I2P dev meeting, February 6, 2007

Quick recap

  • Present:

bar, dw_g, hottuna, jadeSerpent, jrandom, mk, modulus, tethrage, void,

Tam IRC Günlüğü

15:02 < jrandom> 0) hi
15:02 < jrandom> 1) Net status
15:02 < jrandom> 2) Syndie dev status
15:02 < jrandom> 3) January bug harvesting contest winners!
15:02 < jrandom> 4) ???
15:02 < jrandom> 0) hi
15:02  * jrandom waves
15:02 < jrandom> weekly status notes posted up at http://dev.i2p.net/pipermail/i2p/2007-February/001333.html
15:03 < jrandom> hopping on to 1) Net status
15:03 < jrandom> I don't really have much to add here (as you can probably tell ;)
15:03 < jrandom> anyone have anything to bring up regarding the network status?
15:04 <+void> used to be better, somehow...
15:04 <+void> but not bad
15:05 < jrandom> its odd, the last wek or so our build rates have been going back up, per stats.i2p
15:05 < tethrage> is there a long term pattern?
15:06 < tethrage> (in build rate change)
15:07 < jrandom> afaics the patterns have been associated with the capacity of high powered routers, but thats only given a very limited view of the network (since i only know whats publicly available, pretty much)
15:07 < tethrage> i see
15:08 < tethrage> is there any information that could be provided to help?
15:08 < tethrage> from just normal routers that is
15:08 < jrandom> not really, from my point of view
15:09 < tethrage> i see
15:09 < jrandom> (basically we just need to implement some code changes before moving forward)
15:10 < tethrage> i see
15:11 < jrandom> ok, anyone have anything else for 1) Net status?
15:12 < jrandom> if not, lets skip on over to 2) Syndie dev status
15:14 < jrandom> lots going on here, as you can read
15:14 <+fox> <mk> minor: perhaps changed 'signed by' to 'authorization'? I'm a little edgy on the blurry lines between forums, identities, signatures, and so on
15:14 <+fox> <mk> -d
15:15 < jrandom> ah, thats a good idea
15:16 <+void> mk: a forum is an identity :)
15:16 <+void> and vice versa
15:17 < jrandom> aye, though we don't want to confuse people too much by making this odd duality visible
15:17 <+fox> <mk> I'm aware, but it's still blurry. I grasp it just fine now, but I worry that new users might be confused by the lack of differentiation
15:18 <+void> ah
15:18 < jrandom> right - people think of forums differently than they think of identities, so need to make sure we behave as expected
15:18 <+fox> <mk> something else that might be worth implementing in the forum or identity management is explicit 'post to this forum only under author x authorization y', which would eliminate mixups. you wouldn't even need a dropdown on the new post messages
15:19 <+fox> <mk> (a dropdown for keys)
15:20 <+void> i'd prefer a global identity dropdown that was visible at all times
15:20 <+fox> <mk> like, who you're posting under?
15:20 < jrandom> hmm
15:21 <+fox> <mk> perhaps, but there really isn't much of a difference, I think, between having it on top always and having it appear on posts only
15:22 < jrandom> ok, before we dig too deep into this, there is a side channel not currently addressed in syndie that can link multiple identities
15:22 <+void> though your identity is not used anywhere else other than posting
15:22 <+fox> <mk> what do you mean?
15:23 <+void> pushing new posts?
