258 lines
22 KiB
HTML
258 lines
22 KiB
HTML
{% extends "_layout.html" %}
|
|
{% block title %}I2P Development Meeting 149{% endblock %}
|
|
{% block content %}<h3>I2P dev meeting, September 27, 2005</h3>
|
|
<div class="irclog">
|
|
<p>16:14 < jrandom> 0) hi</p>
|
|
<p>16:14 < jrandom> 1) Net status</p>
|
|
<p>16:14 < jrandom> 2) 0.6.1</p>
|
|
<p>16:14 < jrandom> 3) ???</p>
|
|
<p>16:14 < jrandom> 0) hi</p>
|
|
<p>16:14 * jrandom waves</p>
|
|
<p>16:14 <+Ragnarok> ok, I'll hold my further questions</p>
|
|
<p>16:14 < jrandom> weekly status notes posted up at http://dev.i2p.net/pipermail/i2p/2005-September/000933.html</p>
|
|
<p>16:14 <+Ragnarok> hi :)</p>
|
|
<p>16:15 < wiht> Hello.</p>
|
|
<p>16:15 < jrandom> we can definitely dig into it further in 3?? if you'd prefer</p>
|
|
<p>16:15 <+Ragnarok> cool</p>
|
|
<p>16:15 < jrandom> ok, jumping into 1) Net status</p>
|
|
<p>16:15 < jrandom> in general, things seem pretty solid</p>
|
|
<p>16:16 < A123> Is the http outproxy run by just one router?</p>
|
|
<p>16:16 < wiht> I see 307 known nodes on my router console.</p>
|
|
<p>16:16 < A123> (I'm still a little hazy on how I2P works)</p>
|
|
<p>16:16 < jrandom> there are two outproxies configured by default, and a few others available not configured by default</p>
|
|
<p>16:16 < wiht> Has anyone's bandwidth been maxed out by the recent growth of the network?</p>
|
|
<p>16:17 < jrandom> well, my bandwidth usage has grown, a steady 30-40KBps on my routers</p>
|
|
<p>16:17 < jrandom> (to a steady 30-40, that is)</p>
|
|
<p>16:18 < jrandom> (i'm also running a few high traffic services, like squid.i2p ;)</p>
|
|
<p>16:19 < A123> Ever look at the logs?</p>
|
|
<p>16:19 < jrandom> of squid? no, i have it set to not do any request logging</p>
|
|
<p>16:20 <+Ragnarok> remember, he could be lying :)</p>
|
|
<p>16:20 <+Ragnarok> thus, it's a stupid question to ask</p>
|
|
<p>16:20 < jrandom> (though that could be a lie, and may work for the FBI/etc, so don't abuse it ;)</p>
|
|
<p>16:20 < A123> I was just curious as to whether there was anything interesting in there :)</p>
|
|
<p>16:21 <+mihi> A123: run your own outproxy :)</p>
|
|
<p>16:21 < gloin> A123: setup a tor node.</p>
|
|
<p>16:21 < A123> Is it easy to set up?</p>
|
|
<p>16:21 < jrandom> not really</p>
|
|
<p>16:21 < A123> gloin, tor is explicitly not designed for file sharing, so I have little interest in it.</p>
|
|
<p>16:22 < jrandom> (an outproxy, that is. tor is easy to set up)</p>
|
|
<p>16:22 < A123> Or at least, they've explicitly stated that they don't want people to use it for file sharing.</p>
|
|
<p>16:22 < wiht> jrandom, do you still want to wait for version 1.0 before a full public announcement of the I2P project's maturity?</p>
|
|
<p>16:23 <+mihi> A123: it is definitely harder than registering your nick with nickserv *hint* *hint*</p>
|
|
<p>16:23 < A123> Oh yeah, I sure don't want A123 to be taken :)</p>
|
|
<p>16:23 < wiht> If the network is doing well now, could it stand the addition of more users?</p>
|
|
<p>16:23 < jrandom> we'll need to do some outreach before 1.0 so that we can have some testing in larger environments</p>
|
|
<p>16:24 <+Ragnarok> maybe a preview release, or some such thing</p>
|
|
<p>16:24 < wiht> A beta release? Sounds like a good idea.</p>
|
|
<p>16:25 < jrandom> aye, that'll happen along side the website revamp, maybe before 0.6.2</p>
|
|
<p>16:25 < jrandom> (or maybe @ 0.6.2)</p>
|
|
<p>16:25 < jrandom> (website revamp being part of that critical path so we dont spend hours upon hours answering the same questions)</p>
|
|
