~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@T3s|4_
@eyedeekay
@not_bob
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Over
+Xeha
+acetone
+bak83
+cumlord
+hk
+onon_
+poriori
+profetikla
+r00tobo_BNC
+uop23ip
+weko
An0nm0n
Arch
Danny
DeltaOreo
Irc2PGuest53061
Irc2PGuest57148
Irc2PGuest60340
Meow
Nausicaa
Onn4l7h
Onn4|7h
anon3
anu3
boonst
cancername
carried6590
mareki2pb
plap
shiver_
simprelay
solidx66
thetia
u5657
dr|z3d
cumlord: I'll see your postman and raise you a postman ramble.i2p/f/Art/5505/the-postman
darius
hi snex, wat is this bigmagnet and why is it an issue in one sentenec. i'm not on github and try to stay away from it like the plague, personally
dr|z3d
it's a magnet about 3* the size of a normal magnet, throstle.
dr|z3d
see also: bitmagnet.io
snex
It’s a self hosted DHT indexer. The issue is to get them to add i2p support
darius
<snex> way too many people trusting public servers like matrix.org <<<<pretty sure that was the whole point of matrix from the start, like mastodon, get ppl advertising the server while they are talking about the "type" of server
snex
And since it has an api we can integrate it into snark if we want to go down that route
darius
XMPP?
snex
Xmpp is trash
snex
It’s worse than irc
darius
<snex> its easier to maintain a docker than keep documentation up to date, github does it all for you even <<< this could be why we have so many problems on planet earth
snex
False
darius
snex> "the only person who has ever asked me for support was doing a manual install" <<< sounds like one person doing things right :P
snex
The problems are in dogshit like CrowdStrike that have ancient tooling
darius
i think the opposite, that matrix is trash and xmpp just works, in its lightweight way. guess we just disagree *shrugs*
snex
Xmpp you can’t even have same identity on multiple devices
darius
you can tho, last time i checked its a thing that is extended onto xmpp
darius
pretty sure mine runs it
darius
people i know just use it from home, anyway
snex
You can log in twice but the behavior is fucked up
snex
You’ll see messages on one but not the other
snex
In matrix messages are persisted and e2ee
snex
You know like a real chat service
dr|z3d
persisted until an op decides to delete them. that's either a blessing or a curse.
darius
sounds like an implementation issue, i'll tell folk to be on the lookout for it, but as i said they either have a home or work only acct
snex
It’s an issue inherent to xmpp protocol
snex
There is only client side persistence
snex
Messages are routed to the first peer that has a given identity
snex
It’s sort of like how eepsite multi homing works
darius
pretty sure there's an extension for this, but i need to check later, btw, did anyone get a chance to read any part here? undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html
dr|z3d
I checked it worked, skimmed it.
dr|z3d
It's a lot of work for what is essentially an icon, but hey, if it keeps you happy :)
dr|z3d
register the site with reg.i2p and stats.i2p perhaps.
dr|z3d
throstle.i2p is available.
darius
saves resources (ie. fast load), is animated, is able to be colored in whatever way the person needs to suit their page
darius
yeah it just an icon but those things help
darius
also the inline variant hasn't been done afaik since the flat icon movement!
darius
You should see the page from 2005 that i referenced, :P its cute, but yeah, pre-"material design"
darius
that's what came up in the search i did.
darius
should probably mention all this on the page too.
darius
"i referenced" **in css**
darius
referenced in *the* css
dr|z3d
you might want to look at eyedeekay's railroad plugin.
dr|z3d
good place to blog about stuff, easy install.
darius
*thumbs up* will do, i think i'll add a section to the start THE PROBLEM, outlining what i've said above, thanks dr|z3d i think a properly outlined problem was missing, there is no money in rss as a medium, so assume the neglect has come from that.
darius
Probably shouldnt have done this now, but i added a THE PROBLEM section and also added item (1) to COMING SOON
darius
undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html
orignal
guy, people say you are fucking idiots
orignal
about this
orignal
" If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each."
orignal
please clarify
orignal
if it's not a mistake in phrasing it's dumbest decision you have made
zzz
re: i2cp, correct, you do not provide a published time in the requestvariableleaseset message. We use now().
zzz
I just mentioned the setdate message in the handshake, that we use to set our clock skew on the client side, in case clock skew was the issue. But doesn't sound like it is.
