#i2p-dev (irc2p) | 2.7.0-2 | Proposal 168 review Tues. Dec. 3, 8 PM UTC #ls2

UDP RN: it's a common network protocol lol

RN yeah, UDP I get that. Just wondered if there was more of a story to it. Σ:Đ

RN anyway. nice to meet you.

UDP Yeah nope

UDP Should probably make one up though I guess

UDP Same! How about your username? What's does RN stand for?

RN it is short or ReturningNovice

RN that had to do with my personal history and skill level at the time... but the longer version of the story takes us off topic. ;)

RN s/short or/short for/

RN lots of pple tell me lately I'm not such a novice anymore, but I'm not changing the nick since I've used it so long

dr|z3d don't believe her, UDP, her initials stand for Random Nuisance :)

UDP What kind of nuisance we talking here? ;)

dr|z3d :)

dr|z3d we're not, but if you want to carry on the random non-dev banter, feel free to hop over to #saltr :)

zzz dr|z3d, and when did I last touch it?

zzz -> ant distclean

dr|z3d oh, you're alive, zzz! I thought you'd gone awol :)

zzz busy

zzz -8 shortly

dr|z3d what you been working on?

zzz round 2 of the mitigations/fixes

zzz as promised

dr|z3d great, look forward to them.

zzz we'll see

zzz I don't know wtf your profile issues are but -8 will almost certainly conflict with / not fix them

dr|z3d great, more merge fun and troubleshooting ahead then.

dr|z3d the main issue I'm having now with the profiles is that for floodfills, existing profile data seems to be discarded after around an hour of uptime, and then entirely new ffs show up on the profiles page. not sure if that's by design or something I've done.

zzz did they just get down-rated or are they not on the 'all' tab either? (although even the all tab hides a lot)

dr|z3d first hour uptime, I see ff profiles that have been known about for what you'd expect, hours or more.

dr|z3d after that, ff profiles page just shows me profiles that have a first seen time of the a few minutes.

dr|z3d I've made a bunch of changes to how they're filtered for display, so I can't rule that out entirely, but the first hour of uptime where everything seems normal is strange.

dr|z3d I've disabled the deleteOldProfiles routine from running for now, so profiles only get nuked at session start.

dr|z3d I thought I might have set the STORE_TIME too low in PeerManager, so I modded that up and the same issue. so it's not that.

dr|z3d in other news, idk's pastebin seems to mangle newlines, but that aside, some rough edges tidied up: paste.idk.i2p/CanonistCockatoo/read

dr|z3d all "obvious" pages now styled correctly as per theme.

zzz ofc profiles get promoted/demoted/deleted all the time, but figuring out if it's being done correctly would take a LOT of logging and staring at it

zzz best done on a low-bw router

dr|z3d you're not wrong there :)

zzz anyway, the checkin from an hour ago is a week's worth of work and a big help if you want to start with that

zzz just waiting for one more test on the profile stuff to finish

dr|z3d I've been looking at a couple of routers both high and low b/w to assess the issue, they both display the same symptom after an hour of uptime.

zzz yeah I'm just saying if you want to stare at logs do it on the low b/w one

zzz that's why I don't run any high b/w routers

zzz and rarely any ff, although I am now b/c I need to get them right with the changes

dr|z3d what's the general thrust re profiles?

dr|z3d 10-4

dr|z3d some issues you'll only see on high b/w routers, so it's good to have a diverse set to monitor.

zzz basics, expire more, save/load less

zzz mirror of the RI changes

dr|z3d ok

dr|z3d a good amount of the stuff you're doing there I've been doing for a while, more or less.

zzz will be more todo though because I think the in-mem profiles may still be out of hand

dr|z3d quite possibly. I don't bother with those for low-end/unreachable routers at all.

zzz MRs always welcome if you think you have a good idea

dr|z3d you don't want an MR from me *chuckle*

dr|z3d but I'm happy to suggest attack strategies.

zzz well you'd have to make it pretty :)

dr|z3d speaking of pretty, when you want to look at pretty, deploy that css above :)

zzz I need defense strategies

dr|z3d ok, well here's one thing you might want to think about..

zzz i don't run a pastebin

dr|z3d that's not _for_ a pastebin.. you're being intentionally obtuse? :)

zzz send your attack strategies to mr. salt

zzz no

zzz you said its a fix for his pastbin mangling newlines?

