IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/08/14
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Leopold
+Over
+Xeha
+acetone
+bak83
+cancername
+cumlord
+hk
+profetikla
+uop23ip
+weko
An0nm0n
Arch
Danny
DeltaOreo
Irc2PGuest21357
Irc2PGuest21881
Irc2PGuest43426
Meow
Nausicaa
Onn4l7h
Onn4|7h
anon2
anu3
boonst
mareki2pb
not_bob_afk
plap
poriori_
shiver_
simprelay
solidx66
thetia
tr
u5657
uop23ip "N" routers, lol
dr|z3d yeah, they seem to be over-represented right now, orignal
darius im sure a mathematician would enjoy reading that cryptography page more, i'm no crypto expert unfortunately but i gather from that page that the form of encryption used for b32 destination addresses is "RedDSA-SHA512-Ed25519 (as of release 0.9.39)". The quote "Signature type is encoded in the Destination and Router Identity, so that new signature algorithms or curves may be added at any time" is about i2p
darius options in the future, not about webmaster options, i'm just trying to understand how the "Additional address for foo.i2p" can be dropped in securely (authenticated).
darius It sounds like i can have one tunnel open up multiple possible b32 LeaseSets to different "homes" where my site might be multi-homed at, but how to add those b32, when i maybe just have the one currently? Maybe name registries have instructions so i'll look there, but for now i must go, do leave msgs if you know, the trick may lay in using openssl commands
dr|z3d don't worry about it, darius, unless you have a website with a hostname created several years ago, you don't need dual addresses.
darius i'm interested from a protocol understanding perpective, also for multi-homing with friends, running untrustable malware like windows
darius i dont want them to be using a master key
dr|z3d you can create an "offline" key with a fixed expiry date. don't ask me how, it's black box tech.
darius ok cool, and they can conceivably be given out by the name registries as "Additional address for foo.i2p" or is that only for entirely new forms of cryptography and do I have to configure my server tunnel to do whatever multi-homing magic? if its about entirely new formats of crypto, out of interest in cyphersecurity, are those new keys signed in any way by the old key in a way that is accessed by every router
darius themself, or is there a process that people went through just to appease the registries, and the registries could just staple on whatever new format key they want they just chose to be good and give the real keys? Sorry if this sounds academic but i really am interested in the process.
darius "**assessed** by every router"
dr|z3d at the simplest level, you'd share your private key, let's say for same of argument to more than one router you're running.
dr|z3d you'd then copy that key to .i2p/ and then point to the key in the tunnel definition.
dr|z3d then, on each multi-homed instance, you'd tick the box in the tunnel config that says "optimize for multi-homed".
dr|z3d the tunnels on the various routers should now share the same address/b32. make sure your hostname is the same for all.
darius thanks, so thats the "simplest" (implies existence of "complex" :D
orignal uop23ip good point )))
orignal dr|z3d do you it's worse to exclude them from client tunnels?
orignal *worth
dr|z3d orignal: I'm pretty sure we exclude them by default in +, KLMN don't get used iirc.
orignal zzz, can you confirm?
dr|z3d that way, for any given client tunnel, the min bandwidth is ~130KB/s
dr|z3d it's a + thing, canon doesn't exclude O.
orignal I pick them because they are considered as "high bandwith"
orignal accroding to I2P specs
dr|z3d 66-130KB/s I'd say is very mid-tier, bordering on slow.
orignal basically what happens
dr|z3d when ADSL was all the rage, maybe they were considered high bandwidth.
orignal they become overloaded quickly )))
orignal with today's streming implemntation
dr|z3d well, exclude them from your client tunnels then, that's what we do in +
dr|z3d if you want to get fancier, have a sliding scale for exclusion.
orignal whouldn't it produce too much overload to O,P and X routers?
dr|z3d doubt it, there are plenty of O,P and X routers out there with b/w to spare.
orignal but where "N" come from?
dr|z3d who knows?
orignal Java-I2P developers should know ))
orignal why users set N
dr|z3d it's probably another attack
dr|z3d you know, one master config deployed all over.
darius re multihoming: as stated i can't give the master private key to an mswindows user, but i really must go feel free to get back to this topic when less busy. re bandwidth: 28kb/s for BEST MOST ULTIMATE LIMIT
RN *** stares quizzically at 28kb/sec ***
darius for fancypants ppl 56kb/s total extreme, mentally dependent limit
orignal *** remebers 9600 B/s ***
dr|z3d you know there's a village in spain where the predominant language is whistling, darius?
dr|z3d if you get good at whistling, maybe you can emulate a modem and go faster.
darius hah.... alas i really wheely must go, i bid adiou
orignal I have US Robotics in my desk ))
orignal for COM port
RN I remember a dialup modem that was 56k
RN darius is bandwidth challenged?
RN yes orignal usrobotix
RN the sounds it used to make
RN ))
RN had one for com port, and one for whatever macintosh used at the time
orignal I have prenty of boxes with com ports
orignal but don't have a phone line ))
dr|z3d seeing a ton of unsolicited DbSearchReply messages round about now. another attack?
orignal most likely
dr|z3d looks like FXR routers
dr|z3d FXR, FPR..
orignal Transit: 460.52 GiB (3265.02 KiB/s)
orignal too much transit
orignal what is "F"
dr|z3d F = f.
dr|z3d floodfill.
orignal I don't see number of floodfills growing
dr|z3d no, not suggesting they are, just suggesting the searchreply msgs are originating from a small cadre of floodfills.
dr|z3d too much transit...
dr|z3d you know what I'm going to tell you, orignal... :)
dr|z3d implement some throttling!
orignal not too much
dr|z3d sooner or later you'll come onboard.
orignal during last attack it was 7-8
orignal 3 is not an issue at all
orignal just more than usual
dr|z3d sure, 3 isn't huge, but what about the diversity of routers using that much b/w?
dr|z3d there are probably 1/2 dozen using most of it?
orignal diversity and inlusion ))
dr|z3d I wasn't trying to trigger you, so behave :)
orignal afaik every i2pd "X" router has transit like this
orignal or you are afraid that i2pd routers is a botnet itself?))
dr|z3d haha, no. not of itself, no, but entirely probable that there are botnets running i2pd.
orignal i2pd routers serve majority of transit traffic
orignal so what's wrong with it?
dr|z3d better that the traffic is spread out all over the network.
orignal do you remeber the situation in 2015?
dr|z3d remind me.
orignal when the network alomost stopped completely
dr|z3d congestion collapse?
orignal because almost every routers returned 30 to TBR
orignal Vuze guys did something wrong
orignal like set low participation rate of so
orignal and all routers got overloaded and returned 20
orignal I literally say 30 for all 3 records
orignal although traffic and number of tunnels were huge
dr|z3d we're bigger now, more resilient, and we generally have better mitigations for shitty routers.
dr|z3d one of the mitigations is TBR throttling :)
orignal because i2pd routers were able to handle this amount of shit
dr|z3d bah, java does just fine, too.
orignal smmetimes I saw 100K+ transit tunnels
orignal yes, because it just rejected most of requests
orignal I don't know how you define "fine"
orignal my point is
orignal that i2pd routers keep accepting and transitting traffic while Java routers just drop it
dr|z3d we try not to accomodate shitty routers.
dr|z3d fine is 40MB/s
dr|z3d if we see a single router sending an unreasonable number of TBRs, sure, we'll decline to route. sane.
dr|z3d let other routers have a go, and pass the traffic around.
orignal But since I remeber what happened in 2015
orignal it's worth to have extra power in the network
dr|z3d who knows, if i2pd did that, maybe the network would be functionally faster.
dr|z3d you could always implement throttling as + does, more or less.
dr|z3d throttle by default, with a boolean config override for anyone who wants to handle everything.
orignal we are back in square one
dr|z3d no, we're at circle 2.
orignal one we have this limits in the specs I will implemnt
dr|z3d zzz: orignal's provoking you to update the specs ^ :)
orignal because I have to explain to guys
orignal why is thsi and what's for
dr|z3d it's easy enough to explain. traffic disytributed over more high bandwidth routers makes the network more responsive.
orignal it's only your personal opinion
orignal and again
orignal why don't you add this to profile
dr|z3d it's pretty obvious. a router handling say 3K tunnels with 100MB/s bandwidth will be more responsive than the same router handling 20K tunnels.
