IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2023/02/12
@eyedeekay
&eche|on
&kytv
&zzz
+RN
+RN_
+T3s|4
+acetone
+dr|z3d
+hk
+not_bob
+orignal
+postman
+weko
+wodencafe
An0nm0n
Arch
Coucou
Danny
DeltaOreo
FreefallHeavens_
Irc2PGuest39724
Irc2PGuest53061
Irc2PGuest55294
Irc2PGuest56732
Nausicaa
Onn4l7h
Onn4|7h
Over
R4SAS
Sisyphus
Sleepy
SoniEx2
T3s|4_
aargh2
anon4
b3t4f4c3__
bak83_
boonst
cancername
carried6590
cumlord
dr4wd3_
eyedeekay_bnc
hagen_
onon_1
plap
poriori_
profetikla
r3med1tz-
rapidash
shiver_
solidx66
u5657
uop23ip
w8rabbit
x74a6
UDP RN: it's a common network protocol lol
RN yeah, UDP I get that. Just wondered if there was more of a story to it. Σ:Đ
RN anyway. nice to meet you.
UDP Yeah nope
UDP Should probably make one up though I guess
UDP Same! How about your username? What's does RN stand for?
RN it is short or ReturningNovice
RN that had to do with my personal history and skill level at the time... but the longer version of the story takes us off topic. ;)
RN s/short or/short for/
RN lots of pple tell me lately I'm not such a novice anymore, but I'm not changing the nick since I've used it so long
dr|z3d don't believe her, UDP, her initials stand for Random Nuisance :)
UDP What kind of nuisance we talking here? ;)
dr|z3d we're not, but if you want to carry on the random non-dev banter, feel free to hop over to #saltr :)
zzz dr|z3d, and when did I last touch it?
zzz -> ant distclean
dr|z3d oh, you're alive, zzz! I thought you'd gone awol :)
zzz busy
zzz -8 shortly
dr|z3d what you been working on?
zzz round 2 of the mitigations/fixes
zzz as promised
dr|z3d great, look forward to them.
zzz we'll see
zzz I don't know wtf your profile issues are but -8 will almost certainly conflict with / not fix them
dr|z3d great, more merge fun and troubleshooting ahead then.
dr|z3d the main issue I'm having now with the profiles is that for floodfills, existing profile data seems to be discarded after around an hour of uptime, and then entirely new ffs show up on the profiles page. not sure if that's by design or something I've done.
zzz did they just get down-rated or are they not on the 'all' tab either? (although even the all tab hides a lot)
dr|z3d first hour uptime, I see ff profiles that have been known about for what you'd expect, hours or more.
dr|z3d after that, ff profiles page just shows me profiles that have a first seen time of the a few minutes.
dr|z3d I've made a bunch of changes to how they're filtered for display, so I can't rule that out entirely, but the first hour of uptime where everything seems normal is strange.
dr|z3d I've disabled the deleteOldProfiles routine from running for now, so profiles only get nuked at session start.
dr|z3d I thought I might have set the STORE_TIME too low in PeerManager, so I modded that up and the same issue. so it's not that.
dr|z3d in other news, idk's pastebin seems to mangle newlines, but that aside, some rough edges tidied up: paste.idk.i2p/CanonistCockatoo/read
dr|z3d all "obvious" pages now styled correctly as per theme.
zzz ofc profiles get promoted/demoted/deleted all the time, but figuring out if it's being done correctly would take a LOT of logging and staring at it
zzz best done on a low-bw router
dr|z3d you're not wrong there :)
zzz anyway, the checkin from an hour ago is a week's worth of work and a big help if you want to start with that
zzz just waiting for one more test on the profile stuff to finish
dr|z3d I've been looking at a couple of routers both high and low b/w to assess the issue, they both display the same symptom after an hour of uptime.
zzz yeah I'm just saying if you want to stare at logs do it on the low b/w one
zzz that's why I don't run any high b/w routers
zzz and rarely any ff, although I am now b/c I need to get them right with the changes
dr|z3d what's the general thrust re profiles?
dr|z3d some issues you'll only see on high b/w routers, so it's good to have a diverse set to monitor.
zzz basics, expire more, save/load less
zzz mirror of the RI changes
dr|z3d a good amount of the stuff you're doing there I've been doing for a while, more or less.
zzz will be more todo though because I think the in-mem profiles may still be out of hand
dr|z3d quite possibly. I don't bother with those for low-end/unreachable routers at all.
zzz MRs always welcome if you think you have a good idea
dr|z3d you don't want an MR from me *chuckle*
dr|z3d but I'm happy to suggest attack strategies.
zzz well you'd have to make it pretty :)
dr|z3d speaking of pretty, when you want to look at pretty, deploy that css above :)
zzz I need defense strategies
dr|z3d ok, well here's one thing you might want to think about..
zzz i don't run a pastebin
dr|z3d that's not _for_ a pastebin.. you're being intentionally obtuse? :)
zzz send your attack strategies to mr. salt
zzz you said its a fix for his pastbin mangling newlines?
dr|z3d I said it mangles new lines, but have a look. it's intact. it's for zzz.i2p
zzz then you didn't say what it was for
dr|z3d it's the completion of the coloring work you started and left hanging probably 15 years ago? :)
zzz no time for that
zzz lets wait and see if the screen reader guy is happy first
dr|z3d I thought you'd have figured that out after the open sans discussion yesterday and the consequent .zip file.
zzz out of my mind until he responds, I've done what he asked but seems unlikely to fix anything
zzz so I'll sit and wait
dr|z3d mv red2.css red2.css.backup and then deploy. but in your own time, no rush. I think you'll be pleasantly surprised by the results.
zzz if you have the answer for a disabled member of the community who needs help, I suggest you help him
dr|z3d do remember who you're dealing with, network's #1 blowhard pedant. :)
zzz rather than use it as an opportunity to jerk me around
dr|z3d and tbh, I'm more interested in helping the community at large, hence that css file.
zzz if I give you the unminified css can you give me a patch that fixes his issue and only that?
dr|z3d firstly, I'm not jerking you around.
dr|z3d if you want to be obstinate, that's on you. I invested time into fixing your half-finished website theme. enough time.
dr|z3d but whatever, you want to write off my work as jerking you around, ok. and in answer to your question, no. I don't need unminified css, and I'm not going to just fix some perceived issue that I cannot reproduce.
zzz telling me to install stuff while refusing to tell me what it's in reference to was not helpful
zzz if you can't reproduce it either, then we're stuck until he responds
zzz I'll fetch and save your css and take a look when I have time, thanks
dr|z3d "stuff" being a single truetype font family available in your repo, but I take your point. I was trying to give you something to smile about.
zzz it's too horked with the lines and it has smart quotes in it, it's unusable/unreviewable from that pastebin
dr|z3d skank.i2p/zzz.zip (updated with new css file).
dr|z3d there are a couple of icons in there for the footer for rss feed / twitter.
zzz ok thx
dr|z3d just insert them in the footer somewhere and I'll make them look pretty.
dr|z3d and do install fonts-open-sans when you have a moment.. site will work fine without, but best with. the extra font weight support's in all the alt fonts, but open sans is the closest to your original Verdana choice.
dr|z3d back to the main topic, you're only currently blocking inbound connections from perma-banned peers, not session-banned peers. maybe that could be tightened up?
dr|z3d I suspect isBanlisted(hash) also covers permabanned peers, but that was the initial stab.
zzz peers get temp banned for unreachable; so as designed, you should allow them incoming
zzz if eldorado had user-selectable themes I'd just throw it in there as an option but it doesn't
dr|z3d to review it you mean?
dr|z3d re allowing incoming, unreachable peers will be permitted incoming connections once the ban expires, no, so not sure what the problem is with preventing incoming connections while they're banned.
zzz because they're only banned because they're unreachable, so there's no reason to refuse a connection the other way
zzz that and a host of similar changes are probably bad for the network and definitely would be at scale
zzz re: theme, I mean as a selectable option, no review needed, but alas not available
dr|z3d Well we need a separate class of ban then to differentiate between "offensive" routers and routers with reachability problems. Failing that, I'll figure out some way to check the ban reason and block on that basis.
zzz you're swinging the banhammer around way too recklessly to buy any of that back
zzz correct, there's no reason code stored in the banlist, except there is, but it's a string for display only, so it's messy
zzz so the only classification is temp. vs. permanent
dr|z3d yeah, so I'm suggesting a 3rd class, temp,perm and "reachability" or whatever.
zzz lot of work
dr|z3d I'll figure out a way of not blocking unreachable peers from inbound, but the main point is making sure offensive routers get the full treatment.
zzz forever = expires > 2 days from now, unless you've hacked that too
dr|z3d don't want to set bans that long for offensive routers, just clutters the banlist.
dr|z3d really prefer not to have 90K routers cluttering my banlist if I can avoid it.
zzz then stop adding all your hacks to ban more routers
dr|z3d it's fine, bans are doing what they're intended to do.
dr|z3d for now, banlisted = no access to inbound ports.
zzz most of your issues are self-inflicted
dr|z3d re eldorado, just throw the new theme up there and solicit feedback.