<p>16:25 <+Ragnarok> well, with a little more end-user polish than just another beta</p>
|
|
<p>16:26 < A123> Is it possible for I2P-aware clients to configure tunnels themselves easily?</p>
|
|
<p>16:26 < jrandom> yes</p>
|
|
<p>16:26 < A123> I guess they could always do HTTP requests to the console...</p>
|
|
<p>16:26 <+Ragnarok> the router console also need a serious revamp. It would be nice for the initial page to be more like an i2p portal, and move all the technical stuff a little farther in</p>
|
|
<p>16:26 < jrandom> its one of the properties they send when they connect to i2p</p>
|
|
<p>16:26 < jrandom> agreed Ragnarok</p>
|
|
<p>16:27 < A123> Hrm. The Azureus I2P plugin could have a bit of additional friendliness, then.</p>
|
|
<p>16:27 < A123> Or any friendliness at all.</p>
|
|
<p>16:27 < jrandom> agreed A123 ;)</p>
|
|
<p>16:27 < jrandom> (though they've done a great job showing the proof of work)</p>
|
|
<p>16:28 < jrandom> there have been a lot of great suggestions on the mailing list as of late regarding usability</p>
|
|
<p>16:28 < jrandom> many/most of which should be done prior to asking new users to try i2p out</p>
|
|
<p>16:28 < A123> From the console: "If you can't poke a hole in your NAT or firewall to allow unsolicited UDP packets to reach the router, as detected with the Status: ERR-Reject..."</p>
|
|
<p>16:28 < A123> Where would I see "Status: ERR-Reject"?</p>
|
|
<p>16:29 <+Ragnarok> it's nice that we're at the point where we can worry about usability :)</p>
|
|
<p>16:29 < jrandom> A123: on the left hand side of your router console, it says Status: OK (or Status: unknown, or something else)</p>
|
|
<p>16:29 <+Complication> In the Status field of the router console.</p>
|
|
<p>16:29 < jrandom> true 'nuff Ragnarok </p>
|
|
<p>16:29 <+Complication> Hopefully you've got an OK or OK (NAT) there.</p>
|
|
<p>16:30 < A123> Complication, ah, thanks. Is that the thing that gets updated if you click on "Check network reachability..."?</p>
|
|
<p>16:30 < wiht> I hope that you will not have to break compatibility in future releases of I2P. Full network migration to a new version seems to have been painful in the past.</p>
|
|
<p>16:30 <+Complication> A123: yes, it should test again when you click</p>
|
|
<p>16:30 <+Complication> Doesn't happen instantly, though.</p>
|
|
<p>16:30 < jrandom> eh, they're not as painful as they used to be, but yeah, it'd be good if we can avoid it wiht</p>
|
|
<p>16:30 < A123> So I have to refresh the page?</p>
|
|
<p>16:30 < A123> Well, no, that would do another http post...</p>
|
|
<p>16:31 <+Complication> A123: it may take a minute to find a testing-suitable peer</p>
|
|
<p>16:31 <+Complication> 'cause you cannot test with those whom you're already speaking to</p>
|
|
<p>16:31 <+Complication> It could give false results.</p>
|
|
<p>16:32 <+Complication> So, it should show up when you view the router console sometime later.</p>
|
|
<p>16:32 <+Complication> Basically, in ideal circumstances, you shouldn not need to fire a peer test manually.</p>
|
|
<p>16:33 <+Complication> =shouldn't need</p>
|
|
<p>16:33 < jrandom> right, i2p now does a peer test automatically when certain events occur</p>
|
|
<p>16:33 < jrandom> (such as when someone tells you that your IP is something other than what you think it is)</p>
|
|
<p>16:33 < A123> I found that button completely unintuitive. I had no idea what it was updating and when, it never explicitly told me the results of the test...</p>
|
|
<p>16:34 < A123> The page wasn't automatically refreshing (I think), I can't do a reload in the browser...</p>
|
|
<p>16:34 < jrandom> reload should be safe</p>
