@eyedeekay
&eche|on
&kytv
&zzz
+R4SAS
+RN
+RN_
+T3s|4
+acetone
+dr|z3d
+hk
+orignal
+postman
+weko
+wodencafe
An0nm0n
Arch
Danny
DeltaOreo
FreefallHeavens
Irc2PGuest21357
Irc2PGuest21881
Irc2PGuest89954
Leopold_
Nausicaa
Onn4l7h
Onn4|7h
Over
Sisyphus
Sleepy
Soni
T3s|4_
aargh2
anon2
b3t4f4c3
bak83
boonst
cancername
cumlord
dr4wd3
eyedeekay_bnc
hagen_
khb
not_bob_afk
plap
poriori
profetikla
r3med1tz
rapidash
shiver_
solidx66
tr
u5657
uop23ip
w8rabbit
x74a6
dr|z3d
zzz: seeing complaint about Blocklist file not found: [..].i2p/blocklist-country.txt on every startup.
dr|z3d
if that's something that can safely be ignored, we probably don't want it generating a warn log event.
zzz
yeah that's only if in hidden mode, to block same-country routers
dr|z3d
so we want to check for hidden mode and then only generate that warning if it can't be found then, probably, no?
zzz
not worth the effort, just lower the level if it's bugging you
dr|z3d
ok, no worries.
dr|z3d
re hidden mode, I notice when that's active it blocks all routers in the same country, regardless of whether or not the local router's in a hostile country. intentional? necessary?
zzz
dunno
zzz
if you're scared enough to set hidden mode, then why not
dr|z3d
yeah, I dunno either. just thought I'd mention in passing.
dr|z3d
that patch you committed earlier seems to be holding up, no evidence of the previous error so far.
zzz
super, thanks for testing and report
dr|z3d
thanks for fixing
zzz
even if everything's perfect, we need another day, because I haven't started my code review yet and it's a big one
zzz
and feeling sheepish after the chacha / encrypted ls2 fiasco
dr|z3d
bah, easy mistake to make. everyone gets tired :)
dr|z3d
fortunately someone spotted it, one of our chinese friends, no? so we're good.
zzz
thats why other eyeballs even more important than mine on the review. I can't see my own screwups
zzz
get cocky and you get smacked down in a hurry
dr|z3d
very true. some humility never hurt anyone :)
dr|z3d
I wonder if an automated java fuzzer wouldn't be helpful.
dr|z3d
or if you want a fuzzer with probably the best name out there (and more recently updated): github.com/tehmasta/jazzer-Java-Fuzzer-
dr|z3d
trying to find a fuzzer that can be automated in gitlab as a task.
dr|z3d
gitlab/github
zzz
doesn't sound easy because you really need to teach it about the protocols to get any half-decent results
dr|z3d
here's one that hooks into github's CI: github.com/marketplace/fuzzit-dev
dr|z3d
yeah, it may be of limited use, but then again, it might be good at spotting NPEs and other irritations that can be overlooked.
zzz
i2pd would probably benefit because C++ but it doesn't seem like it would be too fruitful against an overflow-proof language like java
zzz
yeah effort vs. reward
zzz
not saying it wouldn't find issues
dr|z3d
sure, ideally we're looking for something that required minimal effort to generate useful results, not something that requires days or even hours of tuning.
zzz
but explotable vulnerabilites vs. irritations? not so sure
dr|z3d
I'm going to see what that CI fuzzer app brings to the table if I can get it working. if it seems worthwhile, I'll let you know.
zzz
yeah. obv. you have to pick an interface/protocol (I2CP, I2NP, SAM, tunnel builds, ratchet, SSU2, NTCP2, ...) to point it at, even if you don't teach it
zzz
just to give an example of the issues with not teaching it, SSU2 protocols are protected by a Poly1305 MAC, so only 1 in 2**128 randomly-generated crap will get through to actually being processed
dr|z3d
ok, could be a complete waste of time, we'll see. if it's just a question of installing it and nothing else, no harm in taking it for a spin.
zzz
have fun
dr|z3d
haha, thanks. "fun"
dr|z3d
re adding a service line to /logs, zzz, if you're going that route, might be better as Wrapper: {version} or n/a
dr|z3d
you could also factor in whether or not the install is running from /usr/bin or ~/ I guess to make debugging even easier.
dr|z3d
I already display router install location and config dir just so the user knows where they are.
lbt
The build.xml describes (echo) a target "bundle" but has no such thing actually. It seems to be redundant to "git-bundle" - which is contained and probably working (I'm missing dependencies). Not sure if there were plans to do something there like making a bundle without the "call" to make the .torrent or so? Otherwise that echo-line could just be deleted from what it looks like to me.
lbt
It's mentioned as "bundle" in some documentation though