orignal
that confused me because you said that you use my time
orignal
then it comes to another question
zzz
yeah sorry I said 'in the handshake', == getdate/setdate. I was just thinking clock skew might be part of the problem
zzz
that was before you fixed it
orignal
we have to send leaseset request in LS1 format
zzz
not really, just think of it as 'request format'
orignal
then if exporation time and publshing time comes from different clocks we need some threshold
zzz
we automatically select ls1 or ls2
orignal
I can't get rid of LS1 because this format is used for I2CP
orignal
my logic is
orignal
I have a LS I create it and sign it somehow
orignal
now I still need to keep LS1 code and milliseconds timestamps just for ICP
orignal
*I2CP
zzz
snark is generating a LS2: <orignal> at net.i2p.data.LeaseSet2.sign(LeaseSet2.java:616)
zzz
we made that decision when we designed LS2: Use the same RequestVariableLeaseSet I2CP message. We didn't need a new one
orignal
yes I know how it works
zzz
just think of it as 'request format', not 'LS1 format'
orignal
while request format is LS1 format not
orignal
also I don't have a way to tell client to not produce LS1 leaseset
orignal
I want to drop local LS1 support completely
zzz
the client side should create LS2 if the router supports it
zzz
well, if you're a floodfill, look and see how many LS1 you have in your netdb
orignal
not that part
orignal
only LeaseSets generated by me
orignal
not someone's else
zzz
well, unfortunately that's how I2CP works right now, that's the format of RequestVariableLeaseSet messages, that's how we did it. Maybe next time we need to change I2CP we can add it to the list
orignal
RequestVariableLeaseSet2 should be introduced
orignal
with proper format and timestamp in it
zzz
maybe. but new i2cp messages are a big pain in the ass due to compatibility issues. My opinion, don't do it unless we have to.
orignal_
why can't you just sign LeaseSet?
orignal_
why do you need to generate it?
orignal_
on client side
orignal_
it doesn't make sense for me
zzz
blame jrandom. the original design was the client did not trust its own router, and each side had its own keys
orignal
so why can't we instroduce a message to sign just a buffer
orignal
?
orignal
well it make sense that a client might even not have a s signing key, it can olly sign
orignal
but everything else doesn't make sense
zzz
sure, but stuff that doesnt' make sense is normal for a 23year old project ))
zzz
you know what I'm going to say next: write a proposal ))
orignal
disagree
orignal
that's the reason you don't have I2CP based app
orignal
beside yor own
orignal
because requirement to create LS makes it dependent on all I2P code
zzz
if you don't want to support I2CP, if it's too much trouble, or doesn't make sense, then don't. It's your project.
orignal
unlike SAM for example
orignal
no, I'm fine
orignal
just telling you why I2CP is not as popular as SAM
zzz
ofc
orignal
cleint app sould know nothing about leasesets and other internals
zzz
the real reason is there's no non-java libraries for i2cp AND streaming. I2CP came first, then SAM.
zzz
right, SAM puts all the "hard parts" like LS and streaming on the "other side" to make it easy
orignal
there are nunch of datagram-based projects
orignal
that don't require streaming
zzz
they might be good candidates for direct-to-i2cp then. Datagram-only might be easier on I2CP than on SAM.
zzz
maybe. but worth evaluating both
orignal
but LeaseSet requerement makes the idea worthless
zzz
well, if you were developing a client-side I2CP implementation, maybe it's one of the harder parts to code, but I don't know if it's a showstopper
zzz
doesn't really matter, nobody is doing it
zzz
might be a good side project for eyedeekay in go, but he has a hundred side projects already ))
zzz
dr|z3d, re: expired local leaseset message, I assume you mean you're seeing it on plus. Good luck with the bug hunting
zzz
I reviewed my logs on two routers
zzz
after I added the msg but before the fix, I was seeing several msgs/day
zzz
in the ~2 weeks since I fixed it, I have zero messages on two routers
orignal
if I developed a cleint side of I2CP it would required whole libi2pd for it
zzz
yup
dr|z3d
thanks for the moral support, zzz.
zzz
yup. now that I have two weeks of testing, I'm going to shoot an email to eche asking him to try -2 on his irc server
orignal
guys, about Tor. It really makes negative impression about i2p
orignal
just read major's logs from #dev at ilita
orignal
you were not supposed to do it this way
orignal
that affects I2P users with outproxy
orignal
if resistance to attack is ONLY purpose
dr|z3d
what do you mean, orignal? how does blocking Tor impact outproxy users?
orignal
<orignal> " If you are a helpful person running both a Tor Exit and I2P we encourage you to continue to do so, using different IP addresses for each."
dr|z3d
If I attempt to browse to an .onion address from an outproxy, absolutely no issue whatsoever.
orignal
statemnt from 2.6.0 release
dr|z3d
Yeah, I don't get what your problem is with the phrasing.
orignal
this statment means
dr|z3d
and you're a little late to the party.
orignal
that if you ban I2P routers running on the same IP as Tor outproxy
orignal
me? no
orignal
people on dev care
orignal
<Vort> не знал об этой новости. 1. выглядит как цензура. 2. + как признание неспособности защитить I2P без деанонимизации. 3. при всём этом, в сообщении нет никакого обоснования такого решения
orignal
<segfault> Vort: к деду пришли люди с паяльником?
orignal
sounds great, isn't it?
dr|z3d
let them piss and moan. routing I2P over Tor gives us nothing but shitty connections.
orignal
it affects only them
orignal
those who runs I2P over Tor
dr|z3d
oh well.
orignal
thier hops only
dr|z3d
we had this discussion several months ago.
orignal
again if there is a hidden reason I don't know about
orignal
than I give up
dr|z3d
and your response regarding blocking Tor nodes was "up to zzz".
zzz
I believe the original statement was mine, on zzz.i2p and twitter, possibly edited by eyedeekay for release notes; rewrite suggestions welcome
orignal
so, let me clarify
orignal
do you block I2P routers sitting on the same IP as Tor outproxy and publishing it?
zzz
zzz.i2p/topics/3637 (3 months ago)
orignal
my repsonse was about guys connecting through Tor
dr|z3d
Tor outproxy?
dr|z3d
if the Tor outproxy is a Tor client, and not a Tor exit, then no blocking occurs.
orignal
not running I2P router on the same IP as a Tor exit
orignal
sorry exit
dr|z3d
Blocking *only* occurs if the Tor node is an exit.
orignal
I would never have supported such shit
dr|z3d
you were informed well in advance. and in fact the impetus for the change came from you.
orignal
again what if one runs I2P router in the same IP as Tor exit?
dr|z3d
your theory was that an attack occuring at the time was being originated over Tor.
zzz
yeah I thought we disussed this at length in May
dr|z3d
we did, zzz.
orignal
"attack over tor" means routers without IP and Tor exit endpoint
dr|z3d
orignal's being "perfomative" for the logs :)
orignal
is it not obvious?
zzz
I also tweeted it which I'm sure orignal saw
orignal
no I didn't see
orignal
again
orignal
that's the dumbesets decision you have made
orignal
we discussed about router connected through Tor
dr|z3d
right.
orignal
and not from Tor exit node IPs
dr|z3d
and a router connected over Tor exposes itself to the netdb as a tor exit ip.
orignal
is the difference not obvious for you?
zzz
how many people in the world does this affect? 5 or 10? not a lot
orignal
<tetrimer> Судя по тому, что выходные ноды - Tor очень любят блокировать провайдеры по всему миру, здесь просто попытка вывести i2pd из-под безусловной блокировки.
orignal
like this?
orignal
it's not about affect
orignal
it's about reputation
dr|z3d
My Russian isn't that hot, you'll need to translate the relevant parts if you want me to read it, probably zzz too.
orignal
people think you got blackmailed or something
orignal
also Vort is asking about rationale
orignal
use google translate
dr|z3d
not in the mood to google translate. sorry.
orignal
people need transparency
zzz
dr|z3d has blocked tor for years. after the discussions in May, eyedeekay and I discussed it (in i2p-dev?) and made a final decision
orignal
dr|z3d is not an "offical I2P"
dr|z3d
I think plenty of that discussion happened here, and orignal was both present and somewhat vocal.
zzz
have Vort look in major logs in May, maybe saltr, maybe i2p-dev, probably both
orignal
he can do whatever he likes
orignal
tell me the rationale you have taken than approach
orignal
despite it's obvious to differentite routers connect through Tor and running on Tor's IP
dr|z3d
routers hiding behind Tor have, in the past, and possibly currently, been used to attack the network.
orignal
tell me, not him
zzz
zzz.i2p post: "Just don't. It won't work well and it's bad for both projects."
orignal
again they are very easy to recognize
dr|z3d
also, routers running I2P over Tor are generally less reliable, slower, only provide one transport, and degrade the network.
orignal
are you listening to me?
orignal
the problem is not with router over Tor
zzz
you're the one that told us to do it orignal based on the attacks. I'm confused why you've changed your mind
orignal
the problem with routers on the same IP as Tor exit nodes
dr|z3d
if you want to run an exit and I2P, you need to do it different ips.
