilename = os.path.join(os.path.dirname(filename),
self.cssfile)
except AttributeError:
print >>sys.stderr, 'Note: Cannot determine output file name, ' \
'using current directory as base for the CSS file name'
print('Note: Cannot determine output file name, ' \
'using current directory as base for the CSS file name', file=sys.stderr)
cssfilename = self.cssfile
# write CSS file only if noclobber_cssfile isn't given as an option.
try:
@ -521,7 +528,7 @@ class I2PHtmlFormatter(Formatter):
cf.write(CSSFILE_TEMPLATE %
{'styledefs': self.get_style_defs('body')})
cf.close()
except IOError, err:
except IOError as err:
err.strerror = 'Error writing CSS file: ' + err.strerror
raise

6
i2p2www/helpers.py
View File

@ -1,5 +1,7 @@
from __future__ import absolute_import
from math import ceil
from werkzeug import import_string, cached_property
from werkzeug.utils import cached_property, import_string
from six.moves import range
########################
# General helper methods
@ -56,7 +58,7 @@ class Pagination(object):
def iter_pages(self, left_edge=2, left_current=2,
right_current=5, right_edge=2):
last = 0
for num in xrange(1, self.pages + 1):
for num in range(1, self.pages + 1):
if num <= left_edge or \
(num > self.page - left_current - 1 and \
num < self.page + right_current) or \

7
i2p2www/legacy.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
from flask import g, redirect, url_for
@ -23,6 +24,7 @@ LEGACY_FUNCTIONS_MAP={
'easyinstall': {'function': 'downloads_easyinstall', 'params': {}},
'nsis': {'function': 'downloads_easyinstall', 'params': {}},
'windows': {'function': 'downloads_windows', 'params': {}},
'macos': {'function': 'downloads_macos', 'params': {}},
'download': {'function': 'downloads_list', 'params': {}},
'installation': {'function': 'downloads_list', 'params': {}},
'meetings': {'function': 'meetings_index', 'params': {}},
@ -196,7 +198,7 @@ LEGACY_RELEASES_MAP={
'0.9.8': (2013, 9, 30),
'0.9.8.1': (2013, 10, 2),
'0.9.9': (2013, 12, 7),
'0.9.10': (2014, 01, 22),
'0.9.10': (2014, 0o1, 22),
}
def legacy_show(f):
@ -231,5 +233,6 @@ def legacy_release(version):
else:
return legacy_show('release-%s' % version)
def legacy_blog(lang, (year, month, day), title):
def legacy_blog(lang, xxx_todo_changeme, title):
(year, month, day) = xxx_todo_changeme
return redirect(url_for('blog_post', lang=lang, slug=('%d/%02d/%02d/%s' % (year, month, day, title))), 301)

1
i2p2www/lexers.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
from pygments.lexer import RegexLexer, bygroups
from pygments.token import *

4
i2p2www/meetings/helpers.py
View File

@ -1,3 +1,5 @@
from __future__ import absolute_import
from __future__ import print_function
import codecs
import datetime
from docutils.core import publish_parts
@ -54,7 +56,7 @@ def get_meetings_ids(num=0):
# iterate over all files
for f in v[2]:
# ignore all non-.rst files
print("Meeting file found", f)
print(("Meeting file found", f))
if not f.endswith('.rst'):
continue
try:

165
i2p2www/meetings/logs/316.log Normal file
View File

@ -0,0 +1,165 @@
(04:00:08 PM) eyedeekay: Hi everyone, welcome to the October 4 2022 meeting
(04:00:08 PM) eyedeekay: 1. Hi
(04:00:18 PM) zlatinb: hi
(04:00:28 PM) zzz: hi
(04:00:51 PM) eyedeekay: 1. Hi
(04:00:51 PM) eyedeekay: 2. 1.10.0 development status
(04:00:51 PM) eyedeekay: 3. next release 2.0.0?
(04:00:51 PM) eyedeekay: 4. Publish source tarballs for bundle releases
(04:00:51 PM) eyedeekay: 5. Free stickers for translators
(04:00:51 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
(04:01:05 PM) eyedeekay: 2. 1.10.0 development status
(04:01:15 PM) eyedeekay: About 7 weeks to go
(04:01:24 PM) eyedeekay: My big priority this month has been to get the Windows Easy-Install bundle ready to go out of beta
(04:01:31 PM) eyedeekay: Lots of stuff on the forum about that, targeting stable updates, compatibility with existing/unbundled routers, and a more stable and flexible way to manage and launch browser profiles, more on all that in item 6
(04:01:38 PM) eyedeekay: Also working on a "Split Tunneling" or "Per-App VPN" tool in Android(on the roadmap).
(04:01:47 PM) eyedeekay: The utility is that it allow users to configure their browsers more easily, in a way which prevents WebRTC escapes by putting them onto an interface which corresponds to an I2P connection and not to their network provider
(04:02:05 PM) eyedeekay: zzz, zlatinb what would you like to add that you're working on
(04:02:30 PM) zzz: not a lot to report... SSU2 testing continues to go well...
(04:02:53 PM) zzz: put up proposal 161 about compressible padding, we'll be discussing it in #ls2 meetings...
(04:03:06 PM) zlatinb: Nothing specific I'm working on, just want to let everyone know that I'll be afk from 22nd Nov to 10th Dec so if the next release gets tagged on the 21st I may be able to build the mac bundles but will most likely not be able to seed the torrents
(04:03:29 PM) eyedeekay: If you send me the files I'll seed them for you
(04:03:32 PM) zzz: I have some peer selection efficiency improvements I'm going to try to get in soon, may or may not make it
(04:03:43 PM) zzz: EOT
(04:04:21 PM) eyedeekay: Thanks zzz, zlatinb, I don't want to rush anybody but we do have a long agenda today, anything else to add on 2?
(04:04:59 PM) eyedeekay: 3. next release 2.0.0?
(04:04:59 PM) eyedeekay: My vote is yes to 2.0.0
(04:05:19 PM) zzz: yeah I put it up for comments on my forum and got I think 1 yes and no no's
(04:05:36 PM) eyedeekay: I was a yes at the last meeting too I think
(04:05:46 PM) zzz: I'd like to decide today because I have a SSU2 blog post ready to go and it would be helpful to refer to the next release by number
(04:06:22 PM) zzz: yeah I didn't hear any strong opinions one way or the other last meeting which is why we pushed it a month
(04:06:34 PM) zzz: I think it's a good idea
(04:06:51 PM) zzz: so if there's no objections, let's call it 2.0.0!
(04:07:30 PM) eyedeekay: Timeout 1m for objections
(04:07:47 PM) zzz: make it 30 seconds :)
(04:07:54 PM) eyedeekay: Yeah I already burned 30
(04:08:04 PM) eyedeekay: OK there it is
(04:08:06 PM) eyedeekay: 2.0.0
(04:08:17 PM) eyedeekay: 4. Publish source tarballs for bundle releases
(04:08:31 PM) zzz: yeah this was my item
(04:08:53 PM) zzz: standard open source practice is to post source tarballs, even if we can point to a git tag
(04:09:06 PM) zzz: I understand that the Mac source doesn't change release to release?
(04:09:10 PM) zzz: but the windows source does?
(04:09:46 PM) zlatinb: well the mac bundle has evolved to enable arm64 but in general it doesn't change
(04:10:02 PM) eyedeekay: What we both do is clone a copy of the repo and check out a specific release tag, ant distclean, generate our jars, and copy them into the bundle trees
(04:10:15 PM) zzz: anyway, my recommendation is that we generate source tarballs as part of the build process and link to them on the respective download pages
(04:10:36 PM) zzz: if they don't change, then I guess they can be unversioned
(04:10:50 PM) zzz: so the windows source doesn't change release-to-release either?
(04:11:01 PM) zlatinb: I would rather just tag and then fetch the tarball from github. I expect at least for a while the only thing changing in the mac bundle will be the changelog file
(04:11:50 PM) zzz: you all can work out the details, but the goal is to have source and instructions so anybody can build it themselves
(04:12:00 PM) eyedeekay: The i2p jars that get included don't change except to get updated, but the Windows source has changed in the launcher quite a lot since it started
(04:12:12 PM) zzz: are you two willing to do that and add it to your release processes?
(04:12:21 PM) eyedeekay: Yes absolutely
(04:12:31 PM) eyedeekay: My release scripts and daily scripts now include tarball every time
(04:12:36 PM) zzz: you don't need to include dependencies such as i2p, and probably shouldn't
(04:12:37 PM) eyedeekay: zab's too IIRC
(04:12:54 PM) zlatinb: the question is where to put the tarballs, should they be available on the site, etc.
(04:13:25 PM) zzz: somewhere on the download server with everything else, with links on the bundle pages. You two can work out the details to be consistent
(04:13:59 PM) zlatinb: well that's the thing, if we can just point to a gitlab tag then there's no need for any extraneous links
(04:14:31 PM) zzz: disagree, I think it's good open source practice to publish source tarballs
(04:14:55 PM) zlatinb: github and maybe gitlab allow tarball download off of a tag
(04:14:57 PM) eyedeekay: It's not much more effort, I'm not against it, I tag in the same script I generate tarballs in
(04:15:05 PM) zzz: here's the binary, here's the source, here's the gpg sigs, here's the build instructions
(04:15:29 PM) zzz: it's also consistent with our mainline release to have tarballs
(04:16:15 PM) zzz: sounds like zlatinb is not in agreement? should we push this off to next month?
(04:16:38 PM) zlatinb: yeah I think it's unnecessary
(04:16:57 PM) zlatinb: but don't mind doing it if that's what the decision is
(04:17:11 PM) zzz: if it never changes, you only have to do it once and you're done
(04:17:47 PM) zlatinb: it has changed very rarely historically
(04:18:03 PM) eyedeekay: Kicking it down the road for now is fine with me, zlatinb and I can work out what we're going to do or not do in the meantime
(04:18:33 PM) eyedeekay: This might be a situation where we have to be a little different because my bundle has been a little more rapidly-changing than his
(04:19:27 PM) zzz: if we don't want to decide today I'll start a forum thread to solicit more opinions
(04:20:44 PM) zlatinb: ok
(04:20:44 PM) zzz: ok = you're oppposed for now?
(04:21:02 PM) eyedeekay: Probably a good idea, and I'm pro tarballs
(04:21:31 PM) zlatinb: yeah
(04:21:31 PM) zzz: no problem, eyedeekay put it on the list for next month
(04:21:37 PM) eyedeekay: OK can do
(04:21:52 PM) eyedeekay: Anything else for 4?
(04:22:38 PM) eyedeekay: 5. Free stickers for translators
(04:22:55 PM) eyedeekay: zzz this one was also yours, take it away whenever you're ready
(04:23:16 PM) zzz: yeah, credit sarah jamie lewis on twitter
(04:23:32 PM) zzz: for her project which I've forgotten the name... cwtch?
(04:24:02 PM) eyedeekay: That's the one
(04:24:02 PM) zzz: anyway, thought it was a good idea, but we'd need a) stickers and b) people to mail them
(04:24:17 PM) zzz: both of which we used to have but are now out of both people and stickers?
(04:24:40 PM) zzz: so, do we want to do it, and should we order stickers (even if we don't)
(04:24:45 PM) zzz: EOT
(04:25:26 PM) zzz: sadie and eche|on used to be the sticker people I think
(04:25:38 PM) eyedeekay: I went through and counted mine up, I've got maybe 35 of the old ones(Toopie) and 91 left of the run I ordered in the spring, but I'd be fine with ordering more
(04:25:41 PM) zzz: anyway, comments please... yes/no/maybe?
(04:26:00 PM) eyedeekay: I can mail them within the US and Canada but the EU isn't great for me
(04:26:21 PM) zzz: we have hundreds of translators registered. only a few are probably active
(04:26:41 PM) zzz: who is the sticker-orderer-person?
(04:27:54 PM) eyedeekay: The last person to order stickers was probably me, but I did them on my own time/out of pocket so I would have them for conventions
(04:28:19 PM) zzz: who's in charge of PR?
(04:28:48 PM) zzz: who has an opinion about stickers for translators?
(04:28:48 PM) zzz: well, you could have / should have gotten reimbursed... echelon used to be the sticker guy
(04:29:54 PM) zzz: we're going to need his buyin both for the cost, and to make him the EU mail person, and to send half to you and half to him
(04:30:15 PM) zzz: since he's not around, put this on the list for next month, I'll try to get his attention
(04:30:22 PM) eyedeekay: I think that if translators request stickers we should be able to get them some stickers, but that it should be contingent on request
(04:30:59 PM) zzz: sure, we don't have anybody's address, they have to ask. but we would have to tell them to ask
(04:31:17 PM) uis is now known as Irc2PGuest33729
(04:31:48 PM) zzz: if anybody's going to CCC then you need to hop on more stickers, independent of translators
(04:32:42 PM) zzz: EOT, push it to next month, no answers today
(04:32:47 PM) eyedeekay: Ack, I do plan to go so I'll make sure I have some stickers
(04:32:47 PM) eyedeekay: So next step is start an email chain with Ech about it
(04:33:09 PM) eyedeekay: EOT from me, anything else on 5?
(04:33:50 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
(04:33:58 PM) eyedeekay: This one's mine obviously
(04:34:26 PM) eyedeekay: So 1.9.5 point release happened technically because of the reseed application context timer obviously
(04:34:45 PM) eyedeekay: But it was a convenient time to also keep an eye on how the updates performed
(04:35:54 PM) zlatinb: and how did it behave?
(04:35:55 PM) eyedeekay: It wasn't without complications, people who were using fell into 3 groups
(04:36:56 PM) eyedeekay: 1. People for whom it worked perfectly
(04:36:56 PM) eyedeekay: 2. People for whom it resulted in corrupted router.config files for un-bundled routers
(04:36:56 PM) eyedeekay: 3. People for whom it it did not update because the router.config files were from un-bundled routers
(04:37:22 PM) eyedeekay: 2 and 3 were problems, I followed up with the fix in a forum post on zzz.i2p
(04:37:43 PM) eyedeekay: I believe they are fixed now and cannot recur in the future
(04:37:57 PM) eyedeekay: Therefore I think the update process will be ready by what is now 2.0.0
(04:38:08 PM) eyedeekay: I actually think it's ready now but 7 weeks to test
(04:38:53 PM) eyedeekay: So I would like to move it out of beta in November
(04:39:09 PM) zzz: we don't have documented criteria for out-of-beta, really
(04:39:17 PM) zzz: but for me it's that the release processes are solid, things aren't getting missed
(04:39:27 PM) zzz: we're not doing point releases a week later to fix stuff
(04:39:45 PM) zzz: but you may wish to list your own feature goals
(04:40:21 PM) zzz: for example, are you two solid on reviewing the java updates every three months and jointly deciding to release or not?
(04:40:40 PM) zzz: I didn't see any on-IRC discussion. did it happen off-IRC perhaps?
(04:41:31 PM) zlatinb: the last discussion happened here, there has been no off-IRC discussion regarding jre point releases since
(04:42:21 PM) eyedeekay: Didn't we talk about it on Whereby a little after that?
(04:42:36 PM) eyedeekay: IIRC we only release in the Java cycle if there's a CVE which affects the last release?
(04:42:46 PM) zzz: just to take an example, 18.0.2.1 August 18 2022 fixes a JIT bug that crashes the JRE. Are you two both on that, or did you jointly decide it wasn't necessary?
(04:43:33 PM) zlatinb: I'm not on that I don't think
(04:43:43 PM) zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
(04:44:08 PM) zlatinb: 21:43:29 zlatinb: I'm not on that I don't think
(04:44:08 PM) zlatinb: 21:43:42 zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
(04:44:12 PM) zzz: back
(04:45:12 PM) eyedeekay: I am on 18.0.2.1 but because I pushed back my release to try and make sure I addressed some stability issues and by that time Java had updated
(04:45:24 PM) eyedeekay: Also my point release was built with an updated JDK
(04:45:35 PM) eyedeekay: So that's got us out-of-sync again I think
(04:45:54 PM) zzz: that's what I'm getting at about processes. If the build and release processes aren't yet stable and being reliably followed, these procucts aren't ready to graduate
(04:46:01 PM) zzz: so when you updated, to 18.0.2.1, did you tell zlatinb you were doing it and suggest he do the same?
(04:47:04 PM) eyedeekay: No I didn't, I simply let it auto-update and built with the latest version
(04:48:13 PM) eyedeekay: So... there's another process to revise on my side
(04:49:31 PM) zzz: I'd suggest you work on a solid bug-free release in november (together with whatever feature goals you have) and if that goes well put yourself on the agenda for december
(04:50:00 PM) eyedeekay: OK can do
(04:50:56 PM) zzz: or january because the release is likely to be late nov., may not have enough info by 1st week in dec.
(04:52:02 PM) eyedeekay: If there's not enough to go on by then I'll move it
(04:52:15 PM) eyedeekay: Anything else for 6?
(04:52:27 PM) zzz: a brief 6a)
(04:52:30 PM) eyedeekay: Sure
(04:52:52 PM) zzz: zlatinb, reported that the mac arm update went well, so as far as I'm concerned it's out of beta as discussed on my forum
(04:53:28 PM) zzz: zlatinb, you need to update your page to remove the beta label
(04:53:28 PM) zzz: eot
(04:53:28 PM) zlatinb: ok
(04:53:29 PM) zlatinb: will do soon
(04:54:24 PM) eyedeekay: All right that puts us at just shy of an hour, anything else for the meeting?
(04:54:26 PM) eyedeekay: timeout 1m
(04:54:41 PM) zlatinb: yes
(04:54:57 PM) zlatinb: if StormyCloud reads the logs, I encourage them to address the concerns raised on reddit
(04:56:15 PM) zlatinb: the longer that question stays unanswered the worse it looks
(04:56:18 PM) eyedeekay: agreed, they do sometimes come to reddit and it would be good to hear from them
(04:56:36 PM) zlatinb: eot
(04:56:43 PM) eyedeekay: Thanks zlatinb
(04:57:37 PM) eyedeekay: Anything else for the meeting(again)? timeout 30s this time
(04:58:21 PM) eyedeekay: Thanks everyone for coming, I'll post the logs tonight, see you around IRC and same time next month

11
i2p2www/meetings/logs/316.rst Normal file
View File

@ -0,0 +1,11 @@
I2P dev meeting, October 04, 2022 @ 20:00 UTC
=============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz,
zlatinb

93
i2p2www/meetings/logs/317.log Normal file
View File

@ -0,0 +1,93 @@
(03:00:31 PM) eyedeekay: Hi everyone, welcome to the November 8 meeting
(03:00:31 PM) eyedeekay: 1. Hi
(03:00:31 PM) eyedeekay: 2. 2.0.0 development status
(03:00:31 PM) eyedeekay: 3. Publish source tarballs for bundle releases
(03:00:31 PM) eyedeekay: 4. Free Stickers for Translators
(03:00:31 PM) eyedeekay: Anything else for the agenda?
(03:00:39 PM) mode (-m ) by zzz
(03:01:19 PM) zzz: hi
(03:01:58 PM) eyedeekay: hi zzz
(03:02:03 PM) eyedeekay: Anybody else here today?
(03:02:08 PM) eche|on: hi
(03:02:18 PM) eyedeekay: Hi eche|on
(03:02:39 PM) eyedeekay: 2. 2.0.0 development status
(03:02:58 PM) eyedeekay: We're 2 weeks from release with a tag freeze tomorrow, IIRC
(03:03:49 PM) eyedeekay: Yes that's exactly when
(03:04:38 PM) eyedeekay: zzz and orignal have been hard at work getting ssu2 ready, the plan is still to enable it
(03:05:08 PM) eyedeekay: I'll be doing an unsigned release of the I2P Easy-Install for Windows
(03:05:50 PM) eyedeekay: I don't know the Mac release status, though, are Mac users stuck on 1.9.0 until we can find a new Mac maintainer/signer?
(03:06:25 PM) zzz: yes. There's a pretty good summary of the release at http://zzz.i2p/topics/3377
(03:07:02 PM) zzz: the SSU2 testing in the last 3 months with 2% enabled has been a tremendous success
(03:07:17 PM) zzz: haven't found any major issues, but we've fixed countless minor ones
(03:08:19 PM) eche|on: go ahead with SSU2
(03:08:35 PM) eche|on: about mac: I got a dev account and a MAC, but no idea howto currently
(03:08:39 PM) eche|on: and less time
(03:09:03 PM) zzz: interesting
(03:09:31 PM) zzz: do you think you _could_ do it at some point? If so, when?
(03:09:39 PM) eche|on: I do have the git repo of the mac inclusions, but currently not yet looked into
(03:09:54 PM) eche|on: IF I find out howto, rather soon (tm)
(03:10:05 PM) zzz: even if it's a month or two late, that would be fantastic
(03:10:08 PM) eche|on: but the howto may fail in shorter terms
(03:10:41 PM) eche|on: also no idea about whats apple going to do, but those are parts to find out
(03:11:10 PM) eyedeekay: I'll see if I can help you, building the mac jpackages is pretty straightforward, I've never signed them but it's all in the scripts zab wrote
(03:11:25 PM) zzz: when I do the 2.0.0 news.xml, I'll also put a news entry in the mac feed saying it will be delayed
(03:11:42 PM) zzz: eyedeekay, do you have a mac?
(03:11:57 PM) eyedeekay: I have an Intel Mac but no dev account
(03:12:04 PM) eche|on: sadie has a mac, but neither idk nor sadie do want to go public with their names
(03:12:25 PM) eche|on: getting a dev account is rather simple : give out your name and pay 100$ a year
(03:12:28 PM) eyedeekay: I can make a dmg but it gets signed with local keys that aren't allowed on other Macs
(03:12:32 PM) zzz: I understand. The idea is you could walk thru everything but the notarization
(03:12:32 PM) eche|on: more or like thats it
(03:13:12 PM) eche|on: bb 2min
(03:13:25 PM) zzz: afaik it's the notarization that's the real pita. Hopefully the howto is clear...
(03:14:14 PM) eyedeekay: I think the only pitfall really is getting the Java dev environments set up, there's a tool you install through brew that switches version that makes it very easy though
(03:14:25 PM) zzz: eyedeekay, let's put this on the agenda for next month
(03:14:36 PM) eyedeekay: Can do
(03:15:19 PM) zzz: in the mean time, please run thru the howto as it currently exists as far as you can w/o notarization, just to test the howto and see if it needs any fixes for ech
(03:16:10 PM) zzz: esp. to check if the arm64 side is documented
(03:16:45 PM) eyedeekay: I will do everything I can, although I won't be able to run through the arm64 process because I do not have an arm64 Mac
(03:16:53 PM) eche|on: I will check howto get the certs with notarization,
(03:16:55 PM) eyedeekay: I'll do everything up to that though
(03:17:18 PM) eche|on: eyedeekay: just order a arm64 mac. refund as usual
(03:17:28 PM) eche|on: no need to stop at that
(03:17:30 PM) zzz: do you need an ARM mac to build ARM?
(03:17:41 PM) zzz: probably...
(03:17:59 PM) eyedeekay: I'm not quite sure on the subtleties of it all re: cross-compilation
(03:18:02 PM) zzz: there's also a possible workflow where idk builds and ech notarizes
(03:18:23 PM) zzz: but we don't need to work it all out here
(03:18:44 PM) eyedeekay: But jpackage is pretty picky about architecture/OS combinations
(03:19:28 PM) SoniEx2: raspberry pi?
(03:19:39 PM) zzz: let's move on to next topic
(03:19:40 PM) eyedeekay: ELF not Mach-O
(03:19:42 PM) eyedeekay: But yes
(03:19:45 PM) eyedeekay: 3. Publish source tarballs for bundle releases
(03:20:24 PM) eyedeekay: Since it's just me now and I wanted to publish source tarballs the whole time, 2.0.0 Windows getting source tarballs
(03:20:36 PM) eyedeekay: One for the bundle itself and one for the profile manager component
(03:21:17 PM) eyedeekay: As part of going through the scripts from the Mac bundle I'll add source tarball generation as part of the process
(03:21:18 PM) zzz: ok, and since the mac objector has left, let's add one to the mac page also
(03:21:28 PM) eyedeekay: Will do
(03:21:41 PM) zzz: great, I'm happy
(03:22:38 PM) eyedeekay: 4. Free Stickers for Translators
(03:23:27 PM) eche|on: yeah
(03:23:49 PM) eyedeekay: eche|on and I talked about this briefly after last month's meeting by email
(03:23:49 PM) eyedeekay: I think we were each in favor of doing it? I don't have my mail open
(03:24:23 PM) eche|on: sure we can do this, one for each part of the wolrd
(03:24:28 PM) zzz: it was my proposal, but it requires a) stickers and b) somebody to mail them
(03:24:30 PM) eche|on: but my sticker ressources are limited
(03:24:47 PM) zzz: as I understand we're essentially out of stickers
(03:24:59 PM) eche|on: sadie/idk still do have several
(03:25:05 PM) eche|on: I got around 400 or alike only
(03:25:23 PM) eche|on: should be enough for 1year+, but plan ahead
(03:25:26 PM) eyedeekay: Oh I ran myself down to like, 8 at All Things Open last week
(03:25:30 PM) eyedeekay: I'll need to order more
(03:25:53 PM) eche|on: ah, ok
(03:26:10 PM) zzz: can you two coordinate on who is ordering, what the design is, and make sure each of you gets half?
(03:26:16 PM) eyedeekay: Yes we can
(03:26:34 PM) zzz: super
(03:27:05 PM) zzz: when you have them in hand, holler and I'll announce on TX
(03:27:11 PM) eche|on: good
(03:27:22 PM) zzz: thanks guys
(03:27:46 PM) eyedeekay: No problem
(03:27:56 PM) eyedeekay: Anything else on 4 or for the meeting?
(03:28:25 PM) eche|on: nope
(03:29:14 PM) eyedeekay: All right thanks everybody for coming, I'll post the meeting in a few minutes

12
i2p2www/meetings/logs/317.rst Normal file
View File

@ -0,0 +1,12 @@
I2P dev meeting, November 08, 2022 @ 20:00 UTC
==============================================
Quick recap
-----------
* **Present:**
echelon,
eyedeekay,
zzz

83
i2p2www/meetings/logs/318.log Normal file
View File

@ -0,0 +1,83 @@
(08:00:09 PM) eyedeekay: Hello everyone, welcome to the rescheduled dev meeting
(08:00:09 PM) eyedeekay: 1. Hi
(08:00:09 PM) eyedeekay: 2. 2.0.0 Release Status, 2.0.0 Mac Release Status
(08:00:09 PM) eyedeekay: 3. 2.1.0 Development Status
(08:00:09 PM) eyedeekay: 4. Stickers for Translators
(08:00:50 PM) zzz: hi
(08:02:55 PM) eyedeekay: Doesn't seem like he's here? going to move along for now.
(08:04:04 PM) eyedeekay: 2. 2.0.0 release status: *most* targets of 2.0.0 were released about 3 weeks ago now, including i2p.i2p, Android, Debian and Easy-Install Windows, with Easy-Install for Mac delayed by zlatinb's departure
(08:04:04 PM) eyedeekay: Ech and I have been working on a plan to replace him in terms of maintenance, signing, and notarization of the OSX bundle, that is still expected for close to the end of this month
(08:06:01 PM) eyedeekay: Everybody knows how to build everything, has a good idea of the signing requirements, the last remaining thing to do is notarization in practice, and we don't know everything we should expect here but I think we have a good idea
(08:07:10 PM) eyedeekay: Android needed a point release due to a bug related to compatibility with a new API on newer devices, so Android users should make sure they've upgraded to 2.0.1
(08:07:10 PM) eyedeekay: eot for me on 2, anything to add zzz
(08:07:20 PM) zzz: lots
(08:07:50 PM) uis is now known as Irc2PGuest69907
(08:08:04 PM) zzz: I had to release a 2.0.0-2ubunutu1 debian/ubuntu build to fix an embarrassing but ultimately harmless bunch of stray symlinks in root
(08:08:38 PM) zzz: root cause was a typo, deb lint didn't catch it, not sure what the post mortem lesson is other than be more careful, we're root on install...
(08:09:12 PM) zzz: as far as the network, after 3 weeks, half of it has updated and is using ssu2
(08:09:39 PM) zzz: exploratory build success has been trending straight down since the release
(08:09:56 PM) zzz: we're concerned, and monitoring closely
(08:10:47 PM) zzz: at this point we think it's some combination of ssu-to-ssu2 migration, ssu2 bugs on both our side and in i2pd, and a couple of routers that are spamming the network with tunnel builds
(08:11:05 PM) zzz: i2pd is considering a mid-cycle january point release to get their fixes out
(08:11:33 PM) zzz: for now I don't think that's necessary on our side but it's always an option should we choose to
(08:12:18 PM) zzz: I think that's EOT but I'll have more info in a moment as a part of 3)
(08:13:09 PM) eyedeekay: Thank you zzz
(08:13:43 PM) eyedeekay: 3. 2.1.0 Development Status
(08:17:12 PM) eyedeekay: We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
(08:17:12 PM) eyedeekay: For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
(08:18:43 PM) eyedeekay: That's what I'm working on, zzz would you like to continue with your information or 3)?
(08:19:43 PM) dr|z3d: ... intermission ...
(08:23:56 PM) anonymousmaybe is now known as Irc2PGuest40130
(08:24:03 PM) eyedeekay: Welcome back
(08:25:17 PM) eyedeekay: What was the last thing you got?
(08:26:28 PM) zzz: back
(08:26:28 PM) zzz: is it my turn yet? :)
(08:26:28 PM) dr|z3d: you need to put on an apron and wheel the confectionery tray around the theater :)
(08:26:28 PM) dr|z3d: did you go out to get us all ice cream? :)
(08:26:28 PM) dr|z3d: recap:
(08:26:28 PM) dr|z3d: <eyedeekay> We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
(08:26:28 PM) dr|z3d: <eyedeekay> For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
(08:26:28 PM) dr|z3d: <eyedeekay> That's what I'm working on, zzz would you like to continue with your information or 3)?
(08:26:48 PM) zzz: thanks
(08:27:04 PM) zzz: drz gave it to me
(08:27:12 PM) zzz: ok, my turn!
(08:27:33 PM) zzz: about a week and a half after the release, when a lot of the net had updated, I started chasing SSU2 problems
(08:27:42 PM) zzz: and found a whole lot
(08:27:56 PM) zzz: both ours and helped i2pd find some of theirs
(08:27:58 PM) zzz: so it's been quite busy
(08:28:14 PM) zzz: as a result, we're at almost 7000 lines of diff, more than the whole 2.0.0 release
(08:28:38 PM) zzz: and whatever else I had planned for 2.1.0 I haven't gotten to yet, including promised peer selection improvements
(08:29:50 PM) zzz: I plan to bump to -7 after the meeting
(08:29:50 PM) zzz: while the "big changes in" deadline is early January, let's stay flexible, as we don't want a bunch of WIP in there if we're going to do a 2.0.1 release
(08:29:59 PM) zzz: so let's try not to break things with "big changes" if possible. Big changes are fine, as long as they're isolated
(08:30:40 PM) zzz: but things are going well and we're working closely with i2pd to track down and fix issues
(08:31:02 PM) zzz: including one-in-a-million ones that are now popping up
(08:31:16 PM) zzz: and one-in-a-zillion ones that dr|z3d is finding on his high speed routers
(08:31:30 PM) zzz: that's it! EOT, any questions?
(08:32:27 PM) eyedeekay: I'm slightly curious how often a "Million" of some things happens in in the real world but possibly a question for another time
(08:33:17 PM) eyedeekay: Thanks zzz
(08:34:12 PM) eyedeekay: It seems like once you get a whole bunch of routers doing a thing the odds of a rare event happening somewhere would go up very fast
(08:35:11 PM) zzz: yeah. perhaps we should have been more cautious, and not go from 2% to 100% in one release. But we'll get through it
(08:35:17 PM) uis is now known as Irc2PGuest38853
(08:37:15 PM) eyedeekay: 4. Stickers for Translators
(08:37:15 PM) eyedeekay: Only real news here is that I now have stickers for mailing, I've got a ton of them so if you're in the Americas then I am prepared to mail them
(08:37:58 PM) zzz: would you please post something on my forum, saying who is eligible and how to request
(08:38:17 PM) eyedeekay: Can do
(08:38:29 PM) zzz: then I will copy paste over to transifex announcement
(08:38:48 PM) zzz: what's the status of the euro side?
(08:39:44 PM) eyedeekay: Don't know if he has his yet, will request an update from him tonight
(08:40:07 PM) zzz: ok, guess I need to wait for that part of it before transifex
(08:40:43 PM) zzz: please whack him with your baffer for making us reschedule and then not showing :)
(08:41:07 PM) eyedeekay: Well it was my fault too but I'll make sure to let him know :)
(08:41:32 PM) zzz: I mean yesterday to today. you're not off the hook for last week :)
(08:42:41 PM) eyedeekay: That's all I've got for 4 and/or today, anything else for the meeting?
(08:42:50 PM) zzz: nope
(08:43:02 PM) zzz: are we on or off for Jan. 3?
(08:44:26 PM) eyedeekay: All right then thanks zzz for coming, I was going to say "On" for Jan 3 but we could do the 10th instead since IIRC LS2 will be the 9th
(08:45:01 PM) zzz: doesn't matter, your call
(08:45:35 PM) eyedeekay: Let's have it on the 9th in January and return to first-Tuesday in February
(08:45:52 PM) zzz: you mean 10th?
(08:45:59 PM) eyedeekay: Yes the 10th
(08:46:07 PM) zzz: ok
(08:46:15 PM) zzz: meeting over?
(08:46:25 PM) eyedeekay: Yes

