IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/08/12
dr|z3d have you considered that you could also be contributing to the issue, orignal?
dr|z3d by not throttling build requests, you're causing i2pd routers to host a huge amount of tunnels that may be better served by other routers on the network.
orignal it's not related
orignal ofc I'm controbuting to the issue with new streams
orignal sometimes like 1-2 MB/sec each
orignal huge i2pd routers can handle high bandwidth tunnels easily
orignal Usually "N" Java routers are in troubles
orignal I think to set min to "O" for client tunnels
orignal or even to "P"
dr|z3d not convinced it's not related.
dr|z3d there's a huge chunk of routers on the network that could be hosting a ton more traffic if i2pd routers weren't hogging it all.
orignal and why they are not chosen?
orignal for tunnels
orignal it must be a reason
orignal like TBR got declined etc.
dr|z3d because routers keep requesting tunnels from other routers until they say "you've had enough, go somewhere else" ?
dr|z3d exactly.
dr|z3d there are throttles in play on java i2p.
dr|z3d if i2pd also implemented throttles, then the traffic would be better distributed, and the network would perform better.
dr|z3d we also implement a percentage of tunnels relative to total count that can be hosted on a single router. do you do that?
dr|z3d iirc, it's 30% on canon, 10% on plus.
orignal but why should I trottle if I'm able to handle
dr|z3d you throttle requests from 1 router, so you're hosting for a more diverse set of routers, and the traffic is better distributed over the network.
orignal why don't you just change your profiling like "this router accepts too much tunnels"
orignal but this is not my business
orignal my business is to day if I can handle a new tunnel or not
dr|z3d network performance is everyone's business. or should be.
orignal if you don't like include this factor in profiling
orignal it is. and I diagree with you
dr|z3d we got it covered in java i2p, you're the one that's lacking.
orignal and according to the protocol my reponse should be if I can handle a new tunnel or not
orignal it's creator's business to decide if they want to build a tunnel through me
dr|z3d if you don't enforce a per-router limit, then you're likely a bottleneck over time.
orignal what's a problem with it? tell me please
dr|z3d network functions best when traffic is distributed over *all* routers with sufficient bandwidth, not a subset.
orignal I do enforece per-router limit based on my capacities
orignal networkwide per-router limit is something new
orignal is it mentioned somewhere in specs?
dr|z3d we've had it in java for a couple of years or so.
orignal like "router shouldn't handle more than ..."
orignal yes or no?
orignal give me the page with figures please
orignal otherwise it's pointeless speculation like "it would be nice to have"
dr|z3d * Count how often we have accepted a tunnel with the peer
dr|z3d * as the previous or next hop.
dr|z3d * We limit each peer to a percentage of all participating tunnels,
dr|z3d * subject to minimum and maximum values for the limit.
dr|z3d * This offers basic protection against simple attacks
dr|z3d * but is not a complete solution, as by design, we don't know
dr|z3d * the originator of a tunnel request.
dr|z3d * This also effectively limits the number of tunnels between
dr|z3d * any given pair of routers, which probably isn't a bad thing.
dr|z3d * Note that the actual limits will be higher than specified
dr|z3d * by up to 1 / LIFETIME_PORTION because the counter window resets.
dr|z3d * Note that the counts are of previous + next hops, so the total will
dr|z3d * be higher than the participating tunnel count, and will also grow
dr|z3d * as the network uses more 3-hop tunnels.
dr|z3d * @since 0.8.4
dr|z3d I don't think it's spelled out in a spec, but maybe it should be.
dr|z3d in case you missed..
dr|z3d I do something a bit more finegrained, but the intention is more or less the same:
dr|z3d as for selecting peers for tunnel builds, excluding slower tiers isn't necessarily a bad idea, here's what I do by default:
dr|z3d private static final String DEFAULT_EXCLUDE_CAPS = String.valueOf(Router.CAPABILITY_BW12) +
dr|z3d String.valueOf(Router.CAPABILITY_BW32) +
dr|z3d String.valueOf(Router.CAPABILITY_BW64) +
dr|z3d String.valueOf(Router.CAPABILITY_UNREACHABLE) +
dr|z3d String.valueOf(Router.CAPABILITY_CONGESTION_MODERATE) +
dr|z3d String.valueOf(Router.CAPABILITY_CONGESTION_SEVERE) +
dr|z3d String.valueOf(Router.CAPABILITY_NO_TUNNELS);
dr|z3d which works out as not using anything slower than O tier, or anything exhibiting congestion caps, or unreachables.
