324 lines
26 KiB
HTML
324 lines
26 KiB
HTML
{% extends "_layout.html" %}
|
|
{% block title %}I2P Development Meeting 118{% endblock %}
|
|
{% block content %}<h3>I2P dev meeting, November 30, 2004</h3>
|
|
<div class="irclog">
|
|
<p>13:08 < jrandom> 0) hi</p>
|
|
<p>13:08 < jrandom> 1) 0.4.2 and 0.4.2.1</p>
|
|
<p>13:08 < jrandom> 2) mail.i2p</p>
|
|
<p>13:08 < jrandom> 3) i2p-bt</p>
|
|
<p>13:08 < jrandom> 4) eepsites</p>
|
|
<p>13:08 < jrandom> 5) ???</p>
|
|
<p>13:09 < jrandom> 0) hi</p>
|
|
<p>13:09 < jrandom> sorry to interrupt dm's agenda</p>
|
|
<p>13:09 < jrandom> status notes up @ http://dev.i2p.net/pipermail/i2p/2004-November/000492.html</p>
|
|
<p>13:09 < jrandom> [hi]</p>
|
|
<p>13:10 <+postman> ((hi))</p>
|
|
<p>13:10 <+postman> :)</p>
|
|
<p>13:10 < jrandom> so, as y'all read through that overwhelmingly interesting email, we might as well get the meeting underway</p>
|
|
<p>13:10 < jrandom> 1) 0.4.2 and 0.4.2.1</p>
|
|
<p>13:11 < jrandom> 0.4.2 is out, as you know, and the results are mixed, but when its not failing bad, it seems to be doing much better ;)</p>
|
|
<p>13:12 < jrandom> there will be a release with a whole slew of bugfixes soon - i've been holding off to try to get as many things improved as possible</p>
|
|
<p>13:12 < jrandom> as things stand now though, it looks like the 0.4.2.1 release will not yet get the i2p-bt port into tip top shape quite yet</p>
|
|
<p>13:12 <+postman> jrandom: what do the bugfixes address - all errors in the new streaminglib or other stuff as well?</p>
|
|
<p>13:13 < jrandom> a fast busy loop in the streaming lib that came up from a poorly tested scenario, some SAM issues, IP address detection problems, among other things</p>
|
|
<p>13:14 < jrandom> dev.i2p.net/cgi-bin/cvsweb.cgi/~checkout~/i2p/history.txt?rev=HEAD has the full list</p>
|
|
<p>13:14 <+postman> k</p>
|
|
<p>13:14 <+postman> thx</p>
|
|
<p>13:15 < jrandom> oh, one thing to note about 0.4.2.1 is that it, like 0.4.2, will need to modify your wrapper.config again, so please pay attention to the update instructions when they're out :)</p>
|
|
<p>13:15 < jrandom> does anyone have any questions/comments/concerns about 0.4.2?</p>
|
|
<p>13:15 < jrandom> (/0.4.2.1)</p>
|
|
<p>13:16 < clayboy> been working great here, have been tracking cvs too, always smooth</p>
|
|
<p>13:16 < jrandom> wikked</p>
|
|
<p>13:17 < bla> It's table (0.4.2): up for days already</p>
|
|
<p>13:17 < bla> s/table/stable/</p>
|
|
<p>13:17 < jrandom> ah nice, yeah, the bugs havent been hitting everyone</p>
|
|
<p>13:17 < jrandom> ok, if there's nothing else on that, lets jump on to 2) mail.i2p</p>
|
|
<p>13:18 < jrandom> i hear postman has some things to discuss</p>
|
|
<p>13:18 <+postman> hello</p>
|
|
<p>13:18 < jrandom> hi postman, you're up :)</p>
|
|
<p>13:18 <+postman> weeks ago i conducted a poll regarding IMAP</p>
|
|
<p>13:19 <+postman> since a few weeks passed now i decided to close the polls and to count the vote</p>
|
|
<p>13:19 <+postman> result is: not needed - won't be done. period</p>
|
|
<p>13:19 <+postman> after talking to susi - she was quite fine wioth pop3 on her webmail interface</p>
|
|
