dr|z3d
ok, new + feature about to land: router.blockCountries={countrycode1,countrycode2}
dr|z3d
if you want to block requests from all chinese routers, for example, router.blockCountries=cn will engage a block and an 8 hour ban as soon as a direct transit request is made by a router in the specified country.
dr|z3d
net.i2p.router.tunnel.pool.RequestThrottler=WARN on /configlogging will log blocks if you decide to enable. let me know how you get on if you do.
dr|z3d
ETA 5m.
snex
Seems racist
orignal
how about NTCP2 and SSU2 connections?
dr|z3d
shut up, snex
dr|z3d
*** laughs ***
dr|z3d
hmm, orignal?
orignal
is it a market of i2p+ routers to explude the from a tunnel?
orignal
if you received an incoming connectionb from China
orignal
would you accept it?
orignal
*marker
dr|z3d
by default, we accept all connections.
dr|z3d
unless hidden mode or strict country, then we reject connections from same country.
orignal
can you publish this setting in RI?
orignal
telling the network that you don't accept tunnels
dr|z3d
that would be something to roll out globally after consultation.
dr|z3d
discuss.i2p/viewtopic.php?p=561 (I'm not suggesting blocking routers from any country, but there's obviously a demand)
orignal
if you do it I will try nto exalude I2P+ from tunnels completely
dr|z3d
why would you do that?
dr|z3d
and that seems like a disincentive for publishing country-level blocks to the routerinfo.
orignal_
I agree with snex
orignal_
it's not better that behaviour of Linux's assholes
dr|z3d
coming from you that means abssolutely nothing, sorry.
snex
It’s going to lead to stupid net splits
orignal_
I'm not going to try to build a tunnel through a routers that bans participants for it's own reason
dr|z3d
it's not meant to encourage arbitary blocking, it's meant to serve as an additional measure to block either hostile countries (if you happen to be in one), or countries that are demonstrably the source of ongoing network attacks.
snex
And then routers that don’t block will get doxxed
orignal_
either you publish this info or we will bypass all I2P+
dr|z3d
*** laughs ***
orignal_
today is China tommorow is who?
orignal_
Russia because sanctions?
dr|z3d
Iran, perhaps?
orignal_
as this moron TGorvalds said
dr|z3d
I'm not advocating blocking any country. It's an option is all.
snex
If you allow blocking then it’s not long before governments require it
orignal
and it's clear that i2pd is not going to do it
orignal
ok. Linux moron start with renaming master/slave in the code
orignal
sounds familiar?
dr|z3d
totally different.
orignal
not they kicked our Russian contributor based on ethnicity
dr|z3d
the impetus for allowing country-level blocks is the current Chinese attack. I doubt whether most people will bother with blocking, but it's an available option.
snex
Why are we even geo tracking in the first place
snex
Just because we can?
snex
Is there any genuine benefit?
eyedeekay
So that routers in countries where it is illegal for people to route, don't
snex
Isn’t that their problem?
eyedeekay
No
orignal
different?
snex
They should be allowed to defy their governments if they want
orignal
did someone here changed MASTER to PRIMARY?
snex
We should not be helping the oppressive governments
eyedeekay
And they can, but they'll have to opt into it
eyedeekay
We're not. We're keeping innocent people who don't know better from getting arrested.
orignal
then ban all Russians is the next logical step
orignal
I don't see why it's different
snex
Just put a warning to check laws
dr|z3d
orignal: you seem to be conflating a bunch of different topics just for effect.
orignal
and the last step is Torvald's statement
orignal
I guess Nazi is going to make it
orignal
how he hates Russians because he is Geman
orignal
*German
orignal
different
orignal
?
orignal
why do you think so?
eyedeekay
For one thing, Java I2P isn't blocking anybody by country and doesn't intend to. Sorry dr|zed but I don't see upstreaming that feature.
orignal
Linux also started with remnaming "master/slave"
dr|z3d
we're not helping oppressive governments, we're helping people that decide they want to run routers in oppressive countries. it's a subtle difference.
eyedeekay
For another thing, not publishing a routerInfo directly is very different from blocking people
orignal
not they have few millions haters
eyedeekay
The person to whom you are referring does not make those decisions
dr|z3d
eyedeekay: I wasn't going to propose it for upstreaming.
snex
I2p users are not oppressive governments though
eyedeekay
Just making it clear to orignal
snex
If anything you should block government IPs
orignal
then who remnamed MASTER to PRIMARY?
orignal
Aliens from Mars?
orignal
eyedeekay the person I'm refeering to call you project LGBT-I2P
eyedeekay
Have you implemented either yet?
orignal
he doesn't make decisions
orignal
no?
eyedeekay
No, he doesn't
orignal
if he doesn't why this sgameful statement is still there?
orignal
shameful
orignal
zlatin said he is an I2P's Linus Torvalds
orignal
and I tend to agree
eyedeekay
Because I have better things to do than to rewrite it to suit your or zlatin's tastes
orignal
everybody agree that statment is wrong
orignal
but it's still there
orignal
making very negative impression about whole I2P project
orignal
and based on this I don't see any evidence that I2P team is different than Linux
orignal
kick out people contributing into the project for decades? easily
eyedeekay
I'm not interested in re-litigating this with you orignal I have like 16 jobs to do. I2P canon isn't blocking Russians and we're not blocking you.
orignal
banning Chinesses routers althrough there are bucng of Chinesse users in the netwrok? easily
orignal
eyedeekay ... for now
orignal
Russian people also believed in Linux's open source values
eyedeekay
I repeat, this feature will not reach canon I2P from I2P+, for as long as I am reviewing MR's
orignal
my point is simple
eyedeekay
Kaspersky didn't
orignal
you guys have chosen wrong way
orignal
eyedeekay thatnk you
orignal
so only I2P+ should be bypassed
orignal
and you know there are real people from China at Ilita
dr|z3d
if a user wants to block a country or list of countries, that's their choice to exercise.
snex
They should not be helped by the app
snex
Let them do it themselves
dr|z3d
of course, adding features that assist users in achieving a desired end result is bad.
dr|z3d
what absolute shit.
snex
It can be
snex
This is going to compromise anonymity
dr|z3d
there may be perfectly valid reasons to block specific countries. it's not my role to judge the validity of any such reasoning.
orignal
Kaspersky is KGBist
orignal
he is different story
snex
Sure and people can write their own code to do so
dr|z3d
can they? I don't see a huge swathe of java coders all contributing to the codebase.
orignal
or do it on network firewall
snex
There are infinite things people want - you shouldn’t code it all
snex
You should code things that benefit i2p
snex
Benefit more connections
snex
More connections = more protection
dr|z3d
Like I said, I'm not advocating blocking any country. I'm just providing an option.
snex
If Joe Biden tells me I need to block Iranian IPs I don’t want to have to obey him or for him to see I’m disobeying
orignal
btw have you noticed that Linux team even didn't try to apologize for Trovald's staement
orignal
snex Joe Biden told someone here to remove any mentioning of master/slave
orignal
and he did
orignal
without discussing it with anybody
dr|z3d
if Joe Biden doesn't want you talking to Iran, he won't make a request, he'll block all IPs at your isp. let's not get ridiculous.
orignal
again I2P project has very serious problems with attitude
orignal
by not following the values they declare
snex
Bullshit. Joe Biden will do whatever locks the most people in prison
dr|z3d
you're not so hot yourself, orignal. you want to turn everything you don't agree with into a culture war.
orignal
?
orignal
what an I wrong with?
orignal
didn't it happen to SAM 3.3?
orignal
is it my fanatsy?
orignal
did you guys block all Tor's exit node?
snex
We should adopt a philosophy of never facilitating blocking for arbitrary reasons. Only for demonstrably malicious behavior
orignal
snex that's exactly my point
eyedeekay
If that is the criteria then the Tor exit block should stand
orignal
banning by country soon will end up by baning by natinality
dr|z3d
some might say that a huge increase in bandwidth is demonstrably malicious, especially when they have data caps.
snex
I don’t know enough about tor to have a position on that
orignal
Linux is the prefect example
orignal
snex there were few eepiste running behind Tor
orignal
just FYI
snex
My site is available on clear web i2p and tor
orignal
eyedeekay it's not useless
snex
You don’t need an exit node for that
orignal
*now
orignal
I suspect that recent bandwidth increase is legitimate traffic
orignal
snex, the main problem that they make decidion without any dicussions
orignal
without reaearch, etc.
