#saltr (irc2p) | I2P+ 2.7.0-11+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

dr|z3d cumlord: I'll see your postman and raise you a postman ramble.i2p/f/Art/5505/the-postman

darius hi snex, wat is this bigmagnet and why is it an issue in one sentenec. i'm not on github and try to stay away from it like the plague, personally

dr|z3d it's a magnet about 3* the size of a normal magnet, throstle.

dr|z3d see also: bitmagnet.io

snex It’s a self hosted DHT indexer. The issue is to get them to add i2p support

darius <snex> way too many people trusting public servers like matrix.org <<<<pretty sure that was the whole point of matrix from the start, like mastodon, get ppl advertising the server while they are talking about the "type" of server

snex And since it has an api we can integrate it into snark if we want to go down that route

darius XMPP?

snex Xmpp is trash

snex It’s worse than irc

darius <snex> its easier to maintain a docker than keep documentation up to date, github does it all for you even <<< this could be why we have so many problems on planet earth

snex False

darius snex> "the only person who has ever asked me for support was doing a manual install" <<< sounds like one person doing things right :P

snex The problems are in dogshit like CrowdStrike that have ancient tooling

darius i think the opposite, that matrix is trash and xmpp just works, in its lightweight way. guess we just disagree *shrugs*

snex Xmpp you can’t even have same identity on multiple devices

darius you can tho, last time i checked its a thing that is extended onto xmpp

darius pretty sure mine runs it

darius people i know just use it from home, anyway

snex You can log in twice but the behavior is fucked up

snex You’ll see messages on one but not the other

snex In matrix messages are persisted and e2ee

snex You know like a real chat service

dr|z3d persisted until an op decides to delete them. that's either a blessing or a curse.

darius sounds like an implementation issue, i'll tell folk to be on the lookout for it, but as i said they either have a home or work only acct

snex It’s an issue inherent to xmpp protocol

snex There is only client side persistence

snex Messages are routed to the first peer that has a given identity

snex It’s sort of like how eepsite multi homing works

darius pretty sure there's an extension for this, but i need to check later, btw, did anyone get a chance to read any part here? undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html

dr|z3d I checked it worked, skimmed it.

dr|z3d It's a lot of work for what is essentially an icon, but hey, if it keeps you happy :)

dr|z3d register the site with reg.i2p and stats.i2p perhaps.

dr|z3d throstle.i2p is available.

darius saves resources (ie. fast load), is animated, is able to be colored in whatever way the person needs to suit their page

darius yeah it just an icon but those things help

darius also the inline variant hasn't been done afaik since the flat icon movement!

darius You should see the page from 2005 that i referenced, :P its cute, but yeah, pre-"material design"

darius that's what came up in the search i did.

darius should probably mention all this on the page too.

darius "i referenced" **in css**

darius referenced in *the* css

dr|z3d you might want to look at eyedeekay's railroad plugin.

dr|z3d good place to blog about stuff, easy install.

darius *thumbs up* will do, i think i'll add a section to the start THE PROBLEM, outlining what i've said above, thanks dr|z3d i think a properly outlined problem was missing, there is no money in rss as a medium, so assume the neglect has come from that.

darius Probably shouldnt have done this now, but i added a THE PROBLEM section and also added item (1) to COMING SOON

darius undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html

orignal guy, people say you are fucking idiots

orignal about this

orignal " If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each."

orignal please clarify

orignal if it's not a mistake in phrasing it's dumbest decision you have made

zzz re: i2cp, correct, you do not provide a published time in the requestvariableleaseset message. We use now().

zzz I just mentioned the setdate message in the handshake, that we use to set our clock skew on the client side, in case clock skew was the issue. But doesn't sound like it is.

orignal that confused me because you said that you use my time

orignal then it comes to another question

zzz yeah sorry I said 'in the handshake', == getdate/setdate. I was just thinking clock skew might be part of the problem

zzz that was before you fixed it

orignal we have to send leaseset request in LS1 format

zzz not really, just think of it as 'request format'

orignal then if exporation time and publshing time comes from different clocks we need some threshold

zzz we automatically select ls1 or ls2

orignal I can't get rid of LS1 because this format is used for I2CP

orignal my logic is

orignal I have a LS I create it and sign it somehow

orignal now I still need to keep LS1 code and milliseconds timestamps just for ICP

orignal *I2CP

zzz snark is generating a LS2: <orignal> at net.i2p.data.LeaseSet2.sign(LeaseSet2.java:616)

zzz we made that decision when we designed LS2: Use the same RequestVariableLeaseSet I2CP message. We didn't need a new one

orignal yes I know how it works

zzz just think of it as 'request format', not 'LS1 format'

orignal while request format is LS1 format not

orignal also I don't have a way to tell client to not produce LS1 leaseset

orignal I want to drop local LS1 support completely

zzz the client side should create LS2 if the router supports it

zzz well, if you're a floodfill, look and see how many LS1 you have in your netdb

orignal not that part

orignal only LeaseSets generated by me

orignal not someone's else

zzz well, unfortunately that's how I2CP works right now, that's the format of RequestVariableLeaseSet messages, that's how we did it. Maybe next time we need to change I2CP we can add it to the list

orignal RequestVariableLeaseSet2 should be introduced

orignal with proper format and timestamp in it

zzz maybe. but new i2cp messages are a big pain in the ass due to compatibility issues. My opinion, don't do it unless we have to.

orignal_ why can't you just sign LeaseSet?

orignal_ why do you need to generate it?

orignal_ on client side

orignal_ it doesn't make sense for me

zzz blame jrandom. the original design was the client did not trust its own router, and each side had its own keys

orignal so why can't we instroduce a message to sign just a buffer

orignal ?

orignal well it make sense that a client might even not have a s signing key, it can olly sign

orignal but everything else doesn't make sense

zzz sure, but stuff that doesnt' make sense is normal for a 23year old project ))

zzz you know what I'm going to say next: write a proposal ))

orignal disagree

orignal that's the reason you don't have I2CP based app

orignal beside yor own

orignal because requirement to create LS makes it dependent on all I2P code

zzz if you don't want to support I2CP, if it's too much trouble, or doesn't make sense, then don't. It's your project.

orignal unlike SAM for example

orignal no, I'm fine

orignal just telling you why I2CP is not as popular as SAM

zzz ofc

orignal cleint app sould know nothing about leasesets and other internals

zzz the real reason is there's no non-java libraries for i2cp AND streaming. I2CP came first, then SAM.

zzz right, SAM puts all the "hard parts" like LS and streaming on the "other side" to make it easy

orignal there are nunch of datagram-based projects

orignal that don't require streaming

zzz they might be good candidates for direct-to-i2cp then. Datagram-only might be easier on I2CP than on SAM.

zzz maybe. but worth evaluating both

orignal but LeaseSet requerement makes the idea worthless

zzz well, if you were developing a client-side I2CP implementation, maybe it's one of the harder parts to code, but I don't know if it's a showstopper

zzz doesn't really matter, nobody is doing it

zzz might be a good side project for eyedeekay in go, but he has a hundred side projects already ))

zzz dr|z3d, re: expired local leaseset message, I assume you mean you're seeing it on plus. Good luck with the bug hunting

zzz I reviewed my logs on two routers

zzz after I added the msg but before the fix, I was seeing several msgs/day

zzz in the ~2 weeks since I fixed it, I have zero messages on two routers

orignal if I developed a cleint side of I2CP it would required whole libi2pd for it

zzz yup

dr|z3d thanks for the moral support, zzz.

zzz yup. now that I have two weeks of testing, I'm going to shoot an email to eche asking him to try -2 on his irc server

orignal guys, about Tor. It really makes negative impression about i2p

orignal just read major's logs from #dev at ilita

orignal you were not supposed to do it this way

orignal that affects I2P users with outproxy

orignal if resistance to attack is ONLY purpose

dr|z3d what do you mean, orignal? how does blocking Tor impact outproxy users?

orignal <orignal> " If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each."

dr|z3d If I attempt to browse to an .onion address from an outproxy, absolutely no issue whatsoever.

orignal statemnt from 2.6.0 release

dr|z3d Yeah, I don't get what your problem is with the phrasing.

orignal this statment means

dr|z3d and you're a little late to the party.

