Please login or register.
This location

anonimal's Kovri Full Time Development funding thread

anonimal posted this 7 years ago

anonimal | 7 years ago

Monero and Kovri

From crypto-currency to simple message exchange, we rely on hardened privacy systems to guarantee that our transactions are anonymous and secure.

As Monero is a leader in both privacy-aware currency and community, the logical response to Monero's anonymity question is to implement a decentralized, anonymous internet.

The solution? Kovri.

The Kovri I2P Router Project aims to integrate I2P technology into Monero to ensure that every transaction and communication meets the highest standards of anonymity possible.

The Importance of Kovri

I cannot reiterate enough the importance of Kovri as both an implementation of a viable anonymous network and as an alternative to Tor.

Tor has an annual multi-million USD budget with a multi-million number user-base. Tor is well-researched and continues to garner massive media attention. While I love Tor tremendously and will defend her with tooth and nail, at this time of writing there are two issues that concern me the most with regard to the Tor project:

  1. With new management, the current state of the project is in questionable flux: core volunteers who have been with the project since its very early years are uprooting and leaving, there are publicly known conflicts within the organization, there are many rumors (both founded and unfounded) about U.S. government infiltration
  2. Tor's Achilles's heel: authorities, consensus, and flow-based onion-routing (as current implemented in Tor): they are not truly decentralized

While the issues in point 1 may be temporary or purely tin-hat, it's unfair to both the project and the entire planet to have a majority of the world's anonymity-needs resting on the shoulders of a single project; not to mention, the mere idea is very dangerous.

The issues inherent in point 2 are not easily addressed nor may they ever be addressed. Attempting to decentralize Tor by removing Directory Authorities and other technical aspects of current Tor design would be like genetically modifying an apple to become an orange after the apple has been fully formed. As interesting as that may be, why do such a thing when one can simply eat a natural-born orange?

How Kovri will improve the I2P experience

The Java implementation of I2P is the known worldwide. It is the original implementation and standard of which all other Garlic Routing implementations have followed and continue to follow. Over the years, there have been several notable complaints about the java I2P project with the biggest being: it's in java, and it's not easily usable.

Kovri aims to address these issues by implementing I2P entirely in C++ and, in addition to providing extensive & easy-to-understand documentation, implementing user-friendly interfaces.

While it's too soon to discuss details of GUI integration, Kovri will have an easy-to-use interface integrated with Monero's GUI in addition to being a stand-alone I2P router (so you don't need Monero to use it). This will be all-around useful to both I2P and Monero as it will increase XMR transaction obfuscation while strengthening the I2P network.

How Kovri will increase Monero's market value

It's simple: more users, more trust, more value.

Kovri + RingCT technology will guarantee confidence with every transaction; ensuring that they stay private and anonymous. By integrating Kovri by default, every user will benefit from an the extra layer of I2P anonymity.

In the future, after a beta release, we plan on having Kovri 'on' by default. Until then, Kovri will be optional (though you can use the stand-alone router now).

Why I should be funded for this project

I've been with the project since before the beginning and, with the help of key contributors, led the project to its birth. I'm proud and fortunate enough to say that one year ago (soon before Kovri was born), I had told fluffypony that I would here "for the long haul" - and here I am today. I have spent all my free time over the past year on Kovri and have lost much sleep as a result - all without asking for any donations or payments in return (though I do appreciate the donations that I have received).

I've gained relationships within the Monero community and a wealth of knowledge that comes with developing an I2P implementation in C++; so there has been that reward, but I'm currently at the point where I won't be able to meaningfully contribute to Kovri unless I start to receive full-time (or at least part-time) funding.

Funding will allow me to continue to lead the project and to do what I've been doing - but much more of it.

The current state of Kovri is not in the same state as Monero. Kovri needs a lot of work in order to be brought into beta and an eventual stable release. I2P specifications do not cover every aspect I2P or implementation and the documentation itself could be rewritten in key areas to better aid developers. Since Kovri was originally forked from i2pd, much of the present code-base was poorly designed and poorly written; so this makes development more difficult than it should be (we've been able to fix many of the issues but many still remain (see the issues tracker)).

In addition to resolving bugs and missing implementation, funding will allow me to:

  • Code, code, code!
    • We have many issues that need to be fixed
    • We have many features that need to be implemented
    • I repeat: Kovri is not in the same place as Monero was when Monero was first born
  • Guarantee Kovri/Monero integration
    • Integration with monerod
    • Integration with GUI
  • Building/releasing on same platforms as Monero
    • Linux/OSX/Windows
    • i686/amd64/armv7/armv8
  • Project management
    • Ensuring that we set and meet release deadlines
    • Preparing and leading bi-weekly meetings
    • Implementing Quality Assurance
  • Address the massive amount of technical details that come with implementing I2P
    • Research improving I2P and overlay-network security
    • Crypto research/implementation
    • Creating/improving documentation
    • Contributing to existing proposals
    • Opening new proposals

...and much, much more.

To gain a sense of how development has functioned, you can:

Payout proposal

  • 5 XMR/hour
  • 1449 hours / 30 hours per week
  • 16 milestones every 90 hours
  • Total cost: 7245 XMR

The amounts posted here are motivated by current market volatility but will guarantee another year's work on the project. To work on Kovri full-time is a gamble but, like everyone else here, I believe in Monero and believe that Kovri will have a positive impact on Monero's value.

Securing Monero's future

If Kovri doesn't get more attention and development, Kovri will be Monero's weakest link. We cannot let that happen. 30 hours is not enough to make this happen, so I will have to volunteer more than that in order to meet our goals (12 hour Kovri days are not unheard of). I must reiterate that even if full-time, we need more developers in order to fullfill Kovri's vision.

Funding will also allow me to reach out to other developers, continue to aid in upstream library development/bug fixes when needed, and become more engaged with EinMByte (an experienced, invaluable core contributor), zzz (lead dev for java I2P), and the I2P community at large in order to make Kovri happen.

Everyone is welcome to visit #kovri and #kovri-dev and ask as many questions as you'd like. I'll do my best to respond quickly and informatively.

Replies: 46
Reply to: anonimal drfred
drfred posted 5 years ago Weight: 0 | Link [ - ]

I really don't feel like having a dick measurement contest with you, but if you check the hall of fame you'd realize that I've been part of the monero community way before you even knew about the project. and since you're so tech savy you'll also know that you can use xmr quite privately even without your failed kovri project :D so please tell me again how I'm not a top donor? anyway I guess you're already punished enough with being yourself so I'm out for now. Rest assured I don't have a personal grudge against you, so I'll hope you get well soon and start to discover what it's really like to be participating in a community of grown ups. aloha!

Reply to: drfred
anonimal posted 5 years ago Replies: 1 | Weight: 0 | Link [ - ]

Not only are you not a donor to my FFS (which means your opinion is irrelevant), you are not one of the biggest FFS donors as you claim to be. Also, as I've worked longer and harder on essential Monero development more-so than almost anyone else you've donated to, you're an absolute cheap scab of an idiot for not prioritizing core Monero development over anything else.

drfred edited 5 years ago Replies: 1 | Weight: 0 | Link [ - ]

as one of the biggest ffs donors I'm absolutely against any further payouts to anonimal.

anonimal edited 5 years ago Weight: 0 | Link [ - ]

Finally: an official statement

Because of a comment from one of my donors, and other recent events, I've re-opened negotiations for the remainder of my contract. This issue is between me and my donors and no one else (although moneromooo, hyc, and MRL may be contacted for technical affirmations).

