IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/10/26
dr|z3d ok, new + feature about to land: router.blockCountries={countrycode1,countrycode2}
dr|z3d if you want to block requests from all chinese routers, for example, router.blockCountries=cn will engage a block and an 8 hour ban as soon as a direct transit request is made by a router in the specified country.
dr|z3d net.i2p.router.tunnel.pool.RequestThrottler=WARN on /configlogging will log blocks if you decide to enable. let me know how you get on if you do.
dr|z3d ETA 5m.
snex Seems racist
orignal how about NTCP2 and SSU2 connections?
dr|z3d shut up, snex
dr|z3d *** laughs ***
dr|z3d hmm, orignal?
orignal is it a market of i2p+ routers to explude the from a tunnel?
orignal if you received an incoming connectionb from China
orignal would you accept it?
orignal *marker
dr|z3d by default, we accept all connections.
dr|z3d unless hidden mode or strict country, then we reject connections from same country.
orignal can you publish this setting in RI?
orignal telling the network that you don't accept tunnels
dr|z3d that would be something to roll out globally after consultation.
dr|z3d discuss.i2p/viewtopic.php?p=561 (I'm not suggesting blocking routers from any country, but there's obviously a demand)
orignal if you do it I will try nto exalude I2P+ from tunnels completely
dr|z3d why would you do that?
dr|z3d and that seems like a disincentive for publishing country-level blocks to the routerinfo.
orignal_ I agree with snex
orignal_ it's not better that behaviour of Linux's assholes
dr|z3d coming from you that means abssolutely nothing, sorry.
snex It’s going to lead to stupid net splits
orignal_ I'm not going to try to build a tunnel through a routers that bans participants for it's own reason
dr|z3d it's not meant to encourage arbitary blocking, it's meant to serve as an additional measure to block either hostile countries (if you happen to be in one), or countries that are demonstrably the source of ongoing network attacks.
snex And then routers that don’t block will get doxxed
orignal_ either you publish this info or we will bypass all I2P+
dr|z3d *** laughs ***
orignal_ today is China tommorow is who?
orignal_ Russia because sanctions?
dr|z3d Iran, perhaps?
orignal_ as this moron TGorvalds said
dr|z3d I'm not advocating blocking any country. It's an option is all.
snex If you allow blocking then it’s not long before governments require it
orignal and it's clear that i2pd is not going to do it
orignal ok. Linux moron start with renaming master/slave in the code
orignal sounds familiar?
dr|z3d totally different.
orignal not they kicked our Russian contributor based on ethnicity
dr|z3d the impetus for allowing country-level blocks is the current Chinese attack. I doubt whether most people will bother with blocking, but it's an available option.
snex Why are we even geo tracking in the first place
snex Just because we can?
snex Is there any genuine benefit?
eyedeekay So that routers in countries where it is illegal for people to route, don't
snex Isn’t that their problem?
orignal different?
snex They should be allowed to defy their governments if they want
orignal did someone here changed MASTER to PRIMARY?
snex We should not be helping the oppressive governments
eyedeekay And they can, but they'll have to opt into it
eyedeekay We're not. We're keeping innocent people who don't know better from getting arrested.
orignal then ban all Russians is the next logical step
orignal I don't see why it's different
snex Just put a warning to check laws
dr|z3d orignal: you seem to be conflating a bunch of different topics just for effect.
orignal and the last step is Torvald's statement
orignal I guess Nazi is going to make it
orignal how he hates Russians because he is Geman
orignal *German
orignal different
orignal why do you think so?
eyedeekay For one thing, Java I2P isn't blocking anybody by country and doesn't intend to. Sorry dr|zed but I don't see upstreaming that feature.
orignal Linux also started with remnaming "master/slave"
dr|z3d we're not helping oppressive governments, we're helping people that decide they want to run routers in oppressive countries. it's a subtle difference.
