Arjen on Nostr: GM ...

quoting
naddr1qq…v7hr

FIPS v0.2.0 is now available. This release includes a major discovery protocol overhaul, Tor transport support, runtime peer management, and 12 bug fixes.

Highlights

Smarter Discovery Routing

The discovery protocol has been rewritten to use bloom-filter-guided tree routing instead of flooding. Lookups are now forwarded only to spanning tree peers whose bloom filter contains the target, reducing discovery traffic by 90%. When no tree peer matches, a non-tree fallback preserves reachability. The new design includes originator retry with exponential backoff and transit-side rate limiting for defense-in-depth.

Tor Transport

Nodes can now peer over Tor using SOCKS5 for outbound connections and directory-mode onion services for inbound. This enables anonymous peering without exposing IP addresses.

Runtime Peer Management

New fipsctl connect and fipsctl disconnect commands allow adding and removing peers at runtime without restarting the daemon. Supports hostname resolution from /etc/fips/hosts.

Reproducible Builds

The build infrastructure now produces deterministic, reproducible packages. Rust toolchain pinning via rust-toolchain.toml and SOURCE_DATE_EPOCH timestamps ensure bit-identical output across builds from the same commit.

Breaking Change

This release changes the discovery wire format. The visited bloom filter has been removed from LookupRequest, and a forwarded flag has been added to LookupResponse. Nodes running v0.1.0 cannot interoperate with v0.2.0 on discovery. All mesh nodes must be upgraded to v0.2.0.

Bug Fixes

• DNS responder NXDOMAIN for A queries on .fips names (#9)

• Stale sessions blocking reconnect (#5)

• Rekey dual-initiation race on Tor links

• Rekey cutover race causing AEAD failures

• Post-rekey jitter spikes corrupting EWMA (#10)

• ICMPv6 PTB source address ignored by Linux (#16)

• Parent selection bypassing SRTT eligibility gate

• Auto-connect peers permanently abandoned after retry exhaustion

• MMP metric discontinuity across rekey

• Control socket permissions for non-root users

• Reconnect backoff reset on link-dead cycles (#5)

• ETX unresponsive to recent loss (#14)

Install

Packages available:

• Debian/Ubuntu: .deb package

• Systemd tarball: fips-0.2.0-linux-x86_64.tar.gz

• OpenWrt: opkg .ipk package

• Source: https://github.com/jmcorgan/fips

Contributors

@jmcorgan, @v0l, @alopatindev, @Origami74

Full changelog: https://github.com/jmcorgan/fips/blob/master/CHANGELOG.md