orignal it's implemntation
dr|z3d indeed it is.
dr|z3d well spotted. :)
orignal if you do something in Java code it doesn't mean I have to do the same
dr|z3d do, we're not sending around the spetznax if you don't, true :)
orignal only specs is common thing
dr|z3d *spetznaz
orignal eveybody is asking
dr|z3d like I said, it should probably be in a spec somewhere, but it isn't.
orignal if there are limits where one can read about them
dr|z3d what I can tell you is that zzz was pretty emphatic when it came to implementing the current iteration of the throttle that it shouldn't be too generous, round about the same time as we were experiencing a sustained attack.
dr|z3d still, more distribution of traffic across the network, more better.
Irc2PGuest11348 hi folks, congrats on thinking about bandwidth i have personally been interested in what constitutes a fair and balanced bandwidth, i have been experimenting with limiting bandwidth, i personally believe that by default an individual tunnel should not exceed 28kb/s at 28kbps i can stream audio fine, i can even listen to audio at 1.5x speed, which is FAST
dr|z3d what you consider fast others may consider slow.
Irc2PGuest11348 video? youtube? lol im surprised that it has taken russia this long to block youtube
Irc2PGuest11348 see peertube
Irc2PGuest11348 yes, but for what? do you listen to podcasts at >1.5x speed?
Irc2PGuest11348 what speed do you listen at?
Irc2PGuest11348 i've been able to go to 1.8x on occasion
dr|z3d try streaming video @ 480p or greater.
Irc2PGuest11348 google is a malignant state propaganda and i love that countries are finally blocking it, again peertube. yes invidious is always attacked by goog cos goog want to know everything everyone is doing at all times to manipulate them. is anyone testing peertube on i2p?
Irc2PGuest11348 y do i need to stream goog propaganda videos at 480p when i can just choose audio or much lower resolution video on peertube. yes, peertube have audio only options, unlike garbage ytube. yes, i know that invidious can offer audio only but again, goog are evil and attack privacy respecting systems and ALWAYS will, the solution is to stop using goog, which i have for moral reasons
Irc2PGuest11348 the sustainable option is limit tunnels to 28kbps but allow multi-stream tunnel option, and test and support peertube
dr|z3d we're not all on dialup anymore, throstle, or ADSL :)
Irc2PGuest11348 the main issue with peertube is it requires javascript to do the fancy 'viral sharing' i would suggest that if ppl have javascript disabled then just allow them to dl the vid direct from the i2p server
Irc2PGuest11348 waiting for drzed to come back online to say i meant kilobytes per second not kilobits
Irc2PGuest11348 the main issue with peertube is it requires javascript to do the fancy 'viral sharing' i would suggest that if ppl have javascript disabled then just allow them to dl the vid direct from the i2p server
Irc2PGuest11348 nice ring to it
Irc2PGuest11348 i meant *kilobytes* per second, not *kilobits* dr|zed
Irc2PGuest11348 28 kb/s is going to suit most people, but i think its about the culture you create around the internet, if that culture is built on gimme,gimme gimme, then those people are ALWAYS going to fall prey to maligned 24hour news cycle propagande, the type pushed by goog. i would personally not exceed enable multi-tunnel-awareness for that reason
dr|z3d yeah, add another zero and it might start to look vaguely interested. >200KB/s shouldn't be difficult to sustain.
dr|z3d *interesting
dr|z3d (when required)
Irc2PGuest11348 you can be fooled if you watch video, audio is almost always better for determining when someone is trying to pull the wool over your eyes, video distracts the audio perception part of the brain
dr|z3d a spoon is better than a fork for eating soup.
Irc2PGuest11348 different thing
dr|z3d exactly.
