prop. 160 update

was in prop. 123 but didn't get copied to the spec

fix key length

.dockerignore

@@ -0,0 +1,2 @@
+docker-run-dev.sh
+site-updater-docker.sh

.github/workflows/sync.yaml

@@ -0,0 +1,66 @@
+# GitHub Actions workflow file to sync an external repository to this GitHub mirror.
+# This file was automatically generated by go-github-sync.
+#
+# The workflow does the following:
+# - Runs on a scheduled basis (and can also be triggered manually)
+# - Clones the GitHub mirror repository
+# - Fetches changes from the primary external repository
+# - Applies those changes to the mirror repository
+# - Pushes the updated content back to the GitHub mirror
+#
+# Authentication is handled by the GITHUB_TOKEN secret provided by GitHub Actions.
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate Github Actions Environment
+        run: if [ "$GITHUB_ACTIONS" != "true" ]; then echo 'This script must be run in a GitHub Actions environment.'; exit 1; fi
+      - name: Checkout GitHub Mirror
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Configure Git
+        run: |-
+          git config user.name 'GitHub Actions'
+          git config user.email 'actions@github.com'
+      - env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        name: Sync Primary Repository
+        run: |-
+          # Add the primary repository as a remote
+          git remote add primary https://i2pgit.org/I2P_Developers/i2p.www.git
+
+          # Fetch the latest changes from the primary repository
+          git fetch primary
+
+          # Check if the primary branch exists in the primary repository
+          if git ls-remote --heads primary master | grep -q master; then
+            echo "Primary branch master found in primary repository"
+          else
+            echo "Error: Primary branch master not found in primary repository"
+            exit 1
+          fi
+
+          # Check if we're already on the mirror branch
+          if git rev-parse --verify --quiet master; then
+            git checkout master
+          else
+            # Create the mirror branch if it doesn't exist
+            git checkout -b master
+          fi
+
+
+          # Force-apply all changes from primary, overriding any conflicts
+          echo "Performing force sync from primary/master to master"
+          git reset --hard primary/master
+
+
+          # Push changes back to the mirror repository
+          git push origin master
+name: Sync Primary Repository to GitHub Mirror
+"on":
+  push: {}
+  schedule:
+    - cron: 0 * * * *
+  workflow_dispatch: {}

.tx/config

@@ -1,60 +1,60 @@
 [main]
-host = https://www.transifex.com
+host     = https://www.transifex.com
 lang_map = ru_RU: ru, sv_SE: sv, tr_TR: tr, uk_UA: uk, zh_CN: zh
 
-[I2P.website_about]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/about.po
-source_file = pots/about.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_about]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/about.po
+source_file  = pots/about.pot
+source_lang  = en
+type         = PO
 minimum_perc = 3
 
-[I2P.website_blog]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/blog.po
-source_file = pots/blog.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_blog]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/blog.po
+source_file  = pots/blog.pot
+source_lang  = en
+type         = PO
 minimum_perc = 2
 
-[I2P.website_comparison]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/comparison.po
-source_file = pots/comparison.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_comparison]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/comparison.po
+source_file  = pots/comparison.pot
+source_lang  = en
+type         = PO
 minimum_perc = 10
 
-[I2P.website_docs]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/docs.po
-source_file = pots/docs.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_docs]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/docs.po
+source_file  = pots/docs.pot
+source_lang  = en
+type         = PO
 minimum_perc = 3
 
-[I2P.website_get-involved]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/get-involved.po
-source_file = pots/get-involved.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_get-involved]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/get-involved.po
+source_file  = pots/get-involved.pot
+source_lang  = en
+type         = PO
 minimum_perc = 3
 
-[I2P.website_misc]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/misc.po
-source_file = pots/misc.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_misc]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/misc.po
+source_file  = pots/misc.pot
+source_lang  = en
+type         = PO
 minimum_perc = 10
 
-[I2P.website_priority]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/priority.po
-source_file = pots/priority.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_priority]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/priority.po
+source_file  = pots/priority.pot
+source_lang  = en
+type         = PO
 minimum_perc = 10
 
-[I2P.website_research]
-file_filter = i2p2www/translations/<lang>/LC_MESSAGES/research.po
-source_file = pots/research.pot
-source_lang = en
-type = PO
+[o:otf:p:I2P:r:website_research]
+file_filter  = i2p2www/translations/<lang>/LC_MESSAGES/research.po
+source_file  = pots/research.pot
+source_lang  = en
+type         = PO
 minimum_perc = 10
 

Dockerfile

@@ -1,37 +1,64 @@
-FROM debian:buster
-ENV SERVERNAME=geti2p.net
-ENV SERVERMAIL=example@geti2p.net
+FROM debian:oldoldstable as builder
+ENV SERVERNAME=geti2p.net \
+    SERVERMAIL=example@geti2p.net
 
-ADD . /var/www/i2p.www
+# Install only build dependencies first
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        python2-dev \
+        python-pip \
+        patch \
+        python-virtualenv \
+        git \
+        python-polib && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build
+
+# Copy dependency files first for better layer caching
+COPY etc/reqs.txt etc/
+COPY etc/multi-domain.patch etc/
+
+# Setup virtual environment and install dependencies
+RUN virtualenv --distribute env && \
+    . env/bin/activate && \
+    pip install -r etc/reqs.txt
+
+# Now copy the rest of the application
+COPY . .
+
+# Build steps in a single layer
+RUN . env/bin/activate && \
+    patch -p0 -N -r - < etc/multi-domain.patch && \
+    ./compile-messages.sh && \
+    echo "Git revision: $(git log -n 1 | grep commit | sed 's/commit //' | sed 's/ .*$//')" > ./i2p2www/pages/include/mtnversion
+
+# Start second stage with same old base image
+FROM debian:oldoldstable
+
+# Install only runtime dependencies
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        apache2 \
+        apache2-utils \
+        libapache2-mod-wsgi \
+        python2-minimal && \
+    rm -rf /var/lib/apt/lists/*
 
 WORKDIR /var/www/i2p.www
 
-    ## Install the dependencies
-RUN apt-get update && \
-    apt-get -y install apache2 apache2-utils libapache2-mod-wsgi python2-dev python-pip patch python-virtualenv git python-polib && \
-    ## Start setting up the site
-    rm -rfv env && \
-    virtualenv --distribute env                && \  
-    . env/bin/activate                          && \
-    pip install -r etc/reqs.txt                 && \
-    patch -p0 -N -r - <etc/multi-domain.patch   && \
-    ./compile-messages.sh                       && \  
-    echo "Git revision: $(git log -n 1 | grep commit | sed 's/commit //' | sed 's/ .*$//')" | tee ./i2p2www/pages/include/mtnversion && \
-    ## We've now updated the site
-    ## Next let's configure WSGI
-    ## Set ownership of site to server
-    cp etc/docker.wsgi.i2p i2p.wsgi && \
-    chown -R www-data /var/www/i2p.www                    && \ 
-    ## Make the WSGI script owned by the server 
-    chown www-data:www-data /var/www/i2p.www/i2p.wsgi     && \  
-    ## Make the WSGI script executable
-    chmod 755 /var/www/i2p.www/i2p.wsgi                   && \  
-    ## Copy the unmodified vhosts file to the apache2 confdir
-    cp etc/apache2.i2p.conf /etc/apache2/sites-available/i2p.conf  && \  
-    a2enmod wsgi                                     && \
+# Copy built artifacts
+COPY --from=builder /build /var/www/i2p.www
+COPY --from=builder /build/env /var/www/env
+
+# Configure Apache and WSGI in a single layer
+RUN cp etc/docker.wsgi.i2p i2p.wsgi && \
+    chown -R www-data:www-data /var/www/i2p.www && \
+    chmod 755 i2p.wsgi && \
+    cp etc/apache2.i2p.conf /etc/apache2/sites-available/i2p.conf && \
+    a2enmod wsgi && \
     a2ensite i2p && \
-    ls /etc/apache2 && \
     sed -i 's|IncludeOptional sites-enabled|# IncludeOptional sites-enabled|g' /etc/apache2/apache2.conf && \
     sed -i '1 i\IncludeOptional sites-enabled/i2p.conf' /etc/apache2/apache2.conf
 
-CMD service apache2 restart && tail -f /var/log/apache2/access.log
+CMD service apache2 restart && tail -f /var/log/apache2/access.log /var/log/apache2/error.log

README.md

@@ -1,8 +1,43 @@
+# Introduction
+
+This web-server for running the i2p-website is a collection of scripts (aka **The Python Scripts**) and content-files to:
+
+* manage updates (based on git),
+* manage translations (generating translation files before the web-server is run),
+* manage tags (generating tag files before the web-server is run),
+* run a web-server creating/delivering pages on-demand (using WSGI)
+
+This is not a static web-site generator. To see the pages you will need to setup your system for the python and shell-scripts and run the web-server contained as described. Due to heavy use of tags even content changes quickly will require a *build environment* to check your changes (towards breaking the build process). Translations can be done using solely a web-site and then do not require any of this (others will integrate all changes from the web-site using these scripts).
+
+The authors are the I2P team. For details about licensing see [LICENSE.txt](/LICENSE.txt).
+
+
+
+# Requirements Overview
+
+If you don't want to deal with the requirements/software, you can use a docker config (see [Dockerfile](/Dockerfile)) which will set these up automatically. Otherwise you will need to satisfy the following requirements (that Dockerfile contains the commands for Debian btw.):
+
+* git
+* python2
+* pip
+* virtualenv
+* apache (using WSGI to call the scripts)
+* ctags? (was mentioned to be needed as both, system package + python package, but it seems only the python package is being installed?)
+* transifex-client? (There is a transifex-client in Debian which might be needed for the translation steps described below?)
+
+**Note** that the scripts will install additional software packages (see /etc/reqs.txt) from outside your distribution (into the virtual environment if using docker) using pip and then do some custom patching (meaning pinned versions?). 
+
+**Note** also that the manual way described in the following suggests to use proxychains with Tor to avoid Clearnet traffic, while the Docker version seems to use Clearnet for that.
+
+
+
 # I2P website
 
 To run locally (for testing purposes):
 
-- Install proxychains, configure it for Tor
+- Install virtualenv and Python 2.7
+
+- (Optional) Install proxychains, configure it for Tor
 
 - Pull in the dependencies:
 
@@ -21,9 +56,13 @@ To run locally (for testing purposes):
 - Start the webserver:
 
     ```
+    $ source env/bin/activate # activates virtualenv
     $ ./runserver.py
+    $ deactivate # ..s virtualenv
     ```
 
+    (if the shell in use is not bash, you can append its name to the activator if supported: `...ivate.fish`)
+
 - Open the site at http://localhost:5000/
 
 ## Running a mirror
@@ -45,7 +84,7 @@ If you want to mirror the I2P website, thanks! Here is a checklist:
 ## Running a mirror with Docker
 
 It's possible to set up a mirror using apache2 inside of a Docker container.
-It is intended to provide a HTTP server, to use HTTPS, using a reverse proxy
+It is intended to provide a HTTP-only server. To use HTTPS, using a reverse proxy
 is the easiest way. You should not need to make any modifications to the
 service running inside the container, but you may make the same modifications
 to the containerized mirror that you would to a normal mirror by changing your
@@ -57,7 +96,7 @@ settings.
 - When you have your mirror configured, add `site-updater-docker.sh` to your crontab
 to keep the site up-to-date.
 
-## Configuration
+# Configuration and Translations
 
 Configuration files for the various scripts are in `etc/`. Environment variables
 in `etc/translation.vars` can be overridden by creating the file
@@ -68,7 +107,7 @@ in `etc/translation.vars` can be overridden by creating the file
 1. Pull new and updated translations from Transifex:
 
     ```
-    $ tx pull -a
+    $ tx pull --use-git-timestamps -a
     ```
 
 2. Correctly format the translations:
@@ -126,7 +165,7 @@ in `etc/translation.vars` can be overridden by creating the file
 3. Push pots file changes to Transifex:
 
     ```
-    $ tx push -s
+    $ tx push --use-git-timestamps -s
     ```
 
 ## Updating spec tags:

design/image_design/protocol_stack.svg

@@ -1,190 +1,16 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="362pt" height="422pt" viewBox="0 0 362 422" version="1.1">
-<defs>
-<g>
-<symbol overflow="visible" id="glyph0-0">
-<path style="stroke:none;" d="M 0.84375 3 L 0.84375 -11.984375 L 9.34375 -11.984375 L 9.34375 3 L 0.84375 3 Z M 1.796875 2.0625 L 8.40625 2.0625 L 8.40625 -11.03125 L 1.796875 -11.03125 L 1.796875 2.0625 Z M 1.796875 2.0625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-1">
-<path style="stroke:none;" d="M 1.671875 -12.390625 L 3.34375 -12.390625 L 3.34375 0 L 1.671875 0 L 1.671875 -12.390625 Z M 1.671875 -12.390625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-2">
-<path style="stroke:none;" d="M 3.34375 -11.015625 L 3.34375 -6.359375 L 5.453125 -6.359375 C 6.234375 -6.359375 6.835938 -6.5625 7.265625 -6.96875 C 7.691406 -7.375 7.90625 -7.945312 7.90625 -8.6875 C 7.90625 -9.425781 7.691406 -10 7.265625 -10.40625 C 6.835938 -10.8125 6.234375 -11.015625 5.453125 -11.015625 L 3.34375 -11.015625 Z M 1.671875 -12.390625 L 5.453125 -12.390625 C 6.835938 -12.390625 7.882812 -12.078125 8.59375 -11.453125 C 9.3125 -10.828125 9.671875 -9.90625 9.671875 -8.6875 C 9.671875 -7.46875 9.3125 -6.546875 8.59375 -5.921875 C 7.882812 -5.296875 6.835938 -4.984375 5.453125 -4.984375 L 3.34375 -4.984375 L 3.34375 0 L 1.671875 0 L 1.671875 -12.390625 Z M 1.671875 -12.390625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-3">
-<path style="stroke:none;" d="M -0.046875 -12.390625 L 10.4375 -12.390625 L 10.4375 -10.984375 L 6.03125 -10.984375 L 6.03125 0 L 4.34375 0 L 4.34375 -10.984375 L -0.046875 -10.984375 L -0.046875 -12.390625 Z M -0.046875 -12.390625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-4">
-<path style="stroke:none;" d="M 10.953125 -11.4375 L 10.953125 -9.671875 C 10.390625 -10.191406 9.785156 -10.582031 9.140625 -10.84375 C 8.503906 -11.101562 7.828125 -11.234375 7.109375 -11.234375 C 5.691406 -11.234375 4.601562 -10.800781 3.84375 -9.9375 C 3.09375 -9.070312 2.71875 -7.820312 2.71875 -6.1875 C 2.71875 -4.550781 3.09375 -3.300781 3.84375 -2.4375 C 4.601562 -1.570312 5.691406 -1.140625 7.109375 -1.140625 C 7.828125 -1.140625 8.503906 -1.269531 9.140625 -1.53125 C 9.785156 -1.789062 10.390625 -2.179688 10.953125 -2.703125 L 10.953125 -0.953125 C 10.359375 -0.554688 9.734375 -0.257812 9.078125 -0.0625 C 8.429688 0.132812 7.738281 0.234375 7 0.234375 C 5.125 0.234375 3.644531 -0.335938 2.5625 -1.484375 C 1.488281 -2.628906 0.953125 -4.195312 0.953125 -6.1875 C 0.953125 -8.175781 1.488281 -9.742188 2.5625 -10.890625 C 3.644531 -12.046875 5.125 -12.625 7 -12.625 C 7.75 -12.625 8.445312 -12.523438 9.09375 -12.328125 C 9.75 -12.128906 10.367188 -11.832031 10.953125 -11.4375 Z M 10.953125 -11.4375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-5">
-<path style="stroke:none;" d="M 1.484375 -12.390625 L 3.15625 -12.390625 L 3.15625 -4.859375 C 3.15625 -3.535156 3.394531 -2.582031 3.875 -2 C 4.363281 -1.414062 5.144531 -1.125 6.21875 -1.125 C 7.300781 -1.125 8.082031 -1.414062 8.5625 -2 C 9.039062 -2.582031 9.28125 -3.535156 9.28125 -4.859375 L 9.28125 -12.390625 L 10.96875 -12.390625 L 10.96875 -4.65625 C 10.96875 -3.039062 10.566406 -1.820312 9.765625 -1 C 8.960938 -0.175781 7.78125 0.234375 6.21875 0.234375 C 4.65625 0.234375 3.472656 -0.175781 2.671875 -1 C 1.878906 -1.820312 1.484375 -3.039062 1.484375 -4.65625 L 1.484375 -12.390625 Z M 1.484375 -12.390625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-6">
-<path style="stroke:none;" d="M 3.34375 -11.015625 L 3.34375 -1.375 L 5.375 -1.375 C 7.082031 -1.375 8.332031 -1.757812 9.125 -2.53125 C 9.914062 -3.3125 10.3125 -4.535156 10.3125 -6.203125 C 10.3125 -7.867188 9.914062 -9.085938 9.125 -9.859375 C 8.332031 -10.628906 7.082031 -11.015625 5.375 -11.015625 L 3.34375 -11.015625 Z M 1.671875 -12.390625 L 5.109375 -12.390625 C 7.515625 -12.390625 9.28125 -11.890625 10.40625 -10.890625 C 11.53125 -9.890625 12.09375 -8.328125 12.09375 -6.203125 C 12.09375 -4.066406 11.523438 -2.5 10.390625 -1.5 C 9.265625 -0.5 7.503906 0 5.109375 0 L 1.671875 0 L 1.671875 -12.390625 Z M 1.671875 -12.390625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-7">
-<path style="stroke:none;" d="M 1.671875 -12.390625 L 3.921875 -12.390625 L 9.421875 -2.03125 L 9.421875 -12.390625 L 11.046875 -12.390625 L 11.046875 0 L 8.796875 0 L 3.296875 -10.375 L 3.296875 0 L 1.671875 0 L 1.671875 -12.390625 Z M 1.671875 -12.390625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-8">
-<path style="stroke:none;" d="M 9.09375 -11.984375 L 9.09375 -10.34375 C 8.457031 -10.65625 7.859375 -10.882812 7.296875 -11.03125 C 6.734375 -11.175781 6.1875 -11.25 5.65625 -11.25 C 4.75 -11.25 4.046875 -11.070312 3.546875 -10.71875 C 3.054688 -10.363281 2.8125 -9.863281 2.8125 -9.21875 C 2.8125 -8.664062 2.972656 -8.25 3.296875 -7.96875 C 3.628906 -7.6875 4.253906 -7.460938 5.171875 -7.296875 L 6.1875 -7.09375 C 7.4375 -6.851562 8.359375 -6.429688 8.953125 -5.828125 C 9.546875 -5.234375 9.84375 -4.429688 9.84375 -3.421875 C 9.84375 -2.222656 9.4375 -1.3125 8.625 -0.6875 C 7.820312 -0.0703125 6.644531 0.234375 5.09375 0.234375 C 4.507812 0.234375 3.882812 0.164062 3.21875 0.03125 C 2.5625 -0.09375 1.878906 -0.285156 1.171875 -0.546875 L 1.171875 -2.28125 C 1.847656 -1.894531 2.515625 -1.601562 3.171875 -1.40625 C 3.828125 -1.21875 4.46875 -1.125 5.09375 -1.125 C 6.050781 -1.125 6.789062 -1.3125 7.3125 -1.6875 C 7.832031 -2.0625 8.09375 -2.597656 8.09375 -3.296875 C 8.09375 -3.898438 7.90625 -4.375 7.53125 -4.71875 C 7.15625 -5.0625 6.539062 -5.320312 5.6875 -5.5 L 4.671875 -5.6875 C 3.421875 -5.9375 2.515625 -6.328125 1.953125 -6.859375 C 1.398438 -7.390625 1.125 -8.128906 1.125 -9.078125 C 1.125 -10.171875 1.507812 -11.035156 2.28125 -11.671875 C 3.050781 -12.304688 4.113281 -12.625 5.46875 -12.625 C 6.050781 -12.625 6.644531 -12.566406 7.25 -12.453125 C 7.851562 -12.347656 8.46875 -12.191406 9.09375 -11.984375 Z M 9.09375 -11.984375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-9">
-<path style="stroke:none;" d="M 1.4375 -3.671875 L 1.4375 -9.296875 L 2.96875 -9.296875 L 2.96875 -3.734375 C 2.96875 -2.847656 3.140625 -2.1875 3.484375 -1.75 C 3.828125 -1.3125 4.34375 -1.09375 5.03125 -1.09375 C 5.851562 -1.09375 6.503906 -1.351562 6.984375 -1.875 C 7.460938 -2.40625 7.703125 -3.125 7.703125 -4.03125 L 7.703125 -9.296875 L 9.234375 -9.296875 L 9.234375 0 L 7.703125 0 L 7.703125 -1.421875 C 7.328125 -0.859375 6.894531 -0.441406 6.40625 -0.171875 C 5.914062 0.0976562 5.347656 0.234375 4.703125 0.234375 C 3.640625 0.234375 2.828125 -0.09375 2.265625 -0.75 C 1.710938 -1.414062 1.4375 -2.390625 1.4375 -3.671875 Z M 5.28125 -9.515625 L 5.28125 -9.515625 Z M 5.28125 -9.515625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-10">
-<path style="stroke:none;" d="M 9.328125 -5.609375 L 9.328125 0 L 7.796875 0 L 7.796875 -5.5625 C 7.796875 -6.4375 7.625 -7.09375 7.28125 -7.53125 C 6.945312 -7.96875 6.4375 -8.1875 5.75 -8.1875 C 4.914062 -8.1875 4.257812 -7.921875 3.78125 -7.390625 C 3.3125 -6.867188 3.078125 -6.15625 3.078125 -5.25 L 3.078125 0 L 1.546875 0 L 1.546875 -9.296875 L 3.078125 -9.296875 L 3.078125 -7.859375 C 3.441406 -8.410156 3.867188 -8.820312 4.359375 -9.09375 C 4.859375 -9.375 5.429688 -9.515625 6.078125 -9.515625 C 7.148438 -9.515625 7.957031 -9.179688 8.5 -8.515625 C 9.050781 -7.859375 9.328125 -6.890625 9.328125 -5.609375 Z M 9.328125 -5.609375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-11">
-<path style="stroke:none;" d="M 9.546875 -5.03125 L 9.546875 -4.28125 L 2.53125 -4.28125 C 2.59375 -3.226562 2.90625 -2.425781 3.46875 -1.875 C 4.039062 -1.320312 4.835938 -1.046875 5.859375 -1.046875 C 6.441406 -1.046875 7.007812 -1.117188 7.5625 -1.265625 C 8.113281 -1.410156 8.660156 -1.628906 9.203125 -1.921875 L 9.203125 -0.46875 C 8.648438 -0.238281 8.085938 -0.0664062 7.515625 0.046875 C 6.941406 0.171875 6.359375 0.234375 5.765625 0.234375 C 4.273438 0.234375 3.097656 -0.191406 2.234375 -1.046875 C 1.367188 -1.910156 0.9375 -3.082031 0.9375 -4.5625 C 0.9375 -6.082031 1.347656 -7.285156 2.171875 -8.171875 C 2.992188 -9.066406 4.101562 -9.515625 5.5 -9.515625 C 6.75 -9.515625 7.734375 -9.113281 8.453125 -8.3125 C 9.179688 -7.507812 9.546875 -6.414062 9.546875 -5.03125 Z M 8.03125 -5.484375 C 8.019531 -6.316406 7.785156 -6.976562 7.328125 -7.46875 C 6.867188 -7.96875 6.265625 -8.21875 5.515625 -8.21875 C 4.660156 -8.21875 3.976562 -7.976562 3.46875 -7.5 C 2.957031 -7.019531 2.660156 -6.34375 2.578125 -5.46875 L 8.03125 -5.484375 Z M 8.03125 -5.484375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-12">
-<path style="stroke:none;" d="M 1.609375 -12.921875 L 3.125 -12.921875 L 3.125 0 L 1.609375 0 L 1.609375 -12.921875 Z M 1.609375 -12.921875 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-13">
-<path style="stroke:none;" d=""/>
-</symbol>
-<symbol overflow="visible" id="glyph0-14">
-<path style="stroke:none;" d="M 8.84375 -7.515625 C 9.21875 -8.203125 9.671875 -8.707031 10.203125 -9.03125 C 10.734375 -9.351562 11.363281 -9.515625 12.09375 -9.515625 C 13.050781 -9.515625 13.789062 -9.175781 14.3125 -8.5 C 14.84375 -7.820312 15.109375 -6.859375 15.109375 -5.609375 L 15.109375 0 L 13.578125 0 L 13.578125 -5.5625 C 13.578125 -6.445312 13.421875 -7.101562 13.109375 -7.53125 C 12.796875 -7.96875 12.3125 -8.1875 11.65625 -8.1875 C 10.863281 -8.1875 10.238281 -7.921875 9.78125 -7.390625 C 9.320312 -6.867188 9.09375 -6.15625 9.09375 -5.25 L 9.09375 0 L 7.5625 0 L 7.5625 -5.5625 C 7.5625 -6.457031 7.398438 -7.117188 7.078125 -7.546875 C 6.765625 -7.972656 6.28125 -8.1875 5.625 -8.1875 C 4.84375 -8.1875 4.222656 -7.921875 3.765625 -7.390625 C 3.304688 -6.867188 3.078125 -6.15625 3.078125 -5.25 L 3.078125 0 L 1.546875 0 L 1.546875 -9.296875 L 3.078125 -9.296875 L 3.078125 -7.859375 C 3.429688 -8.421875 3.847656 -8.835938 4.328125 -9.109375 C 4.816406 -9.378906 5.394531 -9.515625 6.0625 -9.515625 C 6.738281 -9.515625 7.3125 -9.34375 7.78125 -9 C 8.257812 -8.65625 8.613281 -8.160156 8.84375 -7.515625 Z M 8.84375 -7.515625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-15">
-<path style="stroke:none;" d="M 7.53125 -9.015625 L 7.53125 -7.578125 C 7.09375 -7.796875 6.640625 -7.960938 6.171875 -8.078125 C 5.710938 -8.191406 5.234375 -8.25 4.734375 -8.25 C 3.984375 -8.25 3.414062 -8.128906 3.03125 -7.890625 C 2.65625 -7.660156 2.46875 -7.3125 2.46875 -6.84375 C 2.46875 -6.488281 2.601562 -6.210938 2.875 -6.015625 C 3.144531 -5.816406 3.6875 -5.625 4.5 -5.4375 L 5.03125 -5.328125 C 6.113281 -5.085938 6.882812 -4.753906 7.34375 -4.328125 C 7.800781 -3.910156 8.03125 -3.320312 8.03125 -2.5625 C 8.03125 -1.695312 7.6875 -1.015625 7 -0.515625 C 6.320312 -0.015625 5.382812 0.234375 4.1875 0.234375 C 3.6875 0.234375 3.164062 0.1875 2.625 0.09375 C 2.082031 0 1.515625 -0.144531 0.921875 -0.34375 L 0.921875 -1.921875 C 1.484375 -1.628906 2.035156 -1.40625 2.578125 -1.25 C 3.128906 -1.101562 3.675781 -1.03125 4.21875 -1.03125 C 4.9375 -1.03125 5.488281 -1.15625 5.875 -1.40625 C 6.257812 -1.65625 6.453125 -2.003906 6.453125 -2.453125 C 6.453125 -2.867188 6.3125 -3.1875 6.03125 -3.40625 C 5.757812 -3.625 5.148438 -3.835938 4.203125 -4.046875 L 3.671875 -4.171875 C 2.722656 -4.367188 2.035156 -4.671875 1.609375 -5.078125 C 1.191406 -5.492188 0.984375 -6.0625 0.984375 -6.78125 C 0.984375 -7.65625 1.289062 -8.328125 1.90625 -8.796875 C 2.53125 -9.273438 3.414062 -9.515625 4.5625 -9.515625 C 5.125 -9.515625 5.648438 -9.472656 6.140625 -9.390625 C 6.640625 -9.304688 7.101562 -9.179688 7.53125 -9.015625 Z M 7.53125 -9.015625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-16">
-<path style="stroke:none;" d="M 5.828125 -4.671875 C 4.585938 -4.671875 3.726562 -4.53125 3.25 -4.25 C 2.78125 -3.96875 2.546875 -3.488281 2.546875 -2.8125 C 2.546875 -2.269531 2.722656 -1.835938 3.078125 -1.515625 C 3.441406 -1.191406 3.929688 -1.03125 4.546875 -1.03125 C 5.390625 -1.03125 6.066406 -1.332031 6.578125 -1.9375 C 7.085938 -2.539062 7.34375 -3.335938 7.34375 -4.328125 L 7.34375 -4.671875 L 5.828125 -4.671875 Z M 8.875 -5.296875 L 8.875 0 L 7.34375 0 L 7.34375 -1.40625 C 7 -0.84375 6.566406 -0.425781 6.046875 -0.15625 C 5.523438 0.101562 4.890625 0.234375 4.140625 0.234375 C 3.179688 0.234375 2.421875 -0.03125 1.859375 -0.5625 C 1.296875 -1.09375 1.015625 -1.804688 1.015625 -2.703125 C 1.015625 -3.753906 1.363281 -4.546875 2.0625 -5.078125 C 2.769531 -5.609375 3.816406 -5.875 5.203125 -5.875 L 7.34375 -5.875 L 7.34375 -6.015625 C 7.34375 -6.722656 7.109375 -7.265625 6.640625 -7.640625 C 6.179688 -8.023438 5.535156 -8.21875 4.703125 -8.21875 C 4.171875 -8.21875 3.65625 -8.15625 3.15625 -8.03125 C 2.65625 -7.90625 2.171875 -7.71875 1.703125 -7.46875 L 1.703125 -8.875 C 2.265625 -9.09375 2.804688 -9.253906 3.328125 -9.359375 C 3.859375 -9.460938 4.367188 -9.515625 4.859375 -9.515625 C 6.203125 -9.515625 7.207031 -9.164062 7.875 -8.46875 C 8.539062 -7.769531 8.875 -6.710938 8.875 -5.296875 Z M 8.875 -5.296875 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-17">
-<path style="stroke:none;" d="M 7.71875 -4.75 C 7.71875 -5.863281 7.488281 -6.722656 7.03125 -7.328125 C 6.570312 -7.941406 5.929688 -8.25 5.109375 -8.25 C 4.296875 -8.25 3.660156 -7.941406 3.203125 -7.328125 C 2.742188 -6.722656 2.515625 -5.863281 2.515625 -4.75 C 2.515625 -3.65625 2.742188 -2.800781 3.203125 -2.1875 C 3.660156 -1.582031 4.296875 -1.28125 5.109375 -1.28125 C 5.929688 -1.28125 6.570312 -1.582031 7.03125 -2.1875 C 7.488281 -2.800781 7.71875 -3.65625 7.71875 -4.75 Z M 9.25 -1.15625 C 9.25 0.425781 8.894531 1.601562 8.1875 2.375 C 7.488281 3.144531 6.414062 3.53125 4.96875 3.53125 C 4.425781 3.53125 3.914062 3.488281 3.4375 3.40625 C 2.96875 3.332031 2.507812 3.210938 2.0625 3.046875 L 2.0625 1.5625 C 2.507812 1.800781 2.953125 1.976562 3.390625 2.09375 C 3.828125 2.21875 4.269531 2.28125 4.71875 2.28125 C 5.71875 2.28125 6.46875 2.015625 6.96875 1.484375 C 7.46875 0.960938 7.71875 0.175781 7.71875 -0.875 L 7.71875 -1.640625 C 7.40625 -1.085938 7 -0.675781 6.5 -0.40625 C 6.007812 -0.132812 5.421875 0 4.734375 0 C 3.597656 0 2.679688 -0.429688 1.984375 -1.296875 C 1.285156 -2.171875 0.9375 -3.320312 0.9375 -4.75 C 0.9375 -6.195312 1.285156 -7.351562 1.984375 -8.21875 C 2.679688 -9.082031 3.597656 -9.515625 4.734375 -9.515625 C 5.421875 -9.515625 6.007812 -9.378906 6.5 -9.109375 C 7 -8.835938 7.40625 -8.429688 7.71875 -7.890625 L 7.71875 -9.296875 L 9.25 -9.296875 L 9.25 -1.15625 Z M 9.25 -1.15625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-18">
-<path style="stroke:none;" d="M 10.125 -1.765625 L 10.125 -5.09375 L 7.375 -5.09375 L 7.375 -6.46875 L 11.78125 -6.46875 L 11.78125 -1.15625 C 11.132812 -0.695312 10.421875 -0.347656 9.640625 -0.109375 C 8.859375 0.117188 8.023438 0.234375 7.140625 0.234375 C 5.203125 0.234375 3.6875 -0.328125 2.59375 -1.453125 C 1.5 -2.585938 0.953125 -4.164062 0.953125 -6.1875 C 0.953125 -8.207031 1.5 -9.785156 2.59375 -10.921875 C 3.6875 -12.054688 5.203125 -12.625 7.140625 -12.625 C 7.941406 -12.625 8.707031 -12.519531 9.4375 -12.3125 C 10.164062 -12.113281 10.835938 -11.820312 11.453125 -11.4375 L 11.453125 -9.65625 C 10.835938 -10.175781 10.179688 -10.566406 9.484375 -10.828125 C 8.785156 -11.097656 8.050781 -11.234375 7.28125 -11.234375 C 5.757812 -11.234375 4.617188 -10.8125 3.859375 -9.96875 C 3.097656 -9.125 2.71875 -7.863281 2.71875 -6.1875 C 2.71875 -4.507812 3.097656 -3.25 3.859375 -2.40625 C 4.617188 -1.5625 5.757812 -1.140625 7.28125 -1.140625 C 7.875 -1.140625 8.398438 -1.1875 8.859375 -1.28125 C 9.328125 -1.382812 9.75 -1.546875 10.125 -1.765625 Z M 10.125 -1.765625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-19">
-<path style="stroke:none;" d="M 6.984375 -7.875 C 6.816406 -7.96875 6.628906 -8.035156 6.421875 -8.078125 C 6.222656 -8.128906 6.003906 -8.15625 5.765625 -8.15625 C 4.898438 -8.15625 4.234375 -7.875 3.765625 -7.3125 C 3.304688 -6.75 3.078125 -5.941406 3.078125 -4.890625 L 3.078125 0 L 1.546875 0 L 1.546875 -9.296875 L 3.078125 -9.296875 L 3.078125 -7.859375 C 3.398438 -8.421875 3.816406 -8.835938 4.328125 -9.109375 C 4.847656 -9.378906 5.472656 -9.515625 6.203125 -9.515625 C 6.304688 -9.515625 6.421875 -9.507812 6.546875 -9.5 C 6.679688 -9.488281 6.828125 -9.46875 6.984375 -9.4375 L 6.984375 -7.875 Z M 6.984375 -7.875 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-20">
-<path style="stroke:none;" d="M 1.609375 -9.296875 L 3.125 -9.296875 L 3.125 0 L 1.609375 0 L 1.609375 -9.296875 Z M 1.609375 -12.921875 L 3.125 -12.921875 L 3.125 -10.984375 L 1.609375 -10.984375 L 1.609375 -12.921875 Z M 1.609375 -12.921875 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-21">
-<path style="stroke:none;" d="M 8.296875 -8.9375 L 8.296875 -7.515625 C 7.859375 -7.753906 7.421875 -7.929688 6.984375 -8.046875 C 6.554688 -8.160156 6.117188 -8.21875 5.671875 -8.21875 C 4.679688 -8.21875 3.910156 -7.90625 3.359375 -7.28125 C 2.816406 -6.65625 2.546875 -5.773438 2.546875 -4.640625 C 2.546875 -3.503906 2.816406 -2.617188 3.359375 -1.984375 C 3.910156 -1.359375 4.679688 -1.046875 5.671875 -1.046875 C 6.117188 -1.046875 6.554688 -1.101562 6.984375 -1.21875 C 7.421875 -1.34375 7.859375 -1.523438 8.296875 -1.765625 L 8.296875 -0.359375 C 7.867188 -0.160156 7.425781 -0.015625 6.96875 0.078125 C 6.507812 0.179688 6.023438 0.234375 5.515625 0.234375 C 4.109375 0.234375 2.992188 -0.203125 2.171875 -1.078125 C 1.347656 -1.960938 0.9375 -3.148438 0.9375 -4.640625 C 0.9375 -6.160156 1.351562 -7.351562 2.1875 -8.21875 C 3.019531 -9.082031 4.160156 -9.515625 5.609375 -9.515625 C 6.078125 -9.515625 6.535156 -9.46875 6.984375 -9.375 C 7.429688 -9.28125 7.867188 -9.132812 8.296875 -8.9375 Z M 8.296875 -8.9375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-22">
-<path style="stroke:none;" d="M 5.46875 0.859375 C 5.039062 1.972656 4.617188 2.695312 4.203125 3.03125 C 3.796875 3.363281 3.25 3.53125 2.5625 3.53125 L 1.34375 3.53125 L 1.34375 2.265625 L 2.234375 2.265625 C 2.660156 2.265625 2.988281 2.160156 3.21875 1.953125 C 3.445312 1.753906 3.707031 1.285156 4 0.546875 L 4.265625 -0.15625 L 0.5 -9.296875 L 2.125 -9.296875 L 5.03125 -2.03125 L 7.9375 -9.296875 L 9.546875 -9.296875 L 5.46875 0.859375 Z M 5.46875 0.859375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-23">
-<path style="stroke:none;" d="M 3.078125 -1.390625 L 3.078125 3.53125 L 1.546875 3.53125 L 1.546875 -9.296875 L 3.078125 -9.296875 L 3.078125 -7.890625 C 3.398438 -8.441406 3.804688 -8.847656 4.296875 -9.109375 C 4.785156 -9.378906 5.367188 -9.515625 6.046875 -9.515625 C 7.179688 -9.515625 8.097656 -9.066406 8.796875 -8.171875 C 9.503906 -7.273438 9.859375 -6.097656 9.859375 -4.640625 C 9.859375 -3.179688 9.503906 -2.003906 8.796875 -1.109375 C 8.097656 -0.210938 7.179688 0.234375 6.046875 0.234375 C 5.367188 0.234375 4.785156 0.101562 4.296875 -0.15625 C 3.804688 -0.425781 3.398438 -0.835938 3.078125 -1.390625 Z M 8.28125 -4.640625 C 8.28125 -5.765625 8.046875 -6.644531 7.578125 -7.28125 C 7.117188 -7.925781 6.484375 -8.25 5.671875 -8.25 C 4.867188 -8.25 4.234375 -7.925781 3.765625 -7.28125 C 3.304688 -6.644531 3.078125 -5.765625 3.078125 -4.640625 C 3.078125 -3.515625 3.304688 -2.628906 3.765625 -1.984375 C 4.234375 -1.347656 4.867188 -1.03125 5.671875 -1.03125 C 6.484375 -1.03125 7.117188 -1.347656 7.578125 -1.984375 C 8.046875 -2.628906 8.28125 -3.515625 8.28125 -4.640625 Z M 8.28125 -4.640625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-24">
-<path style="stroke:none;" d="M 3.109375 -11.9375 L 3.109375 -9.296875 L 6.265625 -9.296875 L 6.265625 -8.109375 L 3.109375 -8.109375 L 3.109375 -3.0625 C 3.109375 -2.300781 3.210938 -1.8125 3.421875 -1.59375 C 3.628906 -1.382812 4.050781 -1.28125 4.6875 -1.28125 L 6.265625 -1.28125 L 6.265625 0 L 4.6875 0 C 3.507812 0 2.695312 -0.21875 2.25 -0.65625 C 1.800781 -1.09375 1.578125 -1.894531 1.578125 -3.0625 L 1.578125 -8.109375 L 0.453125 -8.109375 L 0.453125 -9.296875 L 1.578125 -9.296875 L 1.578125 -11.9375 L 3.109375 -11.9375 Z M 3.109375 -11.9375 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-25">
-<path style="stroke:none;" d="M 5.203125 -8.21875 C 4.378906 -8.21875 3.726562 -7.898438 3.25 -7.265625 C 2.78125 -6.628906 2.546875 -5.753906 2.546875 -4.640625 C 2.546875 -3.523438 2.78125 -2.644531 3.25 -2 C 3.726562 -1.363281 4.378906 -1.046875 5.203125 -1.046875 C 6.015625 -1.046875 6.660156 -1.367188 7.140625 -2.015625 C 7.617188 -2.660156 7.859375 -3.535156 7.859375 -4.640625 C 7.859375 -5.742188 7.617188 -6.613281 7.140625 -7.25 C 6.660156 -7.894531 6.015625 -8.21875 5.203125 -8.21875 Z M 5.203125 -9.515625 C 6.535156 -9.515625 7.578125 -9.082031 8.328125 -8.21875 C 9.085938 -7.363281 9.46875 -6.171875 9.46875 -4.640625 C 9.46875 -3.117188 9.085938 -1.925781 8.328125 -1.0625 C 7.578125 -0.195312 6.535156 0.234375 5.203125 0.234375 C 3.867188 0.234375 2.820312 -0.195312 2.0625 -1.0625 C 1.3125 -1.925781 0.9375 -3.117188 0.9375 -4.640625 C 0.9375 -6.171875 1.3125 -7.363281 2.0625 -8.21875 C 2.820312 -9.082031 3.867188 -9.515625 5.203125 -9.515625 Z M 5.203125 -9.515625 "/>
-</symbol>
-<symbol overflow="visible" id="glyph0-26">
-<path style="stroke:none;" d="M 3.265625 -1.40625 L 9.109375 -1.40625 L 9.109375 0 L 1.25 0 L 1.25 -1.40625 C 1.882812 -2.070312 2.75 -2.957031 3.84375 -4.0625 C 4.945312 -5.175781 5.640625 -5.890625 5.921875 -6.203125 C 6.453125 -6.804688 6.820312 -7.316406 7.03125 -7.734375 C 7.25 -8.160156 7.359375 -8.570312 7.359375 -8.96875 C 7.359375 -9.632812 7.128906 -10.171875 6.671875 -10.578125 C 6.210938 -10.992188 5.609375 -11.203125 4.859375 -11.203125 C 4.335938 -11.203125 3.785156 -11.109375 3.203125 -10.921875 C 2.617188 -10.742188 1.992188 -10.472656 1.328125 -10.109375 L 1.328125 -11.796875 C 2.003906 -12.066406 2.632812 -12.269531 3.21875 -12.40625 C 3.800781 -12.550781 4.335938 -12.625 4.828125 -12.625 C 6.109375 -12.625 7.128906 -12.300781 7.890625 -11.65625 C 8.660156 -11.007812 9.046875 -10.148438 9.046875 -9.078125 C 9.046875 -8.566406 8.945312 -8.082031 8.75 -7.625 C 8.5625 -7.175781 8.21875 -6.640625 7.71875 -6.015625 C 7.582031 -5.859375 7.140625 -5.394531 6.390625 -4.625 C 5.648438 -3.863281 4.609375 -2.789062 3.265625 -1.40625 Z M 3.265625 -1.40625 "/>
-</symbol>
-</g>
-</defs>
-<g id="surface0">
-<path style=" stroke:none;fill-rule:nonzero;fill:rgb(100%,100%,100%);fill-opacity:1;" d="M 0 0 L 661 0 L 661 401 L 0 401 Z M 0 0 "/>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 17 L 33 17 L 33 20 L 15 20 Z M 15 17 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-1" x="173.402344" y="396.875"/>
-  <use xlink:href="#glyph0-2" x="178.402344" y="396.875"/>
-</g>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 14 L 24 14 L 24 17 L 15 17 Z M 15 14 " transform="matrix(20,0,0,20,-299,21)"/>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 24 14 L 33 14 L 33 17 L 24 17 Z M 24 14 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-3" x="84.671875" y="336.875"/>
-  <use xlink:href="#glyph0-4" x="84.671875" y="336.875"/>
-  <use xlink:href="#glyph0-2" x="96.488281" y="336.875"/>
-</g>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-5" x="253.207031" y="336.875"/>
-  <use xlink:href="#glyph0-6" x="265.589844" y="336.875"/>
-  <use xlink:href="#glyph0-2" x="278.617188" y="336.875"/>
-</g>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 11 L 24 11 L 24 14 L 15 14 Z M 15 11 " transform="matrix(20,0,0,20,-299,21)"/>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 24 11 L 33 11 L 33 14 L 24 14 Z M 24 11 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-7" x="68.988281" y="276.875"/>
-  <use xlink:href="#glyph0-3" x="91" y="276.875"/>
-  <use xlink:href="#glyph0-4" x="91" y="276.875"/>
-  <use xlink:href="#glyph0-2" x="102.816406" y="276.875"/>
-</g>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-8" x="254.066406" y="276.875"/>
-  <use xlink:href="#glyph0-8" x="264.808594" y="276.875"/>
-  <use xlink:href="#glyph0-5" x="275.550781" y="276.875"/>
-</g>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 8 L 33 8 L 33 11 L 15 11 Z M 15 8 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-3" x="132.71875" y="216.875"/>
-  <use xlink:href="#glyph0-9" x="132.71875" y="216.875"/>
-  <use xlink:href="#glyph0-10" x="143.441406" y="216.875"/>
-  <use xlink:href="#glyph0-10" x="154.164062" y="216.875"/>
-  <use xlink:href="#glyph0-11" x="164.886719" y="216.875"/>
-  <use xlink:href="#glyph0-12" x="175.296875" y="216.875"/>
-  <use xlink:href="#glyph0-13" x="180.003906" y="216.875"/>
-  <use xlink:href="#glyph0-14" x="185.375" y="216.875"/>
-  <use xlink:href="#glyph0-11" x="201.859375" y="216.875"/>
-  <use xlink:href="#glyph0-15" x="212.269531" y="216.875"/>
-  <use xlink:href="#glyph0-15" x="221.078125" y="216.875"/>
-  <use xlink:href="#glyph0-16" x="229.886719" y="216.875"/>
-  <use xlink:href="#glyph0-17" x="240.257812" y="216.875"/>
-  <use xlink:href="#glyph0-11" x="251" y="216.875"/>
-  <use xlink:href="#glyph0-15" x="261.410156" y="216.875"/>
-</g>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 5 L 33 5 L 33 8 L 15 8 Z M 15 5 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-18" x="108.460938" y="156.875"/>
-  <use xlink:href="#glyph0-16" x="121.566406" y="156.875"/>
-  <use xlink:href="#glyph0-19" x="131.9375" y="156.875"/>
-  <use xlink:href="#glyph0-12" x="138.890625" y="156.875"/>
-  <use xlink:href="#glyph0-20" x="143.597656" y="156.875"/>
-  <use xlink:href="#glyph0-21" x="148.304688" y="156.875"/>
-  <use xlink:href="#glyph0-13" x="157.601562" y="156.875"/>
-  <use xlink:href="#glyph0-11" x="162.972656" y="156.875"/>
-  <use xlink:href="#glyph0-10" x="173.382812" y="156.875"/>
-  <use xlink:href="#glyph0-21" x="184.105469" y="156.875"/>
-  <use xlink:href="#glyph0-19" x="193.402344" y="156.875"/>
-  <use xlink:href="#glyph0-22" x="200.355469" y="156.875"/>
-  <use xlink:href="#glyph0-23" x="210.375" y="156.875"/>
-  <use xlink:href="#glyph0-24" x="221.117188" y="156.875"/>
-  <use xlink:href="#glyph0-20" x="227.757812" y="156.875"/>
-  <use xlink:href="#glyph0-25" x="232.464844" y="156.875"/>
-  <use xlink:href="#glyph0-10" x="242.816406" y="156.875"/>
-</g>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 2 L 33 2 L 33 5 L 15 5 Z M 15 2 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-1" x="162.113281" y="96.875"/>
-  <use xlink:href="#glyph0-26" x="167.113281" y="96.875"/>
-  <use xlink:href="#glyph0-4" x="177.875" y="96.875"/>
-  <use xlink:href="#glyph0-2" x="189.691406" y="96.875"/>
-</g>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 15 -1 L 24 -1 L 24 2 L 15 2 Z M 15 -1 " transform="matrix(20,0,0,20,-299,21)"/>
-<path style="fill-rule:evenodd;fill:rgb(100%,100%,100%);fill-opacity:1;stroke-width:0.1;stroke-linecap:butt;stroke-linejoin:miter;stroke:rgb(0%,0%,0%);stroke-opacity:1;stroke-miterlimit:10;" d="M 24 -1 L 33 -1 L 33 2 L 24 2 Z M 24 -1 " transform="matrix(20,0,0,20,-299,21)"/>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-8" x="50.472656" y="36.875"/>
-  <use xlink:href="#glyph0-24" x="61.214844" y="36.875"/>
-  <use xlink:href="#glyph0-19" x="68.089844" y="36.875"/>
-  <use xlink:href="#glyph0-11" x="68.089844" y="36.875"/>
-  <use xlink:href="#glyph0-16" x="78.5" y="36.875"/>
-  <use xlink:href="#glyph0-14" x="88.871094" y="36.875"/>
-  <use xlink:href="#glyph0-20" x="105.355469" y="36.875"/>
-  <use xlink:href="#glyph0-10" x="110.0625" y="36.875"/>
-  <use xlink:href="#glyph0-17" x="120.785156" y="36.875"/>
-</g>
-<g style="fill:rgb(0%,0%,0%);fill-opacity:1;">
-  <use xlink:href="#glyph0-6" x="224.125" y="36.875"/>
-  <use xlink:href="#glyph0-16" x="237.152344" y="36.875"/>
-  <use xlink:href="#glyph0-24" x="247.523438" y="36.875"/>
-  <use xlink:href="#glyph0-16" x="254.164062" y="36.875"/>
-  <use xlink:href="#glyph0-17" x="264.535156" y="36.875"/>
-  <use xlink:href="#glyph0-19" x="275.277344" y="36.875"/>
-  <use xlink:href="#glyph0-16" x="282.230469" y="36.875"/>
-  <use xlink:href="#glyph0-14" x="292.601562" y="36.875"/>
-  <use xlink:href="#glyph0-15" x="309.085938" y="36.875"/>
-</g>
-</g>
-</svg>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 486 560">
+<style><![CDATA[.B{font-family:Arial}.C{font-size:24px}]]></style>
+<g fill="#fff" stroke="#000" stroke-width="2">
+<path d="M23.4 383.8h360v60h-360zm0-60h180v60h-180zm180 0h180v60h-180zm-180-60h180v60h-180zm180 0h180v60h-180zm-180-60h360v60h-360zm0 0"/>
+<path d="M23.4 143.8h360v60h-360zm0 0"/>
+<path d="M23.4 83.8h360v60h-360zm0-60h180v60h-180zm180 0h180v60h-180zm0 0"/></g>
+<text xml:space="preserve" x="36.6" y="37.2" class="B C"><tspan x="59" y="60">Streaming</tspan></text>
+<text xml:space="preserve" x="211.8" y="37.1" class="B C"><tspan x="234.2" y="59.9">Datagrams</tspan></text>
+<text xml:space="preserve" x="153.7" y="99.6" class="B C"><tspan x="176.1" y="122.4">I2CP</tspan></text>
+<text xml:space="preserve" x="89.8" y="157.2" class="B C"><tspan x="112.2" y="180">Garlic Encryption</tspan></text>
+<text xml:space="preserve" x="51.4" y="279.6" class="B C"><tspan x="73.8" y="302.4">NTCP2</tspan></text><text xml:space="preserve" x="239.7" y="279.6" class="B C"><tspan x="262.1" y="302.4">SSU2</tspan></text>
+<text xml:space="preserve" x="67.2" y="339.6" class="B C"><tspan x="89.6" y="362.4">TCP</tspan></text>
+<text xml:space="preserve" x="245.2" y="339.4" class="B C"><tspan x="267.6" y="362.2">UDP</tspan></text>
+<text xml:space="preserve" x="169.1" y="399.6" class="B C"><tspan x="191.5" y="422.4">IP</tspan></text>
+<text xml:space="preserve" x="86.9" y="217.1" class="B C"><tspan x="109.3" y="239.9">Tunnel Messages</tspan></text>
+</svg>

docker-run-dev.sh

@@ -1,5 +1,3 @@
-#! /usr/bin/env sh
-virtualenv --distribute env
-. env/bin/activate
-#./setup_venv.sh
-DEV=on ./runserver.py
+#! /usr/bin/env bash
+export devmode="--volume $(pwd):/var/www/i2p.www"
+./site-updater-docker.sh runserver.sh

etc/project.vars

@@ -1,2 +1,7 @@
 export venv_dir="env"
-export venv="`which virtualenv-2.7 || which virtualenv`"
+export spec=""
+export venv="`which virtualenv-2.7`"
+if [ x"$venv" = x ]; then
+	export venv="`which virtualenv`"
+	#export spec="-p 2.7"
+fi

i2p2www/__init__.py

@@ -22,9 +22,9 @@ except ImportError:
 ###########
 # Constants
 
-CURRENT_I2P_VERSION = '1.8.0'
-CURRENT_I2P_FIREFOX_PROFILE_VERSION = '1.8.0'
-CURRENT_I2P_OSX_VERSION = '1.8.0'
+CURRENT_I2P_VERSION = '2.9.0'
+CURRENT_I2P_FIREFOX_PROFILE_VERSION = '2.8.2'
+CURRENT_I2P_OSX_VERSION = '1.9.0'
 