|
|
<p>16:34 < A123> Surely that fires another test?</p>
|
|
<p>16:34 < jrandom> but yeah, the router console was designed more for technical reasons rather than usability</p>
|
|
<p>16:34 < jrandom> A123: it has a nonce to prevent that</p>
|
|
<p>16:34 <+Complication> That facet might benefit from a better explanation text in future</p>
|
|
<p>16:35 < wiht> Have we skipped 2) and gone to 3) already?</p>
|
|
<p>16:35 < jrandom> Complication: we'll probably drop it, since its unnecessary</p>
|
|
<p>16:35 < jrandom> no, still on 1</p>
|
|
<p>16:35 < jrandom> actually, anyone have anything else for 1) network status?</p>
|
|
<p>16:35 < A123> Ah, indeed, after a few times it complains about the nonce.</p>
|
|
<p>16:35 < jrandom> if not, moving on to 2) 0.6.1</p>
|
|
<p>16:35 < A123> "nonce" to non-geeks is just going to seem like a nonsense word.</p>
|
|
<p>16:36 < A123> :)</p>
|
|
<p>16:36 * Complication looks at graphs</p>
|
|
<p>16:36 <+Complication> No complaints about net status from here.</p>
|
|
<p>16:36 < jrandom> w3wt</p>
|
|
<p>16:37 < A123> Is there any reason that reseeding isn't automatic?</p>
|
|
<p>16:37 < jrandom> ok, i don't really have too much to mention regarding 0.6.1 beyond whats in the mail</p>
|
|
<p>16:37 < gloin> hmm.. shouldn't be the incoming and outoging traffic more or less symmetric?</p>
|
|
<p>16:37 < A123> Mine seems more or less symmetric.</p>
|
|
<p>16:37 < jrandom> A123: yes, though we may be able to do it safer</p>
|
|
<p>16:37 <+Complication> gloin: not if one's leeching or seeding ;)</p>
|
|
<p>16:37 <+Ragnarok> not if you're downloading stuff</p>
|
|
<p>16:38 < A123> Total: 3.74/4.09KBps (that's in/out)</p>
|
|
<p>16:39 < gloin> Complication: Is this a security problem? Shouldn't the 'foreign' traffic be reduced?</p>
|
|
<p>16:39 <+Complication> gloin: depends on what the criteria are</p>
|
|
<p>16:40 <+Complication> A person striving for utmost security clearly shouldn't be doing things which permit others to cause observable changes in their BW.</p>
|
|
<p>16:40 < jrandom> gloin: as we move to 1.0, we will stop publishing those stats</p>
|
|
<p>16:40 < A123> My ISP will still know them...</p>
|
|
<p>16:40 < jrandom> but yes, defending against local traffic analysis does require you to participate in other people's tunnels</p>
|
|
<p>16:41 <+Complication> (for a strict definition of "their BW", meaning "bandwidth use starting/ending at their node")</p>
|
|
<p>16:41 < jrandom> (or do sufficient chaff activity. tarzan for instance has "mimics" for wasting bandwidth^W^Wdefending anonymity)</p>
|
|
<p>16:41 < A123> Hrm.</p>
|
|
<p>16:41 < A123> I'm on ADSL, with far more download ability than upload.</p>
|
|
<p>16:42 <+Complication> Many are.</p>
|
|
<p>16:42 < A123> When my download exceeds my upload, doesn't that imply that I'm downloading stuff?</p>
|
|
<p>16:43 < wiht> No, you could also be forwarding others' traffic.</p>
|
|
<p>16:43 <+Complication> I guess it would imply you are downloading something.</p>
|
|
<p>16:43 < A123> Does I2P cache data?</p>
|
|
<p>16:43 * wiht would like to be corrected if that's wrong.</p>
|
|
<p>16:43 <+Complication> Unless you are seeding as much as you're leeching.</p>
|
|
<p>16:43 < jrandom> i2p itself does not cache</p>
|
|
<p>16:43 <+Complication> A123: no caching occurs to my knowledge</p>
|
|
<p>16:43 < jrandom> though syndie, on the other hand, does. </p>
|
|
<p>16:44 < A123> If there's no caching, then my download exceeding my upload must mean that I'm downloading something myself, right?</p>
|
|