11
i2p2www/meetings/logs/318.rst Normal file
View File

@ -0,0 +1,11 @@
I2P dev meeting, December 14, 2022 @ 20:00 UTC
==============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz

47
i2p2www/meetings/logs/319.log Normal file
View File

@ -0,0 +1,47 @@
(08:00:38 PM) eyedeekay: Welcome to the dev meeting, sorry again about about missing the time again yesterday
(08:00:38 PM) eyedeekay: 1. Hi
(08:00:38 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status
(08:00:38 PM) eyedeekay: 3. 2.2.0 Development Status
(08:00:38 PM) eyedeekay: 4. Congestion Throttling
(08:00:38 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
(08:00:46 PM) mode (-m ) by zzz
(08:00:57 PM) eyedeekay: 1. Hi
(08:01:00 PM) eyedeekay: Hi
(08:01:04 PM) zzz: hi
(08:01:29 PM) eyedeekay: tunnel_king are you here for 4 and 5?
(08:02:10 PM) eyedeekay: OK we'll play those by ear for now then
(08:02:21 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status
(08:03:32 PM) eyedeekay: 2.1.0 release happened yesterday, zzz released the software and the torrent went live, the percentage of the network which has updated has gone up about 7% since then if I'm counting the time correctly(so double check)
(08:04:07 PM) eyedeekay: I released Maven packages the same day, and will have Android updates out on all channels shortly after the end of this meeting
(08:04:29 PM) eyedeekay: Easy-Install for Windows will follow on that, and Easy-Install for Mac will be after that
(08:05:10 PM) eyedeekay: I believe that eche|on has given me the last clue I need to work out our notarization issue, we should know within a few days if that's true, which will correspond to a release
(08:05:30 PM) eyedeekay: Anything to add on the topic zzz?
(08:05:39 PM) zzz: just a little, thanks
(08:06:10 PM) zzz: the i2pd release a week ago looks promising, but that makes looking at the effects of our release a little harder
(08:06:22 PM) zzz: and i2pd plans a point release as early as today
(08:06:56 PM) zzz: so we won't have great info on what our release is doing, but as long as stats keep getting better, that's the main thing
(08:07:06 PM) zzz: far too early to say anything today, maybe in a week
(08:07:08 PM) zzz: EOT
(08:07:23 PM) eyedeekay: Thanks zzz
(08:07:42 PM) eyedeekay: 3. 2.2.0 Development Status
(08:08:52 PM) eyedeekay: I don't have a lot to say on this yet, most of my stuff has remained the same, but I believe we need to agree on a timeline for the release correct?
(08:09:13 PM) zzz: yeah, obviously we haven't done anything on 2.2.0 yet
(08:09:36 PM) zzz: I'd propose a standard 13 week cycle from here, unless we have any huge issues
(08:09:43 PM) eyedeekay: Sounds good to me
(08:09:46 PM) zzz: so that would be a release early April
(08:10:12 PM) aeiou_ is now known as aeiou
(08:10:14 PM) zzz: and put us firmly off our feb/may/aug/nov dates we've been on for several years, oh well
(08:10:40 PM) zzz: but we really need some time to do everything we didn't get to in our last shortened cycle
(08:10:48 PM) zzz: so let's pencil in 13 weeks
(08:10:49 PM) zzz: EOT
(08:11:22 PM) eyedeekay: Yeah, no argument here
(08:11:34 PM) eyedeekay: Plan for early April
(08:12:35 PM) eyedeekay: Anything else on 3?
(08:12:48 PM) eyedeekay: 4. Congestion Throttling and 5. Hypothetical Traffic Management ( Flood of Tor Users) were both added by tunnel_king on zzz.i2p, but I don't see such a name in the room, if you're here under another name, last call
(08:14:08 PM) eyedeekay: Anything else to discuss for the meeting?
(08:15:15 PM) eyedeekay: All right thanks zzz for coming, I promise to set an alarm for the one next month
(08:15:55 PM) zzz: no
(08:16:37 PM) eyedeekay: no nothing else for the meeting or no don't stop the meeting?
(08:16:38 PM) zzz: also I'd like to ask if eche|on is here and has anything to add on 2)
(08:16:38 PM) zzz: nope, that's it, everybody please click your update button to get that 2.1.0 goodness
(08:16:53 PM) zzz: nothing else, thanks

11
i2p2www/meetings/logs/319.rst Normal file
View File

@ -0,0 +1,11 @@
I2P dev meeting, January 10, 2023 @ 20:00 UTC
=============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz

153
i2p2www/meetings/logs/320.log Normal file
View File

@ -0,0 +1,153 @@
(08:01:07 PM) eyedeekay: Hi everybody, sorry I'm late, got disconnected right before the meeting
(08:01:59 PM) eyedeekay: 1. Hi
(08:01:59 PM) eyedeekay: 2. 2.1.0 Status Report
(08:01:59 PM) eyedeekay: 3. 2.2.0 Development Status
(08:01:59 PM) eyedeekay: 4. Congestion Throttling
(08:01:59 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
(08:01:59 PM) eyedeekay: 6. Stickers for translators
(08:01:59 PM) eyedeekay: zzz where do you want to do your report about the DOS? 2 or own topic?
(08:02:45 PM) zzz: let's call it 3b)
(08:02:46 PM) zzz: or 2b)
(08:02:59 PM) eyedeekay: OK 2b then
(08:03:00 PM) zzz: your choice
(08:03:53 PM) eyedeekay: 1. Hi who all is here today besides me and zzz?
(08:03:58 PM) zzz: hi
(08:04:09 PM) not_bob: Here
(08:04:18 PM) echelonMAC: here
(08:04:18 PM) obscuratus: Hi
(08:04:29 PM) eyedeekay: Great turnout, thanks everybody
(08:04:30 PM) echelonMAC: on replacement system.
(08:05:06 PM) eyedeekay: 2. 2.1.0 Status Report
(08:05:15 PM) zzz: irc is laggier than usual so please allow a little extra time for responses
(08:05:38 PM) eyedeekay: Thanks zzz I will keep that in mind
(08:09:02 PM) eyedeekay: Where to even start... my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app
(08:09:04 PM) eyedeekay: Android will get a point release on that account
(08:10:00 PM) eyedeekay: The topic I'm sure is on everybody's mind right now is the network being under attack which has shifted everybody's attention
(08:10:05 PM) eyedeekay: And that is topic 2b
(08:10:59 PM) eyedeekay: Shoot I mixed up the topics, scratch that, that was supposed to go to 3. sorry, long week, lot going on
(08:12:03 PM) eyedeekay: zzz would you do me a favor to take 2? I think I am ill-equipped to present on everything which is going on
(08:12:28 PM) zzz: sure
(08:12:29 PM) zzz: but before I do
(08:12:56 PM) zzz: do you and echelonMAC have a 2.1.0 mac easy-install bundle progress report?
(08:13:17 PM) eyedeekay: Oh yes I can do that
(08:14:38 PM) eyedeekay: So, we've been closing in on issues, and right now echelonMAC and have different hypothesis on what's going on which we're both pursuing
(08:14:38 PM) eyedeekay: My hypothesis is that this all stems from a stale workaround for a bug in Java 14
(08:15:08 PM) eyedeekay: Where jpackage is supposed to sign the dylib files that are packed into a disk image(dmg) but which are in fact left unsigned
(08:15:33 PM) echelonMAC: in short: eyedeekaym did redo the signing script, I can buiodl and sign, but still wrong signing for apple
(08:15:55 PM) eyedeekay: zab worked around this by creating the .app directory and signing the stuff inside it then using jpackage only for the final packaging step
(08:16:35 PM) eyedeekay: so when we upgraded Java's we started signing everything twice, and we no longer needed to do that signing step manually
(08:16:47 PM) eyedeekay: echelonMAC correct me if I'm wrong but you think you have the wrong sort of keys?
(08:17:10 PM) echelonMAC: maybe, maybe not, unsure about that
(08:17:18 PM) echelonMAC: at least the logs showing this error
(08:17:53 PM) zzz: my question was higher level, what's the ETA, is 2.1.0 still a target or has that been abandoned and you're hoping for 2.2.0, or what?
(08:18:15 PM) echelonMAC: 2.1.0 is still the target, but currently no ETA
(08:18:39 PM) echelonMAC: I can build nearly instant, but digging deeper is currently out of time...
(08:18:48 PM) eyedeekay: I still want to cut a release of 2.1.0 as soon as we know we can pass notarization, IMO once we can pass it once we should be able to do it predictably
(08:18:59 PM) zzz: eyedeekay more or less committed to early april 2.2.0 in his blog post, you're not endorsing that ETA echelonMAC ?
(08:19:49 PM) echelonMAC: I am completely helpless and cant predict a ETA, as I do not full yunderstand signing and building yet.
(08:20:12 PM) echelonMAC: more or less, I do follow scripts blindly, if idk can fix the signage, the notarization is a 5 min job.
(08:20:24 PM) echelonMAC: IF the sign does work as appple expect it
(08:20:26 PM) zzz: ok then I recommend an edit of the blog post eyedeekay, let's not promise things we can't deliver on
(08:20:33 PM) eyedeekay: Will do
(08:21:19 PM) zzz: ok thanks you ready for my part of 2) ?
(08:21:41 PM) eyedeekay: Yes please
(08:21:48 PM) zzz: great
(08:22:00 PM) zzz: last meeting was one week after the release, now we're 4 weeks out
(08:22:15 PM) zzz: my hope was that expl. build success would climb steadily
(08:22:35 PM) zzz: from the low-20% to low-30%, and then "pop" out of congestion, back to low 40s
(08:22:45 PM) zzz: only the first part happened
(08:25:20 PM) zzz: and then we swung back and forth between low 20s and low 30s
(08:26:56 PM) zzz: so, we have some theories, see 2b)
(08:26:56 PM) zzz: but I'm happy with the performance of 2.1.0 otherwise
(08:26:56 PM) zzz: not too many bug reports
(08:26:56 PM) zzz: I'll give an overview of what we are fixing in 2b) and 3)
(08:26:56 PM) zzz: about 50% of the network has updated to 2.1.0 or the i2pd equivalent
(08:26:56 PM) zzz: everybody please update if you haven't
(08:26:56 PM) zzz: that's all I have for 2a), but I'll pause for a minute for questions / comments before starting 2b)
(08:28:33 PM) zzz: ok, 2b) current network conditions
(08:28:33 PM) zzz: over the weekend started an unambiguous attack
(08:28:33 PM) zzz: lots of floodfill routers
(08:28:33 PM) zzz: for the most part, the network overall, and java routers, are handling it ok
(08:28:33 PM) zzz: I do have one report of routers crashing with OOM (out of memory)
(08:28:54 PM) zzz: I understand that i2pd routers are really struggling with very low tunnel build success rates
(08:29:06 PM) not_bob: My fleet is up to date.
(08:29:15 PM) zzz: the attack is starting / stopping / changing several times a day
(08:29:37 PM) zzz: so we're only about 60 hours in to understanding it and discussing countermeasures
(08:30:15 PM) zzz: remember the tunnel build problem (now much more likely to be classified as a different attack) started Dec. 19 and took us several weeks to understand and address
(08:30:27 PM) zzz: so it's early days
(08:30:36 PM) not_bob: I have one I2P+ router and it's done well to weather this. But, my i2pd routers not so much. I've seen as low as 3% tunnel build success. I'm currently sitting around 10% on those routers.
(08:31:17 PM) zzz: but this is a straightforward sybil / DHT attack, new to us but familiar to anybody doing peer-to-peer / DHT applications
(08:31:53 PM) zzz: far too early to say if it will require a release ahead of schedule (for java i2p) or if so when
(08:32:23 PM) zzz: EOT, I'll wait a couple minutes for discussion / comments / questions
(08:33:24 PM) eyedeekay: Should people who wind up OOM increase the RAM available to their router?
(08:36:18 PM) zzz: yeah, that's a straightforward mitigation
(08:36:18 PM) zzz: stop your router, edit wrapper.config, restart
(08:36:18 PM) zzz: I expect I'll have mitigations in dev builds in a few days
(08:36:18 PM) dr|z3d: ideally you want your min heap at around 256M and your max ram at 2-3 times that.
(08:36:18 PM) not_bob: I do not currently have any stock I2P routers running.
(08:36:18 PM) zzz: I want to repeat what I said above that the attacks are evolving rapidly, and we want to take our time to address the overall issues
(08:36:18 PM) zzz: not to focus too narrowly on the specifics
(08:37:36 PM) zzz: back to you eyedeekay if there's nothing else on 2b)
(08:38:06 PM) eyedeekay: thanks very much zzz. 3) 2.2.0 Development Status
(08:39:51 PM) eyedeekay: As I mistakenly stated before, my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app, pretty basic stuff all things considered but all of which was due for improvement
(08:39:57 PM) eyedeekay: or outright fixing
(08:40:49 PM) eyedeekay: Examples being fixes for subscriptions and custom ports when building tunnels which got in several user's way after a large increase in users with 2.10
(08:41:07 PM) dr|z3d: as an aside, and to shine some light on the size of the attack, we've got a user reporting ~30K banned routers. so it's non-trivial :)
(08:41:07 PM) dr|z3d: (that'll be shiver, who's here)
(08:42:36 PM) mark22k: I got 56005 banned peers.
(08:42:58 PM) eyedeekay: Holy moley. I have 11027 and I thought that was a lot
(08:43:08 PM) moristo: Is this the work of a nation state--the banned routers or any other noticable patten?
(08:43:50 PM) moristo: Spectrum internet was off yesetrday in FL and Italy the day before.
(08:43:54 PM) moristo: *yesterday.
(08:43:55 PM) zzz: let's get back to 3) please and table further attack discussion until after the meeting
(08:44:05 PM) echelonMAC: Banned Peers (57053)
(08:44:22 PM) moristo: oh, is there a meeting in progress? My bad.
(08:46:50 PM) zzz: eyedeekay, you still with us?
(08:47:11 PM) eyedeekay: yeah I'm here
(08:47:37 PM) zzz: you have more on 3) or is it my turn?
(08:47:37 PM) eyedeekay: started a long one:
(08:47:37 PM) eyedeekay: i2p.firefox(Easy-Install for Windows is also getting worked on, more of the work is being done by removal there, updates are getting simplified now that the old admin-style installs are all migrated to user-style installs
(08:47:37 PM) eyedeekay: portable USB install support is on the horizon for 2.2.0
(08:47:43 PM) eyedeekay: With updates
(08:48:21 PM) eyedeekay: Other issues and user-complaints I'm addressing or deciding how to address are on that issue tracker
(08:48:28 PM) eyedeekay: EOT for me
(08:48:47 PM) zzz: ok you saw the NPE issue in i2p.i2p right?
(08:49:10 PM) eyedeekay: Yes I did, hot on the trail
(08:49:21 PM) zzz: ok holler if you need help ofc
(08:49:24 PM) zzz: 3) for me:
(08:49:47 PM) zzz: I finished the peer selection refactor I've been working on since september, finally
(08:50:31 PM) zzz: I think I fixed the erroneous symmetric nat indications that were in 2.1.0, but need somebody with that problem to test and report
(08:50:59 PM) zzz: got a cool new i2psnark search box
(08:51:19 PM) zzz: almost done with "congestion caps" (proposal 162)
(08:51:31 PM) echelonMAC: :-)
(08:51:49 PM) zzz: and some more tweaks to refine our handling of tunnel build congestion
(08:52:18 PM) zzz: late last week, I thought I was pretty much done with 2.2.0 and could relax for two months until the release
(08:52:31 PM) zzz: so, unfortunately, now we have a lot more to do
(08:52:48 PM) zzz: that's the way it goes sometimes
(08:53:24 PM) not_bob: Thank you for that, a major quality of life improvement.
(08:53:24 PM) zzz: EOT, I'll wait a minute for discussion, then back to you eyedeekay
(08:53:37 PM) zzz: haha not_bob you're welcome
(08:55:00 PM) eyedeekay: Last call for 3?
(08:55:20 PM) eyedeekay: 4. Congestion Throttling - I think this was a tunnel_king topic, is tunnel_king here?
(08:55:42 PM) zzz: back to you eyedeekay
(08:57:39 PM) eyedeekay: 4. Congestion Throttling, 5. Hypothetical Traffic Management ( Flood of Tor Users) - both introduced by tunnel_king, last call for tunnel_king
(08:59:01 PM) eyedeekay: OK last one, 6. Stickers for translators
(08:59:01 PM) eyedeekay: Specifically rules for people receiving stickers outside of the Americas
(08:59:58 PM) zzz: this was my topic, only because unresolved since last meeting
(09:00:28 PM) zzz: echelonMAC you have an answer?
(09:00:41 PM) echelonMAC: not en detail, but who wnats should receive a bunch of stickers if they sent their address
(09:01:04 PM) echelonMAC: aka sned a announcement in transifex and send out after receive of address
(09:01:19 PM) echelonMAC: but currently no new stickers arrivced here
(09:01:35 PM) eyedeekay: Tracking says the 10th
(09:01:55 PM) zzz: I'm awaiting echelonMAC to post the instructions on my forum, then I will copy/paste to transifex
(09:02:17 PM) echelonMAC: ok
(09:02:28 PM) zzz: that's where we've been for a month
(09:02:42 PM) zzz: thanks
(09:03:33 PM) eyedeekay: Anything else for 6 or for the meeting?
(09:03:36 PM) zzz: EOT on 6) for me, back to you eyedeekay
(09:04:32 PM) zzz: one closing word for the meeting: zzz.i2p the best place for news and weather, I'll post there when I know more than I do now
(09:04:32 PM) zzz: thanks
(09:04:55 PM) eyedeekay: Thanks very much for that zzz, and thanks everybody for coming to the meeting
(09:05:44 PM) eyedeekay: See you around IRC and same time next month
(09:08:55 PM) zzz: thanks eyedeekay
(09:08:55 PM) zzz: got thru it without disconnects

14
i2p2www/meetings/logs/320.rst Normal file
View File

@ -0,0 +1,14 @@
I2P dev meeting, February 07, 2023 @ 20:00 UTC
==============================================
Quick recap
-----------
* **Present:**
eyedeekay,
zzz,
not_bob,
echelonMAC,
obscuratus

1
i2p2www/meetings/views.py
View File

@ -1,3 +1,4 @@
from __future__ import absolute_import
import codecs
from flask import abort, render_template, request, safe_join, send_from_directory
import os.path

19
i2p2www/pages/downloads/browser-content.html
View File

@ -1,11 +1,12 @@
<p>{% trans -%} Your web browser will need to be configured in order to browse web sites on I2P and to utilize the outproxies available within I2P. Below are walkthroughs for some of the most popular browsers. {%- endtrans %}</p>
<p>{% trans -%} A web browser will need to be configured to access sites and services on the I2P network, and to utilize outproxies. Below are walkthroughs for some of the most popular browsers. {%- endtrans %}</p>
<h2>{{ _('Firefox Profile for Windows') }}</h2>
<p>{% trans profile='/firefox' -%} If you are using Windows, the recommended way of accessing I2P is using the
<p>{% trans profile='/firefox' -%} If you are using Windows, the recommended way of accessing the I2P network is using the
<a href='{{ profile }}'>Firefox profile</a>. {%- endtrans %}</p>
<p>{% trans -%} If you do not wish to use that profile or are not on Windows, you need to configure your browser yourself. Read below on how to that. {%- endtrans %}</p>
<p><strong>{% trans -%} If you used the Easy-Install bundle, the Firefox profile is included and you can skip this page. {%- endtrans %}</strong></p>
<p>{% trans -%} If you do not wish to use that profile or are not on Windows, you will need to configure a browser. {%- endtrans %}</p>
<h2>{{ _('How to configure your browser') }}</h2>
<h2>{{ _('How To Configure Your Browser') }}</h2>
<ul>
<li><a href="#firefox">Firefox</a></li>
@ -88,13 +89,13 @@ settings and your browser is set to use the I2P proxy.
<a name="TOS"></a>
<h3>{{ _('Outproxy Terms Of Service') }}</h3>
<p>{% trans -%}
I2P is not designed for creating proxies to the Internet.
Instead, it is meant to be used as an internal network.
The I2P network is a peer-to-peer overlay network.
Proxying to the clearnet is not part of its design or function with regards to its communication protecting network features.
{%- endtrans %}</p>
<p>{% trans -%}
<p><b>The I2P project itself does not run any proxies to the Internet.</b>
<p><b>The I2P Project itself does not run any proxies to the Internet.</b>
The I2P software includes a default outproxy: exit.stormycloud.i2p.
These are run by a volunteer. </p>
These are run by StormyCloud Inc. </p>
<a href="https://stormycloud.org"
target="_blank">https://stormycloud.org</a>
{%- endtrans %}</p>
@ -108,4 +109,4 @@ not allowed via the outproxies.
<p>{% trans -%}
<a href="https://www.torproject.org">Tor</a> provides a browser to use as an outproxy to the Internet.
{%- endtrans %}</p>
<!-- vim: set noai ff=unix nosi ft=html tw=79 et sw=4 ts=4 spell spelllang=en: -->
<!-- vim: set noai ff=unix nosi ft=html tw=79 et sw=4 ts=4 spell spelllang=en: -->

29
i2p2www/pages/downloads/debian.html
View File

@ -86,6 +86,15 @@ part of <a href="#Post-install_work">starting I2P</a> and configuring it for you
<h2 id="debian">{{ _('Instructions for Debian') }}</h2>
<p><b>WARNING:</b>
Our Debian repos <a href="https://deb.i2p2.de/">deb.i2p2.de</a> and
<a href="http://deb.i2p2.no/">deb.i2p2.no</a> are currently down, and probably will not be back soon.
Please follow <a href="https://i2pforum.net/viewtopic.php?p=2855">these instructions</a>
to use the Ubuntu PPA as a workaround.
We will announce any updates here and on <a href="https://i2pforum.net/">i2pforum.net</a>.
We apologize for the inconvenience.
</p>
<em>{% trans -%}Currently supported architectures{%- endtrans %}: amd64, i386, armhf, arm64, powerpc, ppc64el, s390x</em>
<p>{% trans -%}
@ -111,11 +120,27 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
if you are using Debian Buster or older distributons, use the following command instead:
{% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
<pre>
<code>
# Use this command on Debian Downstreams like LMDE or ParrotOS only.
echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p2.de/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
{% trans -%}If you are using Debian Buster or older official Debian distributons, use the following command instead:{%- endtrans %}
<pre>
<code>
# Use this command on Debian Buster or older only.
echo "deb https://deb.i2p2.de/ $(lsb_release -sc) main" \
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
{% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
<pre>
<code>
# Use this command on Debian Buster or older only.
echo "deb https://deb.i2p2.de/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
| sudo tee /etc/apt/sources.list.d/i2p.list
</code>
</pre>
@ -150,7 +175,7 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
<li>{% trans -%}Copy the keyring to the keyrings directory:{%- endtrans %}
<pre>
<code>
sudo cp ~/i2p-archive-keyring.gpg /usr/share/keyrings</code>
sudo cp i2p-archive-keyring.gpg /usr/share/keyrings</code>
</pre>
If you are using a distribution older than Debian Buster, you will also need
to symlink that key to <code>/etc/apt/trusted.gpg.d</code>.