For the important backstory to this post, and some information regarding recent events, read my comments here, and here (trigger warning: bring your popcorn), and the original taken-out-of-context paste that has set everything on fire (as seen in my "Milestone 15" post below). If you want a clear, level-headed, technical understand of what the hell is going on; you can also contact Monero Project lead developer moneromooo as he understands the technical aspects involved.

TL;DR: I love you all, but, with that said;

TL;DR: I've provided 99% of everything I've been asked to do for Kovri but the remaining 1% has been deprecated and should not happen. I've listed the reasons above and below. I asked to be funded for that remaining 1% on a new, actual solution (as posted below); but there are too many questions at this point. What is not a question though is that Kovri is 100% done in terms of my funding (if we are not "baking-in" the router or if we are not interested in more Kovri fixes and development). Regardless, Monero Project needs to focus on moving towards an actual solution: Sekreta. Sekreta will also deprecate Monero's SOCKS proxy; the SOCKS proxy of which takes the incentive out of "baking-in" Kovri to begin with (for the longest time, the proxy was never supposed to happen because of fluffypony's "baked-in I2P" pipe-dream but now both have now been deprecated by Sekreta). There is such an incredible lack of understanding within Monero about Sekreta technology because nearly everyone in the community is not an internet-anonymity engineer nor specialist so, the responses have been mixed, somewhat uninformed, and hostile (with the exception of moneromooo, MRL, and the founding community). I don't blame anyone in community though: cryptocurrencies are surrounded by scams and shit at all times. As such, I've empirically proven that Sekreta is not a scam nor is it shit but, rather, an actual solution - a solution that we all wish we had years ago before I started Kovri. Now, it's time to move forward. Erwache, mein monerochen.

Note: aside from the other technical reasons I gave in the links above, the reasons why Kovri should not be "baked-into" Monero at this time (or ever, because that's been deprecated by Sekreta:

  • Conflicting minimum requirements, needed for all supported systems:
    • Boost 1.67
    • CMake 3.5
    • C++14 capable compiler
  • Monero will need to have rolling releases in order to stay up to date with Kovri development. fluffypony is barely around to release normal releases let alone rolling releases.

Alone, these issues aren't insurmountable but do take into consideration my reasons in the links above. Also, Sekreta already has less dependencies and will have more stable interfaces than Kovri for any "baked-in" integration.

Regarding my release of Sekreta

Because of the response from some of the most subversive elements of this Monero "community", but also the positive response by seasoned Monero researchers/developers and founding community, and the neutral/limited/no responses from my donors; I've decided to take Sekreta off the table for Monero Project for now. This doesn't mean that there won't be collaboration; this just means that Monero won't get any points for innovation at this point in time - of which Monero sorely needs right now.

Regarding the remainder of this FFS contract

One of my donors has brought up a very good point:

2019-01-04 10:25:42     thrmo   thanks for the thorough reply anonimal, and to be clear I wasn't implying you were malicious. Having said that I wish sekreta the best, despite having donated to Kovri 1.0 it always seemed like a fools errand for me, so I'm also glad to see it go.

And indeed: "baking-in" Kovri is a fool's errand at this point because of Sekreta (you can instead "bake-in" Sekreta and have access to every existing anonymity system, not just Kovri). Monero will be doing an incredible disservice to itself by becoming "tribal" to a single anonymity network or by allowing any single-network usage (via SOCKS) or by "baking-in" any specific implementations.

Now, since this issue is regarding my two remaining milestones, let's consider the options.

One possible option is to back-pay me for services rendered to Monero Project from 2015-2019. Why? Well, Monero Project failed to meet their end of this contract in terms of providing labor for Kovri code development and support as promised by fluffypony before we forked (note: luigi has always been 100% responsive in payout and I'm thankful for that). Because I was told that this project relationship would be both a mutually exclusive and beneficial by fluffypony, I dedicated my life to Monero Project since 2015 in order to ensure the success of both the projects and for my future investments (that and because of labors of love) - but I never received the support I was told I would receive. As a result, I'm forced to bring numbers into this equation in order to negotiate a fair trade for my time and labor.

But first, a little background; since most of this "community" has not been around as long as myself and a good chunk of others:

Monero

When I arrived in 2015 to work on Monero Project, Monero was a shit-coin with huge potential. Raw and beautiful, it was exciting. Part of the excitement was that it was always pushing forward with momentous innovations. With my help along with moneromooo (who has also dedicated his life to this project), hyc, fluffypony, a small team of incredible researchers and developers, passionate miners and node operators, and a talented founding community; Monero became the #1 leading privacy technology in the world.

From everything trivial to my meeting template (which is still used to this day), to implementing CI and demanding greater CI (which eventually happened), to the creation and extensive usage of the Meta repo, to the maintenance and auditing of dependencies (as proven throughout the various Monero repositories), to maintaining the Monero AUR package for 10's of thousands of Arch Linux users around the world, to Monero code security auditing (when I had the time) and suggesting fixes, to code collaboration and contribution across nearly every single Monero Project repository (go look at the git-log and the github issues/PRs), to implementing Monero's first-and-only VRP, to setting up and maintaining HackerOne and regularly collaboration on producing sensitive security fixes (some of which I can be credited for), to inviting Michael to do the Hardware Wallet (go ask him about the story, he's a great guy), to Riccardo Spagni regularly going on television and various interviews over the years calling me 1 of "2 full-time developers" as a result of all of my work - all so that the "community" had something to brag about; I've done all of this since 2015 without being paid a single XMR or any currency, above or under the table, in any capacity; zero financial reward. Zero. ZERO. Z. E. R. O. Zero financial compensation outside of Kovri (with the exception of Defcon 26 in which I was thankfully paid for travel expenses to speak about Kovri and to speak about the VRP).

But why, you ask?

First, shouldn't my Kovri payments have gone to all of that? Well, no, and they didn't. But even if they did, since no one mentioned that XMR received is subject to income tax; that issue combined with the 2018 bear market + market volatility at worst possible times during the 2018 bear market = 6 figures back taxes + 6 figures capital losses but, even if I did include those numbers, I would still be massively underpaid in any other situation or project regardless if cryptocurrency was involved (yes, I know that the markets are not anyone's responsibility here but I'm just clarifying because people seem to think I own a yacht now, or what have you).

As for why, and if you're also concerned about the Kovri timeline or payment amount, let's do a brief review:

Kovri

I was told by fluffypony that, for my contract, I was to bill for all mentoring, project management, project development, promotion, education, and anything Kovri related across the now 4 kovri project repositories and beyond - and that's exactly what I've done.

Also, as part of my contract, one of the proposes of Kovri was to build a real project and an educational space, not just software. Education being a huge factor - and that's exactly what I've done.

