IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/08/22
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Xeha
+bak83_
+cumlord
+hk
+poriori
+profetikla
+uop23ip
Arch
DeltaOreo
FreeRider
Irc2PGuest10850
Irc2PGuest19353
Irc2PGuest23854
Irc2PGuest46029
Irc2PGuest48064
Meow
Nausicaa
Onn4l7h
Onn4|7h
Over
acetone_
anon4
anu
boonst
enoxa
glowie
mareki2pb
mittwerk
plap
shiver_
simprelay
solidx66
u5657_1
weko_
dr|z3d cumlord: I'll see your postman and raise you a postman ramble.i2p/f/Art/5505/the-postman
darius hi snex, wat is this bigmagnet and why is it an issue in one sentenec. i'm not on github and try to stay away from it like the plague, personally
dr|z3d it's a magnet about 3* the size of a normal magnet, throstle.
snex It’s a self hosted DHT indexer. The issue is to get them to add i2p support
darius <snex> way too many people trusting public servers like matrix.org <<<<pretty sure that was the whole point of matrix from the start, like mastodon, get ppl advertising the server while they are talking about the "type" of server
snex And since it has an api we can integrate it into snark if we want to go down that route
darius XMPP?
snex Xmpp is trash
snex It’s worse than irc
darius <snex> its easier to maintain a docker than keep documentation up to date, github does it all for you even <<< this could be why we have so many problems on planet earth
snex False
darius snex> "the only person who has ever asked me for support was doing a manual install" <<< sounds like one person doing things right :P
snex The problems are in dogshit like CrowdStrike that have ancient tooling
darius i think the opposite, that matrix is trash and xmpp just works, in its lightweight way. guess we just disagree *shrugs*
snex Xmpp you can’t even have same identity on multiple devices
darius you can tho, last time i checked its a thing that is extended onto xmpp
darius pretty sure mine runs it
darius people i know just use it from home, anyway
snex You can log in twice but the behavior is fucked up
snex You’ll see messages on one but not the other
snex In matrix messages are persisted and e2ee
snex You know like a real chat service
dr|z3d persisted until an op decides to delete them. that's either a blessing or a curse.
darius sounds like an implementation issue, i'll tell folk to be on the lookout for it, but as i said they either have a home or work only acct
snex It’s an issue inherent to xmpp protocol
snex There is only client side persistence
snex Messages are routed to the first peer that has a given identity
snex It’s sort of like how eepsite multi homing works
darius pretty sure there's an extension for this, but i need to check later, btw, did anyone get a chance to read any part here? undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html
dr|z3d I checked it worked, skimmed it.
dr|z3d It's a lot of work for what is essentially an icon, but hey, if it keeps you happy :)
dr|z3d register the site with reg.i2p and stats.i2p perhaps.
dr|z3d throstle.i2p is available.
darius saves resources (ie. fast load), is animated, is able to be colored in whatever way the person needs to suit their page
darius yeah it just an icon but those things help
darius also the inline variant hasn't been done afaik since the flat icon movement!
darius You should see the page from 2005 that i referenced, :P its cute, but yeah, pre-"material design"
darius that's what came up in the search i did.
darius should probably mention all this on the page too.
darius "i referenced" **in css**
darius referenced in *the* css
dr|z3d you might want to look at eyedeekay's railroad plugin.
dr|z3d good place to blog about stuff, easy install.
darius *thumbs up* will do, i think i'll add a section to the start THE PROBLEM, outlining what i've said above, thanks dr|z3d i think a properly outlined problem was missing, there is no money in rss as a medium, so assume the neglect has come from that.
darius Probably shouldnt have done this now, but i added a THE PROBLEM section and also added item (1) to COMING SOON
orignal guy, people say you are fucking idiots
orignal about this
orignal " If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each."
orignal please clarify
orignal if it's not a mistake in phrasing it's dumbest decision you have made
zzz re: i2cp, correct, you do not provide a published time in the requestvariableleaseset message. We use now().
zzz I just mentioned the setdate message in the handshake, that we use to set our clock skew on the client side, in case clock skew was the issue. But doesn't sound like it is.
