IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/11/05
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@T3s|4_
@eyedeekay
@not_bob
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Over
+Xeha
+bak83
+cumlord
+hk
+onon_
+poriori
+profetikla
+r00tobo
+uop23ip
+weko
An0nm0n
Arch
Danny
DeltaOreo
Irc2PGuest53061
Irc2PGuest57148
Irc2PGuest60340
Irc2PGuest99578
Meow
Nausicaa
Onn4l7h
Onn4|7h
acetone_
anon3
anu
boonst
carried6590
mareki2pb
plap
shiver_
simprelay
solidx66
thetia
u5657
orignal use case?
orignal some guys want more anonymity
orignal assuming it's harder to track an address if tunnels keep changes every 10 minutes
orignal nice ))
orignal per router is not good idea
orignal because an adversary can notice that LeaseSets always chage tunnel gateways
orignal and make a conclusion that few LeaseSets are located on the same router
dr|z3d ok, sounds like per dest would be handy.
orignal change interval after decline to 5.5. minutes
dr|z3d good. that'll work nice.
orignal and 1.5 hours max
dr|z3d max being? the max time before you retry requests from a router that prev rejected you?
orignal if last decline was more that 1.5 hours ago
orignal router can be used for new tunnel
dr|z3d good work.
orignal declined again? 1.5 hours more
dr|z3d so how do you switch from waiting for 5.5m to 1.5 hours?
dr|z3d what's the threshold?
orignal 5.5 minutes means I never select one
dr|z3d never select one? not sure what you mean.
orignal between 5.5 minutes and 1.5 hours it's based on success rate
orignal if router declined tunnel withput 5.5. minute
dr|z3d well, should work a lot better with java.
orignal I don't try it for next tunnel
orignal then the decision is based on rate
orignal after 1.5 hours from last decline I consider it as non-declining
orignal and can try next tunnel
dr|z3d sounds good to me.
RN progress!
dr|z3d 15 of these recently, zzz: RouterInfo [QzBAjh] has INVALID signature .. guess that's what you're investigating?
dr|z3d it's called "xanax for orignal" RN :)
orignal what?
dr|z3d yes, orignal.
dr|z3d *** chuckles. ***
orignal plese be more concrete
dr|z3d zzz gave you some digital xanax.
dr|z3d (his fucked family cert commit)
orignal what about it?
dr|z3d and nothing.
dr|z3d maybe we can put the issue to bed now.
orignal then I'm shrimp
orignal with 2RRY?
orignal since he has made the change yes
dr|z3d you're shrimp?
orignal finnaly the bug was resolved
orignal you don't know this Russian slang ))
dr|z3d no, I don't. :)
orignal "йа креведко"
dr|z3d which means?
dr|z3d "I'm as happy as a shrimp in a salad?"
orignal means "I'm so dumb that I understand nothing"
dr|z3d "clueless"
orignal enjoy ))
dr|z3d still waiting for you to deploy your puppy avatar...
dr|z3d You want to watch District9, orignal, if you haven't seen it.
orignal about ZA?
dr|z3d about shrimps.
orignal yes allien shirmps in JBurg
orignal right?
dr|z3d that's the one.
orignal I have one in Russian
orignal but I looked at somthing else in this movie
orignal the boer's world
orignal look at people there
dr|z3d not sure what you mean
orignal do you know what's going on in JBurg now?
orignal fauna hijacked all hi-rise buildings
orignal and shit into elevator shafts
orignal the movie is about an alternative history or ZA
dr|z3d I wasn't aware, no.
orignal the main characters are boers
dr|z3d You're talking about a different movie, "Boer's World" ?
orignal in JBurg
orignal no. District 9
orignal look at the people there
dr|z3d right, Boers being South Africans of Dutch descent, presumably?
orignal see their color?
orignal but no boers in JBurg nodays
dr|z3d you holiday there?
orignal they remained only in Capetown
dr|z3d in Jburg.
dr|z3d Just curious. You seem to have insider info :)
orignal I know from people
dr|z3d *** chuckles. ***
orignal I'm in touch with boers
orignal Elon Musk
dr|z3d You're in touch with Elon?
dr|z3d Is he running i2pd?
orignal he was born in Pretoria
orignal as you know
orignal guess why did his family leave ZA?
orignal Ububtu guy
orignal what has happened to him?
dr|z3d He's over in London now, no?