On top of that, as part of my contract, I was told to engineer Kovri by any means necessary; using multiple languages, across multiple systems, across multiple release platforms, to audit and develop the dependencies and all code as a means to ensure stringent security methods, to implement and supervise quality assurance across the spectrum, to train every developer involved, to lead the entire project, and sooo soooo soooooooooo much more on top of everything else I mentioned above with Monero Project - which is exactly what I've done.

To add to insult to injury, I've massively under-billed all of my Kovri work because I chose to "be the better person" during the 2017 bull-run by not being a money grubbing cancer like so many in the cryptocurrency space now. So; indeed, I have won the spiritual battle but I am under-financed as a result. I take full responsibility for that.

But, the only thing I asked for in return was for Monero project to provide me help in filling all the roles that I was filling so that I can focus on code development - which was going incredibly slow because of all the hats I had to wear. This help was never received at the level promised despite repeated requests, and that was part of the deal. Some may say "but this is an open-source community". Yes, but there is more to this than most people know, and if someone can't provide something then they shouldn't say it will be provided.

Numbers

So, at current market value, for the two remaining milestones in my contract, divided by 40 months of labor from 2015 to 2019, at full time, comes out to about ~$6.5 USD per hour of labor (~46*900/6400). Mind you, I had been paid to work on Kovri from the end of 2016-2018 so, let's be more realistic and cut the hours in half: ~$13 (~46*900/3200) per hour. Oh, but wait, what about the end of 2015 through end of 2016? I worked then in parallel on Kovri for free so, let's be even more realistic and cut the outcome back down to: ~$9.7 (46*900/6400*1.5) per hour. Womp womp. I should've worked at McDonald's as a manager if I wanted more money. More benefits too.

So, where does that leave us? First, a few extra tidbits of info for those who wish to read more about character when perusing prose:

People at Defcon 26 approached me, random people that I'd never met in my life nor had spoken with online (that I know of), and they all told me the same thing: they told me I was a "workaholic" and that I "looked miserable".

Sure. Yes. Absolutely. I've proven to have worked a bit too much, and Kovri has been absolutely miserable to work with from the start (I never wanted to fork, voted against it, as I detailed in my links at the top of this post). On the other hand, now, Sekreta has been a completely different experience. More joy, more output, more productivity, less mentoring, less project, less anything that takes me away from positive and productive R&D. More-so, it's an actual solution to Monero's network stack and not some hack, so it's an exciting prospect to work on.

Ideally, I'm paid out in both milestones a.s.a.p and we brush our hands clean of this all so we can move onto a much brighter future. This will be the best outcome because relations will be mended and everyone will be happy (or should be happy, because everyone got way-more than they paid for).

Another possible option

Now, if paying me for my past labor is something that donors don't want to do (I can understand for "technical" reasons), let's consider another option: we can move my remaining funds into a new FFS guaranteeing my continued contributions to Monero Project (VRP manager, VRP marketing and promotion, Monero code development, lots of ways to skin this cat). These contributions will be unrelated to Kovri or Sekreta (or, if related to Sekreta, as a "donor" to Sekreta development). Mind you, moneromooo has already taken upon himself to collaborate on Sekreta on his own volition - even though he is not paid to. How long he does this, I don't know; but I've seen more collaboration from Monero Project in #sekreta/#sekreta-dev than I have seen in Kovri for as long as I can remember; so that's certainly a good sign. As such, I highly encourage donors to move my remaining milestones to Sekreta development.

Note: I must say this though: this payment option, if not related to Sekreta, will be my least desirable option as I will have never been paid for my services rendered, regardless of any written contract or not.

Last resort

Now, the last and most final option will be for me to complete my Kovri proposal as originally stipulated - but this is stupid. Why? Because this solution has been deprecated. You can use Kovri now with Monero's new SOCKS proxy as well as Tor. It's extremely limited in any capacity, as proven by Sekreta, but it's what fluffypony wanted and handed down to his MyMonero minions to implement (see github for proof) in an executive action without any input from anyone competent in internet-anonymity nor from any communication with me or anyone in Kovri. Note: to solve the "but we've been waiting" problem, you need to pay more than one person to do the job, not pay another person to do another job.

So, if you want to waste your time (and my time), we can proceed with this option as originally planned. It won't be a waste of XMR though because I certainly need it.

EOF

Regardless of any outcome, the contract will be completed and I will receive my payments (I also have medical bills coming up, so I hope this project doesn't screw me).

Thanks to all for everything good that's happened so far. Certainly there will be more good to come.

Ciao.

Reply to: anonimal
anonimal posted 5 years ago Weight: 0 | Link [ - ]

In an ideal scenario, if all goes well, and I receive assurances that the community won't flake this time; I'll remove the other donation addresses for ZCash and Bitcoin and we can make Sekreta an exclusive Monero thing. If all does not go well, I'll do whatever is needed to satisfy these remaining milestone requirements but I certainly won't be a happy camper - and I'll end up needing to do whatever I need to do in order to survive (also, see the pasted document).

anonimal edited 5 years ago Replies: 1 | Weight: 0 | Link [ - ]

Milestone 15 includes ~123.5 billed hours through 2018-11-15 and 2018-12-25.

Introducing Sekreta.

On the question of whether this Milestone should go towards Sekreta development or not, I implore you to read this first as it covers the question in detail. Propositions are listed at the bottom of that document. Choose wisely. Do know that I'm open to discussion too (always have been).

Note: a small portion of this milestone was spent directly on Kovri core team related but the vast majority was spent on Sekreta. Before 2018-11-15, none of this existed; not even the idea of Sekreta, nor any of the specs, nor any portion of the draft. 'Twas an intense month of R&D and writing.

Edit: correction: I introduced the idea of a protocol called Sekreta a year or two ago but the details were never codified, and it was certainly not what it is now. (Fun note: I originally wanted to call Kovri "Sekreta" but was outvoted, hehe).

anonimal posted 5 years ago Weight: 0 | Link [ - ]

Milestone 14 includes ~120 billed hours, sporadically, through the dates 2018-10-01 and 2018-11-15. As usual, I've donated more hours than what I've billed but I've also been occupied with IRL events such as massive back taxes because no one in this community mentioned that XMR is taxed on the time-and-date they are received (not just when they are sold)!!!! I'm not a financial wizard nor a tax attorney so, maybe this info was already common knowledge in the community, I don't know. Regardless, the markets are screwing almost all of us, so I'm sure I'm not the only person getting fucked.

This milestone was a big set-back to immediate code development but a huge leap forward to necessary project development and future code development (FYI, this was brought on by the Monero community). For the majority of my next milestone, I intend to return to the kovri repo to work on code, PRs, and whiteboarding of the various APIs.

Some highlights of this milestone:

  • After a funding meeting with 5 people from the Kovri Project team, we decided to move on creating The Kovri Fund. This repository is a WIP fund that (until it can replaced by decentralized crowdfunding) will act as an escrow'd crowdfunding system where contributors can work on Kovri while having the option of being paid in 5 leading cryptocurrencies (XMR among them) or in fiat (method TBD). This should vastly expand contributor potential for Kovri Project since the software is cryptocurrency-agnostic / application-agnostic.
  • Along with requisite collaboration and negotiations, this milestone also saw the formation of the Kovri Core Team; consisting of myself, Luke, and Sean. We are in the process of securing technology and creating a standardized process to handle multisig wallets for all escrowed cryptocurrencies.