 CANONICAL_DOMAIN = 'geti2p.net'
 

i2p2www/blog/2022/09/07/Meet_your_Maintainer_StormyCloud.rst

@@ -0,0 +1,201 @@
+
+============================================================
+{% trans -%}Meet Your Maintainer: StormyCloud{%- endtrans %}
+============================================================
+
+.. meta::
+   :author: sadie
+   :date: 2022-09-07
+   :category: general
+   :excerpt: {% trans %}An interview with the maintainers of the StormyCloud Outproxy{% endtrans %}
+
+{% trans -%}
+A conversation with StormyCloud Inc.
+{%- endtrans %}
+====================================
+
+{% trans -%}
+With the most recent `I2P Java
+release <https://geti2p.net/en/blog/post/2022/08/22/1.9.0-Release>`__,
+the existing outproxy, false.i2p was replaced with the new StormyCloud
+outproxy for new I2P installs. For people who are updating their router,
+changing over to the Stormycloud service can be done quickly.
+{%- endtrans %}
+
+{% trans -%}
+In your Hidden Services Manager, change both Outproxies and SSL
+Outproxies to exit.stormycloud.i2p and click on the save button at the
+bottom of the page.
+{%- endtrans %}
+
+|outproxystormy| **{% trans -%}Who is StormyCloud Inc?{%- endtrans %}**
+
+**Mission of StormyCloud Inc.**
+
+{% trans -%}
+To defend Internet access as a universal human right. By doing so, the
+group protects users’ electronic privacy and builds community by
+fostering unrestricted access to information and thus the free exchange
+of ideas across borders. This is essential because the Internet is the
+most powerful tool available for making a positive difference in the
+world.
+{%- endtrans %}
+
+**{% trans -%}Vision Statement{%- endtrans %}**
+
+{% trans -%}
+To become a pioneer in providing free and open Internet to everyone in
+the universe because Internet access is a basic human right
+`(https://stormycloud.org/about-us/) <https://stormycloud.org/about-us/>`__
+{%- endtrans %}
+
+{% trans -%}
+I met with Dustin to say hello, and to talk more about privacy, the need
+for services like StormyCloud, and what drew the company to I2P.
+{%- endtrans %}
+
+**{% trans -%}What was the inspiration behind starting StormyCloud?{%- endtrans %}**
+
+{% trans -%}
+It was late 2021, I was on the /r/tor subreddit. There was a person who
+had responded in a thread about how to use Tor who talked about how they
+relied on Tor in order to stay in contact with their family. Their
+family lived in the United States, but at the time they resided in a
+country where internet access was very restricted. They needed to be
+very cautious about who they communicated with and what they said. For
+these reasons, they relied on Tor. I thought about how I can communicate
+with people without fear or restrictions and that it should be the same
+for everyone.
+{%- endtrans %}
+
+{% trans -%}
+The goal of StormyCloud is to help as many people as we can to do that.
+{%- endtrans %}
+
+**{% trans -%}What have been some of the challenges of getting StormyCloud
+started?{%- endtrans %}**
+
+{% trans -%}
+The cost — it is ungodly expensive. We went the data centre route since
+the scale of what we are doing is not something that can be done on a
+home network. There are equipment expenses and reoccurring hosting
+costs.
+{%- endtrans %}
+
+{% trans -%}
+In regard to setting up the non-profit, we followed in Emerald Onion’s
+path and utilized some of their documents and lessons learned. The Tor
+community has many resources available that are very helpful.
+{%- endtrans %}
+
+**{% trans -%}How has the response been to your services?{%- endtrans %}**
+
+{% trans -%}
+In July we served 1.5 billion DNS requests over all of our services.
+People appreciate that there is no logging being done. The data is just
+not there, and people like that.
+{%- endtrans %}
+
+**{% trans -%}What is an outproxy?{%- endtrans %}**
+
+{% trans -%}
+An outproxy is similar to Tor’s exit nodes, it allows for clearnet
+(normal internet traffic) to be relayed through the I2P network. In
+other words, it allows I2P users to access the internet through the
+safety of the I2P network.
+{%- endtrans %}
+
+**{% trans -%}What is special about the StormyCloud I2P Outproxy?{%- endtrans %}**
+
+{% trans -%}
+To start with we are multi-homed which means we have several servers
+serving outproxy traffic. This ensures the service is always available
+to the community. All the logs on our servers are wiped every 15
+minutes. This ensures both law enforcement and ourselves do not have
+access to any data. We support visiting Tor onion links though the
+outproxy, and our outproxy is pretty fast.
+{%- endtrans %}
+
+**{% trans -%}How do you define privacy? What are some of the issues you see with
+overreach and data handling?{%- endtrans %}**
+
+{% trans -%}
+Privacy is freedom from unauthorized access. Transparency is important,
+such as opting in — the example being GDPR requirements.
+{%- endtrans %}
+
+{% trans -%}
+There are big companies hoarding data that is being used for
+`warrantless access to location
+data. <https://www.eff.org/deeplinks/2022/08/fog-revealed-guided-tour-how-cops-can-browse-your-location-data>`__
+There is overreach of tech companies into what people think is, and
+should be private, like photos or messages.
+{%- endtrans %}
+
+{% trans -%}
+It is important to keep doing outreach about how to keep your
+communication safe, and what tools or apps will help a person do so. The
+way that we interact with all of the information out there is important
+as well. We need to trust but verify.
+{%- endtrans %}
+
+**{% trans -%}How does I2P fit into StormyCloud’s Mission and Vision Statement?{%- endtrans %}**
+
+{% trans -%}
+I2P is an open source project, and what it offers aligns with the
+mission of StormyCloud Inc. I2P provides a layer of privacy and
+protection for traffic and communication, and the project believes that
+everybody has a right to privacy.
+{%- endtrans %}
+
+{% trans -%}
+We became aware of I2P in early 2022 when talking to people in the Tor
+community, and liked what the project was doing. It seemed similar to
+Tor.
+{%- endtrans %}
+
+{% trans -%}
+During our introduction to I2P and its capabilities, we saw the need for
+a reliable outproxy. We had really great support from people in the I2P
+community to create and start providing the outproxy service.
+{%- endtrans %}
+
+**{% trans -%}I am always curious about first impressions and what resources we can
+provide or improve on for people who are getting started with I2P. What
+can you tell me about your experience and suggestions for onboarding?{%- endtrans %}**
+
+{% trans -%}
+Make it easy to replicate or understand for people with limited IT
+knowledge or knowledge of I2P. Using the router, or even using email on
+I2P should be easy for everybody.
+{%- endtrans %}
+
+**{% trans -%}Conclusion{%- endtrans %}**
+
+{% trans -%}
+The need for awareness about surveilling what should be private in our
+online lives is ongoing. Collecting any data should be consensual , and
+privacy should be implicit.
+{%- endtrans %}
+
+{% trans -%}
+Where we cannot trust that our traffic or communication will not be
+observed without consent, we thankfully have access to networks that
+will by-design anonymize traffic and hide our locations.
+{%- endtrans %}
+
+{% trans -%}
+Thank you to StormyCloud and everyone who provides outproxies or nodes
+for Tor and I2P so that people can access the internet more safely when
+they need to. I look forward to more people bridging the capabilities of
+these complementary networks to create a more robust privacy ecosystem
+for everyone.
+{%- endtrans %}
+
+{% trans -%}
+Learn more about StormyCloud Inc.’s services https://stormycloud.org/
+and help support their work by making a donation
+https://stormycloud.org/donate/.
+{%- endtrans %}
+
+.. |outproxystormy| image:: https://user-images.githubusercontent.com/50714166/188997993-465b6a5a-52a0-40f0-bdff-68ca2b6c97ba.png

i2p2www/blog/2022/09/07/easy_install_bundle_1.9.5.rst

@@ -0,0 +1,27 @@
+====================================================================
+{% trans -%}Windows Easy-Install Bundle 1.9.5 Release{%- endtrans %}
+====================================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-09-07
+   :category: release
+   :excerpt: {% trans %}Windows Easy-Install Bundle 1.9.5{% endtrans %}
+
+{% trans -%}
+Bug Fixing release for Windows 11 users
+{%- endtrans %}
+=======================================
+
+{% trans -%}
+This point release includes a bug fix in the included I2P router, which resolves
+a highly obscure bug where the context clock is out of sync with the clock in
+use by the File System, resulting in a router which is unable to read the current
+state of it's own NetDB. Although this bug has only been observed on Windows 11
+so far, it is highly recommended that all users update to the new build.
+{%- endtrans %}
+
+{% trans -%}
+This release also features faster startup and times improved stability in the profile
+manager.
+{%- endtrans %}

i2p2www/blog/2022/09/26/i2p-safety-reminder.rst

@@ -0,0 +1,106 @@
+{% trans -%}
+==================================
+A Reminder to be Safe as I2P Grows
+==================================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2022-09-26
+    :category: general
+    :excerpt: {% trans %}A Reminder to be Safe as I2P Grows{% endtrans %}
+
+{% trans -%}
+A Reminder to be Safe as I2P Grows
+{%- endtrans %}
+==================================
+
+{% trans -%}
+It is an an exciting time for The Invisible Internet Project (I2P).
+We are completing our migration to modern cryptography across all of our transports, ( Java and C++), and we have recently gained a high-capacity and professional outproxy service, and there are more applications integrating I2P based functionality than ever.
+The network is poised to grow, so now is a good time to remind everyone to be smart and be safe when obtaining I2P and I2P-related software.
+We welcome new applications, implementations, and forks with new ideas, and the power of the network comes from its openness to participation by all I2P users.
+In fact, we don’t like to call you users, we like to use the word “Participants” because each of you helps the network, in your own way by contributing content, developing applications, or simply routing traffic and helping other participants find peers.
+{%- endtrans %}
+
+{% trans -%}
+You are the network, and we want you to be safe.
+{%- endtrans %}
+
+{% trans -%}
+We have become aware of attempts to impersonate I2P’s presence on the web and social media.
+To avoid offering momentum to these campaigns, we will not mention the actors affiliated with them, However, in order to help you recognize these campaigns should you encounter them in the wild, we are documenting their tactics:
+{%- endtrans %}
+
+-  Copying text directly from the I2P Web Site without acknowledging our license requirements in a way that may suggest endorsement.
+-  Involvement or promotion of an Initial Coin Offering, or ICO
+-  Crypto-Scam like language
+-  Graphics that have nothing to do with the textual content
+-  Click-farming behavior, sites that appear to have content but which instead link to other sites
+-  Attempts to get the user to register for non-I2P chat servers. We come to you or you come to us, we will not ask you to meet us at a third-party service unless you already use it(Note that this is not always true for other forks and projects, but it is true of geti2p.net).
+-  The use of bot networks to amplify any message on social media. I2P(geti2p.net) does not use bots for social media advertising.
+
+{% trans -%}
+These campaigns have had the side-effect of “shadow-banning” some legitimate I2P-related discussion on Twitter and possibly other social media.
+{%- endtrans %}
+
+{% trans -%}Our Sites{%- endtrans %}
+---------
+
+{% trans -%}
+We have official sites where people may obtain the I2P software safely:
+{%- endtrans %}
+
+-  `{% trans -%}Official Website - i2p.net{%- endtrans %}
+   <https://i2p.net>`__
+-  `{% trans -%}Official Website - geti2p.net{%- endtrans %}
+   <https://geti2p.net>`__
+-  `{% trans -%}Official Gitlab - i2pgit.org{%- endtrans %}
+   <https://i2pgit.org>`__
+-  `{% trans -%}Official Debian Repository - deb.i2p2.de{%- endtrans %}
+   <https://deb.i2p2.de>`__
+-  `{% trans -%}Official Debian Repository - deb.i2p2.no{%- endtrans %}
+   <https://deb.i2p2.no>`__
+-  `{% trans -%}Official Forums - i2pforum.net{%- endtrans %}
+   <https://i2pforum.net>`__
+
+{% trans -%}Invisible Internet Project Forums, Blogs and Social Media{%- endtrans %}
+---------------------------------------------------------
+
+{% trans -%}Hosted by the project{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~
+
+-  `{% trans -%}I2P Forums{%- endtrans %} <https://i2pforum.net>`__ - `{% trans -%}I2P{%- endtrans %}
+   Mirror <https://i2pforum.i2p>`__
+-  irc: `#i2p-dev` on Irc2P(`127.0.0.1:6668` in a standard I2P installation)
+
+{% trans -%}Hosted by Others{%- endtrans %}
+~~~~~~~~~~~~~~~~
+
+{% trans -%}
+These services are hosted by third-parties, sometimes corporations, where we participate in order to provide a social media outreach presence to I2P users who choose to participate in them.
+We will never ask you to participate in these unless you already have an account with them, prior to interacting with us.
+{%- endtrans %}
+
+-  `{% trans -%}Launchpad{%- endtrans %} : https://launchpad.net/i2p <https://launchpad.net/i2p>`__
+-  `{% trans -%}Github{%- endtrans %} : https://github.com/i2p <https://github.com/i2p>`__
+-  `{% trans -%}Twitter{%- endtrans %} : https://twitter.com/GetI2P <https://twitter.com/GetI2P>`__
+-  `{% trans -%}Reddit{%- endtrans %} :
+   https://www.reddit.com/r/i2p/ <https://www.reddit.com/r/i2p/>`__
+-  `{% trans -%}Mastodon{%- endtrans %}:
+   https://mastodon.social/@i2p <https://mastodon.social/@i2p>`__
+-  `{% trans -%}Medium{%- endtrans %}: https://i2p.medium.com/ <https://i2p.medium.com/>`__
+
+{% trans -%}Forks, Apps, and Third-Party Implementations are Not Evil.{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{% trans -%}
+This post attempts to provide ways of vetting the source for obtaining the Java I2P package represented by the source code contained in https://i2pgit.org/i2p-hackers/i2p.i2p and https://github.com/i2p/i2p.i2p, and which is available for download from the web site https://geti2p.net/.
+It is not intended to pass judgement on third-party forks, downstream projects, embedders, packagers, people experimenting in laboratories, or people who just disagree with us.
+You are all valued members of our community who are trying to protect, and not compromise, the privacy of others.
+Since we are aware of attempts to impersonate I2P project community members, you may wish to review the download, verification, and installation procedures which you recommend to your users in order to document your official sources and known mirrors.
+{%- endtrans %}
+
+{% trans -%}
+Authors Note: An earlier version of this blog post contained the TLS fingerprint of each of the services operated by the I2P Project.
+These were removed when a certificate renewal caused the fingerprints to become inaccurate.
+{%- endtrans %}

i2p2www/blog/2022/09/26/meet-your-maintainer-divaexchange.rst

@@ -0,0 +1,347 @@
+{% trans -%}
+==================================
+Meet your Maintainer: DivaExchange
+==================================
+{%- endtrans %}
+.. meta::
+    :author: sadie
+    :date: 2022-09-26
+    :category: general
+    :excerpt: {% trans %}A conversation with DivaExchange{% endtrans %}
+
+{% trans -%}
+*In this second installment of Meet Your Maintainer, I reached out to
+Konrad from DIVA.EXCHANGE to talk about DIVA’s research and services.
+DIVA.EXCHANGE is developing software with the goal of providing free
+banking technology for everyone. It is secure without a central
+infrastructure, and based on blockchain and I2P technology.*
+{%- endtrans %}
+
+**{% trans -%}What got you interested in I2P?{%- endtrans %}**
+
+{% trans -%}
+About 10 years ago I had a presentation for “Technologieforum Zug” - a
+very local technology network for business guys. I was introducing I2P
+and Tor as overlay networks to them - to show them that other
+interesting things exist out there.
+{%- endtrans %}
+
+{% trans -%}
+I was always very much interested in cryptography related technology. In
+general I can say that my core interests were and still are: networks,
+freedom and privacy on both a technical and social level, interesting
+algos, like HashCash between 2000 and 2010, which was a very well
+working Proof-of-Work algo created at Universities in the UK in the late
+90’s.
+{%- endtrans %}
+
+{% trans -%}
+I2P fascinated me because it is really carefully done - from the
+architecture to the implementation in Java and C++. Personally I prefer
+de-coupled and small programs doing one thing. Hence I was pretty
+fascinated by the C++ version, I2Pd, which is lean, fast and without
+dependencies. It works very well for me.
+{%- endtrans %}
+
+**{% trans -%}What are the qualities in its technical capacity that aligned with
+your own work or interests?{%- endtrans %}**
+
+{% trans -%}
+I adore craftsmanship. That’s art. And I2P is modern craftsmanship. I2P
+creates values for end users values which can’t be bought: autonomy,
+liberty and serenity.
+{%- endtrans %}
+
+{% trans -%}
+I2P fascinates me because it’s agnostic. Anyone can run anything on I2P
+as long as it talks TCP or UDP - and can handle some latency. Really:
+“the network is the computer” and the communication is truly private
+according to the current state of knowledge.
+{%- endtrans %}
+
+**{% trans -%}Who is DIVA for?{%- endtrans %}**
+
+{% trans -%}
+DIVA gets actively developed and therefore the project is for
+researchers, software developers, communicators (writers, illustrators…)
+and for people who want to learn really new stuff in the area of
+distributed technology.
+{%- endtrans %}
+
+{% trans -%}
+Once DIVA grows up - please don’t ask me when - DIVA will be a fully
+distributed, self-hosted bank for everyone.
+{%- endtrans %}
+
+**{% trans -%}Can you tell me about what DIVA does?{%- endtrans %}**
+
+{% trans -%}
+As said, DIVA will be a fully distributed, self-hosted bank for
+everyone. “Banking” means: savings, payments, investments, loans - so
+all that stuff everybody is doing everyday. Please note in this context:
+DIVA works without any central infrastructure and DIVA will never - as
+long as I have something to say - be a coin or token. There can’t be any
+central business model involved. If a transaction creates fees because a
+node of the distributed infrastructure did some work, then these fees
+remain at the node which did the work.
+{%- endtrans %}
+
+{% trans -%}
+Why a “bank”? Because financial liberty and autonomy is key to live a
+good and peaceful life and to be able to make all those smaller and
+larger daily decisions in freedom. Therefore people shall own their
+small and secure technology components to do whatever they like to do
+without being nudged.
+{%- endtrans %}
+
+{% trans -%}
+Well, say hello to DIVA, based on I2P.
+{%- endtrans %}
+
+**{% trans -%}What are your upcoming goals? What are your stretch goals?{%- endtrans %}**
+
+{% trans -%}
+There is a very close goal: understanding the impact of SSU2 which has
+been lately implemented in I2P. This is a technical goal for the next
+few weeks.
+{%- endtrans %}
+
+{% trans -%}
+Then, probably this year: some cryptocurrency transactions using DIVA on
+testnets. Please don’t forget: DIVA is a research project and people
+shall be motivated to do their own stuff with DIVA - the way they need
+it. We don’t run any infrastructure or alike for others except some
+transparent test networks to increase the knowledge and wisdom of
+everyone. It’s recommended to stay in touch with DIVA via social
+networks
+(`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__) or
+chats to be inspired what to do with DIVA.
+{%- endtrans %}
+
+{% trans -%}
+I also want to touch an important part for the I2P community: DIVA is
+based on divachain - which is then based on I2P. Divachain is a very
+generic fully distributed storage layer. So, just as an example: if some
+I2P developer believes that a fully distributed, trustless DNS would be
+a great idea - well, that’s yet another use case of divachain. Fully
+distributed - no trust needed - all anonymous.
+{%- endtrans %}
+
+**{% trans -%}What are some of the other services and contributions you are
+responsible for?{%- endtrans %}**
+
+{% trans -%}
+DIVA.EXCHANGE - which is the open association developing DIVA - runs a
+reseed server for I2P since a few years. So probably almost every I2P
+user got somehow in touch with us in the past. Just a note: the
+DIVA.EXCHANGE reseed server is also available as .onion service - so I2P
+bootstrapping can be done via the tor network - which is, at least from
+my perspective, an additional protection layer while entering the
+network.
+{%- endtrans %}
+
+{% trans -%}
+DIVA has also created an I2P SAM library. So developers can create any
+modern application based on I2P. It’s on github and getting more and
+more popular:
+`github.com/diva-exchange/i2p-sam/ <http://github.com/diva-exchange/i2p-sam/>`__.
+It’s complete, well documented and offers lots of examples.
+{%- endtrans %}
+
+**{% trans -%}What are some of the priorities you think that anyone who wants to
+contribute to the I2P network should consider?{%- endtrans %}**
+
+{% trans -%}
+Run your I2P node. Take a look at the different flavours, like Docker
+versions of I2Pd, or other installs available for multiple operating
+systems. There are several flavours available and it’s important to be
+comfortable with the local installation and configuration.
+{%- endtrans %}
+
+{% trans -%}
+Then: think about your skills - networking skills, programming skills,
+communication skills? I2P offers lots of interesting challenges: people
+with networking skills might want to run a reseed server - they are very
+important to the network. Programmers might help with the Go, C++ or
+Java version of I2P. And communicators are always needed: talking about
+I2P from an objective and realistic perspective is helping a lot. Every
+little bit is great.
+{%- endtrans %}
+
+{% trans -%}
+Last but not least: if you are a researcher or student - please get in
+touch with us at DIVA.EXCHANGE or the I2P team - research work is
+important for I2P.
+{%- endtrans %}
+
+**{% trans -%}Where do you see the conversation and outlook on tools like I2P now?{%- endtrans %}**
+
+{% trans -%}
+Probably I have to say something about the outlook: I2P is important to
+everyone. I hope that the I2P community - developers, communicators,
+etc. - remains motivated by the few which deeply appreciate their hard
+work on truly challenging technology.
+{%- endtrans %}
+
+{% trans -%}
+I hope that more and more developers see the benefit to develop software
+based on I2P. Because this would create more use cases for end users.
+Then I also hope, that the core I2P programs remain simple and become
+maybe even more de-coupled. Let me make an example what I mean with
+“de-coupled”: user interfaces probably should not be baked into
+applications by developers - because there are front end designers which
+do have great knowledge and years of experience. Developers should just
+create an API, like a unix or websocket or a REST interface, so that
+other services can use the program the way they want it. This makes
+developers and end users happy.
+{%- endtrans %}
+
+**{% trans -%}Can you tell me a bit about your own I2P workflow? What are your own
+use cases?{%- endtrans %}**
+
+{% trans -%}
+I am a developer, tester and researcher. So I need all my stuff in
+containers to remain flexible. I2Pd is running in 1..n containers on
+multiple systems to serve stuff like: feeding reseed requests, serving
+the diva.i2p test website, running parts of the DIVA I2P test network -
+see testnet.diva.exchange and I also have containers to serve my local
+browsers as a combined I2P and Tor proxy.
+{%- endtrans %}
+
+**{% trans -%}How can the I2P community support your work?{%- endtrans %}**
+
+{% trans -%}
+We are on social media, like
+`twitter.com/@DigitalValueX <http://twitter.com/@DigitalValueX>`__ - so
+follow us there. Additionally we would love to see even more involvement
+on `github.com/diva-exchange <http://github.com/diva-exchange>`__ - it
+already got more and more attention in the past months. Thanks a lot for
+that!
+{%- endtrans %}
+
+**{% trans -%}Glossary Of Key Terms{%- endtrans %}**
+
+**{% trans -%}I2P Terms{%- endtrans %}**
+
+**{% trans -%}Reseed Host{%- endtrans %}**
+
+{% trans -%}
+Reseed hosts are needed to for bootstrapping, that is, providing the
+initial set of I2P nodes for your I2P node to talk to. Depending on the
+status of your node it may need to bootstrap every now and then if many
+of the nodes it knows of aren’t contactable.
+{%- endtrans %}
+
+{% trans -%}
+Reseeding is done over an encrypted connection and all of the bootstrap
+information is signed by the reseed host you connect to, making it
+impossible for an unauthenticated source to provide you with false
+information.
+{%- endtrans %}
+
+**{% trans -%}Node/Peer{%- endtrans %}**
+
+{% trans -%}
+A node or peer is part of a network of computers sharing resources. When
+you download and install I2P, you participate in routing traffic for
+others. Every person using I2P is a node or peer. In some cases. people
+can supply more bandwidth or resources than others to the network.
+However, peer diversity is important and the more people who use I2P,
+the stronger the network becomes. When it comes to setting up your node,
+you can customize and configure your connection and workflow with the
+I2P network.
+{%- endtrans %}
+
+**I2Pd (I2Pdaemon)**
+
+{% trans -%}
+I2Pd is a C++ implementation of the I2P protocol is differs from the I2P
+Java software in the following ways:
+{%- endtrans %}
+
+{% trans -%}
+*Java I2P has built-in applications for torrents, e-mail and so on. i2pd
+is just a router which you can use with other software through I2CP
+interface.* *i2pd does not require Java. It’s written in C++.* *i2pd
+consumes less memory and CPU.* *i2pd can be compiled everywhere gcc or
+clang presented (including Raspberry and routers).* *i2pd has some major
+optimizations for faster cryptography which leads to less consumption of
+processor time and energy.*
+{%- endtrans %}
+
+{% trans -%}
+Citation: https://i2pd.readthedocs.io/en/latest/user-guide/FAQ/ Site:
+https://i2pd.website/
+{%- endtrans %}
+
+{% trans -%}
+In terms of the differences or benefits of using either the C++ or Java
+version of I2P, the question often comes up. Recently, idk responded to
+this question on the I2P subreddit. Ultimately, it depends on a persons
+own use case or desired workflow.
+{%- endtrans %}
+
+{% trans -%}
+*Easy-Install Bundle is the best way to use I2P on Windows for people
+just getting started. It will automatically get you from starting the
+router to successfully browsing, every time. However, it doesn’t
+register as a Windows service, so it’s not as good to use as a 24/7
+transit node yet. It contains everything you need to browse, but it’s
+designed around using I2P interactively and not running services,
+necessarily.*
+{%- endtrans %}
+
+{% trans -%}
+*i2pd on the other hand is very light and efficient and is designed
+expressly to run as a service. It’s great at being a 24/7 transit node,
+especially if you install it on your router, or on a Linux server
+somewhere. It’s got less tools built-in though, so if you want to
+torrent or browse, you will need to add those tools externally.*
+{%- endtrans %}
+
+**{% trans -%}Diva Terms{%- endtrans %}**
+
+{% trans -%}
+Konrad has provided insight into of some of the terms used during the
+conversation.
+{%- endtrans %}
+
+**{% trans -%}Bank for Everyone{%- endtrans %}**
+
+{% trans -%}
+The possibility to run locally installed software which is able to do
+everything a well-known bank can: send and receive payments for
+anything, give and receive loans, manage investments, etc. Such banking
+software shall neither be depending on any central software components
+nor supervised or censored by central components. It’s run and managed
+by its owner only with all its benefits and reliabilities. The network
+(see “Blockchain” and “Consensus”) tries to make sure that no network
+participant (a user running his own bank) is able to cheat.
+{%- endtrans %}
+
+**{% trans -%}Blockchain{%- endtrans %}**
+
+{% trans -%}
+A piece of software which is able to reliably store arbitrary data.
+Copies of the software and the storage space is distributed within a
+network of any size where the network participants do not necessarily
+trust each other (or maybe not even know each other). A synonym of
+“blockchain” is “Distributed Layer Technology (DLT)”. A blockchain has
+nothing to do with “coins” or “tokens”. These are just blockchain based
+applications. Blockchain is a base technology which mainly solves the
+problem of “trust & abuse” within a network.
+{%- endtrans %}
+
+**{% trans -%}Consensus{%- endtrans %}**
+
+{% trans -%}
+In a distributed system the majority of the participants need to agree
+on the state of data (the “truth, as defined by the majority” - from a
+data perspective). This is a continuous process driven by locally
+installed software and this is called consensus. There are multiple
+valid consensus algorithms available. Bottom line: all consensus
+algorithms cost something: CPU cycles, communication capacity etc. - in
+short: a bunch of data sets is the input and a single reliable, fully
+distributed data set valid for the majority in the network is the
+output.
+{%- endtrans %}

i2p2www/blog/2022/10/11/SSU2-Transport.rst

@@ -0,0 +1,386 @@
+===========================================
+{% trans -%}SSU2 Transport{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2022-10-11
+   :category: development
+   :excerpt: {% trans %}SSU2 Transport{% endtrans %}
+
+{% trans %}Overview{% endtrans %}
+------------------------------------
+
+{% trans -%}
+I2P has used a censorship-resistant UDP transport protocol "SSU" since 2005.
+We've had few, if any, reports of SSU being blocked in 17 years.
+However, by today's standards of security, blocking resistance,
+and performance, we can do better. Much better.
+{%- endtrans %}
+
+{% trans link1="https://i2pd.xyz/" -%}
+That's why, together with the `i2pd project <{{ link1 }}>`_, we have created and implemented "SSU2",
+a modern UDP protocol designed to the highest standards of security and blocking resistance.
+This protocol will replace SSU.
+{%- endtrans %}
+
+{% trans -%}
+We have combined industry-standard encryption with the best
+features of UDP protocols WireGuard and QUIC, together with the
+censorship resistance features of our TCP protocol "NTCP2".
+SSU2 may be one of the most secure transport protocols ever designed.
+{%- endtrans %}
+
+
+{% trans link1="/spec/proposals/159", link2="/en/docs/transport/ssu", link3="https://en.wikipedia.org/wiki/ElGamal_encryption" -%}
+The Java I2P and i2pd teams are finishing the `SSU2 transport <{{ link1 }}>`_ and we will enable it for all routers in the next release.
+This completes our decade-long plan to upgrade all the cryptography from the original
+Java I2P implementation dating back to 2003.
+SSU2 will replace `SSU <{{ link2 }}>`_, our sole remaining use of `ElGamal <{{ link3 }}>`_ cryptography.
+{%- endtrans %}
+
+- Signature types and ECDSA signatures (0.9.8, 2013)
+- Ed25519 signatures and leasesets (0.9.15, 2014)
+- Ed25519 routers (0.9.22, 2015)
+- Destination encryption types and X25519 leasesets (0.9.46, 2020)
+- Router encryption types and X25519 routers (0.9.49, 2021)
+
+{% trans link1="https://noiseprotocol.org/" -%}
+After the transition to SSU2,
+we will have migrated all our authenticated and encrypted protocols to standard `Noise Protocol <{{ link1 }}>`_ handshakes:
+{%- endtrans %}
+
+- `NTCP2 <{{ spec_url("ntcp2") }}>`_ (0.9.36, 2018)
+- `{% trans %}ECIES-X25519-Ratchet end-to-end protocol{% endtrans %} <{{ spec_url("ecies") }}>`_ (0.9.46, 2020)
+- `{% trans %}ECIES-X25519 tunnel build messages{% endtrans %} <{{ spec_url("tunnel-creation-ecies") }}>`_ (1.5.0, 2021)
+- `SSU2 <{{ proposal_url("159") }}>`_ (2.0.0, 2022)
+
+{% trans -%}
+All I2P Noise protocols use the following standard cryptographic algorithms:
+{%- endtrans %}
+
+- `X25519 <https://en.wikipedia.org/wiki/Curve25519>`_
+- `ChaCha20/Poly1305 AEAD <https://www.rfc-editor.org/rfc/rfc8439.html>`_
+- `SHA-256 <https://en.wikipedia.org/wiki/SHA-2>`_
+
+
+{% trans %}Goals{% endtrans %}
+------------------------------------
+
+- {% trans %}Upgrade the asymmetric cryptography to the much faster X25519{% endtrans %}
+- {% trans %}Use standard symmetric authenticated encryption ChaCha20/Poly1305{% endtrans %}
+- {% trans %}Improve the obfuscation and blocking resistance features of SSU{% endtrans %}
+- {% trans %}Improve the resistance to spoofed addresses by adapting strategies from QUIC{% endtrans %}
+- {% trans %}Improved handshake CPU efficiency{% endtrans %}
+- {% trans %}Improved bandwidth efficiency via smaller handshakes and acknowledgements{% endtrans %}
+- {% trans %}Improve the security of the peer test and relay features of SSU{% endtrans %}
+- {% trans %}Improve the handling of peer IP and port changes by adapting the "connection migration" feature of QUIC{% endtrans %}
+- {% trans %}Move away from heuristic code for packet handling to documented, algorithmic processing{% endtrans %}
+- {% trans %}Support a gradual network transition from SSU to SSU2{% endtrans %}
+- {% trans %}Easy extensibility using the block concept from NTCP2{% endtrans %}
+
+
+{% trans %}Design{% endtrans %}
+------------------------------------
+
+{% trans -%}
+I2P uses multiple layers of encryption to protect traffic from attackers.
+The lowest layer is the transport protocol layer, used for point-to-point links between two routers.
+We currently have two transport protocols:
+NTCP2, a modern TCP protocol introduced in 2018,
+and SSU, a UDP protocol developed in 2005.
+{%- endtrans %}
+
+
+{% trans link1="/spec/i2np" -%}
+SSU2, like previous I2P transport protocols, is not a general-purpose pipe for data.
+Its primary task is to securely deliver I2P's low-level `I2NP messages <{{ link1 }}>`_
+from one router to the next.
+Each of these point-to-point connections comprises one hop in an I2P tunnel.
+Higher-layer I2P protocols run over these point-to-point connections
+to deliver garlic messages end-to-end between I2P's destinations.
+{%- endtrans %}
+
+{% trans -%}
+Designing a UDP transport presents unique and complex challenges not present in TCP protocols.
+A UDP protocol must handle security issues caused by address spoofing,
+and must implement its own congestion control.
+Additionally, all messages must be fragmented to fit within the maximum packet size (MTU)
+of the network path, and reassembled by the receiver.
+{%- endtrans %}
+
+{% trans -%}
+We first relied heavily on our previous experience with our NTCP2, SSU, and streaming protocols.
+Then, we carefully reviewed and borrowed heavily from two recently-developed UDP protocols:
+{%- endtrans %}
+
+- QUIC (`RFC 9000 <https://www.rfc-editor.org/rfc/rfc9000.html>`_, `RFC 9001 <https://www.rfc-editor.org/rfc/rfc9001.html>`_, `RFC 9002 <https://www.rfc-editor.org/rfc/rfc9002.html>`_)
+- `WireGuard <https://www.wireguard.com/protocol/>`_
+
+{% trans -%}
+Protocol classification and blocking by adversarial on-path attackers such
+as nation-state firewalls is not an explicit part of the threat model for those protocols.
+However, it is an important part of I2P's threat model, as our mission is to
+provide an anonymous and censorship-resistant communications system to at-risk users around the world.
+Therefore, much of our design work involved combining the lessons learned from
+NTCP2 and SSU with the features and security supported by QUIC and WireGuard.
+{%- endtrans %}
+
+
+{% trans -%}
+Unlike QUIC, I2P transport protocols are peer-to-peer, with no defined server/client relationship.
+Identities and public keys are published in I2P's network database,
+and the handshake must authenticate participants to those identities.
+{%- endtrans %}
+
+
+{% trans -%}
+A complete summary of the SSU2 design is beyond the scope of this article.
+However, we highlight several features of the protocol below,
+emphasizing the challenges of UDP protocol design and threat models.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}DoS Resistance{% endtrans %}
+`````````````````````````````````````````````````
+
+{% trans -%}
+UDP protocols are especially vulnerable to Denial of Service (DoS) attacks.
+By sending a large amount of packets with spoofed source addresses to a victim,
+an attacker can induce the victim to consume large amounts of CPU and bandwidth to respond.
+In SSU2, we adapt the token concept from QUIC and WireGuard.
+When a router receives a connection request without a valid token,
+it does not perform an expensive cryptographic DH operation.
+It simply responds with small message containing a valid token using inexpensive cryptographic operations.
+If the initiator was not spoofing his address, he will receive the token and the handshake may proceed normally.
+This prevents any traffic amplification attacks using spoofed addresses.
+{%- endtrans %}
+
+
+
+{% trans %}Header Encryption{% endtrans %}
+`````````````````````````````````````````````````
+
+{% trans -%}
+SSU2's packet headers are similar to WireGuard, and are encrypted in a manner similar to that in QUIC.
+{%- endtrans %}
+
+{% trans -%}
+Header encryption is vitally important to prevent traffic classification, protocol identification, and censorship.
+Headers also contain information that would make it easier for attackers to interfere with
+or even decrypt packet contents.
+While nation-state firewalls are mostly focused on classification and possible disruption of TCP traffic,
+we anticipate that their UDP capabilities will increase to meet the challenges of
+new UDP protocols such as QUIC and WireGuard.
+Ensuring that SSU2 headers are adequately obfuscated and/or encrypted was the first task we addressed.
+{%- endtrans %}
+
+{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
+Headers are encrypted using a header protection scheme by XORing with data calculated from known keys,
+using ChaCha20, similar to QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_.
+This ensures that the encrypted headers will appear to be random, without any distinguishable pattern.
+{%- endtrans %}
+
+{% trans link1="https://eprint.iacr.org/2019/624.pdf" -%}
+Unlike the QUIC RFC-9001_ header protection scheme, all parts of all headers, including destination and source connection IDs, are encrypted.
+QUIC RFC-9001_ and `Nonces are Noticed <{{ link1 }}>`_ are primarily focused on encrypting the "critical" part of the header, i.e. the packet number (ChaCha20 nonce).
+While encrypting the session ID makes incoming packet classification a little more complex, it makes some attacks more difficult.
+{%- endtrans %}
+
+{% trans -%}
+Our threat model assumes that censorship firewalls do not have real-time access to I2P's network database.
+Headers are encrypted with known keys published in the network database or calculated later.
+In the handshake phase, header encryption is for traffic classification resistance only,
+as the decryption key is public and the key and nonces are reused.
+Header encryption in this phase is effectively just obfuscation.
+Note that the header encryption is also used to obfuscate the X25519 ephemeral keys in the handshake,
+for additional protection.
+{%- endtrans %}
+
+{% trans -%}
+In the data phase, only the session ID field is encrypted with a key from the network database.
+The critical nonce field is encrypted with a key derived from the handshake,
+so it may not be decrypted even by a party with access to the network database.
+{%- endtrans %}
+
+
+
+
+{% trans %}Packet Numbering, ACKS, and Retransmission{% endtrans %}
+```````````````````````````````````````````````````````````````````````
+
+{% trans link1="/en/docs/api/streaming" -%}
+SSU2 contains several improvements over SSU for security and efficiency.
+The packet number is the AEAD nonce, and each packet number is only used once.
+Acknowledgements (ACKs) are for packet numbers, not I2NP message numbers or fragments.
+ACKs are sent in a very efficient, compact format adapted from QUIC.
+An immediate-ack request mechanism is supported, similar to SSU.
+Congestion control, windowing, timers, and retransmission strategies are not fully specified,
+to allow for implementation flexibility and improvements,
+but general guidance is taken from the RFCs for TCP.
+Additional algorithms for timers are adapted from I2P's `streaming protocol <{{ link1 }}>`_ and SSU implementations.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Connection Migration{% endtrans %}
+`````````````````````````````````````````````````
+
+{% trans -%}
+UDP protocols are susceptible to breakage from peer port and IP changes
+caused by NAT rebinding, IPv6 temporary address changes, and mobile device address changes.
+Previous SSU implementations attempted to handle some of these cases with complex and brittle heuristics.
+SSU2 provides a formal, documented process to detect and validate peer
+address changes and migrate connections to the peer's new address without data loss.
+It prevents migration caused by packet injection or modification by attackers.
+The protocol to implement connection migration is adapted and simplified from QUIC.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Peer Test and Relay{% endtrans %}
+`````````````````````````````````````````````````
+
+
+{% trans -%}
+SSU provides two important services in addition to the transport of I2NP messages.
+First, it supports Peer Test, which is a cooperative scheme to determine local IP
+and detect the presence of network address translation (NAT) and firewall devices.
+This detection is used to update router state, share that state with other transports,
+and publish current address and state in I2P's network database.
+Second, it supports Relaying, in which routers cooperate to traverse firewalls
+so that all routers may accept incoming connections.
+These two services are essentially sub-protocols within the SSU transport.
+{%- endtrans %}
+
+{% trans -%}
+SSU2 updates the security and reliability of these services by
+enhancing them to add more response codes, encryption, authentication,
+and restrictions to the design and implementation.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Performance{% endtrans %}
+--------------------------------------------
+
+{% trans -%}
+The I2P network is a complex mix of diverse routers.
+There are two primary implementations running all over the world on
+hardware ranging from high-performance data center computers to
+Raspberry Pis and Android phones.
+Routers use both TCP and UDP transports.
+While the SSU2 improvements are significant, we do not expect them
+to be apparent to the user, either locally or in end-to-end transfer speeds.
+End-to-end transfers depend on the performance of 13 other routers
+and 14 point-to-point transport links, each of which could be
+SSU2, NTCP2, or SSU.
+{%- endtrans %}
+
+{% trans -%}
+In the live network, latency and packet loss vary widely.
+Even in a test setup, performance depends on configured latency and packet loss.
+The i2pd project reports that maximum transfer rates for SSU2 were over 3 times
+faster than SSU in some tests. However, they completely redesigned their
+SSU code for SSU2 as their previous implementation was rather poor.
+The Java I2P project does not expect that their SSU2 implementation will be any faster than SSU.
+{%- endtrans %}
+
+{% trans -%}
+Very low-end platforms such as Raspberry Pis and OpenWRT may see substantial improvements
+from the elimination of SSU.
+ElGamal is extremely slow and limits performance on those platforms.
+{%- endtrans %}
+
+{% trans -%}
+SSU2 data phase encryption uses ChaCha20/Poly1305, compared to AES with a MD5 HMAC for SSU.
+Both are very fast and the change is not expected to measurably affect performance.
+{%- endtrans %}
+
+{% trans -%}
+Here are some highlights of the estimated improvements for SSU2 vs. SSU:
+{%- endtrans %}
+
+- {% trans %}40% reduction in total handshake packet size{% endtrans %}
+- {% trans %}50% or more reduction in handshake CPU{% endtrans %}
+- {% trans %}90% or more reduction in ACK overhead{% endtrans %}
+- {% trans %}50% reduction in packet fragmentation{% endtrans %}
+- {% trans %}10% reduction in data phase overhead{% endtrans %}
+
+
+
+{% trans %}Transition Plan{% endtrans %}
+--------------------------------------------
+
+{% trans -%}
+I2P strives to maintain backward compatibility, both to ensure network stability,
+and to allow older routers to continue to be useful and secure.
+However, there are limits, because compatibility increases code complexity
+and maintenance requirements.
+{%- endtrans %}
+
+
+{% trans -%}
+The Java I2P and i2pd projects will both enable SSU2 by default in their next releases (2.0.0 and 2.44.0) in late November 2022.
+However, they have different plans for disabling SSU.
+I2pd will disable SSU immediately, because SSU2 is a vast improvement over their SSU implementation.
+Java I2P plans to disable SSU in mid-2023, to support a gradual transition
+and give older routers time to upgrade.
+Because Java I2P release 0.9.36 and i2pd release 2.20.0 (2018) were the first to support NTCP2,
+routers older than that will not be able to connect to i2pd routers 2.44.0 or higher,
+as they have no compatible transports.
+{%- endtrans %}
+
+
+
+
+
+{% trans %}Summary{% endtrans %}
+------------------------------------
+
+{% trans -%}
+The founders of I2P had to make several choices for cryptographic algorithms and protocols.
+Some of those choices were better than others, but twenty years later, most are showing their age.
+Of course, we knew this was coming, and we've spent the last decade planning and implementing cryptographic upgrades.
+As the old saying goes, upgrading things while maintaining backward compatibility
+and avoiding a "flag day" is quite challenging, like changing the tires on the bus while it's rolling down the road.
+{%- endtrans %}
+
+{% trans -%}
+SSU2 was the last and most complex protocol to develop in our long upgrade path.
+UDP has a very challenging set of assumptions and threat model.
+We first designed and rolled out three other flavors of Noise protocols,
+and gained experience and deeper understanding of the security and protocol design issues.
+Finally, we had to research and fully understand other modern UDP protocols - WireGuard and QUIC.
+While the authors of those protocols didn't solve all of our problems for us,
+their documentation of the UDP threat models and their designed countermeasures gave us the
+confidence that we too would be able to complete our task.
+We thank them as well as the creators of all the cryptography we rely on to keep our users safe.
+{%- endtrans %}
+
+
+{% trans -%}
+Expect SSU2 to be enabled in the i2pd and Java I2P releases scheduled for late November 2022.
+If the update goes well, nobody will notice anything different at all.
+The performance benefits, while significant, will probably not be measurable for most people.
+{%- endtrans %}
+
+
+{% trans -%}
+As usual, we recommend that you update to the new release when it's available.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+.. _RFC-9000: https://www.rfc-editor.org/rfc/rfc9000.html
+.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
+.. _RFC-9002: https://www.rfc-editor.org/rfc/rfc9002.html

i2p2www/blog/2022/11/21/2.0.0-Release.rst

@@ -0,0 +1,87 @@
+===========================================
+{% trans -%}2.0.0 Release{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2022-11-21
+   :category: release
+   :excerpt: {% trans %}2.0.0 enables SSU2{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+I2P release 2.0.0 enables our new UDP transport SSU2 for all users, after completion of minor features, testing, and numerous bug fixes.
+{%- endtrans %}
+
+{% trans -%}
+We also have fixes all over, including for the installer, network database, adding to the private address book, the Windows browser launcher, and IPv6 UPnP.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release. The best way to
+maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}i2ptunnel: Support SHA-256 digest proxy authentication (RFC 7616){% endtrans %}
+- {% trans %}SSU2: Connection migration{% endtrans %}
+- {% trans %}SSU2: Immediate acks{% endtrans %}
+- {% trans %}SSU2: Enable by default{% endtrans %}
+
+
+
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}i2ptunnel: Fix IRC USER line filtering{% endtrans %}
+- {% trans %}Installer: Fix path for Windows service, caused local eepsite to be broken{% endtrans %}
+- {% trans %}Installer: Fix error on Windows when username contains a space{% endtrans %}
+- {% trans %}NetDB: Database store message handling fixes{% endtrans %}
+- {% trans %}NetDB: Fix reseeding when clock is skewed{% endtrans %}
+- {% trans %}Router: Deadlock fix{% endtrans %}
+- {% trans %}SSU2: Fix packets exceeding MTU{% endtrans %}
+- {% trans %}SSU2: Fix ping packets less than minimum size{% endtrans %}
+- {% trans %}SSU2: Fix handling of termination acks{% endtrans %}
+- {% trans %}SusiDNS: Fix adding entry to empty address book{% endtrans %}
+- {% trans %}SusiMail: Fix dark theme button icons{% endtrans %}
+- {% trans %}UPnP: IPv6 fix{% endtrans %}
+- {% trans %}Windows: Fix launching preferred browser at startup{% endtrans %}
+
+
+
+
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Deadlock detector improvements{% endtrans %}
+- {% trans %}Debian: Change dependency from libservlet3.1-java to libjsp-api-java and libservlet-api-java{% endtrans %}
+- {% trans %}i2psnark: Increase max pieces to 64K{% endtrans %}
+- {% trans %}i2psnark: Add links to additional instances in the console{% endtrans %}
+- {% trans %}Option to compress router logs{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.0.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+     df3cf4d7fc6c3ed06c7b9de5c8c7b9c692295ecddb0d780e31fc23107e045e5e  i2pinstall_2.0.0_windows.exe
+     b9fe281f28971de674f35cba8c483037bf8ac2d96578cb34f5ee627239d03890  i2pinstall_2.0.0.jar
+     1d50831e72a8f139cc43d5584c19ca48580d72f1894837689bf644c299df9099  i2psource_2.0.0.tar.bz2
+     053864a774470df66517826e10026787dc7a90ba871e6aded018d962ca3c068a  i2pupdate_2.0.0.zip
+     c221a9aadac400697cc79a2202130d766359518aab565ad6e99d64f29b92ff83  i2pupdate.su3
+

i2p2www/blog/2022/11/23/easy_install_bundle_2.0.0.rst

@@ -0,0 +1,34 @@
+==========================================================================================
+{% trans -%}Easy Install 2.0.0 for Windows, OSX delayed by 1 Month{%- endtrans %}
+==========================================================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-11-23
+   :category: release
+   :excerpt: {% trans %}Bugfixes, Stability/Compatibility Improvements and 2.0.0{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans %}
+The I2P Easy-Install bundle for Windows has been released.
+In this release, support has been added for most major browsers, including all major Firefox(Gecko) and Chromium forks.
+Compatibility with external I2P Service installs and un-bundled I2P user installs has been improved.
+The Easy-Install bundle can now detect other I2P routers and prompt the user to launch them instead, if they already have I2P.
+The browser extensions have been updated to the latest versions.
+The Easy-Install now has access to `i2p.plugins.firefox`'s usability mode via the `-usability` command-line flag.
+The default mode is the "Strict" mode where Javascript is disabled by NoScript.
+In usability mode, Javascript is restricted by JShelter.
+For more details, see the profile manager repository at i2pgit.org.
+{% endtrans %}
+
+{% trans %}
+It is recommended that you update to this release for the best security, privacy, and performance, and to help the network.
+{% endtrans %}
+
+{% trans %}
+Due to the departure of the developer/maintainer, the Easy-Install Bundle for OSX will be delayed by a month while we work out the maintainership.
+{% endtrans %}

i2p2www/blog/2022/8/22/1.9.0-Release.rst

@@ -0,0 +1,87 @@
+===========================================
+{% trans -%}1.9.0 Release{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2022-08-22
+   :category: release
+   :excerpt: {% trans %}1.9.0 with SSU2{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+We have spent the last three months working on our new UDP transport protocol "SSU2"
+with a small number of volunteer testers.
+This release completes the implementation, including relay and peer testing.
+We are enabling it by default for Android and ARM platforms, and a small percentage of other routers at random.
+This will allow us to do much more testing in the next three months, finish the connection migration feature,
+and fix any remaining issues.
+We plan to enable it for everyone in the next release scheduled for November.
+No manual configuration is necessary.
+Of course, there's the usual collection of bug fixes in this release as well.
+We also added an automatic deadlock detector that has already found a rare deadlock that is now fixed.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release. The best way to
+maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Add deadlock detector{% endtrans %}
+- {% trans %}Periodically send our RI to connected peers{% endtrans %}
+- {% trans %}SSU MTU/PMTU improvements and fixes{% endtrans %}
+- {% trans %}SSU2 base protocol fixes and improvements{% endtrans %}
+- {% trans %}SSU2 peer test and relay implementation{% endtrans %}
+- {% trans %}SSU2 published address fixes{% endtrans %}
+- {% trans %}SSU2: Enable for Android, ARM, and a small portion of others at random{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Clock: Fix deadlock after clock shift{% endtrans %}
+- {% trans %}Debian: Apparmor profile fixes{% endtrans %}
+- {% trans %}Don't allow family key errors to crash router{% endtrans %}
+- {% trans %}Fix EC family key loading on Android{% endtrans %}
+- {% trans %}Fix EdDSA key loading on Java 15+{% endtrans %}
+- {% trans %}i2psnark: Fix DHT not restarting after router restart{% endtrans %}
+- {% trans %}OSX: Prevent hangs at shutdown after dock right-click quit{% endtrans %}
+- {% trans %}SSU: Fix publishing of MTU in addresses without IPs{% endtrans %}
+- {% trans %}SSU: Fix rare HMAC NPE{% endtrans %}
+- {% trans %}SusiDNS CSS fixes{% endtrans %}
+- {% trans %}Transport: Improve processing after message delivery failure{% endtrans %}
+- {% trans %}UPnP: Don't briefly bind to all addresses at startup{% endtrans %}
+
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Set outproxy to exit.stormycloud.i2p (new installs only){% endtrans %}
+- {% trans %}Disable SSU introductions on Android{% endtrans %}
+- {% trans %}API version: 0.9.55{% endtrans %}
+- {% trans %}New translation: Spanish (Argentina){% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=1.9.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+     fdb2e471fadfda33589697536180df966ec165ab59a0d9c8a623491cc2c8eae3  i2pinstall_1.9.0_windows.exe
+     124a1d917dec1f75dc17b5a062704d5abe259b874655c595a9d8f5fd9494eafd  i2pinstall_1.9.0.jar
+     57f61815098c35593d7ede305f98b9015c4c613c72231ad084e6806a3e2aa371  i2psource_1.9.0.tar.bz2
+     31b8798c7fa75242ed09f671028b85e6acc9d5d9d0a132138debf4cdfbb08f21  i2pupdate_1.9.0.zip
+     7959f1189c50fa8968e72023f614b610016c1d544a16315f05ea6ad4b18677bc  i2pupdate.su3
+

i2p2www/blog/2022/8/28/easy_install_bundle_1.9.0.rst

@@ -0,0 +1,43 @@
+====================================================================
+{% trans -%}Windows Easy-Install Bundle 1.9.0 Release{%- endtrans %}
+====================================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-08-28
+   :category: release
+   :excerpt: {% trans %}Windows Easy-Install Bundle 1.9.0 - Major Stability/Compatibility Improvements{% endtrans %}
+
+{% trans -%}
+This update includes the new 1.9.0 router and major quality-of-life improvements for bundle users
+{%- endtrans %}
+=================================================================================================
+
+{% trans -%}
+This release includes the new I2P 1.9.0 router and is based on Java 18.02.1.
+{%- endtrans %}
+
+{% trans -%}
+The old batch scripts have been phased out in favor of a more flexible and stable solution in the jpackage itself.
+This should fix all bugs related to path-finding and path-quoting which were present in the batch scripts. After
+you upgrade, the batch scripts can be safely deleted. They will be removed by the installer in the next update.
+{%- endtrans %}
+
+{% trans -%}
+A sub-project for managing browsing tools has been started: i2p.plugins.firefox which has extensive capabilities
+for configuring I2P browsers automatically and stably on many platforms. This was used to replace the batch
+scripts but also functions as a cross-platform I2P Browser management tool. Contributions are welcome
+here: http://git.idk.i2p/idk/i2p.plugins.firefox at the source repository.
+{%- endtrans %}
+
+{% trans -%}
+This release improves compatibility with externally-running I2P routers such as those provided by the IzPack
+installer and by third-party router implementations such as i2pd. By improving external router discovery it
+requires less of a system's resources, improves start-up time, and prevents resource conflicts from occurring.
+{%- endtrans %}
+
+{% trans -%}
+Besides that, the profile has been updated to the latest version of the Arkenfox profile. I2P in Private
+Browsing and NoScript have both been updated. The profile has been restructured in order to allow for
+evaluating different configurations for different threat models.
+{%- endtrans %}

i2p2www/blog/2022/8/3/Apple-Silicon-Easy-Install.rst

@@ -0,0 +1,30 @@
+===========================================
+{% trans -%}Apple Silicon Easy Install{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zlatinb
+   :date: 2022-08-03
+   :category: beta
+   :excerpt: {% trans %}Easy Install bundle BETA for Apple Silicon Macs available{% endtrans %}
+
+{% trans -%}
+We are pleased to offer an Easy Install BETA bundle for Mac OS running on Apple Silicon hardware.  You can download it here:
+{%- endtrans %}
+
+`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %}`__
+
+__ https://geti2p.net/en/download/mac
+
+
+**{% trans -%}Speed{%- endtrans %}**
+
+{% trans -%}In our internal benchmarks the cryptographic operations are between 2 and 2.5 times faster than when running the Intel bundle under Rosetta.{%- endtrans %}
+
+**{% trans -%}Known Issues{%- endtrans %}**
+
+ - {% trans -%}Quitting I2P by right-clicking on the dock icon causes I2P to freeze and a "Force Quit" is necessary.  This issue will be fixed for the 1.9 release.{%- endtrans %}
+ - {% trans -%}If you already had an Intel bundle installed on your Mac, you need to modify some settings to prevent in-network updates from reverting you to an Intel bundle.  Please see the instructions on the download page.{%- endtrans %}
+
+**{% trans -%}Thank you for testing!{%- endtrans %}**
+

i2p2www/blog/2022/8/4/Enable-StormyCloud.rst

@@ -0,0 +1,70 @@
+=================================================
+{% trans -%}How to Switch to the StormyCloud Outproxy Service{%- endtrans %}
+=================================================
+
+.. meta::
+   :author: idk
+   :date: 2022-08-04
+   :category: general
+   :excerpt: {% trans %}How to Switch to the StormyCloud Outproxy Service{% endtrans %}
+
+{% trans -%}
+How to Switch to the StormyCloud Outproxy Service
+{%- endtrans %}
+=================================================
+
+**{% trans %}A New, Professional Outproxy{% endtrans %}**
+
+{% trans -%}
+For years, I2P has been served by a single default outproxy, `false.i2p`
+whose reliability has been degrading. Although several competitors
+have emerged to take up some of the slack, they are mostly unable to
+volunteer to serve the clients of an entire I2P implementation by
+default. However, StormyCloud, a professional, non-profit organization
+which runs Tor exit nodes, has started a new, professional outproxy
+service which has been tested by members of the I2P community and which
+will become the new default outproxy in the upcoming release.
+{%- endtrans %}
+
+**{% trans %}Who are StormyCloud{% endtrans %}**
+
+In their own words, StormyCloud is:
+
+{% trans -%}
+  Mission of StormyCloud Inc
+  To defend Internet access as a universal human right. By doing so, the group protects users’ electronic privacy and builds community by fostering unrestricted access to information and thus the free exchange of ideas across borders. This is essential because the Internet is the most powerful tool available for making a positive difference in the world.
+{%- endtrans %}
+
+{% trans -%}
+  Hardware
+  We own all of our hardware and currently colocate at a Tier 4 data center. As of now have a 10GBps uplink with the option to upgrade to 40GBps without the need for much change. We have our own ASN and IP space (IPv4 & IPv6).
+{%- endtrans %}
+
+{% trans -%}
+To learn more about StormyCloud visit their `web site
+<https://www.stormycloud.org/>`_.
+{%- endtrans %}
+
+{% trans -%}
+Or, visit them on `I2P
+<http://stormycloud.i2p/>`_.
+{%- endtrans %}
+
+**{% trans %}Switching to the StormyCloud Outproxy on I2P{% endtrans %}**
+
+{% trans -%}
+To switch to the StormyCloud outproxy *today* you can visit `the Hidden Services Manager
+<http://127.0.0.1:7657/i2ptunnel/edit?tunnel=0>`_. Once you're there, you should change
+the value of **Outproxies** and **SSL Outproxies** to `exit.stormycloud.i2p`. Once you
+have done this, scroll down to the bottom of the page and click on the "Save" button.
+{%- endtrans %}
+
+.. class:: screenshot
+.. image:: /_static/images/stormycloudscreenshot.png
+
+**{% trans %}Thanks to StormyCloud{% endtrans %}**
+
+{% trans -%}
+We would like to thank StormyCloud for volunteering to provide high-quality outproxy
+services to the I2P network.
+{%- endtrans %}

i2p2www/blog/2023/01/09/2.1.0-Release.rst

@@ -0,0 +1,111 @@
+===========================================
+{% trans -%}2.1.0 Release{%- endtrans %}
+===========================================
+
+.. meta::
+   :author: zzz
+   :date: 2023-01-09
+   :category: release
+   :excerpt: {% trans %}2.1.0 with SSU2 and congestion fixes{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+We have learned several things since our 2.0.0 release in November.
+As routers have updated to that release, the network has gone from about 1% to over 60% support for our new SSU2 transport protocol.
+First, we have confirmed that SSU2 is a solid, well designed, and secure protocol.
+Second, however, we have found and fixed numerous minor or rarely-triggered bugs in the implementation of the protocol.
+Cumulatively, the effects of these bugs have reduced the performance of the network.
+{%- endtrans %}
+
+{% trans -%}
+Also, we are aware of increased tunnel count and reduced tunnel build success rate in the network,
+possibly triggered by Bitcoin's new I2P transient address feature,
+but made worse by our SSU2 bugs and other congestion control problems.
+We are working with Bitcoin and other non-Bitcoin projects to reduce I2P network demands.
+We have improved our algorithms to reduce network load during times of congestion.
+We are also collaborating with i2pd to develop common congestion control strategies.
+{%- endtrans %}
+
+{% trans -%}
+Therefore, we have accelerated this release by about six weeks, to get the fixes out to everybody.
+i2pd released their version 2.45.0 last week and the early results are encouraging.
+New protocols, and distributed networks, are difficult to develop.
+Congestion can arrive with little warning and with little clue of the cause.
+Thank you for your patience as we have diagnosed and hopefully fixed the problems.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release. The best way to
+maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Console: New status and banned peers tabs on /peers{% endtrans %}
+- {% trans %}i2ptunnel: Add torsocks support{% endtrans %}
+- {% trans %}i2ptunnel: Add SOCKS tunnel conversion to CONNECT outproxy{% endtrans %}
+- {% trans %}i2ptunnel: Add SOCKS outproxy port configuration{% endtrans %}
+- {% trans %}i2ptunnel: Update encryption type defaults{% endtrans %}
+- {% trans %}Router: Improved congestion detection and handling{% endtrans %}
+- {% trans %}Router: Use compressible padding for destinations and router infos (proposal 161){% endtrans %}
+- {% trans %}SSU: Redesign symmetric NAT detection{% endtrans %}
+
+
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Console: Fix configuration for Argentinian Spanish{% endtrans %}
+- {% trans %}Crypto: Fix LS2 encrypted leasesets, broken since 1.8.0{% endtrans %}
+- {% trans %}i2psnark: Avoid OOM starting large number of torrents{% endtrans %}
+- {% trans %}i2ptunnel: Numerous SOCKS tunnel fixes{% endtrans %}
+- {% trans %}NTCP: Fix rare termination NPE{% endtrans %}
+- {% trans %}Profiles: Fix profile load stopping after hitting corrupt file{% endtrans %}
+- {% trans %}Router: Clock skew handling fixes and improvements{% endtrans %}
+- {% trans %}SSU: Don't publish IPv4 address when configured for IPv6-only{% endtrans %}
+- {% trans %}SSU: Fix handling of banned peers{% endtrans %}
+- {% trans %}SSU2: Peer Test fixes and improvements{% endtrans %}
+- {% trans %}SSU2: Termination fixes and improvements{% endtrans %}
+- {% trans %}SSU2: Token and handshake fixes and improvements{% endtrans %}
+- {% trans %}SSU2: Fix rare packet handling NPE{% endtrans %}
+- {% trans %}SSU2: Fix rare termination IAE{% endtrans %}
+- {% trans %}SSU2: Fix retransmission of session confirmed{% endtrans %}
+- {% trans %}SSU2: Fix attempted connection to ourselves as an introducer{% endtrans %}
+- {% trans %}UPnP: Catch rare assertion error{% endtrans %}
+
+
+
+
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Console: Add leaseset lookup to advanced search form{% endtrans %}
+- {% trans %}i2psnark: Add partial Dutch translation{% endtrans %}
+- {% trans %}i2ptunnel: Allow IRCv3 ACCOUNT and CHGHOST through filter{% endtrans %}
+- {% trans %}SSU2: Preliminary support for disabling SSU1{% endtrans %}
+- {% trans %}Sybil: Add IPv6 address tests{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.1.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+      88e0d49090341f5bfa30299c3fa549c365da57a074ef694cf8201666687e583a  i2pinstall_2.1.0_windows.exe
+      153c7988e7a9f0c2affd1e001d554e2519dd439c08bd7c024643b749db1308c1  i2pinstall_2.1.0.jar
+      83098c1277204c5569284b32b37ef137656b27bfe15ef903eca2da7c269288d1  i2psource_2.1.0.tar.bz2
+      54cf3f146f3a630fc2486f79f24c9cfc59d4c9974df0c4479251624fa7bc12a1  i2pupdate_2.1.0.zip
+      28a6a2f95ba9a613a040976e6d30e6662fc90241f08607f2ce43c6332b9f71bf  i2pupdate.su3
+

i2p2www/blog/2023/01/13/i2p_easy_install_for_windows_2.1.0.rst

@@ -0,0 +1,41 @@
+=============================================================
+{% trans -%}Windows Easy-Install 2.1.0 Release{%- endtrans %}
+=============================================================
+
+.. meta::
+   :author: idk
+   :date: 2023-01-13
+   :category: release
+   :excerpt: {% trans %}Windows Easy-Install Bundle 2.1.0 released to improve stability, performance.{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+The I2P Easy-Install bundle for Windows version 2.1.0 has been released.
+As usual, this release includes an updated version of the I2P Router.
+This release of I2P provides improved strategies for dealing with network congestion.
+These should improve performance, connectivity, and secure the long-term health of the I2P network.
+{%- endtrans %}
+
+{% trans -%}
+This release features mostly under-the-hood improvements to the browser profile launcher.
+Compatibility with Tor Browser Bundle has been improved by enabling TBB configuration through environment variables.
+The Firefox profile has been updated, an the base versions of the extensions have been updated.
+Improvements have been made throughout the codebase and the deployment process.
+{%- endtrans %}
+
+{% trans -%}
+Unfortunately, this release is still an unsigned .exe installer.
+Please verify the checksum of the installer before using it.
+The updates, on the other hand are signed by my I2P signing keys and therefore safe.
+{%- endtrans %}
+
+{% trans -%}
+This release was compiled with OpenJDK 19.
+It uses i2p.plugins.firefox version 1.0.7 as a library for launching the browser.
+It uses i2p.i2p version 2.1.0 as an I2P router, and to provide applications.
+As always it is recommended that you update to the latest version of the I2P router at your earliest convenient opportunity.
+{%- endtrans %}

i2p2www/blog/2023/01/31/mac-easy-install-notarization.rst

@@ -0,0 +1,64 @@
+{% trans -%}
+=======================================
+Update on Mac Easy Install Notarization
+=======================================
+{%- endtrans %}
+.. meta::
+    :author: idk,sadie
+    :date: 2023-01-31
+    :category: release
+    :excerpt: {% trans %}Easy Install Bundle for Mac is stalled{% endtrans %}
+
+{% trans -%}
+The I2P Easy-Install Bundle for Mac has been experiencing stalled updates for the past 2 releases due to the departure of its maintainer.
+It is recommended that users of the Easy-Install bundle for Mac switch to the classic java-style installer which was recently restored to the download page.
+1.9.0 has known security issues and is not suitable for hosting services or any long-term use. Users are advised to migrate away as soon as possible.
+Advanced users of the Easy-Install bundle may work around this by compiling the bundle from source and self-signing the software.
+{%- endtrans %}
+
+{% trans -%}The Notarization Process For MacOS{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{% trans -%}
+There are many steps in the process of distributing an application to Apple users.
+In order to distribute an application as a .dmg securely, the application must pass a notarization process.
+In order to submit an application for notarization, a developer must sign the application using a set of certificates that includes one for code signing, and one for signing the application itself.
+This signing must take place at specific points during the build process, before the final .dmg bundle which is distributed to the end users can be created.
+{%- endtrans %}
+
+{% trans -%}
+I2P Java is a complex application, and because of this it is a process of trial and error to match the types of code used in the application to Apple's certificates, and where the signing takes place to produce a valid timestamp.
+It is due to this complexity that existing documentation for developers is falling short of helping the team understand the correct combination of factors that will result in successful notarization.
+{%- endtrans %}
+
+{% trans -%}
+These difficulties leave the timeline for completing this process difficult to predict.
+We won't know we're done until we are able to clean up the build environment and follow the process end-to-end.
+The good news is that we are down to only 4 errors during the notarization process from more than 50 during the first attempt and can reasonably predict that it will be competed before or in time for the next release in April.
+{%- endtrans %}
+
+{% trans -%}Options for New macOS I2P Installs and Updates{%- endtrans %}
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+{% trans -%}
+New I2P participants can still download the Easy Installer for the macOS 1.9.0 software.
+I hope to have a release ready near the end of April.
+Updates to the latest version will become available as soon as notarization is successful.
+{%- endtrans %}
+
+{% trans -%}
+The classic install options is also available.
+This will require downloading Java and the I2P software via the .jar based installer.
+{%- endtrans %}
+
+`{% trans -%}Jar Install Instructions are available here.{%- endtrans %} <https://geti2p.net/en/download/macos>`_
+
+{% trans -%}
+Easy-Install users can update to that latest version using a locally-produced development build.
+{%- endtrans %}
+
+`{% trans -%}Easy-Install Build Instructions are available here.{%- endtrans %} <https://i2pgit.org/i2p-hackers/i2p-jpackage-mac/-/blob/master/BUILD.md>`_
+
+{% trans -%}
+There is also the option to uninstall the software, remove the I2P configuration directory and reinstall I2P using the .jar installer.
+{%- endtrans %}