orignal that confused me because you said that you use my time
orignal then it comes to another question
zzz yeah sorry I said 'in the handshake', == getdate/setdate. I was just thinking clock skew might be part of the problem
zzz that was before you fixed it
orignal we have to send leaseset request in LS1 format
zzz not really, just think of it as 'request format'
orignal then if exporation time and publshing time comes from different clocks we need some threshold
zzz we automatically select ls1 or ls2
orignal I can't get rid of LS1 because this format is used for I2CP
orignal my logic is
orignal I have a LS I create it and sign it somehow
orignal now I still need to keep LS1 code and milliseconds timestamps just for ICP
orignal *I2CP
zzz snark is generating a LS2: <orignal> at net.i2p.data.LeaseSet2.sign(LeaseSet2.java:616)
zzz we made that decision when we designed LS2: Use the same RequestVariableLeaseSet I2CP message. We didn't need a new one
orignal yes I know how it works
zzz just think of it as 'request format', not 'LS1 format'
orignal while request format is LS1 format not
orignal also I don't have a way to tell client to not produce LS1 leaseset
orignal I want to drop local LS1 support completely
zzz the client side should create LS2 if the router supports it
zzz well, if you're a floodfill, look and see how many LS1 you have in your netdb
orignal not that part
orignal only LeaseSets generated by me
orignal not someone's else
zzz well, unfortunately that's how I2CP works right now, that's the format of RequestVariableLeaseSet messages, that's how we did it. Maybe next time we need to change I2CP we can add it to the list
orignal RequestVariableLeaseSet2 should be introduced
orignal with proper format and timestamp in it
zzz maybe. but new i2cp messages are a big pain in the ass due to compatibility issues. My opinion, don't do it unless we have to.
orignal_ why can't you just sign LeaseSet?
orignal_ why do you need to generate it?
orignal_ on client side
orignal_ it doesn't make sense for me
zzz blame jrandom. the original design was the client did not trust its own router, and each side had its own keys
orignal so why can't we instroduce a message to sign just a buffer
orignal well it make sense that a client might even not have a s signing key, it can olly sign
orignal but everything else doesn't make sense
zzz sure, but stuff that doesnt' make sense is normal for a 23year old project ))
zzz you know what I'm going to say next: write a proposal ))
orignal disagree
orignal that's the reason you don't have I2CP based app
orignal beside yor own
orignal because requirement to create LS makes it dependent on all I2P code
zzz if you don't want to support I2CP, if it's too much trouble, or doesn't make sense, then don't. It's your project.
orignal unlike SAM for example
orignal no, I'm fine
orignal just telling you why I2CP is not as popular as SAM
zzz ofc
orignal cleint app sould know nothing about leasesets and other internals
zzz the real reason is there's no non-java libraries for i2cp AND streaming. I2CP came first, then SAM.
zzz right, SAM puts all the "hard parts" like LS and streaming on the "other side" to make it easy
orignal there are nunch of datagram-based projects
orignal that don't require streaming
zzz they might be good candidates for direct-to-i2cp then. Datagram-only might be easier on I2CP than on SAM.
zzz maybe. but worth evaluating both
orignal but LeaseSet requerement makes the idea worthless
zzz well, if you were developing a client-side I2CP implementation, maybe it's one of the harder parts to code, but I don't know if it's a showstopper
zzz doesn't really matter, nobody is doing it
zzz might be a good side project for eyedeekay in go, but he has a hundred side projects already ))
zzz dr|z3d, re: expired local leaseset message, I assume you mean you're seeing it on plus. Good luck with the bug hunting
zzz I reviewed my logs on two routers
zzz after I added the msg but before the fix, I was seeing several msgs/day
zzz in the ~2 weeks since I fixed it, I have zero messages on two routers
orignal if I developed a cleint side of I2CP it would required whole libi2pd for it
zzz yup
dr|z3d thanks for the moral support, zzz.
zzz yup. now that I have two weeks of testing, I'm going to shoot an email to eche asking him to try -2 on his irc server
orignal guys, about Tor. It really makes negative impression about i2p
orignal just read major's logs from #dev at ilita
orignal you were not supposed to do it this way
orignal that affects I2P users with outproxy
orignal if resistance to attack is ONLY purpose
dr|z3d what do you mean, orignal? how does blocking Tor impact outproxy users?
orignal <orignal> " If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each."