<p>13:19 < clayboy> reason wins! :)</p>
|
|
<p>13:19 < jrandom> w3wt</p>
|
|
<p>13:20 <+postman> so let's just stick to the pop3 end bury any silly imap ideas</p>
|
|
<p>13:20 <+postman> :)</p>
|
|
<p>13:20 * jrandom gets the shovel</p>
|
|
<p>13:20 <+postman> 2.) we're close to 100 registered users</p>
|
|
<p>13:21 < clayboy> wow</p>
|
|
<p>13:21 <+postman> not all of them public of course, but it still sounds like a quite reasonable number regarding the size of the network </p>
|
|
<p>13:21 <+Ragnarok> so... how about that LDAP address book? :)</p>
|
|
<p>13:21 < jrandom> nice</p>
|
|
<p>13:21 <+postman> 3. a feature to upload/share you public pgp key is active since weekend</p>
|
|
<p>13:21 <+postman> please use it </p>
|
|
<p>13:21 <+postman> www.postman.i2p/user/acc.html</p>
|
|
<p>13:22 < clayboy> i'm not taking any credit for that idea :></p>
|
|
<p>13:22 <+postman> the public keys can easily be downloaded with the help of the addressbook</p>
|
|
<p>13:22 <+postman> or direct as www.postman.i2p/public/accountname.pub</p>
|
|
<p>13:22 < jrandom> ooh cool</p>
|
|
<p>13:22 <+postman> the system works quite fine</p>
|
|
<p>13:22 <+postman> thanks to duck for pointing at a few bugs</p>
|
|
<p>13:23 <+postman> 4.) i think about offering accountbased routing</p>
|
|
<p>13:23 <+postman> like ppl say</p>
|
|
<p>13:23 < jrandom> account based routing?</p>
|
|
<p>13:23 <+postman> all mail for foo@mail.i2p gets transported to the following destination </p>
|
|
<p>13:23 <+postman> and user presents a valid destination key for it</p>
|
|
<p>13:24 <+postman> postman.i2p will then manually route mail to those accounts to mailsystems</p>
|
|
<p>13:24 <+postman> just an idea(tm)</p>
|
|
<p>13:24 < jrandom> ah nice</p>
|
|
<p>13:24 <+postman> i am looking forward to develop and discuss the whole matter</p>
|
|
<p>13:25 <+postman> that's it for now</p>
|
|
<p>13:25 <+postman> more follows next week</p>
|
|
<p>13:25 <+postman> thanks</p>
|
|
<p>13:25 < nmi> postman: sorry, transported to a particular i2p destination you mean?</p>
|
|
<p>13:25 * postman hands the mike back to jrandom </p>
|
|
<p>13:25 <+postman> nmi: yes</p>
|
|
<p>13:25 < ant> <Nightblade> am SMTP i2p destination?</p>
|
|
<p>13:25 < ant> <Nightblade> an</p>
|
|
<p>13:25 <+postman> nmi: provided the destination accepts smtp and mail for that account</p>
|
|
<p>13:25 < jrandom> that sounds very cool, gets rid of the trust aspect of the mail fiiltering</p>
|
|
<p>13:26 < nmi> ah, ok. clever. i had thought of doing something similar using mixminion single-use-reply-blocks but your idea is better...</p>
|
|
<p>13:26 < jrandom> its probably a lot of work to set up on the client side, but perhaps someone could do some hacking</p>
|
|
<p>13:26 <+postman> jrandom: i am working on it</p>
|
|
<p>13:26 < jrandom> w00t</p>
|
|
<p>13:26 <+postman> jrandom: the user will have the usual webinterface ( acc.html...)</p>
|
|
<p>13:27 <+postman> jrandom: and inserts the destinationkey</p>
|
|
<p>13:27 < jrandom> well, right, but then there's the MTA configuration</p>
|
|
<p>13:27 <+postman> the rest will be done automatigally</p>
|
|