dr|z3d
no biggie.
orignal
yes, I mean block user connected from Tor
dr|z3d
you can't block Tor users without blocking exits.
orignal
that;s what tetrimer said
orignal
do you want me to repest second time?
dr|z3d
repest away.
dr|z3d
:)
orignal
Router with Tor's exit endpoint and without that IP in RI should be banned
orignal
router connecting from Tor's exit IP and have it in RI are good
orignal
guys, you are not noobs
orignal
you are I2P developers
dr|z3d
Router connects over Tor, router banned.
orignal
I though it was obvious
dr|z3d
Router no connect over Tor, router not banned.
dr|z3d
Obvious.
dr|z3d
And sane.
orignal
no
orignal
router itself running on Tor's exit IP will be banned
dr|z3d
Correct.
orignal
while it doens't connect over Tor
dr|z3d
Which is the intended behavior.
orignal
and it's dumbest
dr|z3d
well, as zzz said, that's an unfortunate side effect that doesn't affect many people.
orignal
and it will make very negative PR effect to I2P
orignal
period
orignal
*** afk ***
orignal
and again what;s wrong with my appoarch
dr|z3d
not really, many people will appreciate the reduced exposure to dubious routers using Tor as a cover for theie attacks, and the better network performance.
orignal
beside I'm not aware of something
orignal
zzz please tell it clear
orignal
why you wanted "side affect" rather than doing it clear way?
zzz
we do both. belt+suspenders.
orignal
no rationale for it
zzz
would have been nice to get this feedback in May. It was pretty clear what we were doing, in tweets, zzz.i2p post, discussions here and in i2p-dev, and in release notes
orignal
only grounds for conspirology
orignal
then change it back and do it my way
zzz
release notes are for a general audience, we're not going into details of attacks and respponses
orignal
it's always nice to admit mistakes
zzz
this is the first complaint
zzz
we also consulted with StormyCloud in advance to make sure it did not affect his infrastructure
orignal
router running on Tor exit IPs must be acceptable
orignal
be bak in few hours
zzz
thanks for the feedback
dr|z3d
what's orignal proposing as an alternative method to block I2P over Tor? That's not clear to me.
zzz
the same-ip checks (RI IP matches connected-from IP) that we also implemented a while ago, but are not a complete solution
zzz
because they may put the tor IP in the RI, or (more likely) are publishing as firewalled, w/o an IP
zzz
ditto the ip-hopper checks
dr|z3d
right, so we just block Tor exits at source. Don't see an issue with it. If you really want to run Tor and I2P on the same ip, use i2pd.
dr|z3d
sure, your router will be blocked by I2P/+, but hey, that's the price of progress :)
zzz
I'm stumped on how this damages our "reputation", and I certainly didn't see any pushback on twitter or elsewhere
dr|z3d
someone's got a bit too excited.
zzz
first time i2pd has ever cared about java's "reputation" :)
dr|z3d
actually, the second time, at least from orignal's pov. his other pet project is inclusivity, remember :)
zzz
sigh. leave that be.
dr|z3d
*** chuckles. ***
dr|z3d
Word of the day: conspirology (courtesy of orignal)
darius
i'm currently directing readers to instructions for setting up an eppsite the console has some unique content that is not on the stub help page, i suggest either putting the unique content on the help stub page also or give an id to the <h3>"Self-Host An I2P Site" so I can link to it directly. If you need any help with the former solution in terms of 'copy'writing i will do that.
darius
i also added a white button example, and example on how to dynamically replace an svg with a png for browsers that don't handle svg, and updated a bunch of other stuff on the page
darius
undrss2l4ynldtgjjahsd2bx5oapy2vw75cowsusu5pncz76sqga.b32.i2p/rss-button-using-div-corners.html
darius
all very pertinent content
darius
if anyone hasn't checked it out, pls do, i've tried to make it a fun page.
orignal
zzz I thought about this too
orignal
if it's an unknown router you put it on hold
orignal
until you are able to connect to that IP/port
orignal
first time about reputation? How many people truned away from I2P because that LGBT statement?
orignal
because two versions of SAM 3.3?
