Greetings!

*** John Goerzen [2022-01-21 08:45]:
>- Is this patch going to break things on 64-bit systems?
>- Are there going to be future gvisor problems on any of my platforms,
>or any of Debian's?  (which are vast)

Leah Neukirchen pointed me to https://github.com/google/gvisor/issues/1446
issue related to 32-bit systems compatibility. As I expected, there were
problems with sync/atomic library. All of that issues seems to be fixed
in fresher gvisor's releases. Also I found https://pkg.go.dev/inet.af/netstack
fork of gvisor, having no complexities with gvisor's building and has a
magnitude less dependencies recorded in go.sum. As I can see, Brad Fitzpatrick
is one of its maintainers, that is a good sign. So I moved to that fork
and tested on FreeBSD-i386 -- no build problems anymore.

So I hope there should not be any problems more with 32-bits
compatibility in 8.3.0 release. As Brad mentioned in some tickets and as
I can see in gvisor's .buildkite/pipeline.yaml, they build and use it
not only on GNU/Linux systems, but on a pretty wide range of platforms.

>To give you an idea of the requirements for platform support in Debian, see:

I see, thanks for the information. Mainly everything depends on Go
support of those platforms.

>You'll note that Debian GNU/FreeBSD is a thing!

Cool! :-)

>Some of them are former release platforms (alpha, ia64, m68k,
>and powerpc)

Yeah, unfortunately (at least for Alpha) those platforms can be
considered completely dead for general usage.

>> github.com/anacrolix/sync library, having no information about its
>> acceptable usage, that actually has to be treated as non-free software.
>
>That is a good catch and also a showstopper for Debian.  I will contact
>the author to see if he could add a copyright statement and reasonable
>license.

I hope that updated gvisor should solve issues with 32-bit platforms.
So there will be no need in his libraries.

>That would be fine with me.  neilalexander is active in the Yggdrasil
>Matrix channel and I asked him about the state of the utp code: [...]
>"Be warned that a lot of anacrolix's code is a horrendous mess of
>dependencies and weird wrappers around things (like the god-awful
>missinggo library). So you may find there are further steps to that
>problem."

I am in solidarity with that opinion, especially when I saw missinggo
too :-)

>So there are maybe some options: [...]

Since 8.3.0 I expect 32-bit platforms won't be problematic anymore. So
no need to think about μTP at all. Yggdrasil disable can be done through
GO_CFLAGS="-tags noyggdrasil" during the build, as noted in
http://www.nncpgo.org/Build_002dinstructions.html

I definitely do not want to use QUIC at all. It is just... plain wrong
:-). You have got Yggdrasil's secure encrypted and authenticated
transport, then you would have TLS and then Noise-based NNCP's sync
protocol. Yes, encryption is relatively cheap, but that is horrible
unacceptable mess in my opinion. I saw that all of that happens all the
time in modern software development (WebSockets as example) and
"Matryoshka of protocols" means something went wrong or someone was too
lazy :-). I actually think about ability to turn off encryption in
NNCP's sync protocol when it is used over Yggdrasil, to leave only
participants authentication, to remove unnecessary overhead at all.

>This is at least the third time in the past year I've wanted to
>reimplement a UUCP protocol in a more general way :-)

Me too :-).

>> I met pure-Go QUIC implementation, but as far as I remember TLS can not
>> be turned off in it. I won't accept that TLS complication and huge
>> unneeded overhead.
>
>Do you mean "overhead" in terms of compiled program size, performance
>impact, code complexity, or something else?

Mainly -- resulting protocol complexity, overall code complexity. Noise
protocol, with all encryption/authentication algorithms can be
implemented relatively easily from the ground. TLS, even its 1.3
version (which is heavily simplified in comparison to 1.2), is way much
more complex thing, that will take huge amounts of the code! QUIC, being
the transport protocol -- could be useful indeed, but its TLS-requirement
makes it useless where TLS is just not appropriate.

In ideal world, where IPv6 is accessible enough for end-users, IPsec
should rule the world -- there should not be any use-case to TLS at all.
IPv6 gives many addresses, that you can see for IPsec ESP protocol
between two addresses. We live in far from the ideal world, but it does
not mean I can accept injecting of TLS everywhere.

>FWIW, on NetBSD, nncp-caller 7.5.1 was 6MB and 8.2.0 is 10MB.  Adding
>Yggdrasil+gvisor didn't add all that much to its size.  (both
>unstripped).  After stripping, the sizes are 4.3MB and 7.6MB.

Some time ago I saw that even more compact code can be achieved with
"go build -ldflags=s" -- it creates much more compact binaries than
strip-ed ones. NNCP can be build with: GO_LDFLAGS="-s" redo all.

-- 
Sergey Matveev (http://www.stargrave.org/)
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF