Irc2PGuest5534
so can anybody take a guess why the latest i2p+ is so slow when it comes to irc? (browsing the web is fine) Specifically my router seems to spend hours connecting and disconnecting from the irc server.
dr|z3d
check the I2P+ faq for information about timeouts.
dr|z3d
in the console, /help/faq
dr|z3d
and that's not the best way to elicit help, Irc2PGuest5534
dr|z3d
just because you're having issues doesn't make it an I2P+ problem.
Irc2PGuest5534
dr|z3d: the problem seems to be unique to my local i2p+/laptop. Ironically everything works fine on android. There I can connect to irc almost instntly. (Usually it's the other way around.)
dr|z3d
make sure you only have 1 address for postman's hosts in your addressbook.
cumlord
oh ty for the voice dr|z3d, hola salty folk
Minogami
hola
dr|z3d
np cumlord
dr|z3d
welcome to #saltr
Irc2PGuest5534
dr|z3d: I don't think the problem is timeouts btw. I use the exact same software with the exact same settings on both laptop and android
Irc2PGuest5534
dr|z3d: btw have you ever seen this problem: sshd running on a remote box, standard i2p tunnel setup on the client and server. all attempts to ssh to the remote box result in 'kex_exchange_identification: Connection closed by remote host'
dr|z3d
> make sure you only have 1 address for postman's hosts in your addressbook.
dr|z3d
if you have 2 addresses per hostname (check the details page), then that may well be your issue.
dr|z3d
key exchange issues with ssh are usually transient if everything is correctly configured.
Irc2PGuest5534
dr|z3d: I do see one Destination for irc.postman.i2p on the details page
Irc2PGuest5534
I wonder if people generally host servers on i2p android. I see this behaivor after installing an ftp server and a ssh server on an android device and setting up tunnels: I can connect and then somebody immediately closes the connection
cumlord
they make a decent low power router. have i2pd running on an old android tablet for testing things and ssh into it, ssh has been finicky at times
cumlord
built in ups and portability is a plus
not_bob
I use i2pd on android quite a bit.
not_bob
I've never tried hosting services on it though.
Irc2PGuest5534
not_bob: i2pd works on android? Maybe I'll give it a shot
Irc2PGuest5534
not_bob: but see I think the problem is actually on my laptop. (Unless there's fundamentally little connectivity between what are essentially two hidden devices on the i2p network.)
not_bob
Yes, there is a version you can install off f-droid. Though, I just compile it myself.
Irc2PGuest5534
not_bob: good to know
not_bob
With termux you can compile and install pretty much any *nix program.
Irc2PGuest5534
not_bob: btw have you seen something like this. I have sshd running on android. all the tunnels setup. All attempts to ssh in result in 'kex_exchange_identification: Connection closed by remote host'. What's strange is I don't see anything on the android device about closing a connection.
not_bob
Yes, that can happen sometimes. How long are your tunnels?
not_bob
From what I've seen it tends to happen when the connection isn't really succcessful (underlying connection).
not_bob
What happens when you telnet to that port?
Irc2PGuest5534
not_bob: you suggest increasing the tunnel count and shortening the tunnels?
not_bob
YOu should get a small blurb.
not_bob
Are these on the same local network?
not_bob
If so, you can't use short tunnels.
Irc2PGuest5534
not_bob: what does that mean? "short tunnels"?
not_bob
Also, are they behind NAT? If so, you need a tunnel length greeater than 1 on each side.
not_bob
0 hop
Irc2PGuest5534
they're on the same wifi network (underlying internet connection) but the laptop is using a vpn and the android is not
Irc2PGuest5534
not_bob: strictly greater than 1?
not_bob
Ahh, then they might as well be on not the same network then.
not_bob
What tunnel lenghts do you have now? Just the default?
not_bob
If so, that should work fine.
Irc2PGuest5534
not_bob: I was experimenting with 1 hop and even 0 hop
not_bob
I figured given the error :)
not_bob
In your case don't go lower than 1 on each side and it should work.
not_bob
server and client.
not_bob
0 hop tunenls can, and do work. But, many other things have to be right for it to happen.
Irc2PGuest5534
ok <=1hop. would you also recommend increasing the tunnel count? I heard too many tunnels can make things worse
not_bob
Too many is bad, yes.
Irc2PGuest5534
though generally my approach to speeding up i2p has always been increasing the tunnel count
not_bob
That helps to a point.
not_bob
Though, i2p has never been fast.
not_bob
It's a swtiching network, so more tunnels just give more possible paths for the data.
not_bob
The main reason to increase tunnel count is to make the connection more robust.
not_bob
So it can handle sudden tunnel failure better.