orignal and not build tunnel through same routers too often
orignal it's easy
dr|z3d we don't.
orignal no difference
dr|z3d client tunnels and transit tunnels, different.
orignal if my router handles 20K tunnels with 100Mb bandiwth it means it has rources for it
dr|z3d as I mentioned before, in canon i2p, no single router in more than 30% of client tunnels, 10% in +.
orignal *resources
dr|z3d I'm not suggesting your router can't handle the number of tunnels, that's besides the point.
dr|z3d your router is going to, by definition, be less performant per tunnel than a router handling 3K tunnels. more tunnels is not more better, more tunnels is more lag per tunnel.
orignal what's a difference between handling 100 and 100K tunnels?
orignal as long as you have CPU
RN so by trying to handle everything you slow everything down
orignal slow in what sense?
dr|z3d so let's say you have a cpu with 100K threads. great. no slowdown..
orignal 100% per core? Qeue somewhere?
dr|z3d or rather, not 100K threads, 100K vcores.
orignal same thread
dr|z3d otherwise there's some time slicing involved.
orignal no difference if 100 or 100K tunnels
orignal core usage like 5-10%
orignal lookup per tunnelid is hash
orignal contant time
orignal bandwidth is more resource consuming
dr|z3d well, my theory stands. distributing the traffic to more high bandwidth routers should speed up the network.
dr|z3d I occasionally read about Tor having similar issues.
dr|z3d Too much of the traffic handled by too few nodes.
orignal not our case
orignal plenty of nodes handle a lot
dr|z3d ok, let's switch tack..
dr|z3d what about client tunnels in i2pd, do you limit the percentage of tunnels a single router can be in?
orignal yes we have that option
dr|z3d is it a default?
orignal transit can be 100%
orignal that's default
dr|z3d what do you mean, transit can be 100%? I'm asking about client tunnels and the presence of any given router in client tunnels as a percentage.
dr|z3d so if I have 100 client tunnels, and my limit per router in 10%, then a single router can only feature in max 10 of those client tunnels.
dr|z3d does i2pd implement something like that?
orignal no we don't check it yet
orignal going to do it
dr|z3d ok, that's a good thing to do from a security standpoint. you don't want a single router participating in too many of your own client tunnels.
orignal agree
dr|z3d up to you what percentage you choose, as I mentioned, canon in 30%, + is 10%.
orignal ideally one one occurence
orignal but it depends on your size of netdb
dr|z3d so a single router can only appear once in all your client tunnels?
orignal yes like this
orignal + some random variance
orignal to prevent information leak
orignal I would 1 + variance 1-5
dr|z3d up to you. 10% seems to give me what I want, namely no single router occupying too much client tunnel space.
dr|z3d and that's with an exclude KLMNU policy
orignal risky
orignal if you have contant 10%
dr|z3d there is no 10% constant, it's a max 10%.
orignal advesary can guess which tunnels are from the same owner
dr|z3d so if 10% is risky, what about 30%?
dr|z3d because 30% is canon i2p.
orignal doesn't matter
orignal I don't like such contants
orignal set it with variance
orignal 10% + 20% variance
dr|z3d right. you like random. orignal <3 entropy.
orignal I prefer variance
dr|z3d ok, not difficult to adjust.
orignal so and advasry never knows if it's 10% or 30%
dr|z3d 30% too much.
dr|z3d maybe vary between 5 and 10%.
dr|z3d and an adversary has no way of knowing how many client tunnels you have, so that mostly defeats any attempt to work out what percentage of tunnels he's in.
dr|z3d eyedeekay: we got error 500 on git.idk
zzz confirm what?