i2p2www/blog/2023/02/09/about_the_recent_denial_of_service_attacks.rst

@@ -0,0 +1,23 @@
+{% trans -%}
+==========================================
+About the recent Denial of Service attacks
+==========================================
+{%- endtrans %}
+.. meta::
+    :author: idk,sadie
+    :date: 2023-02-09
+    :category: release
+    :excerpt: {% trans %}I2P remains intact with impaired performance{% endtrans %}
+
+{% trans -%}
+The I2P network is currently being affected by a Denial of Service attack.
+The floodfill function of the network has been affected, resulting in responses being disrupted and tunnel build success rates dropping.
+Participants in the network have experienced difficulties connecting to I2P sites and using I2P services.
+Mitigation strategies are being investigated and implemented gradually.
+{%- endtrans %}
+
+{% trans -%}
+While the attack has degraded performance, the network remains intact and usable.
+Java I2P routers appear to be handling the issues better than i2pd routers for now.
+Various mitigations should begin to appear in dev builds of both Java and C++ routers in the next week.
+{%- endtrans %}

i2p2www/blog/2023/03/13/i2p-release-2.2.0.rst

@@ -0,0 +1,14 @@
+{% trans -%}
+=================
+I2P Release 2.2.0
+=================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-03-13
+    :category: release
+    :excerpt: {% trans %}Moved Post{% endtrans %}
+
+{% trans -%}
+`This blog post has been moved here </en/blog/post/2023/03/13/new_release_2.2.0>`_
+{%- endtrans %}

i2p2www/blog/2023/03/13/new_release_2.2.0.rst

@@ -0,0 +1,89 @@
+{% trans -%}
+=================
+I2P Release 2.2.0
+=================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-03-13
+    :category: release
+    :excerpt: {% trans %}DDoS Mitigations, New Release Maintainer{% endtrans %}
+
+{% trans -%}
+We have elected to move forward the 2.2.0 release date, which will be occurring today, March 13, 2023.
+This release includes a changes across the NetDB, Floodfill, and Peer-Selection components which improve the ability of the router to survive DDOS attacks.
+The attacks are likely to continue, but the improvements to these systems will help to mitigate the risk of DDOS attacks by helping the router identify and de-prioritize routers that appear malicious.
+{%- endtrans %}
+
+{% trans -%}
+This release also adds replay protection to the Streaming subsystem, which prevents an attacker who can capture an encrypted packet from being able to re-use it by sending it to unintended recipients.
+This is a backward-compatible change, so older routers will still be able to use the streaming capabilities of newer routers.
+This issue was discovered and fixed internally, by the I2P development team, and is not related to the DDOS attacks.
+We have never encountered a replayed streaming packet in the wild and do not believe a streaming replay attack has ever taken place against the I2P network at this time.
+{%- endtrans %}
+
+{% trans -%}
+As you may have noticed, these release notes and the release itself have been signed by idk, and not zzz.
+zzz has chosen to step away from the project and his responsibilities are being taken on by other team members.
+As such, the project is working on replacing the network statistics infrastructure and moving the development forum to i2pforum.i2p.
+We thank zzz for providing these services for such a long time.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+
+**DETAILS**
+
+*Changes*
+
+- {% trans %}i2psnark: New search feature{% endtrans %}
+- {% trans %}i2psnark: New max files per torrent config{% endtrans %}
+- {% trans %}NetDB: Expiration improvements{% endtrans %}
+- {% trans %}NetDB: More restrictions on lookups and exploration{% endtrans %}
+- {% trans %}NetDB: Store handling improvements{% endtrans %}
+- {% trans %}NTCP2: Banning improvements{% endtrans %}
+- {% trans %}Profiles: Adjust capacity estimates{% endtrans %}
+- {% trans %}Profiles: Expiration improvements{% endtrans %}
+- {% trans %}Router: Initial support for congestion caps (proposal 162){% endtrans %}
+- {% trans %}Transports: Add inbound connection limiting{% endtrans %}
+- {% trans %}Tunnels: Refactor and improve peer selection{% endtrans %}
+- {% trans %}Tunnels: Improve handling of "probabalistic" rejections{% endtrans %}
+- {% trans %}Tunnels: Reduce usage of unreachable and floodfill routers{% endtrans %}
+
+
+*Bug Fixes*
+
+- {% trans %}Docker: Fix graphs not displaying{% endtrans %}
+- {% trans %}i2psnark: Fix torrents with '#' in the name{% endtrans %}
+- {% trans %}i2psnark standalone: Fix running from outside directory{% endtrans %}
+- {% trans %}i2psnark standalone: Remove "Start I2P" menu item from systray{% endtrans %}
+- {% trans %}i2ptunnel: Fix typo in HTTPS outproxy hostname{% endtrans %}
+- {% trans %}i2ptunnel: Interrupt tunnel build if stop button clicked{% endtrans %}
+- {% trans %}i2ptunnel: Return error message to IRC, HTTP, and SOCKS clients on failure to build tunnels{% endtrans %}
+- {% trans %}NTCP2: Ensure an IPv6 address is published when firewalled and IPv4 is not{% endtrans %}
+- {% trans %}Ratchet: Don't bundle wrong leaseset with ack{% endtrans %}
+- {% trans %}Router: Fixes for symmetric NAT errors on 'full cone' NAT{% endtrans %}
+- {% trans %}SAM: Interrupt tunnel build if client times out{% endtrans %}
+- {% trans %}SSU2: Fix rare peer test NPE{% endtrans %}
+- {% trans %}Sybil: Don't blame i2pd publishing ::1{% endtrans %}
+- {% trans %}Sybil: Memory usage and priority reduction{% endtrans %}
+- {% trans %}Transports: More IP checks{% endtrans %}
+
+
+*Other*
+
+- {% trans %}Blocklist efficiency improvements{% endtrans %}
+- {% trans %}Bundles: Identify Win and Mac bundles in version info{% endtrans %}
+- {% trans %}Console: Identify service installs, revision, and build time in version info{% endtrans %}
+- {% trans %}Console: NetDB search form and tunnels page improvements (advanced only){% endtrans %}
+- {% trans %}Router: Reduce stats memory usage{% endtrans %}
+- {% trans %}Tunnels: Reduce "grace period"{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+
+Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.2.0

i2p2www/blog/2023/06/25/new_release_2.3.0.rst

@@ -0,0 +1,67 @@
+{% trans -%}
+=================
+I2P Release 2.3.0
+=================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-06-25
+    :category: release
+    :excerpt: {% trans %}I2P 2.3.0: Security Fixes, Tweakable Blocklists{% endtrans %}
+
+{% trans -%}
+This release contains fixes for CVE-2023-36325.
+CVE-2023-36325 is a context-confusion bug which occurred in the bloom filter.
+An attacker crafts an I2NP message containing a unique messageID, and sends that messageID to a client.
+The message, after passing through the bloom filter, is not allowed to be re-used in a second message.
+The attacker then sends the same message directly to the router.
+The router passes the message to the bloom filter, and is dropped.
+This leaks the information that the messageID has been seen before, giving the attacker a strong reason to believe that the router is hosting the client.
+This has been fixed by separting the bloom filter's functionality into different contexts based on whether a message came down a client tunnel, an exploratory tunnel, was sent to the router directly.
+Under normal circumstances, this attack takes several days to perform successfully and may be confounded by several factors such as routers restarting during the attack phase and sensitivity to false-positives.
+Users of Java I2P are recommended to update immediately to avoid the attack.
+{%- endtrans %}
+
+{% trans -%}
+In the course of fixing this context confusion bug, we have revised some of our strategies to code defensively, against these types of leaks.
+This includes tweaks to the netDb, the rate-limiting mechanisms, and the behavior of floodfill routers.
+{%- endtrans %}
+
+{% trans -%}
+This release adds not_bob as a second default hosts provider, and adds `notbob.i2p <http://notbob.i2p>`_ and `ramble.i2p <http://ramble.i2p>`_ to the console homepage.
+{%- endtrans %}
+
+{% trans -%}
+This release also contains a tweakable blocklist.
+Blocklisting is semi-permanent, each blocked IP address is normally blocked until the router is restarted.
+Users who observe explosive blocklist growth during sybil attacks may opt-in to shorter timeouts by configuring the blocklist to expire entries at an interval.
+This feature is off-by-default and is only recommended for advanced users at this time.
+{%- endtrans %}
+
+{% trans -%}
+This release also includes an API for plugins to modify with the Desktop GUI(DTG).
+It is now possible to add menu items to the system tray, enabling more intuitive launching of plugins which use native application interfaces.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**DETAILS**
+
+*Changes*
+
+- {% trans %}netDb: Throttle bursts of netDB lookups{% endtrans %}
+- {% trans %}Sybil/Blocklist: Allow users to override blocklist expiration with an interval{% endtrans %}
+- {% trans %}DTG: Provide an API for extending DTG with a plugin{% endtrans %}
+- {% trans %}Addressbook: add notbob's main addressbook to the default subscriptions.{% endtrans %}
+- {% trans %}Console: Add Ramble and notbob to console homepage{% endtrans %}
+
+*Bug Fixes*
+
+- {% trans %}Fix replay attack: CVE-2023-36325{% endtrans %}
+- {% trans %}Implement handling of multihomed routers in the netDb{% endtrans %}
+- {% trans %}Fully copy new leaseSets when a leaseSet recievedAsPublished overwrites a leaseSet recievedAsReply{% endtrans %}
+
+Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.3.0

i2p2www/blog/2023/07/10/easy-install_for_windows_release_2.3.0.rst

@@ -0,0 +1,45 @@
+{% trans -%}
+=======================================
+Easy-Install for Windows 2.3.0 Released
+=======================================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-07-10
+    :category: release
+    :excerpt: {% trans %}Easy-Install for Windows 2.3.0 Released{% endtrans %}
+
+
+{% trans -%}
+The I2P Easy-Install bundle for Windows version 2.3.0 has now been released.
+As usual, this release includes an updated version of the I2P router.
+This extends to security issues which affect people hosting services on the network.
+{%- endtrans %}
+
+{% trans -%}
+This will be the last release of the Easy-Install bundle which will be incompatible with the I2P Desktop GUI.
+It has been updated to include new versions of all included webextensions.
+A longstanding bug in I2P in Private Browsing which makes it incompatible with custom themes has been fixed.
+Users are still advised to *not* install custom themes.
+Snark tabs are not automatically pinned to the top of the tab order in Firefox.
+Except for using alternate cookieStores, Snark tabs now behave as normal browser tabs.
+{%- endtrans %}
+
+{% trans -%}
+**Unfortunately, this release is still an unsigned `.exe` installer.**
+Please verify the checksum of the installer before using it.
+**The updates, on the other hand** are signed by my I2P signing keys and therefore safe.
+{%- endtrans %}
+
+{% trans -%}
+This release was compiled with OpenJDK 20.
+It uses i2p.plugins.firefox version 1.1.0 as a library for launching the browser.
+It uses i2p.i2p version 2.3.0 as an I2P router, and to provide applications.
+As always it is recommended that you update to the latest version of the I2P router at your earliest convenient opportunity.
+{%- endtrans %}
+
+- `Easy-Install Bundle Source <http://git.idk.i2p/i2p-hackers/i2p.firefox/-/tree/i2p-firefox-2.3.0>`_
+- `Router Source <http://git.idk.i2p/i2p-hackers/i2p.i2p/-/tree/i2p-2.3.0>`_
+- `Profile Manager Source <http://git.idk.i2p/i2p-hackers/i2p.plugins.firefox/-/tree/1.1.0>`_
+
+

i2p2www/blog/2023/12/18/i2p-release-2.4.0.rst

@@ -0,0 +1,103 @@
+{% trans -%}
+=================================================================
+I2P 2.4.0 Release with Congestion and NetDB Security improvements
+=================================================================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-12-18
+    :category: release
+    :excerpt: {% trans %}{% endtrans %}
+
+{% trans -%}
+Update details
+{%- endtrans %}
+============================================
+
+{% trans -%}
+This release, I2P 2.4.0, continues our effort to improve the security and stability of the I2P network.
+It contains significant improvements to the Network Database, an essential structure within the I2P network used for disovering your peers.
+{%- endtrans %}
+
+{% trans -%}
+The congestion handling changes will improve network stability by giving routers the ability to relieve congested peers by avoiding them.
+This will help the network limit the effect of tunnel spam.
+It will also help the network heal during and after DDoS attacks.
+{%- endtrans %}
+
+{% trans -%}
+The NetDb changes also help secure individual routers and the applications that use them. 
+Routers can now defend against attackers by separating the NetDB into multiple "Sub-DB's" which we use to prevent information leaks between applications and the router.
+This also improves the information available to Java routers about their NetDB activity and simplifies our support for multihoming applications.
+{%- endtrans %}
+
+{% trans -%}
+Also included are a number of bug fixes and enhancements across the I2PSnark and SusiMail applications.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}i2psnark: Uncomment and fix local torrent file picker{% endtrans %}
+- {% trans %}NetDB: Lookup handler/throttler fixes{% endtrans %}
+- {% trans %}Router: Restructure netDb to isolate data recieved as a client from data recieved as a router{% endtrans %}
+- {% trans %}Router: Implement handling and penalties for congestion caps{% endtrans %}
+- {% trans %}Router: Temporarily ban routers publishing in the future{% endtrans %}
+- {% trans %}Transports: Disable SSU 1{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Addressbook: Workaround for i2p-projekt.i2p etag bug (Gitlab #454){% endtrans %}
+- {% trans %}Console: Clear out "proxy must be running" status after success{% endtrans %}
+- {% trans %}Console: Don't lose tabs in log messages{% endtrans %}
+- {% trans %}Console: Fix sidebar not immediately showing results of manual update check{% endtrans %}
+- {% trans %}Console: Fix visibility of radio/checkboxes (light theme){% endtrans %}
+- {% trans %}Console: Prevent overflow of sidebar status{% endtrans %}
+- {% trans %}Debian: Change JRE dependency order (Gitlab #443, Debian #1024461){% endtrans %}
+- {% trans %}i2psnark: Increase comment bucket size to reduce duplicates{% endtrans %}
+- {% trans %}i2psnark: Prevent start-all from within search results erroring (Gitlab #445){% endtrans %}
+- {% trans %}i2ptunnel: Exempt tunnel name from XSS filter (Gitlab #467){% endtrans %}
+- {% trans %}i2ptunnel: Fix gzip footer check in GunzipOutputStream (Gitlab #458){% endtrans %}
+- {% trans %}i2ptunnel: Remove nonstandard Proxy-Connection headers (Gitlab #452){% endtrans %}
+- {% trans %}NTCP2: Fix updating address on transition to firewalled (Gitlab #435){% endtrans %}
+- {% trans %}SAM: Fix accept after soft restart (Gitlab #399){% endtrans %}
+- {% trans %}SAM: Reset incoming socket if no subsession is matched (Gitlab #456){% endtrans %}
+- {% trans %}SSU2: Fix uncaught IAE caused by itags with zero values (Gitlab #415){% endtrans %}
+- {% trans %}SSU2: Prevent rare IAE in peer test timer (Gitlab #433){% endtrans %}
+- {% trans %}Susimail: Dark theme fixes{% endtrans %}
+- {% trans %}Susimail: Fix binary content-encoding{% endtrans %}
+- {% trans %}Susimail: Fix incorrect "previous" icons{% endtrans %}
+- {% trans %}Susimail: Fix setting encoding for attachments{% endtrans %}
+- {% trans %}Susimail: Flush output to fix truncated mails{% endtrans %}
+- {% trans %}Sybil: Don't ban NAT64 addresses{% endtrans %}
+- {% trans %}Transport: Fix NPE during soft restart (Gitlab #437){% endtrans %}
+- {% trans %}UPnP: Fix handing of multiple IGDs{% endtrans %}
+- {% trans %}UPnP: Fix missing port in Host header causing failures on libupnp-based devices{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- API 0.9.61
+- {% trans %}Translation updates{% endtrans %}
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.4.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+      d08db62457d4106ca0e36df3487bdf6731cbb81045b824a003cde38c7e1dfa27  i2pinstall_2.4.0_windows.exe
+      ef5f3d0629fec292aae15d027f1ecb3cc7f2432a99a5f7738803b453eaad9cad  i2pinstall_2.4.0.jar
+      30ef8afcad0fffafd94d30ac307f86b5a6b318e2c1f44a023005841a1fcd077c  i2psource_2.4.0.tar.bz2
+      97be217bf07319a50b6496f932700c3f3c0cceeaf1e0643260d38c9e6e139b53  i2pupdate_2.4.0.zip
+      8f4a17a8cbadb2eabeb527a36389fd266a4bbcfd9d634fa4f20281f48c486e11  i2pupdate.su3
+

i2p2www/blog/2023/4/12/new_release_2.2.1.rst

@@ -0,0 +1,40 @@
+{% trans -%}
+=================
+I2P Release 2.2.1
+=================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2023-04-12
+    :category: release
+    :excerpt: {% trans %}Packaging Fixes{% endtrans %}
+
+{% trans -%}
+After the I2P 2.2.0 release, which was moved forward to accelerate mitigations for the DDOS attacks, we learned about a few developing issues which made it necessary to build and release new packages.
+This release fixes an issue within Ubuntu Lunar and Debian Sid where the router console was inaccessible using an updated version of the jakarta package.
+Docker packages were not reading arguments correctly, resulting in inaccessible configuration files.
+This issue has also been resolved.
+The docker container is now also compatible with Podman.
+{%- endtrans %}
+
+{% trans -%}
+This release syncs translations with transifex and updates the GeoIP database.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**DETAILS**
+
+*Changes*
+
+- {% trans %}Fix missing Java options in docker/rootfs/startapp.sh{% endtrans %}
+- {% trans %}Detect when running in Podman instead of regular Docker{% endtrans %}
+- {% trans %}Update Tor Browser User-Agent String{% endtrans %}
+- {% trans %}Update local GeoIP database{% endtrans %}
+- {% trans %}Remove invalid signing keys from old installs{% endtrans %}
+- {% trans %}Update Tomcat version in Ubuntu Lunar and Debian Sid{% endtrans %}
+
+Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.2.1

i2p2www/blog/2024/03/29/many-masks-one-mind.rst

@@ -0,0 +1,84 @@
+{% trans -%}
+========================================
+Many Masks, One Mind: Securing the NetDB
+========================================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2024-03-29
+    :category: development
+    :excerpt: {% trans %}Many Masks, One Mind: Securing the NetDB{% endtrans %}
+
+{% trans -%}
+Author's note: the attacks referred to in this article are not possible against current versions of I2P.
+{%- endtrans %}
+
+{% trans -%}
+As a self-organizing peer-to-peer network, I2P relies on the routers participating in the network to have a way to share information about what is on the network and how to reach it.
+I2P routers achieve this information sharing using the NetDB, a DHT based on Kademlia but modified to work for I2P.
+The NetDB needs to share two main kinds of entries, "RouterInfos" which peers will use to communicate with other routers directly, and "LeaseSets" which other peers will use to communicate with I2P clients through anonymous tunnels.
+Routers are frequently commmunicating NetDB entries with eachother, either by sending the information to a router or client, or requesting information from a router or client.
+This means that the entries can arrive directly or indirectly, anonymously or non-anonymously, depending on the needs of the network and the capabilities of the client.
+However, as an anonymizing network, it is also important that it remain impossible for information sent anonymously to be requested back non-anonymously.
+It is also important and for information sent non-anonymously to be impossible to request back anonymously.
+If it becomes possible for either of those situations to occur, then a linking attack may be carried out which allows an attacker to determine if a clients and routers are sharing a common view of the NetDB.
+If it can be reliably determined that the 2 targets share a common view of the NetDB, then there's a very good chance they are on the same router, weakening the target's anonymity drastically.
+Because there are so few anonymizing networks, and I2P is the only one where the routing table is shared via the operation of a DHT, this class of attack is all but unique to I2P and its resolution is important to I2P's success.
+{%- endtrans %}
+
+{% trans -%}
+Consider the following scenario: There is an I2P router hosting an I2P client.
+The router publishes a RouterInfo, and the I2P client publishes its LeaseSet.
+Because they are both published in the NetDB, other I2P routers can query the NetDB to discover how to communicate with them.
+This is normal and essential to the operation of an overlay network of the type implemented by I2P.
+An attacker runs an I2P router and queries the NetDB for the target RouterInfo and the target LeaseSet.
+It then crafts a new LeaseSet which is unique and and potentially even fake, and sends it down a tunnel to the LeaseSet for the client it is targeting for attack.
+The client processes the crafted LeaseSet and adds it to its own NetDB.
+The attacker then requests the crafted LeaseSet back directly, from the router, using the RouterInfo it got from the NetDB.
+If the crafted LeaseSet is received back as a reply, then the attacker can conclude that the target client and the target router share a common view of the NetDB.
+{%- endtrans %}
+
+{% trans -%}
+That is a simple example of a NetDB deanonymization attack class which relies on adding an entry into another person's NetDB with one identity, and then requesting it back out with another identity.
+In this case, the identities in question are the "router" and the "client" identity.
+However, client-to-client linking, which is less damaging, is also possible in some designs.
+Designing a defense against this class of attack requires giving the router a way of determining whether or not it is safe to communicate a piece of information with a potential identity.
+{%- endtrans %}
+
+{% trans -%}
+So how should we think about this problem?
+What we're dealing with here, really, has to do with the linkability of different "identities" on the network.
+The possibility of linking is created because all these identities share a common datastructure which "remembers" who it has communicated with, and who has communicated with it.
+It also "remembers" how that communication occurred.
+{%- endtrans %}
+
+{% trans -%}
+For a moment, we should imagine ourselves as an attacker.
+Imagine if you were trying to discover the identity of a master of disguise.
+You know for sure you have seen his real face, and you know for sure that you regularly communicate with one of his disguises.
+How would you go about establishing that the disguise identity and the real identity belong to the same person?
+I might tell the disguised person a secret.
+If the non-disguised person responds by using the secret information, then I can determine that the non-disguised person knows the secret.
+Under the assumption that the disguised person did not communicate the secret to anyone else, then I can assume that the non-disguised person and the disguised person are in fact, the same person.
+No matter how many masks the master of disguise wears, he has but one mind.
+{%- endtrans %}
+
+{% trans -%}
+In order to successfully protect the identities of I2P clients, I2P needs to be able to perform as a better master of disguise than the one described above.
+It needs to be able to "remember" several important pieces of information about how it has participated in the NetDB and respond appropriately based on those details.
+It must be able to recall:
+{%- endtrans %}
+
+* {% trans -%}Whether a NetDB Entry was received directly, or received down a client tunnel{%- endtrans %}
+* {% trans -%}Whether a NetDB Entry was sent by a peer in response to our lookup, or sent unsolicited{%- endtrans %}
+* {% trans -%}Which NetDB Entry was received down Which client Tunnel{%- endtrans %}
+* {% trans -%}Multiple versions of the same entry for different client tunnels{%- endtrans %}
+
+{% trans -%}
+Structurally, the most understandable and reliable way to handle this pattern is to use "Sub-DBs."
+Sub-DB's are miniature NetDB's which serve to help the NetDB organize entries without losing track.
+Every client gets a Sub-DB for its own use, and the router itself gets a fully-fledged NetDB.
+Using Sub-DB's, we give our master of disguise a rolodex of secrets organized by who shared those secrets with him.
+When a request is sent to a client, it only looks for entries which have been communicated to the client, and when a request is sent to a router, only the router-wide NetDB is used.
+By doing things this way, we resolve not only the simplest form of the attack, but also undermine the potency of the entire attack class.
+{%- endtrans %}

i2p2www/blog/2024/04/08/new_release_i2p_2.5.0.rst

@@ -0,0 +1,93 @@
+{% trans -%}
+=====================
+New Release I2P 2.5.0
+=====================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2024-04-08
+    :category: release
+    :excerpt: {% trans %}I2P 2.5.0 release{% endtrans %}
+
+{% trans -%}
+This release, I2P 2.5.0, provides more user-facing improvements than the 2.4.0 release, which was focused on implementing the NetDB isolation strategy.
+{%- endtrans %}
+
+{% trans -%}
+New features have been added to I2PSnark like the ability to search through torrents.
+Bugs have been fixed to improve compatibility with other I2P torrent clients like BiglyBT and qBittorrent.
+We would like to thank all of the developers who have worked with libtorrent and qBittorrent to enable and improve their I2P support.
+New features have also been added to SusiMail including support for Markdown formatting in emails and the ability to drag-and-drop attachments into emails.
+Tunnels created with the Hidden Services manager now support "Keepalive" which improves performance and compatibility with web technologies, enabling more sophisticated I2P sites.
+{%- endtrans %}
+
+{% trans -%}
+During this release we also made several tweaks to the NetDB to improve its resilience to spam and to improve the router's ability to reject suspicious messages.
+This was part of an effort to "audit" the implementation of "Sub-DB isolation" defenses from the 2.4.0 release.
+This investigation uncovered one minor isolation-piercing event which we repaired.
+This issue was discovered and fixed internally by the I2P team.
+{%- endtrans %}
+
+{% trans -%}
+During this release several improvements were made to the process of releasing our downstream distributions for Android and Windows.
+This should result in improved delivery and availability for these downstream products.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}I2PTunnel: Implement support for Keepalive/Server-side Persistence{% endtrans %}
+- {% trans %}Susimail: Add markdown support for formatted plain-text content{% endtrans %}
+- {% trans %}Susimail: Add HTML Email support{% endtrans %}
+- {% trans %}I2PSnark: Add search capability{% endtrans %}
+- {% trans %}I2PSnark: Preserve private=0 in torrent files{% endtrans %}
+- {% trans %}Data: Store compressed RI and LS{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Susimail: Fix handling of forwarded mail with attachments{% endtrans %}
+- {% trans %}Susimail: Fix handling of forwarded mail with unspecified encoding{% endtrans %}
+- {% trans %}Susimail: Fix forwarding of HTML-only email{% endtrans %}
+- {% trans %}Susimail: Bugfixes in presentation of encoded attachmments, mail body{% endtrans %}
+- {% trans %}I2PSnark: Handle data directory changes{% endtrans %}
+- {% trans %}SSU2: Cancel peer test if Charlie does not have B cap{% endtrans %}
+- {% trans %}SSU2: Treat peer test result as unknown if Charlie is unreachable{% endtrans %}
+- {% trans %}Router: Filter additional garlic-wrapped messages{% endtrans %}
+- {% trans %}I2CP: Prevent loopback messages to same session{% endtrans %}
+- {% trans %}NetDB: Resolve Exploratory/Router isolation-piercing event{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- API 0.9.62
+- {% trans %}Translation updates{% endtrans %}
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.5.0
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+    i2pinstall_2.5.0-0.jar - 61d3720accc6935f255611680b08ba1a414d32daa00d052017630c2424c30069
+    i2pinstall_2.5.0-0_windows.exe - a0d84c519f3c35874a9f661b9f40220e5a1d29716166c682e2bd1ee15ff83f33
+    i2pinstall_2.5.0.jar - 61d3720accc6935f255611680b08ba1a414d32daa00d052017630c2424c30069
+    i2pinstall_2.5.0.jar.sig - c8a6d79909d06ac6bca23d8e890765c6e6ed21a535f7529e0708797fdaf9fc1b
+    i2pinstall_2.5.0_windows.exe - 762b9d672dfff0baccd46f970deb5a2621358d1e2dfc0dd85a78aecda3623ac6
+    i2pinstall_2.5.0_windows.exe.sig - 103a1bd155110514fe9ae075243cc66e2fef866353165b2c806248e15925e957
+    i2psource_2.5.0.tar.bz2 - 6bda9aff7daa468cbf6ddf141c670140de4d1db145329645a90c22c1e5c7bc01
+    i2psource_2.5.0.tar.bz2.sig - a1d0ea6f2051ed0643bc2c0207a2cf594f2b2bc4303ac49cd6a43baaf0558f62
+    i2pupdate-2.5.0.su3 - 7bcfc3df3a14a0b9313b9a0fe20e56db75267d5afcfd8a3203fbfcfac46deae4
+    i2pupdate-2.5.0.su3.torrent - a7dd76348bf404d84a67bda8b009d54cc08748c036988dbe78bff6ca6928950c
+    i2pupdate.su3 - 7bcfc3df3a14a0b9313b9a0fe20e56db75267d5afcfd8a3203fbfcfac46deae4
+    i2pupdate.zip - d0a4cfe6cb587e0ffabcfb6012682f400a38ee87f23fa90f8a18f25e77b742d8
+    i2pupdate_2.5.0.zip - d0a4cfe6cb587e0ffabcfb6012682f400a38ee87f23fa90f8a18f25e77b742d8
+    i2pupdate_2.5.0.zip.sig - 411eb4ca31e2984dae4c943136411e8ee85435f59749391edefec07509cfd5af 
+

i2p2www/blog/2024/04/25/stormy_weather.rst

@@ -0,0 +1,21 @@
+{% trans -%}
+==============
+Stormy Weather
+==============
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2024-04-25
+    :category: release
+    :excerpt: {% trans %}Stormy Weather{% endtrans %}
+
+{% trans -%}
+The I2P network is currently under a Denial-of-Service attack.
+This attack affects I2P and i2pd but in different ways and is having a serious effect on network health.
+Reachability of I2P sites is badly degraded.
+{%- endtrans %}
+
+{% trans -%}
+If you are hosting a service inside I2P and it is hosted on a Floodfill router, you should consider multihoming the service on a Floodfill-disabled router to improve reachability.
+Other mitigations are being discussed but a long-term, backward-compatible solution is still being worked on.
+{%- endtrans %}

i2p2www/blog/2024/05/06/i2p_2.5.1_released.rst

@@ -0,0 +1,60 @@
+{% trans -%}
+=====================
+New Release I2P 2.5.1
+=====================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2024-05-06
+    :category: release
+    :excerpt: {% trans %}I2P 2.5.1 Release{% endtrans %}
+
+{% trans -%}
+I2P 2.5.1 is being released to address Denial-of-Service Attacks affecting the I2P network and services.
+With this release we disable the IP-based parts of the Sybil attack detection tool which were targeted to amplify the effect and duration of the attack.
+This should help the network return to normal operation.
+Those of you who have disabled the Sybil attack detection tool may safely re-enable it.
+Adjustments to other subsystems to improve RouterInfo validation and peer selection have also been made.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Susimail: Add search box{% endtrans %}
+- {% trans %}Susimail: UI Improvements{% endtrans %}
+- {% trans %}NetDB: Don't lookup RI if on banlist{% endtrans %}
+- {% trans %}Tomcat: update to 9.0.88{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Sybil: Disable IP-Closeness Checks in Sybil Attack Analysis Tool{% endtrans %}
+- {% trans %}Profiles: Don't update last heard from if tunnel fails{% endtrans %}
+- {% trans %}NetDB: Improve validation of RI's before storing, sending RI's{% endtrans %}
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.5.1
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+    1b0c1a12e64bd6dabd894a297b7bfd60ebe218a9177086f27367b8d4f1e30ab9  i2pinstall_2.5.1-0.jar
+    f9b2038cc6376a7b67a7cbc6ff07046b0a5f6146658dfb910ca4532c81263177  i2pinstall_2.5.1-0_windows.exe
+    1b0c1a12e64bd6dabd894a297b7bfd60ebe218a9177086f27367b8d4f1e30ab9  i2pinstall_2.5.1.jar
+    d0150a4f7abcdc85cddae277fa951c2ee76ccc7403d98cd255791ac752a7e36b  i2pinstall_2.5.1.jar.sig
+    f9b2038cc6376a7b67a7cbc6ff07046b0a5f6146658dfb910ca4532c81263177  i2pinstall_2.5.1_windows.exe
+    4bc7e59ee0036389a0f76fc76b2303eeae62bf6eaaf608c9939226febf9ddeae  i2psource_2.5.1.tar.bz2
+    251293c39c333bd7d8ad01235ef15bccf15df1b72dd18917de06cdb212b7801f  i2psource_2.5.1.tar.bz2.sig
+    163b7fe3e9941bd412bad1b80f34e2a8cd1ade2e77cbe4cfb58eca42f3ca4b62  i2pupdate-2.5.1.su3
+    461b5fe51d2d953ba798eee867e434b4bf234911418c0dd5560b558f755f6657  i2pupdate-2.5.1.su3.torrent
+    a4db0e6a9ee56df2d9bb2b12d9eb3a04501aeeac83773817f62565e632d88228  i2pupdate_2.5.1.zip
+    c592bc6d1ffcc988f021bbd30ea6e5063f31bb5175846be96c5c2724294bd99b  i2pupdate_2.5.1.zip.sig
+    163b7fe3e9941bd412bad1b80f34e2a8cd1ade2e77cbe4cfb58eca42f3ca4b62  i2pupdate.su3
+    a4db0e6a9ee56df2d9bb2b12d9eb3a04501aeeac83773817f62565e632d88228  i2pupdate.zip

i2p2www/blog/2024/05/15/2.5.2-Release.rst

@@ -0,0 +1,50 @@
+===========================================
+{% trans -%}2.5.2 Release{%- endtrans %}
+===========================================
+
+.. meta::
+    :author: zzz
+    :date: 2024-05-15
+    :category: release
+    :excerpt: {% trans %}2.5.2 Release with HTTP fix{% endtrans %}
+
+{% trans -%}
+I2P 2.5.2 is released to fix a bug introduced in 2.5.0 causing truncation of some HTTP content.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Console: Update rrd4j to 3.9.1-preview{% endtrans %}
+- {% trans %}Router: Publish G cap if symmetric natted{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}i2ptunnel: Fix bug causing truncation of some HTTP content{% endtrans %}
+- {% trans %}i2ptunnel: Fix custom option form width (light theme){% endtrans %}
+- {% trans %}Tunnels: Fix selection of peers with expired RIs{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Translation updates{% endtrans %}
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.5.2
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+     1aa1ac29620886a7d744424318287c67dc9ead488e6ab434848597ee9db7ce18  i2pinstall_2.5.2_windows.exe
+     751f48cfb380c8796bd645621b149114d55f32cd4330784cb287be9413b02569  i2pinstall_2.5.2.jar
+     f23d0746d72a55cccbd17f40762e491ae1b42cdf55d7e73404d213a84985ca73  i2psource_2.5.2.tar.bz2
+     adba8b7512d27a44ed876ec4beb39a82ebb34dc243ec024aff289e91823fc0c7  i2pupdate_2.5.2.zip
+     0d1d09d3d8199ea1a2ea983f5023125449ea55e93e20f5fbf1b7ad9e466bb6fc  i2pupdate.su3

i2p2www/blog/2024/07/19/2.6.0-Release.rst

@@ -0,0 +1,67 @@
+============================================
+{% trans -%}I2P 2.6.0 Release{%- endtrans %}
+============================================
+
+.. meta::
+    :author: idk
+    :date: 2024-07-19
+    :category: release
+    :excerpt: {% trans %}I2P 2.6.0 Release{% endtrans %}
+
+{% trans -%}
+This release, I2P 2.6.0, continues our work by fixing bugs, adding features, and improving the network's reliability.
+{%- endtrans %}
+
+{% trans -%}
+Newer routers will be favored when selecting floodfill routers.
+I2PSnark received features which improve the performance of PeX(Peer Exchange), in addition to bug fixes.
+Legacy transport protocols are being removed, simplifying the code in the UDP transports.
+Locally-hosted destination will be reachable by local clients without requesting their LeaseSet, improving performance and testability.
+Additional tweaks were made to peer selection strategies.
+{%- endtrans %}
+
+{% trans -%}
+I2P no longer allows I2P-over-Tor, connections from Tor exit IP addresses are now blocked.
+We discourage this because it degrades the performance of I2P and uses up the resources of Tor exits for no benefit.
+If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each.
+Non-exit relays and Tor clients are unaffected by this and do not need to change anything.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Router: Increase minimum version for floodfill routers{% endtrans %}
+- {% trans %}Router: Disable I2P over Tor{% endtrans %}
+- {% trans %}Address Book: Cache locally hosted destinations{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}I2PSnark: Peer Exchange Tweaks{% endtrans %}
+- {% trans %}I2PSnark: Bugfixes{% endtrans %}
+- {% trans %}Router: Peer Selection Tweaks{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Translation updates{% endtrans %}
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.6.0
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+    13f2e6b3cc9716c89c4d4d3bc9918171fbad5f450171e1c32b1237b5421bc065  i2pinstall_2.6.0_windows.exe
+    42ac34e4c67cf5e2582853f0cf3074f6a73ea59503e1350e1b687cee3f849814  i2pinstall_2.6.0_windows.exe.sig
+    24cda3f04e8c2e976b73bd45d36d0e31217e28fbe3019bf9a9d839b45d60537a  i2pinstall_2.6.0.jar
+    249b35c1e061e194ee18048b0644cc5e2c5cf785ffce655e3124eb959dc189ff  i2psource_2.6.0.tar.bz2
+    2867d752f6fb89a7a5ada4f4123ca601ad8d78ff78f553a9269bf0ddffe724ca  i2pupdate_2.6.0.zip
+    be6ac988497ac0336d21cdfc57bbbe3cc5cffd983ac3282fd8ea11914e18e7ee  i2pupdate.su3

i2p2www/blog/2024/08/06/2.6.1-Release.rst

@@ -0,0 +1,49 @@
+===========================================
+{% trans -%}2.6.1 Release{%- endtrans %}
+===========================================
+
+.. meta::
+    :author: idk
+    :date: 2024-08-06
+    :category: release
+    :excerpt: {% trans %}2.6.1 Release with I2PTunnel UI fix{% endtrans %}
+
+{% trans -%}
+I2P 2.6.1 is released in order to fix a User-Interface bug in the Hidden Services Manager application.
+This bug caused scrolling to be disabled, rendering some configuration inaccessible.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}Graphs: render graphs in svg{% endtrans %}
+- {% trans %}Translations: generate internal translation leaderboard{% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}i2ptunnel: Fix bug causing truncation configuration UI{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Translation updates{% endtrans %}
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.6.1
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+     88e69e0adac66ed41ef1d521c373a40d491fbec1a40f596dbaa56ac67b5c4b0d  i2pinstall_2.6.1_windows.exe
+     c10d74075dac39d0f80c4fa5bbd403ed59aeba5e933e761a0ecf59d8d5afcad1  i2pinstall_2.6.1.jar
+     e6ce1704da6ac44909b9ee74b376e3ba10d27a287840b28caaf51dfae0903901  i2psource_2.6.1.tar.bz2
+     e78fe71186b7b194882132b0392dceb9b4f2ea35cabfcb224739f46f1b11cd53  i2pupdate_2.6.1.zip
+     42a4eac2a1802130f38ee648cc04c0f2cbc6e8ca6975d89235bdf80b3000aded  i2pupdate.su3

i2p2www/blog/2024/08/26/easy-install_for_windows_release_2.6.1.draft.rst

@@ -0,0 +1,14 @@
+===========================================
+{% trans -%}I2P Easy-Install for Windows 2.6.1 Release{%- endtrans %}
+===========================================
+
+.. meta::
+    :author: idk
+    :date: 2024-08-26
+    :category: release
+    :excerpt: {% trans %}I2P Easy-Install Windows 2.6.1 Release with I2PTunnel UI fix{% endtrans %}
+
+{% trans -%}
+This release updates the embedded I2P router to I2P 2.6.1.
+It also updates the embedded I2P Firefox profile to 2.6.2.
+{%- endtrans %}

i2p2www/blog/2024/10/09/i2p-release-2.7.0.rst

@@ -0,0 +1,49 @@
+{% trans -%}
+==================
+I2P 2.7.0 Released
+==================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2024-10-09
+    :category: release
+    :excerpt: {% trans %}I2P 2.7.0 Released{% endtrans %}
+
+{% trans -%}
+This release, I2P 2.7.0, continues our work by fixing bugs, improving performance, and adding features.
+{%- endtrans %}
+
+{% trans -%}
+Access to information from the console and applications has been improved.
+Issues have been fixed in I2PSnark and SusiMail search.
+The netDB search embedded into the router console now operates in a more intuitive and useful way.
+Minor improvements have been made to diagnostic displays in advanced mode.
+{%- endtrans %}
+
+{% trans -%}
+Bugs have also been fixed to improve compatibility within the network.
+An issue with publishing leaseSets was solved which improves reliability major hidden services.
+I2PSnark no longer changes the infohash when a user changes only the trackers on an existing torrent.
+This prevents torrents from being unnecessarily disrupted by these changes.
+We welcomed this contribution from a new contributor.
+A conflict in the handling of a streaming library option was resolved to improve compatibility with other I2P implementations.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.7.0
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+     d70ee549b05e58ded4b75540bbc264a65bdfaea848ba72631f7d8abce3e3d67a  i2pinstall_2.7.0_windows.exe
+     ea3872af06f7a147c1ca84f8e8218541963da6ad97e30e1d8f7a71504e4b0cee  i2pinstall_2.7.0.jar
+     54eebdb1cfdbe6aeb1f60e897c68c6b2921c36ce921350d45d21773256c99874  i2psource_2.7.0.tar.bz2
+     b7fae5181cbd8b60be0d5a05e391f4c9d114748a8240eb64b91ee84da5c659f8  i2pupdate_2.7.0.zip
+     59d3d61eccf3622985b71e06d454f61f32f39baa1eb9064536d295b4a7e7ae4e  i2pupdate.su3

i2p2www/blog/2025/02/03/i2p-release-2.8.0.rst

@@ -0,0 +1,40 @@
+{% trans -%}
+==================
+I2P 2.8.0 Released
+==================
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2025-02-04
+    :category: release
+    :excerpt: {% trans %}I2P 2.8.0 Released{% endtrans %}
+
+{% trans -%}
+This release improves I2P by fixing bugs, removing unused code, and improving network stability.
+{%- endtrans %}
+
+{% trans -%}
+We have improved handling of congested routers in the network.
+Issues in UPnP and NAT traversal were addressed to improve connectivity and error reporting.
+We now have a more aggressive strategy for leaseset removal from the NetDb to improve router performance and mitigate overload.
+Other changes were implemented to reduce the observability of events like a router rebooting or shutting down.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.8.0
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+    
+     f2699359fd7c5a2fddb5730666e61c0dce2184f95507d4f33dcfaca16569b580  i2pinstall_2.8.0_windows.exe
+     32255865c5f89bceab4902ba401c971c5aa238ebe8bc1bfb2153acb6478ce656  i2pinstall_2.8.0.jar
+     06b305c24ed163bb09b1afaa3a8d44b2477eb3eb0e1c84236d210606986bd820  i2psource_2.8.0.tar.bz2
+     3ff1e0c52757a39e20ac864aa610c92f1a1168979b42a61cd1e9284becc0fe22  i2pupdate_2.8.0.zip
+     bfc6fc3c6e2cb486448450d3f08cef6afe2966b57113b17df65cbb53ed6d4a82  i2pupdate.su3

i2p2www/blog/2025/03/17/2.8.1-Release.rst

@@ -0,0 +1,76 @@
+===========================================
+{% trans -%}2.8.1 Release{%- endtrans %}
+===========================================
+
+.. meta::
+    :author: zzz
+    :date: 2025-03-17
+    :category: release
+    :excerpt: {% trans %}2.8.1 Release with local site access fix{% endtrans %}
+
+{% trans -%}
+2.8.1 fixes accesses to local sites that were broken in 2.8.0.
+We have added notification bubbles to several applications in the console to highlight application messages.
+We fixed a tunnel test bug that may have been affecting tunnel reliability.
+The addressbook now has a new "latest" tab that displays the newest hostnames added from your subscriptions.
+There are several dark theme fixes and improvements.
+{%- endtrans %}
+
+{% trans -%}
+We fixed the installer that previously failed on Java 21 or higher.
+We also fixed installing to directory paths that contain spaces on Linux.
+For those of you that use Docker, we updated outdated Docker container and container libraries.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Changes{% endtrans %}**
+
+- {% trans %}New console notification bubbles{% endtrans %}
+- {% trans %}New addressbook sort-by-latest tab{% endtrans %}
+- {% trans %}Add support for .i2p.alt hostnames (RFC 9476){% endtrans %}
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Fix local site access bug{% endtrans %}
+- {% trans %}Fix installer failure on Java 21+ (IzPack 5.2.4){% endtrans %}
+- {% trans %}Fix tunnel tests for outbound client tunnels{% endtrans %}
+- {% trans %}Fix installing to paths with spaces (non-Windows){% endtrans %}
+- {% trans %}Console dark theme fixes and improvements{% endtrans %}
+- {% trans %}Fix AIOOBE on large signed streaming packets{% endtrans %}
+- {% trans %}Fix compression of Router Identities{% endtrans %}
+- {% trans %}Update outdated Docker container and container libraries{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Add logo to first installer panel{% endtrans %}
+- {% trans %}Add progress bar to installer panels{% endtrans %}
+- {% trans %}Use SHA256 pool in Noise{% endtrans %}
+- {% trans %}Move certs page to a debug page tab{% endtrans %}
+- {% trans %}Reduce memory usage in AddressBean{% endtrans %}
+- {% trans %}Set bulk profile for servers and i2psnark{% endtrans %}
+- {% trans %}Prep for tunnel bandwidth parameters (proposal 168){% endtrans %}
+- {% trans %}Proxy error page improvements{% endtrans %}
+- {% trans %}Check key order when parsing RI mappings{% endtrans %}
+- {% trans %}Reduce i2psnark peer check interval{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+`{% trans %}Full list of fixed bugs{% endtrans %}`__
+
+__ http://{{ i2pconv('git.idk.i2p') }}/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.9.0
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+      013f30db4116711fdb5f78f21f55da9a883a7de110f9c5b6d4f1390d60cc3441  i2pinstall_2.8.1_windows.exe
+      a2f590156b6c58574c54860afb196886bc23e609ec26c3797ad0ef27289727f3  i2pinstall_2.8.1.jar
+      6af1b88404527d9f5f88a29434979e048ac9d6fdc6ad7f5edbd0b318a1a1e57d  i2psource_2.8.1.tar.bz2
+      f4018ed081c0980f1cc4bc9e961ba49d7eda54babb06785220e54b54a58e150d  i2pupdate_2.8.1.zip
+      c89433df991876952fa2e4d7ebf2cb8c705911b80f240e6ddd3d8cba4aabed58  i2pupdate.su3

i2p2www/blog/2025/03/29/2.8.2-Release.rst

@@ -0,0 +1,43 @@
+===========================================
+{% trans -%}2.8.2 Release{%- endtrans %}
+===========================================
+
+.. meta::
+    :author: zzz
+    :date: 2025-03-29
+    :category: release
+    :excerpt: {% trans %}2.8.2 Release with SHA256 fix{% endtrans %}
+
+{% trans -%}
+2.8.2 fixes a bug causing SHA256 failures that was introduced in the 2.8.1 release.
+The bug primarily affects high-bandwidth routers.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}RELEASE DETAILS{% endtrans %}**
+
+**{% trans %}Bug Fixes{% endtrans %}**
+
+- {% trans %}Fix SHA256 double-free from Noise{% endtrans %}
+- {% trans %}Clear i2ptunnel bubble count when clearing status messages{% endtrans %}
+
+**{% trans %}Other{% endtrans %}**
+
+- {% trans %}Reduce memory usage in BanlistRenderer{% endtrans %}
+- {% trans %}Use torrent name instead of torrent file name in notifications{% endtrans %}
+- {% trans %}Translation updates{% endtrans %}
+
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+      
+      7658f9ba7e28ab29ffeb3ec1909bf04f5ae391ee159980145ea01bd793c46f80  i2pinstall_2.8.2_windows.exe
+      cd606827a9bca363bd6b3c89664772ec211d276cce3148f207643cc5e5949b8a  i2pinstall_2.8.2.jar
+      039b59fedd4a64aaeb6b74ab974310abdc9c08cb47ef1b8568c718965b50a485  i2psource_2.8.2.tar.bz2
+      71cef41d7184516e42c15dc5105e52ab19960affd571b636e767e8bf8c227075  i2pupdate_2.8.2.zip
+      15d886a9015dcf27ccc25e31b703ef6538b8b777176adf643dfe8ee0ba4984e0  i2pupdate.su3

i2p2www/blog/2025/06/02/2.9.0_release.rst

@@ -0,0 +1,48 @@
+{% trans -%}
+=============
+2.9.0 Release
+=============
+{%- endtrans %}
+.. meta::
+    :author: idk
+    :date: 2025-06-02
+    :category: release
+    :excerpt: {% trans %}I2P 2.9.0 Release{% endtrans %}
+
+{% trans -%}
+I2P 2.9.0 is a maintenance release that includes bug fixes and work on new features.
+{%- endtrans %}
+
+{% trans -%}
+Thread usage has been improved to improve the performance of the i2ptunnel system.
+NTCP2 has been improved to resist probing attacks.
+The notification system has been integrated into more applications to provide better feedback to users from I2PSnark and the other applications.
+Automatic floodfill enrollment has been fixed.
+Users may observe increased resource usage when acting as floodfill.
+If this is not desired, floodfill mode can be disabled on the /config page.
+{%- endtrans %}
+
+{% trans -%}
+A new global map feature is available in the console which shows the locations of routers in your view of the netDb.
+These are the peers that help your router build tunnels and provide services anonymously.
+{%- endtrans %}
+
+{% trans -%}
+Work continues on implementing automatic bandwidth management for tunnels, the Datagram2 protocol, and Post-Quantum cryptography.
+In two releases, at 2.11.0, I2P will require Java 17.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**{% trans %}SHA256 Checksums:{% endtrans %}**
+
+::
+
+      681884cf79f001a360dd3635f7b31e889d407af8c3edb6fe89d841a5421ba563  i2pinstall_2.9.0_windows.exe
+      f4474ca98914f18fce1a4ce37a6b3cd080499919e4202a29b8eae51798f0c7c1  i2pinstall_2.9.0.jar
+      03989319e186d9b06ed96ea0efa6ac95af1bc57af956d7f5f06f52f8da64fcd7  i2psource_2.9.0.tar.bz2
+      1b79b2593bbe60e08da3f84411d48a5f1fe0c8cfd934f1c90d2fece436c1f2b5  i2pupdate_2.9.0.zip
+      2df2d63a65d9d8743098203919693185c910ddd8a53f13e91d5be7d95d1d0e82  i2pupdate.su3

i2p2www/blog/README

@@ -24,17 +24,92 @@ index page). The following metadata is used:
 - **excerpt**: Summary of the post (generally the same as the first line for
   translation purposes). Required, it is displayed on the blog index.
 
+Please use the following standard categories:
+
+- android
+- beta
+- community
+- conferences
+- development
+- general
+- news
+- release
+- security
+
+
 How to use the blog
 -------------------
 
 1. Create a directory path matching the date of the blog post, e.g.
-   'mkdir -p 2014/01/01'
+   'mkdir -p 2014/01/01'. Day and month directories MUST be two digits!
 2. Create a file in that directory with suffix '.rst'. The name of the file and
    the directory path will together be the URL that the post will be visible at
-   e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'
+   e.g. '2014/01/01/Happy-New-Year.rst' -> '/lang/blog/post/2014/01/01/Happy-New-Year'.
+   Use - for spaces in the file name.
 3. Write the blog post in reStructuredText format, taking note of the custom
    format notes above.
 
+Translations
+-------------
+
+Write your post so it may be easily translated.
+Inside {% trans -%}...{%- endtrans %} blocks, put line breaks after long sentences
+or phrases. Do not put line breaks at random places.
+
+
+Links
+-------------
+
+The goal is to keep as much formatting out of the tagged string as possible,
+so that the translators are less likely to inadvertently break the formatting,
+and we can change the link later without breaking translations.
+This also allows us to use macros for converting to .i2p links.
+
+External links:
+
+For full untranslated link text:
+
+`QUIC <https://www.rfc-editor.org/rfc/rfc9000.html>`_
+
+For full translated link text:
+
+`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %}`__
+
+__ https://geti2p.net/en/download/mac
+
+or:
+
+`{% trans %}I2P Mac OS Easy Install bundles{% endtrans %} <https://geti2p.net/en/download/mac>`_
+
+
+For partial translated link text:
+
+{% trans link1="https://...", link2="..." -%}
+Blah blah `link text <{{ link1 }}>`_ more text.
+<%- endtrans %>
+
+Internal links:
+
+As above but use, e.g.
+   `NTCP2 <{{spec_url("ntcp2")}}>`_
+   `SSU2 <{{proposal_url("159")}}>`_
+   This does not work: {% trans link1="{{spec_url('i2np')}}" -%}
+
+
+Multiple links to the same thing:
+
+{% trans -%}
+Blah blah RFC-9001_
+and RFC-9001_ again.
+<%- endtrans %>
+
+.. _RFC-9001: https://www.rfc-editor.org/rfc/rfc9001.html
+
+
+RST guide: https://docutils.sourceforge.io/docs/user/rst/quickref.html#hyperlink-targets
+
+
+
 Writing draft posts
 -------------------
 
@@ -43,6 +118,13 @@ with this suffix will be visible at their post URL, but will not be shown in
 the blog index. To publish the draft post, change the filename to remove the
 '.draft' in the suffix (e.g. git mv foo.draft.rst foo.rst).
 