<p>16:44 < jrandom> if you have large amounts of inbound trafffic but no current outbound traffic, you could just be running a syndie node</p>
|
|
<p>16:44 < jrandom> yes A123, given a small enough time frame</p>
|
|
<p>16:45 < A123> Since I could only usefully be downloading at the speed of my upload, after network buffers fill.</p>
|
|
<p>16:45 < jrandom> for a certain threat model, yes</p>
|
|
<p>16:45 < A123> Hrm.</p>
|
|
<p>16:45 < jrandom> (local passive attacker with sufficient resources, or a targetted local attacker, etc)</p>
|
|
<p>16:46 <+Complication> You could download faster, but it would increase your risk. (For which reason I have allocated up/down similar limits.)</p>
|
|
<p>16:46 < A123> Ah, good point, I can just limit my download speed.</p>
|
|
<p>16:46 <@LevDavidovitch> btw, you should limit both your dl and ul speed</p>
|
|
<p>16:47 <+Complication> But if someone targeted everyone who downloads more than uploads... they'd be targeting everyone and their granny.</p>
|
|
<p>16:47 < wiht> We are still having disconnection issues with IRC, it seems.</p>
|
|
<p>16:47 < jrandom> wiht: only a few people are</p>
|
|
<p>16:47 < wiht> OK.</p>
|
|
<p>16:47 <@LevDavidovitch> also reconnection is v FAST these days</p>
|
|
<p>16:48 < jrandom> (and nothing as bad as it was)</p>
|
|
<p>16:48 < wiht> I agree, reconnections are better.</p>
|
|
<p>16:48 < jrandom> aye, its nice to have our irc servers hosted on routers with reasonable bw limits :)</p>
|
|
<p>16:49 < jrandom> ((not that before was unreasonable, it was great, we just outgrew it))</p>
|
|
<p>16:49 < A123> Is there any technical reason why DCC isn't supported? It can be implemented similar to the nat module, right?</p>
|
|
<p>16:49 < jrandom> ok, anyone have anything for 2) 0.6.1?</p>
|
|
<p>16:49 < jrandom> yes A123, there are technical reasons why dcc isnt supported</p>
|
|
<p>16:50 <@LevDavidovitch> it'd have to be done client side, i think.</p>
|
|
<p>16:50 < jrandom> someone could implement an irc proxy with dcc support, but no one has</p>
|
|
<p>16:50 < A123> What are they? Or is that a long discussion?</p>
|
|
<p>16:50 < jrandom> dcc support requires knowing and interpretting the irc protocol, and rewriting the irc messages sent as necessary</p>
|
|
<p>16:50 <@LevDavidovitch> normal dcc uses arbitrary ports and all</p>
|
|
<p>16:50 < jrandom> (in particular, ctcp messages for establishing dcc connections)</p>
|
|
<p>16:50 < A123> Oh, that's what I meant to ask... Whether it was technically possible to do it as with a nat module (which does as you say).</p>
|
|
<p>16:51 < jrandom> i dont know what a nat module is?</p>
|
|
<p>16:51 <@LevDavidovitch> the nat uses some UDP weirdnesses.</p>
|
|
<p>16:52 <@LevDavidovitch> the nat traversal thing i think he means</p>
|
|
<p>16:52 < jrandom> ah, ok, yeah, its technically possible, but no one has volunteered to work on it (and i'm swamped)</p>
|
|
<p>16:52 < A123> No... At least for Linux, there's a masq module for iptables which will rewrite IRC packets with DCC CTCP requests.</p>
|
|
<p>16:53 <@LevDavidovitch> ah, i see</p>
|
|
<p>16:53 <@LevDavidovitch> maybe some of that code would be usable</p>
|
|
<p>16:53 <@LevDavidovitch> depends how intimate it is with the ipfilter thing</p>
|
|
<p>16:54 < jrandom> probably simpler to just extend I2PTunnelClient to interpret irc perhaps</p>
|
|
<p>16:54 < A123> http://www.koders.com/c/fidA6A89E1080590138EB211E694473DDDD098B6B75.aspx <- Might be interesting, courtesy of Google.</p>
|
|
<p>16:54 < jrandom> (in the same way I2PTunnelHTTPClient extends it to interpret HTTP)</p>
|
|
<p>16:55 <@LevDavidovitch> not in most countries. </p>
|
|