eyedeekay For another thing, not publishing a routerInfo directly is very different from blocking people
orignal not they have few millions haters
eyedeekay The person to whom you are referring does not make those decisions
dr|z3d eyedeekay: I wasn't going to propose it for upstreaming.
snex I2p users are not oppressive governments though
eyedeekay Just making it clear to orignal
snex If anything you should block government IPs
orignal then who remnamed MASTER to PRIMARY?
orignal Aliens from Mars?
orignal eyedeekay the person I'm refeering to call you project LGBT-I2P
eyedeekay Have you implemented either yet?
orignal he doesn't make decisions
eyedeekay No, he doesn't
orignal if he doesn't why this sgameful statement is still there?
orignal shameful
orignal zlatin said he is an I2P's Linus Torvalds
orignal and I tend to agree
eyedeekay Because I have better things to do than to rewrite it to suit your or zlatin's tastes
orignal everybody agree that statment is wrong
orignal but it's still there
orignal making very negative impression about whole I2P project
orignal and based on this I don't see any evidence that I2P team is different than Linux
orignal kick out people contributing into the project for decades? easily
eyedeekay I'm not interested in re-litigating this with you orignal I have like 16 jobs to do. I2P canon isn't blocking Russians and we're not blocking you.
orignal banning Chinesses routers althrough there are bucng of Chinesse users in the netwrok? easily
orignal eyedeekay ... for now
orignal Russian people also believed in Linux's open source values
eyedeekay I repeat, this feature will not reach canon I2P from I2P+, for as long as I am reviewing MR's
orignal my point is simple
eyedeekay Kaspersky didn't
orignal you guys have chosen wrong way
orignal eyedeekay thatnk you
orignal so only I2P+ should be bypassed
orignal and you know there are real people from China at Ilita
dr|z3d if a user wants to block a country or list of countries, that's their choice to exercise.
snex They should not be helped by the app
snex Let them do it themselves
dr|z3d of course, adding features that assist users in achieving a desired end result is bad.
dr|z3d what absolute shit.
snex It can be
snex This is going to compromise anonymity
dr|z3d there may be perfectly valid reasons to block specific countries. it's not my role to judge the validity of any such reasoning.
orignal Kaspersky is KGBist
orignal he is different story
snex Sure and people can write their own code to do so
dr|z3d can they? I don't see a huge swathe of java coders all contributing to the codebase.
orignal or do it on network firewall
snex There are infinite things people want - you shouldn’t code it all
snex You should code things that benefit i2p
snex Benefit more connections
snex More connections = more protection
dr|z3d Like I said, I'm not advocating blocking any country. I'm just providing an option.
snex If Joe Biden tells me I need to block Iranian IPs I don’t want to have to obey him or for him to see I’m disobeying
orignal btw have you noticed that Linux team even didn't try to apologize for Trovald's staement
orignal snex Joe Biden told someone here to remove any mentioning of master/slave
orignal and he did
orignal without discussing it with anybody
dr|z3d if Joe Biden doesn't want you talking to Iran, he won't make a request, he'll block all IPs at your isp. let's not get ridiculous.
orignal again I2P project has very serious problems with attitude
orignal by not following the values they declare
snex Bullshit. Joe Biden will do whatever locks the most people in prison
dr|z3d you're not so hot yourself, orignal. you want to turn everything you don't agree with into a culture war.
orignal what an I wrong with?
orignal didn't it happen to SAM 3.3?
orignal is it my fanatsy?
orignal did you guys block all Tor's exit node?
snex We should adopt a philosophy of never facilitating blocking for arbitrary reasons. Only for demonstrably malicious behavior
orignal snex that's exactly my point
eyedeekay If that is the criteria then the Tor exit block should stand
orignal banning by country soon will end up by baning by natinality
dr|z3d some might say that a huge increase in bandwidth is demonstrably malicious, especially when they have data caps.