15:23 < jrandom> if you need to have completely unlinkable identities, you need to run separate syndie instances - you can sync them off each other, and only use one to pull/push to the other archives, but the local archive contains information that only some of the identities have access to
15:23 <+fox> <mk> (I agree that we should probably save big discussions for the dev forum, but it is nice to have a bunch of people talking about it at once)
15:24 <+void> true
15:24 < jrandom> however, all of the identities on the local archive can acces that information, and if they act on it (post with those keys, etc), they'd leak the linkabiity
15:25 < jrandom> perhaps we can find a way to accomplish all of that transparently through the gui though
15:26 < jrandom> (running with multiple archives locally without having to fire up syndie twice)
15:26 <+fox> <mk> there are many other issues - like marking certain archives exclusive against each other - that could help with anonymity. we should try to define all these scenarios and figure out a way to deal with them in a very usable way
15:27 < tethrage> syndie doesn't aim for anonymity, just security
15:27 < tethrage> it is the transport layer it runs on that should deal with that, surely? :/
15:27 < jrandom> syndie aims for anonymity
15:27 < tethrage> (correct me if i'm wrong)
15:28 < jrandom> the transport layer only deals with a small portion of the anonymity - we need to deal with the rest
15:28 < jrandom> s/small//
15:28 < tethrage> does it? :/
15:28 <+fox> <mk> yes, that's right. syndie deals especially with information leaks
15:29 < jadeSerpent> ip address anonymity vs. identity anonymity
15:29 < tethrage> i see. i thought you said a while ago syndie was meant as a secure app that employed crypto but wasn't strictly anonymous?
15:29 < tethrage> (not in the same way as i2p etc, anyway)
15:29 <+fox> <mk> information security is handled by the redundancy of archives
15:29 < jrandom> mk: i'm not sure what you mean by marking the archives, but i'd love a post on the syndie dev forum discussing it :)
15:29 < jrandom> tethra: syndie can be used for things that don't require anonymity
15:30 < jrandom> but syndie must be usable for things that do
15:30 < jrandom> (otherwise, there is no point to implement it as part of the i2p project)
15:31 < tethrage> yeah
15:31 <+void> jrandom: well, to be fair, there still would be a point if syndie provided anonymity by utilizing i2p
15:31 <+void> but never mind
15:31 <+void> c
15:31 < tethrage> what, other than security against information leaks and dodgy code, does syndie do to keep people anonymous? :/
15:32 < tethrage> surely unless specified you access the archives directly etc?
15:32 <+fox> <mk> tethrage, information leaks of all sorts. If you'd like we can go into more detail in a bit
15:33 < jrandom> tethra: for instance, someone accessing an eepsite with javascript enabled
15:33 < jadeSerpent> tethrage: there's no guarantee that the posts you push to an archive originated with you, someone might have pushed them to your archive
15:34 < tethrage> jrandom: yeah, the js can give things away and such. but surely that's more a matter of security than anonymity if you're not using an anonymous network of some variety?
15:34 < tethrage> then again, i suppose i'm just arguing semantics, so i'll stop
15:34 < tethrage> :/
15:34 < jadeSerpent> i would argue running your own publically accessible archive increases your anonymity in that respect
15:34 <+fox> <mk> jrandom, I'll make that post. Also, I've been playing around with a design for a browser (I don't like opening new tabs for new sections), so I'll try to make a prototype for it, and perhaps post some scribbles to dev
15:34 < jrandom> "security against information leaks" is the core of anonymity - controlling who knows facts about your identity
15:35 < jrandom> ah kickass mk, thanks!
15:35 < jrandom> jadeSerpent: certainly
15:35 < tethrage> i see
15:35 < tethrage> point taken
15:36 < jrandom> mk: if there are better ways to present the syndie ui, i'm 100% for it (only a very small portion of code is bound to these tab-based components)
15:36 < jrandom> and we are alpha after all
15:38 <+void> jrandom: i don't suppose it's hard to turn the tabbed interface into a windowed interface?