<p>13:27 <+postman> yes, on the postman.i2p AND the receiving sinde</p>
|
|
<p>13:28 < nmi> jrandom: yeah, it would be cool to have a really stripped down smtp proxy for people not wanting to run a full MTA</p>
|
|
<p>13:28 < jrandom> right right</p>
|
|
<p>13:28 <+postman> jrandom: i will provide a simple setup config for ppl interested</p>
|
|
<p>13:28 <+postman> jrandom: for postfix, exim and sendmail</p>
|
|
<p>13:28 <+postman> jrandom: those can be stripped down to BARE necessities</p>
|
|
<p>13:28 <@duck> seriously, do you think that there are many users for that?</p>
|
|
<p>13:28 < jrandom> postman: this all sounds pretty kickass. i look forward to hearing more when you're ready</p>
|
|
<p>13:29 <+postman> jrandom: no idea about windows smtp servers tho</p>
|
|
<p>13:29 <+postman> duck: well</p>
|
|
<p>13:29 <+postman> duck: 8 weeks ago there was no need for a mailsystem and no users either</p>
|
|
<p>13:29 <+postman> duck: it's investment</p>
|
|
<p>13:29 <@duck> true</p>
|
|
<p>13:29 <+postman> duck: in 6 months we'll be happy to have it</p>
|
|
<p>13:29 < jrandom> duck: the potential comes with moving away from a trusted SMTP filter</p>
|
|
<p>13:29 <+postman> :)</p>
|
|
<p>13:30 < jrandom> er, perhaps i should say, moving /to/ a trusted smtp filter (no offense postman ;)</p>
|
|
<p>13:30 <+postman> and there will be a few ones</p>
|
|
<p>13:30 <+postman> AND</p>
|
|
<p>13:30 <+postman> (now the punchline)</p>
|
|
<p>13:30 <+postman> we could easily create maildomains :)</p>
|
|
<p>13:30 <+postman> like duck@duck.i2p and other stuff</p>
|
|
<p>13:30 <+postman> :)</p>
|
|
<p>13:30 <@duck> ah</p>
|
|
<p>13:31 <+postman> the only problem would be the official/private mapping</p>
|
|
<p>13:31 < jrandom> hosts.txt!</p>
|
|
<p>13:31 * jrandom ducks</p>
|
|
<p>13:31 <+postman> but this is another thing for the webmanagement console :)</p>
|
|
<p>13:31 <+postman> LOL</p>
|
|
<p>13:31 <+postman> jrandom: i rely on shaky sql databases :)</p>
|
|
<p>13:31 <@duck> ok; I see it fitting in</p>
|
|
<p>13:32 <+postman> ok</p>
|
|
<p>13:32 <+postman> then i will work it out and present an concept soon</p>
|
|
<p>13:32 <+postman> yess, yet more work</p>
|
|
<p>13:32 * postman leans back relaxed</p>
|
|
<p>13:32 <+postman> :)</p>
|
|
<p>13:32 < jrandom> kickass, thanks postman </p>
|
|
<p>13:33 < jrandom> ok, unless other people have further mail.i2p related questions, shall we move on to 3) i2p-bt?</p>
|
|
<p>13:33 < jrandom> consider us moved</p>
|
|
<p>13:34 < jrandom> ok, as the email mentioned, i broke the i2p-bt port</p>
|
|
<p>13:34 * jrandom hangs head in shame</p>
|
|
<p>13:34 < jrandom> in other news, duck, do you have anything wrt i2p-bt you want to discuss?</p>
|
|
<p>13:34 <@duck> as a result of jrandom's work not much has been done :)</p>
|
|
<p>13:35 <+Ragnarok> booo, hissss</p>
|
|
<p>13:35 <@duck> oh Ragnarok had some patches</p>
|
|
<p>13:35 * jrandom2p pelts jrandom with tomatoes</p>
|
|
<p>13:35 <@duck> I think, see the history file :)</p>
|
|
<p>13:35 < jrandom> oh cool</p>
|
|
<p>13:35 <@duck> we got some things in the queue too</p>
|
|
<p>13:35 <+Ragnarok> well, I was hissing at jr, but ok :)</p>
|
|