<p>16:55 <@LevDavidovitch> oops</p>
|
|
<p>16:56 < jrandom> A123: an os level filter would be a bit tough to deploy, but if someone wants to work on it, that'd be a good place to start</p>
|
|
<p>16:57 < jrandom> ok, anything else on 2) 0.6.1, or shall we move on to 3) ???</p>
|
|
<p>16:57 < A123> jrandom, it wouldn't really need to be OS level, would it? It would be coming through the IRC tunnel anyway...</p>
|
|
<p>16:58 < jrandom> actually, it wouldn't even work as an iptables filter. it has to be done inside i2ptunnel or some other i2p-aware proxy</p>
|
|
<p>16:58 < jrandom> in any case, its a lot of work, and unless someone volunteers to do it, it'll never get done ;)</p>
|
|
<p>16:59 < jrandom> (it *woudl* be cool though)</p>
|
|
<p>16:59 < A123> Right.</p>
|
|
<p>16:59 < A123> I meant "like the iptables filter", not "using the iptables filter" :)</p>
|
|
<p>16:59 < A123> -the+a</p>
|
|
<p>16:59 < A123> +n</p>
|
|
<p>17:00 < A123> Hrm hrm.</p>
|
|
<p>17:00 <@LevDavidovitch> go forth I think</p>
|
|
<p>17:01 < jrandom> ok, on to 3) ??? </p>
|
|
<p>17:01 < jrandom> (though one could probably say we've been on 3) all along ;)</p>
|
|
<p>17:01 < jrandom> anyone have anything else they want to bring up for the meeting?</p>
|
|
<p>17:01 <+fox> <brutus> on 3) bugzilla would be nice to have in shape before 1.0</p>
|
|
<p>17:01 < wiht> Speaking of the usability suggestions from the mailing list, have you incorporated any of them into I2P?</p>
|
|
<p>17:02 < jrandom> brutus: we used to have bugzilla, but no one used it</p>
|
|
<p>17:03 < wiht> I should say, are you still concentrating on the core I2P functionality and planning to focus on usability a little later?</p>
|
|
<p>17:03 < A123> I don't want to try it here, but I think that sending someone a DCC request at the moment would reveal to them your IP.</p>
|
|
<p>17:03 < A123> (Assuming your client knows your IP)</p>
|
|
<p>17:03 < jrandom> wiht: the last week i've been doing a lot of improvements to the streaming lib which should substantially improve usability</p>
|
|
<p>17:04 < jrandom> A123: the irc servers filter ctcp messages</p>
|
|
<p>17:04 < jrandom> (they've been modified)</p>
|
|
<p>17:04 < A123> Servers...</p>
|
|
<p>17:04 < jrandom> but yes, that does send your ip to the server (which it may discard, or may file into some NSA database)</p>
|
|
<p>17:04 < jrandom> so, dont send dcc requests</p>
|
|
<p>17:04 < A123> I don't really want the server admins knowing who I am, either :)</p>
|
|
<p>17:05 < A123> (In theory. I don't care now or with you guys)</p>
|
|
<p>17:05 < A123> It might be worth warning users about that.</p>
|
|
<p>17:05 < jrandom> there's a page on the wiki about a whole slew of issues iirc</p>
|
|
<p>17:05 < jrandom> (swing by ugha.i2p)</p>
|
|
<p>17:06 <+fox> <mihi> btw: are the irc2p servers connected via i2p or directly?</p>
|
|
<p>17:06 <+Complication> I'd assume i2p</p>
|
|
<p>17:06 <+Complication> Unless someone's gone mad meanwhile, and not notified me. :P</p>
|
|
<p>17:06 < wiht> jrandom, that's good, but what about the UI suggestions by Isamoor?</p>
|
|
<p>17:07 < jrandom> mihi: i believe they're done over i2p</p>
|
|
<p>17:08 < jrandom> wiht: the list of what i've been doing is available on http://dev.i2p/cgi-bin/cvsweb.cgi/i2p/history.txt?rev=HEAD</p>
|
|
<p>17:09 < jrandom> there's a lot more to be done, and a lot more will be done, but i have only two hands</p>
|
|
<p>17:09 < wiht> Thank you, I will look there.</p>
|
|
<p>17:10 < jrandom> actually, i have something to bring up for the meeting...</p>
|
|
<p>17:10 < A123> What's the server/channel that fox is changating? Or do I misunderstand fox's purpose?</p>