Other highlights:

  • API + code-related research / study
  • Add more subdomains (repo.kovri.io + list.kovri.io) / collab with Luke
  • Gitlab-CI / gitlab runner + Docker / shell executor, research/testing/deployment for Linux
    • Backend development to satisfy new Boost 1.67+ requirements / backend overhaul
  • Frontend updating / maintenance of kovri-site (thanks to Luke's streamlined ssh/shell process)
  • Kovri Core Team collaboration / project planning / funding & cryptocurrency planning
    • Collaboration for storage options / distributed options / multisig options
    • Establishing a protocol by creating templates and HOWTOs (see the kovri-fund repo)
  • Kovri-docs: create/add unit-test writing section to dev guide
  • Meeting scheduler research (so we can automate meetings)
  • Monero "outreach" research as it relates to kovri
  • Monero multisig wallet debugging with moneromooo + rbrunner (https://github.com/monero-project/monero/issues/4846), needed resolved so I can work toward kovri integration
  • Monero testnet study for kovri/monero integration testing
  • Project management discussion with Diego, one-on-one collab with Sonia
  • Public relations training for Sonia, between Diego and myself, via a number of conference calls (no one in Monero Outreach would lift a finger for Kovri, so we needed to go our own route).
  • Research/setup new keybase account for kovri keybase team
  • Tor tests/doc review + Tor/Katzenpost research
  • Write Milestone #13 report
  • Write Milestone #14 report
  • distcc setup testing for backend build
  • kovri onion creation collab + tweet onion/garlic sites
  • kovri-slack relay maintenance / backend machine maintenance
    • also research/test Slack meeting apps
  • kovri.i2p backend / collab with Luke
  • njalla maintenance / collab with Luke

Note: nearly all of our collaboration is now done via secure side-channels instead of the public IRC/Slack channels.

Much of my work is now pushed directly to the kovri-project repos instead of pull requested. See commits to kovri-site, kovri-docs, kovri-meta, kovri-fund, and kovri repositories.

In addition to those commits, consider the following:

Required by the community but UNBILLED

Notes

anonimal edited 5 years ago Weight: 0 | Link [ - ]

Milestone 13 includes ~336 billed hours from the dates 2018-07-27 to 2018-08-15, and 2018-08-29 to 2018-09-29. As usual, I've donated more hours than what I've billed.

To write the usual detailed report for this many hours is futile. Instead, I will summarize because my proof of work is well-known within the community:

  • Defcon 26 kovri workshop preparation + completion + related village activites/collaboration (videos to be released, also includes collaboration with Sean)
  • L.A. Monero Meetup Kovri talk preparation + completion (video here)
  • ShellCon kovri collaboration + networking and brief talk participation (off camera)
  • Kovri Project independence! WIP for new everything as stated (partially) here because of this, this, this, this, and moooooore...
  • Building and nurturing the new team, including two new personnel:
    • Luke is our new devops/web front/backend developer. We've done an incredible amount of collaboration together this milestone
      • New web backend/hosting and domains
      • WIP CI/CD development
    • MermaidNets (Sonia) is our new business development / marketing / sales specialist who is currently in training for privacy/anonymity
      • IRL and online collaboration
      • She's current in training with myself and Diego
  • Project development and code-related project development
    • IRL and new backend infrastructure (including build)
      • Includes new CI + building a new, more permanent, CI/CD
    • Building a new funding model
    • Building a new outreach model
    • Building new and existing relationships
  • Code development
  • See also our new Slack at kovri-project which I maintain (as well as the relay bot). For Project development, visit the #kovri-meta channel

This is all needed so Kovri Project can not only survive - but also thrive. The remaining portions of this FFS, like integration, are all continuing as planned.

Required by the community but UNBILLED

VRP related

  • I'm still leading Monero's VRP team and keep busy with related development including Coverity backend, report review handling, and all that comes with the job. CURRENTLY NOT BILLED.
  • Visit https://hackerone.com/monero and https://reddit.com/r/monero for my related activity regarding public disclosure (search "SECURITY ADVISORY" on r/monero)

Notes

anonimal edited 5 years ago Weight: 0 | Link [ - ]

Milestone 12 includes ~192 billed hours from the dates 06-12-2018 through 06-16-2018, and 06-22-2018 through 07-27-2018. As usual, I've donated many more hours than what I've billed because I'm picky about what I bill.

In addition to new features and fixes ranging from minor to critical, as well as much mentoring for contributors, this milestone includes Kovri's first release! You can find v0.1.0-alpha (currently release candidates) at https://github.com/monero-project/kovri/releases. Arch Linux users can find at release package at https://aur.archlinux.org/packages/kovri/. All other users can pull from our nightly builds as noted in the README, or clone and checkout the alpha release tag. There are no other official release builds because Monero Project (our sole provider of devops and build machines) has decided to not have any involvement in releasing anything but nightlies. I personally find this unacceptable and am appalled not because of their decision but because there was no warning of their decision. See https://github.com/monero-project/meta/issues/252. This issue will need to be resolved by the next release, with or without them.

Commits

  • Does not include merge commits of PRs I've reviewed, or PRs of my own (except for tags)
  • Does not include patches I've sent to PRs from others (see github for those)
  • Does include a handful of commits from my fork
  • Sorted newest to oldest