orignal that if you ban I2P routers running on the same IP as Tor outproxy

orignal me? no

orignal people on dev care

orignal <Vort> не знал об этой новости. 1. выглядит как цензура. 2. + как признание неспособности защитить I2P без деанонимизации. 3. при всём этом, в сообщении нет никакого обоснования такого решения

orignal <segfault> Vort: к деду пришли люди с паяльником?

orignal sounds great, isn't it?

dr|z3d let them piss and moan. routing I2P over Tor gives us nothing but shitty connections.

orignal it affects only them

orignal those who runs I2P over Tor

dr|z3d oh well.

orignal thier hops only

dr|z3d we had this discussion several months ago.

orignal again if there is a hidden reason I don't know about

orignal than I give up

dr|z3d and your response regarding blocking Tor nodes was "up to zzz".

zzz I believe the original statement was mine, on zzz.i2p and twitter, possibly edited by eyedeekay for release notes; rewrite suggestions welcome

orignal so, let me clarify

orignal do you block I2P routers sitting on the same IP as Tor outproxy and publishing it?

zzz zzz.i2p/topics/3637 (3 months ago)

orignal my repsonse was about guys connecting through Tor

dr|z3d Tor outproxy?

dr|z3d if the Tor outproxy is a Tor client, and not a Tor exit, then no blocking occurs.

orignal not running I2P router on the same IP as a Tor exit

orignal sorry exit

dr|z3d Blocking *only* occurs if the Tor node is an exit.

orignal I would never have supported such shit

dr|z3d you were informed well in advance. and in fact the impetus for the change came from you.

orignal again what if one runs I2P router in the same IP as Tor exit?

dr|z3d your theory was that an attack occuring at the time was being originated over Tor.

zzz yeah I thought we disussed this at length in May

dr|z3d we did, zzz.

orignal "attack over tor" means routers without IP and Tor exit endpoint

dr|z3d orignal's being "perfomative" for the logs :)

orignal is it not obvious?

zzz I also tweeted it which I'm sure orignal saw

orignal no I didn't see

orignal again

orignal that's the dumbesets decision you have made

orignal we discussed about router connected through Tor

dr|z3d right.

orignal and not from Tor exit node IPs

dr|z3d and a router connected over Tor exposes itself to the netdb as a tor exit ip.

orignal is the difference not obvious for you?

zzz how many people in the world does this affect? 5 or 10? not a lot

orignal <tetrimer> Судя по тому, что выходные ноды - Tor очень любят блокировать провайдеры по всему миру, здесь просто попытка вывести i2pd из-под безусловной блокировки.

orignal like this?

orignal it's not about affect

orignal it's about reputation

dr|z3d My Russian isn't that hot, you'll need to translate the relevant parts if you want me to read it, probably zzz too.

orignal people think you got blackmailed or something

orignal also Vort is asking about rationale

orignal use google translate

dr|z3d not in the mood to google translate. sorry.

orignal people need transparency

zzz dr|z3d has blocked tor for years. after the discussions in May, eyedeekay and I discussed it (in i2p-dev?) and made a final decision

orignal dr|z3d is not an "offical I2P"

dr|z3d I think plenty of that discussion happened here, and orignal was both present and somewhat vocal.

zzz have Vort look in major logs in May, maybe saltr, maybe i2p-dev, probably both

orignal he can do whatever he likes

orignal tell me the rationale you have taken than approach

orignal despite it's obvious to differentite routers connect through Tor and running on Tor's IP

dr|z3d routers hiding behind Tor have, in the past, and possibly currently, been used to attack the network.

orignal tell me, not him

zzz zzz.i2p post: "Just don't. It won't work well and it's bad for both projects."

orignal again they are very easy to recognize

dr|z3d also, routers running I2P over Tor are generally less reliable, slower, only provide one transport, and degrade the network.

orignal are you listening to me?

orignal the problem is not with router over Tor

zzz you're the one that told us to do it orignal based on the attacks. I'm confused why you've changed your mind

orignal the problem with routers on the same IP as Tor exit nodes

dr|z3d if you want to run an exit and I2P, you need to do it different ips.

dr|z3d no biggie.

orignal yes, I mean block user connected from Tor

dr|z3d you can't block Tor users without blocking exits.

orignal that;s what tetrimer said

orignal do you want me to repest second time?

dr|z3d repest away.