<p>13:36 <@duck> but I dont want to change (too) much on the unstable ground</p>
|
|
<p>13:36 <@duck> (like breaking bt while i2p is getting fixed)</p>
|
|
<p>13:36 < jrandom> aye, good plan</p>
|
|
<p>13:36 <@duck> .</p>
|
|
<p>13:37 < jrandom> ok cool, anyone else have anything on i2p-bt?</p>
|
|
<p>13:37 < jrandom> if not, moving us along to 4) eepsites</p>
|
|
<p>13:38 < jrandom> well, i know the issues have been discussed a few times since we first got the eepproxy, but there have been some recent queries warranting their mention again</p>
|
|
<p>13:39 < bla> yes...</p>
|
|
<p>13:39 < jrandom> what we have now for browsing eepsites and normal websites anonymously just plain isn't safe</p>
|
|
<p>13:39 < clayboy> disabling java, javascript, cookies and flash helps, though</p>
|
|
<p>13:39 < jrandom> DrWoo has done a great job with his page describing the dangers and how you can protect yourself</p>
|
|
<p>13:40 < jrandom> right clayboy, definitely</p>
|
|
<p>13:40 < clayboy> url?</p>
|
|
<p>13:40 < bla> clayboy: Yes, on the HTML side, but not on the HTTP side</p>
|
|
<p>13:40 < jrandom> but if there's one thing i've learned with the router console, its that no one follows more than two steps into the instructions ;)</p>
|
|
<p>13:40 < clayboy> bla: good point</p>
|
|
<p>13:40 < jrandom> clayboy: http://brittanyworld.i2p/browsing/</p>
|
|
<p>13:41 < bla> I've done some experiments here: http://forum.i2p/viewtopic.php?t=182</p>
|
|
<p>13:41 < bla> Doesn't look good as it is</p>
|
|
<p>13:42 <@duck> who has the evil applets?</p>
|
|
<p>13:42 < ant> <Nightblade> there was a security exploit found in java</p>
|
|
<p>13:43 < ant> <Nightblade> for some older 1.4.x vers</p>
|
|
<p>13:43 < ant> <Nightblade> not 1.5</p>
|
|
<p>13:44 < jrandom> nightblade: the 'attack' used in this person's case was really trivial, and, according to the person, worked from 1.1.6-1.5</p>
|
|
<p>13:44 < ant> <Nightblade> hmm</p>
|
|
<p>13:44 < jrandom> (download a .exe, run the .exe)</p>
|
|
<p>13:45 < jrandom> i was suprised to see some java security permissions fire up on instantiation of new File(filename) but no security permissions fire up on instantiation of new FileOutputStream(filename)</p>
|
|
<p>13:45 * jrandom stops handing out hand grenades</p>
|
|
<p>13:46 < jrandom> (i havent verified their code, but did see much of it)</p>
|
|
<p>13:46 < jrandom> but anyway, eepsites</p>
|
|
<p>13:47 < jrandom> well, i dont think it would be prudent to remove the eepproxy altogether</p>
|
|
<p>13:47 < jrandom> but i dont really have time right now to implement any of the solutions listed</p>
|
|
<p>13:48 < bla> jrandom: Stripping out all Accept* headers would be a good thing, for now</p>
|
|
<p>13:48 < jrandom> what do y'all think? any volunteers? shall we wing it until we do get time?</p>
|
|
<p>13:48 < ant> <Nightblade> bla: I don't think it is a big deal that people can see some browser headers</p>
|
|
<p>13:49 < ant> <Nightblade> millions of people use those browsers</p>
|
|
<p>13:49 < bla> And always adding a User-Agent: header, even if the client didn't send one. I makes requests homogeneous</p>
|
|