Irc2PGuest40605 <dr|z3d> "sure, 3 isn't huge, but what about the diversity of routers using that much b/w?" can i just say for the past few days the outproxies i use havn't been working for the meagre things i asked them to do, dunno if its related
Irc2PGuest40605 they dont even connect anymore, canon i2p
Irc2PGuest40605 i got one successful connection in a handful of days
orignal confirm that you don't pick "N" for client tunnels
orignal zzz, people complain about snark
orignal if it can't connect at start it doesn't try to reconnect again after a while
zzz no, not true, we only avoid K/E/G
orignal also for cleint tunnels?
zzz correct
orignal if you build a tunnel through L it doesn't make sense
orignal because in modern internet you expect much more traffic
zzz L routers deserve some love too ))
orignal exploratory tunnels
orignal or low loaded
orignal I'm thinking to instroduce additional param hike "high loded" to pick "P" and "X" only
zzz re: snark, if autostart config is enabled, it should keep trying
orignal how one can enable it?
zzz it's on the configuration page. but I think it defaults to on
dr|z3d the param name wouldn't be high loaded, orignal, that suggests congestion. high bandwidth, perhaps.
dr|z3d or high_bw
dr|z3d re snark, in canon the default may well be "off" for autostart, I think it's "on" in + snark. might be wrong.
zzz DEFAULT_AUTO_START = !ctx.isRouterContext();
dr|z3d there we go, confirmed, thx zzz.
dr|z3d DEFAULT_AUTO_START = true;
dr|z3d we don't care if you're standalone or embedded.
uop23ip Has been thought of a kind owncountryphobic feature? Like no direct connection to peers of own country for transit or no tunnels with a gateway of my own country?
dr|z3d sure, if you're in hidden mode then that happens.
uop23ip but then no transit
dr|z3d correct
uop23ip would this phobic behave have negative impact on the network if transit? Isn't it the same as the router filtering above?
uop23ip short: why isn't there a "no direct connection to own country peers for transit tunnels"?
dr|z3d BAD network -> A2nGir
dr|z3d also, a smattering of routers with future RIs being spotted recently.
not_bob I agree, snark, if it loses connection can be a problem. It should try to reconnect.
darius is there an answer on how upgrade to new crypto for i2p works, does every router need to see the new crypto key signed by the old crypto or do we just trust registrarsat this point?
darius also for multi-homing can i have different keys for different frens
RN that's not what multihoming is darius
RN multi homing is having different computers in different places serving up the same site (resource)
RN what it sounds like you want is the site to be different per user. you need some kind of login, or some kind of nginx magic or such
RN you don't need to do anything for "new crypto" that upgrade hit the network quite a while ago
RN the "new crypto" that was mentioned recently is more about backward compatibility with sites created long ago
RN different keys for differnt friends: not how it works, key is for a destination, you would give friends same dest (b32 or registered url) and the webserver would have the job of handling login/identification and serving different content to each
RN unless your intent is to manage a separate site for each person, then you'd give each a unique destination and run a different site for each user. better to just have them login/identify in some way
darius so for multi-homing what i mean is a few different b32, because simply I cant fully trust the systems of the people who may want to help me host something, so the other servers would have a different b32 but i want them included for the same destination
darius the "new crypto" thing is an almost academic but real curiosity for me because i saw "Additional address for foo.i2p" in the addressbook logs and im wondering on the process for that do
darius did the new crypto get authenticated and checked at every router or was that just a "trust the registries" event?
darius for the multi-homing, i'm thinking of whether there's a way to configure the master server tunnel to say, "u don't just have to use me, try X,Y or Z destinations, for this tunnel too?" i retain masterkey status and the other b32 are just signed by my master b32 key for say, 1 year?
darius for the multi-homing, i'm thinking of whether there's a way to configure the master server tunnel to say, "u don't just have to use me, try X,Y or Z destinations, for this tunnel too?" i retain masterkey status and the other b32 are just signed by my master b32 key for say, 1 year?
dr|z3d multi-homing = multiple routers hosting a *single* destination. what you want is offline keys with a set expiry date. as mentioned before, a bit of a black box. ask zzz about offline keys.
darius may i ask what makes them 'offline' keys? they need to be online so they can encrypt the traffic with a key and send that info.
dr|z3d shinobi.i2p is your friend.
darius yay more frens :)
zzz this whole convo is a jumbled mess combining 1) multihoming 2) crypto migration 3) offline keys 4) per-user keys 5) addressbook multiple dests 6) addressbook subscription entry signatures and I don't even know what else
zzz are you throwing out ideas and asking if we might support them someday, or are you trying to do something and asking how to
darius i was pretty precise over the past day, during i saw "Additional address for foo.i2p" in the addressbook logs and im wondering on the process for that. Did the new crypto get authenticated and checked at every router or was that just a "trust the registries" type event? Were the new keys signed by the old keys and was that process of authenticating the new keys done by the many regular routers or just beamed
darius down by keyservers.