orignal
now, time for clarfification
orignal
you blame me that I didn't participate that discussion
orignal
true, becuase I didn't care
orignal
because I don't see any negative impact to i2pd
orignal
why now? because guys noticed and asked me wtf
orignal
I asked you and got the answer like "none of your business"
orignal
everybody can make a mistake, but admit it and change for the next release
orignal
but no, you will stand of this dumb decision and end up same way as SAM 3.3
orignal
since many people has noticed this it will be everywhere soon
orignal
kislitsa, opennet, habr
zzz
are you concerned about our reputation, or trying to damage it? We support your project and hope you will do the same for us.
orignal
damage? where?
orignal
please explain
zzz
kislista, opennet, habr?
orignal
what to do with me?
zzz
I'm happy to review the performance of our attack mitigations with eyedeekay when we have a chance
orignal
I'm not going to do anything for this
orignal
but many people read #dev
zzz
ok. thank you for your feedback
orignal
and they didn't receive an answer
zzz
is there anybody there that's actually affected by this? or is this just speculation?
orignal
not at all
orignal
but people are asking why is it
orignal
and if they can trust i2p
zzz
how does this sow mistrust?
orignal
and it was not following someone's narrative
zzz
I don't know about any narrative
orignal
"world govemnent is try to shut down darknets"
zzz
I don't generally take consipiracy theories into account when making technical decisions
orignal
"they promote censorship, LGBT and mass migration"
orignal
I know
orignal
but what they think in two words "zzz works for NSA, FSB, SS, WEF, etc."
zzz
these changes were carefully discussed, implemented, reviewed, tested, and announced
orignal
no there were not
zzz
fine, there's nothing I can do about that, and I'm not going to make technical changes based on conspiracies
orignal
the discussion about to not let people connect from Tor
orignal
yes or no?
zzz
yes or no what?
orignal
<orignal> the discussion about to not let people connect from Tor
orignal
there was not discussion to ban Tor's exit node IPs
zzz
yes it was discussed and announced. maybe you missed it? maybe it was in i2p-dev? I don't remember the details
orignal
Ok. I have missed it
orignal
my fault
orignal
now guys noticed it
orignal
time to fix it
orignal
because there is a sloution without this "side effect"
zzz
as I said above, belt+suspenders, no mitigation is perfect, that's why we have multiple things
orignal
ok. so you answer is that you are not going to change back based on my proposal
orignal
?
dr|z3d
you were party to the discussion, orignal. you were explicitly told by me that zzz was going to block Tor exit nodes.
dr|z3d
as for a proposal, you haven't made one.
orignal
dr|z3d let zzz answe
zzz
I'm saying I'm fairly happy with what we have now, I don't understand your proposal fully, and perhaps eyedeekay and I can review how the current code is working and see if there's any improvements we can make
orignal
so what is not clear in my proposal?
orignal
you are happy, but you didn't answer people's question
zzz
all of it. the what, and the why. you want us to ban only connections from tor if the IP is not in the RI? that's not easy for us
zzz
this is not a courtroom
orignal
people should be able to run legitimate router whereer they want
dr|z3d
zzz, admit it, you're an NSA plant. make orignal's day :)
orignal
including on Tor exit node
zzz
you're throwing a bunch of stuff at me and demanding answers? I'm trying to work _with_ you and you're coming at me with accusations
dr|z3d
joking aside, tone it done orignal, too much emotion, not enough rational.
orignal
if you don't let people run routers on IPs from some list(Tor exit nodes) without rationale it smells bad
orignal
dr|z3d go read full today's discussion on dev
zzz
why are you so passionate about this when it doesn't affect you or anybody in #dev? it's an implementation decision.
orignal
why? because people asked me
orignal
and I didn't have an anwswer
zzz
this is exhausting.
dr|z3d
orignal: I don't care about whatever the conspirologists think on your irc network. You've already told us they're all mentally ill. All we need to know :)
orignal
that's why I asked you and didn't get an answer either
orignal
people on dev are not mentally ill
zzz
answer: attack mitigation, carefully discussed/reviewed/implemented/tested
dr|z3d
well, that's what you told us before.
orignal
it was about ru
orignal
zzz, do you have to ban IPs from the list?
orignal
do you understand that one who controls this list can put the network down?
orignal
easily
orignal
in one click
zzz
not true
orignal
you comapre IP with that list
zzz
we update the list manually and review it before checking in. it's not an automatic feed
orignal
now
orignal
let's start from scratch
orignal
manually or through SU3?
zzz
why do you care so much if it doesn't affect you or anybody in #dev and it's not in your project?
zzz
manually
orignal
because I care about whole I2P project
orignal
we try to promote it eveywhere
orignal
to exaplain people why they should use I2P
orignal
to convince that I2P is independent from current narrative
orignal
but by that change you have sent very bad message
orignal
to pptential users
zzz
we do as well, and support your project too.