dr|z3d If I attempt to browse to an .onion address from an outproxy, absolutely no issue whatsoever.
orignal statemnt from 2.6.0 release
dr|z3d Yeah, I don't get what your problem is with the phrasing.
orignal this statment means
dr|z3d and you're a little late to the party.
orignal that if you ban I2P routers running on the same IP as Tor outproxy
orignal me? no
orignal people on dev care
orignal <Vort> не знал об этой новости. 1. выглядит как цензура. 2. + как признание неспособности защитить I2P без деанонимизации. 3. при всём этом, в сообщении нет никакого обоснования такого решения
orignal <segfault> Vort: к деду пришли люди с паяльником?
orignal sounds great, isn't it?
dr|z3d let them piss and moan. routing I2P over Tor gives us nothing but shitty connections.
orignal it affects only them
orignal those who runs I2P over Tor
dr|z3d oh well.
orignal thier hops only
dr|z3d we had this discussion several months ago.
orignal again if there is a hidden reason I don't know about
orignal than I give up
dr|z3d and your response regarding blocking Tor nodes was "up to zzz".
zzz I believe the original statement was mine, on zzz.i2p and twitter, possibly edited by eyedeekay for release notes; rewrite suggestions welcome
orignal so, let me clarify
orignal do you block I2P routers sitting on the same IP as Tor outproxy and publishing it?
orignal my repsonse was about guys connecting through Tor
dr|z3d Tor outproxy?
dr|z3d if the Tor outproxy is a Tor client, and not a Tor exit, then no blocking occurs.
orignal not running I2P router on the same IP as a Tor exit
orignal sorry exit
dr|z3d Blocking *only* occurs if the Tor node is an exit.
orignal I would never have supported such shit
dr|z3d you were informed well in advance. and in fact the impetus for the change came from you.
orignal again what if one runs I2P router in the same IP as Tor exit?
dr|z3d your theory was that an attack occuring at the time was being originated over Tor.
zzz yeah I thought we disussed this at length in May
dr|z3d we did, zzz.
orignal "attack over tor" means routers without IP and Tor exit endpoint
dr|z3d orignal's being "perfomative" for the logs :)
orignal is it not obvious?
zzz I also tweeted it which I'm sure orignal saw
orignal no I didn't see
orignal again
orignal that's the dumbesets decision you have made
orignal we discussed about router connected through Tor
dr|z3d right.
orignal and not from Tor exit node IPs
dr|z3d and a router connected over Tor exposes itself to the netdb as a tor exit ip.
orignal is the difference not obvious for you?
zzz how many people in the world does this affect? 5 or 10? not a lot
orignal <tetrimer> Судя по тому, что выходные ноды - Tor очень любят блокировать провайдеры по всему миру, здесь просто попытка вывести i2pd из-под безусловной блокировки.
orignal like this?
orignal it's not about affect
orignal it's about reputation
dr|z3d My Russian isn't that hot, you'll need to translate the relevant parts if you want me to read it, probably zzz too.
orignal people think you got blackmailed or something
orignal also Vort is asking about rationale
orignal use google translate
dr|z3d not in the mood to google translate. sorry.
orignal people need transparency
zzz dr|z3d has blocked tor for years. after the discussions in May, eyedeekay and I discussed it (in i2p-dev?) and made a final decision
orignal dr|z3d is not an "offical I2P"
dr|z3d I think plenty of that discussion happened here, and orignal was both present and somewhat vocal.
zzz have Vort look in major logs in May, maybe saltr, maybe i2p-dev, probably both
orignal he can do whatever he likes
orignal tell me the rationale you have taken than approach
orignal despite it's obvious to differentite routers connect through Tor and running on Tor's IP
dr|z3d routers hiding behind Tor have, in the past, and possibly currently, been used to attack the network.
orignal tell me, not him
zzz zzz.i2p post: "Just don't. It won't work well and it's bad for both projects."
orignal again they are very easy to recognize
dr|z3d also, routers running I2P over Tor are generally less reliable, slower, only provide one transport, and degrade the network.
orignal are you listening to me?
orignal the problem is not with router over Tor
zzz you're the one that told us to do it orignal based on the attacks. I'm confused why you've changed your mind
orignal the problem with routers on the same IP as Tor exit nodes
dr|z3d if you want to run an exit and I2P, you need to do it different ips.