2
i2p2www/pages/downloads/docker.html
View File

@ -29,7 +29,7 @@ services:
<h4 id="volumes">{% trans -%}Volumes{%- endtrans %}</h4>
<p>{% trans -%}The container requires a volume for the configuration data to be mounted. Optionally, you can mount a separate volume for torrent (“i2psnark”) downloads. See the example below.{%- endtrans %}</p>
<h4 id="memory-usage">{% trans -%}Memory usage{%- endtrans %}</h4>
<p>{% trans -%}By the default the image limits the memory available to the Java heap to 512MB. You can override that with the <code>JVM_XMX</code> environment variable.{%- endtrans %}</p>
<p>{% trans -%}By default the image limits the memory available to the Java heap to 512MB. You can override that with the <code>JVM_XMX</code> environment variable.{%- endtrans %}</p>
<h4 id="ports">{% trans -%}Ports{%- endtrans %}</h4>
<p>{% trans -%}There are several ports which are exposed by the image. You can choose which ones to publish depending on your specific needs.{%- endtrans %}</p>
<table>

18
i2p2www/pages/downloads/easyinstall.html
View File

@ -13,6 +13,10 @@ elaborate install process. To learn more about the Firefox profile that
comes bundled with this installer, visit <a href="{{ firefox }}">The Firefox
Profile Page</a>.
{%- endtrans %}</p>
<p>{% trans -%}
The latest I2P Easy-Install bundle for Windows has been released unsigned.
Please verify that the hashes match the downloads when installing the bundle.
{%- endtrans %}</p>
<h2>{{ _('What do I need to use it?') }}</h2>
<p><strong>{% trans -%}
Just Firefox (Or Tor Browser).{%- endtrans %}</strong>
@ -35,9 +39,9 @@ no need to refer to potentially unhelpful system-wide Windows settings. The I2P
it uses is otherwise identical to the "regular" I2P.
{%- endtrans %}</p>
<h2>{{ _('How do I use it?') }}</h2>
<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
<p>{% trans firefox="https://www.mozilla.org/" -%}
First, download and install <a href="{{ firefox }}">Firefox</a>, then,
just download and install <a href="{{ postfilename }}">this installer</a>. To
just download and install this installer(below). To
start an installer, "double-click" the downloaded .exe file.
{%- endtrans %}</p>
<p>{% trans -%}
@ -55,8 +59,8 @@ special configuration. You don't even need to close existing Firefox windows.
{%- set name = 'Windows' -%}
{%- set icon = 'images/download/windows.png' -%}
{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
{%- set hash = 'ee66e9cfeb393d737e79f6960fe26ba28d51e845a0148ef2544802366e8840c6' -%}
{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
{%- set hash = 'def95180e5783686f68dcf2958cfa693f17a91da53a97f8ae75c98529c4e23a8' -%}
{% call package_outer('windows', name, icon) %}
<div class = "file">
@ -76,18 +80,20 @@ special configuration. You don't even need to close existing Firefox windows.
{%- endtrans %}</p>
{% endcall %}
<!--
{% trans signer='zlatinb',
signingkey=url_for('static', filename='zlatinb.key.crt') -%}
The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.
{%- endtrans %}
-->
<h2>{{ _('What is in it?') }}</h2>
<p><strong>{% trans -%}
A Jpackaged I2P Router: {%- endtrans %}</strong>
{% trans -%}The I2P router is "jpackaged" which means that it includes all
the required Java components it needs to run successfully. It does not require
a separate Java installation, because it bundles a Java 16 Runtime which is only
a separate Java installation, because it bundles a Java Runtime which is only
used for I2P.
{%- endtrans %}</p>
<p><strong>{% trans -%}
@ -106,6 +112,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
{%- endtrans %}</div>
<div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
<div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
<div>{% trans -%}
If you wish to file an issue about the Firefox profile, please use Gitlab to
contact us. For security-sensitive issues, please remember to check the

20
i2p2www/pages/downloads/firefox.html
View File

@ -14,6 +14,10 @@ time it installs the browser profile. This page has been kept to document the
motivations and design of the included Firefox profile. To learn more about the
new bundle, visit <a href="{{ nsis }}">The Easy Install Bundle Page</a>.
{%- endtrans %}</p>
<p>{% trans -%}
The latest I2P Easy-Install bundle for Windows has been released unsigned.
Please verify that the hashes match the downloads when installing the bundle.
{%- endtrans %}</p>
<h2>{{ _('I2P Firefox Browser Profile') }}</h2>
<p>{% trans -%}
Now that you have joined the I2P network, you will want to see I2P Sites and and
@ -32,16 +36,16 @@ some browser features, this also reduces the attack surface available to outside
This keeps you safer while browsing the Invisible Web.
{%- endtrans %}</p>
<h2>{{ _('How do I use it?') }}</h2>
<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
<p>{% trans firefox="https://www.mozilla.org/" -%}
First, download and install <a href="{{ firefox }}">Firefox</a>, then,
just download and install <a href="{{ postfilename }}">this installer</a>. To
just download and install this installer(below). To
start an installer, "double-click" the downloaded .exe file.
{%- endtrans %}</p>
{%- set name = 'Windows' -%}
{%- set icon = 'images/download/windows.png' -%}
{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
{%- set hash = 'eadb338a5895f73e6ed4985a9f7dfdac722f74c9bcdd0bd35957e7dcd5759a3a' -%}
{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
{%- set hash = 'def95180e5783686f68dcf2958cfa693f17a91da53a97f8ae75c98529c4e23a8' -%}
{% call package_outer('windows', name, icon) %}
<div class = "file">
@ -61,12 +65,6 @@ start an installer, "double-click" the downloaded .exe file.
{%- endtrans %}</p>
{% endcall %}
{% trans signer='zlatinb',
signingkey=url_for('static', filename='zlatinb.key.crt') -%}
The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.
{%- endtrans %}
<h2>{{ _('What is in it?') }}</h2>
<p><strong>{% trans -%}
A Jpackaged I2P Router: {%- endtrans %}</strong>
@ -91,6 +89,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
{%- endtrans %}</div>
<div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
<div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
<div>{% trans -%}
If you wish to file an issue about the Firefox profile, please use Gitlab to
contact us. For security-sensitive issues, please remember to check the

25
i2p2www/pages/downloads/list.html
View File

@ -1,4 +1,4 @@
{% extends "global/layout.html" %} {%- from "downloads/macros" import package, package_outer with context -%} {% set release_signer = 'zzz' %} {% block title %}{{ _('Download') }}{% endblock %} {% block content_nav %}
{% extends "global/layout.html" %} {%- from "downloads/macros" import package, package_outer with context -%} {% set release_signer = 'idk' %} {% block title %}{{ _('Download') }}{% endblock %} {% block content_nav %}
<script type="text/javascript" src="/_static/site.js"></script>
<ul>
<li><a href="#windows">Windows</a></li>
@ -51,16 +51,17 @@ If you would like to try the latest experimental I2P projects, visit the <a href
</div>
{% endcall %}
<h5>{%- trans %}I2P Easy Install Bundle for Mac OS X{%- endtrans %}</h5>
{% call package_outer('mac', "Mac OS X", 'images/download/mac-osx.png') %}
<h3>{% trans %}I2P Easy Install Bundle for Mac OS X{% endtrans %}</h3>
<p>{% trans i2pversion=ver() -%}The I2P Easy Install Bundle for Mac OS X is packaged using OSX's standard ".dmg" package type, which allows it to use Apple's built-in tools to securely, reliably, and easily install the package. It does not require Java to be installed.
<h5>{%- trans %}I2P for Mac OS X{%- endtrans %}</h5>
{% call package('mac') %}
<p>{% trans i2pversion=ver() -%} I2P is available as a Java application for Mac OSX. It is distributed as a Java <code>.jar</code> installer and therefore MacOS will ask you for explicit permission to run the software.
{%- endtrans %}</p>
<div class="file">
<a class="default" href="{{ get_url('downloads_mac') }}">{% trans %}I2P Easy Install Bundle for Mac OS X{% endtrans %}</a>
<p></p>
<a class="default" href="{{ get_url('downloads_mac') }}">{% trans %}Here is a helpful guide to installing I2P for Mac OS using a separate Java installation and the classic installer.{% endtrans %}</a>
</div>
{% endcall %}
<h5>{%- trans %}I2P for Linux{%- endtrans %}</h5>
{% call package('unix') %}
<p>{% trans i2pversion=ver() -%} The most reliable way to launch the installer is from a terminal like this:
@ -119,10 +120,14 @@ If you would like to try the latest experimental I2P projects, visit the <a href
</div>
{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%} The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%} The Windows installer is signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%} The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %}
{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%}The files are signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
<!--
{% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%}The Windows installer is signed by {{ signer }},
<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
{% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%}The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
-->
<h3 id="update">{{ _('Updates from earlier releases:') }}</h3>

15
i2p2www/pages/downloads/mac.html
View File

@ -39,8 +39,15 @@ that are familiar and built-into the operating system.
{%- set icon = 'images/download/mac-osx.png' -%}
{%- set filename = 'I2P-%s.dmg' -%}
{%- set filename_arm64 = 'I2P-arm64-%s.dmg' -%}
{%- set hash = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' -%}
{%- set hash_arm64 = '4a1b4e392a2ec272980bf88bfe6dbad2d341bc74717f94a0b26e73afc300462b' -%}
{%- set hash = '4bd75d633d497cc25cd256ec7cfcddec2a25d87ad118d0c125c788623d23a98e' -%}
{%- set hash_arm64 = '773bcf127a2e1c0eafee944753a772426c1f7b5c6a8fb3f4d0b7e87bdcfc840b' -%}
<p><b>Important Note:</b>
The 2.1.0 Mac OSX Easy Install Bundle release is delayed.
Please install the 1.9.0 release below.
You will be notified in the router console when the 2.1.0 update is available.
Thank you for your patience.
</p>
{% call package_outer('osx', name, icon) %}
<div class = "file">
@ -61,7 +68,7 @@ that are familiar and built-into the operating system.
{% call package_outer('osx', name, icon) %}
<div class = "file">
<a class = "default" href="{{ url_for('downloads_redirect', version=mver(), net=def_mirror.net, protocol=def_mirror.protocol, domain=def_mirror.domain, file=mver(filename_arm64) )}}">
<span class = "name">Apple Silicon (arm64) BETA</span><br/>
<span class = "name">Apple Silicon (arm64)</span><br/>
<span class = "name">{{ mver(filename_arm64) }}</span><br/>
<span class="mirror">{{ _('Mirror:') }} <img src="{{ url_for('static', filename='images/flags/'+def_mirror.country+'.png') }}" /> {{ def_mirror.org }}</span>
</a>
@ -83,7 +90,7 @@ Launch I2P from Finder.
<h3>{{ _('Apple Silicon Notes') }}</h3>
<p>{% trans -%}
The I2P bundle for Apple silicon is currently in BETA. If you own an Apple silicon Mac and have previously installed the Intel bundle on it you need to change the update configuration to make sure the next I2P update does not revert your bundle to Intel.
If you own an Apple silicon Mac and have previously installed the Intel bundle on it you need to change the update configuration to make sure the next I2P update does not revert your bundle to Intel.
{%- endtrans %}</p>
<p>{% trans -%}

176
i2p2www/pages/downloads/macos.html Normal file
View File

@ -0,0 +1,176 @@
{% extends "global/layout.html" %}
{% block title %}Apple MacOS{% endblock %}
{% block accuratefor %}0.9.47{% endblock %}
{% block content %}
<h1>{{ _('Separately Installing I2P and its dependencies on MacOS(The Long Way)') }}</h1>
<p>{% trans -%}
This is a detailed, step-by-step guide to installing and configuring I2P, including all dependencies and setting up a browser, on a new MacOS system.
Many users will be able to skip steps if they already have Java 8 or Firefox installed.{%- endtrans %}</p>
<h2>{{ _('So what are we going to do here?') }}</h2>
<p>{% trans -%}We're going to finish four tasks. We are going to:{%- endtrans %}</p>
<ol>
<li><a href="#part-one-install-java">{% trans -%}Install Java{%- endtrans %}</a></li>
<li><a href="#part-two-install-i2p">{% trans -%}Install I2P{%- endtrans %}</a></li>
<li><a href="#part-three-configure-i2p-app">{% trans -%}Configure I2P App{%- endtrans %}</a></li>
<li><a href="#part-four-configure-i2p-bandwidth">{% trans -%}Configure I2P Bandwidth{%- endtrans %}</a></li>
</ol>
<h3 id="part-one-install-java">{{ _('Part One: Install Java') }}</h3>
<p>{% trans -%}
In order to use I2P, you will need a suitable Java environment.
This guide uses Oracle's Java 8 implementation.
Please install it by following the instructions below:
{%- endtrans %}</p>
<p>{% trans -%}If you already have Java installed, you may{%- endtrans %} <a href="#part-two-install-i2p">Skip This Step</a></p>
<ol>
<li>{% trans -%}Begin by downloading Java, for example, {%- endtrans %} <a href="https://java.com/en/download/">using this version from Oracle</a>.
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
<li><img src="/_static/images/macos/1-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
</ul></li>
<li>{% trans -%}Double-click the installer you just downloaded and allow the installer permission to proceed.{%- endtrans %}:
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-jre.png" alt="Give the installer permission to proceed" title="" /></li>
</ul></li>
<li>{% trans -%}Accept the License terms.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/3-jre.png" alt="Start installing Java" title="" /></li>
</ul></li>
<li>{% trans -%}Java will show you some information about what it is and where it runs while you wait for it to finish installing.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/4-jre.png" alt="Wait for the installer" title="" /></li>
</ul></li>
<li>{% trans -%}When Java is done installing, it will look like this.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/5-jre.png" alt="Step one complete" title="" /></li>
</ul></li>
</ol>
<h3 id="part-two-install-i2p">{{ _('Part Two: Download and Install I2P from a .jar file') }}</h3>
<ol>
<li>{% trans -%}Download I2P for Unix from{%- endtrans %} <a href="https://geti2p.net/en/download#unix">https://geti2p.net</a>.
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-i2p.png" alt="Download I2P" title="" /></li>
<li><img src="/_static/images/macos/1-i2p.png" alt="Select your Language" title="" /></li>
</ul></li>
<li>{% trans -%}
Because I2P is being installed from a .jar file, it cannot be signed by an Apple certificate.
You will need to allow it special permission to install.
Even though the installer is unsigned, the updates are signed end-to-end by I2P.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-i2p.png" alt="Introduction" title="" /></li>
<li><img src="/_static/images/macos/3-i2p.png" alt="Exception" title="" /></li>
<li><img src="/_static/images/macos/4-i2p.png" alt="Profit" title="" /></li>
</ul></li>
<li>{% trans -%}Select a language you are familiar with.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/5-i2p.png" alt="Select Components" title="" /></li>
</ul></li>
<li>{% trans -%}
Now the installer is ready to start.
Click next to advance.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/6-i2p.png" alt="Start installing" title="" /></li>
</ul></li>
<li>{% trans -%}
Accept the license.
I2P is Free Software, mostly in the public domain with limited use of GPL2, Creative Commons, and other Free and Open-Source Licenses.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/7-i2p.png" alt="Accept the License Agreement(or mostly lack thereof)" title="" /></li>
</ul></li>
<li>{% trans -%}
Install the I2P router and base config.
It is recommended that you keep the install directory the default.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/8-i2p.png" alt="Install the files" title="" /></li>
</ul></li>
<li>{% trans -%}
I2P is now installed!
The remaining installer pages explain some aspects of running I2P on OSX.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/9-i2p.png" alt="Finish it up" title="" /></li>
<li><img src="/_static/images/macos/10-i2p.png" alt="Finish it up" title="" /></li>
<li><img src="/_static/images/macos/11-i2p.png" alt="Finish it up" title="" /></li>
</ul></li>
</ol>
<h3 id="part-three-configure-i2p-app">{{ _('Part Three: Configure I2P App') }}</h3>
<ol>
<li>{% trans -%}
For convenience, you may want to create a shortcut to launch the I2P router.
Find the "i2p" directory in the "Applications" directory using Finder.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-conf.png" alt="Open the Applications dir" title="" /></li>
</ul></li>
<li>{% trans -%}Open the folder and find the Start Router Icon shown.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/1-conf.png" alt="Find the launcher" title="" /></li>
</ul></li>
<li>{% trans -%}Click the icon to start the I2P router - it will show up in your dock as shown and you can choose too keep it there.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-conf.png" alt="Add it to the launch bar" title="" /></li>
</ul></li>
</ol>
<h3 id="part-four-configure-i2p-bandwidth">{{ _('Part Four: Configure I2P Bandwidth') }}</h3>
<ol>
<li>{% trans -%}
When you visit the I2P router console for the first time, it will automatically direct you to the configuration wizard.
Start by selecting a language for the I2P interface.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/0-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
</ul></li>
<li>{% trans -%}Next, pick either a dark or light theme.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/1-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
</ul></li>
<li>{% trans -%}
The next step is the bandwidth test.
The bandwidth test takes a minute to run completely.
During the bandwidth test, we'll need to connect to the external M-Lab Service, which makes a direct connection to a remote server(Operated by Measurement Lab) to measure your internet speed.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/2-wiz.png" alt="Run the bandwidth test" title="" /></li>
<li><img src="/_static/images/macos/3-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
</ul></li>
<li>{% trans -%}
Confirm the bandwidth measurement and adjust your share percentage.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/4-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
</ul></li>
<li>{% trans -%}Confirm your bandwidth settings and adjust how much of your bandwidth you wish to share.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/5-wiz.png" alt="Run the bandwidth test" title="" /></li>
</ul></li>
<li>{% trans -%}You're finished! I2P is now configured.{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/macos/6-wiz.png" alt="Run the bandwidth test" title="" /></li>
</ul></li>
</ol>
<p>{% trans -%}If you want to re-run the welcome wizard after completing it, you can visit the page
on{%- endtrans %} <a href="http://localhost:7657/welcome">your router console</a>.</p>
<p>{% trans -%}That's it! You're now ready to use I2P. You can browse I2P Sites, download files, host services,
e-mail and chat anonymously. Visit the <a href="https://localhost:7657/home">router console homepage</a> to
get started.{%- endtrans %}</p>
{% endblock %}

21
i2p2www/pages/downloads/macros
View File

@ -1,16 +1,16 @@
{% set i2pinstall_windows_hash = 'fdb2e471fadfda33589697536180df966ec165ab59a0d9c8a623491cc2c8eae3' %}
{% set i2pinstall_jar_hash = '124a1d917dec1f75dc17b5a062704d5abe259b874655c595a9d8f5fd9494eafd' %}
{% set i2psource_hash = '57f61815098c35593d7ede305f98b9015c4c613c72231ad084e6806a3e2aa371' %}
{% set i2pupdate_hash = '31b8798c7fa75242ed09f671028b85e6acc9d5d9d0a132138debf4cdfbb08f21' %}
{% set i2p_android_hash = '84dcdc33e1fb2f49040083c6449bf644cdf9eff3d55018904972d3748ad19457' %}
{% set i2pinstall_windows_hash = '2081f8415013c80daa6b69b6f16f2ebf10aa20ee3cace20936e0268b2e816a3f' %}
{% set i2pinstall_jar_hash = '977ebce33001345731de6fe0b623f59a867de6fa6a6c46d8ad686e306310b28d' %}
{% set i2psource_hash = 'a0a8fb08e9c72eaef22f155b9c9aa0ea90fb331d2bbcf76f82649f0b9efe5f5b' %}
{% set i2pupdate_hash = '59b569dc17fad0e30e246048a3c275e403b308024eb88fda29ae83294bdbe8e6' %}
{% set i2p_android_hash = '272acf543c4489dc3775c07c42eb91710b4ed377c78aff605e3d44e73fad5110' %}
{% set i2p_macnative_hash = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' %}
{% set i2p_windows_subver = '' %}
{% set i2p_macosx_launcher_version = '1.9.0' %}
{% set i2p_android_version = '1.9.0' %}
{% set i2p_android_version = '2.2.1' %}
{% set i2p_android_version_kytv = '0.9.22' %}
{% set i2p_android_version_fdroid = '0.9.50' %}
{% set i2p_android_version_fdroid = '2.2.1' %}
{% macro package_outer(type, name, icon) -%}
@ -48,7 +48,7 @@
{%- set signame = 'i2pupdate_%s.zip.sig' -%}
{%- set hash = i2pupdate_hash -%}
{%- elif type == 'macnative' -%}
{%- set name = _('Mac OS X Native (Beta)') -%}
{%- set name = _('Mac OS Native (Beta)') -%}
{%- set icon = 'images/download/mac-osx.png' -%}
{%- set filename = 'I2PMacLauncher-%s-beta-'+i2p_macosx_launcher_version+'.dmg' -%}
{%- set signame = 'I2PMacLauncher-%s-beta-'+i2p_macosx_launcher_version+'.dmg.sig' -%}
@ -60,8 +60,11 @@
{%- set hash = 'geti2p/i2p@sha256:e622209388edc49b99d8216baa731b1f54a0634c87cd47c1739f2188891daf3a' -%}
{%- else -%}
{%- if type == 'mac' -%}
{%- set name = 'Mac OS X' -%}
{%- set name = 'Mac OS' -%}
{%- set icon = 'images/download/mac-osx.png' -%}
{%- set filename = 'i2pinstall_%s.jar' -%}
{%- set signame = 'i2pinstall_%s.jar.sig' -%}
{%- set hash = i2pinstall_jar_hash -%}
{%- elif type == 'unix' -%}
{%- set name = 'Linux / BSD / Solaris' -%}
{%- set icon = 'images/download/freebsd-tux.png' -%}

6
i2p2www/pages/downloads/windows.html
View File

@ -131,7 +131,11 @@ and configure Firefox for I2P.{%- endtrans %} </p>
<h4>{{ _('Install the I2P Firefox Profile') }}</h4>
<ol>
<li>{% trans -%}Download the Firefox Profile Bundle from the I2P Web Site.{%- endtrans %}
<li>{% trans -%}
Download the Firefox Profile Bundle from the I2P Web Site.
The I2P Firefox Profile has been replaced by the Easy Install Bundle for Windows.
The Easy-Installl can still be used as a profile manager for an Un-Bundled I2P router installed via this procedure.
{%- endtrans %}
<ul style="list-style-type: none;">
<li><img src="/_static/images/download/windows/profile.png" alt="Grab the Firefox Profile" title="" /></li>
</ul></li>

30
i2p2www/pages/papers/anonbib.bib
View File

@ -32,6 +32,22 @@
# Proposed new sections: application privacy, data anonymization, ...
#
@article {qu2020,
author = {QU Yun-xuan and WANG Yi-jun and XUE Zhi},
title = {Analysis and Identification of I2P Anonymous Communication Traffic Characteristics},
journal={Communications Technology},
year = {2020},
month = {January},
volume={53},
number = {1},
pages={161--167},
doi={10.3969/j.issn.1002-0802.2020.01.028},
url = {http://stats.i2p/docs/AII2PACTC-eng.docx},
www_pdf_url = {http://stats.i2p/docs/I2P%20%E5%8C%BF%E5%90%8D%E9%80%9A%E4%BF%A1%E6%B5%81%E9%87%8F%E7%89%B9%E5%BE%81%E5%88%86%E6%9E%90%E4%B8%8E%E8%AF%86%E5%88%AB-min.pdf},
keywords={anonymous communication; I2P; traffic identification; statistical feature analysis},
www_section = traffic,
}
@inproceedings {239068,
author = {Nguyen Phong Hoang and Sadie Doreen and Michalis Polychronakis},
title = {Measuring I2P Censorship at a Global Scale},
@ -92,7 +108,7 @@
school = {University of Amsterdam},
year = {2018},
month = {June},
www_pdf_url = {https://delaat.net/rp/2017-2018/p97/report.pdf},
www_pdf_url = {https://docslib.org/doc/12313748/blockchain-based-sybil-attack-mitigation-a-case-study-of-the-i2p},
www_section = comm,
}
@ -223,7 +239,7 @@ services, namely Tor, JonDonym, and I2P as case studies; and
(iii) present a mechanism to evaluate anonymity services based
on our factors and measure the level of anonymity.}},
keywords = {Anonymity Factors ; Metrics ; Tor ; I2P ; JonDonym},
www_pdf_url = {https://www.cs.dal.ca/sites/default/files/technical_reports/CS-2017-01.pdf},
www_pdf_url = {https://cdn.dal.ca/content/dam/dalhousie/pdf/faculty/computerscience/technical-reports/CS-2017-01.pdf},
www_section = comm,
}
@ -233,7 +249,7 @@ on our factors and measure the level of anonymity.}},
booktitle = {Proceedings of the 38th IEEE Symposium on Security and Privacy Workshops, 2nd International Workshop on Traffic Measurements for Cybersecurity (WTMC 2017)},
year = {2017},
month = {May},
www_pdf_url = {https://www.cs.dal.ca/sites/default/files/technical_reports/cs-2017-04.pdf},
www_pdf_url = {https://www.researchgate.net/publication/321999503_Effects_of_Shared_Bandwidth_on_Anonymity_of_the_I2P_Network_Users},
www_section = traffic,
}
@ -261,7 +277,7 @@ that presents I2P Observer, a software to collect information about I2P and one
possibilities on I2P.}},
note = {Title : Analysis of the I2P Network. School: Bern University of Applied Sciences - Department of Computer Science},
www_section = traffic,
www_pdf_url = {https://jenix.net/i2p-observer/Analysis_of_the_I2P_Network-Bachelor_Thesis.pdf},
www_pdf_url = {https://docslib.org/doc/6144412/analysis-of-the-i2p-network-information-gathering-and-attack-evaluations},
}
@inproceedings{jeong2016,
@ -285,7 +301,7 @@ that a large number of queries are observed and outlining
various potential directions of addressing such leakage.}},
keywords = {I2P, DNS, privacy, security, network analysis},
www_section = traffic,
www_pdf_url = {https://www.cse.buffalo.edu/~mohaisen/doc/16-sigcomm.pdf},
www_pdf_url = {https://www.cs.ucf.edu/~mohaisen/doc/sigcomm16.pdf},
pages = {557--558},
}
@ -551,7 +567,7 @@ networks},
howpublished = {Seminar, Humboldt University of Berlin},
year = {2011},
month = {November},
www_pdf_url = {http://userpage.fu-berlin.de/~semu/docs/2011_seminar_ehlert_i2p.pdf},
www_pdf_url = {https://www.freehaven.net/anonbib/cache/ehlert2011:usability-comparison-i2p-tor.pdf},
www_section = comm,
}
@ -635,7 +651,7 @@ networks},
abstract={{Today, to be monitored while surfing the web seems to be a natural act and thus tools and applications to achieve online anonymity are more important than ever. The usability of such a tool plays not only a prominent role for each single user; in the area of anonymization networks it usually holds that the protection for every single user is higher, the more users participate. Hence, usability is of great importance, since bad usability decreases the number of potential users. In this paper we examine the usability of four software implementations for anonymous communication techniques especially with regards to the installation procedure. The usability is evaluated with the help of cognitive walk-throughs. We also inspect the quality of service of these implementations by means of a performance test.}},
keywords={Internet;security of data;anonymity networks;anonymization networks;anonymous communication techniques;cognitive walk-throughs;installation;quality of service;software implementations;usability inspection;Communication system security;Inspection;Monitoring;Operating systems;Privacy;Quality management;Quality of service;System testing;Technology management;Usability;AN.ON;Anonymity;HCI;JAP;JonDo;JondoNym;Tor;Usability},
doi={10.1109/CONGRESS.2009.38},
www_pdf_url = {http://pimenidis.org/research/papers/usability-inspection.pdf},
www_pdf_url = {https://www.researchgate.net/publication/224084986_Usability_Inspection_of_Anonymity_Networks},
www_section = comm,
}

86
i2p2www/pages/site/about/intro.html
View File

@ -1,50 +1,86 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('Intro') }}{% endblock %}
{% block content %}
<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>
<h2>What is I2P?</h2>
<p>{% trans %}The Invisible Internet Project (I2P) is a fully encrypted private network layer that has been developed with privacy and security by design in order to provide protection for your activity,
location and your identity. The software ships with a router that connects you to the network and applications for sharing, communicating and building. {%- endtrans %}</p>
<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>
<h3>{% trans -%}I2P Cares About Privacy{%- endtrans %}</h3>
<p>{% trans %}
The Invisible Internet Project began in 2002.
The vision for the project, as described in an interview with Lance James was for the I2P Network "to deliver full anonymity, privacy, and security at the highest level possible. Decentralized and peer to peer Internet means no more worrying about your ISP controlling your traffic. This will allow (people) to do seamless activities and change the way we look at security and even the Internet, utilizing public key cryptography, IP steganography, and message authentication. The Internet that should have been, will be soon."
Since then I2P has evolved to specify and implement a complete suite of network protocols capable of delivering a high level of privacy, security, and authentication to a variety of applications.
{%- endtrans %}</p>
<p>{% trans %}I2P hides the server from the user and the user from the server. All I2P traffic is internal to the I2P network. Traffic inside I2P does not interact with the Internet directly. It is a layer on top of the Internet. It uses encrypted unidirectional tunnels between you and your peers. No one can see where traffic is coming from, where it is going, or what the contents are. Additionally I2P offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.
{%- endtrans %}</p>
<h3>{% trans -%}The I2P network{%- endtrans %}</h3>
<p>{% trans %}
The I2P network is a fully encrypted peer-to-peer overlay network.
An observer cannot see a message's contents, source, or destination.
No one can see where traffic is coming from, where it is going, or what the contents are.
Additionally I2P transports offer resistance to recognition and blocking by censors.
Because the network relies on peers to route traffic, location-based blocking is a challenge that grows with the network.
Every router in the network participates in making the network anonymous.
Except in cases where it would be unsafe, everyone participates in sending and receiving network traffic.
{%- endtrans %}</p>
<h3>{% trans -%}How to Connect to the I2P Network{%- endtrans %}</h3>
<p>{% trans %}The Invisible Internet Project provides software to download that connects you to the network. In addition to the network privacy benefits, I2P provides an application layer that allows people to use and create familiar apps for daily use. I2P provides its own unique DNS so that you can self host or mirror content on the network. You can create and own your own platform that you can add to the I2P directory or only invite your friends. The I2P network functions the same way the Internet does. When you download the I2P software, it includes everything you need to connect, share, and create privately.{%- endtrans %}</p>
<p>{% trans %}
The core software (Java) includes a router that introduces and maintains a connection with the network.
It also provides applications and configuration options to personalize your experience and workflow.
{%- endtrans %}</p>
<h3>{% trans -%}What Can I Do On The I2P Network?{%- endtrans %}</h3>
<p>{% trans %}
The network provides an application layer for services, applications, and network managment.
The network also has its own unique DNS that allows self hosting and mirroring of content from the Internet (Clearnet).
The I2P network functions the same way the Internet does.
The Java software includes a BitTorrent client, and email as well as a static website template.
Other applications can easily be added to your router console.
{%- endtrans %}</p>
<h3>{% trans -%}An Overview of the Network{%- endtrans %}</h3>
<p>{% trans %}I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports. I2P tunnels use transports, NTCP2 and SSU, to hide the nature of the traffic being transported over it. Connections are encrypted from router-to-router, and from client-to-client(end-to-end). Forward-secrecy is provided for all connections. Because I2P is cryptographically addressed, I2P addresses are self-authenticating and only belong to the user who generated them.
<p>{% trans %}
I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports.
I2P tunnels use transports, NTCP2 and SSU2, to conceal the traffic being transported over it.
Connections are encrypted from router-to-router, and from client-to-client(end-to-end).
Forward-secrecy is provided for all connections.
Because I2P is cryptographically addressed, I2P network addresses are self-authenticating and only belong to the user who generated them.
{%- endtrans %}</p>
<p>{% trans %}I2P is a secure and traffic protecting Internet-like layer. The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP, etc), passing messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
<p>{% trans %}
The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels.
Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP), passing messages.
Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages.
These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network.
I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
{%- endtrans %}</p>
<h3>{% trans -%}About Decentralization and I2P{%- endtrans %}</h3>
<h3>{% trans -%}About Decentralization and the I2P Network{%- endtrans %}</h3>
<p>{% trans %}The I2P network is almost completely decentralized, with exception to what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.{%- endtrans %}</p>
<p>{% trans %}
The I2P network is almost completely decentralized, with exception to what are called Reseed Servers.
This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem.
Basically, there is not a good and reliable way to get out of running at least one permanent bootstrap node that non-network participants can find to get started.
Once connected to the network, a router only discovers peers by building "exploratory" tunnels, but to make the initial connection, a reseed host is required to create connections and onboard a new router to the network.
Reseed servers can observe when a new router has downloaded a reseed from them, but nothing else about traffic on the I2P network.
{%- endtrans %}</p>
<h3>{% trans -%}I see IP addresses of all other I2P nodes in the router console. Does that mean my IP address is visible by others?{%- endtrans %}</h3>
<h3>{% trans -%}The I2P Network Does Not Exit Traffic{%- endtrans %}</h3>
<p>{% trans %}Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.{%- endtrans %}
<h3>{% trans -%}What I2P Does Not Do{%- endtrans %}</h3>
<p>{% trans %}The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.{%- endtrans %}</p>
<p>{% trans %}
Outproxies to the Internet are run by volunteers, and are centralized services.
The privacy benefits from participating in the the I2P network come from remaining in the network and not accessing the internet.
Tor Browser or a trusted VPN are better options for browsing the Internet privately.
{%- endtrans %}</p>
<h3>{% trans -%}Comparisons{%- endtrans %}</h3>
<p>{% trans -%}
There are a great many other applications and projects working on anonymous
communication and I2P has been inspired by much of their efforts. This is not
a comprehensive list of anonymity resources - both freehaven's
<a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a>
and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a>
serve that purpose well. That said, a few systems stand out for further
comparison. The following have individual comparison pages:
There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts.
This is not a comprehensive list of anonymity resources - both freehaven's <a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a> and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a> serve that purpose well.
That said, a few systems stand out for further comparison.
The following have individual comparison pages:
{%- endtrans %}</p>
<ul>

