IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2023/02/06
@eyedeekay
+R4SAS
+RN
+RN_
+Xeha
+acetone
+orignal
+weko
Irc2PGuest42386
Irc2PGuest5995
Leopold_
Onn4l7h
Onn4|7h
T3s|4_
aargh2
anon2
eyedeekay_bnc
hk
not_bob_afk
profetikla
shiver_
u5657
x74a6
orignal on floodfill?
zzz I;ll probably need to switch one of my routers to ff and see if that works
orignal you need to test it on floodffill
zzz the trouble is the RIs propagate really quickly via DBSRMs
orignal when this moron start publishing you should see his real IP
orignal you don't care about propagation
orignal only connection he uses to publish himself
orignal and you should catch him there
zzz sure, but maybe you will catch him first
orignal but I'm still writing the code ))
orignal 1 more hour or so
orignal have to do too many things in parallel
zzz yeah I've tweaked about 8 things so far, testing all of it at once
orignal once I'm done we will find this faggot shotly
orignal if my theory is right
orignal but you probbably guess how I would publish RI if I was him
orignal but I hope is not familiar with I2P internals enough to do it
zzz so far I can't prove anybody's theory, but I'm making good fixes along the way
orignal however I predict his IP will be either Moscow or Novosibirsk
zzz good luck, I'm out after 12 hours on it, back at it in the morning :)
orignal funny thing I can't connect to ilita from bouncer ))
orignal here we go
orignal 202.169.118.85
orignal abuser's IP
orignal no wrong one
orignal he publishes alwways wrong IP
orignal but same
orignal but this guy is also interesting
orignal floodfill published as 158.140.215.184 21228
orignal non reachable
orignal definitly Java
orignal dr|z3d trick works great
weko Australia
weko geo ip says
weko AS9310 MYREPUBLIC PTY LTD
weko Australia
weko VIC
weko Victoria
weko Melton West
weko 3337
weko -37.6758
weko 144.5527
weko ++attacker ip, I guess
weko Need wait
weko But really many mismatches with ntcp2
weko 2 per minute I think
weko Seen attacker ip only one time for now, because no attack now
weko No ++, it address trying publish only one ip now. Need wait new wave
weko Hm, no more waves
weko Interesting
dr|z3d still dodgy routers out there.
dr|z3d 30m uptime, 2K routers banned gere.
dr|z3d *here, and slowly increasing.
weko Maybe it is maybe valid NTCP2 only floodfills
weko Need wait for new wave
dr|z3d I doubt 2K ffs are valid.
dr|z3d legit ffs also higher than normal @ 2.8K
weko Pizdec blyat'
orignal no autralia is not attacker
orignal however I'm wodering why it happens
orignal that he publishes wrong IP
zzz so have we moved past NTCP2-only already?
zzz dr|z3d, you need to rip out that code anyway, it's aggressively borked
orignal no they send with SSU and N bandwidth
orignal I saw few
orignal and they all non reachable
dr|z3d hmm, zzz?
zzz dr|z3d, you're not doing your users any favors by doing quick untested hacks and then lobbying them to try it. Slow down and test more
zzz your "noSSU" code
dr|z3d what about it?
zzz it's pointless, and it's buggy
dr|z3d listening to why it's buggy, refute the assertion that it's pointless.
zzz see above. there is no more NTCP2-only spam
dr|z3d I'm not sure that's accurate.
zzz that's what it looks like from here
dr|z3d yeah, except it really depends where you're looking from.
dr|z3d mostly I'd agree, but I'm being told that the attack's back on from some quarters.
zzz right, just not NTCP2-only
dr|z3d there may be concurrent attacks in play, then.
dr|z3d because some people are reporting huge spikes in NTCP only ffs and the concommitant + bans.
zzz re: bad code, it's not even a code thing, it's a logic thing:
zzz boolean noSSU = false;
zzz for (RouterAddress ra : info.getAddresses()) {
zzz if (ra.getTransportStyle().equals("SSU") ||
zzz ra.getTransportStyle().equals("SSU2")) {
zzz noSSU = false;
zzz break;
zzz if (!ra.getTransportStyle().equals("SSU") &&
zzz !ra.getTransportStyle().equals("SSU2"))
zzz noSSU = true;
zzz did you get two code blocks, old and fixed, or should I repost?