snex
Can this be made as a plug-in? Just do it that way if you really want it
orignal
as for me it really lead to broken network integrity
orignal
intead fighting together against goverment monkeys
orignal
why can't I2P just be neutral?
snex
There is no such thing
orignal
we i2pd don't participate any agenda
orignal
and don't make difference by country or nationality
snex
Everybody says that
orignal
I2P says "we do support LGBT"
snex
I bet if you could tell your user is African you’d block them lol
orignal
I2P renames master to primary
orignal
why would I?
orignal
deavmi run an i2pd router in Capetown
snex
I mean black African
orignal
another guy from Jamaika
orignal
he is black
orignal
what's a problem with it?
snex
You don’t like them lol
orignal
I'm not against blacks, I'm against BLM and agenda
orignal
that includes renaming master to primarty
orignal
no, I don't like criminal
dr|z3d
it's your users asking for country-level blocks, orignal
dr|z3d
"I discovered this yesterday while debugging my own I2P software. If I block those abnormal China peers (located in the strict country list but not enabling hidden mode), I can quickly and stably access the I2P network."
snex
So find what they are doing and block that behavior
snex
That’s a long term solution
orignal
thanks. answered
snex
If you block everything BUT those bad nodes maybe you can easier figure out what the nature of their attack is
snex
Like set up a router on a VPS for that purpose
orignal
IF it's an attack
orignal
rather than some p2p netwrok
snex
I mean just simple nmap on these IPs to see what they are
snex
I’m not home right now but last time I checked I had zero cn routers
snex
Send me a list of IPA
snex
IPs
snex
I will set one of my spare potatoes on it
snex
I’ve been meaning to turn one into a dedicated metasploit box anyway
dr|z3d
not a full list, but enough to chew on.
dr|z3d
let's see what the net effect is on transit traffic with cn blocked.
RN
each router is supposed to be untrusted.... I thought I read that somewhere in spec.... definately use the word untrusted, so if a router arbitrarily drops a particular country due to something the user configured or some firewall outside I2P where they block, that shouldn't be a reson to block a whole implementation
RN
rather a hot topic, but a lot of mixing up issues
RN
sure
snex
I still see no mention of people who like pineapple on pizza
RN
I agree the inclusion statement is poorly done, it also leaves out people who identify as extra-terestrials
RN
but that's a non issue compared to threats of blocking one of three implementations
RN
and as you said
RN
will lead to network splits and fragmentation and degredation for all
dr|z3d
worry not, RN, he can't do it.
dr|z3d
for all his tub thumping, it's a non-issue.
dr|z3d
and you can't foresee all possible scenarios where blocking specific countries might be legitimate. who are we to decide what's best for a specific user?
snex
Maybe you want to ban all IPs that start with 56
snex
Let’s add that too
dr|z3d
you already can. go nuts.
RealyNot-alice
hahaha
snex
You can already ban China too. Don’t need in-app
dr|z3d
don't need it? don't use it. no one's telling you to.
RealyNot-alice
putting the power in the hands of the user is usually a good thing, though sometiems users do dumb things - I know I have over the years
RealyNot-alice
as long as it is off by default I don't see a problem
RealyNot-alice
unless over-adoption causes issues
RealyNot-alice
but like snex said
RealyNot-alice
you can block whatever you define, outside of I2P itself
RealyNot-alice
I don't see the problem
RealyNot-alice
aside from potential users screwing up their own setup
dr|z3d
sure you can, but maybe you don't want to block ALL traffic from a given country at the firewall, maybe you ONLY want to block it in i2p.
RealyNot-alice
get a more fancy firewall
RealyNot-alice
LOL
RealyNot-alice
but yeah, I don't hate the feature as long as it is off by default, and testing is done over time to identify any issues it may introduce
dr|z3d
like I said, it's disabled by default, you have to add a config line to router.config or /configadvanced if in adv. mode to enable. it's niche.