<p>13:50 < bla> Nighblade: Yes, but if your browser says Accept-Language: xx (just made up on the spot), and there happens to be only 1 I2P node in a country that speaks language xx, almonimity is gone, completely</p>
|
|
<p>13:50 < bla> The Accept-Language: header is there though, in some browsers. And we can't rely on it always being "en"</p>
|
|
<p>13:50 < ant> <Nightblade> ok but what if removing some of those headers violates the HTTP spec?</p>
|
|
<p>13:50 < jrandom> adding those two cases are easy enough, and i'll get them into 0.4.2.1, but it really isn't safe to explicitly filter headers like this</p>
|
|
<p>13:50 < jrandom> nightblade: we break so many aspects of the HTTP spec it hurts</p>
|
|
<p>13:51 < bla> Nightblade: Only one of the threee browsers I listed did send the header, so it shouldn't be much of a problem</p>
|
|
<p>13:51 < ant> <Connelly> HTTP was not designed for anonymity</p>
|
|
<p>13:51 < jrandom> the eepproxy is duct tape and shoe polish</p>
|
|
<p>13:51 < bla> jrandom: Why isn't that filttering safe?</p>
|
|
<p>13:52 < bla> jrandom: We could even consider stripping _all_ headeers, except for the Host: header and the GET header</p>
|
|
<p>13:52 < jrandom> bla: stripping all headers except the host would be safer, yes</p>
|
|
<p>13:52 < bla> jrandom: After all, what do we need more for an anonymous HTTP?</p>
|
|
<p>13:52 < jrandom> but thats beyond the amount of time i can put into it</p>
|
|
<p>13:52 < jrandom> i can add the Accept and user-agent filters in ~ 30s</p>
|
|
<p>13:53 < jrandom> much beyond that and i throw my hands in the air and rewrite the http proxy ;)</p>
|
|
<p>13:53 < bla> jrandom: How come stripping all of them is more difficult?</p>
|
|
<p>13:53 < jrandom> read the code. </p>
|
|
<p>13:54 < jrandom> (patches welcome)</p>
|
|
<p>13:54 < jrandom> but what we're looking at here is still just a short term solution</p>
|
|
<p>13:54 < bla> jrandom: Point well taken ;) But seriously: I think the Accept* and User-Agent fixes would do really fine for now</p>
|
|
<p>13:54 < jrandom> we need someone to work on something that will last us long term</p>
|
|
<p>13:55 < ant> * dm just ate 20 slices of cheese... drool.</p>
|
|
<p>13:55 < jrandom> bla: i heard that last time someone asked us to filter the User-agent and referrer headers ;)</p>
|
|
<p>13:55 < jrandom> (but yeah, i'll get those two into the next rev)</p>
|
|
<p>13:56 < ant> <dm> those headers are usefl</p>
|
|
<p>13:56 < ant> <dm> useful</p>
|
|
<p>13:56 < ant> <dm> For service providers.</p>
|
|
<p>13:56 < jrandom> yes, they are</p>
|
|
<p>13:57 < jrandom> we've already had some apps break because we filter referrer too</p>
|
|
<p>13:57 < bla> dmm: Yes, indeed. However, they also provide a browser or OS fingerprint</p>
|
|
<p>13:57 < ant> <dm> I have an idea!</p>
|
|
<p>13:57 * jrandom takes cover</p>
|
|
<p>13:58 < ant> <dm> Hard code the User-Agent to: Nokia6230/2.0 (03.15) Profile/MIDP-2.0 Configuration/CLDC-1.1 149.254.201.133 </p>
|
|
<p>13:58 < ant> <dm> eh? eh?</p>
|
|
<p>13:58 < jrandom> we already hard code the user agent header</p>
|
|
<p>13:59 < ant> <Nightblade> I2P-enabled cell phones</p>
|
|
<p>13:59 * jrandom mounts a DoS on that phone</p>