69
i2p2www/pages/site/about/performance/index.html
View File

@ -2,26 +2,19 @@
{% block title %}{{ _('Performance') }}{% endblock %}
{% block content %}
<h2>{% trans %}How does I2P work, why is it slow, and why does it not use my full bandwidth?{% endtrans %}</h2>
<h2>{% trans %}I2P Network Performance: Speed, Connections and Resource Management{% endtrans %}</h2>
<p>{% trans -%}
Probably one of the most frequent things people ask is "how fast is I2P?",
and no one seems to like the answer - "it depends". After trying out I2P, the
next thing they ask is "will it get faster?", and the answer to that is a most
emphatic <b>yes</b>.
The I2P network is fully dynamic. Each client is known to other nodes and tests locally known nodes for reachability and capacity.
Only reachable and capable nodes are saved to a local NetDB.
During the tunnel building process, the best resources are selected from this pool to build tunnels with.
Because testing happens continuously, the pool of nodes changes.
Each I2P node knows a different part of the NetDB, meaning that each router has a different set of I2P nodes to be used for tunnels.
Even if two routers have the same subset of known nodes, the tests for reachability and capacity will likely show different results, as the other routers could be under load just as one router tests, but be free when the second router tests.
{%- endtrans %}</p>
<p>{% trans -%}
I2P is a full dynamic network. Each client is known to other nodes and tests local known nodes for reachability and capacity.
Only reachable and capable nodes are saved to a local NetDB (This is generally only a portion of the network, around 500-1000).
When I2P builds tunnels, it selects the best resource from this pool. For example, a small subset of 20-50 nodes are only available to build tunnels with.
Because testing happens every minute, the pool of used nodes changes every minute.
Each I2P node knows a different part of the net, meaning that each router has a different set of I2P nodes to be used for tunnels.
Even if two routers have the same subset of known nodes, the tests for reachability and capacity will likely show different results, as the other routers could be under load just as one router tests, but be free if the second router tests.
{%- endtrans %}</p>
<p>{% trans -%}
The above describes why each I2P node has different nodes to build tunnels.
This describes why each I2P node has different nodes to build tunnels.
Because every I2P node has a different latency and bandwith, tunnels (which are built via those nodes) have different latency and bandwidth values.
And because every I2P node has different tunnels built, no two I2P nodes have the same tunnel sets.
{%- endtrans %}</p>
@ -45,22 +38,21 @@ server - hopb1 - hopb2 - hopb3 - hopc1 - hopc2 - hopc3 - client
</pre>
<p>{% trans -%}
As most traffic on I2P (www, torrent,...) needs ack packages until new data is sent, it needs to wait until a ack package returns from the server.
In the end: send data, wait for ack, send more data, wait for ack,..
As the RTT (RoundTripTime) adds up from the latency of each individual I2P node and each connection on this roundtrip, it takes usually 1-3 seconds until a ack package comes back to the client.
With some internals of TCP and I2P transport, a data package has a limited size and cannot be as large as we want it to be.
Together these conditions set a limit of max bandwidth per tunnel of 20-50 kbyte/sec.
But if ONLY ONE hop in the tunnel has only 5 kb/sec bandwidth to spend, the whole tunnel is limited to 5 kb/sec, independent of the
Traffic on the network needs an ACK before new data is sent, it needs to wait until an ACK returns from a server:
send data, wait for ACK, send more data, wait for ACK.
As the RTT (RoundTripTime) adds up from the latency of each individual I2P node and each connection on this roundtrip, it takes usually 1-3 seconds until an ACK comes back to the client.
Because of TCP and I2P transport design, a data package has a limited size.
Together these conditions set a limit max bandwidth per tunnel of 20-50 kbyte/sec.
However, if ONLY ONE hop in the tunnel has only 5 kb/sec bandwidth to spend, the whole tunnel is limited to 5 kb/sec, independent of the
latency and other limitations.
{%- endtrans %}</p>
<p>{% trans -%}
Due to encryption used and other setups in I2P (howto built up tunnels, latency, ...) it is quite expensive in CPU time to build a tunnel. This is
why a destination is only allowed to have a max of 6 IN and 6 OUT tunnels to transport data. With a max of 50 kb/sec per tunnel, a destination could
Encryption, latency, and how a tunnel is built makes it quite expensive in CPU time to build a tunnel. This is
why a destination is only allowed to have a maximum of 6 IN and 6 OUT tunnels to transport data. With a max of 50 kb/sec per tunnel, a destination could
use roughly 300 kb/sec traffic combined ( in reality it could be more if shorter tunnels are used with low or no anonymity available).
Used tunnels are discarded every 10 minutes and new ones are built up.
This change of tunnels (and sometimes clients that shutdown hard due to usage of "shut down at once" or situations where there is power loss) does
sometimes break tunnels and connections, as seen on the IRC2P Network in loss of connection (ping timeout) or on when using eepget.
Used tunnels are discarded every 10 minutes and new ones are built.
This change of tunnels, and sometimes clients that shutdown or lose their connection to the network will sometimes break tunnels and connections. An example of this can be seen on the IRC2P Network in loss of connection (ping timeout) or on when using eepget.
{%- endtrans %}</p>
<p>{% trans -%}
@ -72,28 +64,27 @@ If one distributes these limited numbers across the number of I2P nodes, there i
<p>{% trans -%}
To remain anonymous one router should not be used by the whole network for building tunnels.
If one router does act as a tunnel router for ALL I2P nodes, it becomes a very real central point of failure as well as a central point to grab IPs and data from the clients. This is not good.
I2P attempts to spread the load across a lot of I2P nodes because of this reason.
If one router does act as a tunnel router for ALL I2P nodes, it becomes a very real central point of failure as well as a central point to gather IPs and data from clients.
This is why the network distributes traffic across nodes in the tunnel building process.
{%- endtrans %}</p>
<p>{% trans -%}
Another point is the full mesh network. Each connection hop-hop utilizes one TCP or UDP connection on the I2P nodes. With 1000 connections, one sees
1000 TCP connections. That is quite a lot and some home and small office routers (DSL, cable,..) only allow a small number of connections (or just go mad if you use more than X connections).
I2P tries to limit these connections to be under 1500 per UDP and per TCP type.
This limits the amount of traffic routed across your I2P node as well.
Another consideration for performance is the way I2P handles mesh networking. Each connection hop-hop utilizes one TCP or UDP connection on I2P nodes. With 1000 connections, one sees
1000 TCP connections. That is quite a lot, and some home and small office routers only allow a small number of connections.
I2P tries to limit these connections to under 1500 per UDP and per TCP type.
This limits the amount of traffic routed across an I2P node as well.
{%- endtrans %}</p>
<p>{% trans -%}
In summary, I2P is very complex and there is no easy way to pinpoint why your node is not used.
If your node is reachable and has a bandwidth setting of >128 kbyte/sec shared and is reachable 24/7, it should be used after some time for participating traffic.
If it is down in between, the testing of your I2P node done by other nodes will tell them: you are not reachable. This blocks your node for at least
24h on other nodes. So, the other nodes which tested you as down will not use your node for 24h for building tunnels. This is why your traffic will
be lower after a restart/shutdown for a minimum of 24h.
If a node is reachable, and has a bandwidth setting of >128 kbyte/sec shared and is reachable 24/7, it should be used after some time for participating traffic.
If it is down in between, the testing of an I2P node done by other nodes will tell them it not reachable. This blocks a node for at least
24 hours on other nodes. So, the other nodes which tested that node as down will not use that node for 24 hours for building tunnels. This is why your traffic is
lower after a restart/shutdown of your I2P router for a minimum of 24 hours.
{%- endtrans %}</p>
<p>{% trans -%}
Also: other I2P nodes needs to know your I2P router to test it for reachability and capacity. It takes time for other nodes to get known to your node.
It will be faster if you use I2P and build more tunnels, e.g. use a torrent or www for some time.
Additionally, other I2P nodes need to know an I2P router to test it for reachability and capacity.
This process can be made faster when you interact with the network, for instance by using applications, or visiting I2P sites, which will result in more tunnel building and therefore more activity and reachability for testing by nodes on the network.
{%- endtrans %}</p>
<h2>{{ _('Performance Improvements') }}</h2>

20
i2p2www/pages/site/about/software.html
View File

@ -3,14 +3,12 @@
{% block content %}
<h1>{{ _('The I2P Software') }} (I2P)</h1>
<p>{% trans %}When you install the I2P software made available at geti2p.net, you are
actually installing an I2P router and an accompanying bundle of basic
applications. The I2P Java distribution is the first I2P software gateway and
has been actively developed since 2003.{%- endtrans %}</p>
<p>{% trans %}The applications are made available through a webUI, which listens at
127.0.0.1:7657, and the main page of which is called the “Router Console,”
where you monitor the health of your connection to the network and access
applications to use on the network.{%- endtrans %}</p>
<p>{% trans %}The I2P Java distribution is the first I2P software gateway and
has been actively developed since 2003. It includes a router, applications, and the ability to manage and customize your own connection with the I2P network using a built in Hidden Services manager{%- endtrans %}</p>
<p>{% trans %}Applications are made available through a webUI that listens at
127.0.0.1:7657. The main page is called the “Router Console,”
where network connection status is displayed and access
to applications is provided.{%- endtrans %}</p>
<h3>{% trans %}What is included:{%- endtrans %}</h3>
<p>{% trans %}<strong>The Set Up Wizard</strong>: When you download the
I2P software, a set up wizard will guide you through a few configuration steps
@ -18,8 +16,8 @@ while your router is making its first connections to the network. This happens
the same way that your home router connects you to the Internet. During the set
up process, you will be given the option to test your bandwidth and set your
bandwidth limits in order to ensure a good connection as a network peer.{%- endtrans %}</p>
<p>{% trans %}<strong>The I2P Router Console</strong>: Here is where you can see your
network connections and information about your router. You will be able to see how many peers you
<p>{% trans %}<strong>The I2P Router Console</strong>: Here is where you can see your router
network connections. You will be able to see how many peers you
have, and other information that will help if you need to troubleshoot. You can
stop and start the router as well. You will see the applications that the
software includes, as well as links to some community forums and sites on the
@ -47,7 +45,7 @@ a camera. This is especially useful for Android devices.</p>
adapter for forwarding services ( ie SSH ) into I2P and proxying client
requests to and from I2P. It provides a variety of “Tunnel Types” which are
able to do advance filtering of traffic before it reaches I2P.{%- endtrans %}</p>
<h3>{% trans %}Applications Outside I2P to use with I2P{%- endtrans %}</h3>
<h3>{% trans %}I2P Network Compatible Applications{%- endtrans %}</h3>
<p>{% trans browser=site_url('about/browser-config') %}<strong><a href="{{ browser }}">Mozilla Firefox</a></strong>: A web browser with advanced privacy and
security features, this is the best browser to configure to browse I2P
sites.{%- endtrans %}</p>

2
i2p2www/pages/site/about/team.html
View File

@ -403,7 +403,7 @@ network.
<td valign="top" colspan="2">{% trans %}&hellip; and many others{% endtrans %}</td>
</tr>
<tr>
<td><a href="site_url(about/hall-of-fame)">Hall of Fame!</a></td>
<td>{% trans famehall=site_url('about/hall-of-fame') -%}<a href="{{ famehall }}">Hall of Fame!</a>{%- endtrans %}</td>
</tr>
</table>
{% endblock %}

117
i2p2www/pages/site/contact.html
View File

@ -23,8 +23,9 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<h2>{{ _('Forums') }}</h2>
<p>{% trans -%}Please visit our I2P user forum - {%- endtrans %} <a href="http://{{ i2pconv('i2pforum.i2p') }}/">{{ i2pconv('i2pforum.i2p') }}</a> ({% trans -%}available on non-private internet at https://i2pforum.net and on I2P at http://i2pforum.i2p{%- endtrans %})</p>
<p>{% trans zzz=i2pconv('zzz.i2p') -%}
Most of the discussion about I2P's development happens on the <a href="http://{{ zzz }}">I2P developer forum</a> (only reachable from within I2P network). This is usually the best place to start with inquiries, if the dev IRC channel is inactive.
<p>{% trans zzz=i2pconv('i2pforum.i2p') -%}
The discussion about I2P's development happens on the <a href="http://{{ zzz }}">I2P user forum</a>. This is usually the best place to start with developer inquiries, if the dev IRC channel is inactive.
For general support use either the <a href="http://{{ zzz }}">I2P user forum</a> or the Subreddit.
{%- endtrans %}</p>
<h2>{{ _('Social Media') }}</h2>
@ -81,19 +82,14 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<table border="0">
<tr>
<td valign="top" rowspan="31"><b>{{ _('Admin') }}</b></td>
<td valign="top"><b>{{ _('Project Manager') }}</b></td>
<td valign="top">zzz</td>
<td valign="top"><i>{{ _('point of contact of last resort') }}</i></td>
<td valign="top"><b>{{ _('I2P Java Release Manager') }}</b></td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Builds and signs the releases') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Donations treasurer') }}</b></td>
<td valign="top">meeh</td>
<td valign="top"><i>{{ _('manage donations') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('PR manager') }}</b></td>
<td valign="top"><b>{{ _('Outreach') }}</b></td>
<td valign="top">Sadie</td>
<td valign="top"><i>{{ _('press contact, manages public relations and affairs') }}</i></td>
<td valign="top"><i>{{ _('Coordinator with community, NGOs and human rights groups. Meeting facilitator, Digital Security training and Press') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Assistant PR manager') }}</b></td>
@ -103,7 +99,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<tr>
<td valign="top"><b>{% trans forum=i2pconv('i2pforum.i2p') %}<a href="http://{{ forum }}/">Forum</a> admin{% endtrans %}</b></td>
<td valign="top">eche|on</td>
<td valign="top"><i>{{ _('manage the public user forum') }}</i></td>
<td valign="top"><i>{{ _('I2P public forum maintainer') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Download mirrors admin') }}</b></td>
@ -122,68 +118,58 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
</tr>
<tr>
<td valign="top"><b>{{ _('Packager; Linux') }}</b></td>
<td valign="top">zzz</td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Linux (Debian/Ubuntu) distribution packager') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Packager; Windows') }}</b></td>
<td valign="top">zzz</td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Windows installer packager') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Packager; OSX') }}</b></td>
<td valign="top">zlatinb</td>
<td valign="top">echelon</td>
<td valign="top"><i>{{ _('OSX installer packager') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Release Manager') }}</b></td>
<td valign="top">zzz</td>
<td valign="top"><i>{{ _('Builds and signs the releases') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Release Manager Alternates') }}</b></td>
<td valign="top">eche|on, str4d</td>
<td valign="top">eche|on</td>
<td valign="top"><i>{{ _('Backup release managers') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('CI admin') }}</b></td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Maintain the Continuous Integration infrastructure') }}</i></td>
<td valign="top"><i>{{ _('Maintain Continuous Integration infrastructure') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Reseed admin') }}</b></td>
<td valign="top"><b>{{ _('Reseed Admin') }}</b></td>
<td valign="top">backup</td>
<td valign="top"><i>{{ _('Monitors, advises and recruits reseed hosts') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Security Researcher') }}</b></td>
<td valign="top" class="blue">[{{ _('vacant') }}]</td>
<td valign="top"><i>{{ _('threat model / crypto expert') }}</i></td>
</tr>
<tr>
<td valign="top"><b><a href="https://i2pgit.org/">Gitlab</a> admin</b></td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Manage the project gitlab') }}</i></td>
<td valign="top"><i>{{ _('I2P Gitlab maintainer') }}</i></td>
</tr>
<tr>
<td valign="top"><b><a href="https://i2pgit.org/dashboard/issues">Issue Tracker(Replaces Trac)</a> admin</b></td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Manage the project bug tracker') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Translation admins') }}</b></td>
<td valign="top">eche|on, zzz, idk, Sadie</td>
<td valign="top"><b>{{ _('Localization') }}</b></td>
<td valign="top">eche|on, idk, Sadie</td>
<td valign="top">Admins on <a href="https://www.transifex.com/projects/p/I2P/">Transifex</a></td>
</tr>
<tr>
<td valign="top"><b>{{ _('User Advocate') }}</b></td>
<td valign="top"><b>{{ _('Translators') }}</b></td>
<td valign="top">{{ _('many many people!') }}</td>
<td valign="top">Translators on <a href="https://www.transifex.com/projects/p/I2P/">Transifex</a></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Usability Lead') }}</b></td>
<td valign="top">Sadie</td>
<td valign="top"><i>{{ _('gather, prioritize, advocate for user needs') }}</i></td>
<td valign="top"><i>{{ _('Usability research') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Product Development') }}</b></td>
<td valign="top">Sadie</td>
<td valign="top"><i>{{ _('supervises projects from the early planning stages to project completion') }}</i></td>
<td valign="top"><i>{{ _('supervises projects from the early planning stages to project completion') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Website Maintainer') }}</b></td>
@ -193,12 +179,12 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<tr>
<td valign="top"><b>{% trans website=site_url() %}<a href="{{ website }}">Webserver</a> admin{% endtrans %}</b></td>
<td valign="top">eche|on</td>
<td valign="top"><i>{{ _('manage the public project webservers') }}</i></td>
<td valign="top"><i>{{ _('manage public project webservers') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{% trans website=site_url() %}<a href="{{ website }}">Website</a> admin{% endtrans %}</b></td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('manage the public project website content') }}</i></td>
<td valign="top"><i>{{ _('manage the public project website') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('News Admin') }}</b></td>
@ -210,11 +196,6 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('manage the backup news feed') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Design and Usability') }}</b></td>
<td valign="top">Sadie, idk</td>
<td valign="top"><i>{{ _('ongoing improvements to user experience for website and software') }}</i></td>
</tr>
<tr>
<td valign="top"><b>Google Play admin</b></td>
<td valign="top">idk</td>
@ -230,31 +211,17 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<td valign="top">StormyCloud</td>
<td valign="top"><i></i></td>
</tr>
</table>
<table>
<tr>
<!--<td valign="top"><b>{{ _('Director of passion') }}</b></td>
<td valign="top" class="blue">[{{ _('vacant') }}]</td>
<td valign="top"><i>{{ _('community motivator') }}</i></td>-->
</tr>
<tr><td colspan="4"><hr /></td></tr>
<tr>
<td valign="top" rowspan="17"><b>{{ _('Dev') }}</b></td>
<td valign="top"><b>{{ _('Core Lead') }}</b></td>
<td valign="top">zzz</td>
<td valign="top"><i>{{ _('lead dev for the SDK and router') }}</i></td>
</tr>
<tr>
<td valign="top" rowspan="17"><b>{{ _('I2P Core Integration Mainatainers') }}</b></td>
<td valign="top"><b>{% trans postman=i2pconv('hq.postman.i2p') %}<a href="http://{{ postman }}/">I2P mail</a> lead{% endtrans %}</b></td>
<td valign="top">postman</td>
<td valign="top"><i>{{ _('organize and develop the i2p mail system') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{% trans bote=i2pconv('bote.i2p') %}<a href="http://{{ bote }}/">I2P-Bote</a> lead{% endtrans %}</b></td>
<td valign="top">str4d</td>
<td valign="top"><i>{{ _('I2P-Bote plugin') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{% trans forum=i2pconv('i2pforum.i2p') %}<a href="http://{{ forum }}/viewforum.php?f=12">I2PSnark</a> lead{% endtrans %}</b></td>
<td valign="top">zzz</td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Maintains the integrated Bittorrent client') }}</i></td>
</tr>
<tr>
@ -264,7 +231,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
</tr>
<tr>
<td valign="top"><b>{{ _('Susimail lead') }}</b></td>
<td valign="top">zzz</td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Susimail development') }}</i></td>
</tr>
<tr>
@ -279,14 +246,9 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
</tr>
<tr>
<td valign="top"><b>{{ _('SAM') }}</b></td>
<td valign="top">zzz</td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('SAM maintainer') }}</i></td>
</tr>
<tr>
<td valign="top"><b>{{ _('Translators') }}</b></td>
<td valign="top">{{ _('many many people!') }}</td>
<td valign="top">Translators on <a href="https://www.transifex.com/projects/p/I2P/">Transifex</a></td>
</tr>
<tr>
<tr>
<td valign="top" rowspan="6"><b>{{ _('Contributors') }}</b></td>
@ -298,7 +260,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<td valign="top"><i>{{ _('desktopgui, dijjer port') }}</i></td>
</tr>
<tr>
<td valign="top">zzz</td>
<td valign="top">idk</td>
<td valign="top"><i>{{ _('Debian/Ubuntu Packager and PPA maintainer') }}</i></td>
</tr>
<tr>
@ -310,12 +272,17 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<td valign="top" class="blue">[{{ _('vacant') }}]</td>
<td valign="top" class="blue"><i>{{ _('Help needed on many fronts!') }}</i></td>
</tr>
<tr><td colspan="4"><hr /></td></tr>
</table>
<table>
<tr>
<td valign="top" rowspan="39" colspan="2"><b>{{ _('Past contributors') }}</b></td>
<td valign="top">mihi</td>
<td valign="top"><i>{{ _('I2PTunnel development, ministreaming library') }}</i></td>
</tr>
<tr>
<td valign="top">zzz</td>
<td valign="top"><i>{{ _('Project lead, Lead Developer, Lead Maintainer, Forum Administrator, many other roles') }}</i></td>
</tr>
<tr>
<td valign="top">jrandom</td>
<td valign="top"><i>{{ _('Project lead, Syndie lead') }}</i></td>
@ -467,7 +434,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B F47E CFCD C461 75E6 694A</tt>
<td valign="top" colspan="2">{% trans %}&hellip; and many others{% endtrans %}</td>
</tr>
<tr>
<td><a href="site_url(about/hall-of-fame)">Hall of Fame!</a></td>
<td>{% trans website=site_url('about/hall-of-fame') %}<a href="{{ website }}">Hall of Fame!</a>{% endtrans %}</td>
</tr>
</table>

2
i2p2www/pages/site/docs/api/i2pcontrol.html
View File

@ -81,7 +81,7 @@ Parameters are only provided in a named way (maps).
<li>Token &ndash; [String] {% trans %}Token used for authenticating the client. Is provided by the server via the 'Authenticate' RPC method.{% endtrans %}</li>
</ul>
<ul>{{ _('Response:') }}
<li>Result &ndash; [double] {% trans %}Returns the average value for the reuested rateStat and period.{% endtrans %}</li>
<li>Result &ndash; [double] {% trans %}Returns the average value for the requested rateStat and period.{% endtrans %}</li>
</ul>
</ul>
<ul>I2PControl &ndash; {% trans %}Manages I2PControl. Ports, passwords and the like.{% endtrans %}

117
i2p2www/pages/site/docs/api/i2ptunnel.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}I2PTunnel{% endblock %}
{% block lastupdated %}2022-09{% endblock %}
{% block accuratefor %}1.9.0{% endblock %}
{% block lastupdated %}2023-10{% endblock %}
{% block accuratefor %}0.9.59{% endblock %}
{% block content %}
<h2 id="overview">{% trans %}Overview{% endtrans %}</h2>
@ -63,10 +63,9 @@ A HTTP-client tunnel. The tunnel connects to the destination specified by the UR
in a HTTP request. Supports proxying onto internet if an outproxy is provided. Strips HTTP connections of the following headers:
{%- endtrans %}</p>
<ul>
<li>{% trans -%}
<b>Accept, Accept-Charset, Accept-Language
and Accept-Ranges</b> as they vary greatly between browsers and can be used as an identifier.
{%- endtrans %}</li>
<li>
<b>Accept*:</b> (not including "Accept" and "Accept-Encoding") as they vary greatly between browsers and can be used as an identifier.
</li>
<li><b>Referer:</b></li>
<li><b>Via:</b></li>
<li><b>From:</b></li>
@ -108,28 +107,118 @@ and to provide a better user experience.
<li>Over 20 unique translated, styled, and formatted error pages for various errors
<li>Internal web server to serve forms, CSS, images, and errors
</ul>
<li>Transparent response decompression:
<ul><li>If the server-side HTTP proxy compressed the response,
the HTTP client proxy transparently decompresses it.
</ul>
</ul>
<h4>Transparent Response Compression</h4>
<p>
The i2ptunnel compression is requested with the HTTP header:
The i2ptunnel response compression is requested with the HTTP header:
</p>
<ul>
<li><b>X-Accept-Encoding: </b> x-i2p-gzip;q=1.0, identity;q=0.5, deflate;q=0, gzip;q=0, *;q=0</li>
</ul>
<p>
The server side strips this hop-by-hop header before sending the request to the web server.
The elaborate header with all the q values is not necessary;
servers should just look for "x-i2p-gzip" anywhere in the header.
</p>
<p>
The response indicating i2ptunnel compression contains the following HTTP header:
The server side determines whether to compress the response based on
the headers received from the webserver, including
Content-Type, Content-Length, and Content-Encoding,
to assess if the response is compressible and is worth the additional CPU required.
If the server side compresses the response, it adds the following HTTP header:
</p>
<ul>
<li><b>Content-Encoding: </b> x-i2p-gzip</li>
</ul>
<p>
If this header is present in the response,
the HTTP client proxy transparently decompresses it.
The client side strips this header and gunzips before sending the response to the browser.
Note that we still have the underlying gzip compression at the I2CP layer,
which is still effective if the response is not compressed at the HTTP layer.
</p>
<p>
This design and the current implementation violate RFC 2616 in several ways:
</p>
<ul><li>
X-Accept-Encoding is not a standard header
</li><li>
Does not dechunk/chunk per-hop; it passes through chunking end-to-end
</li><li>
Passes Transfer-Encoding header through end-to-end
</li><li>
Uses Content-Encoding, not Transfer-Encoding, to specify the per-hop encoding
</li><li>
Prohibits x-i2p gzipping when Content-Encoding is set (but we probably don't want to do that anyway)
</li><li>
The server side gzips the server-sent chunking, rather than doing dechunk-gzip-rechunk and dechunk-gunzip-rechunk
</li><li>
The gzipped content is not chunked afterwards.
RFC 2616 requires that all Transfer-Encoding other than "identity" is chunked.
</li><li>
Because there is no chunking outside (after) the gzip,
it is more difficult to find the end of the data, making any implementation of keepalive harder.
</li><li>
RFC 2616 says Content-Length must not be sent if Transfer-Encoding is present,
but we do. The spec says ignore Content-Length if Transfer-Encoding is present,
which the browsers do, so it works for us.
</li></ul>
<p>
Changes to implement a standards-compliant hop-by-hop compression in a backward-compatible
manner are a topic for further study.
Any change to dechunk-gzip-rechunk would require a new encoding type, perhaps
x-i2p-gzchunked.
This would be identical to Transfer-Encoding: gzip, but would have to be
signalled differently for compatibility reasons.
Any change would require a formal proposal.
</p>
<h4>Transparent Request Compression</h4>
<p>
Not supported, although POST would benefit.
Note that we still have the underlying gzip compression at the I2CP layer.
</p>
<h4>Persistence</h4>
<p>
The client and server proxies do not currently support RFC 2616 HTTP persistent sockets
on any of the three hops (browser socket, I2P socket, server socket).
Connection: close headers are injected at every hop.
Changes to implement a persistence are under investigation.
These changes should be standards-complaint and backwards-compatible,
and would not require a formal proposal.
</p>
<h4>Pipelining</h4>
<p>
The client and server proxies do not currently support RFC 2616 HTTP pipelining
and there are no plans to do so.
Modern browswers do not support pipelining through proxies because
most proxies cannot implement it correctly.
</p>
<h4>Compatibility</h4>
<p>
Proxy implementations must work correctly with other implementations
on the other side. Client proxies should work without a
HTTP-aware server proxy (i.e. a standard tunnel) on the server side.
Not all implementations support x-i2p-gzip.
</p>
<h4>User Agent</h4>
<p>{% trans -%}
Depending on if the tunnel is using an outproxy or not it will append the following User-Agent:
{%- endtrans %}</p>
@ -164,7 +253,7 @@ The following allow list is for commands inbound from the IRC server to the IRC
</ul>
<p>
There is also a whitelist is for commands outbound from the IRC client to the IRC server.
There is also an allow list is for commands outbound from the IRC client to the IRC server.
It is quite large due to the number of IRC administrative commands.
See the IRCFilter.java source for details.
The outbound filter also modifies the following commands to strip identifying information:

237
i2p2www/pages/site/docs/api/samv3.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}SAM V3{% endblock %}
{% block lastupdated %}2022-09{% endblock %}
{% block accuratefor %}1.9.0{% endblock %}
{% block lastupdated %}2023-11{% endblock %}
{% block accuratefor %}API 0.9.59{% endblock %}
{% block content %}
<p>SAM is a simple client protocol for interacting with I2P.
SAM is the recommended protocol for non-Java applications to connect to the I2P network,
@ -12,6 +12,7 @@ Java applications should use the streaming or I2CP APIs directly.
was introduced in I2P release 0.7.3 (May 2009) and is a stable and supported interface.
3.1 is also stable and supports the signature type option, which is strongly recommended.
More recent 3.x versions support advanced features.
Note that i2pd does not currently support most 3.2 and 3.3 features.
</p><p>
Alternatives:
<a href="socks">SOCKS</a>,
@ -24,6 +25,11 @@ Deprecated versions:
</p>
<h2>Known SAM libraries</h2>
<p>
Warning: Some of these may be very old or unsupported.
None are tested, reviewed, or maintained by the I2P project unless noted below.
Do your own research.
</p>
<table class="unwrapped-table">
<colgroup>
<col style="width: 8%" />
@ -73,7 +79,7 @@ Deprecated versions:
<td>yes</td>
<td><a href="https://bitbucket.org/eyedeekay/sam3">bitbucket.org/eyedeekay/sam3</a></td>
</tr>
<tr class="even">
<tr class="odd">
<td>txi2p</td>
<td>Python</td>
<td>3.1</td>
@ -82,7 +88,7 @@ Deprecated versions:
<td>no</td>
<td><a href="https://github.com/str4d/txi2p">github.com/str4d/txi2p</a></td>
</tr>
<tr class="odd">
<tr class="even">
<td>i2p.socket</td>
<td>Python</td>
<td>3.2</td>
@ -91,16 +97,34 @@ Deprecated versions:
<td>yes</td>
<td><a href="https://github.com/majestrate/i2p.socket">github.com/majestrate/i2p.socket</a></td>
</tr>
<tr class="even">
<tr class="odd">
<td>i2plib</td>
<td>Python</td>
<td>3.1</td>
<td>yes</td>
<td>yes</td>
<td>yes</td>
<td>no</td>
<td>no</td>
<td><a href="https://github.com/l-n-s/i2plib">github.com/l-n-s/i2plib</a></td>
</tr>
<tr class="odd">
<td>i2plib-fork</td>
<td>Python</td>
<td>3.1</td>
<td>yes</td>
<td>no</td>
<td>no</td>
<td><a href="https://codeberg.org/weko/i2plib-fork">codeberg.org/weko/i2plib-fork</a></td>
</tr>
<tr class="even">
<td>Py2p</td>
<td>Python</td>
<td>3.3</td>
<td>yes</td>
<td>yes</td>
<td>yes</td>
<td><a href="https://i2pgit.org/robin/Py2p">i2pgit.org/robin/Py2p</a></td>
</tr>
<tr class="odd">
<td>i2p-rs</td>
<td>Rust</td>
<td>3.1</td>
@ -143,7 +167,7 @@ Deprecated versions:
<td>yes</td>
<td>no</td>
<td>yes</td>
<td><a href="https://codeberg.org/diva.exchange/i2p-sam">https://codeberg.org/diva.exchange/i2p-sam</a></td>
<td><a href="https://codeberg.org/diva.exchange/i2p-sam">codeberg.org/diva.exchange/i2p-sam</a></td>
</tr>
<tr class="even">
<td>node-i2p</td>
@ -208,6 +232,15 @@ Deprecated versions:
<td>yes</td>
<td><a href="https://notabug.org/acetone/i2pSAM-Qt">notabug.org/acetone/i2pSAM-Qt</a></td>
</tr>
<tr class="odd">
<td>bitcoin</td>
<td>C++</td>
<td>3.1</td>
<td>yes</td>
<td>no</td>
<td>no</td>
<td><a href="https://github.com/bitcoin/bitcoin/blob/master/src/i2p.cpp">source (not a library, but good reference code)</a></td>
</tr>
</tbody>
</table>
@ -226,6 +259,43 @@ To implement a basic TCP-only, peer-to-peer application, the client must support
<h2>General Guidance for Developers</h2>
<p>
SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
Most applications will only need one session, created at startup and closed on exit.
I2P is different from Tor, where circuits may be rapidly created and discarded.
Think carefully and consult with I2P developers before designing your application
to use more than one or two simultaneous sessions, or to rapidly create and discard them.
Most threat models will not require a unique session for every connection.
</p><p>
Also, please ensure your application settings
(and guidance to users about router settings, or router defaults if you bundle a router)
will result in your users contributing more resources to the network than they consume.
I2P is a peer-to-peer network, and the network cannot survive if a popular application
drives the network into permanent congestion.
</p><p>
The Java I2P and i2pd router implementations are independent and have minor differences
in behavior, feature support, and defaults.
Please test your application with the latest version of both routers.
</p><p>
i2pd SAM is enabled by default; Java I2P SAM is not.
Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
and/or provide a good error message to the user if the initial connect fails,
e.g. "ensure that I2P is running and the SAM interface is enabled".
</p><p>
The Java I2P and i2pd routers have different defaults for tunnel quantities.
The Java default is 2 and the i2pd default is 5.
For most low- to medium-bandwidth and low- to medium-connection counts,
2 or 3 is sufficient.
Please specify the tunnel quantity in the SESSION CREATE message
to get consistent performance with the Java I2P and i2pd routers.
See below.
</p><p>
For more guidance to developers on ensuring your application uses only the resources it needs, please see
<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
</p>
<h2>Version 3 Changes</h2>
@ -248,9 +318,10 @@ can forward back I2P datagrams to the client's datagram server.
<h3>Version 3.1 Changes</h3>
<p>
Version 3.1 was introduced in I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
Version 3.1 was introduced in Java I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
minimum SAM implementation because of its support for better signature types
than SAM 3.0.
i2pd also supports most 3.1 features.
<ul>
<li>DEST GENERATE and SESSION CREATE now support a SIGNATURE_TYPE parameter.
<li>The MIN and MAX parameters in HELLO VERSION are now optional.
@ -261,7 +332,8 @@ than SAM 3.0.
<h3>Version 3.2 Changes</h3>
<p>
Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
Version 3.2 was introduced in Java I2P release 0.9.24 (January 2016).
Note that i2pd does not currently support most 3.2 features.
</p>
<h4>I2CP Port and Protocol Support</h4>
@ -309,7 +381,8 @@ Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
<h3>Version 3.3 Changes</h3>
<p>
Version 3.3 was introduced in I2P release 0.9.25 (March 2016).
Version 3.3 was introduced in Java I2P release 0.9.25 (March 2016).
Note that i2pd does not currently support most 3.3 features.
<ul>
<li>The same session may be used for streams, datagrams, and raw simultaneously.
Incoming packets and streams will be routed based on I2P protocol and to-port.
@ -386,7 +459,7 @@ COMMAND without a SUBCOMMAND is supported for some new commands in SAM 3.2 only.
</p><p>
Key=value pairs must be separated by
a single space. (As of SAM 3.2, multiple spaces are allowed)
Values may be enclosed in double quotes if they contain spaces,
Values must be enclosed in double quotes if they contain spaces,
e.g. key="long value text".
(Prior to SAM 3.2, this did not work reliably in some implementations)
</p><p>
@ -442,7 +515,7 @@ If the SAM bridge cannot find a suitable version, it replies with:
</pre>
If some error occurred, such as a bad request format, it replies with:
<pre>
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
</pre>
</p>
@ -471,13 +544,13 @@ Clients should promptly send the HELLO and the next command after connecting.
</p><p>
If a timeout occurs before the HELLO is received, the bridge replies with:
<pre>
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
</pre>
and then disconnects.
</p><p>
If a timeout occurs after the HELLO is received but before the next command, the bridge replies with:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
</pre>
and then disconnects.
</p>
@ -497,9 +570,45 @@ For PROTOCOL, which may be specified only for RAW, the valid range is 0-255, and
For SESSION commands, the specified ports and protocol are the defaults for that session.
For individual streams or datagrams, the specified ports and protocol override the session defaults.
For received streams or datagrams, the indicated ports and protocol are as received from <a href="{{ site_url('docs/protocol/i2cp') }}">I2CP</a>.
</p><p>
</p>
<h4>Important Differences from Standard IP</h4>
I2CP ports are for I2P sockets and datagrams. They are unrelated to your local sockets connecting to SAM.
<ul><li>
Port 0 is valid and has special meaning.
</li><li>
Ports 1-1023 are not special or privileged.
</li><li>
Servers listen on port 0 by default, which means "all ports".
</li><li>
Clients send to port 0 by default, which means "any port".
</li><li>
Clients send from port 0 by default, which means "unspecified".
</li><li>
Servers may have a service listening on port 0 and other services listening on higher ports.
If so, the port 0 service is the default, and will be connected to if the incoming
socket or datagram port does not match another service.
</li><li>
Most I2P destinations only have one service running on them, so you may use the defaults, and ignore I2CP port configuration.
</li><li>
SAM 3.2 or 3.3 is required to specify I2CP ports.
</li><li>
If you don't need I2CP ports, you don't need SAM 3.2 or 3.3; 3.1 is sufficient.
</li><li>
Protocol 0 is valid and means "any protocol". This is not recommended, and probably will not work.
</li><li>
I2P sockets are tracked by an internal connection ID.
Therefore, there is no requirement that the 5-tuple of dest:port:dest:port:protocol be unique.
For example, there may be multiple sockets with the same ports between two destinations.
Clients do not need to pick a "free port" for an outbound connection.
</li></ul>
<p>
If you are designing a SAM 3.3 application with multiple subsessions, think carefully
about how to use ports and protocols effectively.
See the <a href="{{ site_url('docs/protocol/i2cp') }}">I2CP</a> specification for more information.
</p><p>
</p>
@ -512,6 +621,9 @@ and the session terminates when the socket is disconnected.
</p><p>
Each registered I2P Destination is uniquely associated with a session ID
(or nickname).
Session IDs, including subsession IDs for PRIMARY sessions, must be globally unique
on the SAM server. To prevent possible ID collisions with other clients,
best practice is for the client to generate IDs randomly.
</p><p>
Each session is uniquely associated with:
@ -554,9 +666,12 @@ optionally followed by the <a href="{{ site_url('docs/spec/common-structures') }
which is 663 or more bytes in binary and 884 or more bytes in base 64,
depending on signature type.
The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
See additional notes about the
<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
in the Destination Key Generation section below.
</p><p>
If the signing private key is all zeros, the
If the signing private key is all zeros,
the <a href="{{ site_url('docs/spec/common-structures') }}#struct_OfflineSignature">Offline Signature</a> section follows.
Offline signatures are only supported for STREAM and RAW sessions.
Offline signatures may not be created with DESTINATION=TRANSIENT.
@ -581,7 +696,8 @@ As of version 3.1 (I2P 0.9.14), if the destination is TRANSIENT, an optional par
SIGNATURE_TYPE is supported. The SIGNATURE_TYPE value may be any name
(e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
The default is DSA_SHA1.
The default is DSA_SHA1, which is NOT what you want.
For most applications, please specify SIGNATURE_TYPE=7.
</p><p>
$nickname is the choice of the client. No whitespace is allowed.
@ -589,7 +705,17 @@ $nickname is the choice of the client. No whitespace is allowed.
</p><p>
Additional options given are passed to the I2P session
configuration if not interpreted by the SAM bridge (e.g.
outbound.length=0). These options <a href="#options">are documented below</a>.
outbound.length=0).
</p><p>
The Java I2P and i2pd routers have different defaults for tunnel quantities.
The Java default is 2 and the i2pd default is 5.
For most low- to medium-bandwidth and low- to medium-connection counts,
2 or 3 is sufficient.
Please specify the tunnel quantities in the SESSION CREATE message
to get consistent performance with the Java I2P and i2pd routers,
using the options e.g. inbound.quantity=3 outbound.quantity=3.
These and other options <a href="#options">are documented in the links below</a>.
</p><p>
</p><p>
The SAM bridge itself should already be configured with what router
@ -645,18 +771,25 @@ If the destination is not a valid private destination key:
</p><p>
If some other error has occurred:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
</pre>
</p><p>
If it's not OK, the MESSAGE should contain human-readable information
as to why the session could not be created.
</p><p>
Note that the router builds tunnels before responding with SESSION STATUS.
This could take several seconds, or, at router startup or during severe network congestion,
a minute or more.
If unsuccessful, the router will not respond with a failure message for several minutes.
Do not set a short timeout waiting for the response.
Do not abandon the session while tunnel build is in progress and retry.
</p><p>
SAM sessions live and die with the socket they are associated with.
When the socket is closed, the session dies, and all communications
using the session die at the same time. And the other way round, when
using the session die at the same time. And the other way around, when
the session dies for any reason, the SAM bridge closes the socket.
</p>
@ -751,6 +884,11 @@ peer. If the connection was not possible (timeout, etc),
RESULT will contain the appropriate error value (accompanied by an
optional human-readable MESSAGE), and the SAM bridge closes the
socket.
</p><p>
The router stream connect timeout internally is approximately one minute, implementation-dependent.
Do not set a shorter timeout waiting for the response.
</p>
<h3>SAM Virtual Streams : ACCEPT</h3>
@ -781,6 +919,8 @@ ACCEPT is not allowed while there is an active FORWARD on the session.
As of SAM 3.2,
multiple concurrent pending STREAM ACCEPTs are allowed on the same session ID (even with the same port).
Prior to 3.2, concurrent accepts would fail with ALREADY_ACCEPTING.
Note: Java I2P also supports concurrent ACCEPTs on SAM 3.1, as of release 0.9.24 (2016-01).
i2pd also supports concurrent ACCEPTs on SAM 3.1, as of release 2.50.0 (2023-12).
</p>
<h4>Accept Response</h4>
@ -842,6 +982,26 @@ passing through the current socket is forwarded from and to the connected
I2P destination peer, until one of the peer closes the socket.
</p>
<h4>Errors After OK</h4>
<p>
In rare cases, the SAM bridge may encounter an error after sending RESULT=OK,
but before a connection comes in and sending the $destination line to the client.
These errors may include router shutdown, router restart, and session close.
In these cases, when SILENT=false, the SAM bridge may, but is not required to
(implementation-dependent), send the line:
<pre>
&lt;- STREAM STATUS
RESULT=I2P_ERROR
[MESSAGE=...]
</pre>
before immediately closing the socket. This line is not, of course, decodable as a
valid Base 64 destination.
</p>
<h3>SAM Virtual Streams : FORWARD</h3>
<p>
A client can use a regular socket server and wait for connection requests
@ -1288,6 +1448,12 @@ as appropriate. Support for the ID parameter may be added in a future release.
Version 3.3 was introduced in I2P release 0.9.25.
</i></p>
<p><i>
In an earlier version of this specification, PRIMARY sessions were known as
MASTER sessions. In both <code>i2pd</code> and <code>I2P+</code>, they are still
known only as MASTER sessions.
</i></p>
<p>
SAM v3.3 adds support for running streaming, datagrams, and raw subsessions on the same
primary session, and for running multiple subsessions of the same style.
@ -1451,7 +1617,7 @@ which is answered by
RESULT=$result
NAME=$name
[VALUE=$destination]
[MESSAGE=$message]
[MESSAGE="$message"]
</pre>
@ -1507,7 +1673,8 @@ which is answered by
As of version 3.1 (I2P 0.9.14), an optional parameter SIGNATURE_TYPE is supported.
The SIGNATURE_TYPE value may be any name (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
that is supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
The default is DSA_SHA1.
The default is DSA_SHA1, which is NOT what you want.
For most applications, please specify SIGNATURE_TYPE=7.
</p><p>
The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
@ -1522,6 +1689,22 @@ which is 884 or more base 64 characters (663 or more bytes in binary),
depending on signature type.
The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
</p><p>
Notes about the 256-byte binary
<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>:
This field has been unused since version 0.6 (2005).
SAM implementations may send random data or all zeros in this field;
do not be alarmed about a string of AAAA in the base 64.
Most applications will simply store the base 64 string and return it as-is in the SESSION CREATE, or
decode to binary for storage, then encode again for SESSION CREATE.
Applications may, however, decode the base 64, parse the binary following
the PrivateKeyFile specification, discard the 256-byte private key portion,
and then replace it with 256 bytes of random data or all zeros when re-encoding it for the SESSION CREATE.
ALL other fields in the PrivateKeyFile specification must be preserved.
This would save 256 bytes of file system storage but is probably not worth the trouble for most applications.
See proposal 161 for addtional information and background.
</p><p>
DEST GENERATE does not require that a session has been created first.
</p>
@ -1547,7 +1730,7 @@ Either side may close the session and socket if no response is received in a rea
</p><p>
If a timeout occurs waiting for a PONG from the client, the bridge may send:
<pre>
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
</pre>
and then disconnect.
</p><p>
@ -1628,11 +1811,11 @@ their meaning:
<h3 id="options">Tunnel, I2CP, and Streaming Options</h3>
<p>
These options may be passed in as name=value pairs at the end of a
These options may be passed in as name=value pairs in the
SAM SESSION CREATE line.
</p><p>
All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths</a>.
All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths and quantities</a>.
STREAM sessions may include <a href="{{ site_url('docs/api/streaming') }}#options">Streaming library options</a>.
</p><p>
See those references for option names and defaults.

58
i2p2www/pages/site/docs/applications/bittorrent.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}Bittorrent over I2P{% endtrans %}{% endblock %}
{% block lastupdated %}2022-01{% endblock %}
{% block accuratefor %}0.9.52{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block accuratefor %}0.9.57{% endblock %}
{% block content %}
<p>{% trans -%}
@ -23,6 +23,60 @@ We welcome additional ports of client and tracker software to I2P.
<h2>General Guidance for Developers</h2>
<p>
Most non-Java bittorrent clients will connect to I2P via <a href="{{ site_url('docs/api/samv3') }}">SAMv3</a>.
SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
Most bittorrent clients will only need one session, created at startup and closed on exit.
I2P is different from Tor, where circuits may be rapidly created and discarded.
Think carefully and consult with I2P developers before designing your application
to use more than one or two simultaneous sessions, or to rapidly create and discard them.
Bittorrent clients must not create a unique session for every connection.
Design your client to use the same session for announces and client connections.
</p><p>
Also, please ensure your client settings
(and guidance to users about router settings, or router defaults if you bundle a router)
will result in your users contributing more resources to the network than they consume.
I2P is a peer-to-peer network, and the network cannot survive if a popular application
drives the network into permanent congestion.
</p><p>
Do not provide support for bittorrent through an I2P outproxy to the clearnet
as it will probably be blocked. Consult with outproxy operators for guidance.
</p><p>
The Java I2P and i2pd router implementations are independent and have minor differences
in behavior, feature support, and defaults.
Please test your application with the latest version of both routers.
</p><p>
i2pd SAM is enabled by default; Java I2P SAM is not.
Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
and/or provide a good error message to the user if the initial connect fails,
e.g. "ensure that I2P is running and the SAM interface is enabled".
</p><p>
The Java I2P and i2pd routers have different defaults for tunnel quantities.
The Java default is 2 and the i2pd default is 5.
For most low- to medium-bandwidth and low- to medium-connection counts, 3 is sufficient.
Please specify the tunnel quantity in the SESSION CREATE message
to get consistent performance with the Java I2P and i2pd routers.
</p><p>
DHT support requires SAM v3.3 PRIMARY and SUBSESSIONS for TCP and UDP over the same session.
This will require substantial development effort on the client side, unless the client is written in Java.
i2pd does not currently support SAM v3.3.
libtorrent does not currently support SAM v3.3.
</p><p>
Without DHT support, you may wish to automatically announce to
a configurable list of known open trackers so that magnet links will work.
Consult with I2P users for information on currently-up open trackers and keep your defaults up-to-date.
Supporting the i2p_pex extension will also help alleviate the lack of DHT support.
</p><p>
For more guidance to developers on ensuring your application uses only the resources it needs, please see
the <a href="{{ site_url('docs/api/samv3') }}">SAMv3 specification</a> and
<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
Contact I2P or i2pd developers for further assistance.
</p>
<h2>{% trans %}Announces{% endtrans %}</h2>
<p>{% trans -%}
Clients generally include a fake port=6881 parameter in the announce, for compatibility with older trackers.

120
i2p2www/pages/site/docs/applications/embedding.html
View File

@ -1,14 +1,16 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}Embedding I2P in your Application{% endtrans %}{% endblock %}
{% block lastupdated %}2019-11{% endblock %}
{% block accuratefor %}0.9.44{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block accuratefor %}2.1.0{% endblock %}
{% block content %}
<h2>{% trans %}Overview{% endtrans %}</h2>
<p>{% trans -%}
This page is about bundling the entire I2P router binary with your application.
It is not about writing an application to work with I2P (either bundled or external).
{%- endtrans %}</p>
{%- endtrans %}
However, many of the guidelines may be useful even if not bundling a router.
</p>
<p>{% trans -%}
Lots of projects are bundling, or talking about bundling, I2P. That's great if done right.
@ -17,8 +19,10 @@ The I2P router is complex, and it can be a challenge to hide all the complexity
This page discusses some general guidelines.
{%- endtrans %}</p>
<p>
Most of these guidelines apply equally to Java I2P or i2pd.
However, some guidelines are specific to Java I2P and are noted below.
</p>
<h3>{% trans %}Talk to us{% endtrans %}</h3>
<p>{% trans -%}
@ -41,6 +45,7 @@ Some of the following only applies to the Java router.
Ensure you meet the license requirements of the software you are bundling.
{%- endtrans %}</p>
<h2>Configuration</h2>
<h3>{% trans %}Verify default configuration{% endtrans %}</h3>
<p>{% trans -%}
@ -92,7 +97,20 @@ If you do this and your application gets hugely popular, it could break the netw
You must save the router's data (netdb, configuration, etc.) between runs of the router.
I2P does not work well if you must reseed each startup, and that's a huge load on our reseed servers, and not very good for anonymity either.
Even if you bundle router infos, I2P needs saved profile data for best performance.
Without persistence, your users will have a poor startup experience.
{%- endtrans %}</p>
<p>
There are two possibilities if you cannot provide persistence.
Either of these eliminates your project's load on our reseed servers and will significantly improve startup time.
</p><p>
1) Set up your own project reseed server(s) that serve much more than the usual number
of router infos in the reseed, say, several hundred. Configure the router to use only your servers.
</p><p>
2) Bundle one to two thousand router infos in your installer.
</p><p>
Also, delay or stagger your tunnel startup, to give the router a chance to integrate
before building a lot of tunnels.
</p>
@ -125,8 +143,64 @@ Be aware of possible blocking by hostile governments.
<h3>Use Shared Clients</h3>
<p>
Java I2P i2ptunnel supports shared clients, where clients may be configured to use a single pool.
If you require multiple clients, and if consistent with your security goals,
configure the clients to be shared.
</p>
<h3>Limit Tunnel Quantity</h3>
<p>
Specify tunnel quantity explicitly with the options <tt>inbound.quantity</tt> and <tt>outbound.quantity</tt>.
The default in Java I2P is 2; the default in i2pd is higher.
Specify in the SESSION CREATE line using SAM to get consistent settings with both routers.
Two each in/out is sufficient for most low-to-medium bandwidth and low-to-medium fanout applications.
Servers and high-fanout P2P applications may need more.
See <a href="http://zzz.i2p/topics/1584">this forum post</a> for guidance on calculating requirements
for high-traffic servers and applications.
</p>
<h3>Specify SAM SIGNATURE_TYPE</h3>
<p>
SAM defaults to DSA_SHA1 for destinations, which is not what you want.
Ed25519 (type 7) is the correct selection.
Add SIGNATURE_TYPE=7 to the DEST GENERATE command,
or to the SESSION CREATE command for DESTINATION=TRANSIENT.
</p>
<h3>Limit SAM Sessions</h3>
<p>
Most applications will only need one SAM session.
SAM provides the ability to quickly overwhelm the local router, or even the broader network,
if a large number of sessions are created.
If multiple sub-services can use a single session, set them up with
a PRIMARY session and SUBSESSIONS (not currently supported on i2pd).
A reasonable limit to sessions is 3 or 4 total, or maybe up to 10 for rare situations.
If you do have multiple sessions, be sure to specify a low tunnel quantity for each, see above.
</p><p>
In almost no situation should you require a unique session per-connection.
Without careful design, this could quickly DDoS the network.
Carefully consider if your security goals require unique sessions.
Please consult with the Java I2P or i2pd developers before implementing per-connection sessions.
</p>
<h3>{% trans %}Reduce Network Resource Usage{% endtrans %}</h3>
<p>
Note that these options are not currently supported on i2pd.
These options are supported via I2CP and SAM (except delay-open, which is via i2ptunnel only).
See the I2CP documentation (and, for delay-open, the i2ptunnel configuration documentation) for details.
</p>
<p>{% trans -%}
Consider setting your application tunnels to delay-open, reduce-on-idle and/or close-on-idle.
This is straightforward if using i2ptunnel but you'll have to implement some of it yourself if using I2CP directly.
@ -134,6 +208,7 @@ See i2psnark for code that reduces tunnel count and then closes the tunnel, even
{%- endtrans %}</p>
<h2>Life Cycle</h2>
<h3>{% trans %}Updatability{% endtrans %}</h3>
<p>{% trans -%}
@ -168,6 +243,8 @@ If your average uptime is less than an hour, I2P is probably the wrong solution.
{%- endtrans %}</p>
<h2>User Interface</h2>
<h3>{% trans %}Show Status{% endtrans %}</h3>
<p>{% trans -%}
@ -196,6 +273,8 @@ it may be helpful to provide an option or a separate package to use an external
{%- endtrans %}</p>
<h2>Other Topics</h2>
<h3>{% trans %}Use of other Common Services{% endtrans %}</h3>
<p>{% trans -%}
@ -207,6 +286,9 @@ and talk to the people who are running them to make sure it's ok.
<h3>{% trans %}Time / NTP Issues{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P. i2pd does not include an SNTP client.
</p>
<p>{% trans -%}
I2P includes an SNTP client. I2P requires correct time to operate.
It will compensate for a skewed system clock but this may delay startup. You may disable I2P's SNTP queries,
@ -216,6 +298,9 @@ but this isn't advised unless your application makes sure the system clock is co
<h3>{% trans %}Choose What and How you Bundle{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
At a minimum you will need i2p.jar, router.jar, streaming.jar, and mstreaming.jar.
You may omit the two streaming jars for a datagram-only app.
@ -243,15 +328,18 @@ License requirements may require you to include the LICENSES.txt file and the li
<li>{% trans -%}
You may also wish to bundle a hosts.txt file.
{%- endtrans %}</li>
<li>{% trans -%}
Be sure to specify a Java 7 bootclasspath if compiling with Java 8.
{%- endtrans %}</li>
<li>
Be sure to specify a bootclasspath if you are compiling Java I2P for your release, rather than taking our binaries.
</li>
</ul>
</p>
<h3>{% trans %}Android considerations{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
Our Android router app may be shared by multiple clients.
If it is not installed, the user will be prompted when he starts a client app.
@ -269,6 +357,9 @@ If you require assistance, please contact us.
<h3>{% trans %}Maven jars{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
We have a limited number of our jars on <a href="http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22net.i2p%22">Maven Central</a>.
There are numerous trac tickets for us to address that will improve and expand the released jars on Maven Central.
@ -293,6 +384,15 @@ Build your own. If you are hardcoding seed nodes, we recommend that you have sev
<h3>Outproxies</h3>
<p>
I2P outproxies to the clearnet are a limited resource.
Use outproxies only for normal user-initiated web browsing or other limited traffic.
For any other usage, consult with and get approval from the outproxy operator.
</p>
<h3>{% trans %}Comarketing{% endtrans %}</h3>
<p>{% trans -%}
Let's work together. Don't wait until it's done.
@ -314,6 +414,7 @@ Hang out in IRC #i2p-dev. Post on the forums. Spread the word.
We can help get you users, testers, translators, or even coders.
{%- endtrans %}</p>
<h2>Examples</h2>
<h3>{% trans %}Application Examples{% endtrans %}</h3>
@ -326,6 +427,9 @@ Other examples are: Vuze, the Nightweb Android app, iMule, TAILS, iCloak, and Mo
<h3>{% trans %}Code Example{% endtrans %}</h3>
<p>
Note: This section refers to Java I2P only.
</p>
<p>{% trans -%}
None of the above actually tells you how to write your code to
bundle the Java router, so following is a brief example.