dr|z3d no

dr|z3d I said it mangles new lines, but have a look. it's intact. it's for zzz.i2p

zzz then you didn't say what it was for

dr|z3d it's the completion of the coloring work you started and left hanging probably 15 years ago? :)

zzz no time for that

zzz lets wait and see if the screen reader guy is happy first

dr|z3d I thought you'd have figured that out after the open sans discussion yesterday and the consequent .zip file.

zzz out of my mind until he responds, I've done what he asked but seems unlikely to fix anything

zzz so I'll sit and wait

dr|z3d mv red2.css red2.css.backup and then deploy. but in your own time, no rush. I think you'll be pleasantly surprised by the results.

zzz if you have the answer for a disabled member of the community who needs help, I suggest you help him

dr|z3d do remember who you're dealing with, network's #1 blowhard pedant. :)

zzz rather than use it as an opportunity to jerk me around

dr|z3d and tbh, I'm more interested in helping the community at large, hence that css file.

zzz if I give you the unminified css can you give me a patch that fixes his issue and only that?

dr|z3d firstly, I'm not jerking you around.

dr|z3d if you want to be obstinate, that's on you. I invested time into fixing your half-finished website theme. enough time.

dr|z3d but whatever, you want to write off my work as jerking you around, ok. and in answer to your question, no. I don't need unminified css, and I'm not going to just fix some perceived issue that I cannot reproduce.

zzz telling me to install stuff while refusing to tell me what it's in reference to was not helpful

zzz if you can't reproduce it either, then we're stuck until he responds

zzz I'll fetch and save your css and take a look when I have time, thanks

dr|z3d "stuff" being a single truetype font family available in your repo, but I take your point. I was trying to give you something to smile about.

zzz it's too horked with the lines and it has smart quotes in it, it's unusable/unreviewable from that pastebin

dr|z3d skank.i2p/zzz.zip (updated with new css file).

dr|z3d there are a couple of icons in there for the footer for rss feed / twitter.

zzz ok thx

dr|z3d just insert them in the footer somewhere and I'll make them look pretty.

dr|z3d and do install fonts-open-sans when you have a moment.. site will work fine without, but best with. the extra font weight support's in all the alt fonts, but open sans is the closest to your original Verdana choice.

dr|z3d back to the main topic, you're only currently blocking inbound connections from perma-banned peers, not session-banned peers. maybe that could be tightened up?

dr|z3d I've added session-banned peers in these commits: gitlab.com/i2pplus/I2P.Plus/-/commit/848aed80f284f8b8d4a541fe8811ddc0219e5bae & gitlab.com/i2pplus/I2P.Plus/-/commit/24ba5cf25c8b600ea19d275b5665ade68647c613

dr|z3d I suspect isBanlisted(hash) also covers permabanned peers, but that was the initial stab.

zzz peers get temp banned for unreachable; so as designed, you should allow them incoming

zzz if eldorado had user-selectable themes I'd just throw it in there as an option but it doesn't

dr|z3d to review it you mean?

dr|z3d re allowing incoming, unreachable peers will be permitted incoming connections once the ban expires, no, so not sure what the problem is with preventing incoming connections while they're banned.

zzz because they're only banned because they're unreachable, so there's no reason to refuse a connection the other way

zzz that and a host of similar changes are probably bad for the network and definitely would be at scale

zzz re: theme, I mean as a selectable option, no review needed, but alas not available

dr|z3d Well we need a separate class of ban then to differentiate between "offensive" routers and routers with reachability problems. Failing that, I'll figure out some way to check the ban reason and block on that basis.

zzz you're swinging the banhammer around way too recklessly to buy any of that back

zzz correct, there's no reason code stored in the banlist, except there is, but it's a string for display only, so it's messy

zzz so the only classification is temp. vs. permanent

dr|z3d yeah, so I'm suggesting a 3rd class, temp,perm and "reachability" or whatever.

zzz lot of work

dr|z3d I'll figure out a way of not blocking unreachable peers from inbound, but the main point is making sure offensive routers get the full treatment.

zzz forever = expires > 2 days from now, unless you've hacked that too

dr|z3d don't want to set bans that long for offensive routers, just clutters the banlist.

dr|z3d really prefer not to have 90K routers cluttering my banlist if I can avoid it.

zzz then stop adding all your hacks to ban more routers

dr|z3d it's fine, bans are doing what they're intended to do.

dr|z3d for now, banlisted = no access to inbound ports.

zzz most of your issues are self-inflicted

dr|z3d re eldorado, just throw the new theme up there and solicit feedback.

