IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2025/03/26
@eyedeekay
&zzz
+R4SAS
+RN
+T3s|4
+dr|z3d
+hk
+orignal
+postman
+snex
+wodencafe
Arch2
BravoOreo
Dann
FreefallHeavens_
Irc2PGuest11045
Irc2PGuest3921
Irc2PGuest59134
Irc2PGuest60113
Irc2PGuest60478
Irc2PGuest7448
Leopold
Onn4l7h
Onn4|7h
SigSegv
Sleepy_
Soni
T3s|4_
Teeed
acetone_
aeiou_
aisle
ardu
b3t4f4c3__
bak83_
cumlord
dickless
dr4wd3
enoxa
eyedeekay_bnc
notRN
not_bob_afk
phil
plap
poriori
profetikla
qend-irc2p
radakayot_
rapidash
shiver_
solidx66_
u5657
uop23ip
w8rabbit
weko_
x74a6
dr|z3d zzz or eyedeekay, please voice snex. thanks.
dr|z3d thanks
dr|z3d snex: when you're about, feel free to air your floodfill dest blacklist idea here.
zzz eyedeekay, I propose a saturday release (friday checkin deadline) to stay far away from April Fools Day
eyedeekay Saturday works for me I will be ready
zzz announced on my forum, i2pforum, transifex, and (!) ramble
snex yeah the basic idea is i want to be able to block given destinations from interacting with my router to whatever extent possible, and i want to be able to share my blocklists with others without revealing the exact destinations to them. the two ways we have figured to be able to do this is either use wildcards (should be super fast since you only need rshift/lshift but downside is you might block innocent dests)...
snex Blinded message
snex i can go more into WHY i want to do this if you like
zzz please enumerate what the possible 'interactions with your router' are
zzz I can only think of two, but you go first...
snex the simplest one is i type that destination into my browser and the proxy tries to load it for me. the other one(s) is that i might use it as a floodfill and it might use me as one.
snex im not sure if i can know which dest i use as a floodfill so disregard if i cant. but i can definitely tell when a dest uses me as one
zzz yeah that's two
zzz 3) he tries to connect to one of your sites, but if he's a server-only that won't happen
zzz 4) his participating tunnels, but that's near-impossible to prevent, except for you as IBGW
zzz we do have streaming blocklists for 3) inbound. Nothing for 1) outbound
zzz 2) is if you're a floodfill, and you're closest-to-the-routing-key for the day, it changes every day
zzz 1) and 2) are relatively straightforward; 3) probably not useful; 4) is impossible for most cases and hard for IBGW
zzz an alternative for 2) is just disable floodfill
snex i dont think we want to encourage people to disable floodfill just because they discovered a dest hosting objectionable content
zzz an alternative for 4) is just disable participating tunnels
snex id like to be able to subscribe to publicly hosted blocklists similar to how addressbooks work
zzz sure, you could publish hashes-of-hashes, if you don't want your blocklist to be reversable
zzz but if a site you are blocking is registered with a subscription service, people could just hash all the sites in the addressbook to reverse them
snex i dont see why reversing one hash would reverse them all
snex If a site is in your address book you’ll always be able to know how to access it and if you really want to know you can just make a scanner like I did
snex We can’t stop that
zzz true
snex imo maintaining plausible deniability is important. hypothetically i could post a link in here that destroys your PD unless you just permanently turn floodfill off
orignal destinations can't interact with routers
orignal if a floodfills ban particular addresses it should be bypassed by other routers
snex i dont care if you let your router deal with those dests. i want to control what mine does
orignal if you run a floodfill you have an obligation to serve all LeaseSet and all requests
orignal unless it's an attack
orignal you don't have a right to decide if you like some destination or not
snex sorry but thats nonsense. i dont owe anybody anything on my hardware
snex if i CAN filter it, then i want to
orignal then your FF will be considered as malformed
snex in some jurisdictions i have an obligation to
orignal *malfunctioning
snex considered by who?
orignal by other routers
orignal and thier profiles
snex the people running services i object to? dont care
orignal if you can't make it just DON"T RUN A FLOODFILL
snex routers randomly become floodfills naturally
orignal if your FF dones't do it's duty it will be excluded
snex are you telling me they all accept every request? never reject anything ever?
orignal zzz, is this true?
orignal yes, if you are a floodfill you must accept all publictaions and lookups
dr|z3d floodfills, if they meet certain conditions, will be auto-enrolled, but they can also be disabled or force-enrolled.
snex if i am in floodfill mode and over my bw limit, my router disobeys my bw limits?
dr|z3d on I2P/I2P+
orignal floodfill don't consume too much badwidth
orignal trabsit does
snex i doubt most of the people turning on floodfill mode even understand this
snex when i pointed out that i could find hidden sites this way, people told me i was full of shit
orignal zzz, really why a random guy can run a floodfill without being enable it explicitly?
