#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

dr|z3d ok, new + feature about to land: router.blockCountries={countrycode1,countrycode2}

dr|z3d if you want to block requests from all chinese routers, for example, router.blockCountries=cn will engage a block and an 8 hour ban as soon as a direct transit request is made by a router in the specified country.

dr|z3d net.i2p.router.tunnel.pool.RequestThrottler=WARN on /configlogging will log blocks if you decide to enable. let me know how you get on if you do.

dr|z3d ETA 5m.

snex Seems racist

orignal how about NTCP2 and SSU2 connections?

dr|z3d shut up, snex

dr|z3d *** laughs ***

dr|z3d hmm, orignal?

orignal is it a market of i2p+ routers to explude the from a tunnel?

orignal if you received an incoming connectionb from China

orignal would you accept it?

orignal *marker

dr|z3d by default, we accept all connections.

dr|z3d unless hidden mode or strict country, then we reject connections from same country.

orignal can you publish this setting in RI?

orignal telling the network that you don't accept tunnels

dr|z3d that would be something to roll out globally after consultation.

dr|z3d discuss.i2p/viewtopic.php?p=561 (I'm not suggesting blocking routers from any country, but there's obviously a demand)

orignal if you do it I will try nto exalude I2P+ from tunnels completely

dr|z3d why would you do that?

dr|z3d and that seems like a disincentive for publishing country-level blocks to the routerinfo.

orignal_ I agree with snex

orignal_ it's not better that behaviour of Linux's assholes

dr|z3d coming from you that means abssolutely nothing, sorry.

snex It’s going to lead to stupid net splits

orignal_ I'm not going to try to build a tunnel through a routers that bans participants for it's own reason

dr|z3d it's not meant to encourage arbitary blocking, it's meant to serve as an additional measure to block either hostile countries (if you happen to be in one), or countries that are demonstrably the source of ongoing network attacks.

snex And then routers that don’t block will get doxxed

orignal_ either you publish this info or we will bypass all I2P+

dr|z3d *** laughs ***

orignal_ today is China tommorow is who?

orignal_ Russia because sanctions?

dr|z3d Iran, perhaps?

orignal_ as this moron TGorvalds said

dr|z3d I'm not advocating blocking any country. It's an option is all.

snex If you allow blocking then it’s not long before governments require it

orignal and it's clear that i2pd is not going to do it

orignal ok. Linux moron start with renaming master/slave in the code

orignal sounds familiar?

dr|z3d totally different.

orignal not they kicked our Russian contributor based on ethnicity

dr|z3d the impetus for allowing country-level blocks is the current Chinese attack. I doubt whether most people will bother with blocking, but it's an available option.

snex Why are we even geo tracking in the first place

snex Just because we can?

snex Is there any genuine benefit?

eyedeekay So that routers in countries where it is illegal for people to route, don't

snex Isn’t that their problem?

eyedeekay No

orignal different?

snex They should be allowed to defy their governments if they want

orignal did someone here changed MASTER to PRIMARY?

snex We should not be helping the oppressive governments

eyedeekay And they can, but they'll have to opt into it

eyedeekay We're not. We're keeping innocent people who don't know better from getting arrested.

orignal then ban all Russians is the next logical step

orignal I don't see why it's different

snex Just put a warning to check laws

dr|z3d orignal: you seem to be conflating a bunch of different topics just for effect.

orignal and the last step is Torvald's statement

orignal I guess Nazi is going to make it

orignal how he hates Russians because he is Geman

orignal *German

orignal different

orignal ?

orignal why do you think so?

eyedeekay For one thing, Java I2P isn't blocking anybody by country and doesn't intend to. Sorry dr|zed but I don't see upstreaming that feature.

orignal Linux also started with remnaming "master/slave"

dr|z3d we're not helping oppressive governments, we're helping people that decide they want to run routers in oppressive countries. it's a subtle difference.

eyedeekay For another thing, not publishing a routerInfo directly is very different from blocking people

orignal not they have few millions haters

eyedeekay The person to whom you are referring does not make those decisions

dr|z3d eyedeekay: I wasn't going to propose it for upstreaming.