snex I don’t know enough about tor to have a position on that
orignal Linux is the prefect example
orignal snex there were few eepiste running behind Tor
orignal just FYI
snex My site is available on clear web i2p and tor
orignal eyedeekay it's not useless
snex You don’t need an exit node for that
orignal I suspect that recent bandwidth increase is legitimate traffic
orignal snex, the main problem that they make decidion without any dicussions
orignal without reaearch, etc.
snex Can this be made as a plug-in? Just do it that way if you really want it
orignal as for me it really lead to broken network integrity
orignal intead fighting together against goverment monkeys
orignal why can't I2P just be neutral?
snex There is no such thing
orignal we i2pd don't participate any agenda
orignal and don't make difference by country or nationality
snex Everybody says that
orignal I2P says "we do support LGBT"
snex I bet if you could tell your user is African you’d block them lol
orignal I2P renames master to primary
orignal why would I?
orignal deavmi run an i2pd router in Capetown
snex I mean black African
orignal another guy from Jamaika
orignal he is black
orignal what's a problem with it?
snex You don’t like them lol
orignal I'm not against blacks, I'm against BLM and agenda
orignal that includes renaming master to primarty
orignal no, I don't like criminal
dr|z3d it's your users asking for country-level blocks, orignal
dr|z3d "I discovered this yesterday while debugging my own I2P software. If I block those abnormal China peers (located in the strict country list but not enabling hidden mode), I can quickly and stably access the I2P network."
snex So find what they are doing and block that behavior
snex That’s a long term solution
orignal thanks. answered
snex If you block everything BUT those bad nodes maybe you can easier figure out what the nature of their attack is
snex Like set up a router on a VPS for that purpose
orignal IF it's an attack
orignal rather than some p2p netwrok
snex I mean just simple nmap on these IPs to see what they are
snex I’m not home right now but last time I checked I had zero cn routers
snex Send me a list of IPA
snex IPs
snex I will set one of my spare potatoes on it
snex I’ve been meaning to turn one into a dedicated metasploit box anyway
dr|z3d not a full list, but enough to chew on.
dr|z3d let's see what the net effect is on transit traffic with cn blocked.
RN each router is supposed to be untrusted.... I thought I read that somewhere in spec.... definately use the word untrusted, so if a router arbitrarily drops a particular country due to something the user configured or some firewall outside I2P where they block, that shouldn't be a reson to block a whole implementation
RN rather a hot topic, but a lot of mixing up issues
RN sure
snex I still see no mention of people who like pineapple on pizza
RN I agree the inclusion statement is poorly done, it also leaves out people who identify as extra-terestrials
RN but that's a non issue compared to threats of blocking one of three implementations
RN and as you said
RN will lead to network splits and fragmentation and degredation for all
dr|z3d worry not, RN, he can't do it.
dr|z3d for all his tub thumping, it's a non-issue.
dr|z3d and you can't foresee all possible scenarios where blocking specific countries might be legitimate. who are we to decide what's best for a specific user?
snex Maybe you want to ban all IPs that start with 56
snex Let’s add that too
dr|z3d you already can. go nuts.
snex You can already ban China too. Don’t need in-app
dr|z3d don't need it? don't use it. no one's telling you to.
RealyNot-alice putting the power in the hands of the user is usually a good thing, though sometiems users do dumb things - I know I have over the years
RealyNot-alice as long as it is off by default I don't see a problem
RealyNot-alice unless over-adoption causes issues
RealyNot-alice but like snex said
RealyNot-alice you can block whatever you define, outside of I2P itself
RealyNot-alice I don't see the problem
RealyNot-alice aside from potential users screwing up their own setup
dr|z3d sure you can, but maybe you don't want to block ALL traffic from a given country at the firewall, maybe you ONLY want to block it in i2p.
RealyNot-alice get a more fancy firewall
RealyNot-alice but yeah, I don't hate the feature as long as it is off by default, and testing is done over time to identify any issues it may introduce
dr|z3d like I said, it's disabled by default, you have to add a config line to router.config or /configadvanced if in adv. mode to enable. it's niche.