RN crypto migration is a non-issue. old news and it was done correctly.
RN offline keys would let you give your friends a copy of your /docroot and give you the ability to revoke them being able to serve your site if they turned out not to be a friend
RN I think that is the main thing you've been circling around, throwing in lots of distracting unrelated contributions to the converstation from other confusing your issue
RN it is a complex thing to set up, and zzz is indeed the expert on how to do so.
RN s/other/other people/
RN I really need to deploy it myself and make additional notes
darius the convo started with me asking if registries can just change the b32 a person has in their router and it was explained to me that that is not possible, the system would just log errors for that. i was curious to see if there were any such errors in the log and there wern't any only those "Additional address for foo.i2p" entries. :) things in the works but gotta be slow and methodical about it
RN that has been explained, it is because old sites and is not a matter for concern
darius yes yes i know and have reading to do, jus explaining how convo evolved
RN if one of our long trusted registrars were to tamper it would be noticed and people would stop using that registrar
RN but you keep bringing up stuff that has been answered, and bringing up more issues each time instead of focusing on what you are trying to do
RN I agree your 'converstaional' interactions are quite chaotic and hard for people to keep up with.
darius hang on so, now you are saying something different, you are saying it IS technically possible for a registrar to change a b32? its just that they dont out of fear of reprisal
darius or if they did the error logs would alert ppl
darius is that what u mean?
RN they can not change the b32 your register your url to. If they tampered with the data in an effort to hijack a stie it would be noticed quite obviously.
RN yes it would be in error logs and other hints users would notice. it isn't an issue. sure it is possible a registrar COULD try giving wrong info but it would not happen in secret and there would be news announcments and tweets and such
RN you are chasing a red herring
RN the registrars are trustworthy and watched closely
RN so, am I correct that your goal is to have friends help you host your site when your computer is off?
darius yes but im trying to get to the crux of it, the failsafe part is that attempts to change the b32 are ignored by the addressbook, yes?
darius ignored and error og
darius *logged*
RN IF a registrar tried to give a modified entry, the user would be presented with a conflict notice when trying to load the site
RN and a log notice
darius Ah, the same as the bung link isse drz3d mentioned yestee
RN so, yes. this issue was well thought out. it is not something likely to happen, and if it did, everyone would know fairly quickly.
RN so can we move on from the paranoia about spoofed data and crypto migration. these issues were handled long ago by people much smarter than you and I
RN registrars have little to do with your site being multihomed.
darius but that error will only appear when someone is trying to access the site. What if the bad address is given during a routine 24 hour download of the addresses in the addressbook, then its only an error in the logs and an ignore?
RN omg
darius i know. This is MY interest in crypto, if its answered on the page i'll go but if not lets talk
RN go look first
RN just let go of it. it isn't gonna happen. and if and only if it did, hypothetically, everyone would know.
RN you don't need to understand quantum electrical fields to operate your toaster.
RN if you want read the docs and specs and code and walk through things step by step, more power to you. but you seem to be getting stuck on things that are non issues.
RN who cares the spin of the electron as long as your bread turns into toast.
RN ;)
RN at this rate, darius won't get a site up until I2P 726-0.5
darius its important because we have that wonderful abstraction that is human-readable.i2p addresses. i'm a protections person i like to have protections for nice things like helmets for my thick skull, like a nicely preened feather to repel cold droplets from a ducks back, and like an ignore function for attemots to change b32s
Irc2PGuest70981 darius: human readable i2p addresses are less secure than using base32 addresses
Irc2PGuest70981 honestly they should be eliminated. users should copy and paste base32 addresses from secure sources.
RN there is some truth to that mesh@j6.i2p
RN but adoption
RN and the risk of having a registered site is imho minimal unless you are hosting something really unsavory
RN even then... not tracable to you if you do things right
darius if someone says that attempts to change a b32 are ignored by i2p, if they say that to change a b32 a person needs to intervene by deleting the entries in there address book and then a new b32 will be accepted then that all I care about...i'll run along
RN darius, did you try the reload button at least three times?