15:38 <+fox> <mk> yep. and if some people prefer the tabbed-for-all approach, then there's no problem with using that
15:38 <+fox> <mk> (alongside of the browser tab)
15:39 < jadeSerpent> please no mdi, i suggest something halfway between tabbed and mdi, eclipse's perspectives
15:39 <+void> mdi is bad, i agree
15:40 < jadeSerpent> netbeans has something like that too, forget what it's called
15:40 < jadeSerpent> views or workbenches or something, been a while
15:41 < jrandom> .png sketches appreciated :)
15:41  * jrandom went with the tab-for-all style because everyone loves firefox (/etc)
15:42 < jadeSerpent> when i finish the icons i might hack on some of that
15:42 <+fox> <mk> the 2 week release cycle is a good thing. I like seeing those goals explicit, but I'd also like to see some 'softer' goals listed - dev and later on user documentation, diagrams, and so on
15:42 < jrandom> wikked
15:42 < jadeSerpent> tabs are fine for now imo, they're usable
15:42 < jrandom> mk: http://syndie.i2p.net/roadmap.html ?
15:42 < jrandom> (though there are no dates on the roadmap)
15:43 <+fox> <hottuna> nice :=) ... just posted about it to pending tasks :P
15:44 <+fox> <mk> yeah, though I'm referring to smaller goals. "document the general interactions between classes in syndie.gui", or "write up a doc regarding banning" etc.
15:44 < jrandom> ah, good point
15:45 < jrandom> i've been meaning to collate all the small/mid/high level todo items again
15:45  * jrandom adds that to the todo list
15:47 < jrandom> ok, anything have anything else to bring up for 2) Syndie dev status?
15:48 < jrandom> (of course, we've always got the dev forums in syndie, but irc is useful for quick back & forth)
15:49 < jrandom> if not, lets jump on over to to 3) January bug harvesting contest winners! 
15:50 < jrandom> congrats Darn, voyde, mk, and Anonymous, and thanks to everyone who helped out
15:51  * jrandom realizes the contest was originally for the top 3, but the count was so close 
15:51 < jrandom> there's a new contest on for this month too, same rules as before
15:51 < jadeSerpent> how do you know "Anonymous" was only one person? ;)
15:51 <+fox> <mk> 225 (by my count) bugs in total - impressive
15:51 <+void> :)
15:52 <+fox> <mk> jade, the key, I would think :)
15:52 < jrandom> jadeSerpent: urn:syndie:meta:d7:channel44:Ffn4RhCunO6gwMfAYfOoPY7FGwPNDy65dS4DyuyorME=e :)
15:53 < jrandom> it could be five people sharing that key though
15:53 < jrandom> but then they've got to share the $50USD ;)
15:53 < jrandom> (first one with the private key who signs a message to me specifying what egold acct to send it to wins ;)
15:53 < jadeSerpent> unless one kills the others
15:54 < jadeSerpent> but that kind of thing would only happen in romania
15:54 < tethrage> and russia
15:54 < jrandom> (and britain, and australia, and...)
15:55 <+fox> <mk> 50usd is a lotta money...
15:55 < jadeSerpent> in russia they'd all be killed, and the landlord would take the money and pass it on to the mob as protection fee
15:55 < tethrage> not in gbp ;p
15:55 <+fox> <mk> I know *I'd* kill for it
15:55 < tethrage> i suppose asking where you're from wouldn't get an answer, mk?
15:55 < tethrage> :/
15:56 <+fox> <dw_g> ok, I'll take it ;)
15:56 <+fox> <mk> russia originally :D now canada
15:56 < jadeSerpent> 225 bugs is impressive, how many of those have been closed?
15:56 < tethrage> ice.
15:56 < tethrage> +n
15:57 < jrandom> jadeSerpent: i'd thumb it at maybe 75-80% addressed
15:57 < jadeSerpent> nice
15:58 < jrandom> (with maybe another 5-10% invalid/wontfix)
15:58 < jrandom> but actually, thats one of the higher level todo items - get a real management ui on the bugtracking
15:58  * jadeSerpent recommends trac
15:58 < jrandom> (it took me a while to walk through all the posts and count them all up manually)
15:58 <+fox> <mk> external to syndie?
15:59 < jrandom> hmm, with a syndie-->track exporting system?