orignal hidden sited with encrypted LeaseSets?
orignal *sites
snex no, pretty sure i cant find those
snex but sites with regular LS but not in any address book
orignal then what is "hidden site"?
orignal ))))))
snex like just go create a service tunnel right now. tell nobody about it. i can find it
orignal sorry, my fireds, but thye are not hidden
snex well the people making them sure seem to think so. which is another thing id like to see is better documentation around encrypted LS
snex but thats beside the point - some of these sites dont want to be encrypted because they want to be shared among certain communities
snex and i dont want to facilitate them
orignal they can share b33 amount the community
orignal *amoung
snex pretty sure sharing an ELS is more than just sharing the link, you need to give keys out
orignal no you don't
snex i dont care about ELS right now
orignal check this out
orignal link or dest with encrypted LS
orignal can't be discoved by a FF
snex i cannot open that site at all
snex which means simply sharing the link doesnt work
orignal what does it say?
snex "Destination LeaseSet not found"
orignal lemme check
orignal myabe I have broken something
orignal opens fine
orignal can someone with Java try to open one?
orignal if it's a case we need to investigate
snex i mean this is all beside the point because i dont think saying "hey bad guys would you please encrypt your bad site full of bad stuff? thx"
snex and "bad" is subjective anyway
snex i just want to control my hardware, not anybody elses
RN orignal, opened fine for me
snex it loads now. maybe just needed time to propagate
orignal it's online for many days
orignal it's mine
snex i used a different tunnel the second time. not sure why that would matter
orignal me too
zzz default is auto-floodfill if criteria are met, that's why
orignal bad idea
orignal a ordinary user should never run a floodfill
snex why?
snex more ffs spreads the load and it also helps disguise bandwidth usage
orignal because it consumes much more resources
orignal better to not run a ff at ll than a bad ff
snex thats a good thing. if you see a router that sends a lot of data but is never ff that can be sus and help deanon people
snex i2p+ at least does hardware checks to see if you get enrolled. ARM boards seem to be banned from being floodfills
zzz only the high-resource routers become ff automatically
zzz if we didn't do it, we'd have 100 ffs, not 1000
zzz if ppl don't like it they can turn it off
zzz been that way for 17 years
snex what defines "high resource?" my beelink n100 is happy to be a permanent ff
snex barely any resources used at all
snex and thats also while im hammering it to scan the network
zzz look in the source in FloodfillMonitorJob
zzz there's 10-15 criteria
orignal zzz, still no server address with 5?
snex in any case i agree with encouraging more ffs. i looked into whether i can scan the tor network the same way and it turns out that their equivalent to ffs is restricted to only 9(!) devices
zzz fun fact: when jrandom vanished, there were only 3 hardcoded ffs, and two of them went down
zzz we were one router away from the whole network going down
zzz that's when we did auto-ff and a real DHT, in 2008
zzz orignal, not until you've finished unit testing
zzz I don't have time to help you unit test, it's very time consuming
zzz right snex, 9 dir auths
snex thats frightening. why do people host things on tor at all?
orignal but you are testing somehow
zzz right, I've tested with myself, first with a unit test, then on live net, and I fixed 50 bugs to get it working
orignal therefore you are running a server
zzz it's not up atm
zzz when you have it working over live net, let me know, and we can do interoperability testing
orignal it's matter of couple days
zzz thats what I thought and it took me two months ))
orignal the main problem will be different interpretation of the specs
orignal basically the only missing part is encaps/decaps in NS and NSR
zzz ofc. If we both have it working with ourselves, then that's the only thing left is the spec
zzz we've done this 4x before, we know how it goes
orignal I know that my NS will be decrypted by my server
orignal and not sure about yours
orignal is there an option to not add I2P Http headers to server tunnel?
RN maybe if you use a standard tunnel instead of http?
RN got to weigh what it blocks and what it doesn't
orignal I want to strip out responses however
orignal imagine you use an http server that consider request with these headers as malformed ))
orignal I didn't know that such server even existed until today ))
dr|z3d we strip various headers
dr|z3d so do you..
dr|z3d at least, you strip the server header.
orignal I'm talking about X-I2P-*
orignal is there an options to supress them?
dr|z3d an option where?
dr|z3d in i2pd?
orignal I2CP or config
dr|z3d those will never be considered as malformed, either.
orignal I though too
orignal but Haiku has http server called poorman ))
dr|z3d they may be ignored, but they're perfectly valid headers to serve.
orignal it closes a connection one see them ))
dr|z3d oh, having written off haiku when I mentioned it a few weeks ago, you're now a convert. bravo :)
orignal *once
orignal no, I'm touch with guys much longer
dr|z3d haiku probably has nginx available.
orignal but there is built-in http server
orignal and it's awesome ))))
orignal such behaviour makes it someting unique