Kovri

d1e9afab Makefile: fix doxygen target (requires CMake)
a172c47a (tag: v0.1.0-alpha-rc3) Merge pull request #994
79948dba CMake: side-step Clang (CMake?) bug for Release build
ec33da05 CMake: set AppleClang detection and min version
a6faac58 (tag: v0.1.0-alpha-rc2) Merge pull request #992
74f2cf08 Docs: bump kovri-docs to 8768f1de
a77ae03f Kovri: update release version and codename
9dfb2cee Installer: update Windows ReadMe.htm
f05abb9b README: remove "Alpha release coming soon"
034e947d Build: use release/debug defs, add debug target
6f125556 Reseed: update ca-certificates.crt
c6ea7553 Reseed: temporarily remove reseed.atomike.ninja
57a59b7e Reseed: temporarily remove manas.ca domain
fcca6392 Reseed: remove i2p2.no domain
d2ad3bdc Kovri: fix log levels, log appropriate asio errors
a383f48e Tests: add RI test cases for transports
9b553ae5 Core: use IPv6 address object when expected
ee6d9d2a Crypto: remove ed25519 assertions
5fcee5f9 Docs: bump kovri-docs to 8e45f23
fa61f0ff Build: remove CMake SUPERCOP option (see #909)
4613d884 (tag: v0.1.0-alpha-rc1) Merge pull request #909
58311032 Tests: update ed25519 unit-test + benchmark
3b39ef3a Crypto: implement TweetNaCl via Crypto++, remove SUPERCOP (ref10)
e2cf677e Build: bump cryptopp to 8d6b1af (NaCl-related API patch)
e237f8e2 Kovri: use const-time comparison in security-critical areas
f4b2e7a6 Crypto: implement constant-time comparator
983b562e SSUPacketParser: ParseFragment: use gcount(), not size()
7180d31f SSUPacketParser: ParseFragment: don't read if purported size is 0
ab3aeaff SSUPacketParser: throw invalid packet size when parsing fragment
35d0561f SSUFragment: use appropriate size type
989ef86a Build: bump cryptopp to f143534
05651651 SSUData: SentMessage RAII refactor
98bb652a SSUFragment: use appropriate size type (uint16_t)
1c31d6d4 SSU: packet accessor/mutator refactor per the style/idiom guide
4ad9568c SSUSession: don't return on invalid session packet length
3c7ce7cb SSUSessionPacket: ensure valid length in ctor
1cfbf0de SSU: refactor SSUSessionPacket
cf1fa502 SSU: packet const/noexcept correctness when possible
8ce3f990 SSU: move packet accessors/mutators into header
36081c21 SSUServer: use exception dispatcher as needed
c59dd205 SSUServer: clang-format check-in for packet handlers
6e2a0414 SSUServer: use smart pointer when handling packets
61ee6128 SSUServer: const/ref correctness for params/returns
7997da5e Transports: zero-initialize peer integrals
db7643e8 SSUServer: zero-initialize peer test creation time
4173f88b SSU: zero-initialize length of raw packet buffer
4a9697a4 Tests: fix X509 symbol conflict with cotire/openssl
e3d8f64c Tests: move build requirements to single header
cbcd136a Build: bump cryptopp to 7eb0535, use branch kovri
a9726b07 Package: update ACL details/features in tunnels.conf
70fc1fad Tests: add parse ACL base32 hash w/domain test-case
a04fda16 Tests: add parse ACL mixed-radix hash test-case
dd1d9670 Tests: add parse ACL base64 hash test-case
49ceec21 Tests: add parse ACL base32 hash test-case
3b0cd4c8 Tests: create parse ACL fixture + refactor case
47105839 Tests: use boost test message when parsing ACL
40d7af20 Tests: fix client ACL parsing copyright date
1764a10f ParseACL: parse base32 domain and base64 encoded hashes
455287b7 Client: create separate b32/b64 dest text files
8f267c6b Filesystem: add default modes for i/o file streams
31b1a867 Filesystem: const openmode for FileStream
a6e0a589 Filesystem: const ref return when ensuring path
a7e08b9d Docs: bump kovri-docs to 6184157
297e67a5 Client: implement HTTP server tunnel X-I2P headers
05cd0357 Tests: add IdentityEx base64 conversion test-case
1af9d594 Tests: add IdentityEx base32 conversion test-case
70333ae1 IdentityEx: add base32-to-buffer conversion
e64d9060 Tests: initialize with raw ident in fixture ctor
4b9ba711 Tests: refactor IdentityEx fixture raw ident
dd362f89 IdentityEx: add buffer-to-base32 conversion
943f4ccc README: set `make release` as recommended default
dfd94716 Build: don't skip rpath for in-tree shared deps
aae581ac CMake: use build RPATH when using Boost.Python
8e506193 Testnet: add default grafana user + grafana to help
237e1f5b RouterInfo: don't throw on invalid RI size
5f7a0353 Tests: add case for setting invalid HTTPResponse code
6505496a Tests: add check for valid HTTPMessage response
4d7218d9 Tests: valid HTTPMessage response namespace cleanup
8783ae2a HTTPResponse: noexcept when returning response
49eb7653 HTTPResponse: assert and throw upon invalid status
4d07cac0 HTTPResponse: appropriate mutator/accessor names
a5f2a1cb HTTPResponse: refactor response setter
f4952ce4 Client: do not fully qualify HTTP error codes
baea32ae HTTPResponse: move definitions into impl file
18b35268 RouterInfo: don't throw when RI fails sig verify
ed041ea6 RouterInfo: remove unnecessary null buffer check
e89e992d RouterInfo: Verify: remove auto for data pointer
580a5b82 Tests: cleanup RI test comments
1cd37978 Tests: NetDb: update parameters when adding RI
f6e401a5 CMake: fix the MinGW-w64 static build
b1a2fcac Kovri: bump I2P router version to 0.9.35
d13064ee Transports: remove NTCP resolver per prop 141
ab04b92e RouterInfo: remove deprecation when parsing host
c05c544f RouterInfo: handle intro expiration, don't save RIs with unknown traits
c175fbff RouterInfo: buffer refactor
695c9117 Tests: create buffer utility class unit-test
5e2897c3 Core: create buffer utility class
c014ea6c MTU: support local MTU size on DragnonFly BSD
e5444322 MTU: update FreeBSD/Win32 preprocessor defines
8e985280 Tests: disable libs' singleton logger
eee030ad CMake: build without RPATH
fe113aae Kovri: don't dispatch error_with_option_name
18e10e32 Transports: remove stop call upon singleton dtor
6a027559 Kovri: implement runtime UPnP

Kovri Docs

36eb0c5 user_guide: update platform binary paths
e00f475 README: remove "Alpha release coming soon"
a5b8660 i18n: update pre-alpha to Alpha
1d3fd20 Acknowledgements: remove ref10 from SUPERCOP
a15c381 i18n: remove build guide from remaining languages
b4bae3b English: add UPnP option, remove build guide link
38f977f i18n: update anonimal twitter handle
273a8e3 Testnet: rewrite custom commands
5612732 Testnet: rewrite step 4 (destroying testnet)
3a7ab43 Testnet: rewrite step 3 (stopping testnet)
d4cd659 Testnet: rewrite step 2 (starting testnet)
9d56752 Testnet: rewrite step 1 (creating testnet)
3f76001 Testnet: cleanup/add prerequisites
60c98ce Testnet: fix unordered sub-list
57a868e Testnet: add preliminary preamble

Kovri Site

81d0226 Deps: bump kovri-docs to 8768f1de
5b79c0e Deps: bump kovri-docs to 385211e
56f4b06 Deps: bump kovri-docs to 8e45f23
b1645dd check.kovri.i2p: strip X-I2P from actual client headers
775b363 check.kovri.i2p: remove unused files
d209ecc check.kovri.i2p: add X-I2P header reporting
7a517db check.kovri.i2p: add browser header php and style
8e3ffbc check.kovri.i2p: add index.php

Kovri AUR

bbf162d v0.1.0-alpha-rc3
ac0da49 PKGBUILD: don't build with clang
de532aa v0.1.0-alpha-rc2

Meta (see also PRs for previous milestones for commits not noted back then)

dc2b463 VRP: apply preamble to kovri beta
378c236 VRP: reiterate that code impl includes master branch

unbound (UNBILLED)

eda9ed35 configure_checks.cmake: update to 1.7.3
e66cc1a8 config.h.cmake.in: update to 1.7.3

Repos

Kovri (includes patches/fixes I've given while mentoring/reviewing)

Kovri Docs

Kovri Site

Meta

Monero

Dependencies

Required by the community but UNBILLED

Research

In addition to the usual research and code review required for development (including library research, I2P spec/impl, and proposal review):