orignal so in Distrct 9 you see ZA of Elon Musk and Ubuntu
orignal yes, he is
orignal but he is there?
orignal why did he leave ZA?>
dr|z3d No idea, not in touch with many Boers myself :)
orignal if you are really interested
dr|z3d They probably left ZA because the climate became hostile.
orignal looj for a movie called "White cross of ZA"
orignal no they left after 1994
dr|z3d big fish, small pond, find bigger pond, grow more.
orignal they left ZA to not see this
dr|z3d let's not go there, thanks.
orignal that's real video from Durban
orignal like 2 years ago
dr|z3d I visited animal once. That was one time too many. Never again.
orignal if you don't want to go there find "White cross of ZA"
orignal it was on yourtube
orignal but was removed from there
orignal google doesn't like truth
orignal film made by Russian reporters
dr|z3d RT reporters?
orignal about what's really going on in ZA now
orignal no. 1st channel
dr|z3d is that another kremlin-owned propaganda vehicle?
orignal boers said what was shown there is trurth
orignal propaganda of what?
orignal so District 9 is about ZA before 1994
orignal real ZA is in white cross
dr|z3d any tv station owned or overseen by the kremlin (all of them in Russia) are propaganda vehicles. maybe that's why youtube banned your video?
orignal no youtube banned it because it doesn't match theier agenda
orignal because people can open thier eyes
orignal what can happen to a country with nucler bobm and space sattelite
orignal if you give the power to fauna
dr|z3d so we should give power to flora then?
orignal you know what I mean
orignal want ZA like in District 9? Never give power to fauna
orignal they ruin everything
orignal and the pendullum is changing it's direction now
orignal Nazi calls me old white racists
orignal but I never was involved in that BLM/DEI/LGBT shit
orignal and was always consistent in my opinion
dr|z3d I know what you're trying to say, yes.
dr|z3d sometimes opinions are best when they're not expressed :)
orignal that's why we use I2P
orignal the place where is can freely express any opinion
dr|z3d speaking of using i2p, I bet you still have got I2PSnark+ working yet.
orignal how I2P people is going to wash themselves from this shame, idk
orignal no, my project is i2pd
orignal and it works well
dr|z3d Snark, not I2P+
dr|z3d it was always "will do it tomorrow". about 3 months ago.
orignal don't have time to play with snark now
orignal it's even not running
orignal too many other things to do
orignal here you go
orignal white cross of africa
orignal but in Russian only
dr|z3d maybe later.
orignal when you have time
orignal and thing why no english version there
orignal *think
dr|z3d attack seems to have calmed down right now?
dr|z3d no doubt it'll ramp up again soon enough.
dr|z3d do you talk to "monkey" ?
dr|z3d another dodgy router: dT50jTIPtC9fFD7NnXCmz8HGiAZuRT-~re~JagmO6mo= [169.150.227.198]
dr|z3d so yeah, orignal, I see the IPs of these routers, just not in the console routerinfo display
orignal is it Tor or not?
orignal no, I don't talk to monkeys I just see on my routers
dr|z3d I don't think so.
orignal what's a reason to use proxy ?
orignal maybe this related
dr|z3d so that ip geo-locates to Israel, but is registered to a private user in Prague.
orignal do you see NTCP2 ot SSU2?
dr|z3d both.
dr|z3d running java.
orignal so SSU2 works too?
dr|z3d routerinfo says yes.
orignal no I'm asking about XG
orignal with caps=46
dr|z3d I'm talking about the XG router mentioned above.
dr|z3d with caps 46.
orignal can Java publush RI without R or U cap?
dr|z3d Addresses:
dr|z3d NTCP2 caps: 46 s: qsJWhskQmAK3JzzvXFn1ZcblELMWTO9KHBBP-2EKE20= SSU2 caps: 46 MTU: 1478 i: OOzrhbRkX3GN9eZu5tXkm3T13oFBeazMwBCuBd-KU6w= s: rrkt9ZvhkAwhLxqgPSG1EpW
orignal I don't think so
orignal why do you think it's Java?
dr|z3d Cost 14/15. Smells like Java.
dr|z3d I even have a little I2P icon in my console that indicates it's probably Java :)
orignal const uint8_t COST_NTCP2_NON_PUBLISHED = 14;
orignal const uint8_t COST_SSU2_NON_PUBLISHED = 15;
orignal it's i2pd
orignal connecting though proxy
dr|z3d ok, need to update my java detection.