RealyNot-alice so... just tell firewall to block all traffic on [secret I2P router port] from [blocklist-country + blocklist-other]
RealyNot-alice but that is one user
RTP Just like hardly anyone bans exit nodes by region on tor, I highly doubt over adoption would be an issue. But that's an opinion. The number of actively discriminating users is likely very low. JMO.
RealyNot-alice and firewall external to I2P
RealyNot-alice verry verry verry low
dr|z3d sure, it's not impossible to block i2p traffic from country x at the firewall, but it requires more knowledge to implement and maintain.
RealyNot-alice your feature makes it easy
RealyNot-alice assuming you want to block same-country, the user case of which I understand
snex It should be hard
RealyNot-alice snex, do you think, should it also be hard to block your android device from phoning home to google without breaking functionality?
RealyNot-alice snex, do you also think it should be hard to fix your commercial farm equipment from rejecting an after market part and self bricking?
snex I think google should make it hard because to google and google lovers that makes their ecosystem work.
snex And graphene should make it easy because graphene users want to not do that
snex Same answer for farm gear
RealyNot-alice and, re: JohnDeere et al
RealyNot-alice good thing farming isn't a big part of nevada's voting population
snex Private companies can do what they want and you can not buy it or hack it and release stuff OSS
snex If farmers saw enough benefit to hacking gear they’d be doing it
RealyNot-alice I come from the MAKER philosophy
RealyNot-alice once I buy it, I should be free to reverse engineer it and or replace parts
RealyNot-alice I mean if there was a decent standard of assumed warranty and expected lifespan, and repairs within that default warranty were mostly free to the buyer
RealyNot-alice things would be a little different
snex You are free to do that. And Deere is free to void warranties and not help you when you fuck up
RealyNot-alice obv if I buy a transmitter, and change a part making it too powerfull for my local laws, that's on me
RealyNot-alice but they don't just void warranty, a non manufacturer part that works identical is cause for the system to self brink
RealyNot-alice think of printer cartridges
RealyNot-alice and HP wanting to keep everyon hooked on their toner
snex That’s on you to work around. They can make it however they want
RealyNot-alice well the farm equip thing is taken to extreemes
dr|z3d I'm all for empowering the user. It's not my job to enforce arbitary limits.
RealyNot-alice I mean I rmember copy protection on floppy disks
RealyNot-alice but that wasn't that hard to bypass, but if you got caught as the source of bootlegs, you faced steep penalties imposed by the copywrong-mongers
RealyNot-alice but back then, it was like hacking the global (landline) telephone network
snex Farmers make bank let’s not feel bad about their plight. It’s not some John mellencamp shit
dr|z3d the point RN was making is that arbitrary limits imposed on the user because the manufacturer says so are, per se, bad.
snex They’re not bad
snex They just are. Buy or don’t buy
dr|z3d I buy an HP printer. I use my own 3rd party ink cartridges. No problem. And then I get an over-the-air update for my printer and now I can't use 3rd party cartridges. Bad. Not acceptable.
snex You agreed to the TOS
snex They said this would be possible
snex You can block it from phoning home
snex Make OSS firmware
dr|z3d Besides, adding a feature isn't enforcing an arbitrary limit, it's removing an arbitrary limit should the user decide they want to use said feature. I really don't know what the issue is.
snex The feature is opposed to what i2p is all about
dr|z3d No, it's not. Like RN told you, the whole premise of I2P is "no trusted parties".
dr|z3d If I decide I don't want to trust routers from China or anywhere else, that's my choice.
snex Ok so block everyone
snex Trust does not mean allow connections from
dr|z3d equally, if I want a permissive policy that doesn't block any routers, that's ALSO my choice.
snex Trust means they can always send garbage data
snex And we always check the data
dr|z3d you see, you're not being forced to do anything. you're being given an option.
snex Trustless means we connect to any peer because we can handle garbage data
dr|z3d how anyone chooses to exercise that option is, frankly, none of your business.