RN I've noticed in 2.1.0-07 my participating peers looks like a sine wave going from about 3K to 4K and back. Previously it was mostly flat. I'll see what happens in 2.1.0-8. Things overall running pretty smooth, except more frequent tunnel drops, but still very usable.
zzz no such thing as 'participating peers'
RN s/peers/tunnels/
zzz 10 minute sine wave frequency?
RN mm... lemme zoom in a bit
RN looks more like an hour\
RN the other router is already on -8 and I cleared the graph data
RN mm... lemme zoom in a bit
RN looks more like an hour\
RN the other router is already on -8 and I cleared the graph data
zzz if you are hitting limits a 10 minute cycle is normal and common because you reject for a while. haven't seen an hour cycle before
zzz click persist graph data and you won't lose it next time
RN yeah, I should turn that back on while testing dev versions
zzz doesn't cost much
zzz thx for testing -8
RN I have a credit on my account, so it is fine. :þ
zzz you always have credit with me :)
RN Σ:Đ
zzz how do we figure out if we need to do a release?
zzz twitter poll? reddit?
RN but I think there is more exposure on reddit than twitter...
zzz my 2.1.0-0 java i2p router is:
zzz a) doing ok
zzz b) frequently crashing or barely usable
zzz c) I'm not running 2.1.0-0
zzz you always need the last one b/c ppl love to click
RN d) I'm new and don't know what to compare to
zzz ooh good
zzz what we can't do is a poll 'should we do a release' b/c that will be 99-1
dr|z3d it's a substantial set of changes, a release is a good idea.
zzz we will do it, sometime...
dr|z3d trust your gut instinct. if you think the network as a whole will be improved with an early release, go for it. users aren't really in a position to know that.
zzz cost/benefit
dr|z3d and just as importantly, if orignal is ready for an early release, his users will benefit more.
zzz and risk
dr|z3d sure, you can also opt to let the latest set of changes bed in for a while, see if there are any related issues that crop up.
zzz ideally it should soak for at least a month
zzz diff at 75% of the size of the last one
dr|z3d is there anything else you've got lined up you might want to deliver this cycle?
zzz DnD :)
dr|z3d dungeons and dragons? what are you smoking? :)
zzz snark dragndrop
dr|z3d you got that working on chrome yet?
zzz no, chrome bug
zzz then I tried ff on win and it didn't work either
dr|z3d sounds like more headache than it's worth until moz/goog fixup their shizz.
obscuratus Has anyone every used the 'confidential' click box for reporting issues on git.idk.i2p?
obscuratus Does it sufficiently restrict access for an issue that may be sensitive (maybe not). Presumably the confidential option can be lifted later if it's deemed OK for view by everyone.
dr|z3d I think that's about right, obscuratus.
dr|z3d easy fix to the isBanlisted/isBanlisted forever conundrum, zzz. add a 3rd method, isBanlistedHostile which checks for routers with a bantime of >=1h.
zzz why would you not ban a hostile router forever?
dr|z3d for reasons I outlined above. you don't want to choke up your banlist with ephemeral routers.
zzz not gonna happen in canon anytime soon, but perhaps your banhammer cannon needs more nuance
dr|z3d I've already implemented it pursuant to your issue with blocking inbound for temp banlisted routers.
zzz I'll give you credit for one thing, I finally gave up on U routers in tunnels. The huge attacker fleet of LU routers is killing expl. build success
dr|z3d yeah, I figured a long time ago that U routers are U for absolutely f'ing useless :)
dr|z3d U and floodfill? ban.
zzz I looked and xU for x > L is averaging < 1 tunnel per hour. I thought we were giving them some cover traffic, but no
zzz ofc if salt switches back to XfR it won't help, but for now it does
dr|z3d moving target, but the mitigations shouldn't hurt and just close off obvious areas of exploitation.
dr|z3d router here's varying build success between 60-80% right now.
zzz trying to fixup profiles to really penalize the losers, that code hasn't gotten attention in a long time
dr|z3d you might consider uncommenting the good/bad send count for ffs.
dr|z3d gives you another metric you can gauge performance by with a view to banning the shit.
dr|z3d (or maybe there's enough datapoints already to do that)
zzz the XfR storm was brief and didn't really get a good sense of how it affected netdb performance
dr|z3d they're good values to plot in the floodfill profile table, easy for users to understand.