dr|z3d :)

orignal Router with Tor's exit endpoint and without that IP in RI should be banned

orignal router connecting from Tor's exit IP and have it in RI are good

orignal guys, you are not noobs

orignal you are I2P developers

dr|z3d Router connects over Tor, router banned.

orignal I though it was obvious

dr|z3d Router no connect over Tor, router not banned.

dr|z3d Obvious.

dr|z3d And sane.

orignal no

orignal router itself running on Tor's exit IP will be banned

dr|z3d Correct.

orignal while it doens't connect over Tor

dr|z3d Which is the intended behavior.

orignal and it's dumbest

dr|z3d well, as zzz said, that's an unfortunate side effect that doesn't affect many people.

orignal and it will make very negative PR effect to I2P

orignal period

orignal *** afk ***

orignal and again what;s wrong with my appoarch

dr|z3d not really, many people will appreciate the reduced exposure to dubious routers using Tor as a cover for theie attacks, and the better network performance.

orignal beside I'm not aware of something

orignal zzz please tell it clear

orignal why you wanted "side affect" rather than doing it clear way?

zzz we do both. belt+suspenders.

orignal no rationale for it

zzz would have been nice to get this feedback in May. It was pretty clear what we were doing, in tweets, zzz.i2p post, discussions here and in i2p-dev, and in release notes

orignal only grounds for conspirology

orignal then change it back and do it my way

zzz release notes are for a general audience, we're not going into details of attacks and respponses

orignal it's always nice to admit mistakes

zzz this is the first complaint

zzz we also consulted with StormyCloud in advance to make sure it did not affect his infrastructure

orignal router running on Tor exit IPs must be acceptable

orignal be bak in few hours

zzz thanks for the feedback

dr|z3d what's orignal proposing as an alternative method to block I2P over Tor? That's not clear to me.

zzz the same-ip checks (RI IP matches connected-from IP) that we also implemented a while ago, but are not a complete solution

zzz because they may put the tor IP in the RI, or (more likely) are publishing as firewalled, w/o an IP

zzz ditto the ip-hopper checks

dr|z3d right, so we just block Tor exits at source. Don't see an issue with it. If you really want to run Tor and I2P on the same ip, use i2pd.

dr|z3d sure, your router will be blocked by I2P/+, but hey, that's the price of progress :)

zzz I'm stumped on how this damages our "reputation", and I certainly didn't see any pushback on twitter or elsewhere

dr|z3d someone's got a bit too excited.

zzz first time i2pd has ever cared about java's "reputation" :)

dr|z3d actually, the second time, at least from orignal's pov. his other pet project is inclusivity, remember :)

zzz sigh. leave that be.

dr|z3d *** chuckles. ***

dr|z3d Word of the day: conspirology (courtesy of orignal)

dr|z3d en.wikipedia.org/wiki/Conspirology_(conspiracy_theories)

darius i'm currently directing readers to instructions for setting up an eppsite the console has some unique content that is not on the stub help page, i suggest either putting the unique content on the help stub page also or give an id to the <h3>"Self-Host An I2P Site" so I can link to it directly. If you need any help with the former solution in terms of 'copy'writing i will do that.

darius i also added a white button example, and example on how to dynamically replace an svg with a png for browsers that don't handle svg, and updated a bunch of other stuff on the page

darius undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html

darius all very pertinent content

darius if anyone hasn't checked it out, pls do, i've tried to make it a fun page.

orignal zzz I thought about this too

orignal if it's an unknown router you put it on hold

orignal until you are able to connect to that IP/port

orignal first time about reputation? How many people truned away from I2P because that LGBT statement?

orignal because two versions of SAM 3.3?

orignal now, time for clarfification

orignal you blame me that I didn't participate that discussion

orignal true, becuase I didn't care

orignal because I don't see any negative impact to i2pd

orignal why now? because guys noticed and asked me wtf

orignal I asked you and got the answer like "none of your business"

orignal everybody can make a mistake, but admit it and change for the next release

orignal but no, you will stand of this dumb decision and end up same way as SAM 3.3

orignal since many people has noticed this it will be everywhere soon

orignal kislitsa, opennet, habr

zzz are you concerned about our reputation, or trying to damage it? We support your project and hope you will do the same for us.

orignal damage? where?

orignal please explain

zzz kislista, opennet, habr?

orignal what to do with me?

