👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2025/09/13
~dr|z3d
@RN
@T3s|4
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
%acetone
%ardu
%cumlord
%mareki2p
+FreefallHeavens
+HowardPlayzOfAdmin
+Onn4l7h
+Over
+Sh0ck
+Xeha
+bak83
+leopold_
+marek22k
+profetikla
+qend-irc2p
+r00tobo_BNC
+romer
+uop23ip
+waffles
+xHarr
Arch
BubbRubb
Danny
DeltaOreo
Irc2PGuest10122
Irc2PGuest16791
Irc2PGuest93285
Maylay
Meow
RN_
Stormycloud_
ac9f
anontor
combed_tree328
coolbuddy799
duck
halloy13412
makoto
nZDoYBkF
nilbog
not_bob_afk
onon_
onon_1
poriori_
pory
r00tobo[2]
shiver_
simprelay
solidx66
thetia
u5657
vivid_reader56
woodwose
zer0bitz_
dr|z3d welcome back, RTP!
dr|z3d if you hadn't already noticed, your blog is now linked on the + homepage.
dr|z3d should have linked it a long time ago, sorry for the delay.
moe orignal: does not publishing your ip mean you don't relay others' traffic? and which setting would that be for i2pd? thank you
uop23ip dr|z3d, idk if i understood your post, but if you mean that if sidebar is shorter in height it should stick while i scrolling down the page - it doesn't. Tested with /home where my siebar is shorter. But i am not so sure i understood correctly what you mean
dr|z3d ctrl+shift+r
dr|z3d and yes, if the sidebar is shorter than the viewport, it should stick to the top of the page when you scroll.
uop23ip Enable conditional sidebar - is the setting right?
dr|z3d indeed it is, should be enabled by default.
dr|z3d it assumes your viewport height is at least 700px, any less then it reverts to scrolling behavior.
dr|z3d looking at that, not entirely convinved we need that 700px minimum threshold.
dr|z3d *convinced
uop23ip maybe that idk. did multi refresh, restart browser. nope does not stick
dr|z3d what resolution are you running at on your monitor?
dr|z3d try this, hit F11 and see if the behevior triggers.
orignal you do relay other traffic even if you don't publish your IP
dr|z3d it should also be stated that not publishing your ip address doesn't make you invisible.
uop23ip :) that sticks
dr|z3d ok, so it's the min height threshold then. I'll tweak it.
moe orignal, dr|z3d: good to know. thank you
orignal hoewever connection through Tor makes you invisible )))
orignal at least non-existing for Java routers
uop23ip lol
dr|z3d Yeah, don't connect via Tor unless you want most of the network to ban your router :)
orignal most of the network will not ban his router
dr|z3d orignal: you compiled + snark on windows yet?
orignal most of the netwrk will not know about his router
orignal not yet
dr|z3d most of the network will. the majority of the routers on the network run java, aka most :)
orignal how?
orignal Java ban by IP from the list
orignal before it knows who is trying to connect
dr|z3d we're assuming moe's already running his router in hidden mode? maybe he isn't. but if it is hidden and makes a direct connection, then *poof* ban.
orignal it drops incoming conection
orignal and what does it ban?
dr|z3d iirc, it'll map the ip to a router hash and ban the hash.
dr|z3d but my memory is a little hazy right now.
orignal you are not listening
orignal how would you know a router hash?
dr|z3d direct connection.
dr|z3d same way I know the ips of most of the firewalled routers.
orignal again
orignal you see that a direct connection come from Tor IP
orignal can close it
orignal you don't try hadshake
dr|z3d if it's a direct connection, I know the router hash as well.
orignal you don't know router hash until you receive SessionConfirmed message
dr|z3d or maybe you're right, we block the ip first, ask questions later (never).
orignal in case of Tor you don't accept a connection from ther IP
dr|z3d the digital equivalent of not turning up for a date.
moe is the corresponding i2pd setting trust.hidden or some combination of {ntcp2,ssu2}.published? i was under the impression that hidden mode disabled participation entirely
dr|z3d hidden mode in java disables participation, I don't think i2pd has an explicit hidden mode option.
dr|z3d or maybe it does?
orignal no this setting is proxy
orignal i2pd's "hidden mode" is proxy
orignal and I'm going to add "stan" param to config to turn it on exeplicitly
RN good old Stanley...
moe orignal: so i2pd's and java i2p's hidden modes actually use different mechanisms? is that what you're saying?
orignal right
orignal i2pd's hidden mode is not just hidden
orignal it;s activelt reisting the censorship
moe i like that
moe is there documentation on its mechanism or would i have to read the code to learn how it works?
orignal no docs
dr|z3d uop23ip: dev update available with sticky fix.
dr|z3d if you sidebar is shorter than the height of the viewport, it should stick now, regardless of the viewport dimensions.