dr|z3d no biggie.
orignal yes, I mean block user connected from Tor
dr|z3d you can't block Tor users without blocking exits.
orignal that;s what tetrimer said
orignal do you want me to repest second time?
dr|z3d repest away.
orignal Router with Tor's exit endpoint and without that IP in RI should be banned
orignal router connecting from Tor's exit IP and have it in RI are good
orignal guys, you are not noobs
orignal you are I2P developers
dr|z3d Router connects over Tor, router banned.
orignal I though it was obvious
dr|z3d Router no connect over Tor, router not banned.
dr|z3d Obvious.
dr|z3d And sane.
orignal router itself running on Tor's exit IP will be banned
dr|z3d Correct.
orignal while it doens't connect over Tor
dr|z3d Which is the intended behavior.
orignal and it's dumbest
dr|z3d well, as zzz said, that's an unfortunate side effect that doesn't affect many people.
orignal and it will make very negative PR effect to I2P
orignal period
orignal *** afk ***
orignal and again what;s wrong with my appoarch
dr|z3d not really, many people will appreciate the reduced exposure to dubious routers using Tor as a cover for theie attacks, and the better network performance.
orignal beside I'm not aware of something
orignal zzz please tell it clear
orignal why you wanted "side affect" rather than doing it clear way?
zzz we do both. belt+suspenders.
orignal no rationale for it
zzz would have been nice to get this feedback in May. It was pretty clear what we were doing, in tweets, zzz.i2p post, discussions here and in i2p-dev, and in release notes
orignal only grounds for conspirology
orignal then change it back and do it my way
zzz release notes are for a general audience, we're not going into details of attacks and respponses
orignal it's always nice to admit mistakes
zzz this is the first complaint
zzz we also consulted with StormyCloud in advance to make sure it did not affect his infrastructure
orignal router running on Tor exit IPs must be acceptable
orignal be bak in few hours
zzz thanks for the feedback
dr|z3d what's orignal proposing as an alternative method to block I2P over Tor? That's not clear to me.
zzz the same-ip checks (RI IP matches connected-from IP) that we also implemented a while ago, but are not a complete solution
zzz because they may put the tor IP in the RI, or (more likely) are publishing as firewalled, w/o an IP
zzz ditto the ip-hopper checks
dr|z3d right, so we just block Tor exits at source. Don't see an issue with it. If you really want to run Tor and I2P on the same ip, use i2pd.
dr|z3d sure, your router will be blocked by I2P/+, but hey, that's the price of progress :)
zzz I'm stumped on how this damages our "reputation", and I certainly didn't see any pushback on twitter or elsewhere
dr|z3d someone's got a bit too excited.
zzz first time i2pd has ever cared about java's "reputation" :)
dr|z3d actually, the second time, at least from orignal's pov. his other pet project is inclusivity, remember :)
zzz sigh. leave that be.
dr|z3d *** chuckles. ***
dr|z3d Word of the day: conspirology (courtesy of orignal)
darius i'm currently directing readers to instructions for setting up an eppsite the console has some unique content that is not on the stub help page, i suggest either putting the unique content on the help stub page also or give an id to the <h3>"Self-Host An I2P Site" so I can link to it directly. If you need any help with the former solution in terms of 'copy'writing i will do that.
darius i also added a white button example, and example on how to dynamically replace an svg with a png for browsers that don't handle svg, and updated a bunch of other stuff on the page
darius all very pertinent content
darius if anyone hasn't checked it out, pls do, i've tried to make it a fun page.
orignal zzz I thought about this too
orignal if it's an unknown router you put it on hold
orignal until you are able to connect to that IP/port
orignal first time about reputation? How many people truned away from I2P because that LGBT statement?
orignal because two versions of SAM 3.3?
orignal now, time for clarfification
orignal you blame me that I didn't participate that discussion
orignal true, becuase I didn't care
orignal because I don't see any negative impact to i2pd
orignal why now? because guys noticed and asked me wtf
orignal I asked you and got the answer like "none of your business"
orignal everybody can make a mistake, but admit it and change for the next release
orignal but no, you will stand of this dumb decision and end up same way as SAM 3.3
orignal since many people has noticed this it will be everywhere soon
orignal kislitsa, opennet, habr
zzz are you concerned about our reputation, or trying to damage it? We support your project and hope you will do the same for us.