Irc2PGuest11348 not if what ur eating is poison
dr|z3d you can waffle on about trickery and all the rest of it, but when people want video, they want video.
dr|z3d trying to convince them what they really want is an audio track without the video component will just get you laughed at. :)
Irc2PGuest11348 they can have it, but they woud need to either wait for it (WAITING is a welcome side-effect because it allows a person to think about what they are viewing while they are viewing it), or they enable multi-thread-aware tunneling
Irc2PGuest11348 culture , culture, culture
Irc2PGuest11348 goog has u indoctrinatd
Irc2PGuest11348 indoctrinated to expect HD video streams
Irc2PGuest11348 its not going to be the default in the future
dr|z3d russians want youtube. russians no like when putin block youtube.
Irc2PGuest11348 only because thats where people have been indoctrinatd to use it, thats like saying ppl want fbook, if u take it away and people need to talk to ppl in real life, they might like it
Irc2PGuest11348 indoctrination, and lock in effect is not generally good
dr|z3d so when is throstle.i2p going live?
Irc2PGuest11348 you mispell, its throttle
Irc2PGuest11348 but i like the idea
dr|z3d no, it's definitely throstle where you're concerned :)
Irc2PGuest11348 Blinded message
dr|z3d Anomaly has got a site up while he's learning html and css. and you're apparently a bit of a dab hand.. so...
dr|z3d you're also not shy about expressing your leftfield opinions, so a site seems like the logical next step for you :)
dr|z3d seeing a fair few routers without a published version right now.
dr|z3d smells like some sort of botnet/attack.
Anomaly Irc2PGuest11348: anomaly.i2p/
Irc2PGuest11348 thats c6iu7qmnrcf4au2dq2evvlfuyrorkivoc4iulprvve2ntbeo6xgq.b32.i2p yeah?
Irc2PGuest11348 re possible botnet attack, sounds a bit concerning, yes
dr|z3d not really, there's a ton of known crud on the network.
dr|z3d in + and probably canon i2p those routers get routinely blocked.
dr|z3d in + they're gifted with a ban as well.
dr|z3d how do you handle routers without a published version, orignal? ban?
Anomaly yea someday when my eepsite gets bigger i might want to include topics about critical thinking seeing how Irc2PGuest11348 likes to talk about indoctrination. because i consider critical thinking to combat indoctrination.
Irc2PGuest11348 how long? bans worry me mostly because i can imagine it would be easily for a bad actor in high places to poison ip addresses
orignal good questiion. Need to check
orignal I think set version to zeto
dr|z3d so you don't block requests or ban them?
orignal no, why?
dr|z3d we're not talking about ip addresses, throstle, we have other checks to validate those, we're talking about RouterInfos.
orignal version remains zero
dr|z3d why? because they're obviously dubious.
orignal I know
Irc2PGuest11348 there comes a limit to what people can reliably know, ie. critical thinking i've found can get you far and then it but today it can't get us all the way, i find there are particular hallmarks and indicators that are important, some people call this the "intuitive" part of knowing. people who focus only on the material and "the science" are often the most easy to indoctrinate, its important to set at
Irc2PGuest11348 least a tiny bit of time aside to actually process in a holistic way, allowing the intuitive information to play a role also.
orignal because you asked me how ))
orignal so, you think if version is not presented we consider RI malformed
dr|z3d yeah.
dr|z3d it's part of the spec.
orignal thanks. will change it
orignal do we have any?
dr|z3d routers without versions?
dr|z3d I'm seeing at least 4/min being logged right now on one router.
orignal a new attack?
dr|z3d could be.
orignal otherwise where they can come from?
dr|z3d exactly the question I'm posing :)
orignal how about signature?
dr|z3d hang on, I'll pm you a list of current suspects.
orignal if (!m_SupportedTransports || !isNetId || !m_Version)
orignal SetUnreachable (true);
orignal nevermind
orignal I drop such routers
orignal no need to
dr|z3d ok, good.
orignal I also see that my floodfills are too loaded
dr|z3d remind me, are you throttling lookup requests?
orignal they are loaded by transit
orignal yes, I do.