15:59 < jrandom> s/ck//
15:59 <+fox> <mk> a nice project would be to hook syndie up to a bug tracker
15:59 < jadeSerpent> yeah
15:59  * jrandom bets a few SQL queries & inserts would do the trick
16:00 < jrandom> it would be quite worthwhile though, at least from a readonly-trac perspective
16:00 <+void> but syncing updates made to trac back into syndie is bound to be tricky, i think
16:00 < jrandom> full cycle integration isvery hard
16:00 < jrandom> right
16:00 <+fox> <mk> at some point it might be worth considering a 'revision'-type system
16:00 < jrandom> but being able to query & drill down in trac, and generate reports, etc
16:01 <+fox> <mk> where posts supercede older ones
16:01 < jrandom> ah, yeah there are hooks for that, but the Overwrite* headers aren't currently honored
16:02 < jrandom> wouldnt be too tough though, just a UI toggle to navigate to previous revs of the same post, plus a few lines of code to verify the post is authorized to override the old post
16:03 < jadeSerpent> i understand the desire to use syndie itself for bug reporting, but its design doesn't involve issue tracking, and it will always be sub-optimal for that task, imo you should use a real issue tracker
16:04 <+fox> <mk> seeing the number of bugs filed, I agree with jadeSerpent
16:05 < jrandom> though on the flip sie, how many bugs were discovered by those using syndie to file the bugs?
16:05  * jrandom is not entirely oposed to a trac or other bug tracking system
16:05 < jadeSerpent> those kinds of bugs are going to be discovered anyhow
16:05 <+void> well, severities, components, versions and closing/opening/reopening bugs can be done with syndie tags
16:05 < jrandom> right
16:06 <+void> (and most of those already are)
16:06 < jadeSerpent> like the other day when it froze up on someone who was posting a bug report, it would have frozen on them if they were posting about any subject, didn't matter that it was a bug report
16:06 < jrandom> it we can feed a real issue tracker via pseudonymously (and authentic) messages, that would be great
16:06  * jrandom has received a few private bug reports as well, which include sensitive information, - these are protected by syndie's encryption
16:07 <+fox> <mk> well, why not keep both?
16:08 < jadeSerpent> i agree that there is however no issue tracker designed with anonymity or more-than-trivial confidentiality in mind
16:09 <+fox> <mk> it would be nice to have syndie have that sort of bug tracker, but anonymity isn't too great a problem when filing most bug reports
16:10 < jadeSerpent> maybe trac could be modded to utilize syndie's features there
16:10 <+fox> <mk> jade, it'd be hard. browsers don't implement signing
16:12 < jrandom> hmm.  what we have is originally based off: http://syndiemedia.i2p.net:8000/blog.jsp?blog=ovpBy2mpO1CQ7deYhQ1cDGAwI6pQzLbWOm1Sdd0W06c=&entry=ovpBy2mpO1CQ7deYhQ1cDGAwI6pQzLbWOm1Sdd0W06c=/1132012800003
16:12 < jrandom> plus http://dev.i2p.net/~jrandom/bugsp1.txt and http://dev.i2p.net/~jrandom/bugsp2.txt
16:13 < jrandom> i agree that we need something better than what we have to track these issues, and i'm open to whatever best moves us forward
16:13 < jrandom> but i'd like to keep whatever it is minimal if possible, because we're building syndie, not a bug tracker :)
16:14 < jadeSerpent> yeah well you seem to be managing it for now without one ;)
16:14 < jrandom> but i'm sure some will fallbetween the cracks, and others will have a harder time finding whats known/etc, and contributing fixes
16:15 <+fox> <mk> we probably don't even need to implement it through syndie. it's useful there to some extent, but 200+ bugs really is a lot. we should decide on a tracker and make it available through the www and through i2p
16:16 <+fox> <mk> provide a link to it atop the syndie file a bug screen, and that way we have both options. a bug tracker implementation in syndie isn't something to be using resources on now