orignal damage? where?
orignal please explain
zzz kislista, opennet, habr?
orignal what to do with me?
zzz I'm happy to review the performance of our attack mitigations with eyedeekay when we have a chance
orignal I'm not going to do anything for this
orignal but many people read #dev
zzz ok. thank you for your feedback
orignal and they didn't receive an answer
zzz is there anybody there that's actually affected by this? or is this just speculation?
orignal not at all
orignal but people are asking why is it
orignal and if they can trust i2p
zzz how does this sow mistrust?
orignal and it was not following someone's narrative
zzz I don't know about any narrative
orignal "world govemnent is try to shut down darknets"
zzz I don't generally take consipiracy theories into account when making technical decisions
orignal "they promote censorship, LGBT and mass migration"
orignal I know
orignal but what they think in two words "zzz works for NSA, FSB, SS, WEF, etc."
zzz these changes were carefully discussed, implemented, reviewed, tested, and announced
orignal no there were not
zzz fine, there's nothing I can do about that, and I'm not going to make technical changes based on conspiracies
orignal the discussion about to not let people connect from Tor
orignal yes or no?
zzz yes or no what?
orignal <orignal> the discussion about to not let people connect from Tor
orignal there was not discussion to ban Tor's exit node IPs
zzz yes it was discussed and announced. maybe you missed it? maybe it was in i2p-dev? I don't remember the details
orignal Ok. I have missed it
orignal my fault
orignal now guys noticed it
orignal time to fix it
orignal because there is a sloution without this "side effect"
zzz as I said above, belt+suspenders, no mitigation is perfect, that's why we have multiple things
orignal ok. so you answer is that you are not going to change back based on my proposal
dr|z3d you were party to the discussion, orignal. you were explicitly told by me that zzz was going to block Tor exit nodes.
dr|z3d as for a proposal, you haven't made one.
orignal dr|z3d let zzz answe
zzz I'm saying I'm fairly happy with what we have now, I don't understand your proposal fully, and perhaps eyedeekay and I can review how the current code is working and see if there's any improvements we can make
orignal so what is not clear in my proposal?
orignal you are happy, but you didn't answer people's question
zzz all of it. the what, and the why. you want us to ban only connections from tor if the IP is not in the RI? that's not easy for us
zzz this is not a courtroom
orignal people should be able to run legitimate router whereer they want
dr|z3d zzz, admit it, you're an NSA plant. make orignal's day :)
orignal including on Tor exit node
zzz you're throwing a bunch of stuff at me and demanding answers? I'm trying to work _with_ you and you're coming at me with accusations
dr|z3d joking aside, tone it done orignal, too much emotion, not enough rational.
orignal if you don't let people run routers on IPs from some list(Tor exit nodes) without rationale it smells bad
orignal dr|z3d go read full today's discussion on dev
zzz why are you so passionate about this when it doesn't affect you or anybody in #dev? it's an implementation decision.
orignal why? because people asked me
orignal and I didn't have an anwswer
zzz this is exhausting.
dr|z3d orignal: I don't care about whatever the conspirologists think on your irc network. You've already told us they're all mentally ill. All we need to know :)
orignal that's why I asked you and didn't get an answer either
orignal people on dev are not mentally ill
zzz answer: attack mitigation, carefully discussed/reviewed/implemented/tested
dr|z3d well, that's what you told us before.
orignal it was about ru
orignal zzz, do you have to ban IPs from the list?
orignal do you understand that one who controls this list can put the network down?
orignal easily
orignal in one click
zzz not true
orignal you comapre IP with that list
zzz we update the list manually and review it before checking in. it's not an automatic feed
orignal let's start from scratch
orignal manually or through SU3?
zzz why do you care so much if it doesn't affect you or anybody in #dev and it's not in your project?
zzz manually
orignal because I care about whole I2P project
orignal we try to promote it eveywhere
orignal to exaplain people why they should use I2P
orignal to convince that I2P is independent from current narrative
orignal but by that change you have sent very bad message
orignal to pptential users
zzz we do as well, and support your project too.