orignal I send only limited number of requests
dr|z3d ok, good. :)
orignal Transit: 76.03 GiB (2312.58 KiB/s)
orignal Transit: 20.24 GiB (2492.27 KiB/s)
orignal too much for this time of day
orignal if it's a new attack, then it's clearly RKN
orignal Russian authority
orignal who implements censorship
orignal and fights with internet
dr|z3d oh, you think it's a Russki state attack?
dr|z3d interesting.
dr|z3d as attacks go, it's marzipan dildo class.
orignal because they are agressively fight with VPNs, Tor and other networks
orignal remember yourube
orignal also they blocked the Signal in Russia
orignal yesterday
orignal or couple days ago
orignal people complain today that some google services stopped working
orignal so it's not a questiion if I2P is their target
Irc2PGuest11348 one of my favorite quotes of all time, "They are making you all drunk" ~ Gaddafi (2011)
orignal the only question when
Irc2PGuest11348 hint, dont try to revive spewtube, try to replace it
Irc2PGuest11348 see peertube
orignal sheeple needs youtube
orignal because sheeple
Irc2PGuest11348 i refer to one of my favorite quotes of all time :P
orignal sigal is asking to run proxy signal.org/blog/proxy-please
orignal for huilostan
zzz don't know that stan but was reviewing some others
orignal Signal is blocked in Russia now
orignal I think we can run a signal proxy through i2p
zzz should Kyrgyzstan be on our strict countries list? was reading the latest Freedom House report, it ranks pretty low
orignal seems it's just ngnix with config
orignal what do you need to know about KG?
orignal I know one girl from there
orignal she can answer some question
orignal but AFAIK no issues there
zzz can you get arrested for running i2p there? or is it not so bad
orignal she runs it there all the time
zzz ok, thanks
orignal "that stan" is Russia
orignal Huilo-stan
orignal Huilo is offensive name of Putin
zzz got it
orignal so what do you want me to ask her?
zzz nothing, I was just wondering how bad it is there, but you say not so bad, that's all I wanted to know
zzz do you read meduza.io it seems like a good source of info about huilostan
orignal also she is running a marketplace from there ))
orignal yes, but be aware they are pro-Ukrainin
orignal hence don't beleive in everthing thye state
zzz that's pretty obvious, yes
orignal and again another source about what's going on in Russina IT world is habr.com
zzz yup
zzz spent last week finding/fixing major bug, you may wish to check if you have same problem
zzz published date in LS2 is one-second resolution. we were creating two leasesets in a row with same timestamp.
zzz and then didn't store the second one locally or send to ff. old LS then expired, takes a couple minutes before we realize it and build a new one
zzz messy
orignal but why do you need to create two leasessets in the row?
orignal anyway let me check
zzz here's what happens
orignal so, the resolution is to postpone new one
zzz 1) 2 lease leaseset
orignal I guess
zzz 2) tunnel test repeated fails on one tunnel
zzz 3) built new LS2 with that tunnel removed
zzz 4) build new tunnel, it happens pretty fast, say 250ms
zzz 5) build new LS2 with the new tunnel and the one old (still good) tunnel
zzz 6) that new LS2 didn't get stored or published
orignal got it. makes sense
zzz 7) the LS2 with one old tunnel in it expires, but we didn't realize it for a few minutes
orignal probably have the same issue
zzz fix: remember last publish timestamp, set new timestamp = max(now(), oldtimestamp + 1 sec)
orignal and send LS from future )))
orignal what's your threshold?
zzz for what?
orignal for LS timestamp
orignal when you receive new LS do you check it?
zzz yes, has to be newer
zzz the field is 4 bytes, seconds since the epoch, threshold is 1 ))
zzz I also found a bug where we were checking earliest lease date, not published date, for LS2, which doesn't work for encrypted LS2 because there's no leases to see
zzz I think these bugs are one cause of IRC2P disconnects/netsplits
orignal it it's 1 new one will be dropped by receiver
zzz has to be one second more
zzz we weren't even storing it locally or even trying to send to ff, we were losing it
zzz it was happening a few times a day
orignal how about through existsing connections?
zzz same problem
orignal when you receive a LS do you check if i's too old or from future?
zzz looking...