snex So why are you helping them?
snex If I want to block routers run by gay people, it’s on me to write that code
dr|z3d it's called "empowerment". it's none of my business either.
snex That code doesn’t belong in the app
snex The app should do what the app does
snex Extra shit is for plugins or users to do themselves
dr|z3d they may have legitimate reasons for wanting to block countries. who am I to deny them the option because I don't have any?
dr|z3d we also give users the option to avoid routers for our own traffic that don't meet published bandwidth requirements. you could complain about that too if you like.
snex I want to be able to block routers run by gay people
snex They might infect me with the gay
dr|z3d I can't take you seriously, sorry.
snex It’s just as valid a feature as block by country
dr|z3d And it's not your place to determine what should or shouldn't be available in a given implementation, unless you happen to be the lead developer on that implementation.
dr|z3d Last time I looked, you didn't have your own I2P implementation.
snex It’s the place of users to say why ideas seem good or bad
dr|z3d you're welcome to express an opinion.
dr|z3d but please don't tell me that feature x doesn't belong and should be a plugin.
dr|z3d my code, my rules. that's the bottom line.
dr|z3d I've never shied away from sound advice; I welcome it.
dr|z3d otoh, when people start talking about coding up a solution to block routers run by gay people, I'll just laugh in their face.
snex You are taking this personally (and so is original)
dr|z3d back to the original subject, since enabling cn blocks on a fast router, for just over 2h uptime, ~615 blocked routers.
dr|z3d it would be extremely naive to believe that the recent appearance of CN routers is some benign p2p network.
snex Sure but if we just do a cn block instead of learn the behavior maybe they will just move somewhere else
dr|z3d the behavior appears to be resource exhaustion. besides, it's not a default block. it's something you have to enable. most people won't.
orignal what did I miss?
dr|z3d free chocolate potato chips and a carton of juice.
dr|z3d latest hypothesis: chinese routers are attempting to disrupt the store / distribution of leasesets.
orignal but they are 0.9.58
orignal how can they do it?))
dr|z3d that's a good question.
orignal but who is attacking 2RRY's hosting?
orignal They said 1Tb/s
dr|z3d ask your service provider. how would we know?
dr|z3d they must have some insight as to where the traffic's coming from.
orignal their whole netwrok is under attack not just 2RRY
dr|z3d right, so I ask again, how would _we_ know?
orignal we don't
orignal just thier statment
uop23ip dr|z3d, have you ever tested to ban K,L,M,N,O routers or only have X? Had it any benefits regarding speed for torrents or in general (browsing, connection/tunnel reliability?
snex so these chinese IPs all seem to be compromised windows boxes... i think its a botnet
dr|z3d uop23ip: worth a try.. you may see better speeds, maybe not.
dr|z3d snex: no surprise there.
dr|z3d uop23ip: your tunnels may be faster, but obviously you'll still be held up by the slowest router in the other router's tunnels.
snex the web servers seem to be default installs with no content, at least the ones i checked
dr|z3d looks like windows server all over, IIS comes as standard.
uop23ip i can try this by myself?
dr|z3d you can
uop23ip oh god
uop23ip an option?
dr|z3d check the advanced settings page under /help/
snex some of these are even running ftp or telnet lol
dr|z3d IIS like this: 120.77.62.104
orignal that one is mine ))
snex telnet 120.25.254.215 17
snex theres a fun one
snex not sure how viable it would be to run scams on peers and ban ones that look compromised
orignal I use IIS sometimes
orignal because I know how to use it since 90s
orignal on Windows NT
snex interesting idea for eepsite.. scan all known peers and maintain scores for them. routers can subscribe to it for ban list
uop23ip found it router.excludePeerCaps={netDBcaps} Great, thanks dr|z3d. I guess it is not possible that snark/app can "demand" X's only tunnels?
dr|z3d uop23ip: no. it's all or nothing.