zzz I'm happy to review the performance of our attack mitigations with eyedeekay when we have a chance

orignal I'm not going to do anything for this

orignal but many people read #dev

zzz ok. thank you for your feedback

orignal and they didn't receive an answer

zzz is there anybody there that's actually affected by this? or is this just speculation?

orignal not at all

orignal but people are asking why is it

orignal and if they can trust i2p

zzz how does this sow mistrust?

orignal and it was not following someone's narrative

zzz I don't know about any narrative

orignal "world govemnent is try to shut down darknets"

zzz I don't generally take consipiracy theories into account when making technical decisions

orignal "they promote censorship, LGBT and mass migration"

orignal I know

orignal but what they think in two words "zzz works for NSA, FSB, SS, WEF, etc."

zzz these changes were carefully discussed, implemented, reviewed, tested, and announced

orignal no there were not

zzz fine, there's nothing I can do about that, and I'm not going to make technical changes based on conspiracies

orignal the discussion about to not let people connect from Tor

orignal yes or no?

zzz yes or no what?

orignal <orignal> the discussion about to not let people connect from Tor

orignal there was not discussion to ban Tor's exit node IPs

zzz yes it was discussed and announced. maybe you missed it? maybe it was in i2p-dev? I don't remember the details

orignal Ok. I have missed it

orignal my fault

orignal now guys noticed it

orignal time to fix it

orignal because there is a sloution without this "side effect"

zzz as I said above, belt+suspenders, no mitigation is perfect, that's why we have multiple things

orignal ok. so you answer is that you are not going to change back based on my proposal

orignal ?

dr|z3d you were party to the discussion, orignal. you were explicitly told by me that zzz was going to block Tor exit nodes.

dr|z3d as for a proposal, you haven't made one.

orignal dr|z3d let zzz answe

zzz I'm saying I'm fairly happy with what we have now, I don't understand your proposal fully, and perhaps eyedeekay and I can review how the current code is working and see if there's any improvements we can make

orignal so what is not clear in my proposal?

orignal you are happy, but you didn't answer people's question

zzz all of it. the what, and the why. you want us to ban only connections from tor if the IP is not in the RI? that's not easy for us

zzz this is not a courtroom

orignal people should be able to run legitimate router whereer they want

dr|z3d zzz, admit it, you're an NSA plant. make orignal's day :)

orignal including on Tor exit node

zzz you're throwing a bunch of stuff at me and demanding answers? I'm trying to work _with_ you and you're coming at me with accusations

dr|z3d joking aside, tone it done orignal, too much emotion, not enough rational.

orignal if you don't let people run routers on IPs from some list(Tor exit nodes) without rationale it smells bad

orignal dr|z3d go read full today's discussion on dev

zzz why are you so passionate about this when it doesn't affect you or anybody in #dev? it's an implementation decision.

orignal why? because people asked me

orignal and I didn't have an anwswer

zzz this is exhausting.

dr|z3d orignal: I don't care about whatever the conspirologists think on your irc network. You've already told us they're all mentally ill. All we need to know :)

orignal that's why I asked you and didn't get an answer either

orignal people on dev are not mentally ill

zzz answer: attack mitigation, carefully discussed/reviewed/implemented/tested

dr|z3d well, that's what you told us before.

orignal it was about ru

orignal zzz, do you have to ban IPs from the list?

orignal do you understand that one who controls this list can put the network down?

orignal easily

orignal in one click

zzz not true

orignal you comapre IP with that list

zzz we update the list manually and review it before checking in. it's not an automatic feed

orignal now

orignal let's start from scratch

orignal manually or through SU3?

zzz why do you care so much if it doesn't affect you or anybody in #dev and it's not in your project?

zzz manually

orignal because I care about whole I2P project

orignal we try to promote it eveywhere

orignal to exaplain people why they should use I2P

orignal to convince that I2P is independent from current narrative

orignal but by that change you have sent very bad message

orignal to pptential users

zzz we do as well, and support your project too.

