IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/07/01
anonymousmaybe wonder why not continuing the scan with coverity? it say last scan since 2015
anonymousmaybe false postives or whats the issue with it?
anonymousmaybe cc eyedeekay zzz
anonymousmaybe sonarqube is free software version and has intigeration for gitlab (not just github)
anonymousmaybe but need some small fill request for free of cost request
anonymousmaybe otherwise can be downloaded and used locally for free
anonymousmaybe cc eyedeekay
anonymousmaybe intigration*
dr|z3d anonymousmaybe: CodeQL is pretty good.
dr|z3d it used to be a commercial product iirc, now it's free to integrate on github.
anonymousmaybe in comparison to the two projects above its doesnt look compatitor
dr|z3d have you used it?
anonymousmaybe no but by reading about them
dr|z3d have you used any of the things you're recommending on the i2p codebase?
anonymousmaybe sonarqube yes
anonymousmaybe coverity is proprietary so i avoid it
dr|z3d last time you posted a vulnerability report it was 99% bullshit iirc :)
anonymousmaybe ? which one you are talking about?
anonymousmaybe if aboit i2p, i never tested on i2p
dr|z3d I don't recall offhand, some web scanning thing.
dr|z3d OWASP, was that it?
anonymousmaybe ah that is for website scanning
anonymousmaybe those above for static code scanning
anonymousmaybe OWASP-Zaproxy is very nice tool to have and scan your website with for webapp vulnerabilities/improvements
dr|z3d yeah, but pretty useless for scanning the console.
anonymousmaybe i agree, but since i2p was using firefox on localhost i said why not scan i2p with owasp and check whats gonna say
anonymousmaybe the report wasnt false, but for local connections not worth the fixes
SilicaRice <SilicaRice> there's a bug in i2p router's SAMv3 bridge where you can make it forget it's a control socket and it leaves a permanent "SAM TCP Client" on the router
SilicaRice <SilicaRice> specifically: "HELLO VERSION\nSESSION CREATE STYLE=STREAM ID=aaa DESTINATION=TRANSIENT\nSESSION CREATE STYLE=STREAM ID=aaa DESTINATION=TRANSIENT\nSTREAM FORWARD ID=aaa PORT=1234\n" causes "STREAM STATUS RESULT=OK"
SilicaRice wonder if that's exploitable for DoSing the router
SilicaRice the SAM bridge is pretty aggressive about closing the socket, so the browser's fetch() isn't gonna work there...
Xeha zzz: please give c4talys7 +v, as he has a few dev questions.
Xeha there we go :) thanks
c4talys7 thanks zzz!
c4talys7 Hello there everyone. c4talys7 here. I'm one of the networking layer developers for bisq. Nowadays v1 uses Tor as the main anonymity layer for our project, but starting with v2, we plan on using I2P as another option as well.
c4talys7 We already have a first version of the I2P layer implemented using the java Router embbeded into our application, but we're thinking about making some changes to this implementation. Mainly, the initial idea is to start using the i2p distribution and starting a separate process for i2p from within our application.
c4talys7 Anyways, I wanted to start the conversation and discuss ways where we could do our implementation without causing any disturbances to I2P as a whole
zlatinb Hi, how do you embed the java router? Is bisq written in a jvm language?
zlatinb in general spawning separate process can get messy
c4talys7 zlatinb: Our app is java based, yes. :)
zlatinb then imo embedded router is the best option
zlatinb if you use the I2CP interface you can give users the option to use an external router which can be i2pd as well
Xeha +1 for I2CP. then you can even use a router at a different host
c4talys7 zlatinb: our line of thought on moving away from the embedded java router was start/stop time and not harming the network with short term use or non-graceful shutdown.
zlatinb so, by default routers will not join participating tunnels until they reach at least 10 minutes of uptime, so you're not doing much harm with short uptimes
zlatinb ofc that is avoided completely with an external router but then you need to manage the process and in my experience that is a a mess
c4talys7 Sorry, I have to step away for a few minutes. I'll be back shortly to continue the discussion.