orignal right
zzz I disagree about the 'bad message' or the extent that implementation details can affect 'reputation', but I appreciate your comments
orignal but people like Vort and tetrimer are not complete idiots like dr|z3d claims
orignal they are very techical guys and want answers
orignal and I guess rany will be affected
orignal because he runs Tor exit node
zzz don't know tetrimer but I respect Vort. techical guys generally don't ask questions about conspiracies and reputation
orignal tetrimer is serious freesbd guy
orignal contributed a lot to mitognate last attack
zzz but as I said I can review the current implementation with eyedeekay and see if we can do any better
orignal reputation is my veiw
orignal then answer the simple question
orignal do you agree that not let people run an I2P router on a Tor exit node is wrong?
zzz that's part of the problem here is you're both trying to represent people that aren't here, and also adding your own views, and speculating about other outside opinion. It's hard to form a coherent understanding of whats being advocated
orignal my last question
orignal let's start from it
zzz this topic is not about right/wrong but software engineering tradeoffs
orignal not really, we are trying to understand your view
orignal techically as you said we don't care
zzz our view (not _my_ view), as we put up on IRC, zzz.i2p, twitter, release notes, reddit, and who knows where else, is "collateral damage, sorry, hopefully not too many"
orignal please answer that question
zzz "is it wrong?" is the question? my answer is above. software engineering tradeoffs
orignal so since you have a way to avoid such "collatral damage"
zzz attack mitigations are messy and inexact. we do the best we can.
orignal how could it help if i2pd node still let Tor routers to connect?
orignal nodes
orignal you can't convince even me
zzz that's the part I don't understand. you haven't explained how in detail, and haven't considered that i2pd != java i2p, just because you did something doesn't mean we can (at least easily)
orignal looks like the real goal was to ban all Tor exit nodes
zzz I don't need to convince you of anything. I'm engaging in a discussion with you, I'm not trying to convince you or "win"
orignal which part? how to detect a router connected through Tor?
zzz if you disagree, fine
orignal I need to convince guys
orignal because they are angry on you
zzz then do your best, I'm not going to spend half a day tryihng to convince people that are not here
zzz if they're angry maybe they aren't that smart after all :))
zzz just kidding. but seriously I don't get it.
orignal no, all I want you to admit that it was a mistake
orignal with these "collateral damage"
orignal that might have bigger consequence than you thought of
cumlord if it helps i ran through translate
orignal today's diescussion on dev?
zzz at this time I don't see a mistake, but I offered to do some review with eyedeekay later. you haven't explained any 'consequence' other than 'reputation' which also doesn't make much sense to me
orignal ok. I can explain
zzz if these guys are so smart and concerned about java i2p, I hope they can help review patches and MRs for us
orignal potential I2P users will think that you joined the copany against Tor
orignal that itslef is easy to answer
orignal that's because you where tired from fucking idiot sitting behind Tor
orignal but banning legitimate routers doesn't have reasonable explanation
orignal because the next queqtion would be "was it possibe to do without it?"
orignal and my answe would be "yes"
orignal that's about "reputation"
snex why dont we just have a whitelist of tor nodes that arent dickheads?
orignal guys are concerned about running i2pd on Tor exit nodes
orignal snex we need a whitelist of I2P routers sitting in Tor nodes
orignal that's part of my proposal
snex you dont even have to maintain lists, just require PoW if tor node
orignal btw "as we put up on IRC, zzz.i2p, twitter, release notes, reddit"
orignal one thing is missing here
orignal Telegram
orignal 90% of discussions are there
orignal in many channels
snex telegram is compromised
orignal snex don't need to
orignal just require IP/port in RI
orignal yes, but many people use it
orignal and come to I2P from there
zzz we reviewed the netdb before we implemented it, and found no i2p routers on tor exit nodes
orignal I will ask rany
orignal and I remeber one guy in Telegram who run both
orignal and he even showed network activity graphs
zzz I get it, your argument is that 1) you (orignal) are reporting that 2) other people (vort/tetrimer) are concerned that 3) OTHER people on the internet will propagate a conspiracy theory about i2p being paid by NSA, hurting our reputation. So 4) we should change our technical decisions. Got it.