snex I2p users are not oppressive governments though

eyedeekay Just making it clear to orignal

snex If anything you should block government IPs

orignal then who remnamed MASTER to PRIMARY?

orignal Aliens from Mars?

orignal eyedeekay the person I'm refeering to call you project LGBT-I2P

eyedeekay Have you implemented either yet?

orignal he doesn't make decisions

orignal no?

eyedeekay No, he doesn't

orignal if he doesn't why this sgameful statement is still there?

orignal shameful

orignal zlatin said he is an I2P's Linus Torvalds

orignal and I tend to agree

eyedeekay Because I have better things to do than to rewrite it to suit your or zlatin's tastes

orignal everybody agree that statment is wrong

orignal but it's still there

orignal making very negative impression about whole I2P project

orignal and based on this I don't see any evidence that I2P team is different than Linux

orignal kick out people contributing into the project for decades? easily

eyedeekay I'm not interested in re-litigating this with you orignal I have like 16 jobs to do. I2P canon isn't blocking Russians and we're not blocking you.

orignal banning Chinesses routers althrough there are bucng of Chinesse users in the netwrok? easily

orignal eyedeekay ... for now

orignal Russian people also believed in Linux's open source values

eyedeekay I repeat, this feature will not reach canon I2P from I2P+, for as long as I am reviewing MR's

orignal my point is simple

eyedeekay Kaspersky didn't

orignal you guys have chosen wrong way

orignal eyedeekay thatnk you

orignal so only I2P+ should be bypassed

orignal and you know there are real people from China at Ilita

dr|z3d if a user wants to block a country or list of countries, that's their choice to exercise.

snex They should not be helped by the app

snex Let them do it themselves

dr|z3d of course, adding features that assist users in achieving a desired end result is bad.

dr|z3d what absolute shit.

snex It can be

snex This is going to compromise anonymity

dr|z3d there may be perfectly valid reasons to block specific countries. it's not my role to judge the validity of any such reasoning.

orignal Kaspersky is KGBist

orignal he is different story

snex Sure and people can write their own code to do so

dr|z3d can they? I don't see a huge swathe of java coders all contributing to the codebase.

orignal or do it on network firewall

snex There are infinite things people want - you shouldn’t code it all

snex You should code things that benefit i2p

snex Benefit more connections

snex More connections = more protection

dr|z3d Like I said, I'm not advocating blocking any country. I'm just providing an option.

snex If Joe Biden tells me I need to block Iranian IPs I don’t want to have to obey him or for him to see I’m disobeying

orignal btw have you noticed that Linux team even didn't try to apologize for Trovald's staement

orignal snex Joe Biden told someone here to remove any mentioning of master/slave

orignal and he did

orignal without discussing it with anybody

dr|z3d if Joe Biden doesn't want you talking to Iran, he won't make a request, he'll block all IPs at your isp. let's not get ridiculous.

orignal again I2P project has very serious problems with attitude

orignal by not following the values they declare

snex Bullshit. Joe Biden will do whatever locks the most people in prison

dr|z3d you're not so hot yourself, orignal. you want to turn everything you don't agree with into a culture war.

orignal ?

orignal what an I wrong with?

orignal didn't it happen to SAM 3.3?

orignal is it my fanatsy?

orignal did you guys block all Tor's exit node?

snex We should adopt a philosophy of never facilitating blocking for arbitrary reasons. Only for demonstrably malicious behavior

orignal snex that's exactly my point

eyedeekay If that is the criteria then the Tor exit block should stand

orignal banning by country soon will end up by baning by natinality

dr|z3d some might say that a huge increase in bandwidth is demonstrably malicious, especially when they have data caps.

snex I don’t know enough about tor to have a position on that

orignal Linux is the prefect example

orignal snex there were few eepiste running behind Tor

orignal just FYI

snex My site is available on clear web i2p and tor

orignal eyedeekay it's not useless

snex You don’t need an exit node for that

orignal *now

orignal I suspect that recent bandwidth increase is legitimate traffic

orignal snex, the main problem that they make decidion without any dicussions

orignal without reaearch, etc.