dr|z3d never saw those, please repost.
zzz <zzz> re: bad code, it's not even a code thing, it's a logic thing:
zzz <zzz> boolean noSSU = false;
zzz <zzz> for (RouterAddress ra : info.getAddresses()) {
zzz <zzz> if (ra.getTransportStyle().equals("SSU") ||
zzz <zzz> ra.getTransportStyle().equals("SSU2")) {
zzz <zzz> noSSU = false;
zzz <zzz> break;
zzz <zzz> }
zzz <zzz> if (!ra.getTransportStyle().equals("SSU") &&
zzz <zzz> !ra.getTransportStyle().equals("SSU2"))
zzz <zzz> noSSU = true;
zzz <zzz> }
zzz <zzz> how can that possibly give you an accurate value for noSSU given random ordering of transports?
zzz <zzz> this is not about bad java.
zzz <zzz> a correct version, in its entirety, as I said yesterday, would be:
zzz <zzz> boolean noSSU = true;
zzz <zzz> for (RouterAddress ra : info.getAddresses()) {
zzz <zzz> if (ra.getTransportStyle().equals("SSU") ||
zzz <zzz> ra.getTransportStyle().equals("SSU2")) {
zzz <zzz> noSSU = false;
zzz <zzz> break;
zzz <zzz> }
zzz <zzz> }
dr|z3d ok, thanks. so just invert the test then.
zzz I'm really concerned that between your increasing divergence + bug injection, and the inexorable increase in merge complexity and merge-induced bugs, you;re on the verge of big problems
dr|z3d I'm fine, really, but thanks for your concern :)
dr|z3d so my next aggressive mitigation is to ban firewalled floodfills. I'm sure you'll love that one, too :)
orignal so zzz do you have an explaitaion bout that australian guy?
orignal floodfill publishes IP that's not reachable
orignal connects from anoth IP
zzz ok just test test test that it's not aggressively borked
orignal has both NTCP2 and SSU2
dr|z3d roger that, zzz.
zzz no orignal, I'm watching the mismatches but haven't seen any pattern
orignal no he is not an attacker
orignal I'm asking how it's even possible in Java code
orignal he runs SSU2 and should update his extrenal IP shotrly
orignal but he keeps connecting from wrond address even now
zzz Blinded message
weko orignal: I already said what Australian guy isn't attacker as I know. Or you seen real attack behavior (various IP from one endpoint)?
zzz have a router hash?
weko zzz: I can send 5 bytes
orignal will tell you
weko g-PY
weko 4 symbols
weko But I don't see any pattern of attack from this IP
orignal g-PYqDUxMGUSZUQ6tAkZhvOYSEqSP5bVoKEKUq~pGpA\=
weko He only trying publish 158.140.215.184
orignal I'm asking juts how it's possible
weko orignal: I have 10-15 address who spamming me mismatched addresses, but every endpoint trying publish one ip
weko Ntcp2
orignal I know
orignal that's why I have this question to zzz
orignal what's the scenario
weko Misconfig?
weko Setup incorrect host=
orignal it's Java
orignal also tell ilita guys that my vps with znc is dead completely
orignal I will connect locally once I have time
weko Okay
weko orignal: I think we need more logging
orignal I'm busy until afternnon
orignal * zzz вышел (Ping timeout: 320 seconds)
orignal <orignal> I know
orignal <orignal> that's why I have this question to zzz
orignal <orignal> what's the scenario
orignal <weko> Misconfig?
orignal <weko> Setup incorrect host=
orignal <orignal> it's Java
weko Ntcp2/ssu2 1400/4000
orignal interestuing
zzz three possibilities, or a combination:
zzz - Two IPs
zzz - VPN
zzz - Configured IP
orignal what is "configured IP"?
zzz force your IP address instead of auto-detect
orignal do you have this option?
orignal so an attcker can use it too
orignal anyway I believe we should drop such routers
weko I agree
weko Published address must be same with endpoint
orignal it seems there is a lag with extrnal address change and new RI in Java
weko [17:50:16] <extraNaCl> Петух тут только один. Которы даже не в курсе, что адреса настоящие ботнета.
