IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/09/08
orignal gents, seems I can connect to Java node through ipv6 from Tor
dr|z3d we only block ipv4 exits.
orignal then what was the task?
orignal probably I'm a shirmp
dr|z3d a shrimp?
dr|z3d *** chuckles ***
orignal that's Russian slang
orignal "йа креведко"
orignal most of floodfills support ipv6
orignal can someone explain what actual task was?
dr|z3d this is the reference blocklist: check.torproject.org/torbulkexitlist
orignal are you saying that i2p wanted central authority?
orignal to be controlled by Tor guy
dr|z3d no. I'm saying that's the published list of Tor exits.
orignal and no ipv6
orignal while ipv6 works through the Tor
orignal you didn't know it or what?
orignal have this ever been discussed?
dr|z3d it's a limitation of the list.
orignal then again what was the goal?
dr|z3d > IPv6 is going to make blacklisting kinda impractical. Imagine I run some exit and my provider gives me an v6 /64. I could exit from anywhere in that whole /64 range. Trying to enumerate them remotely is difficult (imperfect) for v4, for v6 in would be practically impossible, never mind having to store them in some distributed list, which is kept up to date. I don't think it's going to be feasible ...
orignal do you understand that an attacker can just turn on ipv6 in thier config and that's all?
dr|z3d it's not perfect, but it's "something".
orignal or it was discussed so well that nobody thought about such possibility?
orignal something for what?
orignal asking this question again
dr|z3d let's see what we can do to remedy this.
orignal I've made my changes alerady
dr|z3d what are you up to?
orignal and btw people do host eepistes though Tor
orignal just FYI
orignal this change has wider effect
orignal it's mistly against putins of different kinds
dr|z3d ok, looks tight. so any router you can't directly reach is deemed to be running behind a proxy and blocked?
dr|z3d blocked / set unreachable and not used for first hop..?
orignal if my router is in "limited conectivity" mode
orignal and I can't connect to a router I don't consider it as unreachable
orignal and I always talk to floodfills through tunnels in this mode
orignal later I'm going to instroduce "stan" parament to turn on this mode explicitly
orignal *parameter
dr|z3d if (username == stan) {reponse == "fuck off";} ?
orignal if stan = true in config then IsLimitedConnectivity returns true
dr|z3d ok, I think I more or less get your logic, if not the best way to implement that in java. maybe zzz will have some ideas.
orignal I was inspired by you
orignal by question how we handle ygg
dr|z3d If I inspired you, great. No charge :)
orignal and current sistuation with Tor is a good model of Puitin's bahaviour
orignal like you can't connect to all other routers even if they are good
dr|z3d there's another minor issue with ipv6 and Tor..
dr|z3d > * On-disk blocklist supports IPv4 only.
orignal it will not help anyway
dr|z3d here's what an ipv4/6 combined blocklist might look like, if we were able to support ipv6, zzz: cake.i2p/view/ijhABKbDpz_MAJZczQEe1dXNm6Ym5dKcjuwAAZn7m_C7aQ1WAg7B/ijhABKbDpz.txt
dr|z3d though based on what orignal's doing, it sounds like there's a better approach.
orignal times change and we need to assume that i2p can work in -stans
dr|z3d we can support ipv6, we just have to load the addresses into memory.
dr|z3d but I'm with you, let's see what zzz thinks.
orignal again I don't like any central authority at all
orignal better if you implement my method
orignal e.g. if RTT of link if too high disconnect and ban it
dr|z3d as an interim measure, ipv6 tor exits now blocked in the latest + dev build.
dr|z3d orignal: you sorted out + snark yet?
dr|z3d pulling the latest revision recommended, some "new stuff" has landed.
dr|z3d (including more terminal event logging)
darius damn, so ipv6 has secuirty issues due to its large addressing space. limits to growth vibes, its unfair to just say the stans, western countries do their share of suppression and crimes, they also often test policies in in poorer places like "stans" for adoption in their own countres, they just tend to do it in more roundabout ways, but they are no less bad, and some might argue worse because often combined with
darius propaganda.
darius when we talk about "ban"ning servers are these servers that go out of there way to open a connection and then cut communication later, or are these connections that for whatever reason never seem to respond.
darius i would say theres a big difference between the two.
darius the former is a problem the latter? could be a firewall policy to drop packets from a specific ip and not "ban"-worthy
darius when it comes to suppression in the west look on further than assange, claims of "russian meddling" to block the laptop story etc. I'm no trump fan but yeah, jus saying.
darius they were recently biden mental incapacity videoes were russian disinfo also, btw, they were saying it was ai generated, iirc
darius tldr, lives are ruined when people in power lie that's part of the reason i work on tech like i2p
darius Blinded message
darius Blinded message
darius Blinded message
darius speaking of updating the geti2p site, anyone in favor of me putting the css rss icon on the geti2p site?
dr|z3d I see someone charged your batteries again, throstle :)
orignal will try today
orignal new word "invisible I2P"
onon_ Invisible Invisible Internet Project
dr|z3d looks like you're well on the way with netdb search refactor, zzz. good stuff.
dr|z3d I was going to suggest moving the search stuff to a separate class to make maintenance and the like easier.
zzz yeah after whining about how annoying it was, I just sucked it up and finished it
dr|z3d nice, nice. ping me when it's ready to test.
zzz there's more possible ofc but tried to minimize the diff size
dr|z3d that's the other thing re diff size.. new class, less pain merging :)
zzz it's up for review and ready to test
dr|z3d ok, great. I'll look at pulling it in shortly and let you know how it functions.
onon_ zzz, i have a question
onon_ Is it possible to pass a command from the streams layer in java i2p to change the outgoing tunnel?
onon_ This concerns the client side, in the case when the ACK does not reach the server
onon_ Is it possible to make changes in i2cp or use existing mechanisms?
onon_ This is a fairly common problem when the java client stops sending acknowledgments
zzz anything is possible, but somebody would have to make a case for it
zzz haven't seen a major issue here.
onon_ Really? Oh well.
zzz we have the mechanism you're proposing, but it's based on ratchet acks
zzz the client side knows nothing about tunnels, that's the original jrandom design/architecture
onon_ This mechanism probably doesn't work as well as we'd like.
T3s|4 onon_: I have no idea if you're trying to ask a question that you are uncertain of, or trying to advance some speculative postulate. Why not link your proposed solution?
onon_ I see a problem and I'm trying to find a solution. I'm currently interested in snark's functionality, as I don't see any other good solutions in conjunction with i2pd.
T3s|4 onon_: np, and glad you're trying to crack the issue you've found
orignal the question if there is an IPCP message that tells router to change outtbound tunnel - remote leaseset pair
orignal becuase current is suspected dead
orignal as zzz said it can be detected at ratchets level
orignal but ack request is being sent too rare