+Review your formatting before checking in with the linux tool rst2html.
+This will not process translation blocks, of course.
+
+After checking in the draft, navigate to it in your browser and verify
+the formatting is correct, including translation blocks.
+
+
 Creating shortlinks
 -------------------
 

i2p2www/blog/helpers.py

@@ -67,7 +67,8 @@ def get_blog_slugs(num=0):
     # walk over all directories/files
     for v in os.walk(BLOG_DIR):
         # iterate over all files
-        slugbase = os.path.relpath(v[0], BLOG_DIR)
+        slugbase = slug_base_datevalidate(os.path.relpath(v[0], BLOG_DIR))
+        
         for f in v[2]:
             # ignore all non-.rst files and drafts
             if not f.endswith('.rst') or f.endswith('.draft.rst'):
@@ -79,7 +80,39 @@ def get_blog_slugs(num=0):
         return slugs[:num]
     return slugs
 
+# reads a date and if it finds a one-digit representation of a day or month,
+# lengthens it to two
+def slug_base_datevalidate(slugbase):
+    parts = slugbase.split('/')
+    slugParts = []
+    for p in parts:
+        slugParts.append(datevalidate(p))
+    return "/".join(slugParts)
+
+# turns a one-digit date unit into a two-digit date unit
+def datevalidate(slugfrag):
+    if len(str(slugfrag)) == 1:
+        return "0"+str(slugfrag)
+    else:
+        return str(slugfrag)
+
+# turns a two-digit date unit into a one-digit date unit
+def dedatevalidate(slugfrag):
+    if len(str(slugfrag)) == 2:
+        return str(slugfrag).lstrip("0")
+    else:
+        return str(slugfrag)
+
+# reverses slug_base_datevalidate
+def slug_base_dedatevalidate(slugbase):
+    parts = slugbase.split('/')
+    slugParts = []
+    for p in parts:
+        slugParts.append(dedatevalidate(p))
+    return "/".join(slugParts)
+
 def get_date_from_slug(slug):
+    slug = slug_base_datevalidate(slug)
     parts = slug.split('/')
     return "%s-%s-%s" % (parts[0], parts[1], parts[2])
 
@@ -96,12 +129,19 @@ def render_blog_post(slug):
         # check for drafts
         path = safe_join(BLOG_DIR, slug + ".draft.rst")
         if not os.path.exists(path):
-            abort(404)
+            slug = slug_base_dedatevalidate(slug)
+            path = safe_join(BLOG_DIR, slug+".rst")
+            if not os.path.exists(path):
+                path = safe_join(BLOG_DIR, slug + ".draft.rst")
+                if not os.path.exists(path):
+                    abort(404)
 
     # read file
     with codecs.open(path, encoding='utf-8') as fd:
         content = fd.read()
 
+    #print(content)
+
     # render the post with Jinja2 to handle URLs etc.
     rendered_content = render_template_string(content)
 

i2p2www/downloads.py

@@ -20,19 +20,19 @@ DEFAULT_MIRROR = {
 #DEFAULT_MIRROR = {
 #    "net": "clearnet",
 #    "protocol": "https",
-#    "domain": "download.i2p2.de",
+#    "domain": "download.i2p2.no",
 #    "path": "/releases/%(version)s/%(file)s",
 #    "org": "sigterm.no",
-#    "org_url": "https://download.i2p2.de", 
+#    "org_url": "https://download.i2p2.no", 
 #    "country": "no",
 #}
 
-#{
- #   'net': 'clearnet',
- #   'protocol': 'https',
- #   'domain':   'download.i2p2.de',
- #   'org':      'sigterm.no',
- #   'country':  'no',
+#DEFAULT_MIRROR= {
+#    'net': 'clearnet',
+#    'protocol': 'https',
+#    'domain':   'download.i2p2.no',
+#    'org':      'sigterm.no',
+#    'country':  'no',
 #}
 
 DEFAULT_I2P_MIRROR = {
@@ -90,6 +90,10 @@ def downloads_debian():
 def downloads_windows():
     return render_template('downloads/windows.html')
 
+# MacOS-specific page
+def downloads_macos():
+    return render_template('downloads/macos.html')
+
 # AIO-Windows-specific page
 def downloads_easyinstall():
     # TODO: read mirror list or list of available files

i2p2www/legacy.py

@@ -23,6 +23,7 @@ LEGACY_FUNCTIONS_MAP={
     'easyinstall':           {'function': 'downloads_easyinstall',    'params': {}},
     'nsis':           {'function': 'downloads_easyinstall',    'params': {}},
     'windows':           {'function': 'downloads_windows',    'params': {}},
+    'macos':           {'function': 'downloads_macos',    'params': {}},
     'download':      {'function': 'downloads_list',   'params': {}},
     'installation':  {'function': 'downloads_list',   'params': {}},
     'meetings':      {'function': 'meetings_index',   'params': {}},

i2p2www/meetings/logs/313.log

@@ -0,0 +1,119 @@
+(04:00:14 PM) eyedeekay: Hi everybody, welcome to the July 5 Meeting
+(04:00:14 PM) eyedeekay: 1. Hi
+(04:00:14 PM) eyedeekay: 2. 1.9.0 development status
+(04:00:14 PM) eyedeekay: 3. Support for Apple Silicon in the Mac easy-install bundle
+(04:00:14 PM) eyedeekay: 4. Windows easy-install bundle - out of beta?
+(04:00:32 PM) zzz: hi
+(04:00:35 PM) zlatinb: hi
+(04:00:44 PM) mode (-m ) by zzz
+(04:00:55 PM) eyedeekay: Hi guys, anybody else here today?
+(04:01:30 PM) eyedeekay: Moving right into 2. 1.9.0 development status
+(04:04:27 PM) eyedeekay: We are at a little less than 6 weeks in  I think, approx. 7 to go
+(04:04:27 PM) eyedeekay: zzz and orignal have been working hard on the implementation of SSU2 in i2p.i2p and i2pd
+(04:04:27 PM) eyedeekay: It won't be activated in 1.9.0 but if I understand correctly it's nearly done
+(04:04:27 PM) eyedeekay: I've been working on UDP tunnels again, mostly there but something's broken still, I'll probably need to ask zzz for help this week
+(04:04:50 PM) eyedeekay: zzz zlatinb anything else to add
+(04:05:09 PM) zzz: that's right, ssu2 is mostly working
+(04:05:17 PM) zzz: still fixing small bugs
+(04:06:03 PM) zzz: right now I'm working on making tunnel peer selection more efficient (unrelated to ssu2)
+(04:06:03 PM) zzz: other than that, just doing the usual bug fixing
+(04:06:06 PM) zzz: targeting a late august release
+(04:06:08 PM) zzz: EOT
+(04:06:48 PM) eyedeekay: Anyone interested in helping test should visit zzz's forum for instructions and to give feedback: http://zzz.i2p/topics/3314-how-to-enable-ssu2-in-i2p-1-8-0
+(04:07:00 PM) eyedeekay: 3. Support for Apple Silicon in the Mac easy-install bundle
+(04:07:27 PM) eyedeekay: zlatinb this is your topic, take your time
+(04:08:11 PM) zlatinb: hi, the big issue was jbigi but that is now solved via backporting the x18 register patch
+(04:08:59 PM) eyedeekay: So the easy-install bundle no longer needs to run on the emulated x86_64 mode?
+(04:09:15 PM) zlatinb: I would like to put up an official and notarized beta around end of july
+(04:09:42 PM) zlatinb: it has to be a separate download
+(04:09:46 PM) zzz: this would be a second bundle. we'd have two, one for x86 and one for arm
+(04:10:29 PM) zzz: I'm in favor, as it appears the extra dev effort would be small, and the speedup is large. Right?
+(04:10:37 PM) zlatinb: there is a caveat with updates when switching between bundle4s 
+(04:12:21 PM) zzz: sure, as long as there's instructions on how to switch, even if it's as simple as uninstall and reinstall, that should be fine
+(04:13:01 PM) zlatinb: i'll put them on /download/mac
+(04:13:23 PM) zlatinb: the news url needs to be changed manually
+(04:13:51 PM) zzz: the dev effort is small and the speedup is large, correct?
+(04:14:36 PM) zlatinb: speedup is there, also looks good to keep up with the times :)  dev effort except for notarization is small
+(04:14:48 PM) zzz: great. +1
+(04:14:54 PM) eyedeekay: +1
+(04:15:07 PM) zlatinb: thx EOT
+(04:16:02 PM) eyedeekay: Thanks zlatinb
+(04:16:02 PM) eyedeekay: 4. Windows easy-install bundle - out of beta?
+(04:16:35 PM) eyedeekay: I said ~3 months ago that I would be ready to move the easy-install bundle out-of-beta when I had a successful end-to-end update
+(04:18:05 PM) eyedeekay: I got that at 1.7.2 IIRC, but between 1.7.2 and 1.8.0 there were a number of bugs in how it worked when used with an external I2P router(i.e. a non-jpackaged router) in this situation the bundle is intended to work as a firefox-launcher only but this functionality was broken from 1.7.3-1.7.6
+(04:18:30 PM) eyedeekay: So I pushed it back again, but now I'm sure that all of the issues with running in both bundled and non-bundled modes are resolved
+(04:19:38 PM) eyedeekay: So I think it's finally ready to move out of beta, all the core functionality I thought was necessary has been established
+(04:20:49 PM) zzz: here's some things that may still need to be resolved:
+(04:21:18 PM) zzz: - is it just you that is successfully updating or are there other users that are also?
+(04:21:43 PM) zzz: - license requirements all met now?
+(04:22:27 PM) zzz: - are the windows bundle and the mac bundle now on the same JRE and roughly same release schedules?
+(04:22:58 PM) zzz: -- i.e. prepared for the 3-monthly JRE releases
+(04:23:22 PM) zzz: - and the usual question, do we have the resources to support this as an official product
+(04:23:49 PM) zzz: - also, are we removing the non-bundle download like we did for mac? or not?
+(04:23:51 PM) zzz: eot
+(04:25:46 PM) eyedeekay: License requirements are now fixed
+(04:25:46 PM) eyedeekay: I don't get a lot of feedback but at least 2 non-me updaters
+(04:25:46 PM) eyedeekay: I am sticking to LTS JRE, I think zlatinb is doing 18, but yes we are on the same schedule more-or-less
+(04:25:46 PM) eyedeekay: I do not think the resources required to work on the bundle are extensive, the hardest part is getting the build set up and it's not that hard, small investment now that it all works
+(04:25:46 PM) eyedeekay: I kind of want to remove the non-bundled download or possibly make it an "advanced installation" procedure
+(04:28:14 PM) zzz: - I don't think 2 non-you updaters is enough testers to declare it non-beta. Can you pimp it more on reddit or something?
+(04:28:25 PM) eyedeekay: Sure can do
+(04:28:43 PM) eyedeekay: I'm not in a hurry to rush it out
+(04:29:18 PM) zzz: - I'd like to see win and mac on the same JRE. Let's consolidate. I don't know which of you is right, but one of you is
+(04:29:29 PM) zzz: can you two come to an agreement?
+(04:29:43 PM) zzz: or are there reasons to be different?
+(04:30:01 PM) eyedeekay: I'm not married to my decision, I chose LTS strictly because of the statement "LTS"
+(04:30:57 PM) zzz: to be clear, not just the same version, but the same JRE supplier
+(04:31:10 PM) zzz: this will reduce the CVE review required every 3 months
+(04:31:14 PM) eyedeekay: We're both using Oracle right now to my knowledge
+(04:31:34 PM) eyedeekay: The only vendor with a similar update cycle is Amazon
+(04:31:49 PM) eyedeekay: I'd rather use Oracle than Amazon I think
+(04:33:16 PM) zzz: you two should be making these decisions together and in sync. I don't know why you're not and it sounds like you don't know either? :)
+(04:35:22 PM) eyedeekay: No I don't know. We did discuss vendors and update cycles at a couple points which is when we landed on Oracle due to releases being very quick compared to CVE's, but I don't know why I'm on 17 and zlatinb's on 18 now
+(04:36:27 PM) zlatinb: I don't remember the exact reason either
+(04:36:59 PM) zlatinb: maybe I wanted to test the ram reductions
+(04:37:28 PM) zzz: ok. I'm in favor of it coming out of beta, but let's get on the same JRE, get some more testing first and come back to us in a month or two
+(04:38:11 PM) zzz: I also want to think more about whether to remove the standard installer, maybe even worth a separate meeting about that
+(04:40:28 PM) zzz: eot
+(04:40:28 PM) eyedeekay: Re: actual reasons, perhaps a discussion for another time but I know the reason I'm on Oracle/17 is because I needed to pick a vendor who would respond to CVE's in less than 24 hours and because I wanted to ensure that I would have stability in terms of what I could expect from the API's and the JVM. I didn't really consider other reasons
+(04:40:28 PM) eyedeekay: Based on a sample of 1 event, I assessed that Oracle and Amazon were the fastest to release an update.
+(04:40:28 PM) eyedeekay: I considered Amazon because they are packaged in chocolatey which makes life on Windows a lot easier, but decided on Oracle instead
+(04:41:54 PM) eyedeekay: So that's how I landed on Oracle/17, basically out of caution
+(04:41:56 PM) eyedeekay: eot
+(04:41:57 PM) zlatinb: I can go down to 17 but really prefer to stick to oracle
+(04:42:18 PM) eyedeekay: So would I, so we're agreed
+(04:42:48 PM) zlatinb: on a related note i'll be afk until a week after the next jre release
+(04:43:28 PM) eyedeekay: Will we/can we make any arrangement for signing the bundles?
+(04:43:32 PM) zzz: I think you need 18 for the best apple arm support? if so then let's drag windows up to 18 also. But again, you two shouldn't be doing JRE vendor research and selection in separate silos. work together and decide together
+(04:43:32 PM) zlatinb: hopefully there won't be any urgent fixes
+(04:44:22 PM) zzz: we have limited resources, let's not do stuff twice for no reason
+(04:44:23 PM) zlatinb: signing requires deanon
+(04:44:28 PM) eyedeekay: I can push an unsigned bundle and tell people that they'll need to click through the pop-up in the news if need be
+(04:44:52 PM) eyedeekay: Still signed `su3` just not signed `exe`
+(04:45:21 PM) zlatinb: can't "click-through" on mac
+(04:45:31 PM) zlatinb: oh the exe signing is fine 
+(04:45:50 PM) zlatinb: we'\ll do it as  usual
+(04:46:41 PM) eyedeekay: OK then. Let me know if there's anything I can do(less rapidly deanoning) to help
+(04:47:39 PM) zlatinb: Nothing really other than take down the mac download page in the worst case
+(04:47:55 PM) eyedeekay: Well you have my signal number if you need me to do it
+(04:48:23 PM) zlatinb: ok.  it would be for a week at most
+(04:48:52 PM) zzz: eyedeekay, you're not setting the news URL in the feed, search for CHANGEME_URL_HERE :)
+(04:49:19 PM) eyedeekay: OMG I can't believe I missed that
+(04:49:29 PM) eyedeekay: Will do
+(04:49:32 PM) zzz: i put that in there a while back so you'd remember, I guess it didn't work (((
+(04:50:20 PM) eyedeekay: Re: Java 18 and Apple hardware, zzz just mentioned that 18 may have better support? If that's the case than that would be a thing I didn't know before and a reason to use 18 instead, can you confirm that?
+(04:51:39 PM) zlatinb: haven't done my homework on that sorry
+(04:51:53 PM) zzz: maybe a wild guess on my part, but don't need to decide in this meeting
+(04:52:17 PM) zlatinb: but if linux arm support is any indication it's very likely
+(04:52:34 PM) zlatinb: history of*
+(04:52:45 PM) zzz: but in general, newer is better, so isn't the point of bundling the JRE in a "easy bundle" is to have the latest?
+(04:53:19 PM) eyedeekay: I don't know, sometimes stable is better, and sometimes "easy" is somewhere in between
+(04:53:55 PM) zzz: that's why putting a LTS in a bundle doesn't make sense to me. 
+(04:58:29 PM) eyedeekay: Probably won't settle it today, but maybe I'm wrong about 17. zlatinb do you have a time that would be good this week to hammer out the 17/18 debate?
+(05:00:05 PM) zlatinb: generally any time is good and also bad because of my injury unless you want to get on a call
+(05:01:05 PM) eyedeekay: I'm happy to get on a call, we can figure out a time in private
+(05:01:18 PM) zlatinb: ack
+(05:01:43 PM) eyedeekay: Anything else for 4?
+(05:01:48 PM) eyedeekay: Or for the meeting?
+(05:01:53 PM) eyedeekay: Timeout 1m
+(05:03:46 PM) eyedeekay: All right thanks everybody for coming

i2p2www/meetings/logs/313.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, July 5, 2022 @ 20:00 UTC
+=========================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb

i2p2www/meetings/logs/314.log

@@ -0,0 +1,230 @@
+(04:18:08 PM) eyedeekay: 1. Hi 
+(04:18:08 PM) eyedeekay: 2. 1.9.0 development status
+(04:18:08 PM) eyedeekay: 3. Apple silicon bundle status 
+(04:18:08 PM) eyedeekay: 4. Letter to EFF to clarify what "running" a network means
+(04:18:08 PM) eyedeekay: 5. New Outproxy ref: http://zzz.i2p/topics/3254 
+(04:18:08 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) 
+(04:18:08 PM) eyedeekay: b) Technical review and test results (zzz and others) 
+(04:18:08 PM) eyedeekay: c) ToS and log policy review http://stormycloud.i2p/outproxy.html (all) 
+(04:18:08 PM) eyedeekay: d) Vote to approve (all) 
+(04:18:08 PM) eyedeekay: e) Rollout plan (if approved) (zzz, StormyCloud)
+(04:19:11 PM) eyedeekay: zzz zlatinb you guys here?
+(04:19:24 PM) zzz: hi
+(04:19:27 PM) zlatinb: hi yes
+(04:20:11 PM) eyedeekay: Sorry about that again, had a cooking accident
+(04:20:12 PM) eyedeekay: 2. 1.9.0 development status
+(04:21:23 PM) eyedeekay: We're 3 weeks from release, we pretty much settled on a date for it at ls2 meeting yesterday, it's going to be the 22nd. i2pd and/or Java I2P may enable SSU2 for new installs, or a small percentage of the network on restart like for router rekeying
+(04:22:21 PM) eyedeekay: 3 weeks left for bug reports and bug fixes
+(04:22:47 PM) eyedeekay: Anything else to add zzz, zlatinb?
+(04:23:54 PM) eyedeekay: 3. Apple silicon bundle status
+(04:23:54 PM) eyedeekay: zlatinb this one is your, please start when you are ready
+(04:24:23 PM) not_bob_afk is now known as not_bob
+(04:25:23 PM) zzz: let me add a little on 2) please
+(04:25:30 PM) SilicaRice: is SSU2 officially stable? :o
+(04:25:35 PM) eyedeekay: Ok go ahead, sorry did not mean to rush
+(04:25:46 PM) zzz: lag
+(04:25:59 PM) zzz: tag freeze will be Aug. 10, a week from tomorrow
+(04:26:17 PM) zzz: the SSU2 testers have been very helpful, about 50-75 of them on the network
+(04:26:36 PM) zzz: our goal is to enable it for a few hundred to a thousand routers in the this release
+(04:26:53 PM) zzz: to help us shake out the remaining bugs, while avoiding any chance of disaster
+(04:27:19 PM) zzz: and we'll enable it for everybody in the November release
+(04:27:33 PM) SilicaRice: ahh :3
+(04:27:47 PM) zzz: everything else is going smoothly as well, just the usual bug fixes all over
+(04:28:13 PM) zzz: SSU2 is mostly finished, that doesn't mean it's mostly perfect yet
+(04:28:30 PM) zzz: shout out also to the i2pd team, they're working hard also
+(04:28:42 PM) zzz: I guess that's it unless there's any questions
+(04:28:56 PM) not_bob: Will the update also effect the android build?
+(04:29:46 PM) eyedeekay: I don't change any settings, SSU2 will technically be available but there won't be a UI to enable it
+(04:30:34 PM) eyedeekay: It just inherits defaults from i2p.i2p except where it has to to run on the Android environment
+(04:30:36 PM) zzz: sure. We may also just enable SSU2 for all Android, since it's so much less CPU than SSU1 w/ ElGamal
+(04:30:36 PM) not_bob: Good, good.
+(04:30:36 PM) zzz: that's what i2pd is thinking, we may do the same
+(04:30:36 PM) zzz: yeah, we're not going to put an option in the UI and then lobby like crazy for people to enable it
+(04:30:36 PM) zzz: we'd never get the numbers we want
+(04:30:36 PM) not_bob: Can we get an option to enable it if desired?  Better battery life would be better.
+(04:30:46 PM) zzz: there's an advanced config, see zzz.i2p for info
+(04:30:53 PM) not_bob: Thank you.
+(04:30:55 PM) zzz: not sure if Android has access to advanced cnofig?
+(04:31:32 PM) eyedeekay: No it doesn't, you have to do weird stuff to make it work
+(04:31:51 PM) eyedeekay: Pretty much devs-only to manually edit non-i2ptunnel config files on Android
+(04:32:03 PM) not_bob: :(
+(04:32:26 PM) zzz: ok. anyway, might be good to enable it for android anyway, because one of the last features we need to implement is handling IP changes, so mobile routers  will help us develop and test test
+(04:32:43 PM) not_bob: I vote for that.
+(04:33:25 PM) zzz: ok. to be clear, nobody's going to notice any difference with SSU2. It's mostly the same feature set, and currently a little slower than SSU1, at least on Java. It's faster for i2pd
+(04:33:47 PM) eyedeekay: Battery life is a huge deal if SSU2 will make a difference at that
+(04:34:18 PM) eyedeekay: We could be worse about how much battery we use, but we could also be better
+(04:34:37 PM) zzz: the benefits are more security, less CPU, more reliable firewall detection
+(04:34:44 PM) zzz: I may write up a whole blog post about it, I think it's one of the most censorship-resistant protocols ever designed. We'll see
+(04:35:01 PM) zzz: eot
+(04:36:20 PM) eyedeekay: Thanks zzz. I think people are hearing "Less CPU" and instantly making an association "Easier on battery for Androids" which may be part of the interest
+(04:36:35 PM) eyedeekay: 3. Apple silicon bundle status
+(04:37:15 PM) eyedeekay: zlatinb this one's yours, go ahead when you're ready
+(04:37:26 PM) zlatinb: Hi, I made the bundle available for download about 6 days ago and there have been almost 100 downloads since
+(04:37:55 PM) zlatinb: about 30% of the mac users download the arm64 bundle which surprises me
+(04:40:58 PM) zlatinb: No feedback anywhere yet, but with the last known bug fixed I think this should be ready for promotion to stable
+(04:40:58 PM) zzz: the only thing I'd suggest is making sure the news feeds are up and working on both servers, by putting up a 'thanks for testing' news entry
+(04:40:58 PM) zlatinb: I'm thinking to upgrade the 1.8 bundle to 1.9 when that becomes available to test the update channel although don't expect any issues
+(04:40:58 PM) zlatinb: yes, can do that tomorrow after my right hand will be fully functional again (hopefully)
+(04:40:58 PM) zlatinb: that's about it
+(04:40:58 PM) zlatinb: eot
+(04:42:08 PM) eyedeekay: Thanks zlatinb, if you choose to do a news entry let me know and I'll update the servers
+(04:42:48 PM) eyedeekay: 4. Letter to EFF to clarify what "running" a network means
+(04:43:28 PM) zzz: so I'd say after a successful update or news entry, stable is fine. I don't expect any issues either, but we've had plenty of news glitches before 
+(04:43:48 PM) zzz: but willing to hear other opinions ofc
+(04:43:48 PM) zlatinb: the only real action for promoting to stable really is removing the "BETA" label from the website
+(04:43:48 PM) uis is now known as Irc2PGuest3854
+(04:43:48 PM) zzz: sure, it's more the principle than anything actually being different
+(04:43:48 PM) zzz: let's be purposeful in our labeling, that's all
+(04:44:07 PM) zlatinb: Yes, some background on that:
+(04:44:10 PM) mode (+v T3s|4) by ChanServ
+(04:44:34 PM) mode (+v albat) by ChanServ
+(04:44:48 PM) mode (+v polistern) by ChanServ
+(04:44:53 PM) zlatinb: eyedeekay and I met Kurt Opsahl from EFF at HOPE few weeks ago and asked him about legality of working on something like I2P
+(04:45:43 PM) zlatinb: He said that writing code is fine because "code == speech", however "running" the network may be a different story
+(04:46:21 PM) zlatinb: we didn't dig into what running the network means at HOPE
+(04:46:56 PM) zlatinb: but I think it's a good idea to reach out and clarify the topic as much as possible 
+(04:47:41 PM) zzz: what would we do differently, based on conceivable responses?
+(04:48:38 PM) zlatinb: I'm having very hard time conceiving the responses as it's a very broad topic
+(04:48:44 PM) eyedeekay: It may inform who is able to run what services
+(04:48:50 PM) zzz: whatever "running" we're doing, it's much less than their darling Tor, and how might we do even less?
+(04:49:32 PM) eyedeekay: But I think one likely response is that running services to support a network is probably speech too
+(04:49:53 PM) eyedeekay: That may be optimistic, but it's also the one that involves the least leaps
+(04:50:20 PM) zzz: in my experience, ask a lawyer an informal question, you'll get good information. Send them a letter, they'll say they aren't licensed in your state, go hire somebody
+(04:50:51 PM) zlatinb: no idea, maybe reseeds are fine and addressbooks are not, who knows,  Too many possible permutations
+(04:51:26 PM) zzz: if you want to follow up, follow up, but I've asked EFF for legal advice before, their answer is "we're not set up to be general purpose legal counsel. We litigate cases of interest"
+(04:51:59 PM) eyedeekay: Maybe I can track down somebody for an informal question next week then. Can't hurt to try both
+(04:52:38 PM) eyedeekay: Writing the letter would help inform the question
+(04:53:14 PM) zzz: email Kurt. He gave you a vague answer, following up is reasonable. He's always been quite nice every time I talk to him
+(04:54:00 PM) eyedeekay: Can do
+(04:54:30 PM) zzz: I just wouldn't expect anything actionable, but who knows?
+(04:54:32 PM) zlatinb: well it's worth structuring any such letter properly; also may be wise to build up the engagement gradually rather than dump a giant letter from the blue
+(04:55:31 PM) eyedeekay: zlatinb do you want to set up a time to sync up and write that letter this week?
+(04:55:34 PM) zlatinb: I suggest we start with a simple follow-up like "was nice to meet you" and then expand from there
+(04:56:32 PM) zlatinb: currently I'm thinking we should not write a giant letter describing how i2p works until we get an ack that eff is willing to work with us
+(04:56:42 PM) eyedeekay: OK
+(04:56:59 PM) zlatinb: they may decide they want a retainer, who knows
+(04:57:10 PM) zzz: see above. they don't do that
+(04:57:48 PM) zzz: you're misunderstanding how they work
+(04:58:06 PM) zlatinb: I'll shoot him a "was nice to meet you" follow up and cc you guys and take it from there.
+(04:58:18 PM) zlatinb: if they can't help at all that's fine too
+(04:59:15 PM) eyedeekay: Anything else for 4?
+(04:59:23 PM) zlatinb: no, eot
+(04:59:38 PM) eyedeekay: 5. New Outproxy ref: http://zzz.i2p/topics/3254 
+(04:59:38 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud) 
+(04:59:38 PM) eyedeekay: b) Technical review and test results (zzz and others) 
+(04:59:38 PM) eyedeekay: c) ToS and log policy review http://stormycloud.i2p/outproxy.html (all) 
+(04:59:38 PM) eyedeekay: d) Vote to approve (all) 
+(04:59:38 PM) eyedeekay: e) Rollout plan (if approved) (zzz, StormyCloud)
+(04:59:51 PM) eyedeekay: a) Organizational and infrastructure overview (StormyCloud)
+(05:00:10 PM) zzz: StormyCloud, you here?
+(05:00:21 PM) StormyCloud: Yes 
+(05:00:41 PM) zzz: this is a proposal to replace false.i2p, which was unreliable for years and is now dead
+(05:00:56 PM) zzz: thanks for volunteering to support a replacement
+(05:01:18 PM) zzz: please go ahead and give us a brief overview of your organization and your infrastructure
+(05:01:45 PM) StormyCloud: Who we are: We are a 501(c)(3) non-profit organization based out of Texas. Our mission is to provide privacy-based tools to allow everyone access to an unfiltered and unregulated Internet. We started this organization in 2021 and have been working closely with the TOR community by deploying exit nodes.
+(05:02:37 PM) StormyCloud: We own all of our hardware and currently colocate at a Tier 4 data center. As of now have a 10GBps uplink with the option to upgrade to 40GBps without the need for much change. We have our own ASN and IP space (IPv4 & IPv6).
+(05:02:55 PM) StormyCloud: Outproxy Infrastructure: Outproxies are run on Ubuntu 22.04 and have been optimized for I2P. The backend proxy software is TinyProxy and supports HTTP, HTTPS, I2P, and TOR onion links. Currently, the outproxy is multi-homed on two servers. We can increase this number of servers as needed. 
+(05:04:03 PM) zzz: I want to invite everyone to ask questions of StormyCloud at any point as we go through the agenda
+(05:04:15 PM) zzz: any questions at this time?
+(05:04:26 PM) not_bob: Yes
+(05:04:39 PM) not_bob: How do you deal with users who try to use your service for "really nasty stuff"?
+(05:05:46 PM) StormyCloud: Nothing, we do not filter any requests. While that does invite "bad" users we feel the internet should be a free and open place.
+(05:06:12 PM) R4SAS: And one from me: will be here SOCKS5 proxies in future?
+(05:06:48 PM) StormyCloud: R4SAS: If there is a need for a SOCKS5 proxy I am sure we can get one deployed.
+(05:07:01 PM) R4SAS: Thanks
+(05:07:45 PM) zzz: any other questions on 5a) ?
+(05:08:02 PM) not_bob: http://notbob.i2p/graphs/stormycloud.i2p.yearly.svg
+(05:08:14 PM) not_bob: I just want to note that stormycloud has been great for uptime.
+(05:08:56 PM) SilicaRice: the backend supports I2P links uh huh?
+(05:08:57 PM) not_bob: And performance is great.
+(05:09:29 PM) zzz: that brings us to 5b, yes
+(05:09:29 PM) zzz: the outproxy has been in beta for quite a while
+(05:09:29 PM) zzz: testing should ensure that the service is reliable, meets applicable standards, and is secure 
+(05:10:00 PM) zzz: we've encountered several issues over the last few months, and StormyCloud has always been responsive
+(05:10:13 PM) SilicaRice: (why would you run i2p links through an outproxy?)
+(05:10:29 PM) zzz: at this time my test results are good, and I'm recommending it to be our official outproxy
+(05:10:38 PM) dr|z3d: StormyCloud misspoke. there is no .i2p support.
+(05:10:40 PM) zzz: but let's hear any other test reports or questions
+(05:10:43 PM) StormyCloud: SilicaRice: My apologies I wrote that wrong
+(05:11:03 PM) SilicaRice: oh okay
+(05:12:00 PM) R4SAS: > We do not cooperate with any requests for information except where compelled by law, and in that event our ability to assist is limited by our logging policy.
+(05:12:19 PM) R4SAS: Will be here transparency reports in such situations?
+(05:12:45 PM) zzz: also, to be clear, this meeting is about Java I2P's default and recommendations. Any other project including i2pd may have their own processes and requirements and negotiations with the outproxy operator
+(05:13:03 PM) StormyCloud: R4SAS: Yes, we public a report quarterly on our clearnet website. That is something I can also do on our i2p site.
+(05:13:48 PM) zzz: ok, looks like we're on 5c) review of ToS and logging policies. The goal here is to ensure our users are protected.
+(05:14:00 PM) R4SAS: also, please, create in-i2p mail for contacting =)
+(05:14:03 PM) zzz: any comments or questions about the Tos?
+(05:15:41 PM) R4SAS: ah, btw, about 5b: StormyCloud, what tunnel settings are you using?
+(05:16:06 PM) R4SAS: length, amount, etc
+(05:16:11 PM) dr|z3d: 0 hop.
+(05:16:17 PM) eyedeekay: Everything it says looks pretty clear to me, although to follow up on what R4S4S it might be good to put a link to the transparency report in or after that > We do not... unless compelled by law section
+(05:16:34 PM) zzz: an outproxy operator is in a position to view all traffic, or at least all non-https traffic, so it's important that we trust the operator to protect our users
+(05:17:01 PM) StormyCloud: eyedeekay: Makes sense, ill get this added to the website
+(05:17:09 PM) zzz: it's currently two multihomed 0-hop servers, right StormyCloud ?
+(05:17:19 PM) StormyCloud: Correct
+(05:17:42 PM) not_bob: But, just to clarify, with the way i2p tunnels work, my 2-3 hops are still there.  You are just not adding any more, right?
+(05:18:07 PM) dr|z3d: the client can configure as many hops as they wish, not_bob.
+(05:18:12 PM) zzz: I also saw on zzz.i2p that it's ipv4-only but that may get fixed soon, right?
+(05:18:13 PM) anonymousmaybe is now known as Irc2PGuest54486
+(05:18:15 PM) not_bob: Yep, that's what I thought.  Thank you.
+(05:18:48 PM) StormyCloud: zzz: Correct, our upstream provider finished their upgrade. I didnt want to mess with IPv6 until all testing was done
+(05:19:49 PM) zzz: would you please elaborate on your experience running tor exits and the capacity of your tor exits?
+(05:21:00 PM) StormyCloud: Sure, we have been running tor exit since late last year, currently sitting at 130ish exits with about 1.6% of TOR exit traffic going through our servers.
+(05:21:49 PM) StormyCloud: Everything is virtualized and the process to setup has become pretty automated
+(05:22:06 PM) zzz: have you ever received any DMCA or other legal processes w.r.t. your tor exits? if so, how was it handled?
+(05:23:33 PM) StormyCloud: No legal requests and surprisingly no DMCA requests. We do get abuse complaints, we just respond and let them know this is a TOR exit and there is nothing further that can be done on our end.
+(05:23:47 PM) major: No legal requests and surprisingly no DMCA requests. We do get abuse complaints, we just respond and let them know this is a TOR exit and there is nothing further that can be done on our end.
+(05:24:27 PM) R4SAS: huh, acetone's bot has bug
+(05:24:33 PM) zzz: any other questions sor StormyCloud before we go to 5d) appproval ?
+(05:24:34 PM) R4SAS: I'll PM him
+(05:25:33 PM) zzz: normally major doesn't have +v, but I turned +m off for the meeting, no big deal
+(05:26:36 PM) zzz: ok, if there's no more questions, everybody please indicate your approval / disapproval for making StormyCloud our official outproxy
+(05:26:45 PM) not_bob: Approve
+(05:26:58 PM) zzz: approve
+(05:27:05 PM) zlatinb: approve
+(05:27:05 PM) eyedeekay: approve
+(05:27:18 PM) SilicaRice: approve (if users count for anything)
+(05:27:54 PM) R4SAS: no objections, approve
+(05:28:32 PM) zzz: ok, great
+(05:28:39 PM) zzz: 5e) rollout
+(05:28:50 PM) zzz: the two major steps are:
+(05:29:08 PM) zzz: 1) setting it as default for new installs (as early as the next release in 3 weeks)
+(05:29:23 PM) zzz: 2) recommending to existing users to change their config (probably via console news, any time)
+(05:29:30 PM) zzz: these can happen in either order
+(05:29:41 PM) zzz: and we have no idea how much traffic either would generate
+(05:29:59 PM) zzz: other products (Android, bundles), probably aren't big enough to worry about timing
+(05:30:14 PM) zzz: StormyCloud, what is your request or recommendation on when and how we proceed?
+(05:31:36 PM) StormyCloud: If the console news can be set/sent anytime then we can let existing users know to switch now (if they want) and that gives us three weeks to monitor and spin up new servers if needed.
+(05:32:12 PM) dr|z3d: console news generally published with a new release.
+(05:32:13 PM) not_bob: StormyCloud: How much traffic are you handeling for the outproxy currently?
+(05:33:10 PM) zzz: ok. it would be nice to point to a howto page with screenshots for editing the hidden services manager config. That could be hosted on stormycloud.i2p, or a i2p-projekt.i2p blog post? Any volunteers to put that together?
+(05:33:35 PM) eyedeekay: I can do it
+(05:33:35 PM) StormyCloud: Difficult to say at this time, since we dont log anything. I am monitoring network activity, but that too doesnt tell a full picture since its also passing i2p traffic.
+(05:34:18 PM) dr|z3d: StormyCloud: we keep an eye on exit traffic via graphs..
+(05:34:41 PM) dr|z3d: in short, notbob, nothing worth getting excited about.
+(05:34:59 PM) zzz: dr|z3d, you have a guess on current % utilization of your two nodes? probably very small?
+(05:35:21 PM) dr|z3d: utilization in what sense?
+(05:35:28 PM) dr|z3d: capacity-wise?
+(05:35:33 PM) zzz: yes
+(05:35:50 PM) zzz: or maybe you don't really know until you hit it...
+(05:35:51 PM) dr|z3d: very small is about right.
+(05:36:18 PM) dr|z3d: throw a few thousand concurrent users at the outproxy, we'll then know :)
+(05:36:33 PM) zzz: yeah, apologies to StormyCloud, we were unable to get any historical estimates of false.i2p bandwidth
+(05:37:06 PM) zzz: so it's a little bit of a crap shoot, as long as you're monitoring things and have an expansion plan, we should be fine
+(05:37:37 PM) StormyCloud: All good, we will adjust as more and more people start to use the outproxy
+(05:38:11 PM) dr|z3d: well, as configured, the outproxies combined can handle up to 8192 concurrent streams. so there's plenty of capacity there, and StormyCloud has plenty of stuff in the wings if required.
+(05:38:21 PM) zzz: and StormyCloud re: new installs, should we plan to make it the default in the next release late this month as well?
+(05:39:01 PM) StormyCloud: Yes, that would be fine
+(05:39:29 PM) zzz: ok then. eyedeekay let me know when you have a blog post up, and then I'll write the news entry
+(05:39:39 PM) zzz: anything else on 5e) rollout ?
+(05:39:43 PM) eyedeekay: OK, expect it tonight or tomorrow
+(05:40:14 PM) eyedeekay: Nothing from me
+(05:40:14 PM) zzz: thanks again StormyCloud 
+(05:40:18 PM) zzz: back to you eyedeekay 
+(05:41:07 PM) eyedeekay: All right that's it for the listed items, I'll be at Def Con next week in case anybody who's watching wants to meet me there lol
+(05:41:49 PM) eyedeekay: If anybody else has anything else for the meeting, please speak up, otherwise timeout 1m
+(05:42:59 PM) R4SAS: I have one question, but it is out of meeting scope
+(05:43:34 PM) zzz: oh, also thanks to dr|z3d for vital technical assistance over the testing period
+(05:43:41 PM) eyedeekay: All right thanks everybody for coming to the meeting, I've got a kind of crazy section in the middle of my log but once I fix that I'll post the logs to the web site
+(05:43:44 PM) eyedeekay: Thanks for coming
+(05:43:59 PM) not_bob: Thank you for having us.

i2p2www/meetings/logs/314.rst

@@ -0,0 +1,15 @@
+I2P dev meeting, August 2, 2022 @ 20:00 UTC
+===========================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb,
+StormyCloud,
+R4S4S,
+SilicaRice,
+not_bob

i2p2www/meetings/logs/315.log

@@ -0,0 +1,106 @@
+(04:01:46 PM) eyedeekay: Hi everybody
+(04:01:50 PM) eyedeekay: welcome to the Tuesday September 6 meeting
+(04:02:02 PM) zzz: hi
+(04:02:07 PM) mode (-m ) by zzz
+(04:02:13 PM) zlatinb: hi
+(04:02:26 PM) eyedeekay: 1. Hi 
+(04:02:26 PM) eyedeekay: 2. 1.9.0 release status 
+(04:02:26 PM) eyedeekay: 3. 1.10.0 development status
+(04:02:26 PM) eyedeekay: 4. next release 2.0.0?                                          
+(04:02:26 PM) eyedeekay: 5. Mac arm64 bundle out of beta if 1.9.0 update was successful? (followup from last meeting)                               
+(04:02:51 PM) eyedeekay: Anything else to add before we get started?
+(04:03:19 PM) eyedeekay: hi zzz, hi zlatinb
+(04:03:46 PM) eyedeekay: 2. 1.9.0 release status
+(04:05:11 PM) eyedeekay: We released about 2 weeks ago, there was a slight delay getting Android and the Easy-Install bundle out now
+(04:05:11 PM) eyedeekay: F-Droid builds are now fixed as well so people who wish to can install from F-Droid main if they choose to and the app will work
+(04:05:37 PM) not_bob: Thank you for that.
+(04:05:43 PM) eyedeekay: No problem
+(04:06:41 PM) eyedeekay: I'm going to be doing a point release for the Windows Easy-Install bundle, zlatinb found a very hard-to-spot bug which sees to affect easy-install bundle on Windows 11 slightly more than other places
+(04:07:17 PM) eyedeekay: zzz do you want to talk Debian or anything else?
+(04:07:51 PM) zzz: sure
+(04:07:53 PM) zzz: about 40% of net is updated which is typical for 2 weeks in
+(04:08:10 PM) zzz: we have a few hundred SSU2-enabled routers now, as desired/expected
+(04:08:41 PM) zzz: no major issues so far
+(04:09:06 PM) zzz: although zlatinb's bug is maybe medium-major :)
+(04:09:07 PM) zzz: EOT
+(04:10:01 PM) eyedeekay: Yeah and what I don't understand is how it went without happening much for so long, and then it hits the easy bundle twice in quick succession
+(04:10:17 PM) zlatinb: well its kind of by accident that I have to use a windows 11 laptop for a few days, itś discovered a lot of issues
+(04:11:08 PM) zlatinb: I guess the reseed problem either caused people to try again or give up on i2p off the bat
+(04:11:09 PM) zzz: that's usually the way it goes... dev gets new setup... all hell breaks loose
+(04:11:59 PM) zlatinb: there is still an unresolved forking issue with firefox on first launch
+(04:12:48 PM) zlatinb: so ideally we should try and do something about it
+(04:13:30 PM) eyedeekay: Indeed, it only happens the very first time the browser launcher is run, every subsequent time it works fine
+(04:13:36 PM) zlatinb: maybe launch headless or play with the launch options, idk
+(04:14:10 PM) eyedeekay: Yeah I could launch it headless on the first run, let it fork and close, then subsequently run with the window open
+(04:14:58 PM) eyedeekay: That's a good idea thanks zlatinb
+(04:15:15 PM) eyedeekay: Anything else on 2?
+(04:16:03 PM) goingpostal is now known as Irc2PGuest14444
+(04:16:29 PM) eyedeekay: 3. 1.10.0 development status
+(04:18:30 PM) eyedeekay: Sorry I'm a little less prepared than usual, stuck in somebody else's office all day, bear with me
+(04:21:00 PM) eyedeekay: 2 weeks in, I've been working on a number of improvements to the Windows bundle to make it more stable and intuitive to use and to help track down this clock-skew bug
+(04:21:37 PM) eyedeekay: I've also been porting the profile and launcher parts of it(less the jpackaged router) to non-Windows platforms to hopefully provide automatic browser configuration there
+(04:22:06 PM) eyedeekay: zzz has been working on SSU2, fixing bugs with the help of orignal, would you like to update us on that zzz
+(04:22:16 PM) zzz: yes, thanks. early days, but a summary of changes and fixes so far is at http://zzz.i2p/topics/3377
+(04:22:32 PM) zzz: SSU2 - added the ack-immediate flag and connection migration
+(04:22:47 PM) zzz: which are the last two things we wanted to get in before enabling for all
+(04:24:07 PM) eyedeekay: Cool so you're right on track then?
+(04:24:30 PM) zzz: the larger user base has us finding corner cases and more rare bugs, nothing too serious, fixing as we go
+(04:24:30 PM) zzz: the plans for months has been for us to enable SSU2 for everybody in the November release and we are still on track
+(04:24:30 PM) zzz: EOT
+(04:24:42 PM) zzz: yes
+(04:24:51 PM) eyedeekay: Awesome thanks for the update
+(04:25:09 PM) eyedeekay: Anything else for 3?
+(04:25:41 PM) eyedeekay: 4) next release 2.0.0?
+(04:25:52 PM) eyedeekay: zzz you added this topic, would you like to get us started?
+(04:26:12 PM) zzz: this was a suggestion from dr|z3d so if he's around I'll ask him to make his pitch
+(04:26:50 PM) zzz: but if he's not, I'll say it's not a bad idea
+(04:27:05 PM) zzz: linux is about to go from 5.19 to 6.0
+(04:27:25 PM) zzz: tor's arti just went to 1.0.0
+(04:27:26 PM) zzz: ssu2 as good an excuse as any
+(04:27:45 PM) RightNow: and I2P is going from SSU to SSU2
+(04:27:47 PM) zzz: EOT - thoughts everyone? and we don't need to decide today, we have 11 more weeks
+(04:28:30 PM) not_bob: I have no issue with it so long it works.
+(04:29:18 PM) zzz: anybody hate it? anybody love it?
+(04:29:21 PM) eyedeekay: Sure, I think it makes sense, both transports will have been modernized, it's a big milestone
+(04:29:43 PM) zlatinb: I kind of wish we had something bigger of a bang to go to 2.0
+(04:29:48 PM) RightNow is now known as RN
+(04:30:34 PM) eyedeekay: Use it for 3.0.0 maybe?
+(04:30:38 PM) zzz: there's nothing bigger on the roadmap. frankly, I hope we don't ever do anything bigger, I'm tired...
+(04:30:56 PM) zlatinb: also I have to leave now sorry, on the last topic yes I think the mac arm bundle is ready to go out of beta.  I will have the windows laptop for another day or two for testing.  Gotta bolt now, sorry
+(04:30:59 PM) zlatinb: ttyl
+(04:31:05 PM) RN: zzz, you are also thanked.
+(04:32:26 PM) eyedeekay: Yes zzz, your dedication and hard work are appreciated
+(04:32:34 PM) zzz: tell you what eyedeekay let me post in the 1.10 thread on my forum and will come back next month with a report, stick it on the agenda for next month
+(04:32:44 PM) eyedeekay: Will do zzz
+(04:33:18 PM) zzz: wasn't trying to elicit thanks, just pointing out this was the last - and hardest - of the crypto migration we've been on for about a decade
+(04:33:36 PM) eyedeekay: Didn't need to elicit it, you deserve it :)
+(04:33:52 PM) eyedeekay: But point taken, it's a huge effort
+(04:33:58 PM) RN: it is a milestone worth celebration, and yeah, you deserve it!
+(04:34:14 PM) zzz: if we'd tried to do SSU2 first it would have killed us all. we only managed due to the experience of all the rest of it
+(04:34:26 PM) zzz: shared credit to the i2pd project of course
+(04:35:01 PM) eyedeekay: Indeed. Back on track though, anything else on 4?
+(04:35:15 PM) RN: but you led the charge.
+(04:35:21 PM) zzz: if we want to do post-quantum that can be 3.0.0 :)
+(04:35:43 PM) eyedeekay: Good idea, that will be exciting
+(04:35:53 PM) zzz: nope, nothing else
+(04:36:05 PM) eyedeekay: Well 5) was: Mac arm64 bundle out of beta if 1.9.0 update was successful? (followup from last meeting)
+(04:36:43 PM) eyedeekay: Which zlatinb gave us a status update for on his way out the door, with the update being successful I see no reason against it
+(04:37:38 PM) eyedeekay: Anybody else have anything to add to this topic?
+(04:38:06 PM) zzz: I assume zlatinb meant the update worked; if so, he can remove the beta label on the web page
+(04:38:32 PM) zzz: that was the only reservation I had at the last meeting
+(04:38:33 PM) zzz: eot
+(04:39:45 PM) eyedeekay: OK. One of us should ping us when we see him online
+(04:39:52 PM) eyedeekay: Anything else for the meeting?
+(04:40:04 PM) eyedeekay: ping *him 
+(04:41:14 PM) eyedeekay: Well I guess without his git creds I may as well remove the label
+(04:41:27 PM) eyedeekay: So I'll do it
+(04:41:43 PM) zzz: do you have confirmation the update worked?
+(04:42:11 PM) zzz: because he didn't say that above
+(04:42:53 PM) eyedeekay: I don't think I do
+(04:43:01 PM) eyedeekay: Nope
+(04:43:14 PM) eyedeekay: No I've not strictly speaking heard anyone say those exact words yet
+(04:43:21 PM) eyedeekay: So I'll wait
+(04:43:26 PM) eyedeekay: And ask him
+(04:43:32 PM) zzz: ok
+(04:44:19 PM) eyedeekay: Anything else for the meeting timeout 1m?
+(04:45:44 PM) eyedeekay: All right thanks everyone for coming

i2p2www/meetings/logs/315.rst

@@ -0,0 +1,14 @@
+I2P dev meeting, September 6, 2022 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb,
+not_bob,
+RightNow,
+RN

i2p2www/meetings/logs/316.log

@@ -0,0 +1,165 @@
+(04:00:08 PM) eyedeekay: Hi everyone, welcome to the October 4 2022 meeting
+(04:00:08 PM) eyedeekay: 1. Hi
+(04:00:18 PM) zlatinb: hi
+(04:00:28 PM) zzz: hi
+(04:00:51 PM) eyedeekay: 1. Hi
+(04:00:51 PM) eyedeekay: 2. 1.10.0 development status
+(04:00:51 PM) eyedeekay: 3. next release 2.0.0?
+(04:00:51 PM) eyedeekay: 4. Publish source tarballs for bundle releases
+(04:00:51 PM) eyedeekay: 5. Free stickers for translators
+(04:00:51 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
+(04:01:05 PM) eyedeekay: 2. 1.10.0 development status
+(04:01:15 PM) eyedeekay: About 7 weeks to go
+(04:01:24 PM) eyedeekay: My big priority this month has been to get the Windows Easy-Install bundle ready to go out of beta
+(04:01:31 PM) eyedeekay: Lots of stuff on the forum about that, targeting stable updates, compatibility with existing/unbundled routers, and a more stable and flexible way to manage and launch browser profiles, more on all that in item 6
+(04:01:38 PM) eyedeekay: Also working on a "Split Tunneling" or "Per-App VPN" tool in Android(on the roadmap).
+(04:01:47 PM) eyedeekay: The utility is that it allow users to configure their browsers more easily, in a way which prevents WebRTC escapes by putting them onto an interface which corresponds to an I2P connection and not to their network provider
+(04:02:05 PM) eyedeekay: zzz, zlatinb what would you like to add that you're working on
+(04:02:30 PM) zzz: not a lot to report... SSU2 testing continues to go well...
+(04:02:53 PM) zzz: put up proposal 161 about compressible padding, we'll be discussing it in #ls2 meetings...
+(04:03:06 PM) zlatinb: Nothing specific I'm working on, just want to let everyone know that I'll be afk from 22nd Nov to 10th Dec so if the next release gets tagged on the 21st I may be able to build the mac bundles but will most likely not be able to seed the torrents
+(04:03:29 PM) eyedeekay: If you send me the files I'll seed them for you
+(04:03:32 PM) zzz: I have some peer selection efficiency improvements I'm going to try to get in soon, may or may not make it
+(04:03:43 PM) zzz: EOT
+(04:04:21 PM) eyedeekay: Thanks zzz, zlatinb, I don't want to rush anybody but we do have a long agenda today, anything else to add on 2?
+(04:04:59 PM) eyedeekay: 3. next release 2.0.0?
+(04:04:59 PM) eyedeekay: My vote is yes to 2.0.0
+(04:05:19 PM) zzz: yeah I put it up for comments on my forum and got I think 1 yes and no no's
+(04:05:36 PM) eyedeekay: I was a yes at the last meeting too I think
+(04:05:46 PM) zzz: I'd like to decide today because I have a SSU2 blog post ready to go and it would be helpful to refer to the next release by number
+(04:06:22 PM) zzz: yeah I didn't hear any strong opinions one way or the other last meeting which is why we pushed it a month
+(04:06:34 PM) zzz: I think it's a good idea
+(04:06:51 PM) zzz: so if there's no objections, let's call it 2.0.0!
+(04:07:30 PM) eyedeekay: Timeout 1m for objections
+(04:07:47 PM) zzz: make it 30 seconds :)
+(04:07:54 PM) eyedeekay: Yeah I already burned 30
+(04:08:04 PM) eyedeekay: OK there it is
+(04:08:06 PM) eyedeekay: 2.0.0
+(04:08:17 PM) eyedeekay: 4. Publish source tarballs for bundle releases
+(04:08:31 PM) zzz: yeah this was my item
+(04:08:53 PM) zzz: standard open source practice is to post source tarballs, even if we can point to a git tag
+(04:09:06 PM) zzz: I understand that the Mac source doesn't change release to release?
+(04:09:10 PM) zzz: but the windows source does?
+(04:09:46 PM) zlatinb: well the mac bundle has evolved to enable arm64 but in general it doesn't change
+(04:10:02 PM) eyedeekay: What we both do is clone a copy of the repo and check out a specific release tag, ant distclean, generate our jars, and copy them into the bundle trees
+(04:10:15 PM) zzz: anyway, my recommendation is that we generate source tarballs as part of the build process and link to them on the respective download pages
+(04:10:36 PM) zzz: if they don't change, then I guess they can be unversioned
+(04:10:50 PM) zzz: so the windows source doesn't change release-to-release either?
+(04:11:01 PM) zlatinb: I would rather just tag and then fetch the tarball from github.  I expect at least for a while the only thing changing in the mac bundle will be the changelog file
+(04:11:50 PM) zzz: you all can work out the details, but the goal is to have source and instructions so anybody can build it themselves
+(04:12:00 PM) eyedeekay: The i2p jars that get included don't change except to get updated, but the Windows source has changed in the launcher quite a lot since it started
+(04:12:12 PM) zzz: are you two willing to do that and add it to your release processes?
+(04:12:21 PM) eyedeekay: Yes absolutely
+(04:12:31 PM) eyedeekay: My release scripts and daily scripts now include tarball every time
+(04:12:36 PM) zzz: you don't need to include dependencies such as i2p, and probably shouldn't
+(04:12:37 PM) eyedeekay: zab's too IIRC
+(04:12:54 PM) zlatinb: the question is where to put the tarballs, should they be available on the site, etc.
+(04:13:25 PM) zzz: somewhere on the download server with everything else, with links on the bundle pages. You two can work out the details to be consistent
+(04:13:59 PM) zlatinb: well that's the thing, if we can just point to a gitlab tag then there's no need for any extraneous links
+(04:14:31 PM) zzz: disagree, I think it's good open source practice to publish source tarballs
+(04:14:55 PM) zlatinb: github and maybe gitlab allow tarball download off of a tag
+(04:14:57 PM) eyedeekay: It's not much more effort, I'm not against it, I tag in the same script I generate tarballs in
+(04:15:05 PM) zzz: here's the binary, here's the source, here's the gpg sigs, here's the build instructions
+(04:15:29 PM) zzz: it's also consistent with our mainline release to have tarballs
+(04:16:15 PM) zzz: sounds like zlatinb is not in agreement? should we push this off to next month?
+(04:16:38 PM) zlatinb: yeah I think it's unnecessary
+(04:16:57 PM) zlatinb: but don't mind doing it if that's what the decision is
+(04:17:11 PM) zzz: if it never changes, you only have to do it once and you're done
+(04:17:47 PM) zlatinb: it has changed very rarely historically
+(04:18:03 PM) eyedeekay: Kicking it down the road for now is fine with me, zlatinb and I can work out what we're going to do or not do in the meantime
+(04:18:33 PM) eyedeekay: This might be a situation where we have to be a little different because my bundle has been a little more rapidly-changing than his
+(04:19:27 PM) zzz: if we don't want to decide today I'll start a forum thread to solicit more opinions
+(04:20:44 PM) zlatinb: ok
+(04:20:44 PM) zzz: ok = you're oppposed for now?
+(04:21:02 PM) eyedeekay: Probably a good idea, and I'm pro tarballs
+(04:21:31 PM) zlatinb: yeah
+(04:21:31 PM) zzz: no problem, eyedeekay put it on the list for next month
+(04:21:37 PM) eyedeekay: OK can do
+(04:21:52 PM) eyedeekay: Anything else for 4?
+(04:22:38 PM) eyedeekay: 5. Free stickers for translators
+(04:22:55 PM) eyedeekay: zzz this one was also yours, take it away whenever you're ready
+(04:23:16 PM) zzz: yeah, credit sarah jamie lewis on twitter
+(04:23:32 PM) zzz: for her project which I've forgotten the name... cwtch?
+(04:24:02 PM) eyedeekay: That's the one
+(04:24:02 PM) zzz: anyway, thought it was a good idea, but we'd need a) stickers and b) people to mail them
+(04:24:17 PM) zzz: both of which we used to have but are now out of both people and stickers?
+(04:24:40 PM) zzz: so, do we want to do it, and should we order stickers (even if we don't)
+(04:24:45 PM) zzz: EOT
+(04:25:26 PM) zzz: sadie and eche|on used to be the sticker people I think
+(04:25:38 PM) eyedeekay: I went through and counted mine up, I've got maybe 35 of the old ones(Toopie) and 91 left of the run I ordered in the spring, but I'd be fine with ordering more
+(04:25:41 PM) zzz: anyway, comments please... yes/no/maybe?
+(04:26:00 PM) eyedeekay: I can mail them within the US and Canada but the EU isn't great for me
+(04:26:21 PM) zzz: we have hundreds of translators registered. only a few are probably active
+(04:26:41 PM) zzz: who is the sticker-orderer-person?
+(04:27:54 PM) eyedeekay: The last person to order stickers was probably me, but I did them on my own time/out of pocket so I would have them for conventions
+(04:28:19 PM) zzz: who's in charge of PR?
+(04:28:48 PM) zzz: who has an opinion about stickers for translators?
+(04:28:48 PM) zzz: well, you could have / should have gotten reimbursed... echelon used to be the sticker guy
+(04:29:54 PM) zzz: we're going to need his buyin both for the cost, and to make him the EU mail person, and to send half to you and half to him
+(04:30:15 PM) zzz: since he's not around, put this on the list for next month, I'll try to get his attention
+(04:30:22 PM) eyedeekay: I think that if translators request stickers we should be able to get them some stickers, but that it should be contingent on request
+(04:30:59 PM) zzz: sure, we don't have anybody's address, they have to ask. but we would have to tell them to ask
+(04:31:17 PM) uis is now known as Irc2PGuest33729
+(04:31:48 PM) zzz: if anybody's going to CCC then you need to hop on more stickers, independent of translators
+(04:32:42 PM) zzz: EOT, push it to next month, no answers today
+(04:32:47 PM) eyedeekay: Ack, I do plan to go so I'll make sure I have some stickers
+(04:32:47 PM) eyedeekay: So next step is start an email chain with Ech about it
+(04:33:09 PM) eyedeekay: EOT from me, anything else on 5?
+(04:33:50 PM) eyedeekay: 6. Windows Easy-Install Update/Out-of-Beta
+(04:33:58 PM) eyedeekay: This one's mine obviously
+(04:34:26 PM) eyedeekay: So 1.9.5 point release happened technically because of the reseed application context timer obviously
+(04:34:45 PM) eyedeekay: But it was a convenient time to also keep an eye on how the updates performed
+(04:35:54 PM) zlatinb: and how did it behave?
+(04:35:55 PM) eyedeekay: It wasn't without complications, people who were using fell into 3 groups
+(04:36:56 PM) eyedeekay: 1. People for whom it worked perfectly
+(04:36:56 PM) eyedeekay: 2. People for whom it resulted in corrupted router.config files for un-bundled routers
+(04:36:56 PM) eyedeekay: 3. People for whom it it did not update because the router.config files were from un-bundled routers
+(04:37:22 PM) eyedeekay: 2 and 3 were problems, I followed up with the fix in a forum post on zzz.i2p
+(04:37:43 PM) eyedeekay: I believe they are fixed now and cannot recur in the future
+(04:37:57 PM) eyedeekay: Therefore I think the update process will be ready by what is now 2.0.0
+(04:38:08 PM) eyedeekay: I actually think it's ready now but 7 weeks to test
+(04:38:53 PM) eyedeekay: So I would like to move it out of beta in November
+(04:39:09 PM) zzz: we don't have documented criteria for out-of-beta, really
+(04:39:17 PM) zzz: but for me it's that the release processes are solid, things aren't getting missed
+(04:39:27 PM) zzz: we're not doing point releases a week later to fix stuff
+(04:39:45 PM) zzz: but you may wish to list your own feature goals
+(04:40:21 PM) zzz: for example, are you two solid on reviewing the java updates every three months and jointly deciding to release or not?
+(04:40:40 PM) zzz: I didn't see any on-IRC discussion. did it happen off-IRC perhaps?
+(04:41:31 PM) zlatinb: the last discussion happened here, there has been no off-IRC discussion regarding jre point releases since
+(04:42:21 PM) eyedeekay: Didn't we talk about it on Whereby a little after that?
+(04:42:36 PM) eyedeekay: IIRC we only release in the Java cycle if there's a CVE which affects the last release?
+(04:42:46 PM) zzz: just to take an example, 18.0.2.1 August 18 2022 fixes a JIT bug that crashes the JRE. Are you two both on that, or did you jointly decide it wasn't necessary?
+(04:43:33 PM) zlatinb: I'm not on that I don't think
+(04:43:43 PM) zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
+(04:44:08 PM) zlatinb: 21:43:29 zlatinb: I'm not on that I don't think
+(04:44:08 PM) zlatinb: 21:43:42 zlatinb: and don't remember discussing that bug; I usually look only at the CVEs
+(04:44:12 PM) zzz: back
+(04:45:12 PM) eyedeekay: I am on 18.0.2.1 but because I pushed back my release to try and make sure I addressed some stability issues and by that time Java had updated
+(04:45:24 PM) eyedeekay: Also my point release was built with an updated JDK
+(04:45:35 PM) eyedeekay: So that's got us out-of-sync again I think
+(04:45:54 PM) zzz: that's what I'm getting at about processes. If the build and release processes aren't yet stable and being reliably followed, these procucts aren't ready to graduate
+(04:46:01 PM) zzz: so when you updated, to 18.0.2.1, did you tell zlatinb you were doing it and suggest he do the same?
+(04:47:04 PM) eyedeekay: No I didn't, I simply let it auto-update and built with the latest version
+(04:48:13 PM) eyedeekay: So... there's another process to revise on my side
+(04:49:31 PM) zzz: I'd suggest you work on a solid bug-free release in november (together with whatever feature goals you have) and if that goes well put yourself on the agenda for december
+(04:50:00 PM) eyedeekay: OK can do
+(04:50:56 PM) zzz: or january because the release is likely to be late nov., may not have enough info by 1st week in dec.
+(04:52:02 PM) eyedeekay: If there's not enough to go on by then I'll move it
+(04:52:15 PM) eyedeekay: Anything else for 6?
+(04:52:27 PM) zzz: a brief 6a)
+(04:52:30 PM) eyedeekay: Sure
+(04:52:52 PM) zzz: zlatinb, reported that the mac arm update went well, so as far as I'm concerned it's out of beta as discussed on my forum
+(04:53:28 PM) zzz: zlatinb, you need to update your page to remove the beta label
+(04:53:28 PM) zzz: eot
+(04:53:28 PM) zlatinb: ok
+(04:53:29 PM) zlatinb: will do soon
+(04:54:24 PM) eyedeekay: All right that puts us at just shy of an hour, anything else for the meeting?
+(04:54:26 PM) eyedeekay: timeout 1m
+(04:54:41 PM) zlatinb: yes
+(04:54:57 PM) zlatinb: if StormyCloud reads the logs, I encourage them to address the concerns raised on reddit
+(04:56:15 PM) zlatinb: the longer that question stays unanswered the worse it looks
+(04:56:18 PM) eyedeekay: agreed, they do sometimes come to reddit and it would be good to hear from them
+(04:56:36 PM) zlatinb: eot
+(04:56:43 PM) eyedeekay: Thanks zlatinb
+(04:57:37 PM) eyedeekay: Anything else for the meeting(again)? timeout 30s this time
+(04:58:21 PM) eyedeekay: Thanks everyone for coming, I'll post the logs tonight, see you around IRC and same time next month

i2p2www/meetings/logs/316.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, October 04, 2022 @ 20:00 UTC
+=============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+zlatinb