orignal my question is
orignal if you see real SSU2 connections
orignal or monkey just publishes it
orignal if you see real SSU2 connection
dr|z3d can't tell you right now, it hits a certain threshold and then gets banned.
orignal most likely it's shadowsocks
orignal maybe even from that guy in the issue
dr|z3d probably because it's not respecting transit request limits.
orignal if it's NTCP2 only
orignal most likely it's Tor
dr|z3d Sure.
dr|z3d Not Tor.
orignal then proxy that doesn't support UDP
orignal something new than'
dr|z3d that ip address looks like it's doing a lot of ownership obfuscation all by itself.
orignal why one needs proxy?
dr|z3d registration in cz, .co.uk abuse address, israeli geolocation.
orignal we need to understand what kind of proxy is it
orignal without attack 2RRY still has lack of trasit
orignal Transit: 1345.37 GiB (984.57 KiB/s)
dr|z3d yeah, seeing a steady 1-1.5MB/s on one router.
orignal usually it was around 3 Mbs
dr|z3d maybe your provider's still get hit.
orignal I don't think so
orignal Java routers still bypass me
dr|z3d we're not fully upgraded on the network yet, ~55% or thereabouts?
dr|z3d here's another XG for you: pzKFy7HQfcmVWi-vRoebaOYOaloGakJwVlW5EmRJOts=
dr|z3d NTCP/SSU
orignal and also 46?
orignal I see they all use the same config
dr|z3d I think they're getting banned here (mostly) because they're not respecting request rejections and just keep on spamming requests, so maybe modified code.
orignal or too many tunnels
orignal one destination produces very limited number of tunnel requests
dr|z3d ramping up again...
RTP Hey everyone, had a question I thought someone here might answer. If I was going to share a couple usbsticks to friends with i2p on it... To help them try it out... Would an i2prouter become a problem if directly cloned on disk by Router Identity? Or is this automatically handled in some way? I've been wondering this and couldn't find the answer.
not_bob I do not think it would be great, no.
not_bob I think it would be fine if you remove ~/i2p/router.keys.dat before you pass them out. Then each router will create a new one on start.
RTP ah awesome. Thanks not_bob! Always appreciated.
not_bob Anytime!
dr|z3d are you going to share the config dir as well, RTP?
dr|z3d if you're not, then you don't need to worry about router identity, it'll create a new one (and a config dir) on first run.
dr|z3d if you were to share a config dir, add the line router.rebuildKeys=true to the existing router.config in the config dir and that will also remove any router identity files and create a new id.
dr|z3d either way, you'd have a hard time deleting ~/i2p/router.keys.dat since it doesn't reside there, it resides in ~/.i2p/
dr|z3d but router.rebuildKeys=true in ~/.i2p/router.config is what you want.
dr|z3d that will create a new routerid and then remove itself from router.config
dr|z3d no harm removing router.keys.dat, though.
dr|z3d probably a "good idea" just so someone else doesn't have your own router id keys.
dr|z3d with all that said, best to just distribute the app dir and then a new profile and new identity will be created on first run.
RTP ah thank you dr|z3d will add that to ~/.i2p/router.config as don't want to cause any issues
dr|z3d are you creating a virtual image?
dr|z3d or you're just providing a usb stick with i2p pre-installed?
dr|z3d either way, better not to copy the profile dir at all. if you want to customize the config, you can edit i2p/router.config
RTP just going to provide usbstick with i2p preinstalled for bootable bare metal experience :)
not_bob_afk Yes, my bad. Forgot the . in the path.
dr|z3d right, so your user runs i2p, and it'll ignore your profile dir.
dr|z3d so don't bother.
dr|z3d the profile dir will be created on first run.
dr|z3d (and not on the usb stick)
dr|z3d bootable??
not_bob_afk That's what it sounds like.
RTP bootable set up for someone who has no linux experience. The idea is just to make it super easy for them to check out for the first time.
dr|z3d it doesn't sound like much without more info.
dr|z3d if it's a live OS, great. still don't recommend a profile dir.
dr|z3d if you want to pre-configure i2p, then do that first, copy the relevant sections in .i2p/router.config to i2p/router.config and then you can remove ~/.i2p/
RTP Just a very basic automated starting i2p browser set up on desktop. Was afraid if I missed something in router ID etc it might get banned so will for sure add the recommendations.