weko Some clown from ilita said what it is real addreses and what it is botnet
orignal we know they are non reachable
orignal extraNaCl is zlatinb, btw
orignal maybe not
acetone orignal: zlatinb have lower Russian skills in regular chats)
orignal he has similar nick
orignal probably not him
weko Finally
weko [18:28:11] <b39775weko_> Are you sure?
weko [18:28:38] <b39775weko_> With other words, clown?
weko [18:29:11] <b39775weko_> orignal: I have some theory and made some tests
weko [18:30:02] <b39775weko_> orignal: Hm. They not reacheble, but it is maybe botnet
weko [18:30:30] <b39775weko_> We need check , list of address of every wave same or not
weko [18:31:07] <b39775weko_> If it same, more chances what it is botnet
zzz repost
zzz if UPnP works, or if we have a real public IPv4 address, we won't switch IPs, so that + VPN will give you wrong IP
zzz but this guy may just have two IPs, like a cable modem + a 5G hotspot
weko Ntcp2/ssu2 2000/4600
weko 1. My theory is what attacker spam not on all routers, only on some num. Then by the network mechanics they spread on the network
weko 2 Do we guess, what it is real addresses or not?
weko 1 - as the result, when I disable transit, num of floodfill go decrease
weko And when I enable, increase
obscuratus I can think of a way to do what weko is describing that is relatively simple. I hestitate to put it on a logged channel.
orignal zzz, that problem is that IP he publishes is not reachable
weko Disabled again, FFs decreased
zzz yeah, so maybe VPN
weko Why you discuss about not critical problem for now, while we have big attack from, maybe, botnet
orignal regsradless
orignal such floddfill must be excluded
orignal zzz, I think we should bring it to today's meeting
orignal our floodfill policy
orignal it must be common
orignal weko because this problem is not critical really
orignal can be resolved easily
weko orignal: 1% TCSR not a critical problem?!
orignal but everybody should agree
weko orignal: how
weko Sure
weko And how?
orignal add more criteria to profiler
orignal I'm just busy right now
orignal that's why we must agree aboyt floodfill policy
weko We must change our policy about new IPs in out netDb
weko our*
orignal no, floodfills only
orignal eveything else is fine
weko orignal: ye
weko For now FFs only
orignal we need stricter requeirements
orignal about reachability and uptime
zzz right now I'm banning mismatches for two hours
weko But I guess we have attack from botnet
orignal I'm not banning I just disconnect the session
weko Because mismatch detection not working
orignal and don't drop ROI from SessioConfirmed
zzz I finally caught one spammer in my trap, but he's not the problem
orignal weko you can change the code to pick non-FF only for tunnels
obscuratus I can think of at least two ways to do it so you never connect directly with the router generating the fake addresses.
weko orignal: for testing?
zzz you need netdb profiling
orignal if you need to fix your rate
weko orignal: rate is problem because I disconnect often from IRC for example
weko My tunnels creating slowly
orignal zzz yes I need to improve it
orignal as I said I'm busy right now
zzz sure
zzz it's a lot of work
orignal not a lot
zzz good
orignal since I have it in place just need to add more checks
weko orignal: so, what you think about 586mb in memory?
orignal need to investigate and fix it
orignal but I can repeat for the third time
orignal I'm busy
weko Oh, missed
weko 389mb
orignal try to investage youself
orignal list of floodfills is a good start
orignal maybe race condition
weko hop says different values in "mem%" and "virt". What one I should believe?
weko htop*
weko Enabled transit. FFs num increased.
Xeha weko: "virt" is just the virtual address space, not effective usage
obscuratus How common should it be to get RI coming in as a garlic message. I've had 1100 over a 40 minute period.
weko Xeha: thank
Xeha weko: you'll want to look at the RES column
weko Okay, thank
weko Yes, it is
orignal obscuratus AFAIK zzz always sends it in garlic
obscuratus orignal: OK, thanks.
orignal while I never do
obscuratus orignal: I've seen on my testing network that I2PD LU routers seem to send RI in garlic messages. Would that make sense?
orignal strange
obscuratus Well, it could be I'm seeing a flood of that RI from another router. I have both Java and I2PD on my testing network.
obscuratus I'll have to look at that more closely.
orignal I never encrypt RI messages unless it's requested explicitly in lookup
weko Disabled transit again, and FFs num decrees
weko I think it is rule
weko Have transits = more FFs
weko orignal: clown from ilita said what he stay attack ON, and attack ON since he said... Maybe it is real attacker
orignal who cares?
