@eyedeekay
&zzz
+R4SAS
+RN
+T3s|4
+dr|z3d
+hk
+orignal
+postman
+snex
+wodencafe
Arch2
BravoOreo
Dann
FreefallHeavens_
Irc2PGuest11045
Irc2PGuest3921
Irc2PGuest59134
Irc2PGuest60113
Irc2PGuest60478
Irc2PGuest7448
Leopold
Onn4l7h
Onn4|7h
SigSegv
Sleepy_
Soni
T3s|4_
Teeed
acetone_
aeiou_
aisle
ardu
b3t4f4c3__
bak83_
cumlord
dickless
dr4wd3
enoxa
eyedeekay_bnc
notRN
not_bob_afk
phil
plap
poriori
profetikla
qend-irc2p
radakayot_
rapidash
shiver_
solidx66_
u5657
uop23ip
w8rabbit
weko_
x74a6
dr|z3d
zzz or eyedeekay, please voice snex. thanks.
dr|z3d
thanks
dr|z3d
snex: when you're about, feel free to air your floodfill dest blacklist idea here.
zzz
eyedeekay, I propose a saturday release (friday checkin deadline) to stay far away from April Fools Day
eyedeekay
Saturday works for me I will be ready
zzz
announced on my forum, i2pforum, transifex, and (!) ramble
snex
yeah the basic idea is i want to be able to block given destinations from interacting with my router to whatever extent possible, and i want to be able to share my blocklists with others without revealing the exact destinations to them. the two ways we have figured to be able to do this is either use wildcards (should be super fast since you only need rshift/lshift but downside is you might block innocent dests)...
snex
Blinded message
snex
i can go more into WHY i want to do this if you like
zzz
please enumerate what the possible 'interactions with your router' are
zzz
I can only think of two, but you go first...
snex
the simplest one is i type that destination into my browser and the proxy tries to load it for me. the other one(s) is that i might use it as a floodfill and it might use me as one.
snex
im not sure if i can know which dest i use as a floodfill so disregard if i cant. but i can definitely tell when a dest uses me as one
zzz
yeah that's two
zzz
3) he tries to connect to one of your sites, but if he's a server-only that won't happen
zzz
4) his participating tunnels, but that's near-impossible to prevent, except for you as IBGW
zzz
we do have streaming blocklists for 3) inbound. Nothing for 1) outbound
zzz
2) is if you're a floodfill, and you're closest-to-the-routing-key for the day, it changes every day
zzz
1) and 2) are relatively straightforward; 3) probably not useful; 4) is impossible for most cases and hard for IBGW
zzz
an alternative for 2) is just disable floodfill
snex
i dont think we want to encourage people to disable floodfill just because they discovered a dest hosting objectionable content
zzz
an alternative for 4) is just disable participating tunnels
snex
id like to be able to subscribe to publicly hosted blocklists similar to how addressbooks work
zzz
sure, you could publish hashes-of-hashes, if you don't want your blocklist to be reversable
zzz
but if a site you are blocking is registered with a subscription service, people could just hash all the sites in the addressbook to reverse them
snex
i dont see why reversing one hash would reverse them all
snex
If a site is in your address book you’ll always be able to know how to access it and if you really want to know you can just make a scanner like I did
snex
We can’t stop that
zzz
true
snex
imo maintaining plausible deniability is important. hypothetically i could post a link in here that destroys your PD unless you just permanently turn floodfill off
orignal
destinations can't interact with routers
orignal
if a floodfills ban particular addresses it should be bypassed by other routers
snex
i dont care if you let your router deal with those dests. i want to control what mine does
orignal
no
orignal
if you run a floodfill you have an obligation to serve all LeaseSet and all requests
orignal
unless it's an attack
orignal
you don't have a right to decide if you like some destination or not
snex
sorry but thats nonsense. i dont owe anybody anything on my hardware
snex
if i CAN filter it, then i want to
orignal
then your FF will be considered as malformed
snex
in some jurisdictions i have an obligation to
orignal
*malfunctioning
snex
considered by who?
orignal
by other routers
orignal
and thier profiles
snex
the people running services i object to? dont care
orignal
if you can't make it just DON"T RUN A FLOODFILL
snex
routers randomly become floodfills naturally
orignal
if your FF dones't do it's duty it will be excluded
snex
are you telling me they all accept every request? never reject anything ever?
orignal
zzz, is this true?
orignal
yes, if you are a floodfill you must accept all publictaions and lookups
dr|z3d
floodfills, if they meet certain conditions, will be auto-enrolled, but they can also be disabled or force-enrolled.
snex
if i am in floodfill mode and over my bw limit, my router disobeys my bw limits?
dr|z3d
on I2P/I2P+
orignal
floodfill don't consume too much badwidth
orignal
trabsit does
snex
i doubt most of the people turning on floodfill mode even understand this
snex
when i pointed out that i could find hidden sites this way, people told me i was full of shit
orignal
zzz, really why a random guy can run a floodfill without being enable it explicitly?
orignal
hidden sited with encrypted LeaseSets?