RealyNot-alice
so... just tell firewall to block all traffic on [secret I2P router port] from [blocklist-country + blocklist-other]
RealyNot-alice
but that is one user
RTP
Just like hardly anyone bans exit nodes by region on tor, I highly doubt over adoption would be an issue. But that's an opinion. The number of actively discriminating users is likely very low. JMO.
RealyNot-alice
and firewall external to I2P
RealyNot-alice
verry verry verry low
dr|z3d
sure, it's not impossible to block i2p traffic from country x at the firewall, but it requires more knowledge to implement and maintain.
RealyNot-alice
sure
RealyNot-alice
your feature makes it easy
RealyNot-alice
assuming you want to block same-country, the user case of which I understand
snex
It should be hard
RealyNot-alice
snex, do you think, should it also be hard to block your android device from phoning home to google without breaking functionality?
RealyNot-alice
snex, do you also think it should be hard to fix your commercial farm equipment from rejecting an after market part and self bricking?
snex
I think google should make it hard because to google and google lovers that makes their ecosystem work.
snex
And graphene should make it easy because graphene users want to not do that
snex
Same answer for farm gear
RealyNot-alice
and, re: JohnDeere et al
RealyNot-alice
hmmm
RealyNot-alice
good thing farming isn't a big part of nevada's voting population
snex
Private companies can do what they want and you can not buy it or hack it and release stuff OSS
snex
If farmers saw enough benefit to hacking gear they’d be doing it
RealyNot-alice
I come from the MAKER philosophy
RealyNot-alice
once I buy it, I should be free to reverse engineer it and or replace parts
RealyNot-alice
I mean if there was a decent standard of assumed warranty and expected lifespan, and repairs within that default warranty were mostly free to the buyer
RealyNot-alice
things would be a little different
snex
You are free to do that. And Deere is free to void warranties and not help you when you fuck up
RealyNot-alice
obv if I buy a transmitter, and change a part making it too powerfull for my local laws, that's on me
RealyNot-alice
but they don't just void warranty, a non manufacturer part that works identical is cause for the system to self brink
RealyNot-alice
think of printer cartridges
RealyNot-alice
and HP wanting to keep everyon hooked on their toner
snex
That’s on you to work around. They can make it however they want
RealyNot-alice
well the farm equip thing is taken to extreemes
dr|z3d
I'm all for empowering the user. It's not my job to enforce arbitary limits.
RealyNot-alice
I mean I rmember copy protection on floppy disks
RealyNot-alice
but that wasn't that hard to bypass, but if you got caught as the source of bootlegs, you faced steep penalties imposed by the copywrong-mongers
RealyNot-alice
but back then, it was like hacking the global (landline) telephone network
RealyNot-alice
phreaking
snex
Farmers make bank let’s not feel bad about their plight. It’s not some John mellencamp shit
dr|z3d
the point RN was making is that arbitrary limits imposed on the user because the manufacturer says so are, per se, bad.
snex
They’re not bad
snex
They just are. Buy or don’t buy
dr|z3d
I buy an HP printer. I use my own 3rd party ink cartridges. No problem. And then I get an over-the-air update for my printer and now I can't use 3rd party cartridges. Bad. Not acceptable.
snex
You agreed to the TOS
snex
They said this would be possible
snex
You can block it from phoning home
snex
Make OSS firmware
dr|z3d
Besides, adding a feature isn't enforcing an arbitrary limit, it's removing an arbitrary limit should the user decide they want to use said feature. I really don't know what the issue is.
snex
The feature is opposed to what i2p is all about
dr|z3d
No, it's not. Like RN told you, the whole premise of I2P is "no trusted parties".
dr|z3d
If I decide I don't want to trust routers from China or anywhere else, that's my choice.
snex
Ok so block everyone
snex
Trust does not mean allow connections from
dr|z3d
equally, if I want a permissive policy that doesn't block any routers, that's ALSO my choice.
snex
Trust means they can always send garbage data
snex
And we always check the data
dr|z3d
you see, you're not being forced to do anything. you're being given an option.
snex
Trustless means we connect to any peer because we can handle garbage data
dr|z3d
how anyone chooses to exercise that option is, frankly, none of your business.
snex
So why are you helping them?