weko Just funny
zzz I'm currently banning peers at the rate of 300/hour
weko Tunnel creation success rate: 5%
weko Big num...
orignal zzz, please elaborate
orignal what do you ban them for?
dr|z3d zzz's using I2P+ code.
zzz I'm not sure
zzz it's an IP match
zzz from sybil or some previous bad actor
orignal do you see a case when somebody publishes few IPs from the same?
dr|z3d well, for an attack that's no longer playing out, I'm seeing a sizeable chunk of ntcp-only ffs in my banlist.
dr|z3d uptime < 1hr, ntcp-only ffs banned, ~750
zzz nothing yet
zzz this is on a low-end non-ff router
zzz 02-06 18:09:00.591 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: Vg1SXqMEDPv6AuH~ytZ1v1u8Z7r6b1lUqMo5V5FjWCU=] [RouterInfo:
zzz 02-06 18:09:01.559 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: eJh2l8OIn-lHE2ICRNYEvU7BEhNsUFyv5cpMqiY0A5A=] [RouterInfo:
zzz 02-06 18:09:04.528 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: fMQTdzesTAh3emquuHiXInOjUZ2FRUnOmAPAeaFsxlk=] [RouterInfo:
zzz 02-06 18:09:05.063 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: epaGlo~YorG4LpCkpu4yHWzdm~FJEPZ3GuLtJa1dCdo=] [RouterInfo:
zzz 02-06 18:09:07.450 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: O6Ba8PrGTN8Lag2YJA~GPLhF5iL2DRfwdcGMjzNXsR8=] [RouterInfo:
zzz 02-06 18:09:07.561 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: jnp9YwCUaA7RnHAcRDcyXMxk3~pTSKF51t1OWZUce5E=] [RouterInfo:
zzz 02-06 18:09:07.847 WARN [ handler 1/1] oodfillDatabaseStoreMessageJob: Blocklisting new peer [Hash: eFmrJuBgCj2IBIdfxQ~XuCh~JuH2rYkXStxQaX7174s=] [RouterInfo:
zzz same old story, need to tweak my logging and restart
zzz it's like the router somehow "learned" the bad IPs and now is just banhammering
zzz obscuratus, where were you looking for stores via garlic?
weko R4SAS found some interesting think - RIs of attackers strange. Look on it via hexdump
zzz normal, see proposal 161
orignal good morning ))
weko Say it to R4SAS )))
weko i2p-projekt.i2p don't open (((
weko 0000000 f29a 279e ac42 504f e801 0d75 4165 f47b
weko 0000010 7e2f 804e 1ab3 fca6 9196 aaa0 b6f4 1202
weko 0000020 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000030 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000040 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000050 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000060 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000070 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000080 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000090 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 00000a0 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 00000b0 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 00000c0 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 00000d0 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 00000e0 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 00000f0 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000100 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000110 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000120 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000130 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000140 5061 802a 5c79 de48 e5cb 2f2d b55f 4be8
weko 0000150 f30f 1406 f27a 3bda 0b11 055a dcb5 e36c
weko 0000160 1ee2 a093 1068 8999 1668 db27 fd8a 1b5b
weko 0000170 aee8 f26b d4ba 6e63 6b60 03e8 4d80 e097
weko zzz: orignal look
weko Hex of RI
weko Repeated bytes
orignal have you read proposal 161?
R4SAS-hex so here is 32+32 bytes repeated?
orignal but first 32
zzz weko, we're busy. I told you the answer
weko zzz: R4SAS say give you example
weko Okay
orignal weko please read proposal 161
weko Okay
weko I will try open i2p-projekt.i2p
weko It is hard
zzz then geti2p.net
orignal Release 2.45.0 "Compressible padding for I2P addresses"
orignal zzz, NfR seems them patterns
orignal SSU and NTCP2 ipv4
dr|z3d ~3K banned NTCP-only ffs right now on a router with 2h uptime.
orignal dr|z3d see above
orignal there bunch unrechable NfRs
dr|z3d if R means anything, it should mean "yes, we can reach you" :)
dr|z3d otherwise it's fairly meaningless.
dr|z3d what I mean is, my router should be determining if another router is R or U, not the other way around.
dr|z3d hopefully from this we will have a robust method to determine if we can actually reach a router before we start sending it requests.