i2p2www/meetings/logs/317.log

@@ -0,0 +1,93 @@
+(03:00:31 PM) eyedeekay: Hi everyone, welcome to the November 8 meeting
+(03:00:31 PM) eyedeekay: 1. Hi 
+(03:00:31 PM) eyedeekay: 2. 2.0.0 development status 
+(03:00:31 PM) eyedeekay: 3. Publish source tarballs for bundle releases 
+(03:00:31 PM) eyedeekay: 4. Free Stickers for Translators
+(03:00:31 PM) eyedeekay: Anything else for the agenda?
+(03:00:39 PM) mode (-m ) by zzz
+(03:01:19 PM) zzz: hi
+(03:01:58 PM) eyedeekay: hi zzz
+(03:02:03 PM) eyedeekay: Anybody else here today?
+(03:02:08 PM) eche|on: hi
+(03:02:18 PM) eyedeekay: Hi eche|on
+(03:02:39 PM) eyedeekay: 2. 2.0.0 development status
+(03:02:58 PM) eyedeekay: We're 2 weeks from release with a tag freeze tomorrow, IIRC
+(03:03:49 PM) eyedeekay: Yes that's exactly when
+(03:04:38 PM) eyedeekay: zzz and orignal have been hard at work getting ssu2 ready, the plan is still to enable it
+(03:05:08 PM) eyedeekay: I'll be doing an unsigned release of the I2P Easy-Install for Windows
+(03:05:50 PM) eyedeekay: I don't know the Mac release status, though, are Mac users stuck on 1.9.0 until we can find a new Mac maintainer/signer?
+(03:06:25 PM) zzz: yes. There's a pretty good summary of the release at http://zzz.i2p/topics/3377
+(03:07:02 PM) zzz: the SSU2 testing in the last 3 months with 2% enabled has been a tremendous success
+(03:07:17 PM) zzz: haven't found any major issues, but we've fixed countless minor ones
+(03:08:19 PM) eche|on: go ahead with SSU2
+(03:08:35 PM) eche|on: about mac: I got a dev account and a MAC, but no idea howto currently
+(03:08:39 PM) eche|on: and less time
+(03:09:03 PM) zzz: interesting
+(03:09:31 PM) zzz: do you think you _could_ do it at some point? If so, when?
+(03:09:39 PM) eche|on: I do have the git repo of the mac inclusions, but currently not yet looked into
+(03:09:54 PM) eche|on: IF I find out howto, rather soon (tm)
+(03:10:05 PM) zzz: even if it's a month or two late, that would be fantastic
+(03:10:08 PM) eche|on: but the howto may fail in shorter terms
+(03:10:41 PM) eche|on: also no idea about whats apple going to do, but those are parts to find out
+(03:11:10 PM) eyedeekay: I'll see if I can help you, building the mac jpackages is pretty straightforward, I've never signed them but it's all in the scripts zab wrote
+(03:11:25 PM) zzz: when I do the 2.0.0 news.xml, I'll also put a news entry in the mac feed saying it will be delayed
+(03:11:42 PM) zzz: eyedeekay, do you have a mac?
+(03:11:57 PM) eyedeekay: I have an Intel Mac but no dev account
+(03:12:04 PM) eche|on: sadie has a mac, but neither idk nor sadie do want to go public with their names
+(03:12:25 PM) eche|on: getting a dev account is rather simple : give out your name and pay 100$ a year
+(03:12:28 PM) eyedeekay: I can make a dmg but it gets signed with local keys that aren't allowed on other Macs
+(03:12:32 PM) zzz: I understand. The idea is you could walk thru everything but the notarization
+(03:12:32 PM) eche|on: more or like thats it
+(03:13:12 PM) eche|on: bb 2min
+(03:13:25 PM) zzz: afaik it's the notarization that's the real pita. Hopefully the howto is clear...
+(03:14:14 PM) eyedeekay: I think the only pitfall really is getting the Java dev environments set up, there's a tool you install through brew that switches version that makes it very easy though
+(03:14:25 PM) zzz: eyedeekay, let's put this on the agenda for next month
+(03:14:36 PM) eyedeekay: Can do
+(03:15:19 PM) zzz: in the mean time, please run thru the howto as it currently exists as far as you can w/o notarization, just to test the howto and see if it needs any fixes for ech
+(03:16:10 PM) zzz: esp. to check if the arm64 side is documented
+(03:16:45 PM) eyedeekay: I will do everything I can, although I won't be able to run through the arm64 process because I do not have an arm64 Mac
+(03:16:53 PM) eche|on: I will check howto get the certs with notarization,
+(03:16:55 PM) eyedeekay: I'll do everything up to that though
+(03:17:18 PM) eche|on: eyedeekay: just order a arm64 mac. refund as usual
+(03:17:28 PM) eche|on: no need to stop at that
+(03:17:30 PM) zzz: do you need an ARM mac to build ARM? 
+(03:17:41 PM) zzz: probably...
+(03:17:59 PM) eyedeekay: I'm not quite sure on the subtleties of it all re: cross-compilation
+(03:18:02 PM) zzz: there's also a possible workflow where idk builds and ech notarizes
+(03:18:23 PM) zzz: but we don't need to work it all out here
+(03:18:44 PM) eyedeekay: But jpackage is pretty picky about architecture/OS combinations
+(03:19:28 PM) SoniEx2: raspberry pi?
+(03:19:39 PM) zzz: let's move on to next topic
+(03:19:40 PM) eyedeekay: ELF not Mach-O
+(03:19:42 PM) eyedeekay: But yes
+(03:19:45 PM) eyedeekay: 3. Publish source tarballs for bundle releases
+(03:20:24 PM) eyedeekay: Since it's just me now and I wanted to publish source tarballs the whole time, 2.0.0 Windows getting source tarballs
+(03:20:36 PM) eyedeekay: One for the bundle itself and one for the profile manager component
+(03:21:17 PM) eyedeekay: As part of going through the scripts from the Mac bundle I'll add source tarball generation as part of the process
+(03:21:18 PM) zzz: ok, and since the mac objector has left, let's add one to the mac page also
+(03:21:28 PM) eyedeekay: Will do
+(03:21:41 PM) zzz: great, I'm happy
+(03:22:38 PM) eyedeekay: 4. Free Stickers for Translators
+(03:23:27 PM) eche|on: yeah
+(03:23:49 PM) eyedeekay: eche|on and I talked about this briefly after last month's meeting by email
+(03:23:49 PM) eyedeekay: I think we were each in favor of doing it? I don't have my mail open
+(03:24:23 PM) eche|on: sure we can do this, one for each part of the wolrd
+(03:24:28 PM) zzz: it was my proposal, but it requires a) stickers and b) somebody to mail them
+(03:24:30 PM) eche|on: but my sticker ressources are limited
+(03:24:47 PM) zzz: as I understand we're essentially out of stickers
+(03:24:59 PM) eche|on: sadie/idk still do have several
+(03:25:05 PM) eche|on: I got around 400 or alike only
+(03:25:23 PM) eche|on: should be enough for 1year+, but plan ahead
+(03:25:26 PM) eyedeekay: Oh I ran myself down to like, 8 at All Things Open last week
+(03:25:30 PM) eyedeekay: I'll need to order more
+(03:25:53 PM) eche|on: ah, ok
+(03:26:10 PM) zzz: can you two coordinate on who is ordering, what the design is, and make sure each of you gets half?
+(03:26:16 PM) eyedeekay: Yes we can
+(03:26:34 PM) zzz: super
+(03:27:05 PM) zzz: when you have them in hand, holler and I'll announce on TX
+(03:27:11 PM) eche|on: good
+(03:27:22 PM) zzz: thanks guys
+(03:27:46 PM) eyedeekay: No problem
+(03:27:56 PM) eyedeekay: Anything else on 4 or for the meeting?
+(03:28:25 PM) eche|on: nope
+(03:29:14 PM) eyedeekay: All right thanks everybody for coming, I'll post the meeting in a few minutes

i2p2www/meetings/logs/317.rst

@@ -0,0 +1,12 @@
+I2P dev meeting, November 08, 2022 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+echelon,
+eyedeekay,
+zzz
+

i2p2www/meetings/logs/318.log

@@ -0,0 +1,83 @@
+(08:00:09 PM) eyedeekay: Hello everyone, welcome to the rescheduled dev meeting
+(08:00:09 PM) eyedeekay: 1. Hi 
+(08:00:09 PM) eyedeekay: 2. 2.0.0 Release Status, 2.0.0 Mac Release Status 
+(08:00:09 PM) eyedeekay: 3. 2.1.0 Development Status 
+(08:00:09 PM) eyedeekay: 4. Stickers for Translators
+(08:00:50 PM) zzz: hi
+(08:02:55 PM) eyedeekay: Doesn't seem like he's here? going to move along for now.
+(08:04:04 PM) eyedeekay: 2. 2.0.0 release status: *most* targets of 2.0.0 were released about 3 weeks ago now, including i2p.i2p, Android, Debian and Easy-Install Windows, with Easy-Install for Mac delayed by zlatinb's departure
+(08:04:04 PM) eyedeekay: Ech and I have been working on a plan to replace him in terms of maintenance, signing, and notarization of the OSX bundle, that is still expected for close to the end of this month
+(08:06:01 PM) eyedeekay: Everybody knows how to build everything, has a good idea of the signing requirements, the last remaining thing to do is notarization in practice, and we don't know everything we should expect here but I think we have a good idea
+(08:07:10 PM) eyedeekay: Android needed a point release due to a bug related to compatibility with a new API on newer devices, so Android users should make sure they've upgraded to 2.0.1
+(08:07:10 PM) eyedeekay: eot for me on 2, anything to add zzz
+(08:07:20 PM) zzz: lots
+(08:07:50 PM) uis is now known as Irc2PGuest69907
+(08:08:04 PM) zzz: I had to release a 2.0.0-2ubunutu1 debian/ubuntu build to fix an embarrassing but ultimately harmless bunch of stray symlinks in root
+(08:08:38 PM) zzz: root cause was a typo, deb lint didn't catch it, not sure what the post mortem lesson is other than be more careful, we're root on install...
+(08:09:12 PM) zzz: as far as the network, after 3 weeks, half of it has updated and is using ssu2
+(08:09:39 PM) zzz: exploratory build success has been trending straight down since the release
+(08:09:56 PM) zzz: we're concerned, and monitoring closely
+(08:10:47 PM) zzz: at this point we think it's some combination of ssu-to-ssu2 migration, ssu2 bugs on both our side and in i2pd, and a couple of routers that are spamming the network with tunnel builds
+(08:11:05 PM) zzz: i2pd is considering a mid-cycle january point release to get their fixes out
+(08:11:33 PM) zzz: for now I don't think that's necessary on our side but it's always an option should we choose to
+(08:12:18 PM) zzz: I think that's EOT but I'll have more info in a moment as a part of 3)
+(08:13:09 PM) eyedeekay: Thank you zzz
+(08:13:43 PM) eyedeekay: 3. 2.1.0 Development Status
+(08:17:12 PM) eyedeekay: We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
+(08:17:12 PM) eyedeekay: For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
+(08:18:43 PM) eyedeekay: That's what I'm working on, zzz would you like to continue with your information or 3)?
+(08:19:43 PM) dr|z3d: ... intermission ...
+(08:23:56 PM) anonymousmaybe is now known as Irc2PGuest40130
+(08:24:03 PM) eyedeekay: Welcome back
+(08:25:17 PM) eyedeekay: What was the last thing you got?
+(08:26:28 PM) zzz: back
+(08:26:28 PM) zzz: is it my turn yet? :)
+(08:26:28 PM) dr|z3d: you need to put on an apron and wheel the confectionery tray around the theater :)
+(08:26:28 PM) dr|z3d: did you go out to get us all ice cream? :)
+(08:26:28 PM) dr|z3d: recap:
+(08:26:28 PM) dr|z3d: <eyedeekay> We're 3 weeks in to this cycle, in this time I've been working on getting Android migrated fully over to the modern gradle plugin, I stopped short of migrating from maven to maven-push before release, after that, what's on the list for Android is orbot-style split tunneling for configuring apps without a proxy(Sort of the Android version of torsocks)
+(08:26:28 PM) dr|z3d: <eyedeekay> For desktop I've been working on getting our integration into Whonix fixed and have been work related to getting the Easy-Install for Windows out of beta
+(08:26:28 PM) dr|z3d: <eyedeekay> That's what I'm working on, zzz would you like to continue with your information or 3)?
+(08:26:48 PM) zzz: thanks
+(08:27:04 PM) zzz: drz gave it to me
+(08:27:12 PM) zzz: ok, my turn!
+(08:27:33 PM) zzz: about a week and a half after the release, when a lot of the net had updated, I started chasing SSU2 problems
+(08:27:42 PM) zzz: and found a whole lot
+(08:27:56 PM) zzz: both ours and helped i2pd find some of theirs
+(08:27:58 PM) zzz: so it's been quite busy
+(08:28:14 PM) zzz: as a result, we're at almost 7000 lines of diff, more than the whole 2.0.0 release
+(08:28:38 PM) zzz: and whatever else I had planned for 2.1.0 I haven't gotten to yet, including promised peer selection improvements
+(08:29:50 PM) zzz: I plan to bump to -7 after the meeting
+(08:29:50 PM) zzz: while the "big changes in" deadline is early January, let's stay flexible, as we don't want a bunch of WIP in there if we're going to do a 2.0.1 release
+(08:29:59 PM) zzz: so let's try not to break things with "big changes" if possible. Big changes are fine, as long as they're isolated
+(08:30:40 PM) zzz: but things are going well and we're working closely with i2pd to track down and fix issues
+(08:31:02 PM) zzz: including one-in-a-million ones that are now popping up
+(08:31:16 PM) zzz: and one-in-a-zillion ones that dr|z3d is finding on his high speed routers
+(08:31:30 PM) zzz: that's it! EOT, any questions?
+(08:32:27 PM) eyedeekay: I'm slightly curious how often a "Million" of some things happens in in the real world but possibly a question for another time
+(08:33:17 PM) eyedeekay: Thanks zzz
+(08:34:12 PM) eyedeekay: It seems like once you get a whole bunch of routers doing a thing the odds of a rare event happening somewhere would go up very fast
+(08:35:11 PM) zzz: yeah. perhaps we should have been more cautious, and not go from 2% to 100% in one release. But we'll get through it
+(08:35:17 PM) uis is now known as Irc2PGuest38853
+(08:37:15 PM) eyedeekay: 4. Stickers for Translators
+(08:37:15 PM) eyedeekay: Only real news here is that I now have stickers for mailing, I've got a ton of them so if you're in the Americas then I am prepared to mail them
+(08:37:58 PM) zzz: would you please post something on my forum, saying who is eligible and how to request
+(08:38:17 PM) eyedeekay: Can do
+(08:38:29 PM) zzz: then I will copy paste over to transifex announcement
+(08:38:48 PM) zzz: what's the status of the euro side?
+(08:39:44 PM) eyedeekay: Don't know if he has his yet, will request an update from him tonight
+(08:40:07 PM) zzz: ok, guess I need to wait for that part of it before transifex
+(08:40:43 PM) zzz: please whack him with your baffer for making us reschedule and then not showing :)
+(08:41:07 PM) eyedeekay: Well it was my fault too but I'll make sure to let him know :)
+(08:41:32 PM) zzz: I mean yesterday to today. you're not off the hook for last week :)
+(08:42:41 PM) eyedeekay: That's all I've got for 4 and/or today, anything else for the meeting?
+(08:42:50 PM) zzz: nope
+(08:43:02 PM) zzz: are we on or off for Jan. 3?
+(08:44:26 PM) eyedeekay: All right then thanks zzz for coming, I was going to say "On" for Jan 3 but we could do the 10th instead since IIRC LS2 will be the 9th
+(08:45:01 PM) zzz: doesn't matter, your call
+(08:45:35 PM) eyedeekay: Let's have it on the 9th in January and return to first-Tuesday in February
+(08:45:52 PM) zzz: you mean 10th?
+(08:45:59 PM) eyedeekay: Yes the 10th
+(08:46:07 PM) zzz: ok
+(08:46:15 PM) zzz: meeting over?
+(08:46:25 PM) eyedeekay: Yes

i2p2www/meetings/logs/318.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, December 14, 2022 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz
+

i2p2www/meetings/logs/319.log

@@ -0,0 +1,47 @@
+(08:00:38 PM) eyedeekay: Welcome to the dev meeting, sorry again about about missing the time again yesterday
+(08:00:38 PM) eyedeekay: 1. Hi 
+(08:00:38 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status 
+(08:00:38 PM) eyedeekay: 3. 2.2.0 Development Status 
+(08:00:38 PM) eyedeekay: 4. Congestion Throttling 
+(08:00:38 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
+(08:00:46 PM) mode (-m ) by zzz
+(08:00:57 PM) eyedeekay: 1. Hi
+(08:01:00 PM) eyedeekay: Hi
+(08:01:04 PM) zzz: hi
+(08:01:29 PM) eyedeekay: tunnel_king are you here for 4 and 5?
+(08:02:10 PM) eyedeekay: OK we'll play those by ear for now then
+(08:02:21 PM) eyedeekay: 2. 2.1.0 Release Status, 2.1.0 Mac Release Status
+(08:03:32 PM) eyedeekay: 2.1.0 release happened yesterday, zzz released the software and the torrent went live, the percentage of the network which has updated has gone up about 7% since then if I'm counting the time correctly(so double check)
+(08:04:07 PM) eyedeekay: I released Maven packages the same day, and will have Android updates out on all channels shortly after the end of this meeting
+(08:04:29 PM) eyedeekay: Easy-Install for Windows will follow on that, and Easy-Install for Mac will be after that
+(08:05:10 PM) eyedeekay: I believe that eche|on has given me the last clue I need to work out our notarization issue, we should know within a few days if that's true, which will correspond to a release
+(08:05:30 PM) eyedeekay: Anything to add on the topic zzz?
+(08:05:39 PM) zzz: just a little, thanks
+(08:06:10 PM) zzz: the i2pd release a week ago looks promising, but that makes looking at the effects of our release a little harder
+(08:06:22 PM) zzz: and i2pd plans a point release as early as today
+(08:06:56 PM) zzz: so we won't have great info on what our release is doing, but as long as stats keep getting better, that's the main thing
+(08:07:06 PM) zzz: far too early to say anything today, maybe in a week
+(08:07:08 PM) zzz: EOT
+(08:07:23 PM) eyedeekay: Thanks zzz
+(08:07:42 PM) eyedeekay: 3. 2.2.0 Development Status
+(08:08:52 PM) eyedeekay: I don't have a lot to say on this yet, most of my stuff has remained the same, but I believe we need to agree on a timeline for the release correct?
+(08:09:13 PM) zzz: yeah, obviously we haven't done anything on 2.2.0 yet
+(08:09:36 PM) zzz: I'd propose a standard 13 week cycle from here, unless we have any huge issues
+(08:09:43 PM) eyedeekay: Sounds good to me
+(08:09:46 PM) zzz: so that would be a release early April
+(08:10:12 PM) aeiou_ is now known as aeiou
+(08:10:14 PM) zzz: and put us firmly off our feb/may/aug/nov dates we've been on for several years, oh well
+(08:10:40 PM) zzz: but we really need some time to do everything we didn't get to in our last shortened cycle
+(08:10:48 PM) zzz: so let's pencil in 13 weeks
+(08:10:49 PM) zzz: EOT
+(08:11:22 PM) eyedeekay: Yeah, no argument here
+(08:11:34 PM) eyedeekay: Plan for early April
+(08:12:35 PM) eyedeekay: Anything else on 3?
+(08:12:48 PM) eyedeekay: 4. Congestion Throttling and 5. Hypothetical Traffic Management ( Flood of Tor Users) were both added by tunnel_king on zzz.i2p, but I don't see such a name in the room, if you're here under another name, last call
+(08:14:08 PM) eyedeekay: Anything else to discuss for the meeting?
+(08:15:15 PM) eyedeekay: All right thanks zzz for coming, I promise to set an alarm for the one next month
+(08:15:55 PM) zzz: no
+(08:16:37 PM) eyedeekay: no nothing else for the meeting or no don't stop the meeting?
+(08:16:38 PM) zzz: also I'd like to ask if eche|on is here and has anything to add on 2)
+(08:16:38 PM) zzz: nope, that's it, everybody please click your update button to get that 2.1.0 goodness
+(08:16:53 PM) zzz: nothing else, thanks

i2p2www/meetings/logs/319.rst

@@ -0,0 +1,11 @@
+I2P dev meeting, January 10, 2023 @ 20:00 UTC
+=============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz
+

i2p2www/meetings/logs/320.log

@@ -0,0 +1,153 @@
+(08:01:07 PM) eyedeekay: Hi everybody, sorry I'm late, got disconnected right before the meeting
+(08:01:59 PM) eyedeekay: 1. Hi 
+(08:01:59 PM) eyedeekay: 2. 2.1.0 Status Report
+(08:01:59 PM) eyedeekay: 3. 2.2.0 Development Status 
+(08:01:59 PM) eyedeekay: 4. Congestion Throttling 
+(08:01:59 PM) eyedeekay: 5. Hypothetical Traffic Management ( Flood of Tor Users)
+(08:01:59 PM) eyedeekay: 6. Stickers for translators
+(08:01:59 PM) eyedeekay: zzz where do you want to do your report about the DOS? 2 or own topic?
+(08:02:45 PM) zzz: let's call it 3b)
+(08:02:46 PM) zzz: or 2b)
+(08:02:59 PM) eyedeekay: OK 2b then
+(08:03:00 PM) zzz: your choice
+(08:03:53 PM) eyedeekay: 1. Hi who all is here today besides me and zzz?
+(08:03:58 PM) zzz: hi
+(08:04:09 PM) not_bob: Here
+(08:04:18 PM) echelonMAC: here
+(08:04:18 PM) obscuratus: Hi
+(08:04:29 PM) eyedeekay: Great turnout, thanks everybody
+(08:04:30 PM) echelonMAC: on replacement system.
+(08:05:06 PM) eyedeekay: 2. 2.1.0 Status Report
+(08:05:15 PM) zzz: irc is laggier than usual so please allow a little extra time for responses
+(08:05:38 PM) eyedeekay: Thanks zzz I will keep that in mind
+(08:09:02 PM) eyedeekay: Where to even start... my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app
+(08:09:04 PM) eyedeekay: Android will get a point release on that account
+(08:10:00 PM) eyedeekay: The topic I'm sure is on everybody's mind right now is the network being under attack which has shifted everybody's attention
+(08:10:05 PM) eyedeekay: And that is topic 2b
+(08:10:59 PM) eyedeekay: Shoot I mixed up the topics, scratch that, that was supposed to go to 3. sorry, long week, lot going on
+(08:12:03 PM) eyedeekay: zzz would you do me a favor to take 2? I think I am ill-equipped to present on everything which is going on
+(08:12:28 PM) zzz: sure
+(08:12:29 PM) zzz: but before I do
+(08:12:56 PM) zzz: do you and echelonMAC have a 2.1.0 mac easy-install bundle progress report?
+(08:13:17 PM) eyedeekay: Oh yes I can do that
+(08:14:38 PM) eyedeekay: So, we've been closing in on issues, and right now echelonMAC and have different hypothesis on what's going on which we're both pursuing
+(08:14:38 PM) eyedeekay: My hypothesis is that this all stems from a stale workaround for a bug in Java 14
+(08:15:08 PM) eyedeekay: Where jpackage is supposed to sign the dylib files that are packed into a disk image(dmg) but which are in fact left unsigned
+(08:15:33 PM) echelonMAC: in short: eyedeekaym did redo the signing script, I can buiodl and sign, but still wrong signing for apple
+(08:15:55 PM) eyedeekay: zab worked around this by creating the .app directory and signing the stuff inside it then using jpackage only for the final packaging step
+(08:16:35 PM) eyedeekay: so when we upgraded Java's we started signing everything twice, and we no longer needed to do that signing step manually
+(08:16:47 PM) eyedeekay: echelonMAC correct me if I'm wrong but you think you have the wrong sort of keys?
+(08:17:10 PM) echelonMAC: maybe, maybe not, unsure about that
+(08:17:18 PM) echelonMAC: at least the logs showing this error
+(08:17:53 PM) zzz: my question was higher level, what's the ETA, is 2.1.0 still a target or has that been abandoned and you're hoping for 2.2.0, or what?
+(08:18:15 PM) echelonMAC: 2.1.0 is still the target, but currently no ETA
+(08:18:39 PM) echelonMAC: I can build nearly instant, but digging deeper is currently out of time...
+(08:18:48 PM) eyedeekay: I still want to cut a release of 2.1.0 as soon as we know we can pass notarization, IMO once we can pass it once we should be able to do it predictably
+(08:18:59 PM) zzz: eyedeekay more or less committed to early april 2.2.0 in his blog post, you're not endorsing that ETA echelonMAC ?
+(08:19:49 PM) echelonMAC: I am completely helpless and cant predict a ETA, as I do not full yunderstand signing and building yet.
+(08:20:12 PM) echelonMAC: more or less, I do follow scripts blindly, if idk can fix the signage, the notarization is a 5 min job.
+(08:20:24 PM) echelonMAC: IF the sign does work as appple expect it
+(08:20:26 PM) zzz: ok then I recommend an edit of the blog post eyedeekay, let's not promise things we can't deliver on
+(08:20:33 PM) eyedeekay: Will do
+(08:21:19 PM) zzz: ok thanks you ready for my part of 2) ?
+(08:21:41 PM) eyedeekay: Yes please
+(08:21:48 PM) zzz: great
+(08:22:00 PM) zzz: last meeting was one week after the release, now we're 4 weeks out
+(08:22:15 PM) zzz: my hope was that expl. build success would climb steadily
+(08:22:35 PM) zzz: from the low-20% to low-30%, and then "pop" out of congestion, back to low 40s
+(08:22:45 PM) zzz: only the first part happened
+(08:25:20 PM) zzz: and then we swung back and forth between low 20s and low 30s
+(08:26:56 PM) zzz: so, we have some theories, see 2b)
+(08:26:56 PM) zzz: but I'm happy with the performance of 2.1.0 otherwise
+(08:26:56 PM) zzz: not too many bug reports
+(08:26:56 PM) zzz: I'll give an overview of what we are fixing in 2b) and 3)
+(08:26:56 PM) zzz: about 50% of the network has updated to 2.1.0 or the i2pd equivalent
+(08:26:56 PM) zzz: everybody please update if you haven't
+(08:26:56 PM) zzz: that's all I have for 2a), but I'll pause for a minute for questions / comments before starting 2b)
+(08:28:33 PM) zzz: ok, 2b) current network conditions
+(08:28:33 PM) zzz: over the weekend started an unambiguous attack
+(08:28:33 PM) zzz: lots of floodfill routers
+(08:28:33 PM) zzz: for the most part, the network overall, and java routers, are handling it ok
+(08:28:33 PM) zzz: I do have one report of routers crashing with OOM (out of memory)
+(08:28:54 PM) zzz: I understand that i2pd routers are really struggling with very low tunnel build success rates
+(08:29:06 PM) not_bob: My fleet is up to date.
+(08:29:15 PM) zzz: the attack is starting / stopping / changing several times a day
+(08:29:37 PM) zzz: so we're only about 60 hours in to understanding it and discussing countermeasures
+(08:30:15 PM) zzz: remember the tunnel build problem (now much more likely to be classified as a different attack) started Dec. 19 and took us several weeks to understand and address
+(08:30:27 PM) zzz: so it's early days
+(08:30:36 PM) not_bob: I have one I2P+ router and it's done well to weather this.  But, my i2pd routers not so much.  I've seen as low as 3% tunnel build success.  I'm currently sitting around 10% on those routers.
+(08:31:17 PM) zzz: but this is a straightforward sybil / DHT attack, new to us but familiar to anybody doing peer-to-peer / DHT applications
+(08:31:53 PM) zzz: far too early to say if it will require a release ahead of schedule (for java i2p) or if so when
+(08:32:23 PM) zzz: EOT, I'll wait a couple minutes for discussion / comments / questions
+(08:33:24 PM) eyedeekay: Should people who wind up OOM increase the RAM available to their router?
+(08:36:18 PM) zzz: yeah, that's a straightforward mitigation
+(08:36:18 PM) zzz: stop your router, edit wrapper.config, restart
+(08:36:18 PM) zzz: I expect I'll have mitigations in dev builds in a few days
+(08:36:18 PM) dr|z3d: ideally you want your min heap at around 256M and your max ram at 2-3 times that.
+(08:36:18 PM) not_bob: I do not currently have any stock I2P routers running.
+(08:36:18 PM) zzz: I want to repeat what I said above that the attacks are evolving rapidly, and we want to take our time to address the overall issues
+(08:36:18 PM) zzz: not to focus too narrowly on the specifics
+(08:37:36 PM) zzz: back to you eyedeekay if there's nothing else on 2b)
+(08:38:06 PM) eyedeekay: thanks very much zzz. 3) 2.2.0 Development Status
+(08:39:51 PM) eyedeekay: As I mistakenly stated before, my focus has been on Android UX issues in particular fixing up things I was doing wrong when initializing the app, pretty basic stuff all things considered but all of which was due for improvement
+(08:39:57 PM) eyedeekay: or outright fixing
+(08:40:49 PM) eyedeekay: Examples being fixes for subscriptions and custom ports when building tunnels which got in several user's way after a large increase in users with 2.10
+(08:41:07 PM) dr|z3d: as an aside, and to shine some light on the size of the attack, we've got a user reporting ~30K banned routers. so it's non-trivial :)
+(08:41:07 PM) dr|z3d: (that'll be shiver, who's here)
+(08:42:36 PM) mark22k: I got 56005 banned peers.
+(08:42:58 PM) eyedeekay: Holy moley. I have 11027 and I thought that was a lot
+(08:43:08 PM) moristo: Is this the work of a nation state--the banned routers or any other noticable patten?
+(08:43:50 PM) moristo: Spectrum internet was off yesetrday in FL and Italy the day before.
+(08:43:54 PM) moristo: *yesterday.
+(08:43:55 PM) zzz: let's get back to 3) please and table further attack discussion until after the meeting
+(08:44:05 PM) echelonMAC: Banned Peers (57053)
+(08:44:22 PM) moristo: oh, is there a meeting in progress? My bad.
+(08:46:50 PM) zzz: eyedeekay, you still with us?
+(08:47:11 PM) eyedeekay: yeah I'm here
+(08:47:37 PM) zzz: you have more on 3) or is it my turn?
+(08:47:37 PM) eyedeekay: started a long one:
+(08:47:37 PM) eyedeekay: i2p.firefox(Easy-Install for Windows is also getting worked on, more of the work is being done by removal there, updates are getting simplified now that the old admin-style installs are all migrated to user-style installs
+(08:47:37 PM) eyedeekay: portable USB install support is on the horizon for 2.2.0
+(08:47:43 PM) eyedeekay: With updates
+(08:48:21 PM) eyedeekay: Other issues and user-complaints I'm addressing or deciding how to address are on that issue tracker
+(08:48:28 PM) eyedeekay: EOT for me
+(08:48:47 PM) zzz: ok you saw the NPE issue in i2p.i2p right?
+(08:49:10 PM) eyedeekay: Yes I did, hot on the trail
+(08:49:21 PM) zzz: ok holler if you need help ofc
+(08:49:24 PM) zzz: 3) for me:
+(08:49:47 PM) zzz: I finished the peer selection refactor I've been working on since september, finally
+(08:50:31 PM) zzz: I think I fixed the erroneous symmetric nat indications that were in 2.1.0, but need somebody with that problem to test and report
+(08:50:59 PM) zzz: got a cool new i2psnark search box
+(08:51:19 PM) zzz: almost done with "congestion caps" (proposal 162)
+(08:51:31 PM) echelonMAC: :-)
+(08:51:49 PM) zzz: and some more tweaks to refine our handling of tunnel build congestion
+(08:52:18 PM) zzz: late last week, I thought I was pretty much done with 2.2.0 and could relax for two months until the release
+(08:52:31 PM) zzz: so, unfortunately, now we have a lot more to do
+(08:52:48 PM) zzz: that's the way it goes sometimes
+(08:53:24 PM) not_bob: Thank you for that, a major quality of life improvement.
+(08:53:24 PM) zzz: EOT, I'll wait a minute for discussion, then back to you eyedeekay 
+(08:53:37 PM) zzz: haha not_bob you're welcome
+(08:55:00 PM) eyedeekay: Last call for 3?
+(08:55:20 PM) eyedeekay: 4. Congestion Throttling - I think this was a tunnel_king topic, is tunnel_king here?
+(08:55:42 PM) zzz: back to you eyedeekay 
+(08:57:39 PM) eyedeekay: 4. Congestion Throttling, 5. Hypothetical Traffic Management ( Flood of Tor Users) - both introduced by tunnel_king, last call for tunnel_king
+(08:59:01 PM) eyedeekay: OK last one, 6. Stickers for translators
+(08:59:01 PM) eyedeekay: Specifically rules for people receiving stickers outside of the Americas
+(08:59:58 PM) zzz: this was my topic, only because unresolved since last meeting
+(09:00:28 PM) zzz: echelonMAC you have an answer?
+(09:00:41 PM) echelonMAC: not en detail, but who wnats should receive a bunch of stickers if they sent their address
+(09:01:04 PM) echelonMAC: aka sned a announcement in transifex and send out after receive of address
+(09:01:19 PM) echelonMAC: but currently no new stickers arrivced here
+(09:01:35 PM) eyedeekay: Tracking says the 10th
+(09:01:55 PM) zzz: I'm awaiting echelonMAC to post the instructions on my forum, then I will copy/paste to transifex
+(09:02:17 PM) echelonMAC: ok
+(09:02:28 PM) zzz: that's where we've been for a month
+(09:02:42 PM) zzz: thanks
+(09:03:33 PM) eyedeekay: Anything else for 6 or for the meeting?
+(09:03:36 PM) zzz: EOT on 6) for me, back to you eyedeekay 
+(09:04:32 PM) zzz: one closing word for the meeting: zzz.i2p the best place for news and weather, I'll post there when I know more than I do now
+(09:04:32 PM) zzz: thanks
+(09:04:55 PM) eyedeekay: Thanks very much for that zzz, and thanks everybody for coming to the meeting
+(09:05:44 PM) eyedeekay: See you around IRC and same time next month
+(09:08:55 PM) zzz: thanks eyedeekay 
+(09:08:55 PM) zzz: got thru it without disconnects

i2p2www/meetings/logs/320.rst

@@ -0,0 +1,14 @@
+I2P dev meeting, February 07, 2023 @ 20:00 UTC
+==============================================
+
+Quick recap
+-----------
+
+* **Present:**
+
+eyedeekay,
+zzz,
+not_bob,
+echelonMAC,
+obscuratus
+

i2p2www/pages/downloads/browser-content.html

@@ -1,11 +1,12 @@
-<p>{% trans -%} Your web browser will need to be configured in order to browse web sites on I2P and to utilize the outproxies available within I2P. Below are walkthroughs for some of the most popular browsers. {%- endtrans %}</p>
+<p>{% trans -%} A web browser will need to be configured to access sites and services on the I2P network, and to utilize outproxies. Below are walkthroughs for some of the most popular browsers. {%- endtrans %}</p>
 
 <h2>{{ _('Firefox Profile for Windows') }}</h2>
-<p>{% trans profile='/firefox' -%} If you are using Windows, the recommended way of accessing I2P is using the
+<p>{% trans profile='/firefox' -%} If you are using Windows, the recommended way of accessing the I2P network is using the
     <a href='{{ profile }}'>Firefox profile</a>. {%- endtrans %}</p>
-<p>{% trans -%} If you do not wish to use that profile or are not on Windows, you need to configure your browser yourself. Read below on how to that. {%- endtrans %}</p>
+<p><strong>{% trans -%} If you used the Easy-Install bundle, the Firefox profile is included and you can skip this page. {%- endtrans %}</strong></p>
+<p>{% trans -%} If you do not wish to use that profile or are not on Windows, you will need to configure a browser. {%- endtrans %}</p>
 
-<h2>{{ _('How to configure your browser') }}</h2>
+<h2>{{ _('How To Configure Your Browser') }}</h2>
 
 <ul>
     <li><a href="#firefox">Firefox</a></li>
@@ -22,7 +23,7 @@
 <p>{% trans %}It does pre-configuration of your browser by enabling some of the privacy Browser Settings like ResistFingerprinting, and enforces WebRTC proxy obedience. It also contains menus, shortcuts, and monitoring tools improving Firefox's integration
     with I2P. It should not substantially interfere with your non-I2P Firefox tabs. {% endtrans %}</p>
 <p>{% trans %}The extension, <a href="https://addons.mozilla.org/en-US/firefox/addon/i2p-in-private-browsing/">I2P in Private Browsing</a>, can be obtained from the Mozilla addon store. {% endtrans %}</p>
-<p>{% trans %}The source code for the extension is, <a href="https://i2pgit.org/idk/I2P-in-Private-Browsing-Mode-Firefox">i2pgit.org</a>. {% endtrans %}</p>
+<p>{% trans %}The source code for the extension is available at <a href="https://i2pgit.org/idk/I2P-in-Private-Browsing-Mode-Firefox">i2pgit.org</a>. {% endtrans %}</p>
 <h4>{% trans %}Instructions for Firefox 57 and above:{% endtrans %}</h4>
 <p>{% trans -%} From the Menu button in the top right, select <em>Preferences</em>. Scroll down until you see the <em>Network Proxy</em> section, as shown in the screenshot below. Click on <em>Settings</em> {%- endtrans %}</p>
 <img src="{{ url_for('static', filename='images/firefox57.preferences.png') }}" alt="{{ _('Firefox57 Network Options') }}" title="{{ _('Firefox57 Network Options') }}">
@@ -32,7 +33,7 @@
 <img src="{{ url_for('static',
 filename='images/firefox57.connectionsettings.png') }}" alt="{{ _('Firefox57
 Connection Settings') }}" title="{{ _('Firefox57 Connection Settings') }}">
-<p>{% trans -%} Finally, go to the address <em>about:config</em> and find the property media.peerConnection.ice.proxy_only. Ensure that this setting is True. {%- endtrans %}</p>
+<p>{% trans -%} Finally, go to the address <em>about:config</em> and find the property media.peerConnection.ice.proxy_only. Ensure that this setting is True. Now find the property keyword.enabled, and set it to False.{%- endtrans %}</p>
 <img src="{{ url_for('static',
 filename='images/firefox.webrtc.png') }}" alt="{{ _('Firefox57
 PeerConnection Settings') }}" title="{{ _('Firefox57 PeerConnection Settings') }}">
@@ -60,7 +61,7 @@ in IceRaven will proxy all your IceRaven browsing over I2P.</em>{% endtrans %}</
 <p>{% trans %}Open the IceRaven main menu, and scroll to the top until you see the "Add-Ons" submenu. Tap the "Add-Ons Manager" option in the "Add-Ons" submenu. Install the extension named <em>I2P Proxy for Android and other Systems</em>. {% endtrans %}</p>
 <p>{% trans %}Your IceRaven browser is now configured to use I2P. {% endtrans %}</p>
 <p>{% trans %}This extension also works in pre-Fenix(Pre-Firefox-68) Firefox based web browsers, if installed from the following addons.mozilla.org URL.
-    <em><a href="https://addons.mozilla.org/en-US/android/addon/i2p-proxy/">I2P Proxy for Android and Other Systems</a><em>
+    <em><a href="https://addons.mozilla.org/en-US/android/addon/i2p-proxy/">I2P Proxy for Android and Other Systems</a></em>
 {% endtrans %}</p>
 <p>{% trans %}This extension is identical to the Chromium extension and is built from the same source.{% endtrans %}</p>
 <p>{% trans %}In order to enable extension support in Firefox Nightly, you should follow
@@ -88,29 +89,24 @@ settings and your browser is set to use the I2P proxy.
 <a name="TOS"></a>
 <h3>{{ _('Outproxy Terms Of Service') }}</h3>
 <p>{% trans -%}
-I2P is not designed for creating proxies to the Internet.
-Instead, it is meant to be used as an internal network.
+The I2P network is a peer-to-peer overlay network.
+Proxying to the clearnet is not part of its design or function with regards to its communication protecting network features.
 {%- endtrans %}</p>
 <p>{% trans -%}
-<p><b>The I2P project itself does not run any proxies to the Internet.</b>
-The I2P software includes two outproxies: false.i2p and outproxy-tor.meeh.i2p.
-Even though domain names are different, it's the same outproxy you hit,
-multihomed/keyed for better performance. These are run by a volunteer. </p>
-<a href="http://privacysolutions.no"
-    target="_blank">http://privacysolutions.no</a>
+<p><b>The I2P Project itself does not run any proxies to the Internet.</b>
+The I2P software includes a default outproxy: exit.stormycloud.i2p.
+These are run by StormyCloud Inc. </p>
+<a href="https://stormycloud.org"
+    target="_blank">https://stormycloud.org</a>
 {%- endtrans %}</p>
-<p>{% trans http='false.i2p', https='outproxy-tor.meeh.i2p' -%}
-By default, I2P comes with two outproxies configured: <code>{{ http }}</code>
-and <code>{{ https }}</code>. Even the domain names are different, it's the same outproxy you hit.
-(multi-homed/keyed for better performance)
+<p>{% trans http='exit.stormycloud.i2p', https='exit.stormycloud.i2p' -%}
+By default, I2P comes with one outproxy configured: <code>{{ http }}</code>.
 {%- endtrans %}</p>
 <p>{% trans -%}
-Filtering is active on these outproxies (for example, mibbit and torrent tracker
-access is blocked). I2P Sites that are accessible via .i2p addresses are also
+I2P Sites that are accessible via .i2p addresses are also
 not allowed via the outproxies.
-As a convenience, the outproxy blocks ad servers.
 {%- endtrans %}</p>
 <p>{% trans -%}
 <a href="https://www.torproject.org">Tor</a> provides a browser to use as an outproxy to the Internet.
 {%- endtrans %}</p>
-<!-- vim: set noai ff=unix nosi ft=html tw=79 et sw=4 ts=4 spell spelllang=en: -->
+<!-- vim: set noai ff=unix nosi ft=html tw=79 et sw=4 ts=4 spell spelllang=en: -->

i2p2www/pages/downloads/debian.html

@@ -86,6 +86,13 @@ part of <a href="#Post-install_work">starting I2P</a> and configuring it for you
 
 <h2 id="debian">{{ _('Instructions for Debian') }}</h2>
 
+<p><b>NOTICE:</b>
+Our old Debian repos <a href="https://deb.i2p2.de/">deb.i2p2.de</a> and
+<a href="http://deb.i2p2.no/">deb.i2p2.no</a> are EOL.
+Please follow <a href="https://deb.i2p.net">these instructions</a>
+to update to the new repository, <code>deb.i2p.net</code>.
+</p>
+
 <em>{% trans -%}Currently supported architectures{%- endtrans %}: amd64, i386, armhf, arm64, powerpc, ppc64el, s390x</em>
 
 <p>{% trans -%}
@@ -107,15 +114,31 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
     <pre>
     <code>
     # Use this command on Debian Bullseye or newer only.
-  echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p2.de/ $(lsb_release -sc) main" \
+  echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p.net/ $(lsb_release -sc) main" \
   | sudo tee /etc/apt/sources.list.d/i2p.list
     </code>
     </pre>
-    if you are using Debian Buster or older distributons, use the following command instead:
+    {% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
+    <pre>
+    <code>
+    # Use this command on Debian Downstreams like LMDE or ParrotOS only.
+  echo "deb [signed-by=/usr/share/keyrings/i2p-archive-keyring.gpg] https://deb.i2p.net/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
+  | sudo tee /etc/apt/sources.list.d/i2p.list
+    </code>
+    </pre>
+    {% trans -%}If you are using Debian Buster or older official Debian distributons, use the following command instead:{%- endtrans %}
     <pre>
     <code>
     # Use this command on Debian Buster or older only.
-  echo "deb https://deb.i2p2.de/ $(lsb_release -sc) main" \
+  echo "deb https://deb.i2p.net/ $(lsb_release -sc) main" \
+  | sudo tee /etc/apt/sources.list.d/i2p.list
+    </code>
+    </pre>
+    {% trans -%}If you're using a downstream variant of Debian like LMDE or Kali Linux, the following command fill find the correct version for your distribution:{%- endtrans %}
+    <pre>
+    <code>
+    # Use this command on Debian Buster or older only.
+  echo "deb https://deb.i2p.net/ $(dpkg --status tzdata | grep Provides | cut -f2 -d'-') main" \
   | sudo tee /etc/apt/sources.list.d/i2p.list
     </code>
     </pre>
@@ -150,7 +173,7 @@ user to root with <code>su</code> or by prefixing each command with <code>sudo</
   <li>{% trans -%}Copy the keyring to the keyrings directory:{%- endtrans %}
     <pre>
     <code>
-  sudo cp ~/i2p-archive-keyring.gpg /usr/share/keyrings</code>
+  sudo cp i2p-archive-keyring.gpg /usr/share/keyrings</code>
     </pre>
     If you are using a distribution older than Debian Buster, you will also need
     to symlink that key to <code>/etc/apt/trusted.gpg.d</code>.

i2p2www/pages/downloads/docker.html

@@ -29,7 +29,7 @@ services:
 <h4 id="volumes">{% trans -%}Volumes{%- endtrans %}</h4>
 <p>{% trans -%}The container requires a volume for the configuration data to be mounted. Optionally, you can mount a separate volume for torrent (“i2psnark”) downloads. See the example below.{%- endtrans %}</p>
 <h4 id="memory-usage">{% trans -%}Memory usage{%- endtrans %}</h4>
-<p>{% trans -%}By the default the image limits the memory available to the Java heap to 512MB. You can override that with the <code>JVM_XMX</code> environment variable.{%- endtrans %}</p>
+<p>{% trans -%}By default the image limits the memory available to the Java heap to 512MB. You can override that with the <code>JVM_XMX</code> environment variable.{%- endtrans %}</p>
 <h4 id="ports">{% trans -%}Ports{%- endtrans %}</h4>
 <p>{% trans -%}There are several ports which are exposed by the image. You can choose which ones to publish depending on your specific needs.{%- endtrans %}</p>
 <table>

i2p2www/pages/downloads/easyinstall.html

@@ -13,6 +13,10 @@ elaborate install process. To learn more about the Firefox profile that
 comes bundled with this installer, visit <a href="{{ firefox }}">The Firefox
 Profile Page</a>.
 {%- endtrans %}</p>
+<p>{% trans -%}
+The latest I2P Easy-Install bundle for Windows has been released unsigned.
+Please verify that the hashes match the downloads when installing the bundle.
+{%- endtrans %}</p>
 <h2>{{ _('What do I need to use it?') }}</h2>
 <p><strong>{% trans -%}
 Just Firefox (Or Tor Browser).{%- endtrans %}</strong>
@@ -35,9 +39,9 @@ no need to refer to potentially unhelpful system-wide Windows settings. The I2P
 it uses is otherwise identical to the "regular" I2P.
 {%- endtrans %}</p>
 <h2>{{ _('How do I use it?') }}</h2>
-<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
+<p>{% trans firefox="https://www.mozilla.org/" -%}
 First, download and install <a href="{{ firefox }}">Firefox</a>, then,
-just download and install <a href="{{ postfilename }}">this installer</a>. To
+just download and install this installer(below). To
 start an installer, "double-click" the downloaded .exe file.
 {%- endtrans %}</p>
 <p>{% trans -%}
@@ -55,8 +59,8 @@ special configuration. You don't even need to close existing Firefox windows.
 
 {%- set name     = 'Windows' -%}
 {%- set icon     = 'images/download/windows.png' -%}
-{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
-{%- set hash     = '0012fd31a0bbfca36c820055de00682365d7955d53b11e79432fb2b2ea05432c' -%}
+{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
+{%- set hash     = 'a8e7e02b00428a150d8287774879c3babd4f0eeede7b691403dc283c05bda750' -%}
 
 {% call package_outer('windows', name, icon) %}
     <div class = "file">
@@ -76,18 +80,20 @@ special configuration. You don't even need to close existing Firefox windows.
     {%- endtrans %}</p>
 {% endcall %}
 
+<!--
 {% trans signer='zlatinb',
 signingkey=url_for('static', filename='zlatinb.key.crt') -%}
 The files are signed by {{ signer }},
 <a href="{{ signingkey }}">whose key is here</a>.
 {%- endtrans %}
+-->
 
 <h2>{{ _('What is in it?') }}</h2>
 <p><strong>{% trans -%}
 A Jpackaged I2P Router: {%- endtrans %}</strong>
 {% trans -%}The I2P router is "jpackaged" which means that it includes all
 the required Java components it needs to run successfully. It does not require
-a separate Java installation, because it bundles a Java 16 Runtime which is only
+a separate Java installation, because it bundles a Java Runtime which is only
 used for I2P.
 {%- endtrans %}</p>
 <p><strong>{% trans -%}
@@ -106,6 +112,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
 {%- endtrans %}</div>
 <div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
 <div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
+<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
+<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
 <div>{% trans -%}
 If you wish to file an issue about the Firefox profile, please use Gitlab to
 contact us. For security-sensitive issues, please remember to check the

i2p2www/pages/downloads/firefox.html

@@ -14,6 +14,10 @@ time it installs the browser profile. This page has been kept to document the
 motivations and design of the included Firefox profile. To learn more about the
 new bundle, visit <a href="{{ nsis }}">The Easy Install Bundle Page</a>.
 {%- endtrans %}</p>
+<p>{% trans -%}
+The latest I2P Easy-Install bundle for Windows has been released unsigned.
+Please verify that the hashes match the downloads when installing the bundle.
+{%- endtrans %}</p>
 <h2>{{ _('I2P Firefox Browser Profile') }}</h2>
 <p>{% trans -%}
 Now that you have joined the I2P network, you will want to see I2P Sites and and 
@@ -32,16 +36,16 @@ some browser features, this also reduces the attack surface available to outside
 This keeps you safer while browsing the Invisible Web.
 {%- endtrans %}</p>
 <h2>{{ _('How do I use it?') }}</h2>
-<p>{% trans firefox="https://www.mozilla.org/", postfilename=pver('I2P-Profile-Installer-%s.exe') -%}
+<p>{% trans firefox="https://www.mozilla.org/" -%}
 First, download and install <a href="{{ firefox }}">Firefox</a>, then,
-just download and install <a href="{{ postfilename }}">this installer</a>. To
+just download and install this installer(below). To
 start an installer, "double-click" the downloaded .exe file.
 {%- endtrans %}</p>
 
 {%- set name     = 'Windows' -%}
 {%- set icon     = 'images/download/windows.png' -%}
-{%- set filename = 'I2P-Profile-Installer-%s-signed.exe' -%}
-{%- set hash     = 'eadb338a5895f73e6ed4985a9f7dfdac722f74c9bcdd0bd35957e7dcd5759a3a' -%}
+{%- set filename = 'I2P-Easy-Install-Bundle-%s.exe' -%}
+{%- set hash     = 'a8e7e02b00428a150d8287774879c3babd4f0eeede7b691403dc283c05bda750' -%}
 
 {% call package_outer('windows', name, icon) %}
     <div class = "file">
@@ -61,12 +65,6 @@ start an installer, "double-click" the downloaded .exe file.
     {%- endtrans %}</p>
 {% endcall %}
 
-{% trans signer='zlatinb',
-signingkey=url_for('static', filename='zlatinb.key.crt') -%}
-The files are signed by {{ signer }},
-<a href="{{ signingkey }}">whose key is here</a>.
-{%- endtrans %}
-
 <h2>{{ _('What is in it?') }}</h2>
 <p><strong>{% trans -%}
 A Jpackaged I2P Router: {%- endtrans %}</strong>
@@ -91,6 +89,8 @@ can be found in the license directory of the <code>i2p.firefox</code> project.
 {%- endtrans %}</div>
 <div><a href="https://i2pgit.org/i2p-hackers/i2p.firefox">{% trans -%}Gitlab Repository{%- endtrans %}</a></div>
 <div><a href="https://github.com/i2p/i2p.firefox">{% trans -%}Github Repository{%- endtrans %}</a></div>
+<div><a href="https://i2pgit.org/idk/i2p.plugins.firefox">{% trans -%}Gitlab Repository for Profile Manager{%- endtrans %}</a></div>
+<div><a href="https://github.com/eyedeekay/i2p.plugins.firefox">{% trans -%}Github Repository Profile Manager{%- endtrans %}</a></div>
 <div>{% trans -%}
 If you wish to file an issue about the Firefox profile, please use Gitlab to
 contact us. For security-sensitive issues, please remember to check the

i2p2www/pages/downloads/list.html

@@ -1,4 +1,4 @@
-{% extends "global/layout.html" %} {%- from "downloads/macros" import package, package_outer with context -%} {% set release_signer = 'zzz' %} {% block title %}{{ _('Download') }}{% endblock %} {% block content_nav %}
+{% extends "global/layout.html" %} {%- from "downloads/macros" import package, package_outer with context -%} {% set release_signer = 'idk' %} {% block title %}{{ _('Download') }}{% endblock %} {% block content_nav %}
 <script type="text/javascript" src="/_static/site.js"></script>
 <ul>
     <li><a href="#windows">Windows</a></li>
@@ -51,18 +51,20 @@ If you would like to try the latest experimental I2P projects, visit the <a href
     </div>
     {% endcall %}
 
-    <h5>{%- trans %}I2P Easy Install Bundle for Mac OS X{%- endtrans %}</h5>
-    {% call package_outer('mac', "Mac OS X", 'images/download/mac-osx.png') %}
-    <h3>{% trans %}I2P Easy Install Bundle for Mac OS X{% endtrans %}</h3>
-    <p>{% trans i2pversion=ver() -%}The I2P Easy Install Bundle for Mac OS X is packaged using OSX's standard ".dmg" package type, which allows it to use Apple's built-in tools to securely, reliably, and easily install the package. It does not require Java to be installed.
+    <h5>{%- trans %}I2P for Mac OS X{%- endtrans %}</h5>
+    {% call package('mac') %}
+    <p>{% trans i2pversion=ver() -%} I2P is available as a Java application for Mac OSX. It is distributed as a Java <code>.jar</code> installer and therefore MacOS will ask you for explicit permission to run the software.
         {%- endtrans %}</p>
     <div class="file">
-        <a class="default" href="{{ get_url('downloads_mac') }}">{% trans %}I2P Easy Install Bundle for Mac OS X{% endtrans %}</a>
+        <p></p>
+        <a class="default" href="{{ get_url('downloads_macos') }}">{% trans %}Here is a helpful guide to installing I2P for Mac OS using a separate Java installation and the classic installer.{% endtrans %}</a>
     </div>
     {% endcall %}
 
+
     <h5>{%- trans %}I2P for Linux{%- endtrans %}</h5>
     {% call package('unix') %}
+
     <p>{% trans i2pversion=ver() -%} The most reliable way to launch the installer is from a terminal like this:
         <code>java -jar i2pinstall_{{ i2pversion }}.jar</code>. This will launch the GUI installer. Depending on how your computer is set up, you may be able to start the installer by double-clicking the &quot;i2pinstall_{{ i2pversion }}.jar&quot; file
         or right-clicking the file and selecting &quot;Open with Java&quot;. Unfortunately, this behaviour is difficult to predict. {%- endtrans %}</p>
@@ -119,10 +121,14 @@ If you would like to try the latest experimental I2P projects, visit the <a href
 
 </div>
 
-{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%} The files are signed by {{ signer }},
-<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%} The Windows installer is signed by {{ signer }},
-<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %} {% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%} The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
-<a href="{{ signingkey }}">whose key is here</a>. {%- endtrans %}
+{% trans signer=release_signer, signingkey=site_url('get-involved/develop/release-signing-key') -%}The files are signed by {{ signer }},
+<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
+<!--
+{% trans signer='zlatinb', signingkey=url_for('static', filename='zlatinb.key.crt') -%}The Windows installer is signed by {{ signer }},
+<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
+{% trans signer='mikalv (meeh)', signingkey=url_for('static', filename='mikalv.key.crt') -%}The Mac OS X native installer is signed by {{ signer }} with his Apple Developer ID certificate,
+<a href="{{ signingkey }}">whose key is here</a>.{%- endtrans %}
+-->
 
 <h3 id="update">{{ _('Updates from earlier releases:') }}</h3>
 

i2p2www/pages/downloads/mac.html

@@ -3,17 +3,12 @@
 {% block title %}Mac OS X Easy Install Bundle{% endblock %}
 {% block content %}
 
-<h1>{{ _('Mac OS X Easy Install Bundle') }}</h1>
+<h1>{{ _('Mac OS Easy Install Bundle') }}</h1>
 <p>{% trans -%}
-We are excited to offer you a DMG-based bundle for Mac OS X.  It installs and behaves
-the same way many other Mac OS X applications do and does not require a Java
+We are excited to offer you a DMG-based bundle for Mac OS.  It installs and behaves
+the same way many other Mac OS applications do and does not require a Java
 Runtime Environment to be available.
 {%- endtrans %}</p>
-<p>{% trans perf="https://i2pgit.org/i2p-hackers/i2p-jpackage-mac/-/issues/1" -%}
-This bundle is built for <code>x86_64(Intel)</code> Macs. It will run on
-<code>ARM(M1)</code> Macs in emulated mode, but the performance is unknown. M1 Mac
-users should report results to us at the <a href="{{ perf }}">Gitlab Repository</a>.
-{%- endtrans %}</p>
 <h2>{{ _('How do I use it?') }}</h2>
 <p>{% trans -%}
 Double-Click on the .dmg file, which you may download from this page. When a
@@ -43,11 +38,21 @@ that are familiar and built-into the operating system.
 {%- set name     = 'OSX' -%}
 {%- set icon     = 'images/download/mac-osx.png' -%}
 {%- set filename = 'I2P-%s.dmg' -%}
-{%- set hash     = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' -%}
+{%- set filename_arm64 = 'I2P-arm64-%s.dmg' -%}
+{%- set hash     = '4bd75d633d497cc25cd256ec7cfcddec2a25d87ad118d0c125c788623d23a98e' -%}
+{%- set hash_arm64 = '773bcf127a2e1c0eafee944753a772426c1f7b5c6a8fb3f4d0b7e87bdcfc840b' -%}
+
+<p><b>Important Note:</b>
+The 2.1.0 Mac OSX Easy Install Bundle release is delayed.
+Please install the 1.9.0 release below.
+You will be notified in the router console when the 2.1.0 update is available.
+Thank you for your patience.
+</p>
 
 {% call package_outer('osx', name, icon) %}
     <div class = "file">
 	    <a class = "default" href="{{ url_for('downloads_redirect', version=mver(), net=def_mirror.net, protocol=def_mirror.protocol, domain=def_mirror.domain, file=mver(filename) )}}">
+                    <span class = "name">Intel (x86-64)</span><br/>
 		    <span class = "name">{{ mver(filename) }}</span><br/>
 		    <span class="mirror">{{ _('Mirror:') }} <img src="{{ url_for('static', filename='images/flags/'+def_mirror.country+'.png') }}" /> {{ def_mirror.org }}</span>
 	    </a>
@@ -58,12 +63,44 @@ that are familiar and built-into the operating system.
 		    <code>{{ hash }}</code>
 	    </div>
     </div>
-    <p>{% trans -%}
-Download that file and double-click on it.  Accept the License Agreement, then
+{% endcall %}
+
+{% call package_outer('osx', name, icon) %}
+    <div class = "file">
+	    <a class = "default" href="{{ url_for('downloads_redirect', version=mver(), net=def_mirror.net, protocol=def_mirror.protocol, domain=def_mirror.domain, file=mver(filename_arm64) )}}">
+                    <span class = "name">Apple Silicon (arm64)</span><br/>
+		    <span class = "name">{{ mver(filename_arm64) }}</span><br/>
+		    <span class="mirror">{{ _('Mirror:') }} <img src="{{ url_for('static', filename='images/flags/'+def_mirror.country+'.png') }}" /> {{ def_mirror.org }}</span>
+	    </a>
+	    <a class="mirrors" href="{{ get_url('downloads_select', version=mver(), file=mver(filename_arm64)) }}">{{ _('select alternate mirror') }}</a>
+    </div>
+    <div class="meta">
+	    <div class="hash">
+		    <code>{{ hash_arm64 }}</code>
+	    </div>
+    </div>
+{% endcall %}
+
+<h2>{{ _('Instructions') }}</h2>
+<p>{% trans -%}
+Download the appropriate file for your Mac hardware and double-click on it.  Accept the License Agreement, then
 drag the <code>I2P</code> icon on top of the <code>Applications</code> icon.
 Launch I2P from Finder.
-    {%- endtrans %}</p>
-{% endcall %}
+{%- endtrans %}</p>
+
+<h3>{{ _('Apple Silicon Notes') }}</h3>
+<p>{% trans -%}
+If you own an Apple silicon Mac and have previously installed the Intel bundle on it you need to change the update configuration to make sure the next I2P update does not revert your bundle to Intel.
+{%- endtrans %}</p>
+
+<p>{% trans -%}
+Go to the "Configure Update" page, usually located at:
+{%- endtrans %}</p> 
+<code>http://127.0.0.1:7657/configupdate</code>
+<p>{% trans -%}
+Then copy-paste the following in the "News URL" field:
+{%- endtrans %}</p> 
+<code>http://tc73n4kivdroccekirco7rhgxdg5f3cjvbaapabupeyzrqwv5guq.b32.i2p/mac-arm64/stable/news.su3</code>
 