snex Can this be made as a plug-in? Just do it that way if you really want it

orignal as for me it really lead to broken network integrity

orignal intead fighting together against goverment monkeys

orignal why can't I2P just be neutral?

snex There is no such thing

orignal we i2pd don't participate any agenda

orignal and don't make difference by country or nationality

snex Everybody says that

orignal I2P says "we do support LGBT"

snex I bet if you could tell your user is African you’d block them lol

orignal I2P renames master to primary

orignal why would I?

orignal deavmi run an i2pd router in Capetown

snex I mean black African

orignal another guy from Jamaika

orignal he is black

orignal what's a problem with it?

snex You don’t like them lol

orignal I'm not against blacks, I'm against BLM and agenda

orignal that includes renaming master to primarty

orignal no, I don't like criminal

dr|z3d github.com/PurpleI2P/i2pd/issues/2112

dr|z3d it's your users asking for country-level blocks, orignal

dr|z3d "I discovered this yesterday while debugging my own I2P software. If I block those abnormal China peers (located in the strict country list but not enabling hidden mode), I can quickly and stably access the I2P network."

snex So find what they are doing and block that behavior

snex That’s a long term solution

orignal thanks. answered

snex If you block everything BUT those bad nodes maybe you can easier figure out what the nature of their attack is

snex Like set up a router on a VPS for that purpose

orignal IF it's an attack

orignal rather than some p2p netwrok

snex I mean just simple nmap on these IPs to see what they are

dr|z3d 127.0.0.1:7657/netdb?c=cn

snex I’m not home right now but last time I checked I had zero cn routers

snex Send me a list of IPA

snex IPs

snex I will set one of my spare potatoes on it

snex I’ve been meaning to turn one into a dedicated metasploit box anyway

dr|z3d not a full list, but enough to chew on.

dr|z3d let's see what the net effect is on transit traffic with cn blocked.

RN each router is supposed to be untrusted.... I thought I read that somewhere in spec.... definately use the word untrusted, so if a router arbitrarily drops a particular country due to something the user configured or some firewall outside I2P where they block, that shouldn't be a reson to block a whole implementation

RN rather a hot topic, but a lot of mixing up issues

RN sure

snex I still see no mention of people who like pineapple on pizza

RN I agree the inclusion statement is poorly done, it also leaves out people who identify as extra-terestrials

RN but that's a non issue compared to threats of blocking one of three implementations

RN and as you said

RN will lead to network splits and fragmentation and degredation for all

dr|z3d worry not, RN, he can't do it.

dr|z3d for all his tub thumping, it's a non-issue.

dr|z3d and you can't foresee all possible scenarios where blocking specific countries might be legitimate. who are we to decide what's best for a specific user?

snex Maybe you want to ban all IPs that start with 56

snex Let’s add that too

dr|z3d you already can. go nuts.

RealyNot-alice hahaha

snex You can already ban China too. Don’t need in-app

dr|z3d don't need it? don't use it. no one's telling you to.

RealyNot-alice putting the power in the hands of the user is usually a good thing, though sometiems users do dumb things - I know I have over the years

RealyNot-alice as long as it is off by default I don't see a problem

RealyNot-alice unless over-adoption causes issues

RealyNot-alice but like snex said

RealyNot-alice you can block whatever you define, outside of I2P itself

RealyNot-alice I don't see the problem

RealyNot-alice aside from potential users screwing up their own setup

dr|z3d sure you can, but maybe you don't want to block ALL traffic from a given country at the firewall, maybe you ONLY want to block it in i2p.

RealyNot-alice get a more fancy firewall

RealyNot-alice LOL

RealyNot-alice but yeah, I don't hate the feature as long as it is off by default, and testing is done over time to identify any issues it may introduce

dr|z3d like I said, it's disabled by default, you have to add a config line to router.config or /configadvanced if in adv. mode to enable. it's niche.