orignal Tor vs I2P traffic
orignal yes, pretty much like this
snex i didnt receive my NSA check...
orignal if you have more technical questions anbout my proposal you can ask
orignal snex no NSA is obsolete, zzz is paid by WEF directly ))
StormyCloud wait yall are getting paid for this? xD
snex i didnt get that check either
orignal StormyCloud people think so )))
zzz after the discussions in April, we discussed and combined the solutions from i2p+ and i2pd to design something that would work well.
orignal btw, StormyCloud I have just decline a commit about you
zzz it's not _exactly_ the same as what you do or what i2p+ does. we did the best we could with the info at the time
StormyCloud I saw, it was just for your documentation but *shrugs* no worries from my end.
orignal zzz, seems you forgot to invite me ))
zzz maybe we can do better, maybe not, but as of now I don't consider it a "mistake", even though it's not exactly the same as what i2pd does
orignal StormyCloud I'm not going to do it wothout your explicit permssion
orignal becauase your outproxy has nothing to do with i2pd
zzz a lot of it was here in this channel. Maybe not all.
orignal what i2pd does?
orignal checking published IP address with actual endpoint?
zzz yes, more or less
orignal do you check actual endpoint for incoming connection from a router or it's just by IP?
zzz we have multiple checks. belt+suspenders
orignal do you measure roundtrip time?
orignal I exclude slow connection from tunnels
orignal doesn't mater if it's Tor, shadowsocks or other proxies
orignal all slow connection go nowhere
dr|z3d I wasn't implying anyone was an idiot, orignal. Not my intention. If I got your "they're all mentally ill on ilita" wrong, my bad.
dr|z3d "performance due to tor parasites is poor"
dr|z3d segfault gets it.
orignal no he refers to the statement
orignal <segfault> ну формально тут написано
orignal <segfault> производительность из-за tor-паразитов плохая
orignal the whole statement
orignal actually it's not but this is another topic
dr|z3d poor performance, scope for abuse by hostile actors. not controversial, not difficult to understand.
orignal poor peromance of what?
orignal be aware about ipv6 -only routers
dr|z3d potential degradation of network performance.
orignal please explain how
orignal if Tor connection is only with them
orignal and no tunnels through such link
dr|z3d any connection to a router that's routed over Tor adds an additional 3 hops.
orignal and? every router does it
dr|z3d so my 3 hops + your 3 hops + Tor's 3 hops. 9 hops.
dr|z3d recipe for shit cake.
orignal yes but it's for them only
orignal why other's care?
orignal streams RTT with them is high. And?
dr|z3d if I'm using them in my tunnels, shit cake.
orignal as long as you don't build transit tunnels through such link the netwrok is fine
dr|z3d we don't.
dr|z3d problem solved.
orignal but why would you use them in your tunnel?
orignal the only way you can connect with them
orignal if they connect to your directly
orignal so the only possibility for you if you pick them as a first hop
orignal just don't do it
orignal I measure RTT and bypass slow connection
dr|z3d if they're anywhere in the tunnel, either at my end or the destination side, then shit cake.
orignal please explain how can they be anywhere
orignal sonce you select them
dr|z3d that's a secondary consideration. the main consideration is we DO NOT WANT bad actors using Tor as camouflage to abuse the network.
orignal think about ipv6
dr|z3d I select my hops, but I don't select the destination's hops.
orignal what would be the next? Ban HE's range?
orignal but destaintion is in the same situation
orignal they can't pick such router for a tunnel
orignal because no way to connect to them
dr|z3d if they're U, which they likely are, they're still available in the network.
dr|z3d and of course when they're U, that's an additional hop.
orignal they are not just U
orignal they are U without introducers
orignal well if it's Tor they are NTCP2 only
dr|z3d sure, no UDP, no SSU.
orignal if they are shadowsocks they might have SSU2 but without introducers
orignal so the only way to pick them for a tunnel if they are connected to you
dr|z3d as I said earlier, network performance is secondary. The *primary* consideration is abuse.
dr|z3d And it was you that persuaded zzz to implement a Tor ban, not me, when you speculated about attacks earlier in the year being hidden behind Tor.
orignal and I said erlier, what about ipv6 only?
dr|z3d what about it?
orignal anyone can obtain HE tunnel anonymously
dr|z3d sure, we don't block Tor over IPv6.