RTP not live run though
RTP so would have i2p+ preinstalled with a browser and some scripts I shared on my channel to automate everything with a shortcut. Nothing fancy on set up. Just basic functional i2p browser is purpose.
dr|z3d on the live os, then, you probably want to run ~/i2p/i2prouter install once you've modified i2prouter to point at the user you're running it from, though you'll need to run ~/i2p/i2prouter install as sudo.
dr|z3d that will setup a systemd service so it runs on startup.
dr|z3d (and can be controlled with service i2p {stop|start|restart}
RTP ahh okay I actually never tried the install argument. That is great to know about! Saves me some writing. :)
dr|z3d the line you want to edit in i2prouter is commented out and starts with RUN_AS_USER iirc.
dr|z3d you can also copy eephead eepget and i2ping from ~/i2p/ to usr/bin and then edit each file to point at your i2p installation
dr|z3d edit each file after copying to usr/bin .. there's comments at the top of each file where you need to specify the i2p app dir.
dr|z3d then user can do eephead skank.i2p etc from terminal.
dr|z3d if you want to add additional documentation, you can add stuff to the default eepsite folder and link to it.. just an idea.
dr|z3d then you might set 127.0.0.1:7667|127.0.0.1:7658 as the homepage in firefox or equiv.
dr|z3d (which will open multiple pages for home)
RTP Very helpful. Thanks to both of you much on this. 🙏
dr|z3d *thumbs up*
orignal RN, you shouldn't clone router keys. Such routers will be banned
orignal once found
orignal at least in i2pd
dr|z3d we estanblished that, orignal :)
dr|z3d I've now contracted your stan bug :|
orignal well you might not know how i2pd works
orignal which -stan bug?
dr|z3d estanblished..
orignal btw, since you watched District 9 you know what bantustan is
dr|z3d I've just reminded myself.
orignal bantustan is word from SA
orignal but in Russian it also means a shitty country
dr|z3d homelands for black South Africans in apartheid South Africa. I guess in Russian in sort of means ghetto.
orignal no, ghetto is about WW2
orignal about Nazi
orignal the differnce that bantustans has own govenments
orignal and not whole SA is bantustan
dr|z3d indeed not.
zzz I've collected about 20 XG's by hash/ip/port
zzz as a group they're all over the place, but none of them are IP-hoppers
zzz my list has zero overlap with Vort's zip of 16 though
zzz anybody want the list for further analysis?
orignal zzz, any idea what kind of proxy is it?
orignal guys, please help me choose name of param that says non recreate expired tunnel
orignal because I'm not native englush speaker
zzz I know nothing about proxies, I leave that to others
orignal do you see actual SSU2 sessions?
orignal or NTCP2 only
zzz not looking for ssu2
orignal if they relly connect through SSU2 there are not too many proxies that support UDP
orignal and then most likely it's shadowsocks
dr|z3d param? newTunnelsOnExpiry ?
dr|z3d newLSOnExpiry?
dr|z3d or rather, newLeaseSetOnExpiry
dr|z3d is that what you're doing, tearing down the LS and creating a new one?
dr|z3d or maybe newDestOnExpiry ?
dr|z3d not that many of them, zzz, possible attack routers? dunno.
orignal thanks
orignal i2cp.newTunnelsOnExpiry sounds right
orignal LS is about IB only
orignal but this is about OB too
orignal Vort said not much traffic went from them
orignal hence most likely it's a monkey try to attack some service
dr|z3d I still think XG !R!U routers are suspect and should be blocked.
dr|z3d maybe in time you'll come around to my way of thinking, orignal :)
orignal no you don't have any evidence that these routers do something wrong
dr|z3d that's the "in time" part. :)
orignal no, it's because the release
orignal before they would appear as X
orignal hence maybe they are in the network for a long time
orignal plus before i2pd didn't work well through proxy
zzz not true, sampled my list, all first seen in last 24 hours
dr|z3d > ok, well we can keep them under review. maybe we'll learn something.
orignal maybe they always change RI
zzz maybe let's do data-based analysis instead of guessing?