RealyNot-alice so... just tell firewall to block all traffic on [secret I2P router port] from [blocklist-country + blocklist-other]

RealyNot-alice but that is one user

RTP Just like hardly anyone bans exit nodes by region on tor, I highly doubt over adoption would be an issue. But that's an opinion. The number of actively discriminating users is likely very low. JMO.

RealyNot-alice and firewall external to I2P

RealyNot-alice verry verry verry low

dr|z3d sure, it's not impossible to block i2p traffic from country x at the firewall, but it requires more knowledge to implement and maintain.

RealyNot-alice sure

RealyNot-alice your feature makes it easy

RealyNot-alice assuming you want to block same-country, the user case of which I understand

snex It should be hard

RealyNot-alice snex, do you think, should it also be hard to block your android device from phoning home to google without breaking functionality?

RealyNot-alice snex, do you also think it should be hard to fix your commercial farm equipment from rejecting an after market part and self bricking?

snex I think google should make it hard because to google and google lovers that makes their ecosystem work.

snex And graphene should make it easy because graphene users want to not do that

snex Same answer for farm gear

RealyNot-alice and, re: JohnDeere et al

RealyNot-alice hmmm

RealyNot-alice good thing farming isn't a big part of nevada's voting population

snex Private companies can do what they want and you can not buy it or hack it and release stuff OSS

snex If farmers saw enough benefit to hacking gear they’d be doing it

RealyNot-alice I come from the MAKER philosophy

RealyNot-alice once I buy it, I should be free to reverse engineer it and or replace parts

RealyNot-alice I mean if there was a decent standard of assumed warranty and expected lifespan, and repairs within that default warranty were mostly free to the buyer

RealyNot-alice things would be a little different

snex You are free to do that. And Deere is free to void warranties and not help you when you fuck up

RealyNot-alice obv if I buy a transmitter, and change a part making it too powerfull for my local laws, that's on me

RealyNot-alice but they don't just void warranty, a non manufacturer part that works identical is cause for the system to self brink

RealyNot-alice think of printer cartridges

RealyNot-alice and HP wanting to keep everyon hooked on their toner

snex That’s on you to work around. They can make it however they want

RealyNot-alice well the farm equip thing is taken to extreemes

dr|z3d I'm all for empowering the user. It's not my job to enforce arbitary limits.

RealyNot-alice I mean I rmember copy protection on floppy disks

RealyNot-alice but that wasn't that hard to bypass, but if you got caught as the source of bootlegs, you faced steep penalties imposed by the copywrong-mongers

RealyNot-alice but back then, it was like hacking the global (landline) telephone network

RealyNot-alice phreaking

snex Farmers make bank let’s not feel bad about their plight. It’s not some John mellencamp shit

dr|z3d the point RN was making is that arbitrary limits imposed on the user because the manufacturer says so are, per se, bad.

snex They’re not bad

snex They just are. Buy or don’t buy

dr|z3d I buy an HP printer. I use my own 3rd party ink cartridges. No problem. And then I get an over-the-air update for my printer and now I can't use 3rd party cartridges. Bad. Not acceptable.

snex You agreed to the TOS

snex They said this would be possible

snex You can block it from phoning home

snex Make OSS firmware

dr|z3d Besides, adding a feature isn't enforcing an arbitrary limit, it's removing an arbitrary limit should the user decide they want to use said feature. I really don't know what the issue is.

snex The feature is opposed to what i2p is all about

dr|z3d No, it's not. Like RN told you, the whole premise of I2P is "no trusted parties".

dr|z3d If I decide I don't want to trust routers from China or anywhere else, that's my choice.

snex Ok so block everyone

snex Trust does not mean allow connections from

dr|z3d equally, if I want a permissive policy that doesn't block any routers, that's ALSO my choice.

snex Trust means they can always send garbage data

snex And we always check the data

dr|z3d you see, you're not being forced to do anything. you're being given an option.

snex Trustless means we connect to any peer because we can handle garbage data

dr|z3d how anyone chooses to exercise that option is, frankly, none of your business.

snex So why are you helping them?

snex If I want to block routers run by gay people, it’s on me to write that code

dr|z3d it's called "empowerment". it's none of my business either.