orignal you see ipv6 address but you can't do too much with it
orignal not Tor
orignal just a router with ipv6 address
orignal ipv6 addresses are relatively anonymous
orignal attack is another story, we dicussed peromance degradation only
dr|z3d Attack vector is the primary motivation for blocking Tor.
orignal but again do you think that an adversay is so dumb that he can't obtain a HE tunnel?
orignal then HE is the next candidate ))
dr|z3d remind me, HE?
eyedeekay Who cares about one adversary? make the next one get a real computer at Hurricane Electric or whatever, but keep everybody from using Tor as an attack component obviously raises a meaningful barrier to attackers
orignal hurricane elecric
orignal they give you free ipv6 tunnel
dr|z3d what eyedeekay said.
orignal eyedeekay there is a group
orignal they will figure out quecily what to do next
dr|z3d we're not suggesting we've addressed all possible attack vectors.
dr|z3d close one door, another one opens.
orignal my point is that it doesn't solve the problem
dr|z3d the words "barrier to entry" are salient.
eyedeekay Sure, that makes sense, but it doesn't mean we should just make it easy for them, Tor is gratis, it's tooling is accessible and generic, makes a thing really easy
orignal also keep in mind yggdrasil
dr|z3d we don't support ygg.
dr|z3d that's your problem.
orignal well Tor is the problem becuase it's slow
orignal I suspect they throw shit through tunnels
orignal not directly
eyedeekay yggdrasil is to my mind a whole different story, you have the ability to open ports, listen on multiple addresses, your internal address is an artifact of a cryptographic key, lot more options to make yggdrasil work in a reasonable way IMO
orignal one can generate tons of ygg addresses
eyedeekay Sure, but they're also pretty linkable, you can set up yggdrasil, connect to one of those addresses, and usually see a real IP or at least an ISP
orignal please tell mine 202:cd42:5b06:f622:ece1:5653:779f:9f9e
orignal even approximately
snex whats the point of ygg if you can link a service with its IP
orignal idependent routing
orignal forever yours IP
snex cops banging your door in for hosting "bad things"
orignal don't host "bad thing" there
orignal use I2P over it
snex they redefine what "bad thing" is every 4 years or so
snex some countries are claiming that twitter is hosting "bad things"
orignal that's why you should use i2p
snex well yeah
orignal and ygg as transport
snex hence im asking whats the point of ygg
snex seems like a honeypot
orignal as I said indepent routing
orignal your IP doesn't depend on ISP
snex i2p has that
orignal furthermore it might work without ISP
orignal though another address in LAN for example
eyedeekay honeypot only if you're using it under very wrong impressions, it's about eventually managing the routing without the ISP, like orignal says
eyedeekay also simplifying the overall topology for people to work with
snex it reminds me of bitcoin vs monero
orignal anyway i2p over ygg is relatively popular
eyedeekay It's a bit more versatile than bitcoin, though, I haven't used it in a long time, but when I did I didn't actually connect to the rest of the yggdrasil network(Hyperborea? or is that cjdns?) at all, I just changed the config to let me connect to my own node and used it as a sort of portable LAN
eyedeekay bitcoin sort of implies you write stuff down on the blockchain, the analogous act of joining the larger network is not required in yggdrasil
eyedeekay And I admit, under the right circumstances, particularly ones contrived by an expert with a vested interest in using the config options that are available to route yggdrasil over other stuff, you could use it to hide your real IP, as I'm sure orignal has
orignal that my node is connected through a private peer
orignal from another guy
eyedeekay So yeah, yggdrasil is pretty versatile
eyedeekay I still maintain that yggdrasil is a meaningfully different than Tor for the purposes of attacks, and probably requires much more nuanced handling if it requires any
orignal someone has posted to kislitsa already
StormyCloud people will complain about anything
snex pls add i2p feature to make chocolate ice cream thx
dr|z3d well, the average users split image is amusing there orignal, if nothing else.
dr|z3d The "Sit on this" illustration made me laugh.
dr|z3d as for posting to kislitsa, oh noes. someone posted to a russian chan. oh noes!
dr|z3d only a month late relative to the original blog post.
orignal kislitsa is too popular
orignal ofc they have read today's dev