Irc2PGuest70981 darius: literally all of your problems go away (and they are real legitimate problems) go away if you ignore human readable addresses and pretend they don't exist
Irc2PGuest70981 darius: you have literally no idea what the various i2p router implementations may or may not do when it comes to the "registrars" and the naming system
RN mesh I think your perspective is overly paranoid. but to each their own.
RN darius, i2p-projekt.i2p/spec/subscription loads fine for me. did you try at least three times?
Irc2PGuest70981 as I've said before, what you should do, and what I do, is pretend human readable addresses don't exist. if users want to access any of my sites they need to obtain a xml file (cryptographically signed by me) that says these b32 addresses are for X, Y, Z
darius i did try 5 times :) ok so can i suggest a IIP (i2p improvement proposal): ignore attempts to change a b32 OR log them and give the message that I proposed yesterday
Irc2PGuest70981 then they copy and paste b32 addresses directly into the browser
RN that works fine if you want to curate your user base.
Irc2PGuest70981 one of these days I'll probably write my own i2p proxy server that makes everything nice and easy
RN let us know when you do mesh@j6.i2p
RN ;)
Irc2PGuest70981 darius: there is no solution btw
RN if you want to put a site out there for all to access, a url is much better than a b32
Irc2PGuest70981 darius: even if you somehow manage to convince them to change the java router implementation there are other router implementations out there
Irc2PGuest70981 darius: you cannot rely on routers to do the right thing. there are lots of malicious i2p routers out there doing bad things. see also: the last 2 years
darius "Maybe on dashboard, a single sentence "Since X (earliest date), N b32 i2p addresses have changed. Click to be informed of changes."
Irc2PGuest70981 if you're worried about naming authorities silently changing the name->b32 mapping the only solution is to avoid naming authorities and do your own naming
RN already covered that mesh
RN you are just confusing them more
RN darius, i2p-projekt.i2p/spec/subscription loads fine for me. did you try at least three times?
Irc2PGuest70981 btw silently changing your b32 address isn't the worst case scenario. you cannot rely on i2p itself as a identity mechanism as a general rule
RN I disagree with that. you absolutely can. and any mal-acting registrar would be outed quite quickly.
darius i did try several times RN. If a change of b32 happens so rarely, just list the errors verbatim from the address book logs in the dashboard.
Irc2PGuest70981 and you should, in the event of a dos attack or other more subtle de-anonymization techniques, be prepared to throw away all your existing b32 addresses and change to new ones
Irc2PGuest70981 RN: well you can if you're an idiot
Irc2PGuest70981 but i2p is a routing protocol
RN if you loaded i2peek-a-boo.i2p ten years ago, and load it today you are cryptgrahically assured it is still my site.
Irc2PGuest70981 using it for identity is an absolute mistake. I speak from experience
RN the private keys are the identity
Irc2PGuest70981 private keys are more like name tags
RN as long as you don't leak those you are fine
Irc2PGuest70981 RN: not if I dos your b32, then you're sol until you change to a new one
Irc2PGuest70981 and there are worse things
Irc2PGuest70981 in the real world there's a thing called key rotation
RN if you can dos my b32. good luck with multihome.
Irc2PGuest70981 hehe multihome won't save you. postman is multihomed up the wazoo and still falls over
Irc2PGuest70981 but my general point is that there's a reason why people rotate keys
Irc2PGuest70981 the i2p naming system could be changed to work correctly, but it would involve much more than darius' proposal
RN comes down to your threat model and personal paranoia quotient
Irc2PGuest70981 you'd want people to be able to attest to a naming authority that they are providing service X at b32 and this attestation itself would be secure and relayed to clients
RN more bikeshedding
Irc2PGuest70981 RN: btw it's not about a "malicious naming authority". even if you trust the naming authorities (and you have to if you want human readable names) at any second a naming authority can be hacked
j6 you could be hacked just as likely
Irc2PGuest70981 that's why you don't trust naming authorities unless they are simply relaying cryptographically signed documents
RN sure, and if hacked and it tried to do something malicious it would be noticed quickly
darius key rotation is fine, but it needs to be done cryptographically attested yes
Irc2PGuest70981 RN: it would likely never be noticed unless somebody actually sat down and tested the mapping themselves
j6 good thing that i2p doesn't have any naming authorities >;P
j6 unless the haxx0r is SPECIFICALLY out for JUST you, it's unlikely they'd be invisible
j6 they'd be changing plenty of records, most likely, and that would be noticeable
Irc2PGuest70981 j6: that's exactly what the hacker is out for dumbass
Irc2PGuest70981 why would they change everything and increase the chance of being discovered
j6 because they have other people to go after?
j6 why are you so very unique?