orignal
right
zzz
I disagree about the 'bad message' or the extent that implementation details can affect 'reputation', but I appreciate your comments
orignal
but people like Vort and tetrimer are not complete idiots like dr|z3d claims
orignal
they are very techical guys and want answers
orignal
and I guess rany will be affected
orignal
because he runs Tor exit node
zzz
don't know tetrimer but I respect Vort. techical guys generally don't ask questions about conspiracies and reputation
orignal
tetrimer is serious freesbd guy
orignal
contributed a lot to mitognate last attack
zzz
but as I said I can review the current implementation with eyedeekay and see if we can do any better
orignal
reputation is my veiw
orignal
then answer the simple question
orignal
do you agree that not let people run an I2P router on a Tor exit node is wrong?
zzz
that's part of the problem here is you're both trying to represent people that aren't here, and also adding your own views, and speculating about other outside opinion. It's hard to form a coherent understanding of whats being advocated
orignal
my last question
orignal
let's start from it
zzz
this topic is not about right/wrong but software engineering tradeoffs
orignal
not really, we are trying to understand your view
orignal
techically as you said we don't care
zzz
our view (not _my_ view), as we put up on IRC, zzz.i2p, twitter, release notes, reddit, and who knows where else, is "collateral damage, sorry, hopefully not too many"
orignal
please answer that question
zzz
"is it wrong?" is the question? my answer is above. software engineering tradeoffs
orignal
so since you have a way to avoid such "collatral damage"
zzz
attack mitigations are messy and inexact. we do the best we can.
orignal
how could it help if i2pd node still let Tor routers to connect?
orignal
nodes
orignal
you can't convince even me
zzz
that's the part I don't understand. you haven't explained how in detail, and haven't considered that i2pd != java i2p, just because you did something doesn't mean we can (at least easily)
orignal
looks like the real goal was to ban all Tor exit nodes
zzz
I don't need to convince you of anything. I'm engaging in a discussion with you, I'm not trying to convince you or "win"
orignal
which part? how to detect a router connected through Tor?
zzz
if you disagree, fine
orignal
I need to convince guys
orignal
because they are angry on you
zzz
then do your best, I'm not going to spend half a day tryihng to convince people that are not here
zzz
if they're angry maybe they aren't that smart after all :))
zzz
just kidding. but seriously I don't get it.
orignal
no, all I want you to admit that it was a mistake
orignal
with these "collateral damage"
orignal
that might have bigger consequence than you thought of
cumlord
if it helps i ran through translate
orignal
today's diescussion on dev?
zzz
at this time I don't see a mistake, but I offered to do some review with eyedeekay later. you haven't explained any 'consequence' other than 'reputation' which also doesn't make much sense to me
orignal
ok. I can explain
zzz
if these guys are so smart and concerned about java i2p, I hope they can help review patches and MRs for us
orignal
potential I2P users will think that you joined the copany against Tor
orignal
that itslef is easy to answer
orignal
that's because you where tired from fucking idiot sitting behind Tor
orignal
but banning legitimate routers doesn't have reasonable explanation
orignal
because the next queqtion would be "was it possibe to do without it?"
orignal
and my answe would be "yes"
orignal
that's about "reputation"
snex
why dont we just have a whitelist of tor nodes that arent dickheads?
orignal
guys are concerned about running i2pd on Tor exit nodes
orignal
snex we need a whitelist of I2P routers sitting in Tor nodes
orignal
that's part of my proposal
snex
you dont even have to maintain lists, just require PoW if tor node
orignal
btw "as we put up on IRC, zzz.i2p, twitter, release notes, reddit"
orignal
one thing is missing here
orignal
Telegram
orignal
90% of discussions are there
orignal
in many channels
snex
telegram is compromised
orignal
snex don't need to
orignal
just require IP/port in RI
orignal
yes, but many people use it
orignal
and come to I2P from there
zzz
we reviewed the netdb before we implemented it, and found no i2p routers on tor exit nodes
orignal
I will ask rany
orignal
and I remeber one guy in Telegram who run both
orignal
and he even showed network activity graphs
zzz
I get it, your argument is that 1) you (orignal) are reporting that 2) other people (vort/tetrimer) are concerned that 3) OTHER people on the internet will propagate a conspiracy theory about i2p being paid by NSA, hurting our reputation. So 4) we should change our technical decisions. Got it.
