IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/04/15
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Xeha
+bak83_
+cancername
+cumlord
+hk
+profetikla
Arch
DeltaOreo
FreeRider
Irc2PGuest19353
Irc2PGuest46029
Irc2PGuest64530
Meow
Nausicaa
Onn4l7h
Onn4|7h
Over1
acetone_
anon4
anu
boonst
enoxa
mareki2pb
mittwerk
not_bob_afk
plap
poriori_
shiver_
simprelay
solidx66
u5657_1
uop23ip
weko_
Irc2PGuest5534 so can anybody take a guess why the latest i2p+ is so slow when it comes to irc? (browsing the web is fine) Specifically my router seems to spend hours connecting and disconnecting from the irc server.
dr|z3d check the I2P+ faq for information about timeouts.
dr|z3d in the console, /help/faq
dr|z3d and that's not the best way to elicit help, Irc2PGuest5534
dr|z3d just because you're having issues doesn't make it an I2P+ problem.
Irc2PGuest5534 dr|z3d: the problem seems to be unique to my local i2p+/laptop. Ironically everything works fine on android. There I can connect to irc almost instntly. (Usually it's the other way around.)
dr|z3d make sure you only have 1 address for postman's hosts in your addressbook.
cumlord oh ty for the voice dr|z3d, hola salty folk
dr|z3d np cumlord
dr|z3d welcome to #saltr
Irc2PGuest5534 dr|z3d: I don't think the problem is timeouts btw. I use the exact same software with the exact same settings on both laptop and android
Irc2PGuest5534 dr|z3d: btw have you ever seen this problem: sshd running on a remote box, standard i2p tunnel setup on the client and server. all attempts to ssh to the remote box result in 'kex_exchange_identification: Connection closed by remote host'
dr|z3d > make sure you only have 1 address for postman's hosts in your addressbook.
dr|z3d if you have 2 addresses per hostname (check the details page), then that may well be your issue.
dr|z3d key exchange issues with ssh are usually transient if everything is correctly configured.
Irc2PGuest5534 dr|z3d: I do see one Destination for irc.postman.i2p on the details page
Irc2PGuest5534 I wonder if people generally host servers on i2p android. I see this behaivor after installing an ftp server and a ssh server on an android device and setting up tunnels: I can connect and then somebody immediately closes the connection
cumlord they make a decent low power router. have i2pd running on an old android tablet for testing things and ssh into it, ssh has been finicky at times
cumlord built in ups and portability is a plus
not_bob I use i2pd on android quite a bit.
not_bob I've never tried hosting services on it though.
Irc2PGuest5534 not_bob: i2pd works on android? Maybe I'll give it a shot
Irc2PGuest5534 not_bob: but see I think the problem is actually on my laptop. (Unless there's fundamentally little connectivity between what are essentially two hidden devices on the i2p network.)
not_bob Yes, there is a version you can install off f-droid. Though, I just compile it myself.
Irc2PGuest5534 not_bob: good to know
not_bob With termux you can compile and install pretty much any *nix program.
Irc2PGuest5534 not_bob: btw have you seen something like this. I have sshd running on android. all the tunnels setup. All attempts to ssh in result in 'kex_exchange_identification: Connection closed by remote host'. What's strange is I don't see anything on the android device about closing a connection.
not_bob Yes, that can happen sometimes. How long are your tunnels?
not_bob From what I've seen it tends to happen when the connection isn't really succcessful (underlying connection).
not_bob What happens when you telnet to that port?
Irc2PGuest5534 not_bob: you suggest increasing the tunnel count and shortening the tunnels?
not_bob YOu should get a small blurb.
not_bob Are these on the same local network?
not_bob If so, you can't use short tunnels.
Irc2PGuest5534 not_bob: what does that mean? "short tunnels"?
not_bob Also, are they behind NAT? If so, you need a tunnel length greeater than 1 on each side.
not_bob 0 hop
Irc2PGuest5534 they're on the same wifi network (underlying internet connection) but the laptop is using a vpn and the android is not
Irc2PGuest5534 not_bob: strictly greater than 1?
not_bob Ahh, then they might as well be on not the same network then.
not_bob What tunnel lenghts do you have now? Just the default?
not_bob If so, that should work fine.
Irc2PGuest5534 not_bob: I was experimenting with 1 hop and even 0 hop
not_bob I figured given the error :)
not_bob In your case don't go lower than 1 on each side and it should work.
not_bob server and client.
not_bob 0 hop tunenls can, and do work. But, many other things have to be right for it to happen.
Irc2PGuest5534 ok <=1hop. would you also recommend increasing the tunnel count? I heard too many tunnels can make things worse
not_bob Too many is bad, yes.
Irc2PGuest5534 though generally my approach to speeding up i2p has always been increasing the tunnel count
not_bob That helps to a point.
not_bob Though, i2p has never been fast.
not_bob It's a swtiching network, so more tunnels just give more possible paths for the data.
not_bob The main reason to increase tunnel count is to make the connection more robust.
not_bob So it can handle sudden tunnel failure better.
Irc2PGuest5534 it's a lot faster than it used to be. I remember back in the day just browsing the web was painful. But anyways what tunnel count would you recommend? I think fundamentally the problem is that both my laptop and the android tablet are hidden devices that don't participate in a lot of traffic
not_bob Each tunnel can in theory handle several MB of bandwith (though, I've rarely seen that).
cumlord For lower powered devices can experiment lowering max tunnels, default for i2pd at least can be too many for some
not_bob 5-7 would be more than enough.
not_bob 7 is overkill, but not too much.
not_bob But, don't go beyond that. There is little point.
not_bob You only need one working each direction for it to work.
not_bob I use i2pd on low power devices all the time.
not_bob My main phone spins up something like 60 tunnels at start.
not_bob I've not counted the total.
not_bob But, it's in that range. It does not seem to have any issues.
not_bob The big issue is that longer tunnels are harder to build and maintain.
dr|z3d so, working on a safe way to show remote images in susimail html messages.
not_bob inline?
dr|z3d that's the idea.
Irc2PGuest5534 ok 7 tunnels
Irc2PGuest5534 not_bob: btw when I telnet in I don't get a blurb
not_bob Yeah, inline is the only way that could be mostly safe.
not_bob Irc2PGuest5534: Odd, you should. What's the status of the tunnel on the other side?
dr|z3d inline or in a new tab isn't the issue.
not_bob dr|z3d: Possibly exploits due to malformed images.
cumlord No it works great, one I’m using runs 6000 transits whenever I’ve tried to move a lot of data through it I cut the tunnels to half that and seems to work better
dr|z3d then I don't know what you mean by inline.
dr|z3d inline is on the page. there is no inline for remote images otherwise.
not_bob Yes, base64 images.
snex img src=base64junk
dr|z3d base64 isn't going to save you from some hypothetical exploit.
not_bob I agree.
Irc2PGuest5534 not_bob: I think the tunnel on the server side is working. I tried a test where I setup a client tunnel to connect to the server tunnel on the same device and it seemed to work. But I can't say for sure...
not_bob But, that sort of exploit is rather rare and very specific.
snex it might. browser will just fail to render rather than secretly download it or whatever
not_bob Irc2PGuest5534: Have you tried to connect to it from another client elsewhere on the network?
dr|z3d yeah, maybe. don't you just love hypothetical risks.
not_bob No, I dislike them.
Irc2PGuest5534 not_bob: no... guess I could try to setup a 3rd device
not_bob But, image expoits are a thing, and have been used in the past.
dr|z3d your cup noodle could blow up in your face. avoid cup noodles.
not_bob Irc2PGuest5534: That's what I would do.
not_bob I avoid cup noodles as they are not really food.
dr|z3d anyways, images won't be loading by default in any context in susimail.
not_bob I'm glad to hear that.
dr|z3d tracking images will be stripped, and if I do provide support for displaying remote images, it'll be click to view.
not_bob Remote images are a serious issue.
not_bob Even if tracking is stripped, just the act of viewing it can give the attacker the time you viewed it.
not_bob Assuming you were the only person sent the remote image url.
dr|z3d sure, and assuming you decide you want to view the image sent by clicking on it.
not_bob But, that's all they would get. I am going to assume you have a proxy setup in the client for http
dr|z3d otoh, non-attack e-mails may have images that you want to view.
Irc2PGuest5534 I remember reading about a 0-day in an image codec not too long ago
dr|z3d don't assume anything.
dr|z3d sure, that was webp.
not_bob Yep, they do happen.
dr|z3d anyways, the option will be off by default, you'll have to enable it, if it's implemented.
dr|z3d don't ever want to see remote images, don't enable option. easy.
Irc2PGuest5534 it's scary to think the simple act of viewing an image could give an attacker access
Irc2PGuest5534 I was always taught that "dumb data" was safe but executables or scripts of any kind were dangerous hehe
not_bob Yep, it's a scary world we live in.
snex i want to see good ones but not bad ones
dr|z3d ok, the first part of the susimail feature I was discussing earlier is about to land on /dev/ .. you'll be able to toggle *placeholder* images in html view if they're present. NOT the actual images.
dr|z3d placeholder images will have tooltips with the src of the actual image. no way to directly view/download the actual image as yet, still massively defanged.
dr|z3d additionally, anything that looks like a tracking/web bug image, ie those with a width or height of 1px, will be removed from the html before it's displayed, with a notification if they're found.
dr|z3d counting blocked resources is even easier than calling a head request on each resource in the html, zzz. just check for the presence of whatever tag name you want to count, subtract whatever should be there, and you're good.
zzz looks nice
zzz make sure you test with emails containing cid: images