Collaboration

VRP related

Community

  • The usual support, collaboration, debunking, mentoring in:
    • #kovri-dev
    • #kovri
    • #monero-community
    • #monero-dev
    • #monero-research-lab
    • #monero-translations
    • #monero-vrp
  • IRC PMs with kovri collaborators regarding kovri and project development
  • Twitter @getkovri

Last but not least

  • Buildbot backend collaboration + maintaining non-buildbot build backend environment
  • Kovri-related emails + email lists for monero/kovri dependencies + security advisories
  • Maintaining Coverity build
  • Write Milestone #12 report

Notes

  • Please, feel free to look closely at every noted pull request and issue as much effort goes into Kovri development (also see git-log for details)
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal
  • Other useful information may also be on twitter:
anonimal posted 5 years ago Weight: 0 | Link [ - ]

Milestone 11 includes a consolidated ~176 hours of billable time (as usual, I've donated many more hours than what I've billed because I'm picky about what I bill). This milestone covers the dates 03-14-2018 through 04-06-2018, 04-13-2018 through 05-01-2018, and 05-07-2018 through 06-12-2018

The majority of time spent during this milestone became devoted to mentoring/developer training (see pull requests + IRC), collaboration, and project development. Project development includes upcoming DefCon 26 BCOS Privacy Village preparations of which I'll be speaking/presenting. I will also be going as part of the Monero DefCon Team (as well as beginning preparations for IncognitoCon 2018 in September). This milestone did not provide me with the desired time for kovri code and research that I had hoped for, but the alpha release is still scheduled for DefCon 26.

Code

Newest to oldest, not including merge commits (of PRs I've reviewed or my own PRs):

6968d6c7 CMake: remove optional lib build
6ec3f9af Repo: update copyright dates + bump kovri-docs
4778a64a Repo: update guide name in GitHub templates
3e68f8a3 Contrib: change default Dockerfile repo name
3f479c2e README: update quickstart + make/install
b2f5f7d3 README: add links to user/developer guide
60d6c8af Docs: bump kovri-docs to e21aaa8
91233a00 README: reorg/cleanup nightly table
30d08272 README: add build table + condensed instructions
a053f772 Util: fix bad anycast in routerinfo
57bdc934 Kovri: bump latest version for Alpine Dockerfiles
1967f947 Testnet: add clang to Arch Dockerfile
a16f0ceb Kovri: boost.program_options bool option overhaul
8902e666 Util: fix cpuid impl unused parameter warning
fcf2119d I2PControl: add virtual dtor to abstract class
2cdf0660 Kovri: comply with CERT secure coding rule ERR53-CPP
824ffa63 UPnP: fix missing field initializer warning
075a0a27 Config: fix unused parameter warning
2a514fea TunnelPool: fix comparator functor for gcc8 build
16548fdb README: update macOS static build link
c2a2c02d Build: use kovri branch for cpp-netlib
28d5134e Transports: don't reuse DH keypairs
80b680b3 Filesystem: clarify FileStream read/write docs
cd082fa2 Util: fix args minimum count
8b815d9c Build: enable verbose CMake build
baf81e0a Build: add deps cmake + only support in-tree miniupnp
3dcf5d6b Build: update miniupnp cmake find
b7952155 Build: add miniupnp submodule
4e56ba82 Build: bump cryptopp to CRYPTOPP_7_0_0
af6b9b41 README: update OSX static build link
7310a1fd HTTPProxy: patch message request for unit-test
b32ad557 Tests: rewrite HTTP Proxy unit-test
986c33e7 Kovri: disallow simultaneous disabling of both transports
d3675a5f Util: allow disabling of transports

--- WIP in branch 'bandcaps' (my fork)
b629dcfe Util: use new bandwidth setter for routerinfo
c044f91b Core: implement custom RI bandwidth / bandcaps
16a6e6b4 Tests: add RouterInfo caps unit-test
55a1c542 RouterInfo: new caps implementation
---

Repos

Kovri (includes patches/fixes I've given while mentoring/reviewing)

Kovri Docs

Kovri Site

Meta

Dependencies

Monero

Required by the community but UNBILLED

Research

In addition to the usual research and code review required for development (including library research, I2P spec/impl, and proposal review):

Collaboration

VRP related

Community

Last but not least

  • Buildbot backend collaboration + maintaining non-buildbot build backend environment
  • Kovri-related emails + email lists for monero/kovri dependencies + security advisories
  • Maintaining Coverity build
  • Write Milestone #11 report

Notes

  • Please, feel free to look closely at every noted pull request and issue as much effort goes into Kovri development (also see git-log for details)
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal
  • Other useful information may also be on twitter:
anonimal edited 6 years ago Weight: 0 | Link [ - ]

Milestone 10 includes another 2-for-1 special of ~181 hours of billable time (as usual, more project time spent than billed because I'm picky about what I bill). The milestone covers the dates January 21st, 2018 through March 10th, 2018.

What I was most excited about for this milestone was that, for quite possibly the first time in this FFS proposal's history, I was able to spend a vast majority of time on actual code development. This brings me great joy because only at this pace will we be able to achieve what we want before this FFS proposal is finished (until now, I've had to devote a majority of my time to project development in order to get the project up and running).

Code

Newest to oldest, not including merge commits (of PRs I've reviewed or my own PRs):