|
|
<p>13:59 < ant> <dm> To what?</p>
|
|
<p>13:59 < ant> <dm> My poor phone!!!</p>
|
|
<p>13:59 < jrandom> ok, anyone else have any thoughts on the eepproxy/eepsite stuff?</p>
|
|
<p>14:00 < bla> MYOB/6.ss (AN/ON)</p>
|
|
<p>14:00 < bla> no\</p>
|
|
<p>14:00 <+Ragnarok> we should reinvent html using s-expressions!</p>
|
|
<p>14:01 < jrandom> (i really do think using a bbcode style macro language is the way to go, at least for some things ;)</p>
|
|
<p>14:01 < jrandom> ((or xml for you geeks))</p>
|
|
<p>14:02 < ant> <dm> Microsoft endorses use of XML</p>
|
|
<p>14:02 < ant> <dm> So I'm all for it.</p>
|
|
<p>14:02 <+Ragnarok> xml is just excessively wordy s-expressions :)</p>
|
|
<p>14:03 < ant> <dm> Is this a good time for me to aplaud jrandom for his work on this project?</p>
|
|
<p>14:03 * jrandom volunteers Ragnarok to work on it, after getting the next gen address book ;)</p>
|
|
<p>14:03 <@duck> I dont think that 'invent your own markup language' will work for general browsers</p>
|
|
<p>14:04 <@duck> maybe for the blog thing inside myi2p</p>
|
|
<p>14:04 <+Ragnarok> it's always a good time :)</p>
|
|
<p>14:04 < ant> <dm> applaud even</p>
|
|
<p>14:04 < jrandom> duck: the proxy will need to filter content anyway, it would be simple enough (heh) to inject the results of macro expansions into the resulting filtered content</p>
|
|
<p>14:05 < ant> * dm tips his hat to jr.</p>
|
|
<p>14:05 < jrandom> gracias dm et al</p>
|
|
<p>14:05 < ant> <Nightblade> something like PDF would be safer than HTML</p>
|
|
<p>14:05 < jrandom> lol</p>
|
|
<p>14:05 <@duck> .txt files!</p>
|
|
<p>14:06 < ant> <Nightblade> i've seem PDF files with clickable links, but the files themselves are huge</p>
|
|
<p>14:06 < ant> <Nightblade> seen</p>
|
|
<p>14:06 < ant> <dm> Uncompressed Bitmaps?</p>
|
|
<p>14:06 < jrandom> yes, lets all write in pdf</p>
|
|
<p>14:07 <+Ragnarok> erg, postscript is fugly</p>
|
|
<p>14:07 < ant> <cat-a-puss> how is html insecure?</p>
|
|
<p>14:07 <@duck> anyway</p>
|
|
<p>14:07 < ant> <Nightblade> cat: with javascript, activex, applets,...</p>
|
|
<p>14:07 < jrandom> cat-a-puss: all the different ways to encode dangerous data</p>
|
|
<p>14:08 < ant> <dm> languages aren't secure or insecure, clients are.</p>
|
|
<p>14:08 <+Ragnarok> the realy problem is how to do anon dhtml...</p>
|
|
<p>14:08 < jrandom> (and we'll never, /never/ be ahead of the game as long as we explicitly filter)</p>
|
|
<p>14:08 < ant> <cat-a-puss> Java/javascript are enclosed in tags. So strip those out, plain html is not harmful right?</p>
|
|
<p>14:08 < ant> <dm> We need to use a data format that is parsed by a client made by a company that we trust.</p>
|
|
<p>14:08 < jrandom> Ragnarok: macros, and/or reference known safe and locally installed javascript</p>
|
|
<p>14:08 < ant> <dm> I trust Microsoft, therefore I suggest Internet Explorer, Microsoft Word, or Notepad</p>
|
|
<p>14:09 < ant> <dm> Flight Simulator 2002 is acceptable as well.</p>
|
|
<p>14:09 < ant> <cat-a-puss> Freenet already has an "anonymity filter" strips out all Java / Javascript / ActiveX etc. Borrow that and the only thing I can think could get through would be Image exploits... unless there is something I am missing.</p>
