#i2p-dev (irc2p) | 2.8.2-6

dr|z3d zzz or eyedeekay, please voice snex. thanks.

dr|z3d thanks

dr|z3d snex: when you're about, feel free to air your floodfill dest blacklist idea here.

zzz eyedeekay, I propose a saturday release (friday checkin deadline) to stay far away from April Fools Day

eyedeekay Saturday works for me I will be ready

zzz announced on my forum, i2pforum, transifex, and (!) ramble

snex yeah the basic idea is i want to be able to block given destinations from interacting with my router to whatever extent possible, and i want to be able to share my blocklists with others without revealing the exact destinations to them. the two ways we have figured to be able to do this is either use wildcards (should be super fast since you only need rshift/lshift but downside is you might block innocent dests)...

snex Blinded message

snex i can go more into WHY i want to do this if you like

zzz please enumerate what the possible 'interactions with your router' are

zzz I can only think of two, but you go first...

snex the simplest one is i type that destination into my browser and the proxy tries to load it for me. the other one(s) is that i might use it as a floodfill and it might use me as one.

snex im not sure if i can know which dest i use as a floodfill so disregard if i cant. but i can definitely tell when a dest uses me as one

zzz yeah that's two

zzz 3) he tries to connect to one of your sites, but if he's a server-only that won't happen

zzz 4) his participating tunnels, but that's near-impossible to prevent, except for you as IBGW

zzz we do have streaming blocklists for 3) inbound. Nothing for 1) outbound

zzz 2) is if you're a floodfill, and you're closest-to-the-routing-key for the day, it changes every day

zzz 1) and 2) are relatively straightforward; 3) probably not useful; 4) is impossible for most cases and hard for IBGW

zzz an alternative for 2) is just disable floodfill

snex i dont think we want to encourage people to disable floodfill just because they discovered a dest hosting objectionable content

zzz an alternative for 4) is just disable participating tunnels

snex id like to be able to subscribe to publicly hosted blocklists similar to how addressbooks work

zzz sure, you could publish hashes-of-hashes, if you don't want your blocklist to be reversable

zzz but if a site you are blocking is registered with a subscription service, people could just hash all the sites in the addressbook to reverse them

snex i dont see why reversing one hash would reverse them all

snex If a site is in your address book you’ll always be able to know how to access it and if you really want to know you can just make a scanner like I did

snex We can’t stop that

zzz true

snex imo maintaining plausible deniability is important. hypothetically i could post a link in here that destroys your PD unless you just permanently turn floodfill off

orignal destinations can't interact with routers

orignal if a floodfills ban particular addresses it should be bypassed by other routers

snex i dont care if you let your router deal with those dests. i want to control what mine does

orignal no

orignal if you run a floodfill you have an obligation to serve all LeaseSet and all requests

orignal unless it's an attack

orignal you don't have a right to decide if you like some destination or not

snex sorry but thats nonsense. i dont owe anybody anything on my hardware

snex if i CAN filter it, then i want to

orignal then your FF will be considered as malformed

snex in some jurisdictions i have an obligation to

orignal *malfunctioning

snex considered by who?

orignal by other routers

orignal and thier profiles

snex the people running services i object to? dont care

orignal if you can't make it just DON"T RUN A FLOODFILL

snex routers randomly become floodfills naturally

orignal if your FF dones't do it's duty it will be excluded

snex are you telling me they all accept every request? never reject anything ever?

orignal zzz, is this true?

orignal yes, if you are a floodfill you must accept all publictaions and lookups

dr|z3d floodfills, if they meet certain conditions, will be auto-enrolled, but they can also be disabled or force-enrolled.

snex if i am in floodfill mode and over my bw limit, my router disobeys my bw limits?

dr|z3d on I2P/I2P+

orignal floodfill don't consume too much badwidth

orignal trabsit does

snex i doubt most of the people turning on floodfill mode even understand this

snex when i pointed out that i could find hidden sites this way, people told me i was full of shit

orignal zzz, really why a random guy can run a floodfill without being enable it explicitly?

orignal hidden sited with encrypted LeaseSets?

orignal *sites

snex no, pretty sure i cant find those

snex but sites with regular LS but not in any address book

orignal then what is "hidden site"?