orignal
*sites
snex
no, pretty sure i cant find those
snex
but sites with regular LS but not in any address book
orignal
then what is "hidden site"?
orignal
))))))
snex
like just go create a service tunnel right now. tell nobody about it. i can find it
orignal
sorry, my fireds, but thye are not hidden
snex
well the people making them sure seem to think so. which is another thing id like to see is better documentation around encrypted LS
snex
but thats beside the point - some of these sites dont want to be encrypted because they want to be shared among certain communities
snex
and i dont want to facilitate them
orignal
they can share b33 amount the community
orignal
*amoung
snex
pretty sure sharing an ELS is more than just sharing the link, you need to give keys out
orignal
no you don't
orignal
RTFM
snex
i dont care about ELS right now
orignal
check this out
orignal
link or dest with encrypted LS
orignal
*of
orignal
can't be discoved by a FF
snex
i cannot open that site at all
snex
which means simply sharing the link doesnt work
orignal
what does it say?
snex
"Destination LeaseSet not found"
orignal
lemme check
orignal
myabe I have broken something
orignal
opens fine
orignal
can someone with Java try to open one?
orignal
if it's a case we need to investigate
snex
i mean this is all beside the point because i dont think saying "hey bad guys would you please encrypt your bad site full of bad stuff? thx"
snex
and "bad" is subjective anyway
snex
i just want to control my hardware, not anybody elses
RN
orignal, opened fine for me
snex
it loads now. maybe just needed time to propagate
orignal
it's online for many days
orignal
it's mine
snex
i used a different tunnel the second time. not sure why that would matter
orignal
me too
zzz
default is auto-floodfill if criteria are met, that's why
orignal
bad idea
orignal
a ordinary user should never run a floodfill
snex
why?
snex
more ffs spreads the load and it also helps disguise bandwidth usage
orignal
because it consumes much more resources
orignal
better to not run a ff at ll than a bad ff
snex
thats a good thing. if you see a router that sends a lot of data but is never ff that can be sus and help deanon people
snex
i2p+ at least does hardware checks to see if you get enrolled. ARM boards seem to be banned from being floodfills
zzz
only the high-resource routers become ff automatically
zzz
if we didn't do it, we'd have 100 ffs, not 1000
zzz
if ppl don't like it they can turn it off
zzz
been that way for 17 years
snex
what defines "high resource?" my beelink n100 is happy to be a permanent ff
snex
barely any resources used at all
snex
and thats also while im hammering it to scan the network
zzz
look in the source in FloodfillMonitorJob
zzz
there's 10-15 criteria
orignal
zzz, still no server address with 5?
snex
in any case i agree with encouraging more ffs. i looked into whether i can scan the tor network the same way and it turns out that their equivalent to ffs is restricted to only 9(!) devices
zzz
fun fact: when jrandom vanished, there were only 3 hardcoded ffs, and two of them went down
zzz
we were one router away from the whole network going down
zzz
that's when we did auto-ff and a real DHT, in 2008
zzz
orignal, not until you've finished unit testing
zzz
I don't have time to help you unit test, it's very time consuming
zzz
right snex, 9 dir auths
snex
thats frightening. why do people host things on tor at all?
orignal
but you are testing somehow
zzz
right, I've tested with myself, first with a unit test, then on live net, and I fixed 50 bugs to get it working
orignal
therefore you are running a server
zzz
it's not up atm
zzz
when you have it working over live net, let me know, and we can do interoperability testing
orignal
it's matter of couple days
zzz
thats what I thought and it took me two months ))
orignal
the main problem will be different interpretation of the specs
orignal
basically the only missing part is encaps/decaps in NS and NSR
zzz
ofc. If we both have it working with ourselves, then that's the only thing left is the spec
zzz
we've done this 4x before, we know how it goes
orignal
I know that my NS will be decrypted by my server
orignal
and not sure about yours
orignal
is there an option to not add I2P Http headers to server tunnel?
RN
maybe if you use a standard tunnel instead of http?
RN
got to weigh what it blocks and what it doesn't
orignal
I want to strip out responses however
orignal
imagine you use an http server that consider request with these headers as malformed ))
orignal
I didn't know that such server even existed until today ))
dr|z3d
we strip various headers
dr|z3d
so do you..
dr|z3d
at least, you strip the server header.
orignal
I'm talking about X-I2P-*
orignal
is there an options to supress them?
dr|z3d
an option where?
dr|z3d
in i2pd?
orignal
I2CP or config
dr|z3d
those will never be considered as malformed, either.
orignal
I though too
orignal
but Haiku has http server called poorman ))
dr|z3d
they may be ignored, but they're perfectly valid headers to serve.
orignal
it closes a connection one see them ))
dr|z3d
oh, having written off haiku when I mentioned it a few weeks ago, you're now a convert. bravo :)
orignal
*once
orignal
no, I'm touch with guys much longer
dr|z3d
haiku probably has nginx available.
orignal
but there is built-in http server
orignal
and it's awesome ))))
orignal
such behaviour makes it someting unique