#saltr (irc2p) | I2P+ 2.5.2+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

Irc2PGuest5534 so can anybody take a guess why the latest i2p+ is so slow when it comes to irc? (browsing the web is fine) Specifically my router seems to spend hours connecting and disconnecting from the irc server.

dr|z3d check the I2P+ faq for information about timeouts.

dr|z3d in the console, /help/faq

dr|z3d and that's not the best way to elicit help, Irc2PGuest5534

dr|z3d just because you're having issues doesn't make it an I2P+ problem.

Irc2PGuest5534 dr|z3d: the problem seems to be unique to my local i2p+/laptop. Ironically everything works fine on android. There I can connect to irc almost instntly. (Usually it's the other way around.)

dr|z3d make sure you only have 1 address for postman's hosts in your addressbook.

cumlord oh ty for the voice dr|z3d, hola salty folk

Minogami hola

dr|z3d np cumlord

dr|z3d welcome to #saltr

Irc2PGuest5534 dr|z3d: I don't think the problem is timeouts btw. I use the exact same software with the exact same settings on both laptop and android

Irc2PGuest5534 dr|z3d: btw have you ever seen this problem: sshd running on a remote box, standard i2p tunnel setup on the client and server. all attempts to ssh to the remote box result in 'kex_exchange_identification: Connection closed by remote host'

dr|z3d > make sure you only have 1 address for postman's hosts in your addressbook.

dr|z3d if you have 2 addresses per hostname (check the details page), then that may well be your issue.

dr|z3d key exchange issues with ssh are usually transient if everything is correctly configured.

Irc2PGuest5534 dr|z3d: I do see one Destination for irc.postman.i2p on the details page

Irc2PGuest5534 I wonder if people generally host servers on i2p android. I see this behaivor after installing an ftp server and a ssh server on an android device and setting up tunnels: I can connect and then somebody immediately closes the connection

cumlord they make a decent low power router. have i2pd running on an old android tablet for testing things and ssh into it, ssh has been finicky at times

cumlord built in ups and portability is a plus

not_bob I use i2pd on android quite a bit.

not_bob I've never tried hosting services on it though.

Irc2PGuest5534 not_bob: i2pd works on android? Maybe I'll give it a shot

Irc2PGuest5534 not_bob: but see I think the problem is actually on my laptop. (Unless there's fundamentally little connectivity between what are essentially two hidden devices on the i2p network.)

not_bob Yes, there is a version you can install off f-droid. Though, I just compile it myself.

Irc2PGuest5534 not_bob: good to know

not_bob With termux you can compile and install pretty much any *nix program.

Irc2PGuest5534 not_bob: btw have you seen something like this. I have sshd running on android. all the tunnels setup. All attempts to ssh in result in 'kex_exchange_identification: Connection closed by remote host'. What's strange is I don't see anything on the android device about closing a connection.

not_bob Yes, that can happen sometimes. How long are your tunnels?

not_bob From what I've seen it tends to happen when the connection isn't really succcessful (underlying connection).

not_bob What happens when you telnet to that port?

Irc2PGuest5534 not_bob: you suggest increasing the tunnel count and shortening the tunnels?

not_bob YOu should get a small blurb.

not_bob Are these on the same local network?

not_bob If so, you can't use short tunnels.

Irc2PGuest5534 not_bob: what does that mean? "short tunnels"?

not_bob Also, are they behind NAT? If so, you need a tunnel length greeater than 1 on each side.

not_bob 0 hop

Irc2PGuest5534 they're on the same wifi network (underlying internet connection) but the laptop is using a vpn and the android is not

Irc2PGuest5534 not_bob: strictly greater than 1?

not_bob Ahh, then they might as well be on not the same network then.

not_bob What tunnel lenghts do you have now? Just the default?

not_bob If so, that should work fine.

Irc2PGuest5534 not_bob: I was experimenting with 1 hop and even 0 hop

not_bob I figured given the error :)

not_bob In your case don't go lower than 1 on each side and it should work.

not_bob server and client.

not_bob 0 hop tunenls can, and do work. But, many other things have to be right for it to happen.

Irc2PGuest5534 ok <=1hop. would you also recommend increasing the tunnel count? I heard too many tunnels can make things worse

not_bob Too many is bad, yes.

Irc2PGuest5534 though generally my approach to speeding up i2p has always been increasing the tunnel count

not_bob That helps to a point.

not_bob Though, i2p has never been fast.

not_bob It's a swtiching network, so more tunnels just give more possible paths for the data.

not_bob The main reason to increase tunnel count is to make the connection more robust.

not_bob So it can handle sudden tunnel failure better.