zlatinb you may need to use OS-secific mechanisms like windows mutexes and whatnot.. those are easier with JNA than JNI but still tricky
zzz agreed that everything in one JVM is by far the simplest both for devs and users
zlatinb cd bisq
zlatinb oops wrong window :)
mesh I wonder if that'
mesh 's bitcoin bisq or if you actually happen to be cooking some lobster bisque\
zlatinb it is, I just cloned the repo and "git grep i2p" returns results
mesh yeah I think the bisq guys were definitely interested in using i2p
zlatinb core/src/main/java/bisq/core/dao/node/full/rpc/dto/DtoNetworkInfo.java: IPV4("ipv4"), IPV6("ipv6"), ONION("onion"), I2P("i2p");
mesh I was thinking of working with them. They are looking for somebody who knows Java, I2P, JavaFX: twitter.com/bisq_network/status/1489271686885109769
mesh which of course perfectly describes me
zlatinb just that enum though, no references from gradle files
zlatinb might be on a branch
mesh they claim to pay very well. But we'll see... still trying to do my own thing
mesh zlatinb: I don't know if it exists yet but the plan is to do what i2psnark, syndie does and build a dht on top of i2p
mesh (everybody wants to build a dht on top of i2p... it really should be a reusable library so people stop reinventing the wheel)
zzz syndie doesn't do DHT
zzz we do have a lib
mesh zlatinb: the README makes it pretty clear, github.com/bisq-network/bisq2 ...
mesh zzz: what lib?
zzz core/java/src/net/i2p/kademlia in our source
mesh might be syndie... last time I looked I found a couple of dhts. The one in i2psnark was sort of the most interesting.
mesh zzz: yeah I saw that stuff. I'll probably look into it a bit later. Wasn't sure if it could actually be reused easily
zzz thats why its there and not in snark, so it can be reused
zzz it's just the data structures. messages are your problem
mesh hehe, yeah
zlatinb c4talys7: I have some comments on the code that starts an embedded router - namely you want to check in a loop instead of sleep once for 5 seconds
mesh zzz: the other hard part is bootstrapping. I wonder if the i2p router "service discovery" proposal ever went anywhere?
zlatinb c4talys7: the way I do it in muwire is here github.com/zlatinb/muwire/blob/master/core/src/main/groovy/com/muwire/core/Core.groovy check the startServices() method
zlatinb lines 600-610
zzz no we didn't do service discovery
mesh zzz: because it would cause too much load on the network?
zzz no. low priority and the spamming/spoofing issues are not solved and maybe not solvable
mesh zzz: hmm yeah
mesh zlatinb: does lanterna work well for you on windows?
zlatinb haven't tried it on windows but works fine on mac and linuxc
zlatinb should work ok in a mingw32 terminal
mesh zlatinb: last time I tried had all sorts of trouble on windows with lanterna.
mesh might give it another shot. I like the idea of a TUI
c4talys7 Sorry, I had to leave for some personal stuff. Back now
zlatinb c4talys7: I joined the matrix room you tweeted about
c4talys7 zlatinb: github.com/bisq-network/bisq2/tree/main/i2p and github.com/bisq-network/bisq2/tree/main/i2p/src/main/java/bisq/i2p are good starting points. This is being implemented on v2 of bisq, which is happening on a separate branch. It's a new product entirely
c4talys7 mesh: We had another developer which started to work on the I2P layer, he left and I took it over a few days ago.
c4talys7 zzz: Our initial implementation is doing it all in the bisq platform, indeed.
c4talys7 zlatinb: thanks for the tip on your muwire implementation.
zzz c4talys7, hasn't been updated in a while but our embedding guide should be helpful i2p-projekt.i2p/en/docs/applications/embedding
c4talys7 Thanks zzz, I'll check that as well :)
mesh c4talys7: you work with the bisq guys?
mesh ah cool
c4talys7 mesh: I'm one of the developers, yes
c4talys7 I joined recently, picked up the I2P layer from another developer that left
SilicaRice is this supposed to work? "USER=foo PASSWORD=bar \"\"COMMAND\"\"=HELLO \"\"OPCODE\"\"=VERSION" "HELLO REPLY RESULT=OK VERSION=3.3"
mesh c4talys7: that's really cool. good to see i2p being used in a product like bisq
RN I'm noticing this when skimming my logs. Cause for concern?
RN ERROR [CP Reader 95] .client.ClientConnectionRunner: Disconnecting the client - java.io.EOFException: EOF reading 4 byte value