 <h2>{{ _('Limitations') }}</h2>
 <p>{% trans -%}

i2p2www/pages/downloads/macos.html

@@ -0,0 +1,176 @@
+{% extends "global/layout.html" %}
+{% block title %}Apple MacOS{% endblock %}
+{% block accuratefor %}0.9.47{% endblock %}
+{% block content %}
+<h1>{{ _('Separately Installing I2P and its dependencies on MacOS(The Long Way)') }}</h1>
+
+<p>{% trans -%}
+    This is a detailed, step-by-step guide to installing and configuring I2P, including all dependencies and setting up a browser, on a new MacOS system.
+    Many users will be able to skip steps if they already have Java 8 or Firefox installed.{%- endtrans %}</p>
+
+<h2>{{ _('So what are we going to do here?') }}</h2>
+
+<p>{% trans -%}We're going to finish four tasks. We are going to:{%- endtrans %}</p>
+
+<ol>
+<li><a href="#part-one-install-java">{% trans -%}Install Java{%- endtrans %}</a></li>
+<li><a href="#part-two-install-i2p">{% trans -%}Install I2P{%- endtrans %}</a></li>
+<li><a href="#part-three-configure-i2p-app">{% trans -%}Configure I2P App{%- endtrans %}</a></li>
+<li><a href="#part-four-configure-i2p-bandwidth">{% trans -%}Configure I2P Bandwidth{%- endtrans %}</a></li>
+</ol>
+
+<h3 id="part-one-install-java">{{ _('Part One: Install Java') }}</h3>
+
+<p>{% trans -%}
+    In order to use I2P, you will need a suitable Java environment.
+    This guide uses Oracle's Java 8 implementation.
+    Please install it by following the instructions below:
+{%- endtrans %}</p>
+
+<p>{% trans -%}If you already have Java installed, you may{%- endtrans %} <a href="#part-two-install-i2p">Skip This Step</a></p>
+
+<ol>
+<li>{% trans -%}Begin by downloading Java, for example, {%- endtrans %} <a href="https://java.com/en/download/">using this version from Oracle</a>.
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
+<li><img src="/_static/images/macos/1-jre.png" alt="You need Oracle Java for MacOS" title="" /></li>
+</ul></li>
+<li>{% trans -%}Double-click the installer you just downloaded and allow the installer permission to proceed.{%- endtrans %}:
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-jre.png" alt="Give the installer permission to proceed" title="" /></li>
+</ul></li>
+<li>{% trans -%}Accept the License terms.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/3-jre.png" alt="Start installing Java" title="" /></li>
+</ul></li>
+<li>{% trans -%}Java will show you some information about what it is and where it runs while you wait for it to finish installing.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/4-jre.png" alt="Wait for the installer" title="" /></li>
+</ul></li>
+<li>{% trans -%}When Java is done installing, it will look like this.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/5-jre.png" alt="Step one complete" title="" /></li>
+</ul></li>
+</ol>
+
+<h3 id="part-two-install-i2p">{{ _('Part Two: Download and Install I2P from a .jar file') }}</h3>
+
+<ol>
+<li>{% trans -%}Download I2P for Unix from{%- endtrans %} <a href="https://geti2p.net/en/download#unix">https://geti2p.net</a>.
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-i2p.png" alt="Download I2P" title="" /></li>
+<li><img src="/_static/images/macos/1-i2p.png" alt="Select your Language" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Because I2P is being installed from a .jar file, it cannot be signed by an Apple certificate.
+    You will need to allow it special permission to install.
+    Even though the installer is unsigned, the updates are signed end-to-end by I2P.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-i2p.png" alt="Introduction" title="" /></li>
+<li><img src="/_static/images/macos/3-i2p.png" alt="Exception" title="" /></li>
+<li><img src="/_static/images/macos/4-i2p.png" alt="Profit" title="" /></li>
+</ul></li>
+<li>{% trans -%}Select a language you are familiar with.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/5-i2p.png" alt="Select Components" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Now the installer is ready to start.
+    Click next to advance.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/6-i2p.png" alt="Start installing" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Accept the license.
+    I2P is Free Software, mostly in the public domain with limited use of GPL2, Creative Commons, and other Free and Open-Source Licenses.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/7-i2p.png" alt="Accept the License Agreement(or mostly lack thereof)" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Install the I2P router and base config.
+    It is recommended that you keep the install directory the default.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/8-i2p.png" alt="Install the files" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    I2P is now installed!
+    The remaining installer pages explain some aspects of running I2P on OSX.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/9-i2p.png" alt="Finish it up" title="" /></li>
+<li><img src="/_static/images/macos/10-i2p.png" alt="Finish it up" title="" /></li>
+<li><img src="/_static/images/macos/11-i2p.png" alt="Finish it up" title="" /></li>
+</ul></li>
+</ol>
+
+<h3 id="part-three-configure-i2p-app">{{ _('Part Three: Configure I2P App') }}</h3>
+
+<ol>
+<li>{% trans -%}
+    For convenience, you may want to create a shortcut to launch the I2P router.
+    Find the "i2p" directory in the "Applications" directory using Finder.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-conf.png" alt="Open the Applications dir" title="" /></li>
+</ul></li>
+<li>{% trans -%}Open the folder and find the Start Router Icon shown.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/1-conf.png" alt="Find the launcher" title="" /></li>
+</ul></li>
+<li>{% trans -%}Click the icon to start the I2P router - it will show up in your dock as shown and you can choose too keep it there.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-conf.png" alt="Add it to the launch bar" title="" /></li>
+</ul></li>
+</ol>
+
+<h3 id="part-four-configure-i2p-bandwidth">{{ _('Part Four: Configure I2P Bandwidth') }}</h3>
+
+<ol>
+<li>{% trans -%}
+    When you visit the I2P router console for the first time, it will automatically direct you to the configuration wizard.
+    Start by selecting a language for the I2P interface.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/0-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
+</ul></li>
+<li>{% trans -%}Next, pick either a dark or light theme.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/1-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    The next step is the bandwidth test.
+    The bandwidth test takes a minute to run completely.
+    During the bandwidth test, we'll need to connect to the external M-Lab Service, which makes a direct connection to a remote server(Operated by Measurement Lab) to measure your internet speed.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/2-wiz.png" alt="Run the bandwidth test" title="" /></li>
+<li><img src="/_static/images/macos/3-wiz.png" alt="Start the bandwidth wizard" title="" /></li>
+</ul></li>
+<li>{% trans -%}
+    Confirm the bandwidth measurement and adjust your share percentage.
+    {%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/4-wiz.png" alt="Let the participant know what the bandwidth test entails" title="" /></li>
+</ul></li>
+<li>{% trans -%}Confirm your bandwidth settings and adjust how much of your bandwidth you wish to share.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/5-wiz.png" alt="Run the bandwidth test" title="" /></li>
+</ul></li>
+<li>{% trans -%}You're finished! I2P is now configured.{%- endtrans %}
+<ul style="list-style-type: none;">
+<li><img src="/_static/images/macos/6-wiz.png" alt="Run the bandwidth test" title="" /></li>
+</ul></li>
+</ol>
+
+<p>{% trans -%}If you want to re-run the welcome wizard after completing it, you can visit the page
+on{%- endtrans %} <a href="http://localhost:7657/welcome">your router console</a>.</p>
+
+<p>{% trans -%}That's it! You're now ready to use I2P. You can browse I2P Sites, download files, host services,
+e-mail and chat anonymously. Visit the <a href="https://localhost:7657/home">router console homepage</a> to
+get started.{%- endtrans %}</p>
+
+{% endblock %}

i2p2www/pages/downloads/macros

@@ -1,16 +1,16 @@
-{% set i2pinstall_windows_hash = '738b7608d7f2c6433dcde8a1cbd7ea025d281e90b45c8695385004625a4c88d1' %}
-{% set i2pinstall_jar_hash     = 'ee49cad06fd73e75ed25eaab342f8167e447b901205ee8593a31b5a599d892af' %}
-{% set i2psource_hash          = '525f2ad3267f130b81296b3dd24102fdcf2adf098d54272da4e1be4abd87df04' %}
-{% set i2pupdate_hash          = '3379fe757eecbf20688ee37685fe52f15ac04fd59e891c6a059a33d519c4ff19' %}
-{% set i2p_android_hash        = '0e6196e601b99455d03bca190f6df10d68ef1337f023edcad9ec8953362795a7' %}
+{% set i2pinstall_windows_hash = '681884cf79f001a360dd3635f7b31e889d407af8c3edb6fe89d841a5421ba563' %}
+{% set i2pinstall_jar_hash     = 'f4474ca98914f18fce1a4ce37a6b3cd080499919e4202a29b8eae51798f0c7c1' %}
+{% set i2psource_hash          = '03989319e186d9b06ed96ea0efa6ac95af1bc57af956d7f5f06f52f8da64fcd7' %}
+{% set i2pupdate_hash          = '1b79b2593bbe60e08da3f84411d48a5f1fe0c8cfd934f1c90d2fece436c1f2b5' %}
+{% set i2p_android_hash        = '13b6e3c35756605e8e65804ab91cb34521c819fcfaebafb348eba5d40bed6699' %}
 {% set i2p_macnative_hash      = '18cb22cfcc3cbe0cec150e89a394d1a35703cb508ed627ef48084b7ba7c90dde' %}
 
 {% set i2p_windows_subver = '' %}
-{% set i2p_macosx_launcher_version = '1.8.0' %}
+{% set i2p_macosx_launcher_version = '1.9.0' %}
 
-{% set i2p_android_version = '1.8.0' %}
+{% set i2p_android_version = '2.9.0' %}
 {% set i2p_android_version_kytv = '0.9.22' %}
-{% set i2p_android_version_fdroid = '0.9.50' %}
+{% set i2p_android_version_fdroid = '2.6.0' %}
 
 
 {% macro package_outer(type, name, icon) -%}
@@ -48,7 +48,7 @@
   {%- set signame  = 'i2pupdate_%s.zip.sig' -%}
   {%- set hash     = i2pupdate_hash -%}
 {%- elif type == 'macnative' -%}
-  {%- set name     = _('Mac OS X Native (Beta)') -%}
+  {%- set name     = _('Mac OS Native (Beta)') -%}
   {%- set icon     = 'images/download/mac-osx.png' -%}
   {%- set filename = 'I2PMacLauncher-%s-beta-'+i2p_macosx_launcher_version+'.dmg' -%}
   {%- set signame  = 'I2PMacLauncher-%s-beta-'+i2p_macosx_launcher_version+'.dmg.sig' -%}
@@ -60,8 +60,11 @@
   {%- set hash     = 'geti2p/i2p@sha256:e622209388edc49b99d8216baa731b1f54a0634c87cd47c1739f2188891daf3a' -%}
 {%- else -%}
   {%- if type == 'mac' -%}
-    {%- set name     = 'Mac OS X' -%}
+    {%- set name     = 'Mac OS' -%}
     {%- set icon     = 'images/download/mac-osx.png' -%}
+    {%- set filename = 'i2pinstall_%s.jar' -%}
+    {%- set signame  = 'i2pinstall_%s.jar.sig' -%}
+    {%- set hash     = i2pinstall_jar_hash -%}
   {%- elif type == 'unix' -%}
     {%- set name     = 'Linux / BSD / Solaris' -%}
     {%- set icon     = 'images/download/freebsd-tux.png' -%}
@@ -77,8 +80,8 @@
     {%- if type == 'android' %}
       <!-- do not use url_for here -->
       <h3>{% trans %}Download I2P for {% endtrans %}{{name}}</h3>
-      <a class="default" href="https://download.i2p2.no/android/current/app.apk">{% trans %}Outside I2P{% endtrans %} ({{ i2p_android_version }})</a>
-      <a class="sig" href="https://download.i2p2.no/android/current/app.apk.asc">sig</a>
+      <a class="default" href="https://files.i2p-projekt.de/{{ i2p_android_version }}/app.apk">{% trans %}Outside I2P{% endtrans %} ({{ i2p_android_version }})</a>
+      <a class="sig" href="https://files.i2p-projekt.de/{{ i2p_android_version }}/app.apk.asc">sig</a>
       <!-- do not use i2pconv here -->
       <!--<a class="default" href="http://update.killyourtv.i2p/i2p.apk">{% trans %}Inside I2P{% endtrans %} ({{ i2p_android_version_kytv }})</a> -->
       <a class="default" href="https://play.google.com/store/apps/details?id=net.i2p.android">Google Play ({{ i2p_android_version }})</a>

i2p2www/pages/downloads/mirrors

@@ -1,9 +1,9 @@
 {"net": "clearnet", "protocol": "https", "domain": "files.i2p-projekt.de", "path": "/%(version)s/%(file)s", "org": "i2p-projekt", "country": "de"}
+{"net": "clearnet", "protocol": "https", "domain": "download.i2p2.no", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
 {"net": "clearnet", "protocol": "https", "domain": "download.i2p2.de", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
 #{"net": "clearnet", "protocol": "https", "domain": "launchpad.net", "path": "/i2p/trunk/%(version)s/+download/%(file)s", "org": "Launchpad", "org_url": "https://launchpad.net", "country": "us"}
 {"net": "i2p", "protocol": "http", "domain": "mgp6yzdxeoqds3wucnbhfrdgpjjyqbiqjdwcfezpul3or7bzm4ga.b32.i2p", "path": "/%(version)s/%(file)s", "org": "idk.i2p"}
 {"net": "clearnet", "protocol": "http", "domain": "download.i2p2.de", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
-{"net": "clearnet", "protocol": "http", "domain": "download.i2p2.no", "path": "/releases/%(version)s/%(file)s", "org": "sigterm.no", "country": "no"}
 {"net": "clearnet", "protocol": "https", "domain": "eyedeekay.github.io", "path": "/files/releases/%(version)s/%(file)s", "org": "idk.i2p"}
 #{"net": "clearnet", "protocol": "https", "domain": "dl.dropboxusercontent.com", "path": "/u/18621288/I2P/%(version)s/%(file)s", "org": "Dropbox", "country": "us"}
 #{"net": "clearnet", "protocol": "https", "domain": "googledrive.com", "path": "/host/0B4jHEq5G7_EPWV9UeERwdGplZXc/%(version)s/%(file)s", "org": "Google Drive", "country": "us"}

i2p2www/pages/downloads/windows.html

@@ -131,7 +131,11 @@ and configure Firefox for I2P.{%- endtrans %} </p>
 <h4>{{ _('Install the I2P Firefox Profile') }}</h4>
 
 <ol>
-<li>{% trans -%}Download the Firefox Profile Bundle from the I2P Web Site.{%- endtrans %}
+<li>{% trans -%}
+    Download the Firefox Profile Bundle from the I2P Web Site.
+    The I2P Firefox Profile has been replaced by the Easy Install Bundle for Windows.
+    The Easy-Installl can still be used as a profile manager for an Un-Bundled I2P router installed via this procedure.
+    {%- endtrans %}
 <ul style="list-style-type: none;">
 <li><img src="/_static/images/download/windows/profile.png" alt="Grab the Firefox Profile" title="" /></li>
 </ul></li>

i2p2www/pages/global/nav.html

@@ -132,7 +132,9 @@
                 <ul>
                   <li><a href="{{ site_url('docs/transport') }}"><div class="menuitem"><span>{{ _('Transport layer overview') }}</span></div></a></li>
                   <li><a href="{{ site_url('docs/transport/ntcp') }}"><div class="menuitem"><span>NTCP</span></div></a></li>
+                  <li><a href="/spec/ntcp2"><div class="menuitem"><span>NTCP2</span></div></a></li>
                   <li><a href="{{ site_url('docs/transport/ssu') }}"><div class="menuitem"><span>SSU</span></div></a></li>
+                  <li><a href="/spec/proposals/159-ssu2"><div class="menuitem"><span>SSU2(Proposal 159)</span></div></a></li>
                 </ul>
               </li>
               <li class="has-sub"><div class="menuitem"><span>{{ _('Tunnels') }}</span></div>

i2p2www/pages/papers/anonbib.bib

@@ -31,6 +31,51 @@
 #
 # Proposed new sections: application privacy, data anonymization, ...
 #
+@inproceedings {abdo,
+  author = {Jacques Bou Abdo and Liaquat Hossain},
+  title = {Modeling the Invisible Internet},
+  booktitle = {Complex Networks and their Applications XII},
+  year = {2024},
+  url = {https://link.springer.com/chapter/10.1007/978-3-031-53472-0_30},
+  publisher = {Springer},
+  month = {February},
+  www_section = traffic,
+}
+
+@techreport{stickland2021,
+  title = {Foundations of Rigorous Cyber Experimentation},
+  author = {Michael Stickland and Justin D. Li and Laura Swiler and Thomas Tarman},
+  institution = {Sandia National Laboratories},
+  year = {2021},
+  month = {September},
+  url = {https://www.osti.gov/servlets/purl/1854751/},
+  www_section = traffic,
+}
+
+@phdthesis{yu2021,
+  title = {Research and implementation of bridge technology in I2P anonymous system},
+  author = {Yu Chih-Wei},
+  school = {Beijing University of Posts and Telecommunications},
+  year = {2021},
+  url = {https://www.zhangqiaokeyan.com/academic-degree-domestic_mphd_thesis/020318030805.html},
+  www_section = comm,
+}
+
+@article {qu2020,
+  author = {QU Yun-xuan and WANG Yi-jun and XUE Zhi},
+  title = {Analysis and Identification of I2P Anonymous Communication Traffic Characteristics},
+  journal={Communications Technology},
+  year = {2020},
+  month = {January},
+  volume={53},
+  number = {1},
+  pages={161--167},
+  doi={10.3969/j.issn.1002-0802.2020.01.028},
+  url = {http://stats.i2p/docs/AII2PACTC-eng.docx},
+  www_pdf_url = {http://stats.i2p/docs/I2P%20%E5%8C%BF%E5%90%8D%E9%80%9A%E4%BF%A1%E6%B5%81%E9%87%8F%E7%89%B9%E5%BE%81%E5%88%86%E6%9E%90%E4%B8%8E%E8%AF%86%E5%88%AB-min.pdf},
+  keywords={anonymous communication; I2P; traffic identification; statistical feature analysis},
+  www_section = traffic,
+}
 
 @inproceedings {239068,
   author = {Nguyen Phong Hoang and Sadie Doreen and Michalis Polychronakis},
@@ -92,7 +137,7 @@
   school = {University of Amsterdam},
   year = {2018},
   month = {June},
-  www_pdf_url = {https://delaat.net/rp/2017-2018/p97/report.pdf},
+  www_pdf_url = {https://docslib.org/doc/12313748/blockchain-based-sybil-attack-mitigation-a-case-study-of-the-i2p},
     www_section = comm,
 }
 
@@ -223,7 +268,7 @@ services, namely Tor, JonDonym, and I2P as case studies; and
 (iii) present a mechanism to evaluate anonymity services based
 on our factors and measure the level of anonymity.}},
   keywords = {Anonymity Factors ; Metrics ; Tor ; I2P ; JonDonym},
-  www_pdf_url = {https://www.cs.dal.ca/sites/default/files/technical_reports/CS-2017-01.pdf},
+  www_pdf_url = {https://cdn.dal.ca/content/dam/dalhousie/pdf/faculty/computerscience/technical-reports/CS-2017-01.pdf},
   www_section = comm,
 }
 
@@ -233,7 +278,7 @@ on our factors and measure the level of anonymity.}},
   booktitle = {Proceedings of the 38th IEEE Symposium on Security and Privacy Workshops, 2nd International Workshop on Traffic Measurements for Cybersecurity (WTMC 2017)},
   year = {2017},
   month = {May},
-  www_pdf_url = {https://www.cs.dal.ca/sites/default/files/technical_reports/cs-2017-04.pdf},
+  www_pdf_url = {https://www.researchgate.net/publication/321999503_Effects_of_Shared_Bandwidth_on_Anonymity_of_the_I2P_Network_Users},
   www_section = traffic,
 }
 
@@ -246,6 +291,16 @@ on our factors and measure the level of anonymity.}},
   www_section = comm,
 }
 
+@inproceedings{jeong2016,
+  title = {A Longitudinal Analysis of .i2p Leakage in the Public DNS Infrastructure},
+  author = {Seong Hoon Jeong and Ah Reum Kang and Joongheon Kim and Huy Kang Kim2 and Aziz Mohaisen},
+  booktitle = {SIGCOMM 2016 August 22-26, Florianopolis, Brazil},
+  year = {2016},
+  month = {August},
+  www_pdf_url = {https://www.cs.ucf.edu/~mohaisen/doc/sigcomm16.pdf},
+  www_section = comm,
+}
+
 #
 # Actually a bachelors thesis but there's no @ for that
 #
@@ -261,7 +316,7 @@ that presents I2P Observer, a software to collect information about I2P and one
 possibilities on I2P.}},
   note = {Title : Analysis of the I2P Network. School: Bern University of Applied Sciences - Department of Computer Science},
   www_section = traffic,
-  www_pdf_url = {https://jenix.net/i2p-observer/Analysis_of_the_I2P_Network-Bachelor_Thesis.pdf},
+  www_pdf_url = {https://docslib.org/doc/6144412/analysis-of-the-i2p-network-information-gathering-and-attack-evaluations},
 }
 
 @inproceedings{jeong2016,
@@ -285,7 +340,7 @@ that a large number of queries are observed and outlining
 various potential directions of addressing such leakage.}},
   keywords = {I2P, DNS, privacy, security, network analysis},
   www_section = traffic,
-  www_pdf_url = {https://www.cse.buffalo.edu/~mohaisen/doc/16-sigcomm.pdf},
+  www_pdf_url = {https://www.cs.ucf.edu/~mohaisen/doc/sigcomm16.pdf},
   pages = {557--558},
 }
 
@@ -551,7 +606,7 @@ networks},
   howpublished = {Seminar, Humboldt University of Berlin},
   year = {2011},
   month = {November},
-  www_pdf_url = {http://userpage.fu-berlin.de/~semu/docs/2011_seminar_ehlert_i2p.pdf},
+  www_pdf_url = {https://www.freehaven.net/anonbib/cache/ehlert2011:usability-comparison-i2p-tor.pdf},
   www_section = comm,
 }
 
@@ -635,7 +690,7 @@ networks},
   abstract={{Today, to be monitored while surfing the web seems to be a natural act and thus tools and applications to achieve online anonymity are more important than ever. The usability of such a tool plays not only a prominent role for each single user; in the area of anonymization networks it usually holds that the protection for every single user is higher, the more users participate. Hence, usability is of great importance, since bad usability decreases the number of potential users. In this paper we examine the usability of four software implementations for anonymous communication techniques especially with regards to the installation procedure. The usability is evaluated with the help of cognitive walk-throughs. We also inspect the quality of service of these implementations by means of a performance test.}},
   keywords={Internet;security of data;anonymity networks;anonymization networks;anonymous communication techniques;cognitive walk-throughs;installation;quality of service;software implementations;usability inspection;Communication system security;Inspection;Monitoring;Operating systems;Privacy;Quality management;Quality of service;System testing;Technology management;Usability;AN.ON;Anonymity;HCI;JAP;JonDo;JondoNym;Tor;Usability},
   doi={10.1109/CONGRESS.2009.38},
-  www_pdf_url = {http://pimenidis.org/research/papers/usability-inspection.pdf},
+  www_pdf_url = {https://www.researchgate.net/publication/224084986_Usability_Inspection_of_Anonymity_Networks},
   www_section = comm,
 }
 

i2p2www/pages/site/about/intro.html

@@ -1,50 +1,86 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('Intro') }}{% endblock %}
 {% block content %}
-<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>      
-<h2>What is I2P?</h2>
-<p>{% trans %}The Invisible Internet Project (I2P) is a fully encrypted private network layer that has been developed with privacy and security by design in order to provide protection for your activity,
-location and your identity.  The software ships with a router that connects you to the network and applications for sharing, communicating and building. {%- endtrans %}</p>
+<h1>{{ _('The Invisible Internet Project') }} (I2P)</h1>
 
-<h3>{% trans -%}I2P Cares About Privacy{%- endtrans %}</h3>
+<p>{% trans %}
+  The Invisible Internet Project began in 2002.
+  The vision for the project, as described in an interview with Lance James was for the I2P Network "to deliver full anonymity, privacy, and security at the highest level possible. Decentralized and peer to peer Internet means no more worrying about your ISP controlling your traffic. This will allow (people) to do seamless activities and change the way we look at security and even the Internet, utilizing public key cryptography, IP steganography, and message authentication. The Internet that should have been, will be soon."
+  Since then I2P has evolved to specify and implement a complete suite of network protocols capable of delivering a high level of privacy, security, and authentication to a variety of applications.
+{%- endtrans %}</p>
 
-<p>{% trans %}I2P hides the server from the user and the user from the server. All I2P traffic is internal to the I2P network. Traffic inside I2P does not interact with the Internet directly. It is a layer on top of the Internet. It uses encrypted unidirectional tunnels between you and your peers. No one can see where traffic is coming from, where it is going, or what the contents are. Additionally I2P offers resistance to pattern recognition and blocking by censors. Because the network relies on peers to route traffic, location blocking is also reduced.
-{%- endtrans %}</p> 
+<h3>{% trans -%}The I2P network{%- endtrans %}</h3>
+
+<p>{% trans %}
+  The I2P network is a fully encrypted peer-to-peer overlay network.
+  An observer cannot see a message's contents, source, or destination.
+  No one can see where traffic is coming from, where it is going, or what the contents are.
+  Additionally I2P transports offer resistance to recognition and blocking by censors.
+  Because the network relies on peers to route traffic, location-based blocking is a challenge that grows with the network.
+  Every router in the network participates in making the network anonymous.
+  Except in cases where it would be unsafe, everyone participates in sending and receiving network traffic.
+{%- endtrans %}</p>
 
 <h3>{% trans -%}How to Connect to the I2P Network{%- endtrans %}</h3>
 
-<p>{% trans %}The Invisible Internet Project provides software to download that connects you to the network. In addition to the network privacy benefits, I2P provides an application layer that allows people to use and create familiar apps for daily use. I2P provides its own unique DNS so that you can self host or mirror content on the network. You can create and own your own platform that you can add to the I2P directory or only invite your friends. The I2P network functions the same way the Internet does. When you download the I2P software, it includes everything you need to connect, share, and create privately.{%- endtrans %}</p>
+<p>{% trans %}
+  The core software (Java) includes a router that introduces and maintains a connection with the network.
+  It also provides applications and configuration options to personalize your experience and workflow.
+{%- endtrans %}</p>
+
+<h3>{% trans -%}What Can I Do On The I2P Network?{%- endtrans %}</h3>
+
+<p>{% trans %}
+  The network provides an application layer for services, applications, and network managment.
+  The network also has its own unique DNS that allows self hosting and mirroring of content from the Internet (Clearnet).
+  The I2P network functions the same way the Internet does.
+  The Java software includes a BitTorrent client, and email as well as a static website template.
+  Other applications can easily be added to your router console.
+{%- endtrans %}</p>
 
 <h3>{% trans -%}An Overview of the Network{%- endtrans %}</h3>
 
-<p>{% trans %}I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports. I2P tunnels use transports, NTCP2 and SSU, to hide the nature of the traffic being transported over it. Connections are encrypted from router-to-router, and from client-to-client(end-to-end). Forward-secrecy is provided for all connections. Because I2P is cryptographically addressed, I2P addresses are self-authenticating and only belong to the user who generated them.
+<p>{% trans %}
+  I2P uses cryptography to achieve a variety of properties for the tunnels it builds and the communications it transports.
+  I2P tunnels use transports, NTCP2 and SSU2, to conceal the traffic being transported over it.
+  Connections are encrypted from router-to-router, and from client-to-client(end-to-end).
+  Forward-secrecy is provided for all connections.
+  Because I2P is cryptographically addressed, I2P network addresses are self-authenticating and only belong to the user who generated them.
 {%- endtrans %}</p>
 
-<p>{% trans %}I2P is a secure and traffic protecting Internet-like layer. The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels. Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP, etc), passing messages. Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages. These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network. I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
+<p>{% trans %}
+  The network is made up of peers ("routers") and unidirectional inbound and outbound virtual tunnels.
+  Routers communicate with each other using protocols built on existing transport mechanisms (TCP, UDP), passing messages.
+  Client applications have their own cryptographic identifier ("Destination") which enables it to send and receive messages.
+  These clients can connect to any router and authorize the temporary allocation ("lease") of some tunnels that will be used for sending and receiving messages through the network.
+  I2P has its own internal network database (using a modification of the Kademlia DHT) for distributing routing and contact information securely.
 {%- endtrans %}</p>
 
-<h3>{% trans -%}About Decentralization and I2P{%- endtrans %}</h3>
+<h3>{% trans -%}About Decentralization and the I2P Network{%- endtrans %}</h3>
 
-<p>{% trans %}The I2P network is almost completely decentralized, with exception to what are called "Reseed Servers," which is how you first join the network. This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem. Basically, there's not a good and reliable way to get out of running at least one permanent bootstrap node that non-network users can find to get started. Once you're connected to the network, you only discover peers by building "exploratory" tunnels, but to make your initial connection, you need to get a peer set from somewhere. The reseed servers, which you can see listed on http://127.0.0.1:7657/configreseed in the Java I2P router, provide you with those peers. You then connect to them with the I2P router until you find one who you can reach and build exploratory tunnels through. Reseed servers can tell that you bootstrapped from them, but nothing else about your traffic on the I2P network.{%- endtrans %}</p>
+<p>{% trans %}
+  The I2P network is almost completely decentralized, with exception to what are called Reseed Servers.
+  This is to deal with the DHT ( Distributed Hash Table ) bootstrap problem.
+  Basically, there is not a good and reliable way to get out of running at least one permanent bootstrap node that non-network participants can find to get started.
+  Once connected to the network, a router only discovers peers by building "exploratory" tunnels, but to make the initial connection, a reseed host is required to create connections and onboard a new router to the network.
+  Reseed servers can observe when a new router has downloaded a reseed from them, but nothing else about traffic on the I2P network.
+{%- endtrans %}</p>
 
-<h3>{% trans -%}I see IP addresses of all other I2P nodes in the router console. Does that mean my IP address is visible by others?{%- endtrans %}</h3>
+<h3>{% trans -%}The I2P Network Does Not Exit Traffic{%- endtrans %}</h3>
 
-<p>{% trans %}Yes, this is how a fully distributed peer-to-peer network works. Every node participates in routing packets for others, so your IP address must be known to establish connections. While the fact that your computer runs I2P is public, nobody can see your activities in it. You can't say if a user behind this IP address is sharing files, hosting a website, doing research or just running a node to contribute bandwidth to the project.{%- endtrans %}
-
-<h3>{% trans -%}What I2P Does Not Do{%- endtrans %}</h3>
-
-<p>{% trans %}The I2P network does not officially "Exit" traffic. It has outproxies to the Internet run by volunteers, which are centralized services. I2P is primarily a hidden service network and outproxying is not an official function, nor is it advised. The privacy benefits you get from participating in the the I2P network come from remaining in the network and not accessing the internet. I2P recommends that you use Tor Browser or a trusted VPN when you want to browse the Internet privately.{%- endtrans %}</p>
+<p>{% trans %}
+  Outproxies to the Internet are run by volunteers, and are centralized services.
+  The privacy benefits from participating in the the I2P network come from remaining in the network and not accessing the internet.
+  Tor Browser or a trusted VPN are better options for browsing the Internet privately.
+{%- endtrans %}</p>
 
 <h3>{% trans -%}Comparisons{%- endtrans %}</h3>
 
 <p>{% trans -%}
-There are a great many other applications and projects working on anonymous 
-communication and I2P has been inspired by much of their efforts.  This is not 
-a comprehensive list of anonymity resources - both freehaven's 
-<a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a>
-and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a>
-serve that purpose well.  That said, a few systems stand out for further
-comparison. The following have individual comparison pages:
+  There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts.
+  This is not a comprehensive list of anonymity resources - both freehaven's <a href="http://freehaven.net/anonbib/topic.html">Anonymity Bibliography</a> and GNUnet's <a href="https://www.gnunet.org/links/">related projects</a> serve that purpose well.
+  That said, a few systems stand out for further comparison.
+  The following have individual comparison pages:
 {%- endtrans %}</p>
 
 <ul>

i2p2www/pages/site/about/media.html

@@ -1,6 +1,6 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('Presentations on I2P') }}{% endblock %}
-{% block lastupdated %}2022-03{% endblock %}
+{% block lastupdated %}2024-09{% endblock %}
 {% block content %}
 <p>{% trans papers=site_url('papers') -%}
 Following are links to presentations, videos, and tutorials about I2P. Links to research papers on I2P are available <a href="{{ papers }}">here</a>.
@@ -139,6 +139,25 @@ Andrew Savchenko (bircoph), FOSDEM, Brussel, February 4, 2018
 idk
 {%- endtrans %}</li>
 
+<li>
+I2P, blockchain and the application (FOSDEM 2021)
+<a href="https://odysee.com/@diva.exchange:d/diva-exchange-fosdem-21:c">video</a>
+February 7, 2021
+</li>
+
+<li>
+Private, fully distributed exchange (DEX), Monero and I2P research results
+<a href="https://odysee.com/@diva.exchange:d/monerokon2022:0">video</a>
+MoneroKon 2022 Lisbon
+July 5, 2022
+</li>
+
+<li>
+DNS for I2P (FOSDEM 2023)
+<a href="https://odysee.com/@diva.exchange:d/diva-dns-i2p-fosdem2023:2">video</a>
+February 12, 2023
+</li>
+
 
 </ul>
 
@@ -264,6 +283,33 @@ Opt Out Podcast Season 2 Episode 10
 March 6, 2022
 </li>
 
+<li>
+I2P and DIVA.EXCHANGE - Interview with Konrad
+(<a href="https://odysee.com/@diva.exchange:d/i2p-diva-exchange-2022-09-26:6">video</a>)
+September 26, 2022
+</li>
+
+<li>
+Interview with Sadie on I2P and the Free Internet
+(<a href="https://www.diva.exchange/en/privacy/i2p-and-the-free-internet-interview-with-a-community-member/">interview</a>)
+February 2024
+</li>
+
+<li>
+Interview with Phillip on I2P Network Reliability
+(<a href="https://www.diva.exchange/en/privacy/i2p-network-reliability-is-on-the-radar-of-the-academic-community/">interview</a>)
+March 2024
+</li>
+
+<li>
+Interview with IDK on I2P Development
+(<a href="https://www.diva.exchange/en/privacy/i2p-interview-with-the-developer-idk-part-1/">interview part 1</a>)
+July 2024;
+(<a href="https://www.diva.exchange/en/privacy/i2p-interview-with-the-developer-idk-part-2/">interview part 2</a>)
+September 2024
+</li>
+
+
 </ul>
 
 <h2>{{ _('Other') }}</h2>

i2p2www/pages/site/about/performance/index.html

@@ -2,26 +2,19 @@
 {% block title %}{{ _('Performance') }}{% endblock %}
 {% block content %}
 
-<h2>{% trans %}How does I2P work, why is it slow, and why does it not use my full bandwidth?{% endtrans %}</h2>
+<h2>{% trans %}I2P Network Performance: Speed, Connections and Resource Management{% endtrans %}</h2>
 
 <p>{% trans -%}
-Probably one of the most frequent things people ask is "how fast is I2P?",
-and no one seems to like the answer - "it depends".  After trying out I2P, the
-next thing they ask is "will it get faster?", and the answer to that is a most
-emphatic <b>yes</b>.
+The I2P network is fully dynamic. Each client is known to other nodes and tests locally known nodes for reachability and capacity.
+Only reachable and capable nodes are saved to a local NetDB.
+During the tunnel building process, the best resources are selected from this pool to build tunnels with.
+Because testing happens continuously, the pool of nodes changes.
+Each I2P node knows a different part of the NetDB, meaning that each router has a different set of I2P nodes to be used for tunnels.
+Even if two routers have the same subset of known nodes, the tests for reachability and capacity will likely show different results, as the other routers could be under load just as one router tests, but be free when the second router tests.
 {%- endtrans %}</p>
 
 <p>{% trans -%}
-I2P is a full dynamic network. Each client is known to other nodes and tests local known nodes for reachability and capacity.
-Only reachable and capable nodes are saved to a local NetDB (This is generally only a portion of the network, around 500-1000).
-When I2P builds tunnels, it selects the best resource from this pool. For example, a small subset of 20-50 nodes are only available to build tunnels with.
-Because testing happens every minute, the pool of used nodes changes every minute.
-Each I2P node knows a different part of the net, meaning that each router has a different set of I2P nodes to be used for tunnels.
-Even if two routers have the same subset of known nodes, the tests for reachability and capacity will likely show different results, as the other routers could be under load just as one router tests, but be free if the second router tests.
-{%- endtrans %}</p>
-
-<p>{% trans -%}
-The above describes why each I2P node has different nodes to build tunnels.
+This describes why each I2P node has different nodes to build tunnels.
 Because every I2P node has a different latency and bandwith, tunnels (which are built via those nodes) have different latency and bandwidth values.
 And because every I2P node has different tunnels built, no two I2P nodes have the same tunnel sets.
 {%- endtrans %}</p>
@@ -45,22 +38,21 @@ server - hopb1 - hopb2 - hopb3 - hopc1 - hopc2 - hopc3 - client
 </pre>
 
 <p>{% trans -%}
-As most traffic on I2P (www, torrent,...) needs ack packages until new data is sent, it needs to wait until a ack package returns from the server.
-In the end: send data, wait for ack, send more data, wait for ack,..
-As the RTT (RoundTripTime) adds up from the latency of each individual I2P node and each connection on this roundtrip, it takes usually 1-3 seconds until a ack package comes back to the client.
-With some internals of TCP and I2P transport, a data package has a limited size and cannot be as large as we want it to be.
-Together these conditions set a limit of max bandwidth per tunnel of 20-50 kbyte/sec.
-But if ONLY ONE hop in the tunnel has only 5 kb/sec bandwidth to spend, the whole tunnel is limited to 5 kb/sec, independent of the 
+Traffic on the network needs an ACK before new data is sent, it needs to wait until an ACK returns from a server: 
+send data, wait for ACK, send more data, wait for ACK.
+As the RTT (RoundTripTime) adds up from the latency of each individual I2P node and each connection on this roundtrip, it takes usually 1-3 seconds until an ACK comes back to the client.
+Because of TCP and I2P transport design, a data package has a limited size.
+Together these conditions set a limit max bandwidth per tunnel of 20-50 kbyte/sec.
+However, if ONLY ONE hop in the tunnel has only 5 kb/sec bandwidth to spend, the whole tunnel is limited to 5 kb/sec, independent of the 
 latency and other limitations.
 {%- endtrans %}</p>
 
 <p>{% trans -%}
-Due to encryption used and other setups in I2P (howto built up tunnels, latency, ...) it is quite expensive in CPU time to build a tunnel. This is 
-why a destination is only allowed to have a max of 6 IN and 6 OUT tunnels to transport data. With a max of 50 kb/sec per tunnel, a destination could 
+Encryption, latency, and how a tunnel is built makes it quite expensive in CPU time to build a tunnel. This is 
+why a destination is only allowed to have a maximum of 6 IN and 6 OUT tunnels to transport data. With a max of 50 kb/sec per tunnel, a destination could 
 use roughly 300 kb/sec traffic combined ( in reality it could be more if shorter tunnels are used with low or no anonymity available).
-Used tunnels are discarded every 10 minutes and new ones are built up.
-This change of tunnels (and sometimes clients that shutdown hard due to usage of "shut down at once" or situations where there is power loss) does 
-sometimes break tunnels and connections, as seen on the IRC2P Network in loss of connection (ping timeout) or on when using eepget.
+Used tunnels are discarded every 10 minutes and new ones are built.
+This change of tunnels, and sometimes clients that shutdown or lose their connection to the network will sometimes break tunnels and connections. An example of this can be seen on the IRC2P Network in loss of connection (ping timeout) or on when using eepget.
 {%- endtrans %}</p>
 
 <p>{% trans -%}
@@ -72,28 +64,27 @@ If one distributes these limited numbers across the number of I2P nodes, there i
 
 <p>{% trans -%}
 To remain anonymous one router should not be used by the whole network for building tunnels.
-If one router does act as a tunnel router for ALL I2P nodes, it becomes a very real central point of failure as well as a central point to grab IPs and data from the clients. This is not good.
-I2P attempts to spread the load across a lot of I2P nodes because of this reason.
+If one router does act as a tunnel router for ALL I2P nodes, it becomes a very real central point of failure as well as a central point to gather IPs and data from clients.
+This is why the network distributes traffic across nodes in the tunnel building process.
 {%- endtrans %}</p>
 
 <p>{% trans -%}
-Another point is the full mesh network. Each connection hop-hop utilizes one TCP or UDP connection on the I2P nodes. With 1000 connections, one sees 
-1000 TCP connections. That is quite a lot and some home and small office routers (DSL, cable,..) only allow a small number of connections (or just go mad if you use more than X connections).
-I2P tries to limit these connections to be under 1500 per UDP and per TCP type.
-This limits the amount of traffic routed across your I2P node as well.
+Another consideration for performance is the way I2P handles mesh networking. Each connection hop-hop utilizes one TCP or UDP connection on I2P nodes. With 1000 connections, one sees 
+1000 TCP connections. That is quite a lot, and some home and small office routers only allow a small number of connections.
+I2P tries to limit these connections to under 1500 per UDP and per TCP type.
+This limits the amount of traffic routed across an I2P node as well.
 {%- endtrans %}</p>
 
 <p>{% trans -%}
-In summary, I2P is very complex and there is no easy way to pinpoint why your node is not used.
-If your node is reachable and has a bandwidth setting of >128 kbyte/sec shared and is reachable 24/7, it should be used after some time for participating traffic.
-If it is down in between, the testing of your I2P node done by other nodes will tell them: you are not reachable. This blocks your node for at least 
-24h on other nodes. So, the other nodes which tested you as down will not use your node for 24h for building tunnels. This is why your traffic will 
-be lower after a restart/shutdown for a minimum of 24h.
+If a node is reachable, and has a bandwidth setting of >128 kbyte/sec shared and is reachable 24/7, it should be used after some time for participating traffic.
+If it is down in between, the testing of an I2P node done by other nodes will tell them it not reachable. This blocks a node for at least 
+24 hours on other nodes. So, the other nodes which tested that node as down will not use that node for 24 hours for building tunnels. This is why your traffic is
+ lower after a restart/shutdown of your I2P router for a minimum of 24 hours.
 {%- endtrans %}</p>
 
 <p>{% trans -%}
-Also: other I2P nodes needs to know your I2P router to test it for reachability and capacity. It takes time for other nodes to get known to your node. 
-It will be faster if you use I2P and build more tunnels, e.g. use a torrent or www for some time.
+Additionally, other I2P nodes need to know an I2P router to test it for reachability and capacity. 
+This process can be made faster when you interact with the network, for instance by using applications, or visiting I2P sites, which will result in more tunnel building and therefore more activity and reachability for testing by nodes on the network. 
 {%- endtrans %}</p>
 
 <h2>{{ _('Performance Improvements') }}</h2>

i2p2www/pages/site/about/restrictive-countries.html

@@ -1,5 +1,6 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('Strict Countries') }}{% endblock %}
+{% block lastupdated %}2024-07{% endblock %}
 {% block content %}
 <p>{% trans -%}This implementation of I2P (the Java implementation distributed on this site)
 includes a "Strict Countries List" which we use to decide how routers should behave 
@@ -16,14 +17,14 @@ guidance is to include countries with a Civil Liberties (CL) score of 16 or less
 Freedom score of 39 or less (not free).{%- endtrans %}</p>
 
 <h4>{% trans -%}Hidden Mode Summary{%- endtrans %}</h4>
-<p>{% trans -%}When a router is placed into hidden mode, three key things change about it's behavior.
+<p>{% trans -%}When a router is placed into hidden mode, three key things change about its behavior.
 It will no longer publish a routerInfo to the NetDB, it will no longer accept
 participating tunnels, and it will reject direct connections to routers in the same
 country that it is in. These defenses make the routers more difficult to enumerate
 reliably, and prevent them from running afoul of restrictions on routing traffic for
 others.{%- endtrans %}</p>
 
-<h4>{% trans -%}Strict Countries List as of 2020{%- endtrans %}</h4>
+<h4>{% trans -%}Strict Countries List as of 2024{%- endtrans %}</h4>
 <pre><code>
     /* Afghanistan */ "AF",
     /* Azerbaijan */ "AZ",

i2p2www/pages/site/about/software.html

@@ -3,14 +3,12 @@
 {% block content %}
 <h1>{{ _('The I2P Software') }} (I2P)</h1>      
 
-<p>{% trans %}When you install the I2P software made available at geti2p.net, you are 
-actually installing an I2P router and an accompanying bundle of basic 
-applications. The I2P Java distribution is the first I2P software gateway and 
-has been actively developed since 2003.{%- endtrans %}</p>
-<p>{% trans %}The applications are made available through a webUI, which listens at 
-127.0.0.1:7657, and the main page of which is called the “Router Console,” 
-where you monitor the health of your connection to the network and access 
-applications to use on the network.{%- endtrans %}</p>
+<p>{% trans %}The I2P Java distribution is the first I2P software gateway and 
+has been actively developed since 2003. It includes a router, applications, and the ability to manage and customize your own connection with the I2P network using a built in Hidden Services manager{%- endtrans %}</p>
+<p>{% trans %}Applications are made available through a webUI that listens at 
+127.0.0.1:7657. The main page is called the “Router Console,” 
+where network connection status is displayed and access 
+to applications is provided.{%- endtrans %}</p>
 <h3>{% trans %}What is included:{%- endtrans %}</h3>
 <p>{% trans %}<strong>The Set Up Wizard</strong>: When you download the 
 I2P software, a set up wizard will guide you through a few configuration steps 
@@ -18,8 +16,8 @@ while your router is making its first connections to the network. This happens
 the same way that your home router connects you to the Internet. During the set 
 up process, you will be given the option to test your bandwidth and set your 
 bandwidth limits in order to ensure a good connection as a network peer.{%- endtrans %}</p>
-<p>{% trans %}<strong>The I2P Router Console</strong>: Here is where you can see your 
-network connections and information about your router. You will be able to see how many peers you 
+<p>{% trans %}<strong>The I2P Router Console</strong>: Here is where you can see your router
+network connections. You will be able to see how many peers you 
 have, and other information that will help if you need to troubleshoot. You can 
 stop and start the router as well. You will see the applications that the 
 software includes, as well as links to some community forums and sites on the 
@@ -47,7 +45,7 @@ a camera. This is especially useful for Android devices.</p>
 adapter for forwarding services ( ie SSH ) into I2P and proxying client 
 requests to and from I2P. It provides a variety of “Tunnel Types” which are 
 able to do advance filtering of traffic before it reaches I2P.{%- endtrans %}</p>
-<h3>{% trans %}Applications Outside I2P to use with I2P{%- endtrans %}</h3>
+<h3>{% trans %}I2P Network Compatible Applications{%- endtrans %}</h3>
 <p>{% trans browser=site_url('about/browser-config') %}<strong><a href="{{ browser }}">Mozilla Firefox</a></strong>: A web browser with advanced privacy and 
 security features, this is the best browser to configure to browse I2P 
 sites.{%- endtrans %}</p>

i2p2www/pages/site/about/team.html

@@ -403,7 +403,7 @@ network.
 	<td valign="top" colspan="2">{% trans %}&hellip; and many others{% endtrans %}</td>
 </tr>
 <tr>
-	<td><a href="site_url(about/hall-of-fame)">Hall of Fame!</a></td>
+	<td>{% trans famehall=site_url('about/hall-of-fame') -%}<a href="{{ famehall }}">Hall of Fame!</a>{%- endtrans %}</td>
 </tr>
 </table>
 {% endblock %}

i2p2www/pages/site/contact.html

@@ -23,8 +23,9 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 <h2>{{ _('Forums') }}</h2>
 <p>{% trans -%}Please visit our I2P user forum - {%- endtrans %} <a href="http://{{ i2pconv('i2pforum.i2p') }}/">{{ i2pconv('i2pforum.i2p') }}</a> ({% trans -%}available on non-private internet at https://i2pforum.net and on I2P at http://i2pforum.i2p{%- endtrans %})</p>
 
-<p>{% trans zzz=i2pconv('zzz.i2p') -%}
-  Most of the discussion about I2P's development happens on the <a href="http://{{ zzz }}">I2P developer forum</a> (only reachable from within I2P network). This is usually the best place to start with inquiries, if the dev IRC channel is inactive.
+<p>{% trans zzz=i2pconv('i2pforum.i2p') -%}
+  The discussion about I2P's development happens on the <a href="http://{{ zzz }}">I2P user forum</a>. This is usually the best place to start with developer inquiries, if the dev IRC channel is inactive.
+  For general support use either the <a href="http://{{ zzz }}">I2P user forum</a> or the Subreddit.
 {%- endtrans %}</p>
 
 <h2>{{ _('Social Media') }}</h2>
@@ -33,7 +34,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 <ul>
   <li><a href="https://mastodon.social/@i2p">Mastodon - https://mastodon.social/@i2p</a></li>
   <li><a href="https://twitter.com/GetI2P">Twitter - https://twitter.com/GetI2P</a></li>
-  <li><a href="https://old.reddit.com/i2p">Reddit - https://old.reddit.com/i2p</a></li>
+  <li><a href="https://old.reddit.com/r/i2p">Reddit - https://old.reddit.com/r/i2p</a></li>
 </ul>
 {%- endtrans %}</p>
 
@@ -81,19 +82,14 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 <table border="0">
 <tr>
 	<td valign="top" rowspan="31"><b>{{ _('Admin') }}</b></td>
-	<td valign="top"><b>{{ _('Project Manager') }}</b></td>
-	<td valign="top">zzz</td>
-	<td valign="top"><i>{{ _('point of contact of last resort') }}</i></td>
+	<td valign="top"><b>{{ _('I2P Java Release Manager') }}</b></td>
+	<td valign="top">idk</td>
+	<td valign="top"><i>{{ _('Builds and signs the releases') }}</i></td>
 </tr>
 <tr>
-	<td valign="top"><b>{{ _('Donations treasurer') }}</b></td>
-	<td valign="top">meeh</td>
-	<td valign="top"><i>{{ _('manage donations') }}</i></td>
-</tr>
-<tr>
-	<td valign="top"><b>{{ _('PR manager') }}</b></td>
+	<td valign="top"><b>{{ _('Outreach') }}</b></td>
 	<td valign="top">Sadie</td>
-	<td valign="top"><i>{{ _('press contact, manages public relations and affairs') }}</i></td>
+	<td valign="top"><i>{{ _('Coordinator with community, NGOs and human rights groups. Meeting facilitator, Digital Security training and Press') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Assistant PR manager') }}</b></td>
@@ -103,11 +99,11 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 <tr>
     <td valign="top"><b>{% trans forum=i2pconv('i2pforum.i2p') %}<a href="http://{{ forum }}/">Forum</a> admin{% endtrans %}</b></td>
 	<td valign="top">eche|on</td>
-	<td valign="top"><i>{{ _('manage the public user forum') }}</i></td>
+	<td valign="top"><i>{{ _('I2P public forum maintainer') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Download mirrors admin') }}</b></td>
-	<td valign="top">idk, Meeh</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('manage the mirrors for the download files') }}</i></td>
 </tr>
 <tr>
@@ -122,73 +118,58 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Packager; Linux') }}</b></td>
-	<td valign="top">zzz</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('Linux (Debian/Ubuntu) distribution packager') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Packager; Windows') }}</b></td>
-	<td valign="top">zzz</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('Windows installer packager') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Packager; OSX') }}</b></td>
-	<td valign="top">Meeh</td>
+	<td valign="top">echelon</td>
 	<td valign="top"><i>{{ _('OSX installer packager') }}</i></td>
 </tr>
-<tr>
-	<td valign="top"><b>{{ _('Release Manager') }}</b></td>
-	<td valign="top">zzz</td>
-	<td valign="top"><i>{{ _('Builds and signs the releases') }}</i></td>
-</tr>
 <tr>
 	<td valign="top"><b>{{ _('Release Manager Alternates') }}</b></td>
-    <td valign="top">eche|on, str4d</td>
+    <td valign="top">eche|on</td>
 	<td valign="top"><i>{{ _('Backup release managers') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('CI admin') }}</b></td>
 	<td valign="top">idk</td>
-	<td valign="top"><i>{{ _('Maintain the Continuous Integration infrastructure') }}</i></td>
+	<td valign="top"><i>{{ _('Maintain Continuous Integration infrastructure') }}</i></td>
 </tr>
 <tr>
-	<td valign="top"><b>{{ _('Reseed admin') }}</b></td>
+	<td valign="top"><b>{{ _('Reseed Admin') }}</b></td>
 	<td valign="top">backup</td>
 	<td valign="top"><i>{{ _('Monitors, advises and recruits reseed hosts') }}</i></td>
 </tr>
-<tr>
-	<td valign="top"><b>{{ _('Security Researcher') }}</b></td>
-	<td valign="top" class="blue">[{{ _('vacant') }}]</td>
-	<td valign="top"><i>{{ _('threat model / crypto expert') }}</i></td>
-</tr>
 <tr>
 	<td valign="top"><b><a href="https://i2pgit.org/">Gitlab</a> admin</b></td>
 	<td valign="top">idk</td>
-	<td valign="top"><i>{{ _('Manage the project gitlab') }}</i></td>
+	<td valign="top"><i>{{ _('I2P Gitlab maintainer') }}</i></td>
 </tr>
 <tr>
-	<td valign="top"><b><a href="https://i2pgit.org/dashboard/issues">Issue Tracker(Replaces Trac)</a> admin</b></td>
-	<td valign="top">idk</td>
-	<td valign="top"><i>{{ _('Manage the project bug tracker') }}</i></td>
-</tr>
-<tr>
-	<td valign="top"><b><a href="https://trac.i2p2.de/">Trac</a>backup webserver admin</b></td>
-	<td valign="top">Meeh</td>
-	<td valign="top"><i>{{ _('manage the public project webservers') }}</i></td>
-</tr>
-<tr>
-    <td valign="top"><b>{{ _('Translation admins') }}</b></td>
-	<td valign="top">eche|on, zzz, idk, Sadie</td>
+    <td valign="top"><b>{{ _('Localization') }}</b></td>
+	<td valign="top">eche|on, idk, Sadie</td>
 	<td valign="top">Admins on <a href="https://www.transifex.com/projects/p/I2P/">Transifex</a></td>
 </tr>
 <tr>
-	<td valign="top"><b>{{ _('User Advocate') }}</b></td>
+    <td valign="top"><b>{{ _('Translators') }}</b></td>
+	<td valign="top">{{ _('many many people!') }}</td>
+	<td valign="top">Translators on <a href="https://www.transifex.com/projects/p/I2P/">Transifex</a></td>
+</tr>
+<tr>
+	<td valign="top"><b>{{ _('Usability Lead') }}</b></td>
 	<td valign="top">Sadie</td>
-	<td valign="top"><i>{{ _('gather, prioritize, advocate for user needs') }}</i></td>
+	<td valign="top"><i>{{ _('Usability research') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Product Development') }}</b></td>
 	<td valign="top">Sadie</td>
-	<td valign="top"><i>{{ _('supervises  projects from the early planning stages to project completion') }}</i></td>
+	<td valign="top"><i>{{ _('supervises projects from the early planning stages to project completion') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('Website Maintainer') }}</b></td>
@@ -198,12 +179,12 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 <tr>
 	<td valign="top"><b>{% trans website=site_url() %}<a href="{{ website }}">Webserver</a> admin{% endtrans %}</b></td>
 	<td valign="top">eche|on</td>
-	<td valign="top"><i>{{ _('manage the public project webservers') }}</i></td>
+	<td valign="top"><i>{{ _('manage public project webservers') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{% trans website=site_url() %}<a href="{{ website }}">Website</a> admin{% endtrans %}</b></td>
 	<td valign="top">idk</td>
-	<td valign="top"><i>{{ _('manage the public project website content') }}</i></td>
+	<td valign="top"><i>{{ _('manage the public project website') }}</i></td>
 </tr>
 <tr>
 	<td valign="top"><b>{{ _('News Admin') }}</b></td>
@@ -215,14 +196,9 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('manage the backup news feed') }}</i></td>
 </tr>
-<tr>
-	<td valign="top"><b>{{ _('Design and Usability') }}</b></td>
-	<td valign="top">Sadie, idk</td>
-	<td valign="top"><i>{{ _('ongoing improvements to user experience for website and software') }}</i></td>
-</tr>
 <tr>
 	<td valign="top"><b>Google Play admin</b></td>
-	<td valign="top">idk, meeh</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i></i></td>
 </tr>
 <tr>
@@ -232,34 +208,20 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
 	<td valign="top"><b>Outproxy admin</b></td>
-	<td valign="top">Meeh</td>
+	<td valign="top">StormyCloud</td>
 	<td valign="top"><i></i></td>
 </tr>
+</table>
+<table>
 <tr>
-	<!--<td valign="top"><b>{{ _('Director of passion') }}</b></td>
-	<td valign="top" class="blue">[{{ _('vacant') }}]</td>
-	<td valign="top"><i>{{ _('community motivator') }}</i></td>-->
-</tr>
-<tr><td colspan="4"><hr /></td></tr>
-<tr>
-	<td valign="top" rowspan="17"><b>{{ _('Dev') }}</b></td>
-	<td valign="top"><b>{{ _('Core Lead') }}</b></td>
-	<td valign="top">zzz</td>
-	<td valign="top"><i>{{ _('lead dev for the SDK and router') }}</i></td>
-</tr>
-<tr>
+	<td valign="top" rowspan="17"><b>{{ _('I2P Core Integration Mainatainers') }}</b></td>
     <td valign="top"><b>{% trans postman=i2pconv('hq.postman.i2p') %}<a href="http://{{ postman }}/">I2P mail</a> lead{% endtrans %}</b></td>
 	<td valign="top">postman</td>
 	<td valign="top"><i>{{ _('organize and develop the i2p mail system') }}</i></td>
 </tr>
-<tr>
-    <td valign="top"><b>{% trans bote=i2pconv('bote.i2p') %}<a href="http://{{ bote }}/">I2P-Bote</a> lead{% endtrans %}</b></td>
-	<td valign="top">str4d</td>
-	<td valign="top"><i>{{ _('I2P-Bote plugin') }}</i></td>
-</tr>
 <tr>
     <td valign="top"><b>{% trans forum=i2pconv('i2pforum.i2p') %}<a href="http://{{ forum }}/viewforum.php?f=12">I2PSnark</a> lead{% endtrans %}</b></td>
-	<td valign="top">zzz</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('Maintains the integrated Bittorrent client') }}</i></td>
 </tr>
 <tr>
@@ -269,7 +231,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
     <td valign="top"><b>{{ _('Susimail lead') }}</b></td>
-	<td valign="top">zzz</td>
+	<td valign="top">idk</td>
     <td valign="top"><i>{{ _('Susimail development') }}</i></td>
 </tr>
 <tr>
@@ -284,14 +246,9 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 </tr>
 <tr>
     <td valign="top"><b>{{ _('SAM') }}</b></td>
-	<td valign="top">zzz</td>
+	<td valign="top">idk</td>
     <td valign="top"><i>{{ _('SAM maintainer') }}</i></td>
 </tr>
-<tr>
-    <td valign="top"><b>{{ _('Translators') }}</b></td>
-	<td valign="top">{{ _('many many people!') }}</td>
-	<td valign="top">Translators on <a href="https://www.transifex.com/projects/p/I2P/">Transifex</a></td>
-</tr>
 <tr>
 <tr>
     <td valign="top" rowspan="6"><b>{{ _('Contributors') }}</b></td>
@@ -303,7 +260,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 	<td valign="top"><i>{{ _('desktopgui, dijjer port') }}</i></td>
 </tr>
 <tr>
-	<td valign="top">zzz</td>
+	<td valign="top">idk</td>
 	<td valign="top"><i>{{ _('Debian/Ubuntu Packager and PPA maintainer') }}</i></td>
 </tr>
 <tr>
@@ -315,12 +272,17 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 	<td valign="top" class="blue">[{{ _('vacant') }}]</td>
 	<td valign="top" class="blue"><i>{{ _('Help needed on many fronts!') }}</i></td>
 </tr>
-<tr><td colspan="4"><hr /></td></tr>
+</table>
+<table>
 <tr>
 	<td valign="top" rowspan="39" colspan="2"><b>{{ _('Past contributors') }}</b></td>
 	<td valign="top">mihi</td>
 	<td valign="top"><i>{{ _('I2PTunnel development, ministreaming library') }}</i></td>
 </tr>
+<tr>
+	<td valign="top">zzz</td>
+	<td valign="top"><i>{{ _('Project lead, Lead Developer, Lead Maintainer, Forum Administrator, many other roles') }}</i></td>
+</tr>
 <tr>
 	<td valign="top">jrandom</td>
 	<td valign="top"><i>{{ _('Project lead, Syndie lead') }}</i></td>
@@ -472,7 +434,7 @@ GPG Key fingerprint: <tt>EA27 06D6 14F5 28DB 764B  F47E CFCD C461 75E6 694A</tt>
 	<td valign="top" colspan="2">{% trans %}&hellip; and many others{% endtrans %}</td>
 </tr>
 <tr>
-	<td><a href="site_url(about/hall-of-fame)">Hall of Fame!</a></td>
+	<td>{% trans website=site_url('about/hall-of-fame') %}<a href="{{ website }}">Hall of Fame!</a>{% endtrans %}</td>
 </tr>
 </table>
 

i2p2www/pages/site/docs/api/bob.html

@@ -1,20 +1,29 @@
 {% extends "global/layout.html" %}
 {% block title %}{{ _('BOB - Basic Open Bridge') }}{% endblock %}
-{% block lastupdated %}2020-08{% endblock %}
+{% block lastupdated %}2025-05{% endblock %}
 {% block content %}
 <h2>Warning - Deprecated</h2>
 <p>Not for use by new applications.
-BOB supports the DSA-SHA1 signature type only.
+BOB, as specified here, supports the DSA-SHA1 signature type only.
 BOB will not be extended to support new signature types or other advanced features.
 New applications should use <a href="{{ site_url('docs/api/samv3') }}">SAM V3</a>.
+</p><p>
+BOB support was removed from Java I2P new installs as of release 1.7.0 (2022-02).
+It will still work in Java I2P originally installed as version 1.6.1 or earlier,
+even after updates, but it is unsupported and may break at any time.
+BOB is still supported by i2pd as of 2025-05, but applications
+should still migrate to SAMv3 for the reasons above.
+See <a href="https://i2pd.readthedocs.io/en/latest/devs/i2pd-specifics/">the i2pd documentation</a>
+for any extensions to the API documented here that are supported by i2pd.
 </p>
 
-<p>{% trans -%}
+<p>
 At this point, most of the good ideas from BOB have been incorporated into
-SAMv3, which has more features and more real-world use. BOB still works, but it
+SAMv3, which has more features and more real-world use. BOB may still work
+on some installations (see above), but it
 is not gaining the advanced features available to SAMv3 and is essentially
-unsupported at this time.
-{%- endtrans %}</p>
+unsupported, except by i2pd.
+</p>
 