|
|
<p>17:11 < jrandom> as mentioned on hq.postman.i2p, we've had over a full year of anonymous mail service through postman's servers! </p>
|
|
<p>17:11 * jrandom cheers</p>
|
|
<p>17:11 * wiht does not want to seem ungrateful.</p>
|
|
<p>17:12 < A123> jrandom, have the spammers caught on yet?</p>
|
|
<p>17:12 < jrandom> A123: fox is a bridge to irc.freenode.net</p>
|
|
<p>17:12 < A123> (OK, it's a slow way to go about spamming...)</p>
|
|
<p>17:12 < jrandom> A123: doubt it, postman has antispam measures</p>
|
|
<p>17:12 < jrandom> inbound spam is a bit of a problem though ;)</p>
|
|
<p>17:13 < jrandom> (but my account there has been well filtered)</p>
|
|
<p>17:13 < mule> is it really that long. time passes ...</p>
|
|
<p>17:13 < A123> jrandom, ah, thanks.</p>
|
|
<p>17:13 * Complication looks if someone has finally dropped him a bear via e-mail</p>
|
|
<p>17:14 <+fox> <brutus> yeah, postman & cervantes deserve a medal, they're pulling some great weights around here</p>
|
|
<p>17:15 <+fox> <brutus> excellent services indeed</p>
|
|
<p>17:16 < jrandom> mos' def'. as is mule with his outproxy and fproxy, orion with his site, and the rest of y'all with yer content :)</p>
|
|
<p>17:16 < jrandom> ok, anyone have anything else to bring up for the meeting?</p>
|
|
<p>17:16 < wiht> Speaking of content...</p>
|
|
<p>17:16 < wiht> It seems that we know what sites are up or not, but no easily accessible directory of sites.</p>
|
|
<p>17:17 < A123> My clock runs fast. Would it be possible for the "Updating clock offset to -316819ms from -304801ms" messages to be downgraded from "CRIT"? It's a little disconcerting.</p>
|
|
<p>17:17 < wiht> I was thinking of creating one where site admins can post what their site is about.</p>
|
|
<p>17:17 < jrandom> orion.i2p is pretty easily accessible...?</p>
|
|
<p>17:17 < jrandom> A123: hmm, perhaps</p>
|
|
<p>17:18 < wiht> It has a short description of sites' purposes?</p>
|
|
<p>17:18 <+postman> A123: spam is only a problem for incoming mail ( mail FROM the internet )</p>
|
|
<p>17:18 < jrandom> wiht: yeah, it does, though i dont know where they come from</p>
|
|
<p>17:18 <+Complication> wiht: no, orion doesn't seem to have that feature</p>
|
|
<p>17:18 < wiht> I will look again.</p>
|
|
<p>17:18 < jrandom> iirc jnymo used to maintain them</p>
|
|
<p>17:18 <+postman> A123: i2p mail users can rarely spam themselves as well as they cannot spam internet targets</p>
|
|
<p>17:19 <+Complication> Sorry, meant to say it doesn't seem user-accessible.</p>
|
|
<p>17:19 < wiht> I was thinking of a directory that categorizes sites, something similar to dmoz.org.</p>
|
|
<p>17:19 < A123> wiht, as a brand new user, that sounds great.</p>
|
|
<p>17:19 <+fox> <Sugadude> wiht: Do we have enough sites to need to classify them?</p>
|
|
<p>17:19 < A123> wiht, but check Freenet for an excellent example of how not to do it.</p>
|
|
<p>17:20 < jrandom> a reliable categorized site would be neat. or perhaps we can integrate it into syndie to let people tag and categorize their peer references (and share them)</p>
|
|
<p>17:20 < jrandom> (syndie already has a set of category tags for each bookmark, laying it out visually dmoz style wouldnt be hard)</p>
|
|
<p>17:20 < jrandom> and it'd be local <--- fast</p>
|
|
<p>17:20 < A123> Or just get Google interested in i2p...</p>
|
|
<p>17:20 < jrandom> heh</p>
|
|
<p>17:24 < jrandom> ok, if there's nothing more for the meeting...</p>
|
|
<p>17:25 * jrandom winds up</p>
|
|
<p>17:25 * jrandom *baf*s the meeting closed</p>
|
|
</div>
|
|
{% endblock %} |