orignal ))))))

snex like just go create a service tunnel right now. tell nobody about it. i can find it

orignal sorry, my fireds, but thye are not hidden

snex well the people making them sure seem to think so. which is another thing id like to see is better documentation around encrypted LS

snex but thats beside the point - some of these sites dont want to be encrypted because they want to be shared among certain communities

snex and i dont want to facilitate them

orignal they can share b33 amount the community

orignal *amoung

snex pretty sure sharing an ELS is more than just sharing the link, you need to give keys out

orignal no you don't

orignal RTFM

snex i dont care about ELS right now

orignal tojbxbveijj5c6ql25bifzdfh5xm2idc36cbffrmdfovuykgtjd2yfuk.b32.i2p

orignal check this out

orignal link or dest with encrypted LS

orignal *of

orignal can't be discoved by a FF

snex i cannot open that site at all

snex which means simply sharing the link doesnt work

orignal what does it say?

snex "Destination LeaseSet not found"

orignal lemme check

orignal myabe I have broken something

orignal opens fine

orignal can someone with Java try to open one?

orignal if it's a case we need to investigate

snex i mean this is all beside the point because i dont think saying "hey bad guys would you please encrypt your bad site full of bad stuff? thx"

snex and "bad" is subjective anyway

snex i just want to control my hardware, not anybody elses

RN orignal, opened fine for me

snex it loads now. maybe just needed time to propagate

orignal it's online for many days

orignal it's mine

snex i used a different tunnel the second time. not sure why that would matter

orignal me too

zzz default is auto-floodfill if criteria are met, that's why

orignal bad idea

orignal a ordinary user should never run a floodfill

snex why?

snex more ffs spreads the load and it also helps disguise bandwidth usage

orignal because it consumes much more resources

orignal better to not run a ff at ll than a bad ff

snex thats a good thing. if you see a router that sends a lot of data but is never ff that can be sus and help deanon people

snex i2p+ at least does hardware checks to see if you get enrolled. ARM boards seem to be banned from being floodfills

zzz only the high-resource routers become ff automatically

zzz if we didn't do it, we'd have 100 ffs, not 1000

zzz if ppl don't like it they can turn it off

zzz been that way for 17 years

snex what defines "high resource?" my beelink n100 is happy to be a permanent ff

snex barely any resources used at all

snex and thats also while im hammering it to scan the network

zzz look in the source in FloodfillMonitorJob

zzz there's 10-15 criteria

orignal zzz, still no server address with 5?

snex in any case i agree with encouraging more ffs. i looked into whether i can scan the tor network the same way and it turns out that their equivalent to ffs is restricted to only 9(!) devices

zzz fun fact: when jrandom vanished, there were only 3 hardcoded ffs, and two of them went down

zzz we were one router away from the whole network going down

zzz that's when we did auto-ff and a real DHT, in 2008

zzz orignal, not until you've finished unit testing

zzz I don't have time to help you unit test, it's very time consuming

zzz right snex, 9 dir auths

snex thats frightening. why do people host things on tor at all?

orignal but you are testing somehow

zzz right, I've tested with myself, first with a unit test, then on live net, and I fixed 50 bugs to get it working

orignal therefore you are running a server

zzz it's not up atm

zzz when you have it working over live net, let me know, and we can do interoperability testing

orignal it's matter of couple days

zzz thats what I thought and it took me two months ))

orignal the main problem will be different interpretation of the specs

orignal basically the only missing part is encaps/decaps in NS and NSR

zzz ofc. If we both have it working with ourselves, then that's the only thing left is the spec

zzz we've done this 4x before, we know how it goes

orignal I know that my NS will be decrypted by my server

orignal and not sure about yours

orignal is there an option to not add I2P Http headers to server tunnel?

RN maybe if you use a standard tunnel instead of http?

RN got to weigh what it blocks and what it doesn't

orignal I want to strip out responses however

orignal imagine you use an http server that consider request with these headers as malformed ))

orignal I didn't know that such server even existed until today ))

dr|z3d we strip various headers

dr|z3d so do you..

dr|z3d at least, you strip the server header.

orignal I'm talking about X-I2P-*

orignal is there an options to supress them?

dr|z3d an option where?

dr|z3d in i2pd?

orignal I2CP or config

dr|z3d those will never be considered as malformed, either.

orignal I though too

orignal but Haiku has http server called poorman ))

dr|z3d they may be ignored, but they're perfectly valid headers to serve.

orignal it closes a connection one see them ))

dr|z3d oh, having written off haiku when I mentioned it a few weeks ago, you're now a convert. bravo :)

orignal *once

orignal no, I'm touch with guys much longer

dr|z3d haiku probably has nginx available.

orignal but there is built-in http server

orignal and it's awesome ))))

orignal such behaviour makes it someting unique