2
i2p2www/pages/site/docs/applications/git-bundle.html
View File

@ -28,7 +28,7 @@
<h2 id="generating-a-bundle">{% trans -%}Generating a Bundle{%- endtrans %}</h2>
<p>{% trans -%} First, follow the <a href="GIT.md">Git guide for Users</a> until you have a successfully <code>--unshallow</code>ed clone of clone of the i2p.i2p repository. If you already have a clone, make sure you run <code>git fetch --unshallow</code> before you generate a torrent bundle. {%- endtrans %}</p>
<p>{% trans -%}Once you have that, simply run the corresponding ant target:{%- endtrans %}</p>
<pre><code>ant bundle</code></pre>
<pre><code>ant git-bundle</code></pre>
<p>{% trans -%} and copy the resulting bundle into your I2PSnark downloads directory. For instance: {%- endtrans %}</p>
<pre><code>cp i2p.i2p.bundle* $HOME/.i2p/i2psnark/</code></pre>
<p>{% trans -%} In a minute or two, I2PSnark will pick up on the torrent. Click on the “Start” button to begin seeding the torrent. {%- endtrans %}</p>

2
i2p2www/pages/site/docs/how/intro.html
View File

@ -178,7 +178,7 @@ scheduled development meetings, however <a href="{{ meetings }}">archives are av
{%- endtrans %}</p>
<p>{% trans monotone=site_url('get-involved/guides/monotone') -%}
The current source is available in <a href="{{ monotone }}">monotone</a>.
The current source is available in <a href="{{ monotone }}">git</a>.
{%- endtrans %}</p>
<h2>{% trans %}Additional Information{% endtrans %}</h2>

90
i2p2www/pages/site/docs/how/network-database.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}The Network Database{% endtrans %}{% endblock %}
{% block lastupdated %}{% trans %}August 2019{% endtrans %}{% endblock %}
{% block accuratefor %}0.9.42{% endblock %}
{% block lastupdated %}2023-11{% endblock %}
{% block accuratefor %}0.9.59{% endblock %}
{% block content %}
<h2>{% trans %}Overview{% endtrans %}</h2>
@ -46,7 +46,10 @@ to be present:
<li><b>caps</b>
({% trans %}Capabilities flags - used to indicate floodfill participation, approximate bandwidth, and perceived reachability{% endtrans %})
<ul>
<li><b>D</b>: Medium congestion (as of release 0.9.58)</li>
<li><b>E</b>: High congestion (as of release 0.9.58)</li>
<li><b>f</b>: {% trans %}Floodfill{% endtrans %}</li>
<li><b>G</b>: Rejecting all tunnels (as of release 0.9.58)</li>
<li><b>H</b>: {% trans %}Hidden{% endtrans %}</li>
<li><b>K</b>: {% trans amount='12 KBps' %}Under {{amount }} shared bandwidth{% endtrans %}</li>
<li><b>L</b>: {% trans amount='12 - 48 KBps' %}{{ amount }} shared bandwidth{% endtrans %} ({% trans %}default{% endtrans %})</li>
@ -61,10 +64,6 @@ to be present:
"Shared bandwidth" == (share %) * min(in bw, out bw)
<br>
For compatibility with older routers, a router may publish multiple bandwidth letters, for example "PO".
</li>
<li><b>coreVersion</b>
({% trans %}The core library version, always the same as the router version{% endtrans %})
(Never used, removed in release 0.9.24)
</li>
<li><b>netId</b> = 2
({% trans %}Basic network compatibility - A router will refuse to communicate with a peer having a different netId{% endtrans %})
@ -72,13 +71,28 @@ For compatibility with older routers, a router may publish multiple bandwidth le
<li><b>router.version</b>
({% trans %}Used to determine compatibility with newer features and messages{% endtrans %})
</li>
<li><b>stat_uptime</b> = 90m
({% trans %}Always sent as 90m, for compatibility with an older scheme where routers published their actual uptime,
and only sent tunnel requests to peers whose uptime was more than 60m{% endtrans %})
</ul>
<p>
Notes on R/U capabilities:
A router should usually publish the R or U capability, unless the reachability state is currently unknown.
R means that the router is directly reachable (no introducers required, not firewalled) on at least one transport address.
U means that the router is NOT directly reachable on ANY transport address.
<p>
Deprecated options:
<ul>
<li><strike>coreVersion</strike>
(Never used, removed in release 0.9.24)
</li>
<li><strike>stat_uptime</strike> = 90m
(Unused since version 0.7.9, removed in release 0.9.24)
</li>
</ul>
<p>{% trans -%}
These values are used by other routers for basic decisions.
Should we connect to this router? Should we attempt to route a tunnel through this router?
@ -116,16 +130,60 @@ Current statistics are limited to:
<li>{% trans %}1 hour average number of participating tunnels{% endtrans %}
</ul>
<p>{% trans -%}
Floodfill routers publish additional data on the number of entries in their network database.
{%- endtrans %}</p>
<p>
These are optional, but if included, help analysis of network-wide performance.
As of API 0.9.58, these statistics are simplified and standardized, as follows:
</p>
<ul>
<li>Option keys are stat_(statname).(statperiod)
<li>Option values are ';' -separated
<li>Stats for event counts or normalized percentages use the 4th value;
the first three values are unused but must be present
<li>Stats for average values use the 1st value, and no ';' separator is required
<li>For equal weighting of all routers in stats analysis,
and for additional anonymity,
routers should include these stats only after an uptime of one hour or more,
and only one time every 16 times that the RI is published.
</ul>
<p>
Example:
<pre>
stat_tunnel.buildExploratoryExpire.60m = 0;0;0;53.14
stat_tunnel.buildExploratoryReject.60m = 0;0;0;15.51
stat_tunnel.buildExploratorySuccess.60m = 0;0;0;31.35
stat_tunnel.participatingTunnels.60m = 289.20
</pre>
</p>
<p>{% trans -%}
The data published can be seen in the router's user interface,
but is not used or trusted within the router.
As the network has matured, we have gradually removed most of the published
statistics to improve anonymity, and we plan to remove more in future releases.
Floodfill routers may publish additional data on the number of entries in their network database.
These are optional, but if included, help analysis of network-wide performance.
{%- endtrans %}</p>
<p>
The following two options should be included by floodfill routers in every published RI:
</p>
<ul>
<li><b>netdb.knownLeaseSets</b>
<li><b>netdb.knownRouters</b>
</ul>
<p>
Example:
<pre>
netdb.knownLeaseSets = 158
netdb.knownRouters = 11374
</pre>
</p>
<p>
The data published can be seen in the router's user interface,
but is not used or trusted by any other router.
</p>
<h3>{% trans %}Family Options{% endtrans %}</h3>

7
i2p2www/pages/site/docs/naming.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}Naming and Address Book{% endtrans %}{% endblock %}
{% block lastupdated %}2020-07{% endblock %}
{% block accuratefor %}0.9.46{% endblock %}
{% block lastupdated %}2023-11{% endblock %}
{% block accuratefor %}0.9.59{% endblock %}
{% block content %}
<h2 id="overview">{% trans %}Overview{% endtrans %}</h2>
@ -486,7 +486,6 @@ are used, however there are some exceptions where they may fail if the
name does not immediately resolve. I2PTunnel will fail, for example, if
the name does not resolve to a destination.
{%- endtrans %}</p>
{% endblock %}
<h2 id="newbase32">Extended Base32 Names</h2>
@ -621,3 +620,5 @@ exceed the DNS max label length of 63 chars. Browsers probably do not care.
No backward compatibility issues. Longer b32 addresses will fail to be converted
to 32-byte hashes in old software.
</li></ul>
{% endblock %}

15
i2p2www/pages/site/docs/plugins.html
View File

@ -5,8 +5,8 @@
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans -%}
I2P includes a plugin architecture
to support easy development and installation of additional software.
The I2P network includes a plugin architecture
to support both easy development and installation of new plugins.
{%- endtrans %}</p>
<p>{% trans -%}
@ -14,7 +14,7 @@ There are now plugins available that support distributed email, blogs, IRC
clients, distributed file storage, wikis, and more.
{%- endtrans %}</p>
<h3>{% trans -%}Easy Installation of Applications{%- endtrans %}</h3>
<h3>{% trans -%}Adding Plugins To Your I2P Router{%- endtrans %}</h3>
<p>{% trans -%}
I2P Plugins can be installed by copying the plugin download URL onto
the appropriate section on the <a href="http://127.0.0.1:7657/configplugins">Router Console Plugin Configuration Page</a>.
@ -131,8 +131,7 @@ builds).
<h3>{% trans %}Development{% endtrans %}</h3>
<p>{% trans pluginspec=site_url('docs/spec/plugin'), zzz=i2pconv('zzz.i2p') -%}
See the latest <a href="{{ pluginspec }}">plugin specification</a> and the
<a href="http://{{ zzz }}/forums/16">plugin forum</a> on {{ zzz }}.
See the latest <a href="{{ pluginspec }}">plugin specification</a>
{%- endtrans %}</p>
<p>{% trans pluginsite=i2pconv('plugins.i2p') -%}
@ -141,15 +140,11 @@ as <a href="http://{{ pluginsite }}/plugins/snowman">snowman</a>, were developed
specifically as examples.
{%- endtrans %}</p>
<p>{% trans -%}
<b>Developers wanted!</b> Plugins are a great way to learn more about I2P
or easily add some feature.
{%- endtrans %}</p>
<h3>{% trans %}Getting Started{% endtrans %}</h3>
<p>{% trans url='https://github.com/i2p/i2p.scripts/tree/master/plugin/makeplugin.sh' -%}
To create a plugin from an existing binary package you will need to get
makeplugin.sh from <a href="{{ url }}">the i2p.scripts branch in monotone</a>.
makeplugin.sh from <a href="{{ url }}">the i2p.scripts repository in git</a>.
{%- endtrans %}</p>

54
i2p2www/pages/site/docs/protocol/i2cp.html
View File

@ -1,7 +1,7 @@
{% extends "global/layout.html" %}
{% block title %}I2CP{% endblock %}
{% block lastupdated %}2020-09{% endblock %}
{% block accuratefor %}0.9.47{% endblock %}
{% block lastupdated %}2023-10{% endblock %}
{% block accuratefor %}0.9.59{% endblock %}
{% block content %}
<p>{% trans -%}
The I2P Client Protocol (I2CP) exposes a strong separation of concerns between
@ -923,7 +923,17 @@ to work reliably in the presence of multiple channels.
<p>{% trans -%}
The gzip function cannot be completely turned off, however setting i2cp.gzip=false
turns the gzip effort setting to 0, which may save a little CPU.
{%- endtrans %}</p>
{%- endtrans %}
Implementations may select different gzip efforts on a per-socket or
per-message basis, depending on an assessment of the compressibility
of the contents. Due to the compressibility of destination padding implemented in
API 0.9.57 (proposal 161), compression of the streaming SYN packets
in each direction, and of repliable datagrams, is recommended even if
the payload is not compressible.
Implementations may wish to write a trivial gzip/gunzip function for
a gzip effort of 0, which will provide large efficiency gains
over a gzip library for this case.
</p>
<table border=1>
<tr>
<th>{% trans %}Bytes{% endtrans %}</th>
@ -972,6 +982,44 @@ specified by <a href="http://www.ietf.org/rfc/rfc1952.txt">RFC 1952</a>.
{%- endtrans %}</p>
<h2>Important Differences from Standard IP</h2>
<p>
I2CP ports are for I2P sockets and datagrams. They are unrelated to your local sockets or ports.
Because I2P did not support ports and protocol numbers prior to release 0.7.1,
ports and protocol numbers are somewhat different from that in standard IP,
for backward compatibility:
</p>
<ul><li>
Port 0 is valid and has special meaning.
</li><li>
Ports 1-1023 are not special or privileged.
</li><li>
Servers listen on port 0 by default, which means "all ports".
</li><li>
Clients send to port 0 by default, which means "any port".
</li><li>
Clients send from port 0 by default, which means "unspecified".
</li><li>
Servers may have a service listening on port 0 and other services listening on higher ports.
If so, the port 0 service is the default, and will be connected to if the incoming
socket or datagram port does not match another service.
</li><li>
Most I2P destinations only have one service running on them, so you may use the defaults, and ignore I2CP port configuration.
</li><li>
Protocol 0 is valid and means "any protocol". However, this is not recommended, and probably will not work.
Streaming requires that the protocol number is set to 6.
</li><li>
Streaming sockets are tracked by an internal connection ID.
Therefore, there is no requirement that the 5-tuple of dest:port:dest:port:protocol be unique.
For example, there may be multiple sockets with the same ports between two destinations.
Clients do not need to pick a "free port" for an outbound connection.
</li></ul>
<h2 id="future">{% trans %}Future Work{% endtrans %}</h2>
<ul>
<li>{% trans -%}

39
i2p2www/pages/site/docs/reseed.html
View File

@ -5,29 +5,28 @@
{% block content %}
<h2 id="about">{% trans %}About Reseed hosts{% endtrans %}</h2>
<h2 id="about">{% trans %}About Reseed Hosts{% endtrans %}</h2>
<p>{% trans -%}
Reseed hosts are needed to for bootstrapping, that is, providing the initial set
of I2P nodes for your I2P node to talk to. Depending on the status of your node
it may need to bootstrap every now and then if many of the nodes it knows of
aren't contactable.
Reseed hosts are needed for new routers to integrate with the I2P network.
During the bootstrapping process, reseed hosts provide an initial set of nodes for
a new router to make connections with. Occasionally an already integrated router
may need to go through the reseed process if it is experiencing connection issues with the network.
This is most often caused by its known nodes not being available.
{%- endtrans %}</p>
<p>{% trans -%}
Reseeding is done over an encrypted connection and all of the bootstrap
information is signed by the reseed host you connect to, making it impossible
for an unauthenticated source to provide you with false information.
information is signed by the reseed host you connect to. This makes it impossible
for an unauthenticated source to provide false information.
{%- endtrans %}</p>
<h2 id="running">{% trans %}Running a Reseed host{% endtrans %}</h2>
<p>
{% trans -%}Operating a reseed server can be accessible to any sysadmin familiar
with I2P, and we encourage new reseed operators to get in contact with us at
<a href="http://zzz.i2p">the development forums</a>. The more reseed hosts that
are run, the more resilient the I2P network becomes, and the harder it is to
prevent users of I2P from connecting to the network.
{% trans -%}Operating a reseed server will be familair for most sysadmins who have experience with
I2P. More reseed hosts result in more resilient I2P network connections for new
participating routers. It also makes it harder to prevent new routers from connecting to the I2P network.
{%- endtrans %}
</p>
@ -36,29 +35,27 @@ prevent users of I2P from connecting to the network.
<li><a href="https://i2pgit.org/idk/reseed-tools">Reseed Software and Documentation</a></li>
</ul>
<h2 id="other">{% trans %}Other ways of Reseeding{% endtrans %}</h2>
<h2 id="other">{% trans %}Other Ways Of Reseeding{% endtrans %}</h2>
<p>
{% trans -%}
In order to make I2P more reslient, other kinds of reseeding are possible. One
important way of carrying out a reseed is the file-based reseed, where a user
Other options for reseeding include file-based reseeds, where a user
with a running I2P router generates a reseed file for a friend and transfers it
to them as a .zip file. Others use cloud-based infrastructure to resist
censorship. These reseed methods provide functionality which aids people in
situations where reseeds are restricted.
to them as a .zip file. Using cloud-based infrastructure helps to resist
censorship, which aids people in situations where reseeds may be restricted.
{%- endtrans %}
</p>
<ul>
<li><a href="{{ site_url('blog/post/2020/06/07/file-based-reseed') }}">File Based Reseed</a></li>
<li><a href="https://homepage.np-tokumei.net/post/notes-i2p-reseed-over-cloudflare/">I2P Reseed over Cloudflare</a></li>
<li><a href="https://homepage.np-tokumei.net/post/notes-i2p-reseed-over-cloudflare/">I2P Reseed Over Cloudflare</a></li>
<li><a href="https://homepage.np-tokumei.net/post/notes-censorship-resistant-i2p-reseeding/">Censorship Resistant I2P Reseeding</a></li>
</ul>
<h2 id="thank you">{% trans %}Thank you Reseed Operators{% endtrans %}</h2>
<h2 id="thank you">{% trans %}Thank You Reseed Operators{% endtrans %}</h2>
<p>
{%-trans -%}
If you are running a reseed server, We would like to thank you for helping to
If you are running a reseed server, thank you for helping to
make the I2P network stronger and more resilient than ever.
{%- endtrans-%}
</p>

25
i2p2www/pages/site/faq.html
View File

@ -116,37 +116,30 @@ Try hovering your cursor over the other lines of information for a brief descrip
<h3 id="badcontent"><span class="permalink"><a href="#badcontent">
{% trans %}I am opposed to certain types of content. How do I keep from distributing, storing, or accessing them?{% endtrans %}</a></span>
</h3>
<p>{% trans -%}
I2P is an anonymous network - it is designed to withstand attempts at blocking or censoring of content, thus providing a means for communication that anyone can use.
<p>{% trans -%}
I2P traffic that transits through your router is encrypted with several layers of encryption.
Except in the case of a serious security vulnerability (of which none are currently known),
it is not possible to know what the contents of the traffic are and thus not possible to distinguish between traffic which one is opposed to or not opposed to.
We consider the 3 parts of the question:
it is not possible to know the content, origin or destination of routed traffic.
{%- endtrans %}</p>
<ul>
<li>
{% trans -%}
<b>Distribution</b><br>
All traffic on I2P is encrypted in multiple layers. You don't know a message's contents, source, or destination.
All traffic you route is internal to the I2P network, you are not an <a href="#exit">exit node</a> (referred to as an outproxy in our documentation).
Your only alternative is to refuse to route <i>any</i> traffic, by setting your share bandwidth or maximum participating tunnels to 0 (see above).
It would be nice if you didn't do this, you should help the network by routing traffic for others.
Over 95&#37; of users route traffic for others.
All traffic on the I2P network is encrypted in multiple layers. You don't know a message's contents, source, or destination.
Traffic is internal to the I2P network, you are not an <a href="#exit">exit node</a> (referred to as an outproxy in our documentation).
{%- endtrans %}
</li>
<li>
{% trans -%}
<b>Storage</b><br>
I2P does not do distributed storage of content, this has to be specifically installed and configured by the user (with Tahoe-LAFS, for example).
The I2P network does not do distributed storage of content, this has to be specifically installed and configured by the user (with Tahoe-LAFS, for example).
That is a feature of a different anonymous network, <a href="http://freenetproject.org/">Freenet</a>.
By running I2P, you are not storing content for anyone.
By running an I2P router, you are not storing content for anyone.
{%- endtrans %}
</li>
<li>
{% trans -%}
<b>Access</b><br>
If there are hidden services which you dislike, you may refrain from visiting them.
Your router will not request any content without your specific instruction to do so.{%- endtrans %}
</li>
</ul>
@ -473,13 +466,13 @@ These are described in detail below.
</tr>
<tr>
<td>
8998
7670 (8998)
</td>
<td>
mtn.i2p-projekt.i2p (Monotone)
gitssh.idk.i2p git over ssh
</td>
<td>
{% trans -%}May be disabled or changed on the i2ptunnel page in the router console.
{% trans -%}This used to be port 8998 for monotone. Elder installations may still have that and not this one. May be disabled or changed on the i2ptunnel page in the router console.
May also be configured to be bound to a specific interface or all interfaces.{%- endtrans %}
</td>
</tr>

2
i2p2www/pages/site/get-involved/develop/licenses.html
View File

@ -309,7 +309,7 @@ Except where otherwise noted, content on this site is licensed under a
<p>{% trans git=site_url('docs/applications/git') -%}
Developers may push changes to a distributed git repository if you
receive permission from the person running that repository.
See the <a href="{{ git }}">Monotone Page</a> for details.
See the <a href="{{ git }}">Git Page</a> for details.
{%- endtrans %}</p>
<p>{% trans -%}

24
i2p2www/pages/site/get-involved/develop/release-signing-key.html
View File

@ -1,29 +1,21 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('Release Signing Key') }}{% endblock %}
{% block content %}
<p>{% trans -%}
Windows installers for releases 0.9.38 and later are signed by zlatinb.
{%- endtrans %}<br>
<a href="{{ url_for('static', filename='zlatinb.key.crt') }}" >{% trans %}Download code signing certificate{% endtrans %}</a>
</p>
<p>{% trans -%}
Mac OSX installers for releases 0.9.38 and later are signed by mikalv.
{%- endtrans %}<br>
<a href="{{ url_for('static', filename='mikalv.key.crt') }}" >{% trans %}Download code signing certificate{% endtrans %}</a>
</p>
Releases 0.9.57 forward are signed by idk. His current public key is:
{%- endtrans %}</p>
<p>
<a href="{{ url_for('static', filename='idk.key.asc') }}" >{% trans %}Download PGP public key{% endtrans %}</a>
</p><p>
<p>{% trans -%}
Releases 0.7.6 and later are signed by zzz. His current public key is:
Releases 0.7.6 and 0.9.56 are signed by zzz. His current public key is:
{%- endtrans %}</p>
<p>
<a href="{{ url_for('static', filename='zzz.key.asc') }}" >{% trans %}Download PGP public key{% endtrans %}</a>
</p><p>
zzz's GPG subkeys were renewed in March 2019.
Use the link above to download the current public keys,
or download the key 415576BAA76E0BED from a key server.
Following is the original May 2014 announcement of the new keys.
</p><p>
</p>
<p>
<pre>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

25
i2p2www/pages/site/get-involved/guides/dev-guidelines.html
View File

@ -20,7 +20,7 @@ check with the appropriate developer for guidance.
<ul>
<li>{% trans -%}
Please don't just "write code". If you can, participate in other development activities, including:
development discussions and support on IRC, zzz.i2p, and i2pforum.i2p; testing;
development discussions and support on IRC, i2pforum.i2p; testing;
bug reporting and responses; documentation; code reviews; etc.
{%- endtrans %}</li>
<li>{% trans -%}
@ -34,9 +34,9 @@ the checkin deadline for a release.
<h3>{{ _('Release Cycle') }}</h3>
<p>
Our normal release cycle is 6-12 weeks.
The normal release cycle is 6-12 weeks.
Following are the approximate deadlines within a typical 8-week cycle.
Actual deadlines for each release are set by the lead developer after consultation with the full team.
Actual deadlines for each release are set by the release manager after consultation with the full team.
</p>
<ul>
@ -151,7 +151,7 @@ Be familiar with common Java pitfalls that are caught by findbugs.
Run 'ant findbugs' to learn more.
{%- endtrans %}</li>
<li>
We require Java 8 to build and run I2P as of release 0.9.47.
Java 8 is required to build and run I2P as of release 0.9.47.
Do not use Java 7 or 8 classes or methods in embedded subsystems: addressbook, core, i2ptunnel.jar (non-UI), mstreaming, router, routerconsole (news only), streaming.
These subsystems are used by
Android and embedded applications that require only Java 6. All classes must be available in Android API 14.
@ -258,7 +258,7 @@ Only check in code that you wrote yourself.
Before checking in any code or library jars from other sources,
justify why it is necessary,
verify the license is compatible,
and obtain approval from the lead developer.
and obtain approval from the release manager.
{%- endtrans %}</li>
<li>{% trans -%}
If you do obtain approval to add external code or jars,
@ -278,19 +278,18 @@ Include the license and source information in the checkin comment.
<h3>{{ _('Bugs') }}</h3>
<ul>
<li>{% trans trac=i2pconv('trac.i2p2.i2p') -%}
Managing Trac tickets is everybody's job, please help.
Monitor {{ trac }} for tickets you have been assigned or can help with.
Assign, categorize, comment on, fix, or close tickets if you can.
Managing issues are everybody's job, please help.
Monitor {{ Gitlab }} for issues you can help with.
Comment on, fix, and close issues if you can.
{%- endtrans %}</li>
<li>{% trans -%}
New developers should start by fixing a bug.
Search for bugs with the 'easy' keyword on trac.
When you have a fix, attach your patch to the ticket and add the keyword 'review-needed'.
Do not close the ticket until it's been successfully reviewed and you've checked your changes in.
New developers should start by fixing issues.
When you have a fix, attach your patch to the issue and add the keyword 'review-needed'.
Do not close the issue until it's been successfully reviewed and you've checked your changes in.
Once you've done this smoothly for a couple of tickets, you may follow the normal procedure below.
{%- endtrans %}</li>
<li>{% trans -%}
Close a ticket when you think you've fixed it.
Close an issue when you think you've fixed it.
We don't have a test department to verify and close tickets.
If you arent sure you fixed it, close it and add a note saying
"I think I fixed it, please test and reopen if it's still broken".

21
i2p2www/pages/site/get-involved/guides/new-developers.html
View File

@ -3,7 +3,7 @@
{% block lastupdated %}2021-01{% endblock %}
{% block content_nav %}
<ol>
<li><a href="#basic-study">{% trans %}Basic study{% endtrans %}</a></li>
<li><a href="#basic-study">{% trans %}Get to Know Java{% endtrans %}</a></li>
<li><a href="#getting-the-i2p-code">{% trans %}Getting the I2P code{% endtrans %}</a>
<ul>
<li><a href="#git">{% trans %}The new way: Git{% endtrans %}</a></li>
@ -28,10 +28,10 @@ Not quite ready for coding?
Try <a href="{{ volunteer }}">getting involved</a> first.
{%- endtrans %}</p>
<h2 id="basic-study">{% trans %}Basic study{% endtrans %}</h2>
<h2 id="get-to-know-java">{% trans %}Get to Know Java{% endtrans %}</h2>
<p>{% trans -%}
Basic development on the I2P router or the embedded applications uses Java as the main development language.
The I2P router and its embedded applications use Java as the main development language.
If you don't have experience with Java, you can always have a look at <a href="http://www.mindview.net/Books/TIJ/">Thinking in Java</a>.
{%- endtrans %}</p>
<p>{% trans intro=site_url('docs/how/intro'), docs=site_url('docs'), techintro=site_url('docs/how/tech-intro') -%}
@ -46,13 +46,13 @@ These will give you a good overview of how I2P is structured and what different
<p>{% trans -%}
For development on the I2P router or the embedded applications,
there are two ways to get the source code:
you need to get the source code:
{%- endtrans %}</p>
<h3 id="git">{% trans %}The new way: Git{% endtrans %}</h3>
<h3 id="git">{% trans %}Our current way: Git{% endtrans %}</h3>
<p>{% trans trac="https://i2pgit.org" -%}I2P now has official Git services and accepts contributions via Git at our own gitlab.
Trac issues have also been migrated to <a href="{{ trac }}">gitlab</a>, however Trac still available for now. Two-way syncing of
<p>{% trans trac="https://i2pgit.org" -%}I2P has official Git services and accepts contributions via Git at <a href="{{ trac }}">our own gitlab</a>.
Trac issues have also been migrated to Git issues. Two-way syncing of
issues between Gitlab and Github is a work-in-progress.{%- endtrans %}</p>
<li>{% trans git_url='https://git-scm.com/' -%}
@ -100,10 +100,9 @@ see the <a href="{{ apps }}">application development guide</a>.
{%- endtrans %}</p>
<h2 id="development-ideas">{% trans %}Development ideas{% endtrans %}</h2>
<p>{% trans zzz=i2pconv('zzz.i2p'), todo=site_url('get-involved/todo'), trac='https://i2pgit.org/i2p-hackers/i2p.i2p/issues' -%}
See <a href="http://{{ zzz }}/forums/3">zzz's TODO lists</a>,
<a href="{{ todo }}">this website's TODO list</a> or
<a href="{{ trac }}">Trac</a>
<p>{% trans todo=site_url('get-involved/todo'), trac='https://i2pgit.org/i2p-hackers/i2p.i2p/issues' -%}
See <a href="{{ todo }}">the project TODO list</a> or
<a href="{{ trac }}">the issue list on GitLab</a>
for ideas.
{%- endtrans %}</p>

36
i2p2www/pages/site/get-involved/guides/new-translators.html
View File

@ -1,7 +1,11 @@
{% extends "global/layout.html" %}
{% block title %}{% trans %}New Translator's Guide{% endtrans %}{% endblock %}
{% block content %}
{% trans %}Here's a very quick guide to getting started.{% endtrans %}
{% trans %}Here's a very quick guide to getting started.
Note that for both (website/console) there is an <b>easy way</b> using a
translation web-site (and requiring nothing else than to use that) and
the <b>other way</b> which requires you to set up a build-environment
(installing software etc.).{% endtrans %}
<h2>{% trans %}How to Translate the Website{% endtrans %}</h2>
@ -24,8 +28,8 @@ please update the translation status on <a href="{{ url }}">this wiki page</a>.
{%- endtrans %}</li>
<li>{% trans newdevs=site_url('get-involved/guides/new-developers') -%}
Follow the <a href="{{ newdevs }}">new developer's guide</a>,
Including the installation of monotone,
checking out i2p.www branch, and generate your own monotone keys.
including the installation of git and the gettext tools. You will need
the i2p.www repository.
It is not required that you sign a dev agreement.
{%- endtrans %}</li>
</ol>
@ -56,10 +60,9 @@ To work with .po files efficiently, you may wish to use <a href="http://www.poed
{%- endtrans %}</li>
<li>{% trans -%}
<b>Check in:</b>
"<code>mtn pull</code>", "<code>mtn update</code>". Then check in by "<code>mtn ci -k yourname@mail.i2p file1 file2 ...</code>"
This collects the diff info of your changed file into your local repo. Then "<code>mtn sync mtn.i2p2.de -k yourname-transport@mail.i2p i2p.i2p</code>".
This synchronizes your local repo with the repo on the target machine.
<b>Git Workflow:</b>
You can then add all new and changed files to your next commit using <code>git add .</code> (or specify which files instead of the dot).
Please note the suggested workflow for git on our git-page.
{%- endtrans %}</li>
<li>{% trans -%}
@ -89,8 +92,8 @@ please update the translation status on <a href="{{ url }}">this wiki page</a>.
{%- endtrans %}</li>
<li>{% trans newdevs=site_url('get-involved/guides/new-developers') -%}
Follow the <a href="{{ newdevs }}">new developer's guide</a>,
including the installation of monotone and the gettext tools,
checking out i2p.i2p branch, and generate your own monotone keys.
including the installation of git and the gettext tools. You will need
the i2p.i2p repository.
{%- endtrans %}</li>
<li>{% trans -%}
Generate your own gpg key and sign the dev agreement.
@ -149,10 +152,9 @@ To work with .po files efficiently, you may wish to use <a href="http://www.poed
{%- endtrans %}</li>
<li>{% trans -%}
<b>Check in:</b>
"<code>mtn pull</code>", "<code>mtn update</code>". Then check in by "<code>mtn ci -k yourname@mail.i2p file1 file2 ...</code>"
This collects the diff info of your changed file into your local repo. Then "<code>mtn sync mtn.i2p2.de -k yourname-transport@mail.i2p i2p.i2p</code>".
This synchronizes your local repo with the repo on the target machine.
<b>Git Workflow:</b>
You can then add all new and changed files to your next commit using <code>git add .</code> (or specify which files instead of the dot).
Please note the suggested workflow for git on our git-page.
{%- endtrans %}</li>
<li>{% trans -%}
@ -169,14 +171,14 @@ If you have questions about the meaning of the terms in the console, ask in <cod
<h2>{% trans %}FAQ{% endtrans %}</h2>
<p><b>{% trans -%}
Q: Why do I have to install monotone, Java, jsp, learn about .po files and html, etc.? Why can't I just do a translation and email it to you?
Q: Why do I have to install git, Java, jsp, learn about .po files and html, etc.? Why can't I just do a translation and email it to you?
{%- endtrans %}</b></p>
<p><b>{% trans %}A: Several reasons:{% endtrans %}</b></p>
<p><b>{% trans %}A: You do not / Several reasons:{% endtrans %}</b></p>
<ul>
<li>{% trans transifex='https://www.transifex.com/projects/p/I2P/' -%}
You might be interested in translating via Transifex. Request to join a translation team <a href="{{ transifex }}">here</a>.
First of all: you don't have to, you can translate via Transifex (aka "using a web-site to translate"). Request to join a translation team <a href="{{ transifex }}">here</a>. Aside from that ...
{%- endtrans %}</li>
<li>{% trans -%}
@ -200,7 +202,7 @@ HTML files are not difficult. Just ignore the html stuff and translate the text.
{%- endtrans %}</li>
<li>{% trans -%}
Installing and using monotone is not that difficult. Several of the translators and other contributors to I2P are non-programmers, and they use monotone regularly. Monotone is simply a source control system, it is not about "coding".
Installing and using git is not that difficult. Several of the translators and other contributors to I2P are non-programmers, and they use git regularly. Git is simply a source control system, it is not about "coding".
{%- endtrans %}</li>
<li>{% trans -%}

171
i2p2www/pages/site/get-involved/guides/reseed-debian.html Normal file
View File