Irc2PGuest5534
it's a lot faster than it used to be. I remember back in the day just browsing the web was painful. But anyways what tunnel count would you recommend? I think fundamentally the problem is that both my laptop and the android tablet are hidden devices that don't participate in a lot of traffic
not_bob
Each tunnel can in theory handle several MB of bandwith (though, I've rarely seen that).
cumlord
For lower powered devices can experiment lowering max tunnels, default for i2pd at least can be too many for some
not_bob
7
not_bob
5-7 would be more than enough.
not_bob
7 is overkill, but not too much.
not_bob
But, don't go beyond that. There is little point.
not_bob
You only need one working each direction for it to work.
not_bob
I use i2pd on low power devices all the time.
not_bob
My main phone spins up something like 60 tunnels at start.
not_bob
I've not counted the total.
not_bob
But, it's in that range. It does not seem to have any issues.
not_bob
The big issue is that longer tunnels are harder to build and maintain.
dr|z3d
so, working on a safe way to show remote images in susimail html messages.
not_bob
inline?
dr|z3d
that's the idea.
Irc2PGuest5534
ok 7 tunnels
Irc2PGuest5534
not_bob: btw when I telnet in I don't get a blurb
not_bob
Yeah, inline is the only way that could be mostly safe.
dr|z3d
?
not_bob
Irc2PGuest5534: Odd, you should. What's the status of the tunnel on the other side?
dr|z3d
inline or in a new tab isn't the issue.
not_bob
dr|z3d: Possibly exploits due to malformed images.
cumlord
No it works great, one I’m using runs 6000 transits whenever I’ve tried to move a lot of data through it I cut the tunnels to half that and seems to work better
dr|z3d
then I don't know what you mean by inline.
dr|z3d
inline is on the page. there is no inline for remote images otherwise.
not_bob
Yes, base64 images.
snex
img src=base64junk
not_bob
Yes
dr|z3d
base64 isn't going to save you from some hypothetical exploit.
not_bob
I agree.
Irc2PGuest5534
not_bob: I think the tunnel on the server side is working. I tried a test where I setup a client tunnel to connect to the server tunnel on the same device and it seemed to work. But I can't say for sure...
not_bob
But, that sort of exploit is rather rare and very specific.
snex
it might. browser will just fail to render rather than secretly download it or whatever
not_bob
Irc2PGuest5534: Have you tried to connect to it from another client elsewhere on the network?
dr|z3d
yeah, maybe. don't you just love hypothetical risks.
not_bob
No, I dislike them.
not_bob
:)
Irc2PGuest5534
not_bob: no... guess I could try to setup a 3rd device
not_bob
But, image expoits are a thing, and have been used in the past.
dr|z3d
your cup noodle could blow up in your face. avoid cup noodles.
not_bob
Irc2PGuest5534: That's what I would do.
not_bob
I avoid cup noodles as they are not really food.
dr|z3d
anyways, images won't be loading by default in any context in susimail.
not_bob
I'm glad to hear that.
dr|z3d
tracking images will be stripped, and if I do provide support for displaying remote images, it'll be click to view.
not_bob
Remote images are a serious issue.
not_bob
Even if tracking is stripped, just the act of viewing it can give the attacker the time you viewed it.
not_bob
Assuming you were the only person sent the remote image url.
dr|z3d
sure, and assuming you decide you want to view the image sent by clicking on it.
not_bob
But, that's all they would get. I am going to assume you have a proxy setup in the client for http
dr|z3d
otoh, non-attack e-mails may have images that you want to view.
Irc2PGuest5534
I remember reading about a 0-day in an image codec not too long ago
dr|z3d
don't assume anything.
dr|z3d
sure, that was webp.
not_bob
Yep, they do happen.
dr|z3d
anyways, the option will be off by default, you'll have to enable it, if it's implemented.
dr|z3d
don't ever want to see remote images, don't enable option. easy.
Irc2PGuest5534
it's scary to think the simple act of viewing an image could give an attacker access
Irc2PGuest5534
I was always taught that "dumb data" was safe but executables or scripts of any kind were dangerous hehe
not_bob
Yep, it's a scary world we live in.
snex
i want to see good ones but not bad ones
dr|z3d
ok, the first part of the susimail feature I was discussing earlier is about to land on /dev/ .. you'll be able to toggle *placeholder* images in html view if they're present. NOT the actual images.
dr|z3d
placeholder images will have tooltips with the src of the actual image. no way to directly view/download the actual image as yet, still massively defanged.
dr|z3d
additionally, anything that looks like a tracking/web bug image, ie those with a width or height of 1px, will be removed from the html before it's displayed, with a notification if they're found.
dr|z3d
cake.i2p/file/vPJArs6LZ6_EzUcMdENEzabQIpL00kLBDpzJ1AIpe_T6S7Bsn0Ir/susimail-image-blocking.webp
dr|z3d
counting blocked resources is even easier than calling a head request on each resource in the html, zzz. just check for the presence of whatever tag name you want to count, subtract whatever should be there, and you're good.
zzz
looks nice
zzz
make sure you test with emails containing cid: images