RN I've noticed in 2.1.0-07 my participating peers looks like a sine wave going from about 3K to 4K and back. Previously it was mostly flat. I'll see what happens in 2.1.0-8. Things overall running pretty smooth, except more frequent tunnel drops, but still very usable.

zzz um

zzz no such thing as 'participating peers'

RN s/peers/tunnels/

zzz 10 minute sine wave frequency?

RN mm... lemme zoom in a bit

RN looks more like an hour\

RN the other router is already on -8 and I cleared the graph data

RN mm... lemme zoom in a bit

RN looks more like an hour\

RN the other router is already on -8 and I cleared the graph data

zzz if you are hitting limits a 10 minute cycle is normal and common because you reject for a while. haven't seen an hour cycle before

zzz click persist graph data and you won't lose it next time

RN yeah, I should turn that back on while testing dev versions

zzz doesn't cost much

zzz thx for testing -8

RN I have a credit on my account, so it is fine. :þ

zzz you always have credit with me :)

RN Σ:Đ

zzz how do we figure out if we need to do a release?

zzz twitter poll? reddit?

RN but I think there is more exposure on reddit than twitter...

zzz my 2.1.0-0 java i2p router is:

zzz a) doing ok

zzz b) frequently crashing or barely usable

zzz c) I'm not running 2.1.0-0

zzz you always need the last one b/c ppl love to click

RN d) I'm new and don't know what to compare to

zzz ooh good

zzz what we can't do is a poll 'should we do a release' b/c that will be 99-1

dr|z3d it's a substantial set of changes, a release is a good idea.

zzz we will do it, sometime...

dr|z3d trust your gut instinct. if you think the network as a whole will be improved with an early release, go for it. users aren't really in a position to know that.

zzz cost/benefit

dr|z3d and just as importantly, if orignal is ready for an early release, his users will benefit more.

zzz and risk

dr|z3d sure, you can also opt to let the latest set of changes bed in for a while, see if there are any related issues that crop up.

zzz ideally it should soak for at least a month

zzz diff at 75% of the size of the last one

dr|z3d is there anything else you've got lined up you might want to deliver this cycle?

zzz DnD :)

dr|z3d dungeons and dragons? what are you smoking? :)

zzz snark dragndrop

dr|z3d ah

dr|z3d you got that working on chrome yet?

zzz no, chrome bug

zzz then I tried ff on win and it didn't work either

dr|z3d sounds like more headache than it's worth until moz/goog fixup their shizz.

obscuratus Has anyone every used the 'confidential' click box for reporting issues on git.idk.i2p?

obscuratus Does it sufficiently restrict access for an issue that may be sensitive (maybe not). Presumably the confidential option can be lifted later if it's deemed OK for view by everyone.

dr|z3d I think that's about right, obscuratus.

dr|z3d easy fix to the isBanlisted/isBanlisted forever conundrum, zzz. add a 3rd method, isBanlistedHostile which checks for routers with a bantime of >=1h.

zzz why would you not ban a hostile router forever?

dr|z3d for reasons I outlined above. you don't want to choke up your banlist with ephemeral routers.

zzz not gonna happen in canon anytime soon, but perhaps your banhammer cannon needs more nuance

dr|z3d I've already implemented it pursuant to your issue with blocking inbound for temp banlisted routers.

zzz I'll give you credit for one thing, I finally gave up on U routers in tunnels. The huge attacker fleet of LU routers is killing expl. build success

dr|z3d yeah, I figured a long time ago that U routers are U for absolutely f'ing useless :)

dr|z3d U and floodfill? ban.

zzz I looked and xU for x > L is averaging < 1 tunnel per hour. I thought we were giving them some cover traffic, but no

zzz ofc if salt switches back to XfR it won't help, but for now it does

dr|z3d moving target, but the mitigations shouldn't hurt and just close off obvious areas of exploitation.

dr|z3d router here's varying build success between 60-80% right now.

zzz trying to fixup profiles to really penalize the losers, that code hasn't gotten attention in a long time

dr|z3d you might consider uncommenting the good/bad send count for ffs.

dr|z3d gives you another metric you can gauge performance by with a view to banning the shit.

dr|z3d (or maybe there's enough datapoints already to do that)

zzz the XfR storm was brief and didn't really get a good sense of how it affected netdb performance

dr|z3d they're good values to plot in the floodfill profile table, easy for users to understand.