snex That code doesn’t belong in the app

snex The app should do what the app does

snex Extra shit is for plugins or users to do themselves

dr|z3d they may have legitimate reasons for wanting to block countries. who am I to deny them the option because I don't have any?

dr|z3d we also give users the option to avoid routers for our own traffic that don't meet published bandwidth requirements. you could complain about that too if you like.

snex I want to be able to block routers run by gay people

snex They might infect me with the gay

dr|z3d I can't take you seriously, sorry.

snex It’s just as valid a feature as block by country

dr|z3d And it's not your place to determine what should or shouldn't be available in a given implementation, unless you happen to be the lead developer on that implementation.

dr|z3d Last time I looked, you didn't have your own I2P implementation.

snex It’s the place of users to say why ideas seem good or bad

dr|z3d you're welcome to express an opinion.

dr|z3d but please don't tell me that feature x doesn't belong and should be a plugin.

dr|z3d my code, my rules. that's the bottom line.

dr|z3d I've never shied away from sound advice; I welcome it.

dr|z3d otoh, when people start talking about coding up a solution to block routers run by gay people, I'll just laugh in their face.

snex You are taking this personally (and so is original)

dr|z3d back to the original subject, since enabling cn blocks on a fast router, for just over 2h uptime, ~615 blocked routers.

dr|z3d it would be extremely naive to believe that the recent appearance of CN routers is some benign p2p network.

snex Sure but if we just do a cn block instead of learn the behavior maybe they will just move somewhere else

dr|z3d the behavior appears to be resource exhaustion. besides, it's not a default block. it's something you have to enable. most people won't.

orignal what did I miss?

dr|z3d free chocolate potato chips and a carton of juice.

dr|z3d latest hypothesis: chinese routers are attempting to disrupt the store / distribution of leasesets.

orignal but they are 0.9.58

orignal how can they do it?))

dr|z3d that's a good question.

orignal but who is attacking 2RRY's hosting?

orignal They said 1Tb/s

dr|z3d ask your service provider. how would we know?

dr|z3d they must have some insight as to where the traffic's coming from.

orignal their whole netwrok is under attack not just 2RRY

dr|z3d right, so I ask again, how would _we_ know?

orignal we don't

orignal just thier statment

uop23ip dr|z3d, have you ever tested to ban K,L,M,N,O routers or only have X? Had it any benefits regarding speed for torrents or in general (browsing, connection/tunnel reliability?

snex so these chinese IPs all seem to be compromised windows boxes... i think its a botnet

dr|z3d uop23ip: worth a try.. you may see better speeds, maybe not.

dr|z3d snex: no surprise there.

dr|z3d uop23ip: your tunnels may be faster, but obviously you'll still be held up by the slowest router in the other router's tunnels.

snex heres the output cake.i2p/file/Q4PDKEjJXo_ngFnspdXpBCE0sQhJ0s3ulRgCBw8oi_uerf5cRb08/output.txt

snex the web servers seem to be default installs with no content, at least the ones i checked

dr|z3d looks like windows server all over, IIS comes as standard.

uop23ip i can try this by myself?

dr|z3d you can

uop23ip oh god

uop23ip an option?

uop23ip :)

dr|z3d check the advanced settings page under /help/

snex some of these are even running ftp or telnet lol

orignal IIS? like this l5exwwo2ev2jmz64ku6al4vgsmmamxpk4bczsdkt5u45nizh3fia.b32.i2p )))

dr|z3d IIS like this: 120.77.62.104

orignal that one is mine ))

dr|z3d or 121.40.201.214

snex telnet 120.25.254.215 17

snex theres a fun one

snex not sure how viable it would be to run scams on peers and ban ones that look compromised

orignal I use IIS sometimes

orignal because I know how to use it since 90s

orignal on Windows NT

snex interesting idea for eepsite.. scan all known peers and maintain scores for them. routers can subscribe to it for ban list

uop23ip found it router.excludePeerCaps={netDBcaps} Great, thanks dr|z3d. I guess it is not possible that snark/app can "demand" X's only tunnels?

dr|z3d uop23ip: no. it's all or nothing.