@eyedeekay
&eche|on
&kytv
&zzz
+R4SAS
+RN
+RN_
+T3s|4
+acetone
+dr|z3d
+hk
+orignal
+postman
+weko
+wodencafe
An0nm0n
Arch
Danny
DeltaOreo
FreefallHeavens
Irc2PGuest21881
Irc2PGuest5995
Irc2PGuest88897
Irc2PGuest95630
Nausicaa
Onn4l7h
Onn4|7h
Over
Sisyphus
Sleepy
Soni
T3s|4_
aargh2
anon2
b3t4f4c3
bak83
boonst
cumlord
dr4wd3_
eyedeekay_bnc
hagen_
khb_
not_bob_afk
plap
poriori
profetikla
r3med1tz-
rapidash
shiver_
solidx66
u5657
uop23ip
w8rabbit
x74a6
zzz
china/0.9.58 botnet vanished a few hours ago, java expl. build success now highest since late 2022
orignal
yes, same here
orignal
even of floodfills
orignal
Routers: 12279
orignal
zzz could you remind what you do with publishing and lookups around UTC midnight?
zzz
I don't think we do anything special on lookups, but just before midnight we publish to both old and new closest ff.
orignal
what's the threshold?
zzz
the time threshold?
orignal
yes
zzz
stand by, looking...
orignal
e.g. "before midnight"
zzz
correction, the publishers don't do anything special. It's the floodfill, it _floods_ to both old and new
orignal
at what time?
zzz
threshold: 45 minutes before midnight for RI, 10 minutes for LS
zzz
and we flood to 3 old closest (as usual) and 2 new closest
orignal
so you flood to 6 routers in 45 minuntes before minight
orignal
got it
zzz
I'm the first one, I flood to 5 more, yes
orignal
thanks
orignal
will do the same
orignal
so it's only on floodfilld. no publishing no requests on regular routers?
zzz
I don't remember doing a lot of testing of it, looks like I did it 10 years ago
zzz
correct, nothing special on regular routers. The floodfill does it, just flooding to both old and new
zzz
are you seeing problems at midnight?
orignal
Vort notices connection spikes near UTC midnight
orignal
we are trying to anaylyze what causes it
zzz
ok, let us know if you find out more
orignal
at least it explains
zzz
maybe
zzz
are the spikes just before, or just after midnight? makes a difference...
orignal
flood connection doubled
orignal
not sure
zzz
++Vort, doing good work as usual
zzz
we knew about China, but somebody had mentioned maybe it was in Iran also?
zzz
I hadn't realized that the botnet was 2/3 of the global 0.9.58 fleet, but stats overnight make it clear
zzz
we should consider increasing our tunnel/ff minimums to 0.9.59 in case it comes back
dr|z3d
yeah, Iran was huge at one point.
dr|z3d
It's still pretty large in the scheme of things.
dr|z3d
only US has more routers from the pov of one of my routers right now.
zzz
never saw "huge", currently about 4% of net for me, didn't vanish with the Chinese overnight
zzz
may just be a reaction to ISP fuckery I've seen reported on twitter
zzz
eyedeekay, about time for you to followup on the Monero CCS MR? suggested points to make:
dr|z3d
almost exclusively P tier, with a spread of versions.
zzz
1) yes it's really us, for proof see @i2p on twitter or zzz.i2p post
zzz
2) we're not experts in your CCS process, the CCS was suggested to us by Paul Janowitz on twitter, who projected it would be rapidly approved and funded
dr|z3d
(and very few floodfills, single figure, all of which appear to be XU)
zzz
3) we've been pushing SAMv3 at your kons and meetups for several years, without success, this is our last and final attempt
zzz
EOT
zzz
dr|z3d, looking at caps distribution in strict countries is always tricky because you're only seeing i2pd since java is hidden, and i2pd doesn't publish all the tiers java does
dr|z3d
yeah, this smells funny. 99% PR, versions from 0.9.53 - 0.9.62.
zzz
so the caps distribution always looks weird to us
dr|z3d
out of ~500 routers, I counted 3 non-U ffs, all P tier.
dr|z3d
and yeah, it all looks pretty weird.
orignal
implemented
orignal
but what's the model of the attack?
orignal
still not clear