dr|z3d *** smiles. ***
orignal I will try on 2RRY
zzz give me the IPs you have for vort's 16 and I'll compare with my list
orignal he said everything had the same one
dr|z3d this one's a good place to start if you want to perform some analysis: dT50jTIPtC9fFD7NnXCmz8HGiAZuRT-~re~JagmO6mo= [169.150.227.198]
orignal that's how he recogznized them
dr|z3d that's got dodgy written all over it.
dr|z3d israel geolocation, czech registration, abuse/hosting co.uk
zzz I don't have that hash or IP in my list
zzz what IP was it orignal ?
orignal I posted it here
zzz so could you do it again please? like you've never asked me to repeat myself?
orignal <Vort> 2a02:6ea0:fb01:1::d001
orignal <Vort> CDN77
orignal <Vort> [2a02:6ea0:f207::d001]
orignal <Vort> скорее всего, все вот эти :d001 - это от одного владельца
orignal bascicallly he sais that all ended with d001
zzz I don't have that hash or IP in my list
orignal do you have ipv6 with d001?
orignal I don't see either now
zzz XG: 1ElsL8VYkh7UGBiWqQzaNUotZuBE23H3KgbIyan4DPk= [2a02:ed04:3581:3:0:0:0:d001]:35858
zzz XG: 3FjBS3xBBmVhnmeHBcmTDNZtE3I3WQCmBPr6WleLIAc= [2a06:3040:d:410:0:0:0:d001]:59054
zzz XG: bInqP3B-TRtryxnec9gp27hrXya~pRIaSGbq3pWKRoo= [2400:ddc0:a00b:0:0:0:0:d001]:44844
zzz XG: fWJ8BU6GlVZqLAwxE-4lkyWfg7ddz6GaOSZgSuITzFk= [2a02:6ea0:f206:0:0:0:0:d001]:51080
zzz XG: hCW-6LzOpPCBedRhUKTj3qcdZ7-5zLPC8JENwDKUpwE= [2602:ffe4:c0d:801d:0:0:0:d001]:35102
zzz XG: i2OMHYkOO0h5n9p7QrLUnSll1Ie-vY7qw8SGA7AIrdM= [2404:f780:4:deb:0:0:0:d001]:34070
zzz XG: i2OMHYkOO0h5n9p7QrLUnSll1Ie-vY7qw8SGA7AIrdM= [2404:f780:4:deb:0:0:0:d001]:50740
zzz XG: IY1RS9XUzvuRw68AzWeSAn2sehHrcy~q2T-XISePjEE= [2804:5364:7000:40:0:0:0:d001]:60476
orignal I seee 2604:d500:4:1::4 like 8 connection from the same IP but from different ports
orignal so Vort was right
zzz but plenty more w/o d001
zzz 4th one above has f206, vort reports f207
orignal so I'm going to change the code if SsessionConfirmed receives XG write it to log
orignal Vort said that all IPs ended with d001
orignal that's how he collected them
zzz not true here, 1/3 ipv6 not d001, 1/3 ipv4
orignal ofc not
orignal only his list
orignal indeed there are more
orignal maybe that guy
dr|z3d that RI I referenced just know was notable for requesting a ton of tunnels, aside from the obvious ip ownership obfuscation.
dr|z3d orignal: that issue re the proxy guy on github, shouldn't you be advising him against using a proxy if he wants to host transits?
orignal everybody understands that no transit through proxy
dr|z3d I'm not sure they do, esp. given it's a recent i2pd feature to mark G for proxied connections.
zzz "ton of tunnels" seems to be a different category than "XG", let's not get ourselves confused
dr|z3d just an observation - that specific router came to my attention because XG + tons of tunnels.
zzz it is XG?
zzz ok, we're not confused ))
dr|z3d ok, good. :)
zzz here's a tons of tunnels XG BbZqLVpQYKHF-KqsIcfVVMc8s7B09t4jFWC8KQaXctQ= 2a02:6ea0:d70a:1:0:0:0:b58d
dr|z3d yeah, I see that. Top of my list right now.
orignal requests or what?
dr|z3d except it's not G.
dr|z3d at least not here.
