出席: Apekatten, Echelon, Hottuna, Marielle, Meeh, Sindu, zzz
我们已是连续第二年在大会里占据了一个绝佳的位置,位于 Noisy Square,紧挨着 EFF(电子前哨基金会)的展台。作为 Noisy Square 的一员,确实提升了我们的曝光度,也帮助许多人找到了我们。感谢 Noisy Square 和 31C3 的组织者带来了一届精彩的大会。
我们也感谢 Gabriel Weinberg 以及他出色的搜索引擎 DuckDuckGo 对开源匿名工具的支持,以及他们在 2014 年对 I2P 的慷慨捐助。来自 DuckDuckGo 及其他资助者的资金帮助我们出席 CCC。这是 I2P 开发者一年一度的主要聚会,对我们的成功至关重要。
与他人讨论
GNUnet
我们与 GNUnet 的 Christian Grothoff 进行了深入交流。他本人及该项目已从慕尼黑工业大学(TU Munich)迁至法国的 Inria。他目前有大量招聘职位。这是一个带薪参与开源匿名工具开发的绝佳机会,我们鼓励大家就此事与他联系。
一个获得大量新资金、焕发生机的 GNUnet 的前景,颇为引人注目。我们讨论了更多合作方式。在 2014 年初,我们曾努力研究 GnuNet 的 DNS 替代方案,但未能找到它在 I2P 中的合适定位。他的新想法之一是一个分布式、匿名的统计收集子系统,用于检测网络中的问题或攻击。对此我们肯定很感兴趣。
我们还讨论了点对点系统的特殊用途域名草案。一个新的、且大幅简化的第3版已于12月发布。获批前景仍不明朗。跟进或参与讨论的最佳方式是通过IETF DNSOP WG 邮件列表。我们这边也会尝试参与,并就此主题为 Hellekin 指定一名新的联系人。
我们因为组织不力,未能在他组织的 We Fix The Net assembly 上进行演讲,已向 Christian 表示歉意。作为一个项目,我们最大的失败之一是我们似乎总是无法向各类会议提交演讲提案。新的一年里,我们必须做得更好。
GNUnet
Iain Learmonth,一位 Debian 参与者,顺道来访。他想把 I2P 与其他匿名工具一起纳入某种新的 Debian “superpackage”(超级包),并且很希望在 2015 年让 I2P 进入 Debian。他说现在流程已经很简单了,只需按照说明操作。我们说这真有意思,我们已经在这个流程里卡了 7 年多。
他说,嗯,试试新的流程吧,它运作得很好,如果你的软件包状况良好,应该完全不会有问题。Debian 中负责这一流程的人是热心的志愿者,他们最想要的就是让更多的软件包进入。我们表示我们的软件包确实状态极佳,并且会尽快尝试新的流程。如果这一切属实,我们将在 2015 年底的下一次 Debian 发行版中出现。这将会非常非常酷。
Debian(德比安)
我们与 Tails 的 BitingBird 进行了愉快的交流。他们对我们在去年夏天对该漏洞披露的快速响应感到非常满意,这也促成了我们的0.9.14 版本发布。我们的漏洞起初被归咎于 Tails,对此以及缺乏私下通知一事,他们表示强烈不满。我们感谢他们承担压力并予以反击。
BitingBird 也负责支持,她告诉我们,用户的头号问题是 I2P 从启动到能用于浏览 I2P 站点所需的时间。她的标准答复是“再等十分钟”,而且这似乎很有效。由于 Tails 默认不持久化对等节点数据,I2P 在 Tails 上启动尤其慢。如果能改变这一点会很好,但我们也可以在 I2P 这边做一些事情,让启动更快。请期待我们 0.9.18 版本中的一些改进。
Tails
I2P 的老朋友、OnionCat 的 Bernhard Fischer 顺道来访。即将到来的 Tor 隐藏服务变更意味着它们的密钥将无法再嵌入到 IPv6 地址的一部分中,而他正在研究一个解决方案。我们提醒他,在 I2P 中(使用“GarliCat”)一直都是如此,这并不是一个新问题。他向我们推荐了一个演讲,介绍他的提案。这涉及在隐藏服务目录中存储一条额外记录(相当于 I2P 的网络数据库中的一个 leaseSet)。目前尚不完全清楚这将如何工作,或者我们是否会将其视为对 netDb 的滥用。随着他取得进一步进展,我们会继续与他跟进。
Onioncat
我们花了许多小时向停在我们展台前的人解释 I2P。有些人此前听说过 I2P,有些则没有;几乎所有人都听说过 Tor,并且至少对隐藏服务是什么有个模糊的概念。像往常一样,向人们介绍 I2P 并不容易。到大会结束时,我们愈发确信,问题的一部分在于术语差异。追溯到 12 年前,当 I2P 和 Tor 都在起步阶段时,我们各自为系统的不同部分想出了术语。如今,Tor 的术语(例如 “隐藏服务”)已经广为人知、司空见惯;而 I2P 的术语(例如 “eepsite”)则并非如此。我们一致同意审查我们的文档、router 控制台以及其他地方,寻找简化术语并采用通用术语的机会。
I2P project topics
Spending money: We discussed several ways to effectively use our resources in 2015, including more hardware for testing and development. Also, we plan to increase reimbursement levels for conference attendees.
Toronto meetup: CCC is such a productive time for us, and it seems that a second meetup in the year would be quite helpful. We have proposed it for August 2015 in Toronto, Canada, in conjunction with Toronto Crypto. It would include developer meetings together with presentations and tutorials, all open to the public. We are attempting to gauge interest and research possible venues. If you are considering attending, please let us know by tweeting @i2p or posting on the dev forum thread.
We discussed Meeh’s workload and the state of the various services he is running. We made some plans to reduce his load and have some other people help out.
We reviewed our critieria for placing links to i2pd on our download page. We agreed that the only remaining item is to have a nice page on the Privacy Solutions web site or elsewhere with binary packages for Windows, Linux, and Mac, and source packages. It’s not clear who is responsible for building the packages and where the “official” version is. Once there’s an established process for building and signing packages and an official place to put them, we’re ready to link to it. If it is not feasible to host it on the Privacy Solutions website, we will discuss alternatives with orignal, including possible migration to our download servers.
Lots of people coming by the table asked if we had a non-Java version. It was great to finally answer “yes” and we’re eager to get the word out and get more users, testers, and developers on it.
Vuze continues to make good progress on their I2P integration. We look forward to working with them in the new year on a managed rollout to more users.
We discussed the state of Meeh’s and Sindu’s reseed servers. They made several improvements while at the congress and are investigating migration to Matt Drollette’s Go implementation. The security and reliability of our reseed servers is vital to new users and network operation. User ‘backup’ is doing a great job monitoring and managing the pool of reseed servers.
We agreed to purchase a second root server for development, testing, and services. Echelon will be adminstering it. Contact him if you would like a VM.
We reiterated that we have funds available to purchase test hardware, especially for Windows and Mac. Talk to echelon for details.
We met with Welterde about the state of his services including his open tracker. These services are not being adequately maintained and will soon become inaccessible due to crypto changes if they are not upgraded. He committed to upgrading them soon.
We met lots of people interested in our Android app. We passed several ideas and bug reports back to str4d. We plan to make a big push to give the app some development love early in the year.
Regrettably, we didn’t get to see too many talks at the Congress, as we were so busy meeting with people. We plan to catch up and watch them online. As usual, Tor’s “State of the Onion” talk was excellent, and Jacob’s talk was great. We hear that the cryptography talks were good as well.