05af5a90 Kovri: bump I2P router version to 0.9.28
4a10adfd ElGamalEncryption: ensure first byte is random (non-zero)
3636e065 Tunnel: reduce default VTBM records from 5 to 4
205f2840 Kovri: increase IPv6 MTU
418fc6de Kovri: bump I2P router version to 0.9.27
f9e47c41 SSU: implement IPv6 peer testing
3e4effe7 SSUSession: get intro key from IPv6 capable routers
614fccdb Core: move bytes-to-asio address creator to util
dca3b2b9 Tag: use unsigned type for size
61576296 Tag: static assertion for null buffer size
507b888f Tag: zero-initialize un-initialized union buffer
c25c05c5 Tag: remove un-needed copy ctors + assignment overloads
f92bbd62 Tag: move from Identity to util + use std lib defs
31b4d237 ByteStream: const cleanup + remove unused member
8574d9e0 Reseed: update netdb.i2p2.no TLS cert
ce67dd8f SSUSession: always create header IV internally
4506cf39 SSUSession: process RelayIntro refactor + docs
e49b2970 SSUPacket: ensure valid IP address sizes + fix tests
2ef29bb8 SSUHeader: set appropriate ext-options size type
2a00c964 SSUPacketParser: mitigate fragment size buffer overflow
2b86a6f8 SSUSession: re-throw after parsing bad messages
afd8bdff SSUSession: send SessionRequest refactor + docs
aca0db62 SSUSession: rewrite encrypted message processor
f646ff71 SSUSession: create signed-data size calculation getter
de28be76 SSUSession: send SessionConfirmed rewrite + docs
fb184929 SSUSession: send SessionCreated rewrite + docs
fe3f5d5e SSUSession: received SessionCreated rewrite + docs
b8fe8362 README: update contact email
1e813e52 Contrib: update PGP key anonimal.asc (add email address)
d7176597 Build: bump cryptopp to CRYPTOPP_6_1_0
6de8c7b4 Docs: bump kovri-docs to 86df090
eb45e881 SSUSession: send keep-alive bytestream refactor + docs
0bfa913e SSUSession: send SessionDestroyed bytestream refactor + docs
3290a378 SSUSession: send PeerTest bytestream refactor + docs
42bf6605 SSUSession: send RelayIntro bytestream refactor + docs
61b641fe SSUSession: send RelayResponse bytestream refactor + docs
deb97ad2 SSUSession: send RelayRequest bytestream refactor + docs
fd678756 OutputByteStream: add non-const data pointer getter + test-case
6f4e0c7c ByteStream: calculate size from length plus counter
b3e3c688 ByteStream: add base input interface + internal vector buffer
9fe1653e SSUSession: fix invalid writing of null padding
8e6989ac ByteStream: add asserts + more exception handling
cd34ff13 CMake: fix incorrect setting of C release flags
b215ba6b ByteStream: add new byte skipping interfaces/impls
23871a18 ByteStream: add buffer-less ctor for container-like stream + test-case
92c1d515 ByteStream: rename advancing function as appropriate
7928c3e7 SSU: remove all calls to get enum underlying type
77e3a1d6 SSU: remove packet/data scoped enumerations
7f5f51b6 Kovri: replace glic endian conversion with boost.endian
944264dc Kovri: finish the removal of i2pd's endian impl
7a12f4ee Kovri: implement big/native-endian bytestream write
dea57f7d ByteStream: implement optional endian conversion
b988ea7a InputByteStream: add docs to readers
9a301888 OutputByteStream: add write wrapper + static writer
ffb2fff5 Kovri: implement native-endian bytestream read
28099728 ByteStream: simplify boost address to vector impl
df947280 ByteStream: virtual dtors for I/O base cases + explicit ctors
889f3edb ByteStream: implement I/O base class + related I/O refactor
3d704a1c ClientDestination: implement bytestream in Data message handler
f0c8acd1 InputByteStream: add read wrapper + static reader
65cdc733 InputByteStream: add new getters/members
7900b7e3 ByteStream: cpplint/clang-format/style check-in
5d421dd2 ByteStream: fix copyright dates
6a6ffcd7 Radix: re-implement unrolled decoding tables
07f4ebe3 Radix: throw length error, not runtime, when decoding
22113837 README: remove repos, merge docs/dev into single section
2c6b4758 README: merge support with contact + add/remove entries
cfa37da0 Build: bump cryptopp to 96bc82f
00347000 CMake: add NDEBUG flag for release builds

Repos

Kovri

Kovri Docs

For this milestone, mostly as collaborative repo maintainer:

Kovri Site

For this milestone, mostly as collaborative repo maintainer:

Meta

Misc.

Research

In addition to the usual research and code review required for development (including library research, I2P spec/impl, and proposal review):

Collaboration

  • VRP team, much #monero-vrp collaboration
  • HackerOne report collab (this list is incomplete, see hackerone.com/monero): #303390 #304770 #321213
  • The usual support and collab in #kovri / #kovri-dev / #monero-dev / #monero-research-lab / #monero-translations
  • The usual suspects: moneromoo (VRP related), surae, sarang, rehrar (project + dev search + Revuo collab), coneiric (mostly mentoring), pigeons, fluffypony, brbzull (new contributor), Jeff @ crypto++ (collab), and others
  • /r/Kovri, /r/Monero kovri-related
  • Twitter @getkovri (with rehrar)

Last but not least

  • Maintaining Coverity build
  • Maintaining non-buildbot build backend env
  • Write Milestone #9 report
  • Write Milestone #10 report

Unbilled

Notes

  • Please, feel free to look closely at every noted pull request and issue as much effort goes into Kovri development (also see git-log for details)
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal
  • Other useful information may also be on twitter: @getkovri @0x914409F1
anonimal edited 6 years ago Weight: 0 | Link [ - ]

9th milestone completed

For this milestone, you receive a 2.27-milestones-for-the-price-of-1-milestone special at 204.5 billable hours (actual ass-in-seat computer time was closer ~280): November 8th, 2017 through January 20th, 2018 with the exception of several weeks not working because of holidays and a holiday illness.

As you’ll notice, there are still a majority of non-code items logged. During this milestone, rehrar has been assisting me with project management ¼th time and he’s been very helpful but we’re glad that he’s now working ½th time - so this will give me more time to code for the next milestone. We need more people on-deck. Monero has many hands on board and kovri still only sees a fraction of that contributor-base. The more people on-board means I spend less time managing the project and more time coding.

This milestone saw not one but two i2pd 0days. I have never been a fan of i2pd. Before we forked, I had voted to not fork but instead start from scratch because of the terrible state of i2pd code. I was outvoted by the community (yay democracy) and here we are now.

If you're ever wondering "why hasn't kovri been integrated yet", my response is plainly: "i2pd 0day count = I lost track after 7. Kovri (non-i2pd) 0day count = 0." Kovri is certainly not immune to 0days, but it's important to note that producing anything worthwhile will be time-consuming. With that said, I've put my foot down and am moving with the intent to remove all i2pd code - period. All i2pd code must go - period. Doing so will be the biggest time-consumer for the remaining milestones but everything in the original proposal can still be achieved - to some degree.

Now, moving on, I encourage you to look closely at every noted pull request and issue - as much effort goes into Kovri development.

Code

This code section includes all necessary code related research (including java I2P review), spec review, related kovri code review for aforementioned kovri repo issues/pull requests and documented commits + related building/testing/debugging.

Notable Kovri pull requests/issues (this list may be incomplete, please see github for details):

  • #696, #711, #747, #748, #749, #750, #751, #754, #755, #757, #758, #759, #760, #761, #767, #769, #771, #772, #773, #774, #775, #776, #777, #778, #779, #780, #784, #785, #786, #788, #789, #791

A brief summary of commits most recent to eldest (as noted throughout the aforementioned pull requests):

- Crypto: finish removing DSA/ECDSA from ca04ff4 (branch remove-signatures, see #755)
- Crypto: finish removing RSA from ca04ff4 (branch remove-signatures, see #755)
- Kovri: new base32/64 impl / radix interface / unit-test 
- Build: optional kovri-util, disable by default 
- Filesystem: path getter refactor 
- HTTP: log warning when not using HTTPS 
- Kovri: clarify HTTPS nomenclature 
- Core: invert SU3 verification config logic 
- Installer: use Inno Setup on win `make install` 
- ByteStream: I/O reader/writer/endian rewrite                                                                                                                                                                    
- Streaming: fix overflow if large sig is included                                                                                                                                                                
- Garlic: refactor clove over-read check + add TODOs                                                                                                                                                              
- Garlic: add check for potential clove buffer over-read                                                                                                                                                          
- NetDb: fix logging of peer hash count for DatabaseSearchReply                                                                                                                                                   
- Core: default RI opts setter + remove deprecation                                                                                                                                                               
- Core: rewrite RI address add'er                                                                                                                                                                                 
- Core: context/RI trait and state refactor                                                                                                                                                                       
- Core: fix description logging of SSU address key                                                                                                                                                                
- Core: new RI ctor + fixes + WIP context init rewrite                                                                                                                                                            
- Core: don't use interface for context initialization                                                                                                                                                            
- Core: return uint64_t for router uptime                                                                                                                                                                         
- Core: WIP rewrite of router initialization                                                                                                                                                                      
- Core: initial rewrite of router initialization                                                                                                                                                                  
- Core: refactor context into core namespace                                                                                                                                                                      
- Boost.Python: add kovri python example 
- Boost.Python: implement core/client wrappers + utils 
- Testnet: fix path for kovri bash completion 
- Repo: contrib cleanup 
- CMake: extend Boost.Python detection beyond Arch Linux