zzz Router: BbZqLVpQYKHF-KqsIcfVVMc8s7B09t4jFWC8KQaXctQ=
zzz Published:9 min ago
zzz Signing Key:EdDSA_SHA512_Ed25519
zzz Encryption Key:ECIES_X25519
zzz Routing Key:jQK-PgELT9~wzZGcpNfvKEy91IY4chOYRymSqKbjMds=
zzz Compressible:true
zzz Last IP: 2a02:6ea0:d70a:1:0:0:0:b58d
zzz Addresses:NTCP2: cost: 14 caps: 46 s: qkyxgS9bcHv4f~1-GIcts12zWdirQ2~K~k1miCixOiY= v: 2
zzz SSU2: cost: 15 caps: 46 i: m~cEiBQ0XldaSqw84B~Rm7YYE40NZj3faphDHXN8NS4= s: LLiLuZF2phDy1x9ShLAWo~F~RfvoPLI01JDwu005G2I= v: 2
zzz Stats:caps = XG
zzz netId = 2
zzz router.version = 0.9.64
orignal <zzz> Published: 9 min ago
orignal what does it mean?
zzz that's the RI timestamp
dr|z3d ok, that's strange, it's displaying G on the routerinfo page, just not on transits.
dr|z3d must be a css snafu.
dr|z3d another XG demanding a ton of tunnels: T6nP4iQZ6u~2x4YqARQV8~sdREzMDkyTtqNRY56tnes=
orignal because it's not supposed to be published at FF
dr|z3d another one slowly climbing up the XG tons of tunnels ladder: YV6J9XMlk19D3-0-vy2Z6qNXDHT9IIR5JEYJi8lfSpw=
dr|z3d they climb to the top, then seemingly don't take the "no more tunnels" hint and keep requesting, and then get banned.
orignal do you publish E?
dr|z3d publish? sure.
dr|z3d I think ARM or Android is E by default.
dr|z3d one of the two, or both.
dr|z3d otherwise, when we reach x percent of capacity, we publish E.
orignal i2pd never tries to requst tunnel through a router with E
dr|z3d I think we're the same, at least in + and possibly in canon.
dr|z3d in fact, in + I don't think we request transit from routers with D, E or G.
dr|z3d actually, no, we publish D for low performance (Android et al) routers, my bad.
dr|z3d correct channel: another XG/tunnels: hdsZ1DIgi~AMYbQ8q~6euPj9MadfEvy4L~o~ZcUN-3g=
orignal also people are reporting than tunnels thread is most CPU consuming now
orignal it means too many TBRs
dr|z3d right, so throttle, orignal :)
dr|z3d one of these days you'll get the hint.
orignal no, first is to move x25519 away
zzz fix your 25519 precalc thread.
zzz don't run it once a second with a timer; just interrupt it when it's low or empty
orignal zzz, already
orignal I generate x25519 is separate thread
zzz ane even 25 may not be enough; we do 20-60 depending on memory
orignal but this CPU usage is key agreement
orignal once a second? what are you talking about?
orignal I have enough pre-culaulated keys
zzz std::this_thread::sleep_for (std::chrono::seconds(1)); // take a break
orignal the problem comes when you have to calculate shared secrect for every TBR
orignal it never falls here
orignal it's circuit breaker
orignal to make sure that thread doesn't eat whole CPU
zzz keep a queue of tbrs and start dropping if you fall behind in that thread
orignal usually it calculates a new key one a key is used
orignal yes, that's what I'm goung to do
orignal move TBRs away from tunnels thread
orignal I handle TBR and tunnel data in the same thread
zzz eww
orignal just saying it's time
orignal because it was never been an issue
zzz how many threads total do you have?
orignal my point is that x25519 also consume CPU
orignal around 20
zzz ofc
orignal well it's much better than ElGamal
orignal but still much slower than symmetric crypto
zzz ofc
dr|z3d another one: HRiGlE9sEMnPRMsHPM~wTWQJ0-NLnl8IDimIoB4Yd6Y=
zzz we have one thread for TBRs but a whole bunch for data
orignal yes, that's I'm going to do
orignal for own TBR or transit TBR?
zzz all incoming requests and responses
zzz we're well over 100 threads total, probably close to 200 on big routers
zzz but it's a little easier to do threads on java
orignal for your TBR you need to apply x25519 for each record
dr|z3d closer to 300 here.
dr|z3d (threads)
orignal no problem with threads in C++ either
orignal I just prefer to keep tjem minimal
uop23ip dr|z3d, What are good values for job lag or message delay and are they useful (transit) performance indicators?
dr|z3d what are you seeing right now, uop23ip, and are you floodfill?
uop23ip yes ff, jlag 500mu, mdelay 6ms
dr|z3d those are fine. job lag under 200ms is fine, message delay under 100ms is fine.