16:17  * jrandom does love having bug tracking integrated (so people don't need to create bug tracking accounts, use fake email addresses, etc), but i'm open to proposals for what solution we should use
16:17 <+fox> <mk> I think we should keep that, but also have that bug tracker
16:18 < jadeSerpent> read-only access for the short term would be nice
16:18 < jadeSerpent> i prefer a more bug-oriented search interface
16:18 < jrandom> wouldn't be so bad, could perhaps write a one-way syndie-->issue tracker export without much trouble too, of r those who can't dont want to use the web based one
16:19 < jrandom> s/of r/for/
16:19 <+fox> <mk> integrated bug submission is a great thing to have, but we shouldn't use the syndie archive to track 200+ bugs
16:20 < jrandom> though its great for testing our search capabilities :)  [yeah, ok, i'm convinced]
16:20 < jrandom> so, one vote for trac.  any other votes?  please post to the syndie dev forum, with rationale, of course
16:21 < jadeSerpent> two votes for trac, unless you've already counted mine ;)
16:21 < jrandom> aye, thats what i was counting ;)
16:21 <+fox> <mk> what are the options? I know nothing about trackers
16:21 < jadeSerpent> i was hoping that was your own vote, but ok
16:22 < jadeSerpent> i've worked with trac, great third party support
16:22 < jadeSerpent> bugzilla i would say blah to
16:22 < jrandom> though, as an aside, if someone is quite familiar with an issue tracker, that'd be helpful for whipping out a syndie-->issue tracker export 
16:22 < jrandom> yeah, bugzilla is a beast
16:22 < jadeSerpent> jira is also good, like trac
16:23 <+void> trac is probably familiar to lots of people, too
16:23 < jrandom> aye, and good folks too (they gave i2p a license, though we havent used it yet)
16:23 < jadeSerpent> you have a jira license?
16:23 < jrandom> aye, jira and fisheye
16:24 < jadeSerpent> cool, might as well give it a shot
16:24 < jadeSerpent> btw eclipse's mylar plugin integrates fully into bugzilla, trac, and jira
16:24 < jadeSerpent> high praises for its interface
16:25 < jrandom> damn this netbeans/eclipse battle
16:25 < bar> (bugs are reported automatically when created? ;)
16:25 < tethrage> (haha)
16:26 <+fox> <mk> hah, nice
16:26 < jadeSerpent> jrandom: netbeans support is on the mylar roadmap iirc
16:26 < jrandom> cool
16:26 <+fox> <modulus> that's what comes to those who fanatically support sun :-)
16:27  * jrandom pelts modulus with javabeans
16:27 < jadeSerpent> even though mylar is offically under the aegis of eclipse foundation
16:27 <+fox> * mk can't find a live site for trac
16:27 <+fox> <modulus> http://trac.wordpress.org/
16:27 < jrandom> mk: http://feedspace.i2p/ atm
16:28 <+void> http://trac.edgewall.com/
16:29  * jrandom doesn't want to spend a lot of time evaluating lots of different systems, so if someoe wants to champion a specific system, please do so in the syndie dev forum 
16:29 < jadeSerpent> http://overlays.gentoo.org/proj/alt/wiki
16:29 <+void> (^ official meta-trac)
16:29 <+fox> <mk> yeah, it's all the same to me
16:30  * jrandom will assume thats it for * 3) January bug harvesting contest winners! and move us on to 4) ???
16:30 < jrandom> anyone have anything else for the meeting?
16:30 <+fox> <mk> 'best' is overrated. whoever has the most experience with these things should probably flip a coin
16:32  * jrandom isn't really looking for a project planning / release planning system, or a source code browser (a free wiki doesnt hurt, but we've got ugha.i2p too)
16:32 < jrandom> tracking issues is the only feature i care about for that
16:37 < jrandom> ok, if there isn't anything else for the meeting...
16:37  * jrandom winds up
16:37  * void hands jrandom the baffer
16:37  * jrandom *baf*s the meeting closed