 <h2>Language libraries for the BOB API</h2>
 <ul>

i2p2www/pages/site/docs/api/datagrams.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Datagrams{% endtrans %}{% endblock %}
-{% block lastupdated %}{% trans %}February 2019{% endtrans %}{% endblock %}
-{% block accuratefor %}0.9.39{% endblock %}
+{% block lastupdated %}2025-04{% endblock %}
+{% block accuratefor %}0.9.66{% endblock %}
 {% block content %}
 <h2>{% trans %}Datagram Overview{% endtrans %}</h2>
 <p>{% trans i2cp=site_url('docs/protocol/i2cp') -%}
@@ -35,30 +35,30 @@ the 'streamr' tunnel types, and udpTunnel classes.
 {%- endtrans %}</p>
 
 <h3>{% trans %}Datagram Length{% endtrans %}</h3>
-<p>{% trans -%}
+<p>
 The application designer should carefully consider the tradeoff of repliable vs. non-repliable
 datagrams. Also, the datagram size will affect reliability, due to tunnel fragmentation into 1KB
 tunnel messages. The more message fragments, the more likely that one of them will be dropped
 by an intermediate hop. Messages larger than a few KB are not recommended.
 Over about 10 KB, the delivery probablility drops dramatically.
-Messages over 16 KB cannot be delivered over NTCP, dropping delivery chances even more.
-{%- endtrans %}</p>
+</p>
+<a href="{{ site_url('docs/spec/datagrams') }}">{% trans -%}
+See the Datagrams Specification page.
+{%- endtrans %}</a>
 
-<p>{% trans elgamalaes=site_url('docs/how/elgamal-aes') -%}
-Also note that the various overheads added by lower layers, in particular asymmetric
-<a href="{{ elgamalaes }}">ElGamal/AES</a>, place a large burden on intermittent messages
+
+<p>
+Also note that the various overheads added by lower layers, in particular
+garlic messages, place a large burden on intermittent messages
 such as used by a Kademlia-over-UDP application. The implementations are currently tuned
-for frequent traffic using the streaming library. There are a high number
-of session tags delivered, and a short session tag lifetime, for example.
-There are currently no configuration parameters available within I2CP to tune
-the ElGamal Session Tag parameters.
-{%- endtrans %}</p>
+for frequent traffic using the streaming library.
+</p>
 
 <h3>{% trans %}I2CP Protocol Number and Ports{% endtrans %}</h3>
 <p>{% trans -%}
-The standard I2CP protocol number for datagrams is PROTO_DATAGRAM (17).
+The standard I2CP protocol number for signed (repliable) datagrams is PROTO_DATAGRAM (17).
 Applications may or may not choose to set the
-protocol in the I2CP header. It is not set by default.
+protocol in the I2CP header. The default is implementation-dependent.
 It must be set to demultiplex datagram and streaming traffic received on the same Destination.
 {%- endtrans %}</p>
 
@@ -75,7 +75,8 @@ There is no method within the datagram API to specify whether it is non-repliabl
 or repliable. The application should be designed to expect the appropriate type.
 The I2CP protocol number or port should be used by the application to
 indicate datagram type.
-The I2CP protocol numbers PROTO_DATAGRAM (signed) and PROTO_DATAGRAM_RAW are defined in the
+The I2CP protocol numbers PROTO_DATAGRAM (signed, also known as Datagram1), PROTO_DATAGRAM_RAW,
+PROTO_DATAGRAM2, and PROTO_DATAGRAM3 are defined in the
 <a href="{{ i2psession }}">I2PSession API</a>
 for this purpose. A common design pattern in client/server datagram applications is to
 use signed datagrams for a request which includes a nonce, and use a raw datagram
@@ -86,6 +87,10 @@ for the reply, returning the nonce from the request.
 PROTO_DATAGRAM = 17
 </li><li>
 PROTO_DATAGRAM_RAW = 18
+</li><li>
+PROTO_DATAGRAM2 = 19
+</li><li>
+PROTO_DATAGRAM3 = 20
 </li></ul>
 
 <p>{% trans i2psession='http://'+i2pconv('idk.i2p/javadoc-i2p')+'/net/i2p/client/I2PSession.html',
@@ -100,6 +105,7 @@ as implemented in
 <p>{% trans i2cp=site_url('docs/protocol/i2cp') -%}
 Data integrity is assured by the gzip CRC-32 checksum implemented in
 <a href="{{ i2cp }}#format">the I2CP layer</a>.
+Authenticated datagrams (Datagram1 and Datagram2) also ensure integrity.
 There is no checksum field in the datagram protocol.
 {%- endtrans %}</p>
 

i2p2www/pages/site/docs/api/i2pcontrol.html

@@ -81,7 +81,7 @@ Parameters are only provided in a named way (maps).
 		<li>Token &ndash; [String] {% trans %}Token used for authenticating the client. Is provided by the server via the 'Authenticate' RPC method.{% endtrans %}</li>
 	</ul>
 	<ul>{{ _('Response:') }}
-		<li>Result &ndash; [double] {% trans %}Returns the average value for the reuested rateStat and period.{% endtrans %}</li>
+		<li>Result &ndash; [double] {% trans %}Returns the average value for the requested rateStat and period.{% endtrans %}</li>
 	</ul>
 </ul>
 <ul>I2PControl &ndash; {% trans %}Manages I2PControl. Ports, passwords and the like.{% endtrans %}

i2p2www/pages/site/docs/api/i2ptunnel.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}I2PTunnel{% endblock %}
-{% block lastupdated %}January 2016{% endblock %}
-{% block accuratefor %}0.9.24{% endblock %}
+{% block lastupdated %}2023-10{% endblock %}
+{% block accuratefor %}0.9.59{% endblock %}
 {% block content %}
 
 <h2 id="overview">{% trans %}Overview{% endtrans %}</h2>
@@ -35,10 +35,9 @@ A HTTP proxy used for browsing I2P and the regular internet anonymously through
 Browsing internet through I2P uses a random proxy specified by the "Outproxies:" option.
 {%- endtrans %}</li>
 <li><b>Irc2P</b> - <i>localhost:6668</i> - {% trans %}An IRC tunnel to the default anonymous IRC network, Irc2P.{% endtrans %}</li>
-<li><b>mtn.i2p2.i2p</b> - <i>localhost:8998</i> - {% trans monotone='http://en.wikipedia.org/wiki/Monotone_%28software%29' -%}
-The anonymous <a href="{{ monotone }}">monotone</a>
-sourcecode repository for I2P
-{%- endtrans %}</li>
+<li><b>gitssh.idk.i2p</b> - <i>localhost:7670</i> -
+SSH access to the project Git repository
+</li>
 <li><b>smtp.postman.i2p</b> - <i>localhost:7659</i> - {% trans postman=i2pconv('hq.postman.i2p') -%}
 A SMTP service provided by postman at <a href="http://{{ postman }}/?page_id=16">{{ postman }}</a>
 {%- endtrans %}</li>
@@ -64,34 +63,167 @@ A HTTP-client tunnel. The tunnel connects to the destination specified by the UR
 in a HTTP request. Supports proxying onto internet if an outproxy is provided. Strips HTTP connections of the following headers:
 {%- endtrans %}</p>
 <ul>
-<li>{% trans -%}
-<b>Accept, Accept-Charset, Accept-Language
- and Accept-Ranges</b> as they vary greatly between browsers and can be used as an identifier.
-{%- endtrans %}</li>
+<li>
+<b>Accept*:</b> (not including "Accept" and "Accept-Encoding") as they vary greatly between browsers and can be used as an identifier.
+</li>
 <li><b>Referer:</b></li>
 <li><b>Via:</b></li>
 <li><b>From:</b></li>
 </ul>
 
 <p>
-The i2ptunnel compression is requested with the HTTP header:
+The HTTP client proxy provides a number of services to protect the user
+and to provide a better user experience.
+</p>
+
+<ul><li>Request header processing:
+<ul><li>Strip privacy-problematic headers
+<li>Routing to local or remote outproxy
+<li>Outproxy selection, caching, and reachability tracking
+<li>Hostname to destination lookups
+<li>Host header replacement to b32
+<li>Add header to indicate support for transparent decompression
+<li>Force connection: close
+<li>RFC-compliant proxy support
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Optional digest and basic username/password authentication
+<li>Optional outproxy digest and basic username/password authentication
+<li>Buffering of all headers before passing through for efficiency
+<li>Jump server links
+<li>Jump response processing and forms (address helper)
+<li>Blinded b32 processing and credential forms
+<li>Supports standard HTTP and HTTPS (CONNECT) requests
+</ul>
+
+<li>Response header processing:
+<ul><li>Check for whether to decompress response
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>HTTP error responses:
+<ul><li>For many common and not-so-common errors, so the user knows what happened
+<li>Over 20 unique translated, styled, and formatted error pages for various errors
+<li>Internal web server to serve forms, CSS, images, and errors
+</ul>
+</ul>
+
+
+
+<h4>Transparent Response Compression</h4>
+<p>
+The i2ptunnel response compression is requested with the HTTP header:
 </p>
 <ul>
 <li><b>X-Accept-Encoding: </b> x-i2p-gzip;q=1.0, identity;q=0.5, deflate;q=0, gzip;q=0, *;q=0</li>
 </ul>
+<p>
+The server side strips this hop-by-hop header before sending the request to the web server.
+The elaborate header with all the q values is not necessary;
+servers should just look for "x-i2p-gzip" anywhere in the header.
+</p>
 
 <p>
-The response indicating i2ptunnel compression contains the following HTTP header:
+The server side determines whether to compress the response based on
+the headers received from the webserver, including
+Content-Type, Content-Length, and Content-Encoding,
+to assess if the response is compressible and is worth the additional CPU required.
+If the server side compresses the response, it adds the following HTTP header:
 </p>
 <ul>
 <li><b>Content-Encoding: </b> x-i2p-gzip</li>
 </ul>
+<p>
+If this header is present in the response,
+the HTTP client proxy transparently decompresses it.
+The client side strips this header and gunzips before sending the response to the browser.
+Note that we still have the underlying gzip compression at the I2CP layer,
+which is still effective if the response is not compressed at the HTTP layer.
+</p>
 
+<p>
+This design and the current implementation violate RFC 2616 in several ways:
+</p>
+
+
+<ul><li>
+X-Accept-Encoding is not a standard header
+</li><li>
+Does not dechunk/chunk per-hop; it passes through chunking end-to-end
+</li><li>
+Passes Transfer-Encoding header through end-to-end
+</li><li>
+Uses Content-Encoding, not Transfer-Encoding, to specify the per-hop encoding
+</li><li>
+Prohibits x-i2p gzipping when Content-Encoding is set (but we probably don't want to do that anyway)
+</li><li>
+The server side gzips the server-sent chunking, rather than doing dechunk-gzip-rechunk and dechunk-gunzip-rechunk
+</li><li>
+The gzipped content is not chunked afterwards.
+RFC 2616 requires that all Transfer-Encoding other than "identity" is chunked.
+</li><li>
+Because there is no chunking outside (after) the gzip,
+it is more difficult to find the end of the data, making any implementation of keepalive harder.
+</li><li>
+RFC 2616 says Content-Length must not be sent if Transfer-Encoding is present,
+but we do. The spec says ignore Content-Length if Transfer-Encoding is present,
+which the browsers do, so it works for us.
+</li></ul>
+
+<p>
+Changes to implement a standards-compliant hop-by-hop compression in a backward-compatible
+manner are a topic for further study.
+Any change to dechunk-gzip-rechunk would require a new encoding type, perhaps
+x-i2p-gzchunked.
+This would be identical to Transfer-Encoding: gzip, but would have to be
+signalled differently for compatibility reasons.
+Any change would require a formal proposal.
+</p>
+
+
+<h4>Transparent Request Compression</h4>
+<p>
+Not supported, although POST would benefit.
+Note that we still have the underlying gzip compression at the I2CP layer.
+</p>
+
+
+<h4>Persistence</h4>
+<p>
+The client and server proxies do not currently support RFC 2616 HTTP persistent sockets
+on any of the three hops (browser socket, I2P socket, server socket).
+Connection: close headers are injected at every hop.
+Changes to implement a persistence are under investigation.
+These changes should be standards-complaint and backwards-compatible,
+and would not require a formal proposal.
+</p>
+
+
+<h4>Pipelining</h4>
+<p>
+The client and server proxies do not currently support RFC 2616 HTTP pipelining
+and there are no plans to do so.
+Modern browswers do not support pipelining through proxies because
+most proxies cannot implement it correctly.
+</p>
+
+
+<h4>Compatibility</h4>
+<p>
+Proxy implementations must work correctly with other implementations
+on the other side. Client proxies should work without a
+HTTP-aware server proxy (i.e. a standard tunnel) on the server side.
+Not all implementations support x-i2p-gzip.
+</p>
+
+
+<h4>User Agent</h4>
 <p>{% trans -%}
 Depending on if the tunnel is using an outproxy or not it will append the following User-Agent: 
 {%- endtrans %}</p>
 <ul>
-<li><i>{% trans %}Outproxy:{% endtrans %} </i><b>User-Agent:</b> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6</li>
+<li><i>{% trans %}Outproxy:{% endtrans %} </i><b>User-Agent:</b> Uses the user agent from a recent Firefox release on Windows</li>
 <li><i>{% trans %}Internal I2P use:{% endtrans %} </i><b>User-Agent:</b> MYOB/6.66 (AN/ON)</li>
 </ul>
 </p>
@@ -101,8 +233,8 @@ Depending on if the tunnel is using an outproxy or not it will append the follow
 Creates a connection to a random IRC server specified by the comma seprated (", ") 
 list of destinations. Only a whitelisted subset of IRC commands are allowed due to anonymity concerns.
 {%- endtrans %}
-The following whitelist is for commands inbound from the IRC server to the IRC client.
-<br>{% trans %}Whitelist:{% endtrans %}</p>
+The following allow list is for commands inbound from the IRC server to the IRC client.
+<br>Allow list:</p>
 <ul>
 <li>AUTHENTICATE</li>
 <li>CAP</li>
@@ -121,7 +253,7 @@ The following whitelist is for commands inbound from the IRC server to the IRC c
 </ul>
 
 <p>
-There is also a whitelist is for commands outbound from the IRC client to the IRC server.
+There is also an allow list is for commands outbound from the IRC client to the IRC server.
 It is quite large due to the number of IRC administrative commands.
 See the IRCFilter.java source for details.
 The outbound filter also modifies the following commands to strip identifying information:
@@ -173,7 +305,51 @@ Creates a destination to a local HTTP server ip:port. Supports gzip for requests
 Accept-encoding: x-i2p-gzip, replies with Content-encoding: x-i2p-gzip in such a request.
 {%- endtrans %}</p>
 
+<p>
+The HTTP server proxy provides a number of services to make hosting a website easier and more secure,
+and to provide a better user experience on the client side.
+</p>
+
+<ul><li>Request header processing:
+<ul><li>Header validation
+<li>Header spoof protection
+<li>Header size checks
+<li>Optional inproxy and user-agent rejection
+<li>Add X-I2P headers so the webserver knows where the request came from
+<li>Host header replacement to make webserver vhosts easier
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>DDoS protection:
+<ul><li>POST throttling
+<li>Timeouts and slowloris protection
+<li>Additional throttling happens in streaming for all tunnel types
+</ul>
+
+<li>Response header processing:
+<ul><li>Stripping of some privacy-problematic headers
+<li>Mime type and other headers check for whether to compress response
+<li>Force connection: close
+<li>RFC-compliant hop-by-hop header processing and stripping
+<li>Buffering of all headers before passing through for efficiency
+</ul>
+
+<li>HTTP error responses:
+<ul><li>For many common and not-so-common errors and on throttling, so the client-side user knows what happened
+</ul>
+
+<li>Transparent response compression:
+<ul><li>The web server and/or the I2CP layer may compress, but the web server often does not,
+and it's most efficient to compress at a high layer, even if I2CP also compresses.
+The HTTP server proxy works cooperatively with the client-side proxy to transparently compress responses.
+</ul>
+</ul>
+
+
 <h3 id="server-mode-http-bidir">HTTP Bidirectional</h3>
+<p><i>Deprecated</i></p>
 <p>{% trans -%}
 Functions as both a I2PTunnel HTTP Server, and a I2PTunnel HTTP client with no outproxying
 capabilities. An example application would be a web application that does client-type

i2p2www/pages/site/docs/api/sam.html

@@ -1,8 +1,9 @@
 {% extends "global/layout.html" %}
 {% block title %}SAM V1 Specification{% endblock %}
-{% block lastupdated %}May 2015{% endblock %}
+{% block lastupdated %}2025-03{% endblock %}
 {% block accuratefor %}0.9.20{% endblock %}
 {% block content %}
+<h2>Warning - Deprecated - Unsupported - Use <a href="samv3.html">SAMv3</a></h2>
 <p>Specified below is version 1 of a simple client protocol for interacting with
 I2P.
 Newer alternatives:

i2p2www/pages/site/docs/api/samv2.html

@@ -1,9 +1,10 @@
 {% extends "global/layout.html" %}
 {% block title %}SAM V2 Specification{% endblock %}
-{% block lastupdated %}May 2015{% endblock %}
+{% block lastupdated %}2025-03{% endblock %}
 {% block accuratefor %}0.9.20{% endblock %}
 {% block content %}
-<p>Specified below is a simple client protocol for interacting with I2P.
+<h2>Warning - Deprecated - Unsupported - Use <a href="samv3.html">SAMv3</a></h2>
+<p>Specified below is version 2 of a simple client protocol for interacting with I2P.
 </p>
 <p>
 SAM V2 was introduced in I2P release 0.6.1.31.

i2p2www/pages/site/docs/api/samv3.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}SAM V3{% endblock %}
-{% block lastupdated %}2022-06{% endblock %}
-{% block accuratefor %}1.8.0{% endblock %}
+{% block lastupdated %}2025-04{% endblock %}
+{% block accuratefor %}API 0.9.66{% endblock %}
 {% block content %}
 <p>SAM is a simple client protocol for interacting with I2P.
 SAM is the recommended protocol for non-Java applications to connect to the I2P network,
@@ -12,6 +12,7 @@ Java applications should use the streaming or I2CP APIs directly.
 was introduced in I2P release 0.7.3 (May 2009) and is a stable and supported interface.
 3.1 is also stable and supports the signature type option, which is strongly recommended.
 More recent 3.x versions support advanced features.
+Note that i2pd does not currently support most 3.2 and 3.3 features.
 </p><p>
 Alternatives:
 <a href="socks">SOCKS</a>,
@@ -24,6 +25,11 @@ Deprecated versions:
 </p>
 
 <h2>Known SAM libraries</h2>
+<p>
+Warning: Some of these may be very old or unsupported.
+None are tested, reviewed, or maintained by the I2P project unless noted below.
+Do your own research.
+</p>
 <table class="unwrapped-table">
 <colgroup>
 <col style="width: 8%" />
@@ -71,9 +77,18 @@ Deprecated versions:
 <td>yes</td>
 <td>yes</td>
 <td>yes</td>
-<td><a href="https://bitbucket.org/eyedeekay/sam3">bitbucket.org/eyedeekay/sam3</a></td>
+<td><a href="https://github.com/eyedeekay/sam3">github.com/eyedeekay/sam3</a></td>
 </tr>
 <tr class="even">
+<td>onramp</td>
+<td>Go</td>
+<td>3.3</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td><a href="https://github.com/eyedeekay/onramp">github.com/eyedeekay/onramp</a></td>
+</tr>
+<tr class="odd">
 <td>txi2p</td>
 <td>Python</td>
 <td>3.1</td>
@@ -82,7 +97,7 @@ Deprecated versions:
 <td>no</td>
 <td><a href="https://github.com/str4d/txi2p">github.com/str4d/txi2p</a></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>i2p.socket</td>
 <td>Python</td>
 <td>3.2</td>
@@ -91,16 +106,34 @@ Deprecated versions:
 <td>yes</td>
 <td><a href="https://github.com/majestrate/i2p.socket">github.com/majestrate/i2p.socket</a></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>i2plib</td>
 <td>Python</td>
 <td>3.1</td>
 <td>yes</td>
-<td>yes</td>
-<td>yes</td>
+<td>no</td>
+<td>no</td>
 <td><a href="https://github.com/l-n-s/i2plib">github.com/l-n-s/i2plib</a></td>
 </tr>
 <tr class="odd">
+<td>i2plib-fork</td>
+<td>Python</td>
+<td>3.1</td>
+<td>yes</td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://codeberg.org/weko/i2plib-fork">codeberg.org/weko/i2plib-fork</a></td>
+</tr>
+<tr class="even">
+<td>Py2p</td>
+<td>Python</td>
+<td>3.3</td>
+<td>yes</td>
+<td>yes</td>
+<td>yes</td>
+<td><a href="https://i2pgit.org/robin/Py2p">i2pgit.org/robin/Py2p</a></td>
+</tr>
+<tr class="odd">
 <td>i2p-rs</td>
 <td>Rust</td>
 <td>3.1</td>
@@ -125,7 +158,7 @@ Deprecated versions:
 <td>yes</td>
 <td>yes</td>
 <td>yes</td>
-<td><a href="https://notabug.org/l-n-s/mooni2p">notabug.org/l-n-s/mooni2p</a></td>
+<td><a href="https://notabug.org/villain/mooni2p">notabug.org/villain/mooni2p</a></td>
 </tr>
 <tr class="even">
 <td>haskell-network-anonymous-i2p</td>
@@ -143,7 +176,7 @@ Deprecated versions:
 <td>yes</td>
 <td>no</td>
 <td>yes</td>
-<td><a href="https://codeberg.org/diva.exchange/i2p-sam">https://codeberg.org/diva.exchange/i2p-sam</a></td>
+<td><a href="https://codeberg.org/diva.exchange/i2p-sam">codeberg.org/diva.exchange/i2p-sam</a></td>
 </tr>
 <tr class="even">
 <td>node-i2p</td>
@@ -164,6 +197,15 @@ Deprecated versions:
 <td><a href="https://github.com/eyedeekay/Jsam">github.com/eyedeekay/Jsam</a></td>
 </tr>
 <tr class="even">
+<td>I2PSharp</td>
+<td>.Net</td>
+<td>3.3</td>
+<td>yes</td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://github.com/MohA39/I2PSharp">github.com/MohA39/I2PSharp</a></td>
+</tr>
+<tr class="odd">
 <td>i2pdotnet</td>
 <td>.Net</td>
 <td>3.0</td>
@@ -172,7 +214,7 @@ Deprecated versions:
 <td>unk</td>
 <td><a href="https://github.com/SamuelFisher/i2pdotnet">github.com/SamuelFisher/i2pdotnet</a></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td>i2p.rb</td>
 <td>Ruby</td>
 <td>3.0</td>
@@ -181,7 +223,7 @@ Deprecated versions:
 <td>no</td>
 <td><a href="https://github.com/dryruby/i2p.rb">github.com/dryruby/i2p.rb</a></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td>solitude</td>
 <td>Rust</td>
 <td>3.1</td>
@@ -190,14 +232,23 @@ Deprecated versions:
 <td>WIP</td>
 <td><a href="https://github.com/syvita/solitude">github.com/syvita/solitude</a></td>
 </tr>
-<tr class="odd">
-<td>i2pSAM-Qt</td>
+<tr class="even">
+<td>Samty</td>
 <td>C++</td>
 <td>3.1</td>
 <td>yes</td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://notabug.org/acetone/samty">notabug.org/acetone/samty</a></td>
+</tr>
+<tr class="odd">
+<td>bitcoin</td>
+<td>C++</td>
+<td>3.1</td>
 <td>yes</td>
-<td>yes</td>
-<td><a href="https://notabug.org/acetone/i2pSAM-Qt">notabug.org/acetone/i2pSAM-Qt</a></td>
+<td>no</td>
+<td>no</td>
+<td><a href="https://github.com/bitcoin/bitcoin/blob/master/src/i2p.cpp">source (not a library, but good reference code)</a></td>
 </tr>
 </tbody>
 </table>
@@ -210,13 +261,65 @@ To implement a basic TCP-only, peer-to-peer application, the client must support
 <li> HELLO VERSION MIN=3.1 MAX=3.1 <br> Needed for all of the remaining ones
 <li> DEST GENERATE SIGNATURE_TYPE=7 <br> To generate our private key and destination
 <li> NAMING LOOKUP NAME=... <br> To convert .i2p addresses to destinations
-<li> SESSION CREATE STYLE=STREAM ID=... DESTINATION=... <br> Needed for STREAM CONNECT and STREAM ACCEPT
+<li> SESSION CREATE STYLE=STREAM ID=... DESTINATION=... i2cp.leaseSetEncType=4,0<br> Needed for STREAM CONNECT and STREAM ACCEPT
 <li> STREAM CONNECT ID=... DESTINATION=... <br> To make outgoing connections
 <li> STREAM ACCEPT ID=... <br> To accept incoming connections
 </ul>
 
 
 
+<h2>General Guidance for Developers</h2>
+<h3>Application Design</h3>
+<p>
+SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
+Most applications will only need one session, created at startup and closed on exit.
+I2P is different from Tor, where circuits may be rapidly created and discarded.
+Think carefully and consult with I2P developers before designing your application
+to use more than one or two simultaneous sessions, or to rapidly create and discard them.
+Most threat models will not require a unique session for every connection.
+</p><p>
+Also, please ensure your application settings
+(and guidance to users about router settings, or router defaults if you bundle a router)
+will result in your users contributing more resources to the network than they consume.
+I2P is a peer-to-peer network, and the network cannot survive if a popular application
+drives the network into permanent congestion.
+</p>
+<h3>Compatibility and Testing</h3>
+<p>
+The Java I2P and i2pd router implementations are independent and have minor differences
+in behavior, feature support, and defaults.
+Please test your application with the latest version of both routers.
+</p><p>
+i2pd SAM is enabled by default; Java I2P SAM is not.
+Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
+and/or provide a good error message to the user if the initial connect fails,
+e.g. "ensure that I2P is running and the SAM interface is enabled".
+</p><p>
+The Java I2P and i2pd routers have different defaults for tunnel quantities.
+The Java default is 2 and the i2pd default is 5.
+For most low- to medium-bandwidth and low- to medium-connection counts,
+2 or 3 is sufficient.
+Please specify the tunnel quantity in the SESSION CREATE message
+to get consistent performance with the Java I2P and i2pd routers.
+See below.
+</p><p>
+For more guidance to developers on ensuring your application uses only the resources it needs, please see
+<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
+</p>
+<h3>Signature and Encryption Types</h3>
+<p>
+I2P supports multiple signature and encryption types.
+For backward compatibility, SAM defaults to old and inefficient types, so all clients should
+specify newer types.
+</p><p>
+The signature type is specified in the DEST GENERATE and SESSION CREATE (for transient) commands.
+All clients should set SIGNATURE_TYPE=7 (Ed25519).
+</p><p>
+The encryption type is specified in the SESSION CREATE command.
+Multiple encryption types are allowed.
+Clients should set either i2cp.leaseSetEncType=4 (for ECIES-X25519 only)
+or i2cp.leaseSetEncType=4,0 (for ECIES-X25519 and ElGamal, if compatibility is required).
+</p>
 
 
 <h2>Version 3 Changes</h2>
@@ -239,9 +342,10 @@ can forward back I2P datagrams to the client's datagram server.
 
 <h3>Version 3.1 Changes</h3>
 <p>
-Version 3.1 was introduced in I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
+Version 3.1 was introduced in Java I2P release 0.9.14 (July 2014). SAM 3.1 is the recommended
 minimum SAM implementation because of its support for better signature types
 than SAM 3.0.
+i2pd also supports most 3.1 features.
 <ul>
 <li>DEST GENERATE and SESSION CREATE now support a SIGNATURE_TYPE parameter.
 <li>The MIN and MAX parameters in HELLO VERSION are now optional.
@@ -252,7 +356,8 @@ than SAM 3.0.
 
 <h3>Version 3.2 Changes</h3>
 <p>
-Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
+Version 3.2 was introduced in Java I2P release 0.9.24 (January 2016).
+Note that i2pd does not currently support most 3.2 features.
 </p>
 
 <h4>I2CP Port and Protocol Support</h4>
@@ -300,7 +405,8 @@ Version 3.2 was introduced in I2P release 0.9.24 (January 2016).
 
 <h3>Version 3.3 Changes</h3>
 <p>
-Version 3.3 was introduced in I2P release 0.9.25 (March 2016).
+Version 3.3 was introduced in Java I2P release 0.9.25 (March 2016).
+Note that i2pd does not currently support most 3.3 features.
 <ul>
 <li>The same session may be used for streams, datagrams, and raw simultaneously.
     Incoming packets and streams will be routed based on I2P protocol and to-port.
@@ -327,14 +433,18 @@ As of SAM 3.2, optional authentication user/password parameters are supported in
 and may be required by the bridge.
 
 </p><p>
-I2P communications can take three distinct forms:
+I2P communications can take several distinct forms:
 <ul><li>
 <a href="{{ site_url('docs/api/streaming') }}">Virtual streams</a>
-</lil><li>
-<a href="{{ site_url('docs/spec/datagrams') }}#repliable">Repliable datagrams</a> (messages with a FROM field)
-</lil><li>
+</li><li>
+<a href="{{ site_url('docs/spec/datagrams') }}#repliable">Repliable and authenticated datagrams</a> (messages with a FROM field)
+</li><li>
 <a href="{{ site_url('docs/spec/datagrams') }}#raw">Anonymous datagrams</a> (raw anonymous messages)
-</lil></ul>
+</li><li>
+<a href="{{ site_url('docs/spec/datagrams') }}#datagram2">Datagram2</a> (a new repliable and authenticated format)
+</li><li>
+<a href="{{ site_url('docs/spec/datagrams') }}#datagram3">Datagram3</a> (a new repliable but unauthenticated format)
+</li></ul>
 </p><p>
 I2P communications are supported by I2P sessions, and each I2P
 session is bound to an address (called destination). An I2P session
@@ -377,7 +487,7 @@ COMMAND without a SUBCOMMAND is supported for some new commands in SAM 3.2 only.
 </p><p>
 Key=value pairs must be separated by
 a single space. (As of SAM 3.2, multiple spaces are allowed)
-Values may be enclosed in double quotes if they contain spaces,
+Values must be enclosed in double quotes if they contain spaces,
 e.g. key="long value text".
 (Prior to SAM 3.2, this did not work reliably in some implementations)
 </p><p>
@@ -433,7 +543,7 @@ If the SAM bridge cannot find a suitable version, it replies with:
 </pre>
 If some error occurred, such as a bad request format, it replies with:
 <pre>
-&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
+&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 </p>
 
@@ -462,13 +572,13 @@ Clients should promptly send the HELLO and the next command after connecting.
 </p><p>
 If a timeout occurs before the HELLO is received, the bridge replies with:
 <pre>
-&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE=$message
+&lt;- HELLO REPLY RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 and then disconnects.
 </p><p>
 If a timeout occurs after the HELLO is received but before the next command, the bridge replies with:
 <pre>
-&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
+&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 and then disconnects.
 </p>
@@ -488,9 +598,45 @@ For PROTOCOL, which may be specified only for RAW, the valid range is 0-255, and
 For SESSION commands, the specified ports and protocol are the defaults for that session.
 For individual streams or datagrams, the specified ports and protocol override the session defaults.
 For received streams or datagrams, the indicated ports and protocol are as received from <a href="{{ site_url('docs/protocol/i2cp') }}">I2CP</a>.
-</p><p>
+</p>
+
+<h4>Important Differences from Standard IP</h4>
+I2CP ports are for I2P sockets and datagrams. They are unrelated to your local sockets connecting to SAM.
+
+<ul><li>
+Port 0 is valid and has special meaning.
+</li><li>
+Ports 1-1023 are not special or privileged.
+</li><li>
+Servers listen on port 0 by default, which means "all ports".
+</li><li>
+Clients send to port 0 by default, which means "any port".
+</li><li>
+Clients send from port 0 by default, which means "unspecified".
+</li><li>
+Servers may have a service listening on port 0 and other services listening on higher ports.
+If so, the port 0 service is the default, and will be connected to if the incoming
+socket or datagram port does not match another service.
+</li><li>
+Most I2P destinations only have one service running on them, so you may use the defaults, and ignore I2CP port configuration.
+</li><li>
+SAM 3.2 or 3.3 is required to specify I2CP ports.
+</li><li>
+If you don't need I2CP ports, you don't need SAM 3.2 or 3.3; 3.1 is sufficient.
+</li><li>
+Protocol 0 is valid and means "any protocol". This is not recommended, and probably will not work.
+</li><li>
+I2P sockets are tracked by an internal connection ID.
+Therefore, there is no requirement that the 5-tuple of dest:port:dest:port:protocol be unique.
+For example, there may be multiple sockets with the same ports between two destinations.
+Clients do not need to pick a "free port" for an outbound connection.
+</li></ul>
+
+<p>
+If you are designing a SAM 3.3 application with multiple subsessions, think carefully
+about how to use ports and protocols effectively.
 See the <a href="{{ site_url('docs/protocol/i2cp') }}">I2CP</a> specification for more information.
-</p><p>
+</p>
 
 
 
@@ -503,6 +649,9 @@ and the session terminates when the socket is disconnected.
 </p><p>
 Each registered I2P Destination is uniquely associated with a session ID
 (or nickname).
+Session IDs, including subsession IDs for PRIMARY sessions, must be globally unique
+on the SAM server. To prevent possible ID collisions with other clients,
+best practice is for the client to generate IDs randomly.
 
 </p><p>
 Each session is uniquely associated with:
@@ -520,16 +669,18 @@ received through other forms are answered with an error message) :
 
 <pre>
 -&gt;  SESSION CREATE
-          STYLE={STREAM,DATAGRAM,RAW}
+          STYLE={STREAM,DATAGRAM,RAW,DATAGRAM2,DATAGRAM3}   # See below for DATAGRAM2/3
           ID=$nickname
           DESTINATION={$privkey,TRANSIENT}
           [SIGNATURE_TYPE=value]               # SAM 3.1 or higher only, for DESTINATION=TRANSIENT only, default DSA_SHA1
-          [PORT=$port]                         # Required for DATAGRAM and RAW, invalid for STREAM
-          [HOST=$host]                         # Optional for DATAGRAM and RAW, invalid for STREAM
+          [PORT=$port]                         # Required for DATAGRAM* RAW, invalid for STREAM
+          [HOST=$host]                         # Optional for DATAGRAM* and RAW, invalid for STREAM
           [FROM_PORT=nnn]                      # SAM 3.2 or higher only, default 0
           [TO_PORT=nnn]                        # SAM 3.2 or higher only, default 0
           [PROTOCOL=nnn]                       # SAM 3.2 or higher only, for STYLE=RAW only, default 18
           [HEADER={true,false}]                # SAM 3.2 or higher only, for STYLE=RAW only, default false
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, DATAGRAM*/RAW only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, DATAGRAM*/RAW only, default 7655
           [option=value]*                      # I2CP and streaming options
 </pre>
 
@@ -543,9 +694,12 @@ optionally followed by the <a href="{{ site_url('docs/spec/common-structures') }
 which is 663 or more bytes in binary and 884 or more bytes in base 64,
 depending on signature type.
 The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
+See additional notes about the
+<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>
+in the Destination Key Generation section below.
 
 </p><p>
-If the signing private key is all zeros, the
+If the signing private key is all zeros,
 the <a href="{{ site_url('docs/spec/common-structures') }}#struct_OfflineSignature">Offline Signature</a> section follows.
 Offline signatures are only supported for STREAM and RAW sessions.
 Offline signatures may not be created with DESTINATION=TRANSIENT.
@@ -570,7 +724,8 @@ As of version 3.1 (I2P 0.9.14), if the destination is TRANSIENT, an optional par
 SIGNATURE_TYPE is supported. The SIGNATURE_TYPE value may be any name
 (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
 supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
-The default is DSA_SHA1.
+The default is DSA_SHA1, which is NOT what you want.
+For most applications, please specify SIGNATURE_TYPE=7.
 
 </p><p>
 $nickname is the choice of the client. No whitespace is allowed.
@@ -578,7 +733,17 @@ $nickname is the choice of the client. No whitespace is allowed.
 </p><p>
 Additional options given are passed to the I2P session
 configuration if not interpreted by the SAM bridge (e.g.
-outbound.length=0). These options <a href="#options">are documented below</a>.
+outbound.length=0).
+</p><p>
+The Java I2P and i2pd routers have different defaults for tunnel quantities.
+The Java default is 2 and the i2pd default is 5.
+For most low- to medium-bandwidth and low- to medium-connection counts,
+2 or 3 is sufficient.
+Please specify the tunnel quantities in the SESSION CREATE message
+to get consistent performance with the Java I2P and i2pd routers,
+using the options e.g. inbound.quantity=3 outbound.quantity=3.
+These and other options <a href="#options">are documented in the links below</a>.
+</p><p>
 
 </p><p>
 The SAM bridge itself should already be configured with what router
@@ -634,18 +799,25 @@ If the destination is not a valid private destination key:
 </p><p>
 If some other error has occurred:
 <pre>
-&lt;-  SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
+&lt;-  SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 
 </p><p>
 If it's not OK, the MESSAGE should contain human-readable information
 as to why the session could not be created.
 
+</p><p>
+Note that the router builds tunnels before responding with SESSION STATUS.
+This could take several seconds, or, at router startup or during severe network congestion,
+a minute or more.
+If unsuccessful, the router will not respond with a failure message for several minutes.
+Do not set a short timeout waiting for the response.
+Do not abandon the session while tunnel build is in progress and retry.
 
 </p><p>
 SAM sessions live and die with the socket they are associated with.
 When the socket is closed, the session dies, and all communications
-using the session die at the same time. And the other way round, when
+using the session die at the same time. And the other way around, when
 the session dies for any reason, the SAM bridge closes the socket.
 </p>
 
@@ -698,7 +870,7 @@ depending on signature type.
 <b>NOTE:</b>
 Since about 2014 (SAM v3.1), Java I2P has also supported hostnames and b32 addresses for the $destination, but this was previously undocumented.
 Hostnames and b32 addresses are now officially supported by Java I2P as of release 0.9.48.
-The i2pd router will support hostnames and b32 addresses as of release 2.38.0 (0.9.50).
+The i2pd router supports hostnames and b32 addresses as of release 2.38.0 (0.9.50).
 For both routers, "b32" support includes support extended "b33" addresses for blinded destinations.
 </p>
 
@@ -740,6 +912,11 @@ peer. If the connection was not possible (timeout, etc),
 RESULT will contain the appropriate error value (accompanied by an
 optional human-readable MESSAGE), and the SAM bridge closes the
 socket.
+
+</p><p>
+The router stream connect timeout internally is approximately one minute, implementation-dependent.
+Do not set a shorter timeout waiting for the response.
+
 </p>
 
 <h3>SAM Virtual Streams : ACCEPT</h3>
@@ -770,6 +947,8 @@ ACCEPT is not allowed while there is an active FORWARD on the session.
 As of SAM 3.2,
 multiple concurrent pending STREAM ACCEPTs are allowed on the same session ID (even with the same port).
 Prior to 3.2, concurrent accepts would fail with ALREADY_ACCEPTING.
+Note: Java I2P also supports concurrent ACCEPTs on SAM 3.1, as of release 0.9.24 (2016-01).
+i2pd also supports concurrent ACCEPTs on SAM 3.1, as of release 2.50.0 (2023-12).
 </p>
 
 <h4>Accept Response</h4>
@@ -831,6 +1010,26 @@ passing through the current socket is forwarded from and to the connected
 I2P destination peer, until one of the peer closes the socket.
 </p>
 
+<h4>Errors After OK</h4>
+<p>
+In rare cases, the SAM bridge may encounter an error after sending RESULT=OK,
+but before a connection comes in and sending the $destination line to the client.
+These errors may include router shutdown, router restart, and session close.
+In these cases, when SILENT=false, the SAM bridge may, but is not required to
+(implementation-dependent), send the line:
+
+<pre>
+&lt;-  STREAM STATUS
+         RESULT=I2P_ERROR
+         [MESSAGE=...]
+</pre>
+
+before immediately closing the socket. This line is not, of course, decodable as a
+valid Base 64 destination.
+</p>
+
+
+
 <h3>SAM Virtual Streams : FORWARD</h3>
 <p>
 A client can use a regular socket server and wait for connection requests
@@ -937,15 +1136,19 @@ SAMv3 provides mechanisms to send and receive datagrams over local datagram sock
 Some SAMv3 implementations also support the older v1/v2 way of sending/receiving
 datagrams over the SAM bridge socket. Both are documented below.
 </p><p>
-I2P supports two types of datagrams:
+I2P supports four types of datagrams:
 </p>
 <ul><li>
-"Repliable" datagrams are prefixed with the destination of the sender,
+Repliable and authenticated datagrams are prefixed with the destination of the sender,
 and contain the signature of the sender, so the receiver
 may verify that the sender's destination was not spoofed,
 and may reply to the datagram.
+The new Datagram2 format is also repliable and authenticated.
 </li><li>
-"Raw" datagrams do not contain the destination of the sender or a signature.
+The new Datagram3 format is repliable but not authenticated.
+The sender information is unverified.
+</li><li>
+Raw datagrams do not contain the destination of the sender or a signature.
 </li></ul>
 <p>
 Default I2CP ports are defined for both repliable and raw datagrams.
@@ -981,7 +1184,7 @@ Reliability is inversely proportional to message size, perhaps even exponentiall
 
 </p><p>
 After establishing a SAM session with STYLE=DATAGRAM or STYLE=RAW, the client can
-send repliable or raw datagrams through SAM's UDP port (7655).
+send repliable or raw datagrams through SAM's UDP port (7655 by default).
 
 </p><p>
 The first line of a datagram sent through this port must be in the
@@ -1052,7 +1255,7 @@ message:
 
 <pre>
 &lt;-  DATAGRAM RECEIVED
-           DESTINATION=$destination
+           DESTINATION=$destination           # See notes below for Datagram3 format
            SIZE=$numBytes
            FROM_PORT=nnn                      # SAM 3.2 or higher only
            TO_PORT=nnn                        # SAM 3.2 or higher only
@@ -1080,7 +1283,7 @@ CREATE command with PORT and HOST options:
 
 <pre>
 -&gt; SESSION CREATE
-          STYLE={DATAGRAM,RAW}
+          STYLE={DATAGRAM,RAW,DATAGRAM2,DATAGRAM3}   # See below for DATAGRAM2/3
           ID=$nickname
           DESTINATION={$privkey,TRANSIENT}
           PORT=$port
@@ -1088,6 +1291,8 @@ CREATE command with PORT and HOST options:
           [FROM_PORT=nnn]                      # SAM 3.2 or higher only, default 0
           [TO_PORT=nnn]                        # SAM 3.2 or higher only, default 0
           [PROTOCOL=nnn]                       # SAM 3.2 or higher only, for STYLE=RAW only, default 18
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, default 7655
           [option=value]*                      # I2CP options
 </pre>
 
@@ -1101,8 +1306,9 @@ CREATE command with PORT and HOST options:
    The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
 
 </p><p>
-Offline signatures are only supported for RAW datagrams.
-See the SESSION CREATE section above for details.
+Offline signatures are supported for RAW, DATAGRAM2, and DATAGRAM3 datagrams,
+but not for DATAGRAM.
+See the SESSION CREATE section above and the DATAGRAM2/3 section below for details.
 
 </p><p>
  $host is the hostname or IP address of the datagram server to
@@ -1121,12 +1327,13 @@ configuration if not interpreted by the SAM bridge (e.g.
 outbound.length=0). These options <a href="#options">are documented below</a>.
 
 </p><p>
-Forwarded repliable datagrams are always prefixed with the destination.
+Forwarded repliable datagrams are always prefixed with the base64 destination,
+except for Datagram3, see below.
 When a repliable datagram arrives, the bridge sends to the specified host:port
 a UDP packet containing the following data:
 
 <pre>
-    $destination
+    $destination                       # See notes below for Datagram3 format
     FROM_PORT=nnn                      # SAM 3.2 or higher only
     TO_PORT=nnn                        # SAM 3.2 or higher only
     \n
@@ -1222,6 +1429,54 @@ the forwarded raw datagram will be prepended with a header line as follows:
 For an alternate method of sending anonymous datagrams, see <a href="#dgsend">RAW SEND</a>.
 </p>
 
+<h4>Datagram 2/3</h4>
+
+<p>
+Datagram 2/3 are new formats specified in early 2025.
+No known implementations currently exist.
+Check implementation documentation for current status.
+See <a href="{{ site_url('docs/spec/datagrams') }}">the specification</a> for more information.
+
+</p><p>
+There are no current plans to increase the SAM version to indicate Datagram 2/3 support.
+This may be problematic as implementations may wish to support Datagram 2/3
+but not SAM v3.3 features.
+Any version change is TBD.
+
+</p><p>
+Both Datagram2 and Datagram3 are repliable. Only Datagram2 is authenticated.
+
+</p><p>
+Datagram2 is identical to repliable datagrams from a SAM perspective..
+Both are authenticated.
+Only the I2CP format and signature are different, but this is not visible
+to SAM clients.
+Datagram2 also supports offline signatures, so it may be used
+by offline-signed destinations.
+
+</p><p>
+The intention is for Datagram2 to replace Repliable datagrams
+for new applications that do not require backward-compatibility.
+Datagram2 provides replay protection that is not present for Repliable datagrams.
+If backward-compatibility is required, an application may support
+both Datagram2 and Repliable may be supported on the same
+session with SAM 3.3 PRIMARY sessions.
+
+</p><p>
+Datagram3 is repliable but not authenticated.
+The 'from' field in the I2CP format is a hash, not a destination.
+The $destination as sent from the SAM server to the client
+will be a 44-byte base64 hash.
+To convert it to a full destination for reply,
+base64-decode it to 32 bytes binary, then base32-encode it to 52 characters
+and append ".b32.i2p" for a NAMING LOOKUP.
+As usual, clients should maintain their own cache to avoid repeated NAMING LOOKUPs.
+
+</p><p>
+Application designers should use extreme caution and consider the security implications
+of unauthenticated datagrams.
+
+</p>
 
 <h4>V3 Datagram MTU Considerations</h4>
 <p>
@@ -1268,6 +1523,10 @@ These commands do <i>not</i> support the ID parameter. The datagrams are
 sent to the most recently created DATAGRAM- or RAW-style session,
 as appropriate. Support for the ID parameter may be added in a future release.
 
+</p><p>
+DATAGRAM2 and DATAGRAM3 formats are <i>not</i> supported
+in the V1/V2 compatible way.
+
 
 <h3 id="primary">SAM PRIMARY Sessions (V3.3 and higher)</h3>
 
@@ -1275,6 +1534,12 @@ as appropriate. Support for the ID parameter may be added in a future release.
 Version 3.3 was introduced in I2P release 0.9.25.
 </i></p>
 
+<p><i>
+In an earlier version of this specification, PRIMARY sessions were known as
+MASTER sessions. In both <code>i2pd</code> and <code>I2P+</code>, they are still
+known only as MASTER sessions.
+</i></p>
+
 <p>
 SAM v3.3 adds support for running streaming, datagrams, and raw subsessions on the same
 primary session, and for running multiple subsessions of the same style.
@@ -1304,6 +1569,8 @@ for DHT communication.
           STYLE=PRIMARY                        # prior to 0.9.47, use STYLE=MASTER
           ID=$nickname
           DESTINATION={$privkey,TRANSIENT}
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, default 7655
           [option=value]*                      # I2CP and streaming options
 </pre>
 
@@ -1336,10 +1603,10 @@ Using the same control socket on which the PRIMARY session was created:
 
 <pre>
 -&gt;  SESSION ADD
-          STYLE={STREAM,DATAGRAM,RAW}
+          STYLE={STREAM,DATAGRAM,RAW,DATAGRAM2,DATAGRAM3}   # See above for DATAGRAM2/3
           ID=$nickname                         # must be unique
-          [PORT=$port]                         # Required for DATAGRAM and RAW, invalid for STREAM
-          [HOST=$host]                         # Optional for DATAGRAM and RAW, invalid for STREAM
+          [PORT=$port]                         # Required for DATAGRAM* and RAW, invalid for STREAM
+          [HOST=$host]                         # Optional for DATAGRAM* and RAW, invalid for STREAM
           [FROM_PORT=nnn]                      # For outbound traffic, default 0
           [TO_PORT=nnn]                        # For outbound traffic, default 0
           [PROTOCOL=nnn]                       # For outbound traffic for STYLE=RAW only, default 18
@@ -1348,6 +1615,8 @@ Using the same control socket on which the PRIMARY session was created:
           [LISTEN_PROTOCOL=nnn]                # For inbound traffic for STYLE=RAW only.
                                                # Default is the PROTOCOL value; 6 (streaming) is disallowed
           [HEADER={true,false}]                # For STYLE=RAW only, default false
+          [sam.udp.host=hostname]              # Datagram bind host, Java I2P only, DATAGRAM*/RAW only, default 127.0.0.1
+          [sam.udp.port=nnn]                   # Datagram bind port, Java I2P only, DATAGRAM*/RAW only, default 7655
           [option=value]*                      # I2CP and streaming options
 </pre>
 
@@ -1424,6 +1693,7 @@ bridge for name resolution:
 <pre>
  NAMING LOOKUP
         NAME=$name
+        [OPTIONS=true]     # Default false, as of router API 0.9.66
 </pre>
 
 </p><p>
@@ -1434,7 +1704,8 @@ which is answered by
         RESULT=$result
         NAME=$name
         [VALUE=$destination]
-        [MESSAGE=$message]
+        [MESSAGE="$message"]
+        [OPTION:optionkey="$optionvalue"]   # As of router API 0.9.66
 </pre>
 
 
@@ -1466,6 +1737,35 @@ However, in some implementations, a .b32.i2p lookup which is uncached and requir
 a network query may fail, as no client tunnels are available for the lookup.
 </p>
 
+<h4>Name Lookup Options</h4>
+<p>
+NAMING LOOKUP is extended as of router API 0.9.66 to support service lookups.
+Support may vary by implementation.
+See proposal 167 for additional information.
+
+</p><p>
+NAMING LOOKUP NAME=example.i2p OPTIONS=true requests the options mapping in the reply.
+NAME may be a full base64 destination when OPTIONS=true.
+
+</p><p>
+If the destination lookup was successful and options were present in the leaseset,
+then in the reply, following the destination,
+will be one or more options in the form of OPTION:key=value.
+Each option will have a separate OPTION: prefix.
+All options from the leaseset will be included, not just service record options.
+For example, options for parameters defined in the future may be present.
+Example:
+
+</p><p>
+NAMING REPLY RESULT=OK NAME=example.i2p VALUE=base64dest OPTION:_smtp._tcp="1 86400 0 0 25 bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.b32.i2p"
+
+</p><p>
+Keys containing '=', and keys or values containing a newline,
+are considered invalid and the key/value pair will be removed from the reply.
+If there are no options found in the leaseset, or if the leaseset was version 1,
+then the response will not include any options.
+If OPTIONS=true was in the lookup, and the leaseset is not found, a new result value LEASESET_NOT_FOUND will be returned.
+</p>
 
 <h4>Destination Key Generation</h4>
 </p><p>
@@ -1490,7 +1790,8 @@ which is answered by
 As of version 3.1 (I2P 0.9.14), an optional parameter SIGNATURE_TYPE is supported.
 The SIGNATURE_TYPE value may be any name (e.g. ECDSA_SHA256_P256, case insensitive) or number (e.g. 1)
 that is supported by <a href="{{ site_url('docs/spec/common-structures') }}#type_Certificate">Key Certificates</a>.
-The default is DSA_SHA1.
+The default is DSA_SHA1, which is NOT what you want.
+For most applications, please specify SIGNATURE_TYPE=7.
 
 </p><p>
 The $destination is the base 64 of the <a href="{{ site_url('docs/spec/common-structures') }}#type_Destination">Destination</a>,
@@ -1505,6 +1806,22 @@ which is 884 or more base 64 characters (663 or more bytes in binary),
 depending on signature type.
 The binary format is specified in <a href="http://{{ i2pconv('idk.i2p/javadoc-i2p') }}/net/i2p/data/PrivateKeyFile.html">Private Key File</a>.
 
+</p><p>
+Notes about the 256-byte binary
+<a href="{{ site_url('docs/spec/common-structures') }}#type_PrivateKey">Private Key</a>:
+This field has been unused since version 0.6 (2005).
+SAM implementations may send random data or all zeros in this field;
+do not be alarmed about a string of AAAA in the base 64.
+Most applications will simply store the base 64 string and return it as-is in the SESSION CREATE, or
+decode to binary for storage, then encode again for SESSION CREATE.
+Applications may, however, decode the base 64, parse the binary following
+the PrivateKeyFile specification, discard the 256-byte private key portion,
+and then replace it with 256 bytes of random data or all zeros when re-encoding it for the SESSION CREATE.
+ALL other fields in the PrivateKeyFile specification must be preserved.
+This would save 256 bytes of file system storage but is probably not worth the trouble for most applications.
+See proposal 161 for addtional information and background.
+
+
 </p><p>
 DEST GENERATE does not require that a session has been created first.
 </p>
@@ -1530,7 +1847,7 @@ Either side may close the session and socket if no response is received in a rea
 </p><p>
 If a timeout occurs waiting for a PONG from the client, the bridge may send:
 <pre>
-&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE=$message
+&lt;- SESSION STATUS RESULT=I2P_ERROR MESSAGE="$message"
 </pre>
 and then disconnect.
 </p><p>
@@ -1606,16 +1923,33 @@ their meaning:
  KEY_NOT_FOUND   The naming system can't resolve the given name
  PEER_NOT_FOUND  The peer cannot be found on the network
  TIMEOUT         Timeout while waiting for an event (e.g. peer answer)
+ LEASESET_NOT_FOUND  See Name Lookup Options above. As of router API 0.9.66.
 </pre>
 
+<p>
+Different implementations may not be consistent in which RESULT is returned
+in various scenarios.
+
+<p>
+Most responses with a RESULT, other than OK, will also include a MESSAGE with additional information.
+The MESSAGE will generally be helpful in debugging problems.
+However, MESSAGE strings are implementation-dependent,
+may or may not be translated by the SAM server to the current locale,
+may contain internal implementation-specific information such as exceptions,
+and are subject to change without notice.
+While SAM clients may choose to expose MESSAGE strings to users,
+they should not make programmatic decisions based on those strings,
+as that will be fragile.
+
+
 
 <h3 id="options">Tunnel, I2CP, and Streaming Options</h3>
 <p>
-These options may be passed in as name=value pairs at the end of a
+These options may be passed in as name=value pairs in the
 SAM SESSION CREATE line.
 
 </p><p>
-All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths</a>.
+All sessions may include <a href="{{ site_url('docs/protocol/i2cp') }}#options">I2CP options such as tunnel lengths and quantities</a>.
 STREAM sessions may include <a href="{{ site_url('docs/api/streaming') }}#options">Streaming library options</a>.
 </p><p>
 See those references for option names and defaults.
@@ -1640,11 +1974,13 @@ The default SAM port is 7656. SAM is not enabled by default in the Java I2P Rout
 it must be started manually, or configured to start automatically,
 on the configure clients page in the router console, or in the clients.config file.
 The default SAM UDP port is 7655, listening on 127.0.0.1.
-These may be changed by adding the arguments sam.udp.port=nnnnn and/or
-sam.udp.host=w.x.y.z to the invocation.
+These may be changed in the Java router by adding the arguments sam.udp.port=nnnnn and/or
+sam.udp.host=w.x.y.z to the invocation, or on the SESSION line.
 
 </p><p>
 Configuration in other routers is implementation-specific.
+See <a href="https://i2pd.readthedocs.io/en/latest/user-guide/configuration/">the i2pd configuration guide here</a>.
+
 
 </p>
 {% endblock %}

i2p2www/pages/site/docs/api/streaming.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Streaming Protocol{% endtrans %}{% endblock %}
-{% block lastupdated %}2022-04{% endblock %}
-{% block accuratefor %}0.9.53{% endblock %}
+{% block lastupdated %}2024-09{% endblock %}
+{% block accuratefor %}0.9.64{% endblock %}
 {% block content %}
 <h2>{% trans %}Overview{% endtrans %}</h2>
 
@@ -330,10 +330,9 @@ As of release {{ release }}.
 
 <tr><td>i2p.streaming.maxWindowSize</td><td>128</td></tr>
 
-<tr><td>i2p.streaming.profile</td><td>1 (bulk)</td><td>{% trans -%}
-(2=interactive not supported)
-This doesn't currently do anything, but setting it to a value other than 1 will cause an error.
-{%- endtrans %}</td></tr>
+<tr><td>i2p.streaming.profile</td><td>1 (bulk)</td><td>
+1=bulk; 2=interactive; see important notes <a href="#profile">below</a>.
+</td></tr>
 
 <tr><td>i2p.streaming.readTimeout</td><td>-1</td><td>{% trans -%}
 How long to block on read, in milliseconds. Negative means indefinitely.
@@ -534,6 +533,29 @@ Streaming may be configured to disable sending pongs with the configuration i2p.
 {%- endtrans %}</p>
 
 
+
+<h3 id="profile">i2p.streaming.profile Notes</h3>
+<p>
+This option supports two values; 1=bulk and 2=interactive.
+The option provides a hint to the streaming library and/or router as to
+the traffic pattern that is expected.
+</p><p>
+"Bulk" means to optimize for high bandwidth, possibly at the expense of latency.
+This is the default.
+"Interactive" means to optimize for low latency, possibly at the expense of bandwidth or efficiency.
+Optimization strategies, if any, are implementation-dependent, and may include changes
+outside of the streaming protocol.
+</p><p>
+Through API version 0.9.63, Java I2P would return an error for any value other than 1 (bulk) and the tunnel would fail to start.
+As of API 0.9.64, Java I2P ignores the value.
+Through API version 0.9.63, i2pd ignored this option; it is implemented in i2pd as of API 0.9.64.
+</p><p>
+While the streaming protocol includes a flag field to pass the profile setting to the
+other end, this is not implemented in any known router.
+</p>
+
+
+
 <h3 id="sharing">{% trans %}Control Block Sharing{% endtrans %}</h3>
 <p>{% trans -%}
 The streaming lib supports "TCP" Control Block sharing.

i2p2www/pages/site/docs/applications/bittorrent.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Bittorrent over I2P{% endtrans %}{% endblock %}
-{% block lastupdated %}2022-01{% endblock %}
-{% block accuratefor %}0.9.52{% endblock %}
+{% block lastupdated %}2024-11{% endblock %}
+{% block accuratefor %}0.9.64{% endblock %}
 {% block content %}
 
 <p>{% trans -%}
@@ -23,6 +23,73 @@ We welcome additional ports of client and tracker software to I2P.
 