orignal
Tor vs I2P traffic
orignal
yes, pretty much like this
snex
i didnt receive my NSA check...
orignal
if you have more technical questions anbout my proposal you can ask
orignal
snex no NSA is obsolete, zzz is paid by WEF directly ))
StormyCloud
wait yall are getting paid for this? xD
snex
i didnt get that check either
orignal
StormyCloud people think so )))
zzz
after the discussions in April, we discussed and combined the solutions from i2p+ and i2pd to design something that would work well.
orignal
btw, StormyCloud I have just decline a commit about you
zzz
it's not _exactly_ the same as what you do or what i2p+ does. we did the best we could with the info at the time
StormyCloud
I saw, it was just for your documentation but *shrugs* no worries from my end.
orignal
zzz, seems you forgot to invite me ))
zzz
maybe we can do better, maybe not, but as of now I don't consider it a "mistake", even though it's not exactly the same as what i2pd does
orignal
StormyCloud I'm not going to do it wothout your explicit permssion
orignal
becauase your outproxy has nothing to do with i2pd
zzz
a lot of it was here in this channel. Maybe not all.
orignal
what i2pd does?
orignal
checking published IP address with actual endpoint?
zzz
yes, more or less
orignal
wait
orignal
do you check actual endpoint for incoming connection from a router or it's just by IP?
orignal
ban
zzz
we have multiple checks. belt+suspenders
orignal
do you measure roundtrip time?
orignal
I exclude slow connection from tunnels
orignal
doesn't mater if it's Tor, shadowsocks or other proxies
orignal
all slow connection go nowhere
zzz
no
dr|z3d
I wasn't implying anyone was an idiot, orignal. Not my intention. If I got your "they're all mentally ill on ilita" wrong, my bad.
dr|z3d
"performance due to tor parasites is poor"
dr|z3d
segfault gets it.
dr|z3d
:)
orignal
no he refers to the statement
orignal
<segfault> ну формально тут написано
orignal
<segfault> производительность из-за tor-паразитов плохая
orignal
the whole statement
orignal
actually it's not but this is another topic
dr|z3d
poor performance, scope for abuse by hostile actors. not controversial, not difficult to understand.
orignal
poor peromance of what?
orignal
be aware about ipv6 -only routers
dr|z3d
potential degradation of network performance.
orignal
please explain how
orignal
if Tor connection is only with them
orignal
and no tunnels through such link
dr|z3d
any connection to a router that's routed over Tor adds an additional 3 hops.
orignal
and? every router does it
dr|z3d
so my 3 hops + your 3 hops + Tor's 3 hops. 9 hops.
dr|z3d
recipe for shit cake.
orignal
yes but it's for them only
orignal
why other's care?
orignal
streams RTT with them is high. And?
dr|z3d
if I'm using them in my tunnels, shit cake.
orignal
as long as you don't build transit tunnels through such link the netwrok is fine
dr|z3d
we don't.
dr|z3d
:)
dr|z3d
problem solved.
orignal
but why would you use them in your tunnel?
orignal
the only way you can connect with them
orignal
if they connect to your directly
orignal
so the only possibility for you if you pick them as a first hop
orignal
just don't do it
orignal
I measure RTT and bypass slow connection
dr|z3d
if they're anywhere in the tunnel, either at my end or the destination side, then shit cake.
orignal
please explain how can they be anywhere
orignal
sonce you select them
dr|z3d
that's a secondary consideration. the main consideration is we DO NOT WANT bad actors using Tor as camouflage to abuse the network.
orignal
think about ipv6
dr|z3d
I select my hops, but I don't select the destination's hops.
orignal
what would be the next? Ban HE's range?
orignal
but destaintion is in the same situation
orignal
they can't pick such router for a tunnel
orignal
because no way to connect to them
dr|z3d
if they're U, which they likely are, they're still available in the network.
dr|z3d
and of course when they're U, that's an additional hop.
orignal
they are not just U
orignal
they are U without introducers
orignal
well if it's Tor they are NTCP2 only
dr|z3d
sure, no UDP, no SSU.
orignal
if they are shadowsocks they might have SSU2 but without introducers
orignal
so the only way to pick them for a tunnel if they are connected to you
dr|z3d
as I said earlier, network performance is secondary. The *primary* consideration is abuse.
dr|z3d
And it was you that persuaded zzz to implement a Tor ban, not me, when you speculated about attacks earlier in the year being hidden behind Tor.
orignal
and I said erlier, what about ipv6 only?
dr|z3d
what about it?