orignal right

zzz I disagree about the 'bad message' or the extent that implementation details can affect 'reputation', but I appreciate your comments

orignal but people like Vort and tetrimer are not complete idiots like dr|z3d claims

orignal they are very techical guys and want answers

orignal and I guess rany will be affected

orignal because he runs Tor exit node

zzz don't know tetrimer but I respect Vort. techical guys generally don't ask questions about conspiracies and reputation

orignal tetrimer is serious freesbd guy

orignal contributed a lot to mitognate last attack

zzz but as I said I can review the current implementation with eyedeekay and see if we can do any better

orignal reputation is my veiw

orignal then answer the simple question

orignal do you agree that not let people run an I2P router on a Tor exit node is wrong?

zzz that's part of the problem here is you're both trying to represent people that aren't here, and also adding your own views, and speculating about other outside opinion. It's hard to form a coherent understanding of whats being advocated

orignal my last question

orignal let's start from it

zzz this topic is not about right/wrong but software engineering tradeoffs

orignal not really, we are trying to understand your view

orignal techically as you said we don't care

zzz our view (not _my_ view), as we put up on IRC, zzz.i2p, twitter, release notes, reddit, and who knows where else, is "collateral damage, sorry, hopefully not too many"

orignal please answer that question

zzz "is it wrong?" is the question? my answer is above. software engineering tradeoffs

orignal so since you have a way to avoid such "collatral damage"

zzz attack mitigations are messy and inexact. we do the best we can.

orignal how could it help if i2pd node still let Tor routers to connect?

orignal nodes

orignal you can't convince even me

zzz that's the part I don't understand. you haven't explained how in detail, and haven't considered that i2pd != java i2p, just because you did something doesn't mean we can (at least easily)

orignal looks like the real goal was to ban all Tor exit nodes

zzz I don't need to convince you of anything. I'm engaging in a discussion with you, I'm not trying to convince you or "win"

orignal which part? how to detect a router connected through Tor?

zzz if you disagree, fine

orignal I need to convince guys

orignal because they are angry on you

zzz then do your best, I'm not going to spend half a day tryihng to convince people that are not here

zzz if they're angry maybe they aren't that smart after all :))

zzz just kidding. but seriously I don't get it.

orignal no, all I want you to admit that it was a mistake

orignal with these "collateral damage"

cumlord mwshbmti5vlpz2rtdp7jwetpgwu37h4uikmrgb7k6jh6ge53avca.b32.i2p/file/1/acFfQfJcNQPHBHVR

orignal that might have bigger consequence than you thought of

cumlord if it helps i ran through translate

orignal today's diescussion on dev?

zzz at this time I don't see a mistake, but I offered to do some review with eyedeekay later. you haven't explained any 'consequence' other than 'reputation' which also doesn't make much sense to me

orignal ok. I can explain

zzz if these guys are so smart and concerned about java i2p, I hope they can help review patches and MRs for us

orignal potential I2P users will think that you joined the copany against Tor

orignal that itslef is easy to answer

orignal that's because you where tired from fucking idiot sitting behind Tor

orignal but banning legitimate routers doesn't have reasonable explanation

orignal because the next queqtion would be "was it possibe to do without it?"

orignal and my answe would be "yes"

orignal that's about "reputation"

snex why dont we just have a whitelist of tor nodes that arent dickheads?

orignal guys are concerned about running i2pd on Tor exit nodes

orignal snex we need a whitelist of I2P routers sitting in Tor nodes

orignal that's part of my proposal

snex you dont even have to maintain lists, just require PoW if tor node

orignal btw "as we put up on IRC, zzz.i2p, twitter, release notes, reddit"

orignal one thing is missing here

orignal Telegram

orignal 90% of discussions are there

orignal in many channels

snex telegram is compromised

orignal snex don't need to

orignal just require IP/port in RI

orignal yes, but many people use it

orignal and come to I2P from there

zzz we reviewed the netdb before we implemented it, and found no i2p routers on tor exit nodes

orignal I will ask rany

orignal and I remeber one guy in Telegram who run both

orignal and he even showed network activity graphs

zzz I get it, your argument is that 1) you (orignal) are reporting that 2) other people (vort/tetrimer) are concerned that 3) OTHER people on the internet will propagate a conspiracy theory about i2p being paid by NSA, hurting our reputation. So 4) we should change our technical decisions. Got it.

orignal Tor vs I2P traffic

orignal yes, pretty much like this

snex i didnt receive my NSA check...

orignal if you have more technical questions anbout my proposal you can ask

orignal snex no NSA is obsolete, zzz is paid by WEF directly ))