zzz focused mostly on tunnels
dr|z3d ok, so I guess you're looking at the med/long term tunnel accept/reject/fail values to work out where a peer should be deemed useless.
dr|z3d I guess there's enough data in the profile to work out a reliability score.
zzz see recent CapacityCalculator changes
dr|z3d oh, you've been busy again. never noticed :)
zzz trying to get the incredibly shitty LU fleet downgraded
zzz while hopefully having mostly the same result even if they switch to R
zzz there were a ton of high cap LU's with capacity scores > 7
dr|z3d yeah, not good. I don't build any tunnels with L regardless of reacability. helps.
zzz never mattered until there were thousands
justmessin zzz apologies if this comes across as a complete noob but L/LU routers? XfR?
zzz sure but they were still taking up high cap slots
dr|z3d L = slow, X = fast, f = floodfill.
justmessin not familiar with either the i2pd or java i2p codebases however id like to help. driz3d and "U" / "XfR" ?
justmessin XfR is transfer rate or
zzz so trying to knock them down no matter what the caps
zzz the bad ones that is
dr|z3d I try to avoid profiling L tier.
dr|z3d in theory that should keep that out the high caps range, but I see a few here. nothing U, however.
dr|z3d maybe some of your recent changes have reinstated them. will have to double check.
justmessin im guessing theres already some system for banning 'bad' floodfill routers locally, that is floodfill routers that you've locally determined to be bunk
justmessin even if so doesn't fix the issue of an actor doing this again and passing as normal until it was set, establishing themselves as 'good' floodfill peers
zzz justmessin, there's a legend at the bottom of the profiles page
zzz dr|z3d, I think we also need to turn the new peer bonus into a penalty
zzz but need to be careful about just started + long downtimes
zzz will think about it
justmessin zzz thanks. if I understand correctly every router has a keypair. if ranking was possible locally (by downtime, bad peer count, whatever) - this could be advertised and signed by the router. other routers use their own rating to determine how trustworthy another routers rankings are
justmessin although that could lead to the same issue of gaining legitimacy for a period of time and then triggering. fast enough redistribution would prevent it from becoming a problem
zzz no, that's not our design. everybody does their own rating, we would never trust somebody else's rating
dr|z3d justmessin: we're discussing specifics. if you want to read up on the generalties, geti2p.net/en/docs/how/peer-selection
dr|z3d Blinded message
justmessin zzz: ah understood. driz3d: okay thanks
dr|z3d you might be onto something there, zzz. maybe new profiles need a bit more cred before they're marked up, like some good sends etc.
zzz the idea was to help integrate new peers but not helping us now
dr|z3d the assumption's turned on its head right now, that new peers are a good thing. obviously not the case at the mo.
zzz somebody suggested it, maybe obscuratus, bud didn't remember we were doing the opposite
zzz no time for charity when everybody's a thief
zzz doesn't look like you've meddled much in capacity calculator but that's a key spot for policy impl.
zzz w.r.t. client tunnels ofc
obscuratus Ah, you changed the Sybil costs. It's playing hell with my testing network. :D
zzz but also expl. during congestion aka now
zzz yeah ipv6 sybil. maybe still needs tweaks
zzz but probably shouldn't be running in test mode
dr|z3d no haven't "meddled" much with cap calc.
dr|z3d that last set of changes is the first time I think I've done consecutive merge commits without a conflict.
obscuratus I just change the sybil threshold, and it let's me test it sometimes.
zzz I never ran a testnet long enough for sybil to kick in
zzz obscuratus, want to try to submit an MR to fix it? I could use some help around here
zzz just find the spot to add if (!_context.getBooleanProperty("i2np.vmCommSystem"))
zzz so the analyzer never runs
dr|z3d apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbHelper.java looks like the probable place.
zzz whoever starts the timer
zzz no dr|z3d not in the console
dr|z3d and router/java/src/net/i2p/router/sybil/Analysis.java probably.
dr|z3d more likely the latter.
dr|z3d former's only for console display.
zzz if you dont start the timer it wont run
dr|z3d yeah, all you need is to detect vmcomm and enable router.sybilEnableBlocking if true.
dr|z3d or rather, disable.
dr|z3d if (_context.getProperty(PROP_BLOCK, DEFAULT_BLOCK))
dr|z3d doBlocking(points);
dr|z3d && !vmcomm.system
zzz and ofc the setting is allowLocal, not vmCommSystem
dr|z3d yeah, that was shorthand :)