orignal
gents, seems I can connect to Java node through ipv6 from Tor
dr|z3d
yup
dr|z3d
we only block ipv4 exits.
orignal
then what was the task?
orignal
probably I'm a shirmp
dr|z3d
a shrimp?
dr|z3d
*** chuckles ***
orignal
that's Russian slang
orignal
"йа креведко"
orignal
most of floodfills support ipv6
orignal
can someone explain what actual task was?
dr|z3d
this is the reference blocklist: check.torproject.org/torbulkexitlist
orignal
and?
orignal
are you saying that i2p wanted central authority?
orignal
to be controlled by Tor guy
dr|z3d
no. I'm saying that's the published list of Tor exits.
orignal
and no ipv6
orignal
while ipv6 works through the Tor
orignal
you didn't know it or what?
orignal
have this ever been discussed?
dr|z3d
it's a limitation of the list.
orignal
then again what was the goal?
dr|z3d
> IPv6 is going to make blacklisting kinda impractical. Imagine I run some exit and my provider gives me an v6 /64. I could exit from anywhere in that whole /64 range. Trying to enumerate them remotely is difficult (imperfect) for v4, for v6 in would be practically impossible, never mind having to store them in some distributed list, which is kept up to date. I don't think it's going to be feasible ...
orignal
do you understand that an attacker can just turn on ipv6 in thier config and that's all?
dr|z3d
it's not perfect, but it's "something".
orignal
or it was discussed so well that nobody thought about such possibility?
orignal
something for what?
orignal
asking this question again
dr|z3d
let's see what we can do to remedy this.
orignal
I've made my changes alerady
dr|z3d
what are you up to?
orignal
and btw people do host eepistes though Tor
orignal
just FYI
orignal
this change has wider effect
orignal
it's mistly against putins of different kinds
dr|z3d
ok, looks tight. so any router you can't directly reach is deemed to be running behind a proxy and blocked?
dr|z3d
blocked / set unreachable and not used for first hop..?
orignal
if my router is in "limited conectivity" mode
orignal
and I can't connect to a router I don't consider it as unreachable
orignal
and I always talk to floodfills through tunnels in this mode
orignal
later I'm going to instroduce "stan" parament to turn on this mode explicitly
orignal
*parameter
dr|z3d
if (username == stan) {reponse == "fuck off";} ?
orignal
if stan = true in config then IsLimitedConnectivity returns true
dr|z3d
ok, I think I more or less get your logic, if not the best way to implement that in java. maybe zzz will have some ideas.
orignal
I was inspired by you
orignal
by question how we handle ygg
dr|z3d
If I inspired you, great. No charge :)
orignal
and current sistuation with Tor is a good model of Puitin's bahaviour
orignal
like you can't connect to all other routers even if they are good
dr|z3d
there's another minor issue with ipv6 and Tor..
dr|z3d
> * On-disk blocklist supports IPv4 only.
orignal
it will not help anyway
dr|z3d
here's what an ipv4/6 combined blocklist might look like, if we were able to support ipv6, zzz: cake.i2p/view/ijhABKbDpz_MAJZczQEe1dXNm6Ym5dKcjuwAAZn7m_C7aQ1WAg7B/ijhABKbDpz.txt
dr|z3d
though based on what orignal's doing, it sounds like there's a better approach.
orignal
times change and we need to assume that i2p can work in -stans
dr|z3d
we can support ipv6, we just have to load the addresses into memory.
dr|z3d
but I'm with you, let's see what zzz thinks.
orignal
again I don't like any central authority at all
orignal
better if you implement my method
orignal
e.g. if RTT of link if too high disconnect and ban it
dr|z3d
as an interim measure, ipv6 tor exits now blocked in the latest + dev build.
dr|z3d
orignal: you sorted out + snark yet?
dr|z3d
pulling the latest revision recommended, some "new stuff" has landed.
dr|z3d
(including more terminal event logging)
darius
damn, so ipv6 has secuirty issues due to its large addressing space. limits to growth vibes, its unfair to just say the stans, western countries do their share of suppression and crimes, they also often test policies in in poorer places like "stans" for adoption in their own countres, they just tend to do it in more roundabout ways, but they are no less bad, and some might argue worse because often combined with
darius
propaganda.
darius
when we talk about "ban"ning servers are these servers that go out of there way to open a connection and then cut communication later, or are these connections that for whatever reason never seem to respond.
darius
i would say theres a big difference between the two.
darius
the former is a problem the latter? could be a firewall policy to drop packets from a specific ip and not "ban"-worthy
darius
when it comes to suppression in the west look on further than assange, claims of "russian meddling" to block the laptop story etc. I'm no trump fan but yeah, jus saying.
darius
they were recently biden mental incapacity videoes were russian disinfo also, btw, they were saying it was ai generated, iirc
darius
tldr, lives are ruined when people in power lie that's part of the reason i work on tech like i2p
darius
Blinded message
darius
Blinded message
darius
Blinded message
darius
speaking of updating the geti2p site, anyone in favor of me putting the css rss icon on the geti2p site?
dr|z3d
I see someone charged your batteries again, throstle :)
orignal
will try today
orignal
new word "invisible I2P"
onon_
I3P
onon_
Invisible Invisible Internet Project
dr|z3d
looks like you're well on the way with netdb search refactor, zzz. good stuff.
dr|z3d
I was going to suggest moving the search stuff to a separate class to make maintenance and the like easier.
zzz
yeah after whining about how annoying it was, I just sucked it up and finished it
dr|z3d
nice, nice. ping me when it's ready to test.
zzz
there's more possible ofc but tried to minimize the diff size
dr|z3d
that's the other thing re diff size.. new class, less pain merging :)
zzz
it's up for review and ready to test
dr|z3d
ok, great. I'll look at pulling it in shortly and let you know how it functions.
onon_
zzz, i have a question
onon_
Is it possible to pass a command from the streams layer in java i2p to change the outgoing tunnel?
onon_
This concerns the client side, in the case when the ACK does not reach the server
zzz
no
onon_
Is it possible to make changes in i2cp or use existing mechanisms?
onon_
This is a fairly common problem when the java client stops sending acknowledgments
zzz
anything is possible, but somebody would have to make a case for it
zzz
haven't seen a major issue here.
onon_
Really? Oh well.
zzz
we have the mechanism you're proposing, but it's based on ratchet acks
zzz
the client side knows nothing about tunnels, that's the original jrandom design/architecture
onon_
This mechanism probably doesn't work as well as we'd like.
T3s|4
onon_: I have no idea if you're trying to ask a question that you are uncertain of, or trying to advance some speculative postulate. Why not link your proposed solution?
onon_
I see a problem and I'm trying to find a solution. I'm currently interested in snark's functionality, as I don't see any other good solutions in conjunction with i2pd.
T3s|4
onon_: np, and glad you're trying to crack the issue you've found
orignal
the question if there is an IPCP message that tells router to change outtbound tunnel - remote leaseset pair
orignal
becuase current is suspected dead
orignal
as zzz said it can be detected at ratchets level
orignal
but ack request is being sent too rare