Misc. related:

Research/Review

In addition to, and a few clarifications to, the research/review required in the Code section:

  • Boost.Python docs + exposing classes + research/test boost.python inheritance wrappers + research for using c++ reference object without wrapper (if possible, TBD)
  • Boost.Python unique_ptr handling + various wrapper strategies and design considerations for API refactor
  • Boost.Variant issue and to not downcast from uint64_t in i2pcontrol's reporting of uptime (insignificant, even for i2pcontrol). A real fix (which isn't needed for some boost versions) requires interface and implementation rewriting (not worth the trouble)
  • All things garlic and I2NP + review/document/log/debug/test/verify/challenge https://hackerone.com/reports/291489
    • code review of garlic AES unencrypted block handling
    • core review for all things tunnel and I2NP message + creation
    • spec review tunnel message / garlic / message encryption
    • spec review tunnel creation + complete ElG/AES spec review
    • code review: all things garlic + finding/reviewing garlic payload len calculations before AES encryption
    • code review: all garlic size 2 byte creations for all message types
  • Client local destination as related to ed25519 keysig
  • Complete java i2p doc/spec review for all things related to how we can effectively remove DSA + add TODO regarding caveat for ed25519 endian + review common-structures.rst/SigningPublicKey.java/KeyCertificate.java/Ed25519LittleEndianEncoding.java
  • Review NTCP and AES of str4d's "Ire" Rust rewrite of java I2P
  • Surae's space-time tradeoff RTRS paper
  • Panoramix
  • ZeroMQ + azmq + the 4 message patterns in detail + curvezmq as related to https://github.com/monero-project/kovri/issues/53#issuecomment-352481462
  • Upfiring whitepaper as related to kovri (answering the question of potential use-case)
  • IntenseCoin "whitepaper" ICO proposal review + #kovri discussion about its various holes
  • May the Fourth Be With You: A Microarchitectural Side Channel Attack on Several Real-World Applications of Curve25519
  • Radix systems and schemes
  • Crypto++'s TweetNaCl: https://github.com/weidai11/cryptopp/pull/566

Collaboration

  • #kovri/#kovri-dev/#monero-dev/#monero-research-lab support and collaboration
  • rehrar
    • All things related to developer search
    • Review/comment his FFS milestones for assistant project management + collborate to create his Q1 2018 proposal
    • Promotion discussions
    • FFS formalization development
    • Etherpad collaboration
    • Website review/collab
    • Review/ACK/NACK https://github.com/rehrar/meta/pull/1#pullrequestreview-85446779
    • FLOSS-weekly review (to do or not to do)?
  • Mentoring selsta and oneiric
  • New developer "wqking", help him get familiar with kovri and started on various issues
  • Surae's/sarang's FFS review as related to kovri + #monero-research-lab PRNG discussion
  • supercop with vtnerd + fork monero-project/supercop + NACK monero-project/supercop#1 (we currently use ref10 from supercop)
  • pigeons backend collaboration
  • noloader (Jeff Walton): primarily email collaboration but also https://github.com/weidai11/cryptopp/issues/562 and https://github.com/weidai11/cryptopp/issues/561
  • Derek@OSTIF + answer list of questions/email + new potential dev "Alex"
  • cont. private message / collab with Derek at OSTIF re: kovri dev and potential new kovri developers
  • Review/comment on CryptoVirus’s https://github.com/MissMiner/kovristuff/wiki/Kovri-start-up-sequence
  • #monero-vrp
  • #monero-research-lab
  • #monero-translations
  • NACK promo-video/#35

Reviewed/merged kovri-docs/kovri-site:

General

This milestone saw a significant increase in HackerOne/#monero-vrp responsibilities. As a member of the response team, collaboration with the team to resolve all monero related reports + continue to develop VRP is of paramount importance to kovri development.

Additional general work includes:

  • Repo maintainer for kovri/kovri-docs/kovri-site and all applicable issue/PR development, reviews, and merges (including those that I’ve opened/closed), milestone up-keep, and all applicable code. See github for details.
  • Email related to kovri development and kovri dependencies + various related mailing lists
  • Ubuntu64 private build/test machine backend updating/rebooting/setting back up + Win64 update/install win64 tor/sshd service
  • build.getmonero.org build machine maintenance (repo related on personal account)
  • Reddit r/Kovri and kovri-related r/Monero anonimal_0x914409F1 and twitter.com/getkovri
  • Issue review and PR review on a regular basis of monero/research-lab/kovri + related dependencies
  • Write Milestone #8 report (writing this report will be billed to milestone #10)

Notable meta pulls/issues (this list may be incomplete, see github for details):

  • #83, #142, #144, #146, #152, #153, #154, #163

Misc. related:

  • Other activities (un-billed) include: Monero AUR, monero/#2774, monero-forum/#46

Notes

  • See git-log for details
  • I have detailed, down to the second, time-tracking of all my work; complete with detailed descriptions of every activity. Because of privacy concerns, I'm reluctant to ever post this information publicly but will make them available to members of the core team upon request
  • For GitHub-recorded details (commits, pull requests, issues, discussions, etc.), see my activity page: https://github.com/anonimal. Other useful information may also be on twitter: @0x914409F1
Reply to: jhongalt
anonimal posted 6 years ago Weight: 0 | Link [ - ]

>It seems that the R&D sections are focused on research rather than development.Was there a major C++ implementation feat accomplished in the last milestones?

I'm afraid you're mistaken; they are mutually exclusive. See github for details.

>Regarding the NTCP rewrite in your local branch, it seems that there are < 10 code changes and only in one NTCP file: Session.cc

As was already noted in the milestone "sitting in my local branch (WIP, not yet pushed)". The work will eventually be pushed but there are other priorities at the moment. At currently ~172 hours for the 9th milestone, you'll find out what and why soon enough.

jhongalt edited 6 years ago Replies: 1 | Weight: 0 | Link [ - ]

It seems that the R&D sections are focused on research rather than development. Was there a major C++ implementation feat accomplished in the last milestones?

Regarding the NTCP rewrite in your local branch, it seems that there are < 10 code changes and only in one NTCP file: Session.cc

Reply to: anonimal
anonimal posted 6 years ago Weight: 0 | Link [ - ]

Note: alvinjoelsantos/promo-video (kovri script), as a big portion of the kovri script collaboration, was supposed to be added to section General. Updated.