|
|
<p>14:10 < jrandom> freenet's anon filter is a good start for one or two of the different camps, but would likely require some work to get forms working as we want them</p>
|
|
<p>14:10 < ant> <Nightblade> the eepproxy would have to run as a separate process, because of licensing</p>
|
|
<p>14:11 < jrandom> that still leaves us a heavily crippled html</p>
|
|
<p>14:11 < jrandom> (with no css)</p>
|
|
<p>14:11 < ant> <dm> Okay, how about Flash?</p>
|
|
<p>14:11 < jrandom> nightblade: we can work around that (same way we work around i2ptunnel being GPL)</p>
|
|
<p>14:11 < ant> <dm> Imagine a world wide web with only flash.</p>
|
|
<p>14:11 < ant> <dm> What a rich and wonderful world that would be.</p>
|
|
<p>14:12 < ant> <Nightblade> well Just create a warning: "Eepsite browsing is hazardous to your anonymity. Please use Gopher."</p>
|
|
<p>14:12 < ant> <Nightblade> actually gopher is not a bad idea</p>
|
|
<p>14:12 * jrandom ports archie</p>
|
|
<p>14:12 <+Ragnarok> gopher!</p>
|
|
<p>14:12 < ant> <dm> There was Betty as well, wasn't there...</p>
|
|
<p>14:12 <+Ragnarok> I remember gopher :)</p>
|
|
<p>14:13 <+Ragnarok> man, those were the good old days. I think I had a screaming 14.4 baud at the time... <sigh></p>
|
|
<p>14:13 < ant> <Nightblade> I only browsed gopher in text mode, and I don't know if it supported graphics</p>
|
|
<p>14:13 < jrandom> they didnt have gui browsers last time i used gopher ;)</p>
|
|
<p>14:14 < jrandom> anyway, there are lots of options</p>
|
|
<p>14:14 < ant> <Nightblade> what was that browser called back then? the one before Netscape...</p>
|
|
<p>14:14 < ant> <Nightblade> i forget</p>
|
|
<p>14:14 < jrandom> mosaic</p>
|
|
<p>14:15 < ant> <Nightblade> yeah</p>
|
|
<p>14:15 < ant> <dm> Mosaic 2.0</p>
|
|
<p>14:15 < ant> <Nightblade> "Welcome to I2P, please wait while we install Gopher and Mosaic."</p>
|
|
<p>14:15 < jrandom> heh</p>
|
|
<p>14:15 < jrandom> yeah, probably no javascript exploits in those</p>
|
|
<p>14:16 < jrandom> ok, anyway, thats that, i suppose</p>
|
|
<p>14:16 < jrandom> moving on to 5) ???</p>
|
|
<p>14:16 <+Ragnarok> there's still a gopher package in debian</p>
|
|
<p>14:16 < jrandom> anyone have anything else (not gopher related)?</p>
|
|
<p>14:17 < ant> <dm> What will happen to I2P when you need to start working again?</p>
|
|
<p>14:18 < jrandom> i'll be on i2p fulltime through the spring, at least. we can discuss things beyond then as that time approaches</p>
|
|
<p>14:19 < ant> <dm> o k</p>
|
|
<p>14:19 < jrandom> in any case, if i got hit by a bus tomorrow, everything is in cvs and all code is free</p>
|
|
<p>14:19 <+Ragnarok> I assume you're planning to have a 1.0 before then. What do you think the odds are?</p>
|
|
<p>14:19 <+Ragnarok> before spring, not your untimely demise...</p>
|
|
<p>14:20 < jrandom> certainty.</p>
|
|
<p>14:20 < ant> <dm> ahaha.. yes, what are the odds of 1.0 before tomorrow when you get hit by that bus?</p>
|
|
<p>14:20 < jrandom> (assuming no buses ;)</p>
|
|
<p>14:20 < ant> <dm> I just had a very sad thought.</p>
|