snex
If I want to block routers run by gay people, it’s on me to write that code
dr|z3d
it's called "empowerment". it's none of my business either.
snex
That code doesn’t belong in the app
snex
The app should do what the app does
snex
Extra shit is for plugins or users to do themselves
dr|z3d
they may have legitimate reasons for wanting to block countries. who am I to deny them the option because I don't have any?
dr|z3d
we also give users the option to avoid routers for our own traffic that don't meet published bandwidth requirements. you could complain about that too if you like.
snex
I want to be able to block routers run by gay people
snex
They might infect me with the gay
dr|z3d
I can't take you seriously, sorry.
snex
It’s just as valid a feature as block by country
dr|z3d
And it's not your place to determine what should or shouldn't be available in a given implementation, unless you happen to be the lead developer on that implementation.
dr|z3d
Last time I looked, you didn't have your own I2P implementation.
snex
It’s the place of users to say why ideas seem good or bad
dr|z3d
you're welcome to express an opinion.
dr|z3d
but please don't tell me that feature x doesn't belong and should be a plugin.
dr|z3d
my code, my rules. that's the bottom line.
dr|z3d
I've never shied away from sound advice; I welcome it.
dr|z3d
otoh, when people start talking about coding up a solution to block routers run by gay people, I'll just laugh in their face.
snex
You are taking this personally (and so is original)
dr|z3d
back to the original subject, since enabling cn blocks on a fast router, for just over 2h uptime, ~615 blocked routers.
dr|z3d
it would be extremely naive to believe that the recent appearance of CN routers is some benign p2p network.
snex
Sure but if we just do a cn block instead of learn the behavior maybe they will just move somewhere else
dr|z3d
the behavior appears to be resource exhaustion. besides, it's not a default block. it's something you have to enable. most people won't.
orignal
what did I miss?
dr|z3d
free chocolate potato chips and a carton of juice.
dr|z3d
latest hypothesis: chinese routers are attempting to disrupt the store / distribution of leasesets.
orignal
but they are 0.9.58
orignal
how can they do it?))
dr|z3d
that's a good question.
orignal
but who is attacking 2RRY's hosting?
orignal
They said 1Tb/s
dr|z3d
ask your service provider. how would we know?
dr|z3d
they must have some insight as to where the traffic's coming from.
orignal
their whole netwrok is under attack not just 2RRY
dr|z3d
right, so I ask again, how would _we_ know?
orignal
we don't
orignal
just thier statment
uop23ip
dr|z3d, have you ever tested to ban K,L,M,N,O routers or only have X? Had it any benefits regarding speed for torrents or in general (browsing, connection/tunnel reliability?
snex
so these chinese IPs all seem to be compromised windows boxes... i think its a botnet
dr|z3d
uop23ip: worth a try.. you may see better speeds, maybe not.
dr|z3d
snex: no surprise there.
dr|z3d
uop23ip: your tunnels may be faster, but obviously you'll still be held up by the slowest router in the other router's tunnels.
snex
the web servers seem to be default installs with no content, at least the ones i checked
dr|z3d
looks like windows server all over, IIS comes as standard.
uop23ip
i can try this by myself?
dr|z3d
you can
uop23ip
oh god
uop23ip
an option?
uop23ip
:)
dr|z3d
check the advanced settings page under /help/
snex
some of these are even running ftp or telnet lol
orignal
IIS? like this l5exwwo2ev2jmz64ku6al4vgsmmamxpk4bczsdkt5u45nizh3fia.b32.i2p )))
dr|z3d
IIS like this: 120.77.62.104
orignal
that one is mine ))
snex
telnet 120.25.254.215 17
snex
theres a fun one
snex
not sure how viable it would be to run scams on peers and ban ones that look compromised
orignal
I use IIS sometimes
orignal
because I know how to use it since 90s
orignal
on Windows NT
snex
interesting idea for eepsite.. scan all known peers and maintain scores for them. routers can subscribe to it for ban list
uop23ip
found it router.excludePeerCaps={netDBcaps} Great, thanks dr|z3d. I guess it is not possible that snark/app can "demand" X's only tunnels?
dr|z3d
uop23ip: no. it's all or nothing.