dr|z3d obviously the lower the better, and your values are low.
dr|z3d you'll maybe see those a bit higher when the router starts up.. they soon come down.
dr|z3d job lag is normally lower for floodfills because they're not exploring the netdb DHT.
uop23ip Regarding the attack, better to get onto dev to bring your fixes in?
dr|z3d sure, there are a few mitigations in there.
dr|z3d it's not going to stop the bandwidth rollercoaster, but it might catch offending routers sooner.
uop23ip Nice, thanks
uop23ip Is it possible to tunnel "dos" a router so far that its congestion level gets worse and worse?
dr|z3d you also get an enhanced, streamlined view of router profiles in the latest dev builds.
uop23ip Can you make a D to an E or G, by overwhelming it with tunnel demands which exceeds it limits and reacts by declining tunnel request for others?
uop23ip nevermind, just wondering how i became an E from a former always D. ;)
zzz so what do we do about G routers
zzz G hop is obviously owner
zzz no mention of it in proposal
zzz I don't recall orignal discussing any anon concerns about it here
orignal zzz, it's obbvious even without G
orignal if a router publishes RI without incoming addresses
orignal if someone connects through proxy they must understand this risk
orignal that thier connectivity is limited
zzz what about non proxy
orignal I set G only for proxy
zzz I certainly haven't communicated the risk via my UI
zzz you set it for sym nat and for max tunnels == 0 also, iirc
orignal if someone turn off transit they must accept this risk
orignal for sym nat you did it
orignal I'm going to revert it
zzz where do you present that info to the user? website? web UI? logs?
orignal notransit=true you mean?
orignal it false by default
orignal if you are so dumb to turn if off don't expect anonymity
orignal G for symm NAT is a bad idea, I agree
zzz ah, you've come full circle, bad idea again
zzz ok so you don't communicate it anywhere, they either know it or they're dumb ))
orignal I talked to people on dev
zzz should G routers be limited to 1 hop tunnels since they're wasting their time?
orignal ofc no
orignal examaple
orignal I'm a G router ygg-only
orignal first hop is ygg only too
orignal last one is ygg + clearnet for endpoints
zzz should the part. tunnel throttler be way stricter for G routers?
zzz that would reduce the impact of the XG fleet
orignal you mean own tunnels?
orignal yes I agree
zzz no. how many tunnels should I allow a G router as previous or next hop. shouldn't be too many
zzz definitely not 25 like I saw this morning
orignal because you are G
orignal how many FROM G routers?
dr|z3d re part throttler, yes.
orignal I would say how many destinations are allowed
dr|z3d treat G routers as superslow and throttle accordingly. that's what I do.
orignal I would alllow only 3
orignal shared local destination, proxy and one server tunnel
dr|z3d another XG/tunnels offender: MH5A7L1fcsea9bv6UHc~PNX~yknfVoTjKKpoCOxJ7Vo=
dr|z3d you don't throttle, orignal :)
orignal no I don't
orignal I mean in configuration
dr|z3d so you can't allow only 3.
dr|z3d oh, you mean cap the number of tunnels the router can host.
dr|z3d tunnels/dests.
zzz this is all discussion we should have had when the G cap was proposed and discussed
dr|z3d we're only discussing it now because orignal's marking proxied routers G.
orignal zzz, it's not about G cap
orignal if you see LU with NTCP2 only
orignal what's a difference?
orignal e.g. we should also talk about de-facto G
zzz that's even rarer than G
orignal poroxy always looked like this before
orignal and there were tonns of such routers and dr|z3d banned them explicitly
zzz proxy was almost nonexistent until you decided to do the opposite of what I recommended and make it easy
orignal come on
orignal proxy existed for al least 5 years
orignal un has implemented it long time ago
dr|z3d orignal's doing that "come on" routine again. it's almost a catch phrase.
orignal even for NTCP1
orignal proxies always existed
zzz this is how we got here. me + drz: block tor; you: make sure i2p-over-tor works well
zzz so not surprising
orignal hold on
orignal we are talking aboyt two different things
orignal how long does i2pd support proxy for NTCP2? For SSU2?