|
<p>14:20 < ant> <dm> Depressing really, but... If you were to get hit by a bus, no one here would know of it.</p>
|
|
<p>14:20 < ant> <cat-a-puss> On filtering: What if we created a better proxy, such that all the applications on the computer's traffic could go through it, then we would not need to filter Javascript et alt because they can't find out who we are anyway.</p>
|
|
<p>14:21 < ant> <dm> You would just die, and we wouldn't know what happened :(</p>
|
|
<p>14:21 < ant> <dm> God why did he have to die?!?!? why?!?!</p>
|
|
<p>14:22 < ant> <dm> Can you put a clause in your will to email the mailing list if you die?</p>
|
|
<p>14:22 < jrandom> cat-a-puss: javascript can send the contennts of your bookmarks, your IP address, and all sorts of things to a remote site</p>
|
|
<p>14:22 < jrandom> dm: people who know me irl know i'm involved in i2p. enough of this morbid shit</p>
|
|
<p>14:23 < ant> <dm> ah cool.</p>
|
|
<p>14:24 < ant> <cat-a-puss> jrandom: yeah, but that sort of thing requres an exploit right, not just say forwarding them to some page that uses a different protocall that is not proxied. We probably be reasonable safe from those with a scanner on incomming content and automatic updates.</p>
|
|
<p>14:25 < jrandom> cat-a-puss: erm, perhaps i misunderstood - are you suggesting that it may be safe to have javascript enabled in the browser, as long as the connections that that javascript code makes are proxied also?</p>
|
|
<p>14:26 < ant> <cat-a-puss> jrandom: yeah, as long as there is no buffer overflows etc.</p>
|
|
<p>14:26 < jrandom> if so, thats still vulnerable to plain old javascript that reads the javascrip environment and sends it "anonymously" to http://cia.i2p/data. </p>
|
|
<p>14:27 < jrandom> the data available to javascript includes your IP address, as well as your bookmarks and all sorts of other things</p>
|
|
<p>14:27 < jrandom> so even though the connection to cia.i2p was anonymous, the content exposes you</p>
|
|
<p>14:31 < jrandom> ok, anyone else have something to bring up for the meeting?</p>
|
|
<p>14:31 <@duck> yes:</p>
|
|
<p>14:31 <@duck> what does the new 'active peers' counter mean</p>
|
|
<p>14:31 < jrandom> ah</p>
|
|
<p>14:31 < jrandom> yeah, that changed</p>
|
|
<p>14:32 < jrandom> in 0.4.2.1, the new Active: x/y will have x=# of peers you've sent or received a message from successfully in the last minute, y=# peers seen in the last hour or so</p>
|
|
<p>14:32 < jrandom> this is part of the code to deal with some peers giving out bad info in the IP autodetection phase</p>
|
|
<p>14:33 * duck will try to remember it</p>
|
|
<p>14:33 < jrandom> so it'll vary much more than before</p>
|
|
<p>14:33 < jrandom> heh so dont worry when the value is lower than you're used to ;)</p>
|
|
<p>14:34 < jrandom> ok, if thats it, then y'all should check back onto the mailing list and website over the next day for the 0.4.2.1 release</p>
|
|
<p>14:34 < jrandom> it'll be backwards compatible, blah blah blah</p>
|
|
<p>14:34 < jrandom> in any case</p>
|
|
<p>14:34 * jrandom winds up</p>
|
|
<p>14:35 * jrandom *baf*s the meeting closed</p>
|
|
</div>
|
|
{% endblock %} |