Irc2PGuest70981 once you own one of the address books you'd keep it real quiet and behave good 99.9% of the time
RN any worthwhile target has users. these users would notice the conflict message
j6 tbf, you might not have such messages on i2pd or other implementations, necessarily
Irc2PGuest70981 yes, that's the only real safety. even if the naming authority is compromised the malicious server still can't identify end users... unless they're doing something stupid like pinning a client Destination to their web browser
RN there's enough java based users that it would be noticed
Irc2PGuest70981 RN: you're making a lot of assumptions
RN also, I bet notbob would notice. he's detected irregularities before that led to bug fixes
RN so are you mesh@j6.i2p
j6 relying on any specific individual to be around forever, is a very poor operational model
darius "these users would notice the conflict message" not unless it appears in some form on the dashboard
j6 lol
RN darius, it appears when trying to load the site in question. please pay attention to things that have been already said.
snex “Everything sucks and I’m a Java expert but no I won’t help fix it”
darius RN> "these users would notice the conflict message" not unless it appears in some form on the dashboard
RN no it appears when loading the site
RN some users don't look at the dashboard or logs often
RN when you try to load a site with a conflicting entry it comes up just like the 'lease set not found - maybe site is offline' message
Irc2PGuest70981 darius: there are no "users" or "dashboard". you keep thinking there's like one i2p router implementation out there that everybody uses and will do what you want. there are many, many, many implementations. i2p is a protocol not an application
j6 that sounds like a misleading error
RN I'm paraphrasing a page you have seen many times j6
j6 I haven't seen it
j6 because I don't use java i2p
j6 lol
RN ah, well that's your loss.
RN ;)
darius <j6> "that sounds like a misleading error" ... they menat LIKE those errors. Do we need a "Pending" address book where conflicting updates go?
RN darius, why are you adding new text after quoting someone? we don't need to quote someone who said something minutes ago, just use their name
RN you must be Russian, they like to quote each other back and forth like that.
j6 also leaving username out of the quotation is weird
j6 makes it sound like I said the entire line
RN exactly
RN that's probably due to their client cut/paste function
RN just immagine how the conversation "sounds" to someone using a screen-reader-tts
Irc2PGuest70981 darius is indeed a Russian agent probing weaknesses of the i2p network under the guise of wanting to run his own site
RN for once I agree meshhy
RN ;)
darius ok Do we need a "Pending" address book where conflicting addressbook updates go? Which would force a decision.
RN no, we don't need it
RN for java based i2p you make a decision when the conflict page appears, for i2pd idunno maybe an error message
RN j6, do you get some error message when you take a helper url and tweak one character (thus intentinally making it wrong just for the sake of testing)
j6 helper url? me no have such luxury ;P
j6 I guess I can try
darius During a routine download of the address book there is no error page. What happens then?
RN it does not download the whole address book each time.
RN the subscriptions provide incremental updates
darius does, every day or whatever the interval is, unless something has changed in the last year
j6 yeah I don't think i2pd does addresshelpers at all
RN and if something conflicted it would probably just be a note in the logs, I THINK it discards it if the url is already in your addressbook
darius confirmation of discard needed
RN let us know if you confirm it in the code before someone who knows speaks up, darius
darius repeating, for j6 who went offline, I just sought confirmation that conflicting addresses that are DLed are discarded
RN I can confirm, if you already have a url+b32/b64 already in your addressbook and get conflicting info from a subscription, the new info is definately discarded.
RN the user ultimately has control over their local addressbook.
RN and actually, the address book has the b64 format not b32.
RN darius, there is your confirmation.
j6 nice voice