StormyCloud wait yall are getting paid for this? xD

snex i didnt get that check either

orignal StormyCloud people think so )))

zzz after the discussions in April, we discussed and combined the solutions from i2p+ and i2pd to design something that would work well.

orignal btw, StormyCloud I have just decline a commit about you

zzz it's not _exactly_ the same as what you do or what i2p+ does. we did the best we could with the info at the time

StormyCloud I saw, it was just for your documentation but *shrugs* no worries from my end.

orignal github.com/PurpleI2P/i2pd_docs_en/pull/98

orignal zzz, seems you forgot to invite me ))

zzz maybe we can do better, maybe not, but as of now I don't consider it a "mistake", even though it's not exactly the same as what i2pd does

orignal StormyCloud I'm not going to do it wothout your explicit permssion

orignal becauase your outproxy has nothing to do with i2pd

zzz a lot of it was here in this channel. Maybe not all.

orignal what i2pd does?

orignal checking published IP address with actual endpoint?

zzz yes, more or less

orignal wait

orignal do you check actual endpoint for incoming connection from a router or it's just by IP?

orignal ban

zzz we have multiple checks. belt+suspenders

orignal do you measure roundtrip time?

orignal I exclude slow connection from tunnels

orignal doesn't mater if it's Tor, shadowsocks or other proxies

orignal all slow connection go nowhere

zzz no

dr|z3d I wasn't implying anyone was an idiot, orignal. Not my intention. If I got your "they're all mentally ill on ilita" wrong, my bad.

dr|z3d "performance due to tor parasites is poor"

dr|z3d segfault gets it.

dr|z3d :)

orignal no he refers to the statement

orignal <segfault> ну формально тут написано

orignal <segfault> производительность из-за tor-паразитов плохая

orignal the whole statement

orignal actually it's not but this is another topic

dr|z3d poor performance, scope for abuse by hostile actors. not controversial, not difficult to understand.

orignal poor peromance of what?

orignal be aware about ipv6 -only routers

dr|z3d potential degradation of network performance.

orignal please explain how

orignal if Tor connection is only with them

orignal and no tunnels through such link

dr|z3d any connection to a router that's routed over Tor adds an additional 3 hops.

orignal and? every router does it

dr|z3d so my 3 hops + your 3 hops + Tor's 3 hops. 9 hops.

dr|z3d recipe for shit cake.

orignal yes but it's for them only

orignal why other's care?

orignal streams RTT with them is high. And?

dr|z3d if I'm using them in my tunnels, shit cake.

orignal as long as you don't build transit tunnels through such link the netwrok is fine

dr|z3d we don't.

dr|z3d :)

dr|z3d problem solved.

orignal but why would you use them in your tunnel?

orignal the only way you can connect with them

orignal if they connect to your directly

orignal so the only possibility for you if you pick them as a first hop

orignal just don't do it

orignal I measure RTT and bypass slow connection

dr|z3d if they're anywhere in the tunnel, either at my end or the destination side, then shit cake.

orignal please explain how can they be anywhere

orignal sonce you select them

dr|z3d that's a secondary consideration. the main consideration is we DO NOT WANT bad actors using Tor as camouflage to abuse the network.

orignal think about ipv6

dr|z3d I select my hops, but I don't select the destination's hops.

orignal what would be the next? Ban HE's range?

orignal but destaintion is in the same situation

orignal they can't pick such router for a tunnel

orignal because no way to connect to them

dr|z3d if they're U, which they likely are, they're still available in the network.

dr|z3d and of course when they're U, that's an additional hop.

orignal they are not just U

orignal they are U without introducers

orignal well if it's Tor they are NTCP2 only

dr|z3d sure, no UDP, no SSU.

orignal if they are shadowsocks they might have SSU2 but without introducers

orignal so the only way to pick them for a tunnel if they are connected to you

dr|z3d as I said earlier, network performance is secondary. The *primary* consideration is abuse.

dr|z3d And it was you that persuaded zzz to implement a Tor ban, not me, when you speculated about attacks earlier in the year being hidden behind Tor.

orignal and I said erlier, what about ipv6 only?

dr|z3d what about it?

orignal anyone can obtain HE tunnel anonymously

dr|z3d sure, we don't block Tor over IPv6.