orignal
anyone can obtain HE tunnel anonymously
dr|z3d
sure, we don't block Tor over IPv6.
orignal
you see ipv6 address but you can't do too much with it
orignal
not Tor
orignal
just a router with ipv6 address
orignal
ipv6 addresses are relatively anonymous
orignal
attack is another story, we dicussed peromance degradation only
dr|z3d
Attack vector is the primary motivation for blocking Tor.
orignal
but again do you think that an adversay is so dumb that he can't obtain a HE tunnel?
orignal
then HE is the next candidate ))
dr|z3d
remind me, HE?
eyedeekay
Who cares about one adversary? make the next one get a real computer at Hurricane Electric or whatever, but keep everybody from using Tor as an attack component obviously raises a meaningful barrier to attackers
orignal
hurricane elecric
orignal
they give you free ipv6 tunnel
dr|z3d
what eyedeekay said.
orignal
eyedeekay there is a group
orignal
they will figure out quecily what to do next
dr|z3d
we're not suggesting we've addressed all possible attack vectors.
dr|z3d
close one door, another one opens.
orignal
my point is that it doesn't solve the problem
dr|z3d
the words "barrier to entry" are salient.
eyedeekay
Sure, that makes sense, but it doesn't mean we should just make it easy for them, Tor is gratis, it's tooling is accessible and generic, makes a thing really easy
orignal
also keep in mind yggdrasil
dr|z3d
we don't support ygg.
dr|z3d
that's your problem.
orignal
well Tor is the problem becuase it's slow
orignal
I suspect they throw shit through tunnels
orignal
not directly
eyedeekay
yggdrasil is to my mind a whole different story, you have the ability to open ports, listen on multiple addresses, your internal address is an artifact of a cryptographic key, lot more options to make yggdrasil work in a reasonable way IMO
orignal
one can generate tons of ygg addresses
eyedeekay
Sure, but they're also pretty linkable, you can set up yggdrasil, connect to one of those addresses, and usually see a real IP or at least an ISP
orignal
please tell mine 202:cd42:5b06:f622:ece1:5653:779f:9f9e
orignal
even approximately
snex
whats the point of ygg if you can link a service with its IP
orignal
idependent routing
orignal
forever yours IP
snex
cops banging your door in for hosting "bad things"
orignal
don't host "bad thing" there
orignal
use I2P over it
snex
they redefine what "bad thing" is every 4 years or so
snex
some countries are claiming that twitter is hosting "bad things"
orignal
that's why you should use i2p
snex
well yeah
orignal
and ygg as transport
snex
hence im asking whats the point of ygg
snex
seems like a honeypot
orignal
as I said indepent routing
orignal
your IP doesn't depend on ISP
snex
i2p has that
orignal
furthermore it might work without ISP
orignal
though another address in LAN for example
eyedeekay
honeypot only if you're using it under very wrong impressions, it's about eventually managing the routing without the ISP, like orignal says
eyedeekay
also simplifying the overall topology for people to work with
snex
it reminds me of bitcoin vs monero
orignal
anyway i2p over ygg is relatively popular
eyedeekay
It's a bit more versatile than bitcoin, though, I haven't used it in a long time, but when I did I didn't actually connect to the rest of the yggdrasil network(Hyperborea? or is that cjdns?) at all, I just changed the config to let me connect to my own node and used it as a sort of portable LAN
eyedeekay
bitcoin sort of implies you write stuff down on the blockchain, the analogous act of joining the larger network is not required in yggdrasil
eyedeekay
And I admit, under the right circumstances, particularly ones contrived by an expert with a vested interest in using the config options that are available to route yggdrasil over other stuff, you could use it to hide your real IP, as I'm sure orignal has
orignal
that my node is connected through a private peer
orignal
from another guy
eyedeekay
So yeah, yggdrasil is pretty versatile
eyedeekay
I still maintain that yggdrasil is a meaningfully different than Tor for the purposes of attacks, and probably requires much more nuanced handling if it requires any
orignal
someone has posted to kislitsa already
StormyCloud
people will complain about anything
snex
pls add i2p feature to make chocolate ice cream thx
dr|z3d
well, the average users split image is amusing there orignal, if nothing else.
dr|z3d
The "Sit on this" illustration made me laugh.
dr|z3d
as for posting to kislitsa, oh noes. someone posted to a russian chan. oh noes!
dr|z3d
only a month late relative to the original blog post.
orignal
kislitsa is too popular
orignal
ofc they have read today's dev