@ -0,0 +1,171 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using a Debian Package') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
There are no other known Debian-style packages for installing and configuring a reseed server.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Reseed on Debian using {% endtrans %} <code>checkinstall</code>, <code>apt-get</code></h2>
<p>{% trans %}
It is possible to easily and automatically configure a reseed server
with a self-signed certificate on any Debian-based operating system,
including Ubuntu and it&rsquo;s downstreams. This is achieved using the
{% endtrans %}<code>
checkinstall
</code>{% trans %}
tool to set up the software dependencies and the operating system to
run the
{% endtrans %}<code>
I2P
</code>
{% trans %}service and the{% endtrans %}
<code>
reseed
</code>
{% trans %}service.{% endtrans %}
</p>
<h2>
{% trans %}Using a binary package{% endtrans %}
</h2>
<p>{% trans %}
If you do not wish to build from source, you can use a binary package
from me(idk). This package is built from this repo with the
{% endtrans %}<code>
make checkinstall
</code>
{% trans %}target and uploaded by me. I build it on an up-to-date Debian sid system at tag time.
It contains a static binary and files for configuring it as a system service.
{% endtrans %}
</p>
<pre><code class="language-sh">
wget https://github.com/eyedeekay/reseed-tools/releases/download/v0.2.30/reseed-tools_0.2.30-1_amd64.deb
# Obtain the checksum from the release web page and store it in the SHA256SUMS file
echo &quot;38941246e980dfc0456e066f514fc96a4ba25d25a7ef993abd75130770fa4d4d reseed-tools_0.2.30-1_amd64.deb&quot; &gt; SHA256SUMS
sha256sums -c SHA256SUMS
sudo apt-get install ./reseed-tools_0.2.30-1_amd64.deb
</code></pre>
<h2>
{% trans %}Building the .deb package from the source(Optional){% endtrans %}
</h2>
<p>{% trans %}
If your software is too old, it&rsquo;s possible that the binary package I build will
not work for you. It&rsquo;s very easy to generate your own from the source code in this
repository.
{% endtrans %}</p>
<p>
<strong>
1.
</strong>
{% trans %}Install the build dependencies{% endtrans %}
</p>
<pre><code class="language-sh">
sudo apt-get install fakeroot checkinstall go git make
</code></pre>
<p>
<strong>
2.
</strong>
{% trans %}Clone the source code{% endtrans %}
</p>
<pre><code class="language-sh">
git clone https://i2pgit.org/idk/reseed-tools ~/go/src/i2pgit.org/idk/reseed-tools
</code></pre>
<p>
<strong>
3.
</strong>
{% trans %}Generate the .deb package using the make checkinstall target {% endtrans %}
</p>
<pre><code class="language-sh">
cd ~/go/src/i2pgit.org/idk/reseed-tools
make checkinstall
</code></pre>
<p>
<strong>
4.
</strong>
{% trans %}Install the .deb package{% endtrans %}
</p>
<pre><code class="language-sh">
sudo apt-get install ./reseed-tools_*.deb
</code></pre>
<h2>
{% trans %}Running the Service{% endtrans %}
</h2>
<p>
<strong>
1.
</strong>{% trans %}
First, ensure that the I2P service is already running. The longer the better,
if you have to re-start the service, or if the service has very few peers, allow it to
run for 24 hours before advancing to step
{% endtrans %}
<strong>
2.
</strong>
</p>
<pre><code class="language-sh">
sudo systemctl start i2p
# or, if you use sysvinit
sudo service i2p start
</code></pre>
<p>
<strong>
2.
</strong>
{% trans %}Once your I2P router is &ldquo;Well-Integrated,&rdquo; start the reseed service.{% endtrans %}
</p>
<pre><code class="language-sh">
sudo systemctl start reseed
# or, if you use sysvinit
sudo service reseed start
</code></pre>
<p>
{% trans %}Your reseed will auto-configure with a self-signed certificate on port{% endtrans %}
<code>
:8443
</code>
. {% trans %}The certificates themselves are available in{% endtrans %}
<code>
/var/lib/i2p/i2p-config/reseed
</code>
. {% trans %}When you are ready, you should copy the{% endtrans %}
<code>
*.crt
</code>
{% trans %}files from that directory and share them with the I2P community on{% endtrans %}
<a href="http://zzz.i2p">
<code>
zzz.i2p
</code>
</a>
. {% trans %}These will allow I2P users to authenticate your reseed services and secure the I2P network.{% endtrans %}
</p>
<p>
{% trans %}Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
Provide us with details about your new reseed server:{% endtrans %}
<ul>
<li>{% trans %}Reseed website URL{% endtrans %}</li>
<li>{% trans %}Public SSL certificate{% endtrans %}</li>
<li>{% trans %}Public reseed su3 certificate{% endtrans %}</li>
<li>{% trans %}Your contact email{% endtrans %}</li>
<li>{% trans %}A statement that you agree to the privacy policy above{% endtrans %}</li>
</ul>
<p>
{% endblock %}

122
i2p2www/pages/site/get-involved/guides/reseed-docker.html Normal file
View File

@ -0,0 +1,122 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using a Docker Image') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
They should be very similar to the guidelines for DivaExchange's <a href="https://codeberg.org/diva.exchange/i2p-reseed">i2p-reseed</a> server.
These guidelines make use of Docker to manage the reseed server in lieu of the initsystem.
If you are not interested in using Docker they will be of no use to you.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Installation from a Docker Image{% endtrans %}</h2>
<p>{% trans %}
To make it easier to deploy reseeds, it is possible to run the reseed-tools as a
Docker image. Because the software requires access to a network database to host
a reseed, you will need to mount the netDb as a volume inside your docker
container to provide access to it, and you will need to run it as the same user
and group inside the container as I2P.
{% endtrans %}</p>
<p>{% trans %}
When you run a reseed under Docker in this fashion, it will automatically
generate a self-signed certificate for your reseed server in a Docker volume
named reseed-keys.{% endtrans %}
<em>
{% trans %}Back up this directory{% endtrans %}
</em>
, {% trans %}if it is lost it is impossible to reproduce.{% endtrans %}
</p>
<p>{% trans %}
Additional flags can be passed to the application in the Docker container by
appending them to the command. Please note that Docker is not currently
compatible with .onion reseeds unless you pass the &ndash;network=host tag.
{% endtrans %}</p>
<h2>
{% trans %}If I2P is running as your user, do this:{% endtrans %}
</h2>
<pre><code> docker run -itd \
--name reseed \
--publish 443:8443 \
--restart always \
--volume $HOME/.i2p/netDb:$HOME/.i2p/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
</code></pre>
<h2>
{% trans %}If I2P is running as another user, do this:{% endtrans %}
</h2>
<pre><code> docker run -itd \
--name reseed \
--user $(I2P_UID) \
--group-add $(I2P_GID) \
--publish 443:8443 \
--restart always \
--volume /PATH/TO/USER/I2P/HERE/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
</code></pre>
<h2>
<strong>
{% trans %}Debian/Ubuntu and Docker{% endtrans %}
</strong>
</h2>
<p>
{% trans %}In many cases I2P will be running as the Debian system user{% endtrans %}
<code>
i2psvc
</code>
. {% trans %}This is the case for all installs where Debian&rsquo;s Advanced Packaging Tool(apt) was used to peform the task.
If you used "apt-get install" this command will work for you. In that case, just copy-and-paste:{% endtrans %}
</p>
<pre><code> docker run -itd \
--name reseed \
--user $(id -u i2psvc) \
--group-add $(id -g i2psvc) \
--publish 443:8443 \
--restart always \
--volume /var/lib/i2p/i2p-config/netDb:/var/lib/i2p/i2p-config/netDb:z \
--volume reseed-keys:/var/lib/i2p/i2p-config/reseed \
eyedeekay/reseed \
--signer $YOUR_EMAIL_HERE
</code></pre>
<p>{% trans %}The
certificates themselves are available in{% endtrans %}
<code>
reseed-keys
</code>
. {% trans %}When
you are ready, you should copy the{% endtrans %}
<code>
*.crt
</code>
{% trans %}files from that volume and share them with the I2P community on{% endtrans %}
<a href="http://zzz.i2p">
<code>
zzz.i2p
</code>
</a>
. {% trans %}These will allow I2P users
to authenticate your reseed services and secure the I2P network.{% endtrans %}
</p>
<p>
{% trans %}Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
Provide us with details about your new reseed server:{% endtrans %}
<ul>
<li>{% trans %}Reseed website URL{% endtrans %}</li>
<li>{% trans %}Public SSL certificate{% endtrans %}</li>
<li>{% trans %}Public reseed su3 certificate{% endtrans %}</li>
<li>{% trans %}Your contact email{% endtrans %}</li>
<li>{% trans %}A statement that you agree to the privacy policy above{% endtrans %}</li>
</ul>
<p>
{% endblock %}

954
i2p2www/pages/site/get-involved/guides/reseed-old.html Normal file
View File

@ -0,0 +1,954 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server') }}{% endblock %}
{% block lastupdated %}2021-12{% endblock %}
{% block content %}
<h2>{% trans %}Overview{% endtrans %}</h2>
<p>{% trans -%}
Thank you for volunteering to run an I2P reseed server.
"Reseeding" is our term for bootstrapping new routers into the network.
New routers fetch a bundle of peer references, or "router infos", from one or more of a hardcoded list of HTTPS URLs.
{%- endtrans %}</p>
<h2>{% trans %}Requirements{% endtrans %}</h2>
<p>{% trans -%}
At its simplest, a reseed server consists of a Java I2P router, an HTTPS web server,
and some scripts that periodically gather router infos from the router,
bundle and sign them into a custom file format, and deliver these files over HTTPS.
In practice, it's a bit more complex, and a reseed operator must be fairly competent and attentive.
A reseed server is not appropriate for a residential internet connection. The complexities include:
{%- endtrans %}</p>
<ul>
<li>{% trans -%}
You must have a secure SSL setup with either a self-signed certificate or a cert that chains up to a standard CA
{%- endtrans %}</li>
<li>{% trans -%}
The SSL configuration must conform to current best practices on allowed ciphers and protocols, and the CN/SAN host name must match the URL
{%- endtrans %}</li>
<li>{% trans -%}
The scripts are designed to deliver different router info bundles to different requestors for network diversity
{%- endtrans %}</li>
<li>{% trans -%}
The scripts are designed to deliver the same bundle to the same repeated requestor to prevent scraping
{%- endtrans %}</li>
<li>{% trans -%}
The reseed servers are under periodic attacks and DDoS attempts, and from other buggy I2P implementations and botnets.
This necessitates that you run fail2ban or an equivalent solution.
{%- endtrans %}</li>
</ul>
<h2>{% trans %}Information Required{% endtrans %}</h2>
<p>{% trans -%}
When your setup is complete and ready for testing, we will need the HTTPS URL,
the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
and you will start seeing traffic.
We also will need your email address so we may continue to contact you about reseed administration issues.
The email will not be made public but will be known to the other reseed operators.
You should expect that your nick or name and its association with that URL or IP will become public.
{%- endtrans %}</p>
<h2>{% trans %}Privacy Policy{% endtrans %}</h2>
<p>{% trans -%}
A reseed operator is a trusted role in the network.
While we do not yet have a formal privacy policy, you must ensure the privacy of our users
by not publicizing logs or IPs found in those logs, except as necessary to discuss administration issues with the I2P reseed team.
{%- endtrans %}</p>
<h2>{% trans %}Financial Support{% endtrans %}</h2>
<p>{% trans -%}
Modest financial support may be available to those running reseed servers.
This support would be in partial reimbursement for your server costs.
Support will not be paid in advance and will probably not cover all your expenses.
Support is only available to those who have been running reseed servers in good standing for several months, and is based on actual need.
{%- endtrans %}</p>
<p>{% trans -%}
If you would like to discuss support, please contact echelon and CC: zzz
{%- endtrans %}</p>
<h2>{% trans %}Getting Started{% endtrans %}</h2>
<p>{% trans -%}
Our reseed coordinator is "zzz" and he may be contacted at zzz at mail.i2p or zzz at i2pmail.org.
Unfortunately, he is not generally on IRC. The reseed setup is somewhat specialized, and you should direct most questions to him.
{%- endtrans %}</p>
<p>{% trans -%}
For actual implementation, details below. We have one recommended reseed solution:
{%- endtrans %}</p>
<ul>
<li>{% trans -%}
A Go implementation that includes the web server and all the scripts. This is the recommended solution.
{%- endtrans %}</li>
</ul>
<p>{% trans -%}
For further information, read the information at the following links, and then contact zzz.
Thank you!
{%- endtrans %}</p>
<ul><li>
<a href="http://zzz.i2p/topics/1893">zzz.i2p thread</a>
</li><li>
<a href="http://zzz.i2p/topics/1716">zzz.i2p thread</a>
</li><li>
<a href="https://github.com/martin61/i2p-tools">Go reseed server source on github</a>
</li><li>
<a href="/en/docs/spec/updates">SU3 Reseed File Format Specification</a>
</li></ul>
<h2>{% trans %}Detailed Instructions{% endtrans %}</h2>
<h3>How-to Public reseed servers - su3</h3>
<ul>
<li>Some parts of this how-to are copied from <a href="http://zzz.i2p">zzz.i2p</a> and are modified.
<li>Fetching individual RI (dat-files -the legacy/old style-) is not part of this how-to.
<li>Questions can be placed on <a href="http://zzz.i2p/forums/18">zzz.i2p</a> - in the Reseeding sub-forum.
</ul>
<h3>Table of contents</h3>
<ol>
<li>Introduction
<li>Requirements
<li>Go Solution - Quick Guide
<ol>
<li>Start Web Server
<li>Install git and golang
<li>Build and Test
<li>Run Reseed
<li>Backup Certificates and Keys
<li>Enable Autostart
<li>Connect Web Server to Reseed
<li>Test From Another Computer
<li>Send Us Your Certificates
</ol>
<li>Go Solution -Detailed Guide
<ol>
<li>Overview
<li>Building From Source
<li>Run The Reseed Server
<li>Draft For Startup Script
<li>Reverse-Proxy Setup
<li>Convert Existing Java Keystore to crt- and pem-file
</ol>
<li>Seamless SSL-Certificate Exchange
<li>Reseed Server Domain/URL/Port Exchange
<li>Tests
<li>Contact Reseed Maintainer
</ol>
<h2>1. Introduction</h2>
<p>
Public reseed servers are necessary to bootstrap into the I2P net.
New installed I2P routers needs one-time about one hundred RouterInfo's (RI) as jump start.
</p>
<p>
RI contains IP and Port from other I2P routers and are stored in dat-files in the netDB folder.
</p>
<p>
A random bunch of dat-files from the netDB are zipped, then signed to a su3-file
and finally offered to I2P routers seeking reseed service.
</p>
<p>
To secure bootstrap and enable a trusted start, HTTPS/TLS and signed su3-files are mandatory.
</p>
<p>
It is essential not to publish all RI from netDB, or all RI to one client.
</p>
<h2>2. Requirements</h2>
<p>
Requirements for running a public reseed server:
<ul>
<li>Well integrated running I2P router @ 24/7
<li>Server with static IPv4 (2 cpu/ 2GB ram is fine)
<li>Unix to run the golang solution
<li>Own domain, sub-domain or an anonymous third-level domain
<li>A self-signed SSL certificate, or an SSL certificate from <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a>
<li>Enough bandwidth and traffic volume - Around 15 GB/month as of December 2016
<li>Up-to-date web server (Apache/nginx), HTTPS ONLY with TLS 1.2 and good ciphers
</ul>
Optional:
<ul>
<li>fail2ban to protect you from botnets
<li>GnuPG/PGP for signed/encrypted emails
<li>IPv6
</ul>
<p>
This How-to is tested with Ubuntu/Debian as well as FreeBSD.
The web server has to be public reachable from all over the world, an I2P Site inside I2P can be setup in addition.
Also frequent or infrequent attempts to scrape all your reseed files, and of course attacks on your server.
The web server doesn't need to listen at default SSL/TLS port 443 - any other port can be used for obfuscation.
</p>
<h2>3. Go Solution - Quick Guide</h2>
<h3>1. Fire Up Your Favorite Webserver</h3>
<ol><li>
Connect a domain, sub-domain or (anonymous) third-level-domain
</li><li>
Setup a state-of-the-art TLS(SSL) certificate
</li><li>
Allow access only via HTTPS/TLS, no unencrypted HTTP
</li><li>
Allow only very good ciphers, compatible to Java 7/8/9. See <a href="https://cipherli.st/" target="_blank">Cipherli.st</a>
</li></ol>
<p>
Note: A non default port other than 443 can be used; TLS certificate can be self signed; configure fail2ban as bot-net protection
</p>
<h3>2. Install git and golang-go (1.4.2 or higher)</h3>
<pre>
Debian/Ubuntu: sudo apt install git golang-go
Arch: sudo pacman -s git go
</pre>
<h3>3. Switch To User Running I2P, Fetch the i2p-tool Source Code, Build and Test it</h3>
<p>
Note: Visit http://reseed.i2p and download a pre-build x86_64 binary, so you can skip step 2+3.
</p>
<pre>
export GOPATH=$HOME/go; mkdir $GOPATH; cd $GOPATH
go get github.com/martin61/i2p-tools
bin/i2p-tools -h
</pre>
<h3>4. Run i2p-tools locally, </h3>
<p>
Replace 'yourname@mail.i2p' with your email address
Replace '/home/i/.i2p/netDb' with the path to the I2P 'netDb' in the home folder of the user running I2P
</p>
<pre>
GOPATH=$HOME/go;
cd $GOPATH;
bin/i2p-tools reseed --signer=yourname@mail.i2p \
--netdb=/home/i/.i2p/netDb \
--port=8443 \
--ip=127.0.0.1 \
--trustProxy
</pre>
<h3>5. Back Up New Certificates</h3>
<p>
Make a backup from the newly created su3-signing key and certificate found in $GOPATH (.crt/.pem/.crl) and keep it in a safe, password protected location
</p>
<h3>6. Enable Autostart (+restart) for i2p-tools in Your crontab</h3>
<p>
Replace '...' with the appropriate command-line arguments as in step 4
</p>
<pre>
@reboot GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... &gt;/dev/null 2>&amp;1
9 * * * * GOPATH=$HOME/go; cd $GOPATH; bin/i2p-tools reseed ... &gt;/dev/null 2>&amp;1
</pre>
<h3>7. Connect Your Webserver via Reverse-Proxy setup to the i2p-tool, Examples</h3>
<p>
<b>lighttpd is no longer supported due to a limitation with the 'X-Forwarded-For' HTTP Header. Please use Apache or nginx.</b>
</p>
<p>
nginx configuration example:
</p>
<pre>
location / {
proxy_pass http://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
</pre>
<p>
Apache (untested - feedback would be appreciated)
</p>
<pre>
ProxyRequests Off
&lt;Proxy *&gt;
Order deny,allow
Allow from all
&lt;/Proxy&gt;
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</pre>
<p>
Additionally, ensure that your webserver uses these suggested settings for Strong SSL Security (visit <a href="https://cipherli.st/" target="_blank">CipherLi.st</a> for the latest settings). Sample SSL settings are provided in section <b>4.5 Reverse-Proxy Setup</b>.
</p>
<p>
Note: i2p-tool has also an build-in standalone webserver with TLS support which can be used without a webserver. Please contact (zzz at mail.i2p.de) if you need help, or stop by #i2p-dev on IRC2P and talk to other reseed operators.
</p>
<h3>8. Final Test From Another Computer With I2P Running</h3>
<ol><li>
Place your su3-certificate (*.crt) in i2p/certificates/reseed/
</li><li>
Place your TLS-certificate (*.crt) in i2p/certificates/ssl/
</li><li>
Visit with your web browser http://localhost:7657/configreseed
</li><li>
Enter your new reseed-url and delete all others, hit "Save changes and reseed now"
</li><li>
Check the I2P logs for "Reseed got 77 router infos from ... with 0 errors, Reseed complete, 77 received"
</li></ol>
<h3>9. Send Us Your Information</h3>
<ol><li>
Domain/URL/Port
</li><li>
su3-signing certificate
</li><li>
TLS certificate (if self signed)
</li></ol>
<p>
Send an email: zzz at mail.i2p, PGP signed welcome :-)
<h2>4. Go Solution - Detailed Instructions</h2>
<h3>1. Overview</h3>
<p>
The previous steps for reseeding involves many steps, scripts and programs.
Most of them are easy and plain straight forward, but overall you can call it a little confusing.
<p>
Here comes now an all-in-one solution from matt (Big Thanks!) for providing
a reseed server which merges the following functions into one binary:
<ul>
<li>Create su3-files
<li>Create su3 signer certificate+key
<li>Create SSL-certificate+key
<li>Replaces the http-server and the PHP code (or run next to them in parallel)
</ul>
<p>
Almost all previous used scripts and described steps are not needed with this solution,
but to understand the overall reseed process it is recommended to read them too :-)
<ul>
<li>If you already have an SSL-certificate and su3-signer-key you can reuse them, see one of the following chapter.
<li>For testing and new reseeders the required certs and keys are created automatically at first start.
<li>Also take a look at the content and the naming scheme of these pem and crt files.
</ul>
<p>
Of course you need an up-to-date netDB folder with routerinfos from a running I2P router.
I2P does not have to be running on the same machine as this reseed binary.
In this case you can setup a cronjob to transfer the netDB from the I2P machine to the reseed machine.
<p>
Matt's go solution can be used in parallel next to an already running http-server.
For this leave the http-server running at normal port 80 and 443,
and configure Go solution too use another port, e.g. port 8443.
<p>
More: at github, README.md, https://github.com/martin61/i2p-tools
<h3>2. Building From Source</h3>
<p>
Requirements:
<ul>
<li>go1.4.2 (older versions may not work)
</ul>
<p>
Install go from https://golang.org/doc/install, example for 64 bit Ubuntu/Debian:
<ul>
<li>wget https://storage.googleapis.com/golang/go1.4.2.linux-amd64.tar.gz
<li>sudo tar -C /usr/local -xzf go1.4.2.linux-amd64.tar.gz
<li>mkdir $HOME/go
<li>edit /etc/profile and add:
<pre>
export GOPATH=$HOME/go
export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
</pre>
</ul>
<p>
Verify go:
<pre>
$ go version
</pre>
which should state something like: "go version go1.4.2"
<p>
Install Go solution from https://github.com/martin61/i2p-tools into $HOME/go:
<pre>
$ go get github.com/martin61/i2p-tools
</pre>
<p>
This will install a binary to $GOPATH/bin/i2p-tools
<p>
Run the go solution, the usage/help should be displayed, nothing more:
<pre>
$ i2p-tools
</pre>
<h3>3. Run the Reseed Server</h3>
<pre>
$ i2p-tools reseed --tlsHost=myserver.com --signer=myemail@mail.i2p --netdb=$HOME/.i2p/netDb
</pre>
<ul>
<li>Replace myserver.com with your real domain
<li>Replace myemail@mail.i2p with a valid existing email, which you want to use for reseeding purpose
<li>New TLS certificate+key will be created (if they do not exist)
<li>New signing certificate+key will be created (if they do not exist)
<li>netdb=... should point to the netdb folder of your running I2P with the routerinfos
<li>To use another port append "--port=443" to the command, default is port 8443
</ul>
<p>
Output:
<pre>
2015/03/15 12:28:25 Rebuilding su3 cache...
2015/03/15 12:28:25 Building 200 su3 files each containing 75 out of 3180 routerInfos.
2015/03/15 12:28:35 Done rebuilding.
2015/03/15 12:28:35 HTTPS server started on 0.0.0.0:8443
</pre>
<p>
So you can now test to reach the server at port 8443, see a previous chapter about proper testing.
<p>
Some remarks:
<ul>
<li>Don't run the server daemon as root
<li>Every port between 1024 and 49151 is fine for I2P.
<li>If you want to use the privileged (https-default) port 443, create a port redirect, e.g.
<pre>'iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-port 8443'</pre>
<li>Redirect the output from the go solution to a logfile, format is default apache-style combined logs
<li>Add a logrotate for the logfiles, since they grow big :-(
<li>Logfiles can be used by fail2ban
<li>Both of the certificates (*.crt) will need to be sent to the reseed maintainer
in order for your reseed server to be included in the standard I2P package.
<li>Add a proper startup script, to run the reseed server, see next chapter
</ul>
<h3>4. Draft for Startup Script "seedserver"</h3>
<p>
The reseed server should be started automatically, so you need a init.d or some sort of
startscript, here named as "seedserver".
This is only a very first draft for a simple startscript (it could be done better :-))
<p>
Login as I2P user:
<ul>
<li>Place the shell-script "seedserver" in the /home/i2p/bin folder (next to i2p-tools)
<li>Make it executable: chmod u+x /home/i2p/bin/seedserver
</ul>
Update the header "# Your settings" with your individual settings.
<p>
Now you can use the shell-script:
<pre>
seedserver start
</pre>
<p>
And then (give it some seconds) take a look at the status:
<pre>
seedserver status
seedserver showlog
</pre>
<p>
Some short explanation about seedserver:
<ul>
<li>runs i2p-tools in the background
<li>creates logfiles
<li>take care of all settings
</ul>
<p>
If this is working fine, you can put the script in your personal crontab, to run it by auto-start
and to do logrotes simply by restarting it regularly once a week to avoid too big logfiles.
If you already reboot your server regularly, you can skip of course the "restart" command line.
<p>
Login as I2P user, edit your crontab:
<pre>
crontab -e
</pre>
<p>
and add these 3 lines at the end:
<pre>
@reboot /home/i2p/bin/seedserver startdelayed
04 14 * * 2 /home/i2p/bin/seedserver restart
#end
</pre>
<p>
Save and close the editor. It would be good to check if this is properly working when you reboot your machine.
<p>
"seedserver" shell script:
<pre>
######################################################################################################
#!/bin/sh
# Your settings
toolpath=/home/i2p/bin
tlsHost=myserver.com
signer=myemail@mail.i2p
netdb="/home/i2p/.i2p/netDb"
tool=i2p-tools
logpath="$toolpath/${tool}.log"
logfile="$logpath/reseed.log"
errfile="$logpath/reseed.error"
cd "$toolpath"
mkdir --parents "$logpath"
do_status() {
/bin/sleep 1
if [ -n "$(pgrep -x "$tool")" ]; then
echo "$tool running, pid $(pgrep "$tool")"
else
echo "$tool not running."
fi;
}
do_start() {
if [ -z "$(pgrep -x "$tool")" ]; then
do_logrotate
nohup "$toolpath/$tool" reseed -tlsHost="$tlsHost" --signer="$signer" --netdb="$netdb" &gt; "$logfile" 2&gt; "$errfile" &
fi;
do_status
}
do_stop() {
if [ -n "$(pgrep -x "$tool")" ]; then
pkill "$tool"
fi;
do_status
}
do_startdelayed() {
echo "waiting 20s..."
/bin/sleep 20
do_start
}
do_restart() {
do_status
do_stop
do_start
}
do_logrotate() {
do_status
if [ -z "$(pgrep -x "$tool")" ]; then
mv --force "${logfile}.6" "${logfile}.7" 2&gt;/dev/null
mv --force "${logfile}.5" "${logfile}.6" 2&gt;/dev/null
mv --force "${logfile}.4" "${logfile}.5" 2&gt;/dev/null
mv --force "${logfile}.3" "${logfile}.4" 2&gt;/dev/null
mv --force "${logfile}.2" "${logfile}.3" 2&gt;/dev/null
mv --force "${logfile}.1" "${logfile}.2" 2&gt;/dev/null
mv --force "${logfile}" "${logfile}.1" 2&gt;/dev/null
mv --force "${errfile}.6" "${errfile}.7" 2&gt;/dev/null
mv --force "${errfile}.5" "${errfile}.6" 2&gt;/dev/null
mv --force "${errfile}.4" "${errfile}.5" 2&gt;/dev/null
mv --force "${errfile}.3" "${errfile}.4" 2&gt;/dev/null
mv --force "${errfile}.2" "${errfile}.3" 2&gt;/dev/null
mv --force "${errfile}.1" "${errfile}.2" 2&gt;/dev/null
mv --force "${errfile}" "${errfile}.1" 2&gt;/dev/null
echo "log-rotate done."
else
echo "log-rotate not possible."
fi;
}
do_showlog() {
echo "-------------------------------------------------------------------------------"
tail "$errfile"
echo "-------------------------------------------------------------------------------"
tail "$logfile"
echo "-------------------------------------------------------------------------------"
}
do_usage() {
echo "Usage: {start|stop|status|restart|logrotate|startdelayed|showlog}"
}
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
status)
do_status
;;
restart)
do_restart
;;
startdelayed)
do_startdelayed
;;
logrotate)
do_logrotate
;;
showlog)
do_showlog
;;
*)
do_usage
;;
esac
exit 0
######################################################################################################
</pre>
<h3>5. Reverse-Proxy Setup</h3>
<p>
You can run i2p-tools also behind your normal web-server (reverse-proxy).
<p>
The web-server handles the TLS handshake, encryption, SSL Certificate and the logfiles.
But you don't need the scripts su3.php and the shell cronjob for creating su3-files.
i2p-tools is running "behind" the web-server, without TLS management, only bind to
local interface 127.0.0.1 and is handling complete building and handling of su3-files.
<p>
Run i2p-tools with this command:
<pre>
i2p-tools reseed --signer test@test.de \
--key /path_to/test_at_test.de.pem \
--netdb /path_to/netDb \
--port=8443 \
--ip 127.0.0.1 \
--trustProxy
</pre>
Important notes for this special setup:
<ul>
<li>do *not* specify --tlsHost, --tlsCert or --tlsKey on the command-line
<li>"ip 127.0.0.1" binds the program only to local interface
<li>"trustProxy" uses the "X-Forwarded-For" to get the real client IP
</ul>
"trustProxy" uses the "X-Forwarded-For" to get the real client IP
<p>
nginx configuration example:
</p>
<pre>
location / {
proxy_pass http://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
</pre>
<p>
Apache (untested - feedback would be appreciated)
</p>
<pre>
ProxyRequests Off
&lt;Proxy *&gt;
Order deny,allow
Allow from all
&lt;/Proxy&gt;
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</pre>
<p>
<p>
and for X-Forwarded-For:
<pre>
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
</pre>
<p>
Additionally, ensure that your webserver uses these suggested settings for Strong SSL Security (visit <a href="https://cipherli.st/" target="_blank">CipherLi.st</a> for the latest settings). A sample configuration is provided below.
</p>
<p>
Apache
</p>
<pre>
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
</pre>
<p>
nginx (remember to replace '$DNS-IP-1' & '$DNS-IP-2' with 2 trusted DNS servers)
</p>
<pre>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
</pre>
<p>
Complete nginx configuration (sample)
<p>
<pre>
user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen $IP_ADDRESS:443 ssl;
server_name $DOMAIN;
ssl_certificate keys/fullchain.pem;
ssl_certificate_key keys/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS_IP_1 $DNS_IP_2 valid=300s;
resolver_timeout 5s;
ssl_prefer_server_ciphers on;
ssl_dhparam keys/dh.pem;
server_tokens off;
charset utf8;
location /i2pseeds.su3 {
proxy_pass http://127.0.0.1:8443;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
}
</pre>
<h3>6. Convert Existing Java Keystore to crt- and pem-file</h3>
<p>
This describes how to convert your existing Java keystore with your su3 signing key to a plain crt- and pem-file.
This is only needed, when you already have a Java keystore and want to use Go solution.
If you create new keys+certs with matt's solution you can skip this chapter!
<p>
Requirements:
<ul>
<li>Java keytool
<li>openssl
<li>and of course your secret password for the keystore
</ul>
<p>
Keep in mind: the Java keystore has two passwords:
<ul>
<li>The secret key password you have entered while creating your keystore the first time (SU3File keygen ...)
<li>And a "storage" password, which is most probably default "changeit".
</ul>
<p>
This works in a Ubuntu/Debian shell:
<pre>
######################################################################################################
file="keystore.ks"
pass_jks=changeit
# List the keystore content, show the included (email) alias
keytool -list -storepass $pass_jks -keystore $file
# Convert jks --&gt; pkcs12, specify the correct email alias (xxxxx@mail.i2p):
keytool -importkeystore \
-srcalias xxxxx@mail.i2p \
-srckeystore $file \
-srcstoretype jks \
-srcstorepass $pass_jks \
-destkeystore ${file}.p12 \
-deststoretype pkcs12 \
-deststorepass $pass_jks \
-destkeypass $pass_jks
# Show the pkcs12 content:
openssl pkcs12 -passin pass:$pass_jks -in ${file}.p12 -nodes -info
# Convert pkcs12 --&gt; pem
openssl pkcs12 -passin pass:$pass_jks -in ${file}.p12 -nodes -out ${file}.pem
# Decrypt the pem
openssl rsa -in ${file}.pem -out xxxxx_at_mail.i2p.pem
# Extract the certificate
openssl x509 -in ${file}.pem -out xxxxx_at_mail.i2p.crt
######################################################################################################
</pre>
<h3>5. Seamless SSL-Certificate Exchange</h3>
<p>
The update/exchange of an already existing self-signed certificates has to be correct timed
on server *and* client side. Considering thousands of clients (many with older I2P version) the exchange
will not be seamless possible and will have very bad impact on many clients: reseed won't work for them.
<p>
To avoid this issue and make the exchange as smooth as possible follow these simple steps:
<ol>
<li>Generate a new SSL-certificate NOW, but do NOT implement it on server
<li>Send the new SSL-certificate to us to perform a roll-out towards clients NOW
<li>WAIT some month, e.g. 3-4 i2p-releases
<li>New SSL-certificate is now hopefully present on many clients (in parallel to the current/old one)
<li>THEN exchange the SSL-certificate on server
</ol>
<p>
This idea based on the fact, that you can provide in i2p/certificates/ssl more than one crt-file for a server, e.g.
server.com.crt and server.com2.crt
<h3>6. Reseed Server Domain/URL/Port Exchange</h3>
<p>
You are already operating a reseed server but want to change your Domain/URL/Port?
To make the exchange as smooth as possible for many clients please follow these steps if possible:
<ol>
<li>Setup an additional reseed instance at the new Domain/URL/Port
<li>We include the new URL into I2P source NOW and delete the old URL NOW
<li>Both of your reseed instances have to run some time in parallel
<li>WAIT some month, e.g. 3-4 i2p-releases
<li>New URL is now hopefully present on many clients
<li>THEN shutdown the old reseed instance
</ol>
<h3>7. Tests</h3>
<p>
Some simple pre-test: test the website and fetch
<pre>
wget --user-agent="Wget/1.11.4" \
-O /tmp/test.su3 \
--no-check-certificate https://your-server.com:PORT/i2pseeds.su3
</pre>
Replace "PORT" with default 443 or your chosen server setting.
Inspect the fetched file.:
Some simple pre-test: test the website and fetch
<pre>
zipinfo -z /tmp/test.su3
</pre>
<p>
Replace "--no-check-certificate" with "--ca-certificate=~/i2p/certificates/ssl/your-server.com.crt"
which contains the path to your local public SSL-certificate to check also your ssl-certificate chain.
<p>
Confirm the following:
<ul>
<li>SSL-certificate chain valid?
<li>The su3-files can be downloaded?
<li>Contains &gt; 50 dat-files?
<li>And is always the same for one client-IP?
<li>Other client-IP's gets another file?
<li>Clients has no direct access to complete folder e.g. https://your-server.com/su3/ ?
</ul>
<p>
Do a real reseed test on *another* I2P router machine:
<ul>
<li>Include manually new SSL-certificate into i2p installation: ~/i2p/certificates/ssl/
<li>Include manually new public reseed key into i2p installation: ~/i2p/certificates/reseed/
<li>http://localhost:7657/configreseed --&gt; remove all reseed hosts
<li>Add the new reseed host e.g. "https://your-server.com/" *without* trailing "i2pseeds.su3"
<li>Save and Shutdown router.
<li>Clear netdb: empty folder ./i2p/netDb.
<li>Restart I2P and watch the I2P router log:
<pre>
2014/10/13 23:01:02 | Reseed start
2014/10/13 23:01:02 | Reseeding from https://your-server/i2pseeds.su3
2014/10/13 23:01:05 | INFO: xx files extracted to /tmp/i2p-V2qudTbd.tmp/reseeds-1010682701
2014/10/13 23:01:05 | Reseed got xx router infos from https://your-server.com/i2pseeds.su3 with 0 errors
2014/10/13 23:01:06 | Reseed complete, xx received
</pre>
</ul>
<h3>8. Contact Reseed Maintainer</h3>
<p>
Contact us via email zzz at mail.i2p (alternatively, post in the reseed section on the zzz.i2p forum)
Provide us with details about your new reseed server:
<ul>
<li>Reseed website URL
<li>Public SSL certificate
(Only required if selfsigned, which is not recommended. Please use Lets Encrypt or other CA)
<li>Public reseed su3 certificate
<li>Your contact email
<li>A statement that you agree to the privacy policy above
</ul>
<p>
Feel free to contact zzz at mail.i2p in case of questions or problems or post your question at zzz's forum in the reseed section.
{% endblock %}