orignal seocond. all these XG routers have nothing to do wiht Tor
orignal hence they would work anyway wihout my recent change
orignal but looked like X or XU
orignal and I wish we had this discussion 6 months
orignal to discuss how to fix proxy rather than all Tor IPs
zzz if they're behind a proxy you can probably limit them to 1 hop unless ygg-ygg
orignal yes, good idea
orignal but then OBEP and IBGW will be i2pd only
zzz ok, if you want to keep your tor sabotage
orignal that I don't like
orignal because enpoints always consume more reosources than middle hop
orignal man, it's not about Tor
orignal the purpose of this change is wider
orignal it's "-stan" mode
orignal meaning you can't connet to every routers in the network
orignal you guys don't even try to address this issue yet
orignal keep living in jrandom's days with assumption that any-to-any connection is possble
orignal but in real world driven by monkeys it's not true anymore
zzz jrandom did not assume that and it's mentioned all over his docs
orignal and what's the solution?
orignal hidden router?
dr|z3d might as well be. G + !R + !U == hidden.
orignal maybe I should publishing H for proxy?
dr|z3d amounts to the same thing, no?
orignal I don't want to inytroduce "hidded" mode explicitly
orignal because every monkey would start turning it on
orignal they are so dumb that turn on encrypted leasesets for client tunnels
orignal zzz, what do you think about H?
zzz not a bad letter, not my favorite
orignal for proxy I mean
dr|z3d *** chuckles ***
orignal literraly meaning that it doesn't publush itslef
orignal and that's true
orignal for proxy
zzz state your case, write it up, with a security analysis this time
orignal my case?
zzz case = "why"
orignal NTCP2 and/or SSU2 go through proxy
orignal why publish H?
orignal that's my question to you
orignal waht it actually means
zzz I'm asking that you spend some time to explain an idea before you ask me what I think
orignal then I need to know what 'H' is for
orignal what exactly does it say?
orignal in my code I consider it as G
zzz look in the specs
orignal ok. removed G for proxies and symm nat
orignal I did
orignal it doesn't have exact explnation
orignal zzz, while you are here and we are talking about caps maybe you can give an ulitmate answer about 'U' cap
orignal the question is simple. Can a router publish U cap for non-published NTCP2 only router?
orignal nobody can answer this question for years
orignal and second question if I can publish "R" for ygg-only router
zzz asked and answered many times, and the answer is in the spec
orignal no it's not there
orignal R if can be reached by any transport
orignal but is ygg "any" transport since you don't recogzize it as transport
zzz if you have a proposed addition to the spec, email me a patch
orignal R: Reachable
orignal U: Unreachable
orignal that's what I see in specs
zzz sigh
orignal R means that the router is directly reachable (no introducers required, not firewalled) on at least one transport address. U means that the router is NOT directly reachable on ANY transport address.
zzz there you go
orignal no it doesn't answeer my question
orignal for R it doesn't answer if ygg is transport or not
orignal U says if it's not reachable directly but doen't say what if not reachable at all
zzz then add your own answer and email me the patch
orignal but I don't the answer
zzz I added that section after the last 10 times we talked about it
orignal A router should usually publish the R or U capability, unless the reachability state is currently unknown.
zzz I don't have all the answers either. Sometimes implementers have to make their own decisions
orignal so, what's right answer?
zzz don't know
orignal I should publish R or U accodring to this statmenet
orignal but I don't know
orignal if I can publush R in case of ygg, and U in case of proxy
zzz then convene a subcommittee of i2pd devs to research the alternatives and make a recommendation
orignal you already know my recommendtation
orignal but you disgree with it and I know your reasons
orignal that's why I'm asking because any Java uses these caps
orignal zzz, will you also remove G from routers with symm nat?
zzz don't know
orignal it's real deanon
orignal for non-guilty user
orignal better to decide how to publish code for symm nat
orignal a guys might not even know about symm nat
orignal unlike proxy or no transit
orignal it's not his fault
eyedeekay Re: Yggdrasil, my understanding is that yggdrasil routers are reachable to other yggdrasil routers, and that yggdrasil is an IPv6 overlay, fulfilling the "reachable on any" requirement of the specification, so it makes sense from that POV to publish R, and the routers who can't talk to the yggdrasil routers have to learn to avoid them
orignal eyedeekay theoritaclly yes
orignal however Java doesn't recognize ygg as transport
eyedeekay That seems like an us problem, if we don't support the transport we need to avoid the routers with ygg addresses
orignal or drop such routers as malformed
orignal that's why i'm trying to avoid