 
 
+<h2>General Guidance for Developers</h2>
+<p>
+Most non-Java bittorrent clients will connect to I2P via <a href="{{ site_url('docs/api/samv3') }}">SAMv3</a>.
+SAM sessions (or inside I2P, tunnel pools or sets of tunnels) are designed to be long-lived.
+Most bittorrent clients will only need one session, created at startup and closed on exit.
+I2P is different from Tor, where circuits may be rapidly created and discarded.
+Think carefully and consult with I2P developers before designing your application
+to use more than one or two simultaneous sessions, or to rapidly create and discard them.
+Bittorrent clients must not create a unique session for every connection.
+Design your client to use the same session for announces and client connections.
+</p><p>
+Also, please ensure your client settings
+(and guidance to users about router settings, or router defaults if you bundle a router)
+will result in your users contributing more resources to the network than they consume.
+I2P is a peer-to-peer network, and the network cannot survive if a popular application
+drives the network into permanent congestion.
+</p><p>
+Do not provide support for bittorrent through an I2P outproxy to the clearnet
+as it will probably be blocked. Consult with outproxy operators for guidance.
+</p><p>
+The Java I2P and i2pd router implementations are independent and have minor differences
+in behavior, feature support, and defaults.
+Please test your application with the latest version of both routers.
+</p><p>
+i2pd SAM is enabled by default; Java I2P SAM is not.
+Provide instructions to your users on how to enable SAM in Java I2P (via /configclients in the router console),
+and/or provide a good error message to the user if the initial connect fails,
+e.g. "ensure that I2P is running and the SAM interface is enabled".
+</p><p>
+The Java I2P and i2pd routers have different defaults for tunnel quantities.
+The Java default is 2 and the i2pd default is 5.
+For most low- to medium-bandwidth and low- to medium-connection counts, 3 is sufficient.
+Please specify the tunnel quantity in the SESSION CREATE message
+to get consistent performance with the Java I2P and i2pd routers.
+</p><p>
+I2P supports multiple signature and encryption types.
+For compatibility, I2P defaults to old and inefficient types, so all clients should
+specify newer types.
+</p><p>
+If using SAM, the signature type is specified in the DEST GENERATE and SESSION CREATE (for transient) commands.
+All clients should set SIGNATURE_TYPE=7 (Ed25519).
+</p><p>
+The encryption type is specified in the SAM SESSION CREATE command or in i2cp options.
+Multiple encryption types are allowed.
+Some trackers support ECIES-X25519, some support ElGamal, and some support both.
+Clients should set i2cp.leaseSetEncType=4,0 (for ECIES-X25519 and ElGamal)
+so that they may connect to both.
+</p><p>
+DHT support requires SAM v3.3 PRIMARY and SUBSESSIONS for TCP and UDP over the same session.
+This will require substantial development effort on the client side, unless the client is written in Java.
+i2pd does not currently support SAM v3.3.
+libtorrent does not currently support SAM v3.3.
+</p><p>
+Without DHT support, you may wish to automatically announce to
+a configurable list of known open trackers so that magnet links will work.
+Consult with I2P users for information on currently-up open trackers and keep your defaults up-to-date.
+Supporting the i2p_pex extension will also help alleviate the lack of DHT support.
+</p><p>
+For more guidance to developers on ensuring your application uses only the resources it needs, please see
+the <a href="{{ site_url('docs/api/samv3') }}">SAMv3 specification</a> and
+<a href="{{ site_url('docs/applications/embedding') }}">our guide to bundling I2P with your application</a>.
+Contact I2P or i2pd developers for further assistance.
+</p>
+
+
+
+
 <h2>{% trans %}Announces{% endtrans %}</h2>
 <p>{% trans -%}
 Clients generally include a fake port=6881 parameter in the announce, for compatibility with older trackers.
@@ -54,7 +121,10 @@ the tracker should probably decode and reject bad Base64 when announced.
 The default response type is non-compact. Clients may request a compact response with
 the parameter compact=1. A tracker may, but is not required to, return
 a compact response when requested.
-{%- endtrans %}</p>
+{%- endtrans %}
+Note: All popular trackers now support compact responses and at least one requires compact=1 in the announce.
+All clients should request and support compact responses.
+</p>
 
 <p>{% trans -%}
 Developers of new I2P clients

i2p2www/pages/site/docs/applications/embedding.html

@@ -1,14 +1,16 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Embedding I2P in your Application{% endtrans %}{% endblock %}
-{% block lastupdated %}2019-11{% endblock %}
-{% block accuratefor %}0.9.44{% endblock %}
+{% block lastupdated %}2023-01{% endblock %}
+{% block accuratefor %}2.1.0{% endblock %}
 {% block content %}
 
 <h2>{% trans %}Overview{% endtrans %}</h2>
 <p>{% trans -%}
 This page is about bundling the entire I2P router binary with your application.
 It is not about writing an application to work with I2P (either bundled or external).
-{%- endtrans %}</p>
+{%- endtrans %}
+However, many of the guidelines may be useful even if not bundling a router.
+</p>
 
 <p>{% trans -%}
 Lots of projects are bundling, or talking about bundling, I2P. That's great if done right.
@@ -17,8 +19,10 @@ The I2P router is complex, and it can be a challenge to hide all the complexity
 This page discusses some general guidelines.
 {%- endtrans %}</p>
 
-
-
+<p>
+Most of these guidelines apply equally to Java I2P or i2pd.
+However, some guidelines are specific to Java I2P and are noted below.
+</p>
 
 <h3>{% trans %}Talk to us{% endtrans %}</h3>
 <p>{% trans -%}
@@ -41,6 +45,7 @@ Some of the following only applies to the Java router.
 Ensure you meet the license requirements of the software you are bundling.
 {%- endtrans %}</p>
 
+<h2>Configuration</h2>
 
 <h3>{% trans %}Verify default configuration{% endtrans %}</h3>
 <p>{% trans -%}
@@ -92,7 +97,20 @@ If you do this and your application gets hugely popular, it could break the netw
 You must save the router's data (netdb, configuration, etc.) between runs of the router.
 I2P does not work well if you must reseed each startup, and that's a huge load on our reseed servers, and not very good for anonymity either.
 Even if you bundle router infos, I2P needs saved profile data for best performance.
+Without persistence, your users will have a poor startup experience.
 {%- endtrans %}</p>
+<p>
+There are two possibilities if you cannot provide persistence.
+Either of these eliminates your project's load on our reseed servers and will significantly improve startup time.
+</p><p>
+1) Set up your own project reseed server(s) that serve much more than the usual number
+of router infos in the reseed, say, several hundred. Configure the router to use only your servers.
+</p><p>
+2) Bundle one to two thousand router infos in your installer.
+</p><p>
+Also, delay or stagger your tunnel startup, to give the router a chance to integrate
+before building a lot of tunnels.
+</p>
 
 
 
@@ -125,8 +143,64 @@ Be aware of possible blocking by hostile governments.
 
 
 
+<h3>Use Shared Clients</h3>
+<p>
+Java I2P i2ptunnel supports shared clients, where clients may be configured to use a single pool.
+If you require multiple clients, and if consistent with your security goals,
+configure the clients to be shared.
+</p>
+
+
+
+<h3>Limit Tunnel Quantity</h3>
+<p>
+Specify tunnel quantity explicitly with the options <tt>inbound.quantity</tt> and <tt>outbound.quantity</tt>.
+The default in Java I2P is 2; the default in i2pd is higher.
+Specify in the SESSION CREATE line using SAM to get consistent settings with both routers.
+Two each in/out is sufficient for most low-to-medium bandwidth and low-to-medium fanout applications.
+Servers and high-fanout P2P applications may need more.
+See <a href="http://zzz.i2p/topics/1584">this forum post</a> for guidance on calculating requirements
+for high-traffic servers and applications.
+</p>
+
+
+
+
+<h3>Specify SAM SIGNATURE_TYPE</h3>
+<p>
+SAM defaults to DSA_SHA1 for destinations, which is not what you want.
+Ed25519 (type 7) is the correct selection.
+Add SIGNATURE_TYPE=7 to the DEST GENERATE command,
+or to the SESSION CREATE command for DESTINATION=TRANSIENT.
+</p>
+
+
+
+
+<h3>Limit SAM Sessions</h3>
+<p>
+Most applications will only need one SAM session.
+SAM provides the ability to quickly overwhelm the local router, or even the broader network,
+if a large number of sessions are created.
+If multiple sub-services can use a single session, set them up with
+a PRIMARY session and SUBSESSIONS (not currently supported on i2pd).
+A reasonable limit to sessions is 3 or 4 total, or maybe up to 10 for rare situations.
+If you do have multiple sessions, be sure to specify a low tunnel quantity for each, see above.
+</p><p>
+In almost no situation should you require a unique session per-connection.
+Without careful design, this could quickly DDoS the network.
+Carefully consider if your security goals require unique sessions.
+Please consult with the Java I2P or i2pd developers before implementing per-connection sessions.
+</p>
+
+
 
 <h3>{% trans %}Reduce Network Resource Usage{% endtrans %}</h3>
+<p>
+Note that these options are not currently supported on i2pd.
+These options are supported via I2CP and SAM (except delay-open, which is via i2ptunnel only).
+See the I2CP documentation (and, for delay-open, the i2ptunnel configuration documentation) for details.
+</p>
 <p>{% trans -%}
 Consider setting your application tunnels to delay-open, reduce-on-idle and/or close-on-idle.
 This is straightforward if using i2ptunnel but you'll have to implement some of it yourself if using I2CP directly.
@@ -134,6 +208,7 @@ See i2psnark for code that reduces tunnel count and then closes the tunnel, even
 {%- endtrans %}</p>
 
 
+<h2>Life Cycle</h2>
 
 <h3>{% trans %}Updatability{% endtrans %}</h3>
 <p>{% trans -%}
@@ -168,6 +243,8 @@ If your average uptime is less than an hour, I2P is probably the wrong solution.
 {%- endtrans %}</p>
 
 
+<h2>User Interface</h2>
+
 
 <h3>{% trans %}Show Status{% endtrans %}</h3>
 <p>{% trans -%}
@@ -196,6 +273,8 @@ it may be helpful to provide an option or a separate package to use an external
 {%- endtrans %}</p>
 
 
+<h2>Other Topics</h2>
+
 
 <h3>{% trans %}Use of other Common Services{% endtrans %}</h3>
 <p>{% trans -%}
@@ -207,6 +286,9 @@ and talk to the people who are running them to make sure it's ok.
 
 
 <h3>{% trans %}Time / NTP Issues{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P. i2pd does not include an SNTP client.
+</p>
 <p>{% trans -%}
 I2P includes an SNTP client. I2P requires correct time to operate.
 It will compensate for a skewed system clock but this may delay startup. You may disable I2P's SNTP queries,
@@ -216,6 +298,9 @@ but this isn't advised unless your application makes sure the system clock is co
 
 
 <h3>{% trans %}Choose What and How you Bundle{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 At a minimum you will need i2p.jar, router.jar, streaming.jar, and mstreaming.jar.
 You may omit the two streaming jars for a datagram-only app.
@@ -243,15 +328,18 @@ License requirements may require you to include the LICENSES.txt file and the li
 <li>{% trans -%}
 You may also wish to bundle a hosts.txt file.
 {%- endtrans %}</li>
-<li>{% trans -%}
-Be sure to specify a Java 7 bootclasspath if compiling with Java 8.
-{%- endtrans %}</li>
+<li>
+Be sure to specify a bootclasspath if you are compiling Java I2P for your release, rather than taking our binaries.
+</li>
 </ul>
 </p>
 
 
 
 <h3>{% trans %}Android considerations{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 Our Android router app may be shared by multiple clients.
 If it is not installed, the user will be prompted when he starts a client app.
@@ -269,6 +357,9 @@ If you require assistance, please contact us.
 
 
 <h3>{% trans %}Maven jars{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 We have a limited number of our jars on <a href="http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22net.i2p%22">Maven Central</a>.
 There are numerous trac tickets for us to address that will improve and expand the released jars on Maven Central.
@@ -293,6 +384,15 @@ Build your own. If you are hardcoding seed nodes, we recommend that you have sev
 
 
 
+<h3>Outproxies</h3>
+<p>
+I2P outproxies to the clearnet are a limited resource.
+Use outproxies only for normal user-initiated web browsing or other limited traffic.
+For any other usage, consult with and get approval from the outproxy operator.
+</p>
+
+
+
 <h3>{% trans %}Comarketing{% endtrans %}</h3>
 <p>{% trans -%}
 Let's work together. Don't wait until it's done.
@@ -314,6 +414,7 @@ Hang out in IRC #i2p-dev. Post on the forums. Spread the word.
 We can help get you users, testers, translators, or even coders.
 {%- endtrans %}</p>
 
+<h2>Examples</h2>
 
 
 <h3>{% trans %}Application Examples{% endtrans %}</h3>
@@ -326,6 +427,9 @@ Other examples are: Vuze, the Nightweb Android app, iMule, TAILS, iCloak, and Mo
 
 
 <h3>{% trans %}Code Example{% endtrans %}</h3>
+<p>
+Note: This section refers to Java I2P only.
+</p>
 <p>{% trans -%}
 None of the above actually tells you how to write your code to
 bundle the Java router, so following is a brief example.

i2p2www/pages/site/docs/applications/git-bundle.html

@@ -28,7 +28,7 @@
 <h2 id="generating-a-bundle">{% trans -%}Generating a Bundle{%- endtrans %}</h2>
 <p>{% trans -%} First, follow the <a href="GIT.md">Git guide for Users</a> until you have a successfully <code>--unshallow</code>ed clone of clone of the i2p.i2p repository. If you already have a clone, make sure you run <code>git fetch --unshallow</code> before you generate a torrent bundle. {%- endtrans %}</p>
 <p>{% trans -%}Once you have that, simply run the corresponding ant target:{%- endtrans %}</p>
-<pre><code>ant bundle</code></pre>
+<pre><code>ant git-bundle</code></pre>
 <p>{% trans -%} and copy the resulting bundle into your I2PSnark downloads directory. For instance: {%- endtrans %}</p>
 <pre><code>cp i2p.i2p.bundle* $HOME/.i2p/i2psnark/</code></pre>
 <p>{% trans -%} In a minute or two, I2PSnark will pick up on the torrent. Click on the “Start” button to begin seeding the torrent. {%- endtrans %}</p>

i2p2www/pages/site/docs/applications/irc.html

@@ -79,12 +79,12 @@ alt="{{ _('Configure port') }}" title="{{ _('Pidgin Step Four') }}">
 alt="{{ _('Add a server') }}" title="{{ _('XChat Step One') }}">
 
 <p>{% trans %}Create a new network named "Irc2P" to configure for I2P IRC. Click
-the "Edit" button on the right-hand side.{% endtrans %}</p>
+the "Edit" button on the right-hand side. Make sure you disable TLS and SSL inside I2P.{% endtrans %}</p>
 
 <img src="{{ url_for('static', filename='images/irc/xchat-irc-1.png') }}"
 alt="{{ _('Add a server') }}" title="{{ _('XChat Step Two') }}">
 
-<p>{% trans %}Change the value in "Servers" from the default to `localhost/6669`,
+<p>{% trans %}Change the value in "Servers" from the default to `localhost/6668`,
 and configure the default channels you want to join. I suggest #i2p and #i2p-dev
 {% endtrans %}</p>
 

i2p2www/pages/site/docs/how/intro.html

@@ -178,7 +178,7 @@ scheduled development meetings, however <a href="{{ meetings }}">archives are av
 {%- endtrans %}</p>
 
 <p>{% trans monotone=site_url('get-involved/guides/monotone') -%}
-The current source is available in <a href="{{ monotone }}">monotone</a>.
+The current source is available in <a href="{{ monotone }}">git</a>.
 {%- endtrans %}</p>
 
 <h2>{% trans %}Additional Information{% endtrans %}</h2>

i2p2www/pages/site/docs/how/network-database.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}The Network Database{% endtrans %}{% endblock %}
-{% block lastupdated %}{% trans %}August 2019{% endtrans %}{% endblock %}
-{% block accuratefor %}0.9.42{% endblock %}
+{% block lastupdated %}2025-03{% endblock %}
+{% block accuratefor %}0.9.65{% endblock %}
 {% block content %}
 <h2>{% trans %}Overview{% endtrans %}</h2>
 
@@ -46,25 +46,26 @@ to be present:
   <li><b>caps</b>
 ({% trans %}Capabilities flags - used to indicate floodfill participation, approximate bandwidth, and perceived reachability{% endtrans %})
   <ul>
+    <li><b>D</b>: Medium congestion (as of release 0.9.58)</li>
+    <li><b>E</b>: High congestion (as of release 0.9.58)</li>
     <li><b>f</b>: {% trans %}Floodfill{% endtrans %}</li>
+    <li><b>G</b>: Rejecting all tunnels (as of release 0.9.58)</li>
     <li><b>H</b>: {% trans %}Hidden{% endtrans %}</li>
     <li><b>K</b>: {% trans amount='12 KBps' %}Under {{amount }} shared bandwidth{% endtrans %}</li>
     <li><b>L</b>: {% trans amount='12 - 48 KBps' %}{{ amount }} shared bandwidth{% endtrans %} ({% trans %}default{% endtrans %})</li>
     <li><b>M</b>: {% trans amount='48 - 64 KBps' %}{{ amount }} shared bandwidth{% endtrans %}</li>
     <li><b>N</b>: {% trans amount='64 - 128 KBps' %}{{ amount }} shared bandwidth{% endtrans %}</li>
     <li><b>O</b>: {% trans amount='128 - 256 KBps' %}{{ amount }} shared bandwidth{% endtrans %}</li>
-    <li><b>P</b>: {% trans amount='256 - 2000 KBps' %}{{ amount }} shared bandwidth{% endtrans %} (as of release 0.9.20)</li>
+    <li><b>P</b>: {% trans amount='256 - 2000 KBps' %}{{ amount }} shared bandwidth{% endtrans %} (as of release 0.9.20, see note below)</li>
     <li><b>R</b>: {% trans %}Reachable{% endtrans %}</li>
     <li><b>U</b>: {% trans %}Unreachable{% endtrans %}</li>
-    <li><b>X</b>: {% trans amount='2000 KBps' %}Over {{ amount }} shared bandwidth{% endtrans %} (as of release 0.9.20)</li>
+    <li><b>X</b>: {% trans amount='2000 KBps' %}Over {{ amount }} shared bandwidth{% endtrans %} (as of release 0.9.20, see note below)</li>
   </ul>
 "Shared bandwidth" == (share %) * min(in bw, out bw)
 <br>
 For compatibility with older routers, a router may publish multiple bandwidth letters, for example "PO".
-  </li>
-  <li><b>coreVersion</b>
-({% trans %}The core library version, always the same as the router version{% endtrans %})
-(Never used, removed in release 0.9.24)
+<br>
+Note: the boundary between the P and X bandwidth classes may be either 2000 or 2048 KBps, implementor's choice.
   </li>
   <li><b>netId</b> = 2
 ({% trans %}Basic network compatibility - A router will refuse to communicate with a peer having a different netId{% endtrans %})
@@ -72,13 +73,28 @@ For compatibility with older routers, a router may publish multiple bandwidth le
   <li><b>router.version</b>
 ({% trans %}Used to determine compatibility with newer features and messages{% endtrans %})
   </li>
-  <li><b>stat_uptime</b> = 90m
-({% trans %}Always sent as 90m, for compatibility with an older scheme where routers published their actual uptime,
-and only sent tunnel requests to peers whose uptime was more than 60m{% endtrans %})
+</ul>
+
+<p>
+Notes on R/U capabilities:
+A router should usually publish the R or U capability, unless the reachability state is currently unknown.
+R means that the router is directly reachable (no introducers required, not firewalled) on at least one transport address.
+U means that the router is NOT directly reachable on ANY transport address.
+
+<p>
+Deprecated options:
+<ul>
+  <li><strike>coreVersion</strike>
+(Never used, removed in release 0.9.24)
+  </li>
+  <li><strike>stat_uptime</strike> = 90m
 (Unused since version 0.7.9, removed in release 0.9.24)
   </li>
 </ul>
 
+
+
+
 <p>{% trans -%}
 These values are used by other routers for basic decisions.
 Should we connect to this router? Should we attempt to route a tunnel through this router?
@@ -116,16 +132,60 @@ Current statistics are limited to:
   <li>{% trans %}1 hour average number of participating tunnels{% endtrans %}
 </ul>
 
-<p>{% trans -%}
-Floodfill routers publish additional data on the number of entries in their network database.
-{%- endtrans %}</p>
+<p>
+These are optional, but if included, help analysis of network-wide performance.
+As of API 0.9.58, these statistics are simplified and standardized, as follows:
+</p>
+<ul>
+  <li>Option keys are stat_(statname).(statperiod)
+  <li>Option values are ';' -separated
+  <li>Stats for event counts or normalized percentages use the 4th value;
+      the first three values are unused but must be present
+  <li>Stats for average values use the 1st value, and no ';' separator is required
+  <li>For equal weighting of all routers in stats analysis,
+      and for additional anonymity,
+      routers should include these stats only after an uptime of one hour or more,
+      and only one time every 16 times that the RI is published.
+</ul>
+
+<p>
+Example:
+<pre>
+    stat_tunnel.buildExploratoryExpire.60m = 0;0;0;53.14
+    stat_tunnel.buildExploratoryReject.60m = 0;0;0;15.51
+    stat_tunnel.buildExploratorySuccess.60m = 0;0;0;31.35
+    stat_tunnel.participatingTunnels.60m = 289.20
+</pre>
+</p>
+
+
 
 <p>{% trans -%}
-The data published can be seen in the router's user interface,
-but is not used or trusted within the router.
-As the network has matured, we have gradually removed most of the published
-statistics to improve anonymity, and we plan to remove more in future releases.
+Floodfill routers may publish additional data on the number of entries in their network database.
+These are optional, but if included, help analysis of network-wide performance.
 {%- endtrans %}</p>
+<p>
+The following two options should be included by floodfill routers in every published RI:
+</p>
+<ul>
+  <li><b>netdb.knownLeaseSets</b>
+  <li><b>netdb.knownRouters</b>
+</ul>
+<p>
+Example:
+<pre>
+    netdb.knownLeaseSets = 158
+    netdb.knownRouters = 11374
+</pre>
+</p>
+
+
+
+
+<p>
+The data published can be seen in the router's user interface,
+but is not used or trusted by any other router.
+</p>
 
 <h3>{% trans %}Family Options{% endtrans %}</h3>
 
@@ -471,7 +531,34 @@ Routing keys are never sent on-the-wire in any I2NP message, they are only used
 determination of distance.
 {%- endtrans %}</p>
 
-
+<h2 id="segmentation">{% trans %}Network Database Segmentation - Sub-Databases{% endtrans %}</h2>
+<p>{% trans -%}Traditionally Kademlia-style DHT's are not concerned with preserving the unlinkability of information stored on any particular node in the DHT.
+For example, a piece of information may be stored to one node in the DHT, then requested back from that node unconditionally.
+Within I2P and using the netDb, this is not the case, information stored in the DHT may only be shared under certain known circumstances where it is "safe" to do so.
+This is to prevent a class of attacks where a malicious actor can try to associate a client tunnel with a router by sending a store to a client tunnel, then requesting it back directly from the suspected "Host" of the client tunnel.
+{%- endtrans %}</p>
+<h3>{% trans %}Segmentation Structure{% endtrans %}</h3>
+<p>{% trans -%}I2P routers can implement effective defenses against the attack class provided a few conditions are met.
+A network database implementation should be able to keep track of whether a database entry was recieved down a client tunnel or directly.
+If it was recieved down a client tunnel, then it should also keep track of which client tunnel it was recieved through, using the client's local destination.
+If the entry was recieved down multiple client tunnels, then the netDb should keep track of all destinations where the entry was observed.
+It should also keep track of whether an entry was recieved as a reply to a lookup, or as a store.
+{%- endtrans %}</p>
+<p>{% trans -%}In both the Java and C++ implementations, this achieved by using a single "Main" netDb for direct lookups and floodfill operations first.
+This main netDb exists in the router context.
+Then, each client is given it's own version of the netDb, which is used to capture database entries sent to client tunnels and respond to lookups sent down client tunnels.
+We call these "Client Network Databases" or "Sub-Databases" and they exist in the client context.
+The netDb operated by the client exists for the lifetime of the client only and contains only entries that are communicated with the client's tunnels.
+This makes it impossible for entries sent down client tunnels to overlap with entries sent directly to the router.
+{%- endtrans %}</p>
+<p>{% trans -%}Additionally, each netDb needs to be able to remember if a database entry was recieved because it was sent to one of our destinations, or because it was requested by us as part of a lookup.
+If a database entry it was recieved as a store, as in some other router sent it to us, then a netDb should respond to requests for the entry when another router looks up the key.
+However, if it was recieved as a reply to a query, then the netDb should only reply to a query for the entry if the entry had already been stored to the same destination.
+A client should never answer queries with an entry from the main netDb, only it's own client network database.
+{%- endtrans %}</p>
+<p>{% trans -%}These strategies should be taken and used combined so that both are applied.
+In combination, they "Segment" the netDb and secure it against attacks.
+{%- endtrans %}</p>
 
 <h2 id="delivery">{% trans %}Storage, Verification, and Lookup Mechanics{% endtrans %}</h2>
 
@@ -526,7 +613,13 @@ The floodfill router replies with a
 with the Message ID set to the value of the Reply Token.
 {%- endtrans %}</p>
 
-
+<p>In some circumstances, a router may also send the RouterInfo DatabaseStoreMessage out
+an exploratory tunnel; for example, due to connection limits, connection incompatibility,
+or a desire to hide the actual IP from the floodfill.
+The floodfill may not accept such a store in times of overload or based
+on other criteria; whether to explicitly declare non-direct store of a RouterInfo illegal is a topic
+for further study.
+</p>
 
 
 <h3>{% trans %}LeaseSet Storage to Floodfills{% endtrans %}</h3>
@@ -549,6 +642,13 @@ This message is sent back to one of the client's inbound tunnels.
 
 
 <h3>{% trans %}Flooding{% endtrans %}</h3>
+<p>
+Like any router, a floodfill uses various criteria to validate the LeaseSet or RouterInfo before storing it locally.
+These criteria may be adaptive and dependent on current conditions including current load, netdb size,
+and other factors.
+All validation must be done before flooding.
+</p>
+
 <p>{% trans floodsize=3 -%}
 After a floodfill router receives a DatabaseStoreMessage containing a
 valid RouterInfo or LeaseSet which is newer than that previously stored in its
@@ -569,6 +669,14 @@ as this is a direct connection, so there are no intervening routers
 The other routers do not reply or re-flood, as the Reply Token is zero.
 {%- endtrans %}</p>
 
+<p>
+Floodfills must not flood via tunnels; the DatabaseStoreMessage must be sent over a direct connection.
+</p>
+
+<p>
+Floodfills must never flood an expired LeaseSet or a RouterInfo published more than one hour ago. 
+</p>
+
 
 <h3 id="lookup">{% trans %}RouterInfo and LeaseSet Lookup{% endtrans %}</h3>
 <p>{% trans i2np=site_url('docs/protocol/i2np') -%}

i2p2www/pages/site/docs/how/peer-selection.html

@@ -1,8 +1,16 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Peer Profiling and Selection{% endtrans %}{% endblock %}
-{% block lastupdated %}{% trans %}July 2010{% endtrans %}{% endblock %}
-{% block accuratefor %}0.8{% endblock %}
+{% block lastupdated %}2024-02{% endblock %}
+{% block accuratefor %}0.9.62{% endblock %}
 {% block content %}
+<h2>NOTE</h2>
+This page describes the Java I2P implementation of peer profiling and selection as of 2010.
+While still broadly accurate, some details may no longer be correct.
+We continue to evolve banning, blocking, and selection strategies to address newer threats, attacks, and network conditions.
+The current network has multiple router implementations with various versions.
+Other I2P implementations may have completely different profiling and selection strategies,
+or may not use profiling at all.
+
 <h2>{% trans %}Overview{% endtrans %}</h2>
 
 <h3>{% trans %}Peer Profiling{% endtrans %}</h3>

i2p2www/pages/site/docs/how/tech-intro.html

@@ -1,5 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}I2P: A scalable framework for anonymous communication{% endtrans %}{% endblock %}
+{% block lastupdated %}2025-01{% endblock %}
+{% block accuratefor %}0.9.65{% endblock %}
 {% block content_nav %}
 <ul>
   <li><a href="#intro">{% trans %}Introduction{% endtrans %}</a></li>
@@ -13,10 +15,40 @@
       <li><a href="#op.crypto">{% trans %}Cryptography{% endtrans %}</a></li>
     </ul>
   </li>
+  <li>
+    <a href="#future">{% trans %}Future{% endtrans %}</a>
+    <ul>
+      <li><a href="#future.restricted">{% trans %}Restricted Routes{% endtrans %}</a></li>
+      <li><a href="#future.variablelatency">{% trans %}Variable Latency{% endtrans %}</a></li>
+    </ul>
+  </li>
+  <li>
+    <a href="#similar">{% trans %}Similar Networks{% endtrans %}</a>
+    <ul>
+      <li><a href="#similar.tor">{% trans %}Tor{% endtrans %}</a></li>
+      <li><a href="#similar.freenet">{% trans %}Freenet{% endtrans %}</a></li>
+    </ul>
+  </li>
+  <li>
+    <a href="#app">{% trans %}Application Layer{% endtrans %}</a>
+    <ul>
+      <li><a href="#app.streaming">{% trans %}Streaming{% endtrans %}</a></li>
+      <li><a href="#app.naming">{% trans %}Naming and Addressbook{% endtrans %}</a></li>
+      <li><a href="#app.i2psnark">{% trans %}I2PSnark{% endtrans %}</a></li>
+      <li><a href="#app.i2ptunnel">{% trans %}I2PTunnel{% endtrans %}</a></li>
+      <li><a href="#app.i2pmail">{% trans %}I2P Email{% endtrans %}</a></li>
+    </ul>
+  </li>
 </ul>
 {% endblock %}
 
 {% block content %}
+<p>
+NOTE: This document was originally written by jrandom in 2003.
+While we strive to keep it current, some information may be obsolete or incomplete.
+The transport and cryptography sections are current as of 2025-01.
+</p>
+
   <h1 id="intro">{% trans %}Introduction{% endtrans %}</h1>
   <p>{% trans -%}
 I2P is a scalable, self organizing, resilient packet switched anonymous 
@@ -30,20 +62,16 @@ anonymity set of users already running on top of I2P.
   <p>{% trans -%}
 Applications available already provide the full range of typical Internet activities -
 <b>anonymous</b> web browsing, web hosting, chat, file sharing, e-mail,
-blogging and content syndication, newsgroups, as well as several other applications under development.
+blogging and content syndication, as well as several other applications under development.
 {%- endtrans %}</p>
     <ul>
       <li>{% trans %}Web browsing: using any existing browser that supports using a proxy.{% endtrans %}</li>
-      <li>{% trans %}Chat: IRC, Jabber, <a href="#app.i2pmessenger">I2P-Messenger</a>.{% endtrans %}</li>
+      <li>{% trans %}Chat: IRC and other protocols{% endtrans %}</li>
       <li>{% trans -%}
-File sharing: <a href="#app.i2psnark">I2PSnark</a>, <a href="#app.robert">Robert</a>, <a href="#app.imule">iMule</a>, 
-<a href="#app.i2phex">I2Phex</a>, <a href="#app.pybit">PyBit</a>, <a href="#app.i2pbt">I2P-bt</a>
-and others.
+File sharing: <a href="#app.i2psnark">I2PSnark</a> and other applications
 {%- endtrans %}</li>
-      <li>{% trans %}E-mail: <a href="#app.i2pmail">susimail</a> and <a href="#app.i2pbote">I2P-Bote</a>.{% endtrans %}</li>
-      <li>{% trans %}Blog: using e.g. the pebble plugin or the distributed blogging software <a href="#app.syndie">Syndie</a>.{% endtrans %}</li>
-      <li>{% trans %}Distributed Data Store: Save your data redundantly in the Tahoe-LAFS cloud over I2P.{% endtrans %}</li>
-      <li>{% trans %}Newsgroups: using any newsgroup reader that supports using a proxy.{% endtrans %}</li>
+      <li>{% trans %}E-mail: <a href="#app.i2pmail">susimail</a> and other applications{% endtrans %}</li>
+      <li>{% trans %}Blog: using any local web server, or available plugins{% endtrans %}</li>
     </ul>
 
   <p>{% trans -%}
@@ -115,6 +143,7 @@ and an end point. Messages can be sent only in one way. To send messages back,
 another tunnel is required.
 {%- endtrans %}</p>
     <div class="box" style="text-align:center;">
+      <br /><br />
       <img src="{{ url_for('static', filename='images/tunnels.png') }}" alt="{{ _('Inbound and outbound tunnel schematic') }}" title="{{ _('Inbound and outbound tunnel schematic') }}" />
       <br /><br />
       {% trans %}Figure 1: Two types of tunnels exist: inbound and outbound.{% endtrans %}
@@ -168,8 +197,10 @@ She can then send a build message to the first hop, requesting the construction
 that router to send the construction message onward, until the tunnel has been constructed.
 {%- endtrans %}</p>
     <div class="box" style="text-align:center;">
+      <br /><br />
       <img src="{{ url_for('static', filename='images/netdb_get_routerinfo_1.png') }}" alt="{{ _('Request information on other routers') }}" title="{{ _('Request information on other routers') }}" />
       &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+      <br /><br />
       <img src="{{ url_for('static', filename='images/netdb_get_routerinfo_2.png') }}" alt="{{ _('Build tunnel using router information') }}" title="{{ _('Build tunnel using router information') }}" />
       <br /><br />
       {% trans %}Figure 2: Router information is used to build tunnels.{% endtrans %}
@@ -192,6 +223,7 @@ recent LeaseSet with the message so that Bob doesn't need to do a netDb lookup
 for it when he wants to reply, but this is optional.
 {%- endtrans %}</p>
     <div class="box" style="text-align:center;">
+      <br /><br />
       <img src="{{ url_for('static', filename='images/netdb_get_leaseset.png') }}" alt="{{ _('Connect tunnels using LeaseSets') }}" title="{{ _('Connect tunnels using leaseSets') }}" />
       <br /><br />
       {% trans %}Figure 3: LeaseSets are used to connect outbound and inbound tunnels.{% endtrans %}
@@ -330,10 +362,12 @@ but a basic explanation is available below.
 {%- endtrans %}</p>
 
   <p>{% trans -%}
-A percentage of I2P users are appointed as 'floodfill peers'.
-Currently, I2P installations that have a lot of bandwidth and are fast enough,
-will appoint themselves as floodfill as soon as the number of existing floodfill routers
-drops too low.
+All I2P routers contain a local netDb, but not all routers participate in the DHT
+or respond to leaseset lookups.
+Those routers that do participate in the DHT and respond to leaseset lookups
+are called 'floodfills'.
+Routers may be manually configured as floodfills, or automatically become floodfill
+if they have enough capacity and meet other criteria for reliable operation.
 {%- endtrans %}</p>
 
   <p>{% trans netdb=site_url('docs/how/network-database') -%}
@@ -370,7 +404,7 @@ Some additional remarks are also important.
         <p>{% trans -%}
 One could only want specific people to be able to reach a destination.
 This is possible by not publishing the destination in the netDb. You will however have to transmit the destination by other means.
-An alternative are the 'encrypted leaseSets'. These leaseSets can only be decoded by people with access to the decryption key.
+This is supported by 'encrypted leaseSets'. These leaseSets can only be decoded by people with access to the decryption key.
 {%- endtrans %}</p>
       </li>
       <li>
@@ -380,16 +414,16 @@ Bootstrapping the netDb is quite simple. Once a router manages to receive a sing
 it can query that router for references to other routers in the network.
 Currently, a number of users post their routerInfo files to a website to make this information available.
 I2P automatically connects to one of these websites to gather routerInfo files and bootstrap.
+I2P calls this bootstrap process "reseeding".
 {%- endtrans %}</p>
       </li>
       <li>
         <b>{% trans %}Lookup scalability:{% endtrans %}</b>
         <p>{% trans -%}
-Lookups in the I2P network are not forwarded to other netDb routers.
-Currently, this is not a major problem, since the network is not very large.
-However, as the network grows, not all routerInfo and leaseSet files will be present
-on each netDb router. This will cause a deterioration of the percentage of successful lookups.
-Because of this, refinements to the netDb will be done in the next releases.
+Lookups in the I2P network are iterative, not recursive.
+If a lookup from a floodfill fails, the lookup will be repeated to the next-closest floodfill.
+The floodfill does not recursively ask another floodfill for the data.
+Iterative lookups are scalable to large DHT networks.
 {%- endtrans %}</p>
       </li>
     </ul>
@@ -403,15 +437,29 @@ communicate with other routers aren't critical - three separate protocols
 have been used at different points to provide those bare necessities.
 {%- endtrans %}</p>
 
-  <p>{% trans ssu=site_url('docs/transport/ssu') -%}
-I2P started with a TCP-based protocol which 
-has since been disabled. Then, to accommodate the need for high degree communication 
-(as a number of routers will end up speaking with many others), I2P moved 
-from a TCP based transport to a <a href="{{ ssu }}">UDP-based one</a> - "Secure 
-Semireliable UDP", or "SSU".
+  <p>{% trans ntcp=site_url('docs/transport/ntcp'), ssu=site_url('docs/transport/ssu'), ntcp2=spec_url('ntcp2'), ssu2=spec_url('ssu2') -%}
+I2P currently supports two transport protocols,
+<a href="{{ ntcp2 }}">NTCP2</a> over TCP, and <a href="{{ ssu2 }}">SSU2</a> over UDP.
+These have replaced the previous versions of the protocols,
+<a href="{{ ntcp }}">NTCP</a> and <a href="{{ ssu }}">SSU</a>, which are now deprecated.
+Both protocols support both IPv4 and IPv6.
+By supporting both TCP and UDP transports, I2P can effectively traverse most firewalls,
+including those intended to block traffic in restrictive censorship regimes.
+NTCP2 and SSU2 were designed to use modern encryption standards,
+improve traffic identification resistance,
+increase efficiency and security,
+and make NAT traversal more robust.
+Routers publish each supported transport and IP address in the network database.
+Routers with access to public IPv4 and IPv6 networks will usually publish
+four addresses, one for each combination of NTCP2/SSU2 with IPv4/IPv6.
 {%- endtrans %}</p>
 
-  <p>{% trans ssu=site_url('docs/transport/ssu') -%}
+  <p>{% trans ssu=site_url('docs/transport/ssu'), ssu2=spec_url('ssu2') -%}
+<a href="{{ ssu2 }}">SSU2</a> supports and extends the goals of SSU.
+SSU2 has many similarities to other modern UDP-based protocols such as Wireguard and QUIC.
+In addition to the reliable transport of network messages over UDP,
+SSU2 provides specialized facilities for peer-to-peer, cooperative
+IP address detection, firewall detection, and NAT traversal.
 As described in the <a href="{{ ssu }}">SSU spec</a>:
 {%- endtrans %}</p>
 
@@ -425,14 +473,11 @@ sufficient for home users. In addition, it should support techniques for address
 network obstacles, like most NATs or firewalls.
 {%- endtrans %}</blockquote>
 
-  <p>{% trans ntcp=site_url('docs/transport/ntcp') -%}
-Following the introduction of SSU, after issues with congestion collapse 
-appeared, a new NIO-based TCP transport called <a href="{{ ntcp }}">NTCP</a> 
-was implemented. It is enabled by default for outbound connections only. Those 
-who configure their NAT/firewall to allow inbound connections and specify 
-the external host and port (dyndns/etc is ok) on /config.jsp can receive inbound 
-connections. As NTCP is NIO based, so it doesn't suffer from the 1 thread 
-per connection issues of the old TCP transport.
+  <p>{% trans ntcp2=spec_url('ntcp2') -%}
+NTCP2 supports and extends the goals of NTCP.
+It provides an efficient and fully encrypted transport of network messages over TCP,
+and resistance to traffic identification,
+using modern encryption standards.
 {%- endtrans %}</p>
 
   <p>{% trans -%}
@@ -443,28 +488,51 @@ Transports may reply with different bids, depending on whether there is already
 an established connection to the peer.
 {%- endtrans %}</p>
 
-  <p>{% trans ntcp=site_url('docs/transport/ntcp') -%}
-The current implementation ranks NTCP as the highest-priority transport 
-for outbound connections in most situations. SSU is enabled for both outbound 
-and inbound connections. Your firewall and your I2P router must be configured 
-to allow inbound NTCP connections. For further information see the <a href="{{ ntcp }}">NTCP 
-page</a>.
+  <p>{% trans -%}
+The bid (priority) values are implementation-dependent and
+may vary based on traffic conditions, connection counts, and other factors.
+Routers also publish their transport preferences for inbound connections in the network database
+as transport "costs" for each transport and address.
 {%- endtrans %}</p>
 
   <h2 id="op.crypto">{% trans %}Cryptography{% endtrans %}</h2>
+
   <p>{% trans -%}
-A bare minimum set of cryptographic primitives are combined together to 
+I2P uses cryptography at several protocol layers for encryption, authentication, and verification.
+The major protocol layers are: transports, tunnel build messages, tunnel layer encryption,
+network database messages, and end-to-end (garlic) messages.
+I2P's original design used a small set of cryptographic primitives that at the time were considered secure.
+These included ElGamal asymmetric encryption, DSA-SHA1 signatures,
+AES256/CBC symmetric encryption, and SHA-256 hashes.
+As available computing power increased and cryptographic research evolved substantially
+over the years, I2P needed to upgrade its primitives and protocols.
+Therefore, we added a concept of "encryption types" and "signature types",
+and extended our protocols to include these identifiers and indicate support.
+This allows us to periodically update and extend the network support for
+modern cryptography and future-proof the network for new primitives,
+without breaking backward compatibility or requiring a "flag day" for network updates.
+Some signature and encryption types are also reserved for experimental use.
+{%- endtrans %}</p>
+
+  <p>{% trans -%}
+The current primitives used in most protocol layers are X25519 key exchange, EdDSA signatures,
+ChaCha20/Poly1305 authenticated symmetric encryption, and SHA-256 hashes.
+AES256 is still used for tunnel layer encryption.
+These modern protocols are used for the vast majority of network communication
+Older primitives including ElGamal, ECDSA, and DSA-SHA1 continue to be supported by most implementations
+for backward compatibility when communicating with older routers.
+Some old protocols have been deprecated and/or removed completely.
+In the near future we will begin research on a migration to post-quantum (PQ)
+or hybrid-PQ encryption and signatures to maintain our robust security standards.
+{%- endtrans %}</p>
+
+  <p>{% trans -%}
+These cryptographic primitives are combined together to 
 provide I2P's layered defenses against a variety of adversaries. At the lowest 
-level, inter router communication is protected by the transport layer security 
-- SSU encrypts each packet with AES256/CBC with both an explicit IV and MAC 
-(HMAC-MD5-128) after agreeing upon an ephemeral session key through a 2048bit 
-Diffie-Hellman exchange, station-to-station authentication with the other 
-router's DSA key, plus each network message has their own hash for local integrity 
-checking. <a href="#op.tunnels">Tunnel</a> messages passed over the transports 
-have their own layered AES256/CBC encryption with an explicit IV and verified 
-at the tunnel endpoint with an additional SHA256 hash. Various other messages 
-are passed along inside "garlic messages", which are encrypted with ElGamal/AES+SessionTags 
-(explained below).
+level, inter-router communication is protected by the transport layer security.
+<a href="#op.tunnels">Tunnel</a> messages passed over the transports 
+have their own layered encryption.
+Various other messages are passed along inside "garlic messages", which are also encrypted.
 {%- endtrans %}</p>
 
   <h3 id="op.garlic">{% trans %}Garlic messages{% endtrans %}</h3>
@@ -476,10 +544,10 @@ into a garlic message whenever the message would otherwise be passing in clearte
 through a peer who should not have access to the information - for instance, 
 when a router wants to ask another router to participate in a tunnel, they 
 wrap the request inside a garlic, encrypt that garlic to the receiving router's 
-2048bit ElGamal public key, and forward it through a tunnel. Another example 
+public key, and forward it through a tunnel. Another example 
 is when a client wants to send a message to a destination - the sender's router 
 will wrap up that data message (alongside some other messages) into a garlic, 
-encrypt that garlic to the 2048bit ElGamal public key published in the recipient's 
+encrypt that garlic to the public key published in the recipient's 
 leaseSet, and forward it through the appropriate tunnels.
 {%- endtrans %}</p>
 
@@ -500,11 +568,17 @@ not currently used in the existing implementation.
   <p>{% trans -%}
 As an unreliable, unordered, message based system, I2P uses a simple combination 
 of asymmetric and symmetric encryption algorithms to provide data confidentiality 
-and integrity to garlic messages. As a whole, the combination is referred 
+and integrity to garlic messages. The original combination was referred 
 to as ElGamal/AES+SessionTags, but that is an excessively verbose way to describe 
 the simple use of 2048bit ElGamal, AES256, SHA256 and 32 byte nonces.
+While this protocol is still supported, most of the network has migrated to
+a new protocol, ECIES-X25519-AEAD-Ratchet.
+This protocol combines X25519, ChaCha20/Poly1305, and a synchronized PRNG
+to generate the 32 byte nonces.
+Both protocols will be briefly described below.
 {%- endtrans %}</p>
 
+  <h4 id="op.elg">ElGamal/AES+SessionTags</h4>
   <p>{% trans -%}
 The first time a router wants to encrypt a garlic message to another router, 
 they encrypt the keying material for an AES256 session key with ElGamal and 
@@ -546,24 +620,50 @@ drop the ones previously assumed to be properly delivered, reverting back
 to the full expensive ElGamal encryption.
 {%- endtrans %}</p>
 
+  <h4 id="op.ratchet">ECIES-X25519-AEAD-Ratchet</h4>
   <p>{% trans -%}
-One alternative is to transmit only a single session tag, and from that, 
-seed a deterministic PRNG for determining what tags to use or expect. By keeping 
+ElGamal/AES+SessionTags required substantial overhead in a number of ways.
+CPU usage was high because ElGamal is quite slow.
+Bandwidth was excessive because large numbers of session tags had to be delivered in advance,
+and because ElGamal public keys are very large.
+Memory usage was high due to the requirement to store large amounts of session tags.
+Reliability was hampered by lost session tag delivery.
+{%- endtrans %}</p>
+
+  <p>{% trans -%}
+ECIES-X25519-AEAD-Ratchet was designed to address these issues.
+X25519 is used for key exchange.
+ChaCha20/Poly1305 is used for authenticated symmetric encryption.
+Encryption keys are "double ratcheted" or rotated periodically.
+Session tags are reduced from 32 bytes to 8 bytes and are generated with a PRNG.
+The protocol has many similarities to the signal protocol used in Signal and WhatsApp.
+This protocol provides substantially lower overhead in CPU, RAM, and bandwidth.
+{%- endtrans %}</p>
+
+  <p>{% trans -%}
+The session tags are generated from a deterministic synchronized PRNG running
+at both ends of the session to generate session tags and session keys.
+The PRNG is a HKDF using a SHA-256 HMAC, and is seeded from the X25519 DH result.
+Session tags are never transmitted in advance; they are only included with the message.
+The receiver stores a limited number of session keys, indexed by session tag.
+The sender does not need to store any session tags or keys because they
+are not sent in advance; they may be generated on-demand.
+By keeping 
 this PRNG roughly synchronized between the sender and recipient (the recipient 
 precomputes a window of the next e.g. 50 tags), the overhead of periodically 
-bundling a large number of tags is removed, allowing more options in the space/time 
-tradeoff, and perhaps reducing the number of ElGamal encryptions necessary. 
-However, it would depend upon the strength of the PRNG to provide the necessary 
-cover against internal adversaries, though perhaps by limiting the amount 
-of times each PRNG is used, any weaknesses can be minimized. At the moment, 
-there are no immediate plans to move towards these synchronized PRNGs.
+bundling a large number of tags is removed.
 {%- endtrans %}</p>
 
   <h1 id="future">{% trans %}Future{% endtrans %}</h1>
   <p>{% trans -%}
-While I2P is currently functional and sufficient for many scenarios, there 
+I2P's protocols are efficient on most platforms, including cell phones,
+and secure for most threat models. However, there
 are several areas which require further improvement to meet the needs of those 
-facing more powerful adversaries as well as substantial user experience optimization. 
+facing powerful state-sponsored adversaries, and to meet the threats of
+continued cryptographic advances and ever-increasing computing power.
+Two possible features, restricted routes and variable latency,
+were propsed by jrandom in 2003. While we no longer plan to
+implement these features, they are described below.
 {%- endtrans %}</p>
 
   <h2 id="future.restricted">{% trans %}Restricted route operation{% endtrans %}</h2>
@@ -584,7 +684,7 @@ Restricted route operation, where there are limits to what peers are reachable
 directly, has several different functional and anonymity implications, dependent 
 upon how the restricted routes are handled. At the most basic level, restricted 
 routes exist when a peer is behind a NAT or firewall which does not allow 
-inbound connections. This was largely addressed in I2P 0.6.0.6 by integrating 
+inbound connections. This was largely addressed by integrating 
 distributed hole punching into the transport layer, allowing people behind 
 most NATs and firewalls to receive unsolicited connections without any configuration. 
 However, this does not limit the exposure of the peer's IP address to routers 
@@ -610,8 +710,7 @@ tunnel gateway. The concept of 'client routers' simply extends the restricted
 route by not publishing any router addresses. Such a router would not even 
 need to publish their routerInfo in the netDb, merely providing their self 
 signed routerInfo to the peers that it contacts (necessary to pass the router's 
-public keys). Both levels of restricted route operation are planned for I2P 
-2.0.
+public keys).
 {%- endtrans %}</p>
 
   <p>{% trans -%}
@@ -626,6 +725,20 @@ of using a hostile peer to get connected is small enough, or trusted (and
 perhaps temporary) peers are used instead.
 {%- endtrans %}</p>
 
+  <p>{% trans -%}
+Restricted routes are complex, and the overall goal has been largely abandoned.
+Several related improvements have greatly reduced the need for them.
+We now support UPnP to automatically open firewall ports.
+We support both IPv4 and IPv6.
+SSU2 improved address detection, firewall state determination, and cooperative NAT hole punching.
+SSU2, NTCP2, and address compatibility checks ensure that tunnel hops can connect
+before the tunnel is built.
+GeoIP and country identification allow us to avoid peers in countries with restrictive firewalls.
+Support for "hidden" routers behind those firewalls has improved.
+Some implementations also support connections to peers on overlay networks such as Yggdrasil.
+{%- endtrans %}</p>
+
+
   <h2 id="future.variablelatency">{% trans %}Variable latency{% endtrans %}</h2>
   <p>{% trans -%}
 Even though the bulk of I2P's initial efforts have been on low latency communication, 
@@ -645,20 +758,14 @@ or, most likely, to a remote client destination.
 {%- endtrans %}</p>
 
   <p>{% trans -%}
-There are a substantial number of ways to exploit this capacity for high 
-latency comm in I2P, but for the moment, doing so has been scheduled for the 
-I2P 3.0 release. In the meantime, those requiring the anonymity that high 
-latency comm can offer should look towards the application layer to provide 
-it.
+The goal of variable latency services requires substantial resources
+for store-and-forward mechanisms to support it.
+These mechanisms can and are supported in various messaging applications,
+such as i2p-bote.
+At the network level, alternative networks such as Freenet provide these services.
+We have decided not to pursue this goal at the I2P router level.
 {%- endtrans %}</p>
 
-  <h2 id="future.open">{% trans %}Open questions{% endtrans %}</h2>
-  <ul>
-    <li>{% trans %}How to get rid of the timing constraint?{% endtrans %}</li>
-    <li>{% trans %}Can we deal with the sessionTags more efficiently?{% endtrans %}</li>
-    <li>{% trans %}What, if any, batching/mixing strategies should be made available on the tunnels?{% endtrans %}</li>
-    <li>{% trans %}What other tunnel peer selection and ordering strategies should be available?{% endtrans %}</li>
-  </ul>
 
   <h1 id="similar">{% trans %}Similar systems{% endtrans %}</h1>
 
@@ -674,6 +781,8 @@ two in particular are pulled out here - Tor and Freenet.
 
   <p>{% trans comparisons=site_url('comparison') -%}
 See also the <a href="{{ comparisons }}">Network Comparisons Page</a>. 
+Note that these descriptions were written by jrandom in 2003 and
+may not currently be accurate.
 {%- endtrans %}</p>
 
   <h2 id="similar.tor">Tor</h2>
@@ -724,11 +833,6 @@ in a tunnel is important, as an adversary would otherwise be able to mount
 a series of powerful predecessor, intersection, and traffic confirmation attacks. 
 {%- endtrans %}</p>
 
-  <p>{% trans -%}
-Tor's support for a second tier of "onion proxies" does offer a non-trivial 
-degree of anonymity while requiring a low cost of entry, while I2P will not 
-offer this topology until <a href="#future.restricted">2.0</a>.
-{%- endtrans %}</p>
 
   <p>{% trans -%}
 On the whole, Tor and I2P complement each other in their focus - Tor works 
@@ -774,20 +878,6 @@ Freenet team will pursue efforts in that direction, if not simply reusing
 (or helping to improve, as necessary) existing mixnets like I2P or Tor.
 {%- endtrans %}</p>
 
-  <p>{% trans -%}
-It is worth mentioning that there has recently been discussion and work 
-by the Freenet developers on a "globally scalable darknet" using restricted 
-routes between peers of various trust. While insufficient information has 
-been made publicly available regarding how such a system would operate for 
-a full review, from what has been said the anonymity and scalability claims 
-seem highly dubious. In particular, the appropriateness for use in hostile 
-regimes against state level adversaries has been tremendously overstated, 
-and any analysis on the implications of resource scarcity upon the scalability 
-of the network has seemingly been avoided. Further questions regarding susceptibility 
-to traffic analysis, trust and other topics do exist, but a more in-depth 
-review of this "globally scalable darknet" will have to wait until the Freenet 
-team makes more information available.
-{%- endtrans %}</p>
 
   <h1 id="app">Appendix A: Application layer</h1>
   <p>{% trans -%}
@@ -891,24 +981,6 @@ systems can plug into, allowing end users to drive what sort of naming tradeoffs
 they prefer.
 {%- endtrans %}</p>
 
-  <h2 id="app.syndie">Syndie</h2>
-  <p><i>{% trans -%}
-The old Syndie bundled with I2P has been replaced by the new Syndie which
-is distributed separately. For more information see the <a href="http://syndie.i2p2.de/">Syndie</a>
-pages.
-{%- endtrans %}</i></p>
-
-  <p>{% trans -%}
-Syndie is a safe, anonymous blogging / content publication / content aggregation 
-system. It lets you create information, share it with others, and read posts 
-from those you're interested in, all while taking into consideration your 
-needs for security and anonymity. Rather than building its own content distribution 
-network, Syndie is designed to run on top of existing networks, syndicating 
-content through I2P Sites, Tor hidden services, Freenet freesites, normal websites, 
-usenet newsgroups, email lists, RSS feeds, etc. Data published with Syndie 
-is done so as to offer pseudonymous authentication to anyone reading or archiving 
-it.
-{%- endtrans %}</p>
 
   <h2 id="app.i2ptunnel">I2PTunnel</h2>
   <p><i>{% trans dev='mihi' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
@@ -955,25 +1027,6 @@ POP3 and SMTP destinations (which in turn are simply "server" instances pointing
 at POP3 and SMTP servers), as well as "client" tunnels pointing at I2P's CVS 
 server, allowing anonymous development. At times people have even run "client" 
 proxies to access the "server" instances pointing at an NNTP server.
-{%- endtrans %}</p>
-
-  <h2 id="app.i2pbt">i2p-bt</h2>
-  <p><i>{% trans dev='duck, et al' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
-
-  <p>{% trans -%}
-i2p-bt is a port of the mainline python BitTorrent client to run both the 
-tracker and peer communication over I2P. Tracker requests are forwarded through 
-the eepproxy to I2P Sites specified in the torrent file while tracker responses 
-refer to peers by their destination explicitly, allowing i2p-bt to open up 
-a <a href="#app.streaming">streaming lib</a> connection to query them for 
-blocks.
-{%- endtrans %}</p>
-
-  <p>{% trans -%}
-In addition to i2p-bt, a port of bytemonsoon has been made to I2P, making 
-a few modifications as necessary to strip any anonymity-compromising information 
-from the application and to take into consideration the fact that IPs cannot 
-be used for identifying peers.
 {%- endtrans %}</p>
 
   <h2 id="app.i2psnark">I2PSnark</h2>
@@ -987,40 +1040,6 @@ href="http://www.klomp.org/snark/">Snark</a> client
 Bundled with the I2P install, I2PSnark offers a simple anonymous BitTorrent 
 client with multitorrent capabilities, exposing all of the functionality through 
 a plain HTML web interface.
-{%- endtrans %}</p>
-
-  <h2 id="app.robert">Robert</h2>
-  <p><i>{% trans dev='sponge' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
-
-  <p>{% trans bob=i2pconv('bob.i2p') -%}
-Robert is a Bittorrent client written in Python.
-It is hosted on <a href="http://{{ bob }}/Robert.html">http://{{ bob }}/Robert.html</a> <!-- TODO: expand -->
-{%- endtrans %}</p>
-
-  <h2 id="app.pybit">PyBit</h2>
-  <p><i>{% trans dev='Blub' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
-
-  <p>{% trans pybit='http://'+i2pconv('echelon.i2p')+'/pybit/' -%}
-PyBit is a Bittorrent client written in Python.
-It is hosted on <a href="{{ pybit }}">{{ pybit }}</a> <!-- TODO: expand -->
-{%- endtrans %}</p>
-
-  <h2 id="app.i2phex">I2Phex</h2>
-  <p><i>{% trans dev='sirup' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
-
-  <p>{% trans -%}
-I2Phex is a fairly direct port of the Phex Gnutella filesharing client to 
-run entirely on top of I2P. While it has disabled some of Phex's functionality, 
-such as integration with Gnutella webcaches, the basic file sharing and chatting 
-system is fully functional.
-{%- endtrans %}</p>
-
-  <h2 id="app.imule">iMule</h2>
-  <p><i>{% trans dev='mkvore' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
-
-  <p>{% trans -%}
-iMule is a fairly direct port of the aMule filesharing client 
-running entirely inside I2P.
 {%- endtrans %}</p>
 
   <h2 id="app.i2pmail">I2Pmail/susimail</h2>
@@ -1040,27 +1059,9 @@ to delivery through the mail.i2p outproxies, which are separate from the mail.i2
 SMTP and POP3 servers - both the outproxies and inproxies communicate with 
 the mail.i2p SMTP and POP3 servers through I2P itself, so compromising those 
 non-anonymous locations does not give access to the mail accounts or activity 
-patterns of the user. At the moment the developers work on a decentralized 
-mailsystem, called "v2mail". More information can be found on the I2P Site 
-<a href="http://{{ postman }}/">{{ postman }}</a>.
+patterns of the user.
 {%- endtrans %}</p>
 
-  <h2 id="app.i2pbote">I2P-Bote</h2>
-  <p><i>{% trans dev='HungryHobo' -%}Developed by: {{ dev }}{%- endtrans %}</i></p>
 
-  <p>{% trans -%}
-I2P-Bote is a distributed e-mail application. It does not use the traditional
-e-mail concept of sending an e-mail to a server and retrieving it from a server.
-Instead, it uses a Kademlia Distributed Hash Table to store mails.
-One user can push a mail into the DHT, while another can request the e-mail from the DHT.
-And all the mails sent within the I2P-Bote network are automatically encrypted end-to-end. <br>
-Furthermore, I2P-Bote offers a remailer function on top of I2P, for increased high-latency anonymity.
-{%- endtrans %}</p>
 
-  <h2 id="app.i2pmessenger">I2P-Messenger</h2>
-  <p>{% trans -%}
-I2P-Messenger is an end-to-end encrypted serverless communication application.
-For communication between two users, they need to give each other their destination keys, to allow the other to connect.
-It supports file transfer and has a search for other users, based on Seedless.
-{%- endtrans %}</p>
 {% endblock %}

i2p2www/pages/site/docs/index.html

@@ -1,7 +1,7 @@
 {% extends "global/layout.html" %}
 {% block title %}{% trans %}Index to Technical Documentation{% endtrans %}{% endblock %}
-{% block lastupdated %}2022-04{% endblock %}
-{% block accuratefor %}0.9.53{% endblock %}
+{% block lastupdated %}2022-08{% endblock %}
+{% block accuratefor %}0.9.55{% endblock %}
 {% block content %}
 <p>{% trans -%}
 Following is an index to the technical documentation for I2P.
@@ -15,6 +15,10 @@ The interface between applications and the router is the I2CP (I2P Control
 Protocol) API.
 {%- endtrans %}</p>
 
+The specifications linked below are currently supported in the network.
+See the <a href="{{ site_url('spec/proposals') }}">{{ _('Proposals') }}</a> page for
+specifications in discussion or development.
+
 <p>{% trans trac='https://i2pgit.org/i2p-hackers/i2p.www/issues' -%}
 The I2P Project is committed to maintaining accurate, current documentation.
 If you find any inaccuracies in the documents linked below, please
@@ -74,13 +78,13 @@ Streamr Proxy
 </li><li>
 HTTP Bidir Proxy
 </li><li>
-<a href="{{ site_url('docs/api/sam') }}">{{ _('SAM Protocol') }}</a>
+<a href="{{ site_url('docs/api/sam') }}">{{ _('SAM Protocol') }}</a> (Deprecated)
 </li><li>
-<a href="{{ site_url('docs/api/samv2') }}">{{ _('SAMv2 Protocol') }}</a>
+<a href="{{ site_url('docs/api/samv2') }}">{{ _('SAMv2 Protocol') }}</a> (Deprecated)
 </li><li>
 <a href="{{ site_url('docs/api/samv3') }}">{{ _('SAMv3 Protocol') }}</a>
 </li><li>
-<a href="{{ site_url('docs/api/bob') }}">{{ _('BOB Protocol') }}</a>
+<a href="{{ site_url('docs/api/bob') }}">{{ _('BOB Protocol') }}</a> (Deprecated)
 </li></ul>
 
 <h3>{% trans %}End-to-End Transport API and Protocols{% endtrans %}</h3>
@@ -180,6 +184,8 @@ Traditionally used only by Java applications and higher-level APIs.
 </li><li>
 <a href="{{ spec_url('ssu') }}">{{ _('SSU specification') }}</a>
 </li><li>
+<a href="{{ spec_url('ssu2') }}">{{ _('SSU2 specification') }}</a>
+</li><li>
 <a href="{{ site_url('docs/how/cryptography') }}#tcp">{{ _('NTCP transport encryption') }}</a>
 </li><li>
 <a href="{{ site_url('docs/how/cryptography') }}#udp">{{ _('SSU transport encryption') }}</a>