Irc2PGuest5534 it's a lot faster than it used to be. I remember back in the day just browsing the web was painful. But anyways what tunnel count would you recommend? I think fundamentally the problem is that both my laptop and the android tablet are hidden devices that don't participate in a lot of traffic

not_bob Each tunnel can in theory handle several MB of bandwith (though, I've rarely seen that).

cumlord For lower powered devices can experiment lowering max tunnels, default for i2pd at least can be too many for some

not_bob 7

not_bob 5-7 would be more than enough.

not_bob 7 is overkill, but not too much.

not_bob But, don't go beyond that. There is little point.

not_bob You only need one working each direction for it to work.

not_bob I use i2pd on low power devices all the time.

not_bob My main phone spins up something like 60 tunnels at start.

not_bob I've not counted the total.

not_bob But, it's in that range. It does not seem to have any issues.

not_bob The big issue is that longer tunnels are harder to build and maintain.

dr|z3d so, working on a safe way to show remote images in susimail html messages.

not_bob inline?

dr|z3d that's the idea.

Irc2PGuest5534 ok 7 tunnels

Irc2PGuest5534 not_bob: btw when I telnet in I don't get a blurb

not_bob Yeah, inline is the only way that could be mostly safe.

dr|z3d ?

not_bob Irc2PGuest5534: Odd, you should. What's the status of the tunnel on the other side?

dr|z3d inline or in a new tab isn't the issue.

not_bob dr|z3d: Possibly exploits due to malformed images.

cumlord No it works great, one I’m using runs 6000 transits whenever I’ve tried to move a lot of data through it I cut the tunnels to half that and seems to work better

dr|z3d then I don't know what you mean by inline.

dr|z3d inline is on the page. there is no inline for remote images otherwise.

not_bob Yes, base64 images.

snex img src=base64junk

not_bob Yes

dr|z3d base64 isn't going to save you from some hypothetical exploit.

not_bob I agree.

Irc2PGuest5534 not_bob: I think the tunnel on the server side is working. I tried a test where I setup a client tunnel to connect to the server tunnel on the same device and it seemed to work. But I can't say for sure...

not_bob But, that sort of exploit is rather rare and very specific.

snex it might. browser will just fail to render rather than secretly download it or whatever

not_bob Irc2PGuest5534: Have you tried to connect to it from another client elsewhere on the network?

dr|z3d yeah, maybe. don't you just love hypothetical risks.

not_bob No, I dislike them.

not_bob :)

Irc2PGuest5534 not_bob: no... guess I could try to setup a 3rd device

not_bob But, image expoits are a thing, and have been used in the past.

dr|z3d your cup noodle could blow up in your face. avoid cup noodles.

not_bob Irc2PGuest5534: That's what I would do.

not_bob I avoid cup noodles as they are not really food.

dr|z3d anyways, images won't be loading by default in any context in susimail.

not_bob I'm glad to hear that.

dr|z3d tracking images will be stripped, and if I do provide support for displaying remote images, it'll be click to view.

not_bob Remote images are a serious issue.

not_bob Even if tracking is stripped, just the act of viewing it can give the attacker the time you viewed it.

not_bob Assuming you were the only person sent the remote image url.

dr|z3d sure, and assuming you decide you want to view the image sent by clicking on it.

not_bob But, that's all they would get. I am going to assume you have a proxy setup in the client for http

dr|z3d otoh, non-attack e-mails may have images that you want to view.

Irc2PGuest5534 I remember reading about a 0-day in an image codec not too long ago

dr|z3d don't assume anything.

dr|z3d sure, that was webp.

not_bob Yep, they do happen.

dr|z3d anyways, the option will be off by default, you'll have to enable it, if it's implemented.

dr|z3d don't ever want to see remote images, don't enable option. easy.

Irc2PGuest5534 it's scary to think the simple act of viewing an image could give an attacker access

Irc2PGuest5534 I was always taught that "dumb data" was safe but executables or scripts of any kind were dangerous hehe

not_bob Yep, it's a scary world we live in.

snex i want to see good ones but not bad ones

dr|z3d ok, the first part of the susimail feature I was discussing earlier is about to land on /dev/ .. you'll be able to toggle *placeholder* images in html view if they're present. NOT the actual images.

dr|z3d placeholder images will have tooltips with the src of the actual image. no way to directly view/download the actual image as yet, still massively defanged.

dr|z3d additionally, anything that looks like a tracking/web bug image, ie those with a width or height of 1px, will be removed from the html before it's displayed, with a notification if they're found.

dr|z3d cake.i2p/file/vPJArs6LZ6_EzUcMdENEzabQIpL00kLBDpzJ1AIpe_T6S7Bsn0Ir/susimail-image-blocking.webp

dr|z3d counting blocked resources is even easier than calling a head request on each resource in the html, zzz. just check for the presence of whatever tag name you want to count, subtract whatever should be there, and you're good.

zzz looks nice

zzz make sure you test with emails containing cid: images