20
i2p2www/pages/site/get-involved/guides/reseed-plugin.html Normal file
View File

@ -0,0 +1,20 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using an I2P Console Plugin') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
There are no other known I2P Console Plugin packages for installing and configuring a reseed server.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Installation from an I2P console plugin{% endtrans %}</h2>
<!--TODO: port over plugin install docs-->
{% endblock %}

72
i2p2www/pages/site/get-involved/guides/reseed-policy.html Normal file
View File

@ -0,0 +1,72 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('I2P Reseed Server Policy Requirements and Guidelines') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}Reseed Policy Information{% endtrans %}</h2>
<h3>Requirements</h3>
<p>
Requirements for running a public reseed server:
</p>
<ul>
<li>Well integrated running I2P router @ 24/7</li>
<li>Server with static IPv4 (2 cpu/ 2GB ram is fine)</li>
<li>Unix to run the golang solution</li>
<li>Own domain, sub-domain or an anonymous third-level domain</li>
<li>A self-signed SSL certificate, or an SSL certificate from <a href="https://letsencrypt.org" target="_blank">Let's Encrypt</a></li>
<li>Enough bandwidth and traffic volume - Around 15 GB/month as of December 2016</li>
<li>Up-to-date web server (Apache/nginx), HTTPS ONLY with TLS 1.2 and good ciphers</li>
</ul>
Optional:
<ul>
<li>fail2ban to protect you from botnets</li>
<li>GnuPG/PGP for signed/encrypted emails</li>
<li>IPv6</li>
</ul>
<p>{% trans -%}
When your setup is complete and ready for testing, we will need the HTTPS URL,
the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
and you will start seeing traffic.
We also will need your email address so we may continue to contact you about reseed administration issues.
The email will not be made public but will be known to the other reseed operators.
You should expect that your nick or name and its association with that URL or IP will become public.
{%- endtrans %}</p>
<h3>{% trans %}Information Required{% endtrans %}</h3>
<p>{% trans -%}
When your setup is complete and ready for testing, we will need the HTTPS URL,
the SSL public key certificate (only if selfsigned), and the su3 public key certificate.
After testing is complete, these will be added to the hardcoded entries in the Java and C++ routers in the next release,
and you will start seeing traffic.
We also will need your email address so we may continue to contact you about reseed administration issues.
The email will not be made public but will be known to the other reseed operators.
You should expect that your nick or name and its association with that URL or IP will become public.
{%- endtrans %}</p>
<h3>{% trans %}Privacy Policy{% endtrans %}</h3>
<p>{% trans -%}
A reseed operator is a trusted role in the network.
While we do not yet have a formal privacy policy, you must ensure the privacy of our users
by not publicizing logs or IPs found in those logs, except as necessary to discuss administration issues with the I2P reseed team.
{%- endtrans %}</p>
<h3>{% trans %}Financial Support{% endtrans %}</h3>
<p>{% trans -%}
Modest financial support may be available to those running reseed servers.
This support would be in partial reimbursement for your server costs.
Support will not be paid in advance and will probably not cover all your expenses.
Support is only available to those who have been running reseed servers in good standing for several months, and is based on actual need.
{%- endtrans %}</p>
<p>{% trans -%}
If you would like to discuss support, please contact echelon and CC: zzz
{%- endtrans %}</p>
{% endblock %}

25
i2p2www/pages/site/get-involved/guides/reseed-proxy.html Normal file
View File

@ -0,0 +1,25 @@
{% extends "global/layout.html" %}
{% block title %}{{ _('How to Set up a Reseed Server using a Reverse Proxy') }}{% endblock %}
{% block lastupdated %}2023-01{% endblock %}
{% block content %}
<h2>{% trans %}General Information{% endtrans %}</h2>
<p>{% trans %}
These guidelines are based on idk's <a href="https://i2pgit.org/idk/reseed-tools">reseed-tools</a> server.
They should be very similar to the guidelines for DivaExchange's <a href="https://codeberg.org/diva.exchange/i2p-reseed">i2p-reseed</a> server.
{% endtrans %}</p>
<p>{% trans %}
These guidelines will help you to configure your reseed server behind a reverse proxy like Apache2 or nginx.
These will allow you to configure additional behaviors like filtering, adding and removing headers, or temporary logging to debug issues.
The specifics of customizing your reverse proxy are outside the scope of this document.
{% endtrans %}</p>
<h4><a href="reseed-policy">{% trans %}To read the reseed policy, follow this link.{% endtrans %}</a></h4>
<h4><a href="reseed">{% trans %}Please see the general information for all reseed servers in addition to reading this section.{% endtrans %}</a></h4>
<h2>{% trans %}Reseed Installation using a Reverse Proxy{% endtrans %}</h2>
<!--TODO: port over reverse proxy install docs-->
{% endblock %}

1067
i2p2www/pages/site/get-involved/guides/reseed.html
View File

File diff suppressed because it is too large Load Diff

33
i2p2www/pages/site/get-involved/index.html
View File

@ -1,26 +1,23 @@
{% extends "global/layout.html" %} {% block title %}{% trans %}Get Involved{% endtrans %}{% endblock %} {% block content %}
<h2>{% trans %}There are many ways you can help I2P.{% endtrans %}</h2>
<h3>{% trans %}Grow the Community{% endtrans %}</h3>
<h2>{% trans %}Contribute to the I2P Network{% endtrans %}</h2>
<ul>
<li><b>{% trans %}Support I2P Core Development{% endtrans %}</b>{% trans %}The project hosts meetings on the first Tuesday of every month that are open to the community. This is a great opportunity to see what is happening with I2P core development and
familiarize yourself with Roadmap tasks. Additionally, protocol development meetings take place every Tuesday and zzz's development forum is available all of the time as a place to participate in development and issues that need fixing. See the
new developer's guide for how to get started.{% endtrans %}
</li>
<li><b>{% trans %}Spread the Word.{% endtrans %}</b> &mdash; {% trans -%} Tell people about I2P on forums, blogs, and comments to articles. Fix up the
<a href="https://wikipedia.org/wiki/I2P">Wikipedia article about I2P in your language</a>. Tell your friends, and more importantly, use I2P to communicate with your friends. We have many tools that can help you keep your private conversations
private. {%- endtrans %}
</li>
<li><b>{% trans %}Support I2P Core Development{% endtrans %}</b>{% trans %} The project hosts meetings on the first Tuesday of every month that are open to the community. This is a great opportunity to see what is happening with I2P core development and
familiarize yourself with Roadmap tasks. {% endtrans %}
</li>
<li><b><a href="{{ newtrans }}">{{ _('Translation and Documentation') }}</a></b> &mdash; {% trans newtrans=site_url('get-involved/guides/new-translators') -%} Help translate the website and the software into your language. Translators are a very important
part of this decentralized project and your work is always appreciated. See the new translator's guide for details. The project also welcomes support to help keep its documentation updated. See the <a href="{{ newtrans }}">new translator's guide</a> for details. {%- endtrans %}
part of this decentralized project and your work is always appreciated. The project also welcomes support to help keep its documentation updated. See the <a href="{{ newtrans }}">new translator's guide</a> for details. {%- endtrans %}
</li>
</ul>
<h3>{% trans %}Host Services for Yourself and Others{% endtrans %}</h3>
<ul>
<li><b><a href="{{ site_url('/about/software') }}">{{ _('Services') }}</a></b> &mdash; {% trans -%} Self-hosting almost anything, from an SSH server for yourself to an ActivityPub forum for everyone and anything in between, is helpful to the I2P network,
especially if you write down instructions for others. Almost anything you can think of can be made to work with I2P, and your service is valuable to the network. {%- endtrans %}
especially if you write down instructions for others. Almost anything you can think of can be made to work with I2P. {%- endtrans %}
</li>
<li><b><a href="{{ reseed }}">{{ _('Reseeding') }}</a></b> &mdash; {% trans reseed=site_url('get-involved/guides/reseed') -%} Getting new users onto the network is a very important task, and that task is handled by our reseed servers. The more reseed
servers we have, the more de-centralized and redundant our infrastructure is. It's a big responsibility, but it's pretty easy to set up a reseed server for new routers to bootstrap from. Detailed instructions are on our <a href="{{ reseed }}">reseed server page</a>.
<li><b><a href="{{ reseed }}">{{ _('Reseeding') }}</a></b> &mdash; {% trans reseed=site_url('get-involved/guides/reseed') -%} Getting new participanting routers onto the network is a very important task, and that task is handled by reseed servers. The more reseed
servers the network has, the more de-centralized and redundant its infrastructure becomes. It's a big responsibility, but it's pretty easy to set up a reseed server for new routers to bootstrap from. Detailed instructions can be found here <a href="{{ reseed }}">reseed server page</a>.
{%- endtrans %}
</li>
</ul>
@ -29,18 +26,16 @@
<li><b><a href="{{ site_url('/get-involved/guides/dev-guidelines') }}">{{ _('Applications') }}</a></b> &mdash; {% trans apps=site_url('get-involved/develop/applications') -%} Write or port applications for I2P. There's some guidelines and a list of ideas
on the <a href="{{ apps }}">applications page</a>. {%- endtrans %}
</li>
<li><a href="{{ site_url('/get-involved/guides/new-developers') }}"><b>{{ _('Coding') }}</a></b> &mdash; {% trans trac=i2pconv('trac.i2p2.i2p'), zzz=i2pconv('zzz.i2p'), newdevs=site_url('get-involved/guides/new-developers') -%} There's plenty to do if
you know Java or are ready to learn. Check for open tickets on <a href="http://{{ trac }}/report/1">Trac</a> or the TODO list on <a href="http://{{ zzz }}">{{ zzz }}</a> for some ideas on where to start. See the <a href="{{ newdevs }}">new developer's guide</a> for details. {%- endtrans %}
</li>
<li><b><a href="{{ site_url('research/index') }}">{{ _('Analysis') }}</b> &mdash; {% trans threatmodel=site_url('docs/how/threat-model') -%} Study or test the code to look for vulnerabilities. Both anonymity vulnerabilities from the various
<li><b><a href="{{ site_url('research/index') }}">{{ _('Research') }}</b> &mdash; {% trans threatmodel=site_url('docs/how/threat-model') -%} Study or test I2P code to look for vulnerabilities. Both anonymity vulnerabilities from the various
<a href="{{ threatmodel }}">threat models</a>, and DOS and other weaknesses due to security holes, benefit from ongoing research. {%- endtrans %}
</li>
</ul>
<h4>{% trans %}When you're ready, join us on our Gitlab{% endtrans %}</h4>
<h4>{% trans %}Join I2P On Gitlab{% endtrans %}</h4>
<ul>
<li><strong><a href="http://git.idk.i2p">{% trans %}Inside I2P - (http://git.idk.i2p){% endtrans %}</a></strong>
</li>
<li><strong><a href="https://i2pgit.org">{% trans %}Outside I2P - (https://i2pgit.org){% endtrans %}</a></strong>
</li>
</ul>
{% endblock %}
{% endblock %}

302
i2p2www/pages/site/get-involved/roadmap.html
View File

@ -1,6 +1,6 @@
{% extends "global/layout.html" %}
{% block title %} {{ _('Roadmap') }}{% endblock %}
{% block lastupdated %}2021-08{% endblock %} {% block content %}
{% block lastupdated %}2022-11{% endblock %} {% block content %}
<p>
This is the official project roadmap for the desktop and Android Java I2P releases only. Some related tasks for resources such as the website and plugins may be included.
@ -15,79 +15,190 @@
Older releases are at the bottom of the page.
</p>
<h2 id="1.5.0">1.5.0 (API 0.9.51)</h2>
<p><b>Released: Aug. 23, 2021</b></p>
<h2 id="2.4.0">2.4.0 (API 0.9.60)</h2>
<p><b>Target release: September 2023</b></p>
<ul>
<li>
Accelerate rekeying routers to ECIES
NetDB context management
</li>
<li>
Start work on SSU2
Streaming replay fix
</li>
<li>
Implement new tunnel build messages (proposal 157)
Handle congestion capabilities by deprioritizing overloaded routers
</li>
<li>
Support dmg and exe automatic updates
"Install Plugin from File" command-line option
</li>
<li>
New native OSX installer
Generic UDP Tunnels in HSM
</li>
<li>
X-I2P-Location(alt-svc) locations for built-in I2P Site
Revive Android helper library
</li>
<li>
RRD4J 3.8
</li>
<li>
Create C, CGo, SWIG bindings for libi2pd
Website Migration
</li>
</ul>
<h2 id="1.6.1">1.6.1 (API 0.9.52)</h2>
<p><b>Released: Nov. 29, 2021</b></p>
<h2 id="2.3.0">2.3.0 (API 0.9.59)</h2>
<p><b>Target release: June 2023</b></p>
<ul>
<li>
Accelerate rekeying routers to ECIES
Tunnel peer selection improvements
</li>
<li>
SSU performance improvements
User-Configurable blocklist expiration
</li>
<li>
Improve SSU peer test security
Throttle fast bursts of lookup from same source
</li>
<li>
Add theme selection to new-install wizard
Fix replay detection information leak
</li>
<li>
Continue work on SSU2 (proposal 159)
NetDB fixes for multihomed leaseSets
</li>
<li>
Send new tunnel build messages (proposal 157)
</li>
<li>
Include automatic browser configuration tool in IzPack installer
</li>
<li>
Make Fork-and-Exec Plugins Managable
</li>
<li>
Document jpackage install processes
</li>
<li>
Complete, document Go/Java Plugin Generation Tools
</li>
<li>
Reseed Plugin - Run a self-signed HTTPS reseed as a Java router plugin with no configuration.
NetDB fixes for leaseSets which were received as a reply before being recieved as a store
</li>
</ul>
<h2 id="2.2.0">2.2.0 (API 0.9.58)</h2>
<p><b>Target release: April 2023</b></p>
<ul>
<li>
Tunnel peer selection improvements
</li>
<li>
Streaming replay fix
</li>
</ul>
<h2 id="2.1.0">2.1.0 (API 0.9.57)</h2>
<p><b>Released: January 10, 2023</b></p>
<ul>
<li>
SSU2 fixes
</li>
<li>
Tunnel build congestion fixes
</li>
<li>
SSU peer test and symmetric NAT detction fixes
</li>
<li>
Fix broken LS2 encrypted leasesets
</li>
<li>
Option to disable SSU 1 (preliminary)
</li>
<li>
Compressible padding (proposal 161)
</li>
<li>
New console peers status tab
</li>
<li>
Add torsocks support to SOCKS proxy and other SOCKS improvements and fixes
</li>
</ul>
<h2 id="2.0.0">2.0.0 (API 0.9.56)</h2>
<p><b>Released: November 21, 2022</b></p>
<ul>
<li>
SSU2 connection migration
</li>
<li>
SSU2 immediate acks
</li>
<li>
Enable SSU2 by default
</li>
<li>
SHA-256 digest proxy authentication in i2ptunnel
</li>
<li>
Update Android build process to use modern AGP, end need of deprecated Maven plugin in Android build
</li>
<li>
Cross-Platform(Desktop) I2P browser auto-configuration support
</li>
</ul>
<h2 id="1.9.0">1.9.0 (API 0.9.55)</h2>
<p><b>Released: August 22, 2022</b></p>
<ul>
<li>
SSU2 peer test and relay implementation
</li>
<li>
SSU2 fixes
</li>
<li>
SSU MTU/PMTU improvements
</li>
<li>
Enable SSU2 for a small portion of routers
</li>
<li>
Add deadlock detector
</li>
<li>
More certificate import fixes
</li>
<li>
Fix i2psnark DHT restart after router restart
</li>
</ul>
<h2 id="1.8.0">1.8.0 (API 0.9.54)</h2>
<p><b>Released: May 23, 2022</b></p>
<ul>
<li>
Router family fixes and improvements
</li>
<li>
Soft restart fixes
</li>
<li>
SSU fixes and performance improvements
</li>
<li>
I2PSnark standalond fixes and improvements
</li>
<li>
Avoid Sybil penalty for trusted families
</li>
<li>
Reduce tunnel build reply timeout
</li>
<li>
UPnP fixes
</li>
<li>
Remove BOB source
</li>
<li>
Certificate import fixes
</li>
<li>
Tomcat 9.0.62
</li>
<li>
Refactoring to support SSU2 (proposal 159)
</li>
<li>
Initial implementation of SSU2 base protocol (proposal 159)
</li>
<li>
SAM authorization popup for Android apps
</li>
<li>
Improve support for custom directory installs in i2p.firefox
</li>
</ul>
<h2 id="1.7.0">1.7.0 (API 0.9.53)</h2>
<p><b>Released: Feb. 21, 2022</b></p>
@ -148,135 +259,72 @@
</li>
</ul>
<h2 id="1.8.0">1.8.0 (API 0.9.54)</h2>
<p><b>Released: May 23, 2022</b></p>
<h2 id="1.6.1">1.6.1 (API 0.9.52)</h2>
<p><b>Released: Nov. 29, 2021</b></p>
<ul>
<li>
Router family fixes and improvements
Accelerate rekeying routers to ECIES
</li>
<li>
Soft restart fixes
SSU performance improvements
</li>
<li>
SSU fixes and performance improvements
Improve SSU peer test security
</li>
<li>
I2PSnark standalond fixes and improvements
Add theme selection to new-install wizard
</li>
<li>
Avoid Sybil penalty for trusted families
Continue work on SSU2 (proposal 159)
</li>
<li>
Reduce tunnel build reply timeout
Send new tunnel build messages (proposal 157)
</li>
<li>
UPnP fixes
Include automatic browser configuration tool in IzPack installer
</li>
<li>
Remove BOB source
Make Fork-and-Exec Plugins Managable
</li>
<li>
Certificate import fixes
Document jpackage install processes
</li>
<li>
Tomcat 9.0.62
Complete, document Go/Java Plugin Generation Tools
</li>
<li>
Refactoring to support SSU2 (proposal 159)
</li>
<li>
Initial implementation of SSU2 base protocol (proposal 159)
</li>
<li>
SAM authorization popup for Android apps
</li>
<li>
Improve support for custom directory installs in i2p.firefox
Reseed Plugin - Run a self-signed HTTPS reseed as a Java router plugin with no configuration.
</li>
</ul>
<h2 id="1.9.0">1.9.0 (API 0.9.55)</h2>
<p><b>Released: August 22, 2022</b></p>
<h2 id="1.5.0">1.5.0 (API 0.9.51)</h2>
<p><b>Released: Aug. 23, 2021</b></p>
<ul>
<li>
SSU2 peer test and relay implementation
Accelerate rekeying routers to ECIES
</li>
<li>
SSU2 fixes
Start work on SSU2
</li>
<li>
SSU MTU/PMTU improvements
Implement new tunnel build messages (proposal 157)
</li>
<li>
Enable SSU2 for a small portion of routers
Support dmg and exe automatic updates
</li>
<li>
Add deadlock detector
New native OSX installer
</li>
<li>
More certificate import fixes
X-I2P-Location(alt-svc) locations for built-in I2P Site
</li>
<li>
Fix i2psnark DHT restart after router restart
RRD4J 3.8
</li>
<li>
Create C, CGo, SWIG bindings for libi2pd
</li>
</ul>
<h2 id="1.10.0">1.10.0 (API 0.9.56)</h2>
<p><b>Target release: November 2022</b></p>
<ul>
<li>
SSU2 connection migration
</li>
<li>
Enable SSU2 by default
</li>
<li>
i2psnark UDP tracker support (proposal 160) ?
</li>
<li>
Custom reseed service entry for Android
</li>
<li>
UDP Hidden Service/Client support in Hidden Services Manager
</li>
<li>
Automatic reseed servers from .onion URLs
</li>
<li>
VPN-Mode Support in Android for browser configuration
</li>
<li>
Update Android build process to use modern AGP, end need of deprecated Maven plugin in Android build
</li>
<li>
Cross-Platform(Desktop) I2P browser auto-configuration support
</li>
</ul>
<h2 id="1.11.0">1.11.0 (API 0.9.57)</h2>
<p><b>Target release: February 2023</b></p>
<ul>
<li>
TBD
</li>
</ul>
<h4><a href="roadmap-archive">{% trans %}Looking for older releases? Check the roadmap archive by following this link.{% endtrans %}</a></h4>
{% endblock %}

20
i2p2www/pages/site/research/index.html
View File

@ -8,11 +8,8 @@
<h3>{{ _('Research on the I2P Network') }}</h3>
<p>{% trans -%}
I2P is a very unique project that unfortunately has not received the wider
academic attention it deserves. To date, most research focus on anonymous and
onion-routing technology has been around Tor, and while those papers benefit us
as well, there is a great need for I2P-focused research. This plays a key role
in both maintaining the security and integrity of the network, as well as
Research plays a key role
in both maintaining the security and integrity of the I2P network, as well as
opening doors for more impactful future development.
{%- endtrans %}</p>
@ -32,9 +29,9 @@ A list of known published papers about I2P is available <a href="{{ papers
{%- endtrans %}</p>
<p>{% trans %}
This page aims to outline the most needed fields of research, notes to
potential researchers, our general safety guidelines as well as an expanding
list of open questions that you can begin on at any time.
This page outlines the most needed fields of research, notes to
potential researchers, general safety guidelines as well as an expanding
list of open research questions.
{% endtrans %}</p>
<h2>{{ _('Notes to Researchers:') }}</h2>
@ -43,12 +40,9 @@ list of open questions that you can begin on at any time.
<p>{% trans -%}
While all research on the I2P network is beneficial and appreciated, there are
certain areas which are more in need than others - most so in defensive
research. Most people enjoy coming up with fun ways to launch offensives
certain areas that are more in need than others. Most research focuses on testing offensives
against anonymous software, and this is further reinforced by the incentives in
academic institutions. While we know it is often not the first choice for
researchers, We would certainly appreciate any and all work towards ways to
fortify the network!
academic institutions. The project would appreciate research and testing that will support fortifying the I2P network.
{%- endtrans %}</p>
<h3>{{ _('Offensive and Analytic Tests') }}</h3>

12
i2p2www/pages/site/research/vrp.html
View File

@ -7,13 +7,13 @@
This process is subject to change. Please refer to this page for the current VRP.
{%- endtrans %}</p>
<p>{% trans %}This page was last updated in June 2020.{%- endtrans %}</p>
<p>{% trans %}This page was last updated April 2023.{%- endtrans %}</p>
<p>{% trans %}Researchers: while you research/hack, we ask that you refrain from the following: - Performing active exploits or Denial of Service attacks on the
i2p network - Performing social engineering on i2p development team members - Performing any physical or electronic attempts against i2p property and/or data
<p>{% trans %}Researchers: during your study and network testing, we ask that you refrain from the following: - Performing active exploits or Denial of Service attacks on the
I2P network - Performing social engineering on I2P team and community members - Performing any physical or electronic attempts against I2P property and/or data
centers{%- endtrans %}</p>
<p>{% trans %}As i2p is an open-source community, many volunteers and development team members run their own I2P Sites as well as public (“non-private internet”) domains. These
sites/servers are NOT in the scope of the vulnerability assessment / response process, only the underlying code of i2p is.{%- endtrans %}</p>
<p>{% trans %}As I2P is an open-source community, many volunteers and development team members run their own I2P Sites as well as public (“non-private internet”) domains. These
sites/servers are NOT in the scope of the vulnerability assessment / response process, only the underlying code of I2P is.{%- endtrans %}</p>
<h2 id="i.-point-of-contact-for-security-issues">I. {{ _('Point of Contact for Security Issues') }}</h2>
@ -22,7 +22,7 @@ sites/servers are NOT in the scope of the vulnerability assessment / response pr
<h2 id="ii.-security-response-team">II. {{ _('Security Response Team') }}</h2>
<p>{% trans -%}
Echelon is the trusted security point-of-contact. He forwards e-mails to team members as appropriate.
Echelon is the trusted security point-of-contact. He forwards emails to team members as appropriate.
{%- endtrans %}</p>
<h2 id="iii.-incident-response">III. {{ _('Incident Response') }}</h2>

Some files were not shown because too many files have changed in this diff Show More