orignal f means it must be reachable
obscuratus zzz: I was trying to get a rough idea if receiving ~1000 unique RI per hour in garlic messages seemed reasonable. If that's actually normal, then I'm barking up the wrong tree. :)
zzz I'm working on researching the same thing, which is why I'm asking where you are looking
zzz it's a little convoluted
zzz 0) Hi
zzz what's on the agenda for today?
orignal I would say "floodfills requirements"
zzz ok that's 1)
eyedeekay Android point release
eyedeekay Only because I'm moving it back based on what's going on
zzz android is 2)
zzz I'll add 3) congestion caps
zzz 4) streaming test
zzz anything else?
eyedeekay Communication about the attack
zzz ok communication is 5)
zzz 1) floodfills requirements
orignal we need to clarify
orignal reachable by ipv4
weko Uptime
orignal what's the mimnimal bandwidth?
orignal I would require O
zzz these are requirements to enable floodfill locally, or to send stores/lookups to a floodfill?
orignal requirement for other routers to recognize it as FF
orignal becuase now we see idiots who run FF in yggdrasil adderess
weko orignal: ++, O.
zzz the other case is whether to include it in a DBSRM
orignal what about ipv6-only? it's a moot point now
weko orignal: FF in yggdrasil it is normal I guess. Why ygg can't have FFs?
orignal it can have ygg address
orignal but that idiot runs FF on router with ygg-only
zzz I think more important than caps or transports is to have a good local assessment of the quality of the ff
zzz is it responding, is it brand new
zzz basic DHT stuff, in other words
zzz if you return all "bad" ffs in the DBSRM, they just get propagated around, very quickly
weko [22:38:02] <9d54b3orignal> but that idiot runs FF on router with ygg-only
weko But why idiots? They reachable in ygg, I don't see a problem.
orignal what's that?
zzz whats what?
orignal DBRSM
orignal if I receive a router with "f"
orignal I have to decide if it's actually f or not
orignal e..g if it meets some requirements
orignal got it
zzz yes
orignal same thing
orignal if we dopn't consider one as FF it will not be included
orignal sure if somebody declares X but doesn't have actual badnwidth also exluded
orignal my bigger concern is ipv4/ipv6
orignal also must be reachable thrugh all address he declares?
weko [22:41:27] <9d54b3orignal> if we dopn't consider one as FF it will not be included
weko Oh I suggested you this, you critic me.
zzz I'm not in favor of doing anything that would significantly reduce the number of floodfills right now
zzz maybe someday
weko orignal: must be reacheable though all addresses, which declared as reachable
zzz but right now we need all we can get
orignal zzz not it's time
orignal to clarify
orignal what is floodfill ans what is not
zzz the java auto-floodfill rules are: N or higher, reachable, ipv4, ntcp2, ssu
orignal reachable on both? or on just one?
zzz just 1 I think
orignal it's wrong I guess
orignal I mean if both are in RI
zzz doesn't really matter, because the cost will go to the non-firewalled address
orignal it matters
zzz corner case anyway
orignal I need to publish something on a FF
orignal and he declares that he reachable by NTCP2 for example
orignal I try to pick a tunnel with OBEP with NTCP2
zzz sure
orignal but if it's actully non-rechable through NTCP, OBEP might not support NTCP2
zzz but the most important thing is not agreeing on a set of criteria.
zzz The most important thing is deciding if the ff is responsive or bad
zzz which will always be a local view
orignal we must be on the same page
orignal to agree what is bad
zzz agreed, but it will always be messy. same page != exactly the same
orignal no but close
zzz right
orignal so we agreed that it must have ipv4 at leat
orignal I will ignore ipv6 and ygg only
zzz I've also been reviewing our good vs. bad classification
orignal so tell us
zzz no recommendations yet
weko [22:52:47] <orignal> I will ignore ipv6 and ygg only
weko I think we can change this in future. Is it?