zzz focused mostly on tunnels

dr|z3d ok, so I guess you're looking at the med/long term tunnel accept/reject/fail values to work out where a peer should be deemed useless.

dr|z3d I guess there's enough data in the profile to work out a reliability score.

zzz see recent CapacityCalculator changes

dr|z3d oh, you've been busy again. never noticed :)

zzz trying to get the incredibly shitty LU fleet downgraded

zzz while hopefully having mostly the same result even if they switch to R

zzz there were a ton of high cap LU's with capacity scores > 7

dr|z3d yeah, not good. I don't build any tunnels with L regardless of reacability. helps.

zzz never mattered until there were thousands

justmessin zzz apologies if this comes across as a complete noob but L/LU routers? XfR?

zzz sure but they were still taking up high cap slots

dr|z3d L = slow, X = fast, f = floodfill.

justmessin not familiar with either the i2pd or java i2p codebases however id like to help. driz3d and "U" / "XfR" ?

justmessin XfR is transfer rate or

zzz so trying to knock them down no matter what the caps

zzz the bad ones that is

dr|z3d I try to avoid profiling L tier.

dr|z3d in theory that should keep that out the high caps range, but I see a few here. nothing U, however.

dr|z3d maybe some of your recent changes have reinstated them. will have to double check.

justmessin im guessing theres already some system for banning 'bad' floodfill routers locally, that is floodfill routers that you've locally determined to be bunk

justmessin even if so doesn't fix the issue of an actor doing this again and passing as normal until it was set, establishing themselves as 'good' floodfill peers

zzz justmessin, there's a legend at the bottom of the profiles page

zzz dr|z3d, I think we also need to turn the new peer bonus into a penalty

zzz but need to be careful about just started + long downtimes

zzz will think about it

justmessin zzz thanks. if I understand correctly every router has a keypair. if ranking was possible locally (by downtime, bad peer count, whatever) - this could be advertised and signed by the router. other routers use their own rating to determine how trustworthy another routers rankings are

justmessin although that could lead to the same issue of gaining legitimacy for a period of time and then triggering. fast enough redistribution would prevent it from becoming a problem

zzz no, that's not our design. everybody does their own rating, we would never trust somebody else's rating

dr|z3d justmessin: we're discussing specifics. if you want to read up on the generalties, geti2p.net/en/docs/how/peer-selection

dr|z3d Blinded message

justmessin zzz: ah understood. driz3d: okay thanks

dr|z3d you might be onto something there, zzz. maybe new profiles need a bit more cred before they're marked up, like some good sends etc.

zzz the idea was to help integrate new peers but not helping us now

dr|z3d the assumption's turned on its head right now, that new peers are a good thing. obviously not the case at the mo.

zzz somebody suggested it, maybe obscuratus, bud didn't remember we were doing the opposite

zzz no time for charity when everybody's a thief

zzz doesn't look like you've meddled much in capacity calculator but that's a key spot for policy impl.

zzz w.r.t. client tunnels ofc

obscuratus Ah, you changed the Sybil costs. It's playing hell with my testing network. :D

zzz but also expl. during congestion aka now

zzz yeah ipv6 sybil. maybe still needs tweaks

zzz but probably shouldn't be running in test mode

dr|z3d no haven't "meddled" much with cap calc.

dr|z3d that last set of changes is the first time I think I've done consecutive merge commits without a conflict.

obscuratus I just change the sybil threshold, and it let's me test it sometimes.

zzz I never ran a testnet long enough for sybil to kick in

zzz obscuratus, want to try to submit an MR to fix it? I could use some help around here

zzz just find the spot to add if (!_context.getBooleanProperty("i2np.vmCommSystem"))

zzz so the analyzer never runs

dr|z3d apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbHelper.java looks like the probable place.

zzz whoever starts the timer

zzz no dr|z3d not in the console

dr|z3d and router/java/src/net/i2p/router/sybil/Analysis.java probably.

dr|z3d more likely the latter.

dr|z3d former's only for console display.

zzz if you dont start the timer it wont run

dr|z3d yeah, all you need is to detect vmcomm and enable router.sybilEnableBlocking if true.

dr|z3d or rather, disable.

dr|z3d if (_context.getProperty(PROP_BLOCK, DEFAULT_BLOCK))

dr|z3d doBlocking(points);

dr|z3d && !vmcomm.system

zzz and ofc the setting is allowLocal, not vmCommSystem

dr|z3d yeah, that was shorthand :)