zzz yeah we do but it looks like we're using the earliest/latest lease expirations for those checks, not the published time
zzz may need to add something there
orignal yes you should but be away abot 1 sec
orignal Vort also found a bug in peer test
orignal sometimes Bob chose Charlie while introduction was not complete
zzz I'm seeing a lot of tunnel builds finish in only 100-250 ms which is crazy fast, so this very old bug has been getting worse
orignal what is the bug about?
zzz the publish date bug above ^^^
zzz I've also made a change to not put any ElG routers in my tunnels. There aren't any 0.9.59 or older anyway, but in case some clown makes a bunch, I don't want to be sending old-style build messages
orignal I excluded Elg routers long time ago
orignal even the code for it
zzz but you can still handle tunnel build request with the long 528-byte build records, right?
orignal but I'm not Elg
zzz right
orignal can handle all 3 TBR
zzz I haven't ripped out any ElG code yet but I'm going to put it on my todo list
orignal you can't remove it completly because some eepsites
zzz right, just some tunnel build stuff, not the end-to-end code
orignal yes, this "modofied" Elg shit
zzz that modified shit is what made it possible for us to migrate the network safely and successfully ))
orignal I meant Elg of 512 instead 514 bytes
orignal e.g. non standard
zzz dr|z3d, FYI I ran a report looking for signs of the issue postman is reporting (extended total or near-total loss of traffic)
zzz I took 45 days of logs for stats.i2p (from long before I started working on the yellow tunnel problem, to today)
zzz and generated an hourly traffic report for each of the 45 days
zzz average traffic is about 650 req/hr, and not a single hour across 45 days had less than about 40% of average, and all the lowest ones were close to midnight UTC
zzz which is the typical slowest part of the day
zzz and I also don't recall ever seeing it happen here. so I conclude it's probably not a canon problem, and my yellow tunnel fix probably won't fix it, although it shouldn't hurt
not_bob That would explain why I've had issues getting to postman recently.
dr|z3d strange that it's turned up recently, zzz, without me having touched any relevant code, and I haven't knowingly seen the issue on any of my routers. digging further into it with postman.
dr|z3d so the current diagnosis is something like this:
dr|z3d - LS failed to get published, LS gets requeued. Requeue is 15s after fail, with an absolute timeout of 3min.
dr|z3d LS may fail to get republished a couple of times, and then a newer LS is found and repub is abandoned, and the dest works again.
zzz sorry crashed. last seen '... something like this:'
dr|z3d basically we're seeing the LS failed to be republished, then a newer LS is found soon thereafter. got an idea why that's happening, postman's got a new update he'll be testing soon.
dr|z3d might be that we're being a bit too fascist in our handling of shitty ffs, code was there to weed out the crap when we were attacked last year in the request throttler, so I've commented that out and await postman's report.
dr|z3d not getting much info when the LS republish fails, not entirely sure how we go deeper into that with the logging in RepublishLeasesetJob.
zzz ok. interesting. generic advice: develop a theory, prove or disprove, dig deeper or move on to next. good luck
dr|z3d thanks. yeah, theory is being tested :)
dr|z3d in + we have red stars in the sidebar when a LS is overdue, not seeing those right now, haven't been hawkishly watching things, but on initial impressions your yellow tunnel patch looks good here.
zzz if you're banning enough floodfills to blast big holes in the DHT that's a novel way to self-attack ((
dr|z3d yeah, that did occur to me :)
dr|z3d gun, meet face. etc.
zzz seems like graphing the integratedPeers stat would tell you pretty quick
zzz that graph should be really flat at ~1100 or so, but it'll depend on if you're ff or not and other factors
zzz re: yellow fix, there's a new log in there in ExpireLeasesJob that's a logAlways(Log.WARN, ...) if it expires a local LS so that's the clue that things went wrong
dr|z3d ok, thanks, will keep an eye out.
zzz yup, thx for testing and report
dr|z3d **** WARNING: Cert pkg-temp/certificates/plugin/cacapo_at_mail.i2p.crt expires in 179d
dr|z3d all his plugins are defunct now, no? the main one was the b/w manager iirc.
zzz interesting guy. hope he's doing well. that's the only one afaik