orignal you see ipv6 address but you can't do too much with it

orignal not Tor

orignal just a router with ipv6 address

orignal ipv6 addresses are relatively anonymous

orignal attack is another story, we dicussed peromance degradation only

dr|z3d Attack vector is the primary motivation for blocking Tor.

orignal but again do you think that an adversay is so dumb that he can't obtain a HE tunnel?

orignal then HE is the next candidate ))

dr|z3d remind me, HE?

eyedeekay Who cares about one adversary? make the next one get a real computer at Hurricane Electric or whatever, but keep everybody from using Tor as an attack component obviously raises a meaningful barrier to attackers

orignal hurricane elecric

orignal they give you free ipv6 tunnel

dr|z3d what eyedeekay said.

orignal eyedeekay there is a group

orignal they will figure out quecily what to do next

dr|z3d we're not suggesting we've addressed all possible attack vectors.

dr|z3d close one door, another one opens.

orignal my point is that it doesn't solve the problem

dr|z3d the words "barrier to entry" are salient.

eyedeekay Sure, that makes sense, but it doesn't mean we should just make it easy for them, Tor is gratis, it's tooling is accessible and generic, makes a thing really easy

orignal also keep in mind yggdrasil

dr|z3d we don't support ygg.

dr|z3d that's your problem.

orignal well Tor is the problem becuase it's slow

orignal I suspect they throw shit through tunnels

orignal not directly

eyedeekay yggdrasil is to my mind a whole different story, you have the ability to open ports, listen on multiple addresses, your internal address is an artifact of a cryptographic key, lot more options to make yggdrasil work in a reasonable way IMO

orignal one can generate tons of ygg addresses

eyedeekay Sure, but they're also pretty linkable, you can set up yggdrasil, connect to one of those addresses, and usually see a real IP or at least an ISP

orignal please tell mine 202:cd42:5b06:f622:ece1:5653:779f:9f9e

orignal even approximately

snex whats the point of ygg if you can link a service with its IP

orignal idependent routing

orignal forever yours IP

snex cops banging your door in for hosting "bad things"

orignal don't host "bad thing" there

orignal use I2P over it

snex they redefine what "bad thing" is every 4 years or so

snex some countries are claiming that twitter is hosting "bad things"

orignal that's why you should use i2p

snex well yeah

orignal and ygg as transport

snex hence im asking whats the point of ygg

snex seems like a honeypot

orignal as I said indepent routing

orignal your IP doesn't depend on ISP

snex i2p has that

orignal furthermore it might work without ISP

orignal though another address in LAN for example

eyedeekay honeypot only if you're using it under very wrong impressions, it's about eventually managing the routing without the ISP, like orignal says

eyedeekay also simplifying the overall topology for people to work with

snex it reminds me of bitcoin vs monero

orignal anyway i2p over ygg is relatively popular

eyedeekay It's a bit more versatile than bitcoin, though, I haven't used it in a long time, but when I did I didn't actually connect to the rest of the yggdrasil network(Hyperborea? or is that cjdns?) at all, I just changed the config to let me connect to my own node and used it as a sort of portable LAN

eyedeekay bitcoin sort of implies you write stuff down on the blockchain, the analogous act of joining the larger network is not required in yggdrasil

eyedeekay And I admit, under the right circumstances, particularly ones contrived by an expert with a vested interest in using the config options that are available to route yggdrasil over other stuff, you could use it to hide your real IP, as I'm sure orignal has

orignal that my node is connected through a private peer

orignal from another guy

eyedeekay So yeah, yggdrasil is pretty versatile

eyedeekay I still maintain that yggdrasil is a meaningfully different than Tor for the purposes of attacks, and probably requires much more nuanced handling if it requires any

orignal someone has posted to kislitsa already

orignal kislitsa.i2p/i2p/89023/short

StormyCloud people will complain about anything

snex pls add i2p feature to make chocolate ice cream thx

dr|z3d well, the average users split image is amusing there orignal, if nothing else.

dr|z3d The "Sit on this" illustration made me laugh.

dr|z3d as for posting to kislitsa, oh noes. someone posted to a russian chan. oh noes!

dr|z3d only a month late relative to the original blog post.

orignal kislitsa is too popular

orignal ofc they have read today's dev