zzz but dr|z3d has, I think, radically changed what plus does, and his router still works, somehow
zzz so even same page isn't required, but it is helpful
orignal because others didn't
zzz so let me tell you where I'm at right now
zzz I'm working on a set of mitigations
orignal me too
orignal so tell me
zzz stuff like not exploding, not OOMing, expiring things faster
zzz obvious stuff
eyedeekay I had planned to address a number of small UX issues in I2P for Android in a point release, prior to the current round of attacks
eyedeekay Since the attacks have started Android and zzz pointed out Android does not have blocklist support, I'm moving that back another week to give me time to implement and test the blocklist on Android
eyedeekay Anecdotal evidence suggests Android users are having more issues than desktop users already, with very long delays before being able to reach sites or use IRC
eyedeekay I don't currently intend to use a newer router under the hood, and many Android routers are firewalled, but
zzz eyedeekay, we're not on 2) yet
eyedeekay Sorry I was planning my Android post and accidentally hit enter, so sorry
eyedeekay Did not mean to interrupt
zzz orignal, my next steps... identifying and addressing the root cause... I'm only starting to look at
zzz first I need to land my package of mitigations, probably in a couple of days
orignal root cause?
zzz well, not really cause, but identifying exactly what's happening, and deal with it
zzz I think obscuratus is getting close, maybe, so perhaps he can help
orignal somebody keep flooding with bad floodfiils
orignal that's it
zzz sure but developing a strategy to deal with it is the challenge
zzz to be clear: my mitigations so far don't help that much
orignal I check if a FF is rechable and exclude it if not
zzz so I'm going to get them tested and checked in, then move on to the harder part
zzz I don't have any fix right now to prevent 10,000 ffs from going into my netdb
orignal that's why I raised this question about requirements
orignal so it would be hard to run a FF foir every idiot
zzz and there's no way I can classify 10,000 ff as good/bad
orignal as dr|zed suggests
zzz except, maybe, say all new ones are bad, but that can lead to other problems
zzz so, maybe I'll have recommendations late this week, maybe not
orignal try to connect
zzz but first I need to land my first round of mitigations
zzz Can't do that for 10,000 routers
orignal btw why?
eyedeekay I feel like I'm stating the obvious but does them being created too close together matter?
weko [23:01:43] <3176b3zzz> and there's no way I can classify 10,000 ff as good/bad
weko zzz: that is why suggest to classify FF as not reachable by default
eyedeekay Or help in the analysis? Like I got a thousand floodfills that all happened to be created Sunday at 1
zzz sure, but it's dangerous if you've been down a week, or a new router
zzz none of this is simple or obvious
zzz can we wrap up on 1) ?
zzz anything else to add for 1) ?
orignal nothing
zzz 2) android
zzz eyedeekay, please repaste so we don't have to scroll up
eyedeekay Sorry about accidentally sending my copypasta early
eyedeekay I had planned to address a number of small UX issues in I2P for Android in a point release, prior to the current round of attacks
eyedeekay Since the attacks have started Android and zzz pointed out Android does not have blocklist support, I'm moving that back another week to give me time to implement and test the blocklist on Android
eyedeekay Anecdotal evidence suggests Android users are having more issues than desktop users already, with very long delays before being able to reach sites or use IRC
eyedeekay I don't currently intend to use a newer router under the hood, and many Android routers are firewalled, but if Android is affected more by attacks and also behind in mitigations then it's going to stay worse for them
eyedeekay Should I wait for mitigation strategies for the floodfill flood, and cherry-pick them for the Android users?
zzz I don't have a good answer right now
zzz If we find magic bullets, we might be doing a desktop release
eyedeekay OK then I'll start with the blocklist, and if the the answer clarifies I'll just do another one
eyedeekay +1 works for me
zzz well, start with coding and testing
zzz don't pull trigger on release without seeing where we're at
eyedeekay Newsfeed blocklist is moved to the top of my list this week but it will be tested before I move on a release
zzz thats my recommendation
zzz you can also review the current 2.2.0 release announcement draft on my forum to get a sense of what's done so far
eyedeekay That's all I really wanted to point out re: 2
zzz anytyhing else on 2) ?
eyedeekay I'm always on your forum
eyedeekay Not from me
zzz lol
zzz 3) streaming test
zzz just a quick reminder to orignal that we need to test the streaming thing
zzz that's all
zzz woops that was 4)
zzz anyway, you haven't forgotten I hope, I know you're busy
zzz anything else on 4) ?
orignal zzz yes I forgot
orignal was busy
orignal btw ban for 2 hours if not connected helps
zzz just in case we end up doing a release sooner than planned, let's try to test it soon
zzz 3) congestion caps
orignal when do we plan the release?
zzz early April is the schedule
zzz of course recent events may change that
zzz 3) congestion caps
zzz I made some minor updates to prop. 162
zzz and more code to implement it
orignal I'm going to add it shrtly
zzz I'm pretty close to being done
zzz basically the main test is whether our shared bandwidth usage is close to the limit
zzz average over the past 20 minutes
zzz although maybe 10 would be better
zzz still playing with it
zzz anything else on 3) ?
zzz 5) Communication about the attack
zzz go ahead eyedeekay
eyedeekay I'm trying to make sure that redditors and other groups aren't cut off from information about what's going on so far
eyedeekay the responsible thing to do seems to be to direct them to the zzz.i2p thread
zzz you can give me two minutes in the meeting tomorrow
zzz and then perhaps a news feed entry later in the week
zzz I don't think a blog post is appropriate as this only affects current users
zzz I wasn't a big fan of your bundle-is-late blog post, even though well written and I understand why you did it, but I think news feed is better
zzz I don't think a bunch of i2p-under-attack articles is helpful for anybody
zzz but you and sadie do your thing, you don't need my advice
eyedeekay Understood, I'll communicate based on that plan
zzz feel free to copy/paste/mod whatever I put on my forum or in the meeting, as usual
eyedeekay I'm concerned about remaining accurate, trying to improve this process
zzz just remember we're only 36 hours into this one
zzz the tunnel spam dates back to 12/19, and is a lot better understood atm
zzz anything else on 5) ?
eyedeekay Nothing I can think of
zzz anything else for the meeting?
zzz two weeks to next one, Feb. 20?
zzz thanks everybody, I'm sure we'll all be a lot smarter in two weeks
zzz happy coding / testing
weko Finally
weko Oh ...
weko Stupid zero tunnels...
weko *go to read logs*
weko My tunnels cleared 10k floodfills in one time
weko Router*
weko I think I should more increase of tunnels creation speed
zzz major was here almost the whole meeting, so you should be able to see it when the site comes back
weko I mean site not working
weko I'll wait
weko [23:35:56] <zzz> no, not more i2pd tunnel spam :)
weko Otherwise I will always stuck on 0 tunnels, like 10 minutes ago
zzz fix = better peer selection, not faster builds
weko Sure
weko I don't want setup very big values
obscuratus weko: major is working for me.
weko Just increase x1.5-2
weko obscuratus: OK, one sec
zzz <zzz> I'm working on researching the same thing, which is why I'm asking where you are looking
zzz <zzz> it's a little convoluted
zzz ^^ obscuratus
weko Oh, major not work for me. Will test later
weko Can't find leaseset
obscuratus zzz: Yeah, I can see the RI in Garlic messages coming in, but I'm running into a wall trying to characterize them, and seeing if there's a pattern to where they're coming from.
zzz I'm asking where in the code or what are you logging to see that
obscuratus Here's an example...
obscuratus Feb 6, 2023, xx:xx:xx AM INFO [P reader 2/4] nnel.InboundMessageDistributor: Storing garlic RI down tunnel for: [Hash: hbJwuEmnRxQEGJriAmzIMnBPaG5Q6yAdtILZfOtOt2g=]
zzz ok, thanks
zzz obviously to get a grip on this we need to classify the types/sources of stores
obscuratus Yeah, that's where I was trying to wade in.
zzz also the patterns will be quite different if ff
zzz your strategy is sound, you're just a little ahead of me atm
obscuratus I'm also thinking about even easier ways to produce the kind of things we're seeing.
dr|z3d over 9K banned NTCP-only ffs. who said the attack had passed?
dr|z3d (4h uptime)
zzz ok, I think some of my shotguns may have caught it here, accidentally
zzz hot on the trail
zzz it's all about logging in the right spot
zzz I think that's why I didn't see them
obscuratus zzz: Does it have to do with the Garlic RIs, or something else?
zzz more in a couple days, still chasing it
orignal guys maybe we should create a secret channel by ivites only
orignal because I believe the rat reads us
zzz sure, I could kick major out too
orignal but do you know most of others here? I don't
obscuratus orignal: Not a horrible idea.
orignal once we discussed NTVP2-only they started publishung with SSU
zzz I feel like I'm always one router restart away from figuring it out