RTP thanks dr|z3d! Much appreciated :D
dr|z3d you're welcome, RTP :)
dr|z3d RTP: throw the following in your site css file to remove the redundant disqus links:
dr|z3d Blinded message
dr|z3d display: none !important;
dr|z3d }
dr|z3d actually, that won't quite do it, one sec.
dr|z3d try this:
dr|z3d Blinded message
dr|z3d display: none !important;
dr|z3d }
dr|z3d eyedeekay: something for the default railroad plugin css perhaps? ^
dr|z3d hmm, the inline !important probably means it won't get hidden. maybe you need to give your template a tweak, RTP, remove the disqus crud :)
RTP Ah thank you! Been traveling quite a bit over summer, but have had goal to refine things more. Thanks for the snippet. :)
RTP definitely wanted to either have comments or get rid of the 'crud' :-P
dr|z3d yeah, no one will use disqus to comment I suspect, even less so when it relies on js.
RTP facts
uop23ip what is the highest number of hops possible in the i2p network? Is there a max allowed?
dr|z3d_ uop23ip: 7.
dr|z3d If you're in advanced mode in the console, the tunnel manager will allow up to 7 hops.
dr|z3d T3s|4: you can remove the custom css to disable the sticky sidebar in override.css and control it from /configsidebar .. it should be a lot more robust now, if you enable it.
T3s|4 o/ dr|z3d: under ~/i2p/docs/themes/console/dark/ I don't have any file named `override.css`. I do have an override_Sora.css with a line `#sidebar h3,#sidebar h3 a,.tab2{font-weight:700}` - Is that the entry you are referring to?
moe thanks orignal
Sh0ck moe moe kyun
eyedeekay Yeah that could maybe become part of a sensible solution to the theme update thing, thanks
eyedeekay Got some family stuff going on but I should have the last couple release things done today
dr|z3d T3s|4: no, not that, that's an inactive override file, possibly junk. You should have full sticky functionality then, assuming sticky sidebar is enabled on /configsidebar
zzz dr|z3d, you have your skank zzzot udp lifetime configured for 120 seconds?
dr|z3d I do, I was going to ask you about that :)
dr|z3d what does udp lifetime do exactly?
zzz I'll answer, but one q first, why did you change it?
dr|z3d because I could :)
zzz gah
dr|z3d 20m seemed a bit on the long side.
dr|z3d and 2m was within the acceptable limits you've set, so...
dr|z3d go on, eviscerate my stupidity. you're good at that :)
zzz for now I'll keep the baffer at bay
zzz but
zzz ref: BEP 15
zzz its a two stage protocol
zzz stage 1: ask for a token
zzz stage 2: announce with the token
zzz the lifetime is for the token
zzz BEP 15 is hardcoded 1 minute
zzz that's inefficient, so we added a configurable lifetime to BEP 15
zzz was helping bigly so was looking at logs
zzz and wondering 'why does it keep asking skank for a token so often'
zzz zzzot uses a trick so it doesn't have to store tokens
zzz so there's no cost to a longer lifetime
dr|z3d ok, thanks for the explanation. I mistakenly assumed the lifetime was the length of a persistent server connection.
dr|z3d so 30m isn't unreasonable then I guess? I'll set it to that.
cumlord set mine a little shorter than http thinking it could entice using it but probably doesn’t matter, sounds like most big clients minus qbit can do it now
zzz it's UDP, there are no 'persistent connections', although BEP 15 calls them 'connections'
zzz so it's a little misleading
dr|z3d yeah, I got it now, thanks. token lifetime. comment your config file! :)
zzz dont put this on me ))
dr|z3d haha, it's ALL your fault :)
zzz plugin restart req'd to change the config
dr|z3d obviously.
zzz yeah connection == token, it's poor terminology in BEP 15
zzz the trick was realizing I didn't have to store the token on the tracker side, which I stole from the C opentracker
dr|z3d If you hover over the Announce: / UDP Announce: text on /tracker on skank, it'll tell you the configured interval / token lifetime.
dr|z3d anyways, updated, 30m token lifetime now.
zzz thx
dr|z3d likewise :)
zzz anyway be aware that bigly is doing testing, he may have bugs because he says he's having a low success rate
zzz I told him to come over here if he wanted to do some real-time debugging with you two
dr|z3d [ZZZOT] Dropping bad action -901731611
dr|z3d [ZZZOT] Error receiving datagram -> Negative value not allowed
cumlord ah makes sense, I tried a little with bigly and couldn’t get it working
dr|z3d [...ifier ZzzOT] ...pl.PacketHandler: Dropping packet with SendStreamID but no connection
dr|z3d [...Jetty-59182] ...ty.server.Server: /a/scrape
dr|z3d org.eclipse.jetty.http.BadMessageException: 400: Bad query encoding
dr|z3d The first two errors are regular, the last 2, not so much.
zzz first two dont sound right
dr|z3d the errors maybe generated by DataHelper.java from what I can tell?
dr|z3d Negative value... anyway.
zzz it's kinda tough to debug if you're not running both sides, not sure how he's testing
dr|z3d well, hopefully he accepts your invite to hop onto irc.
zzz may or may not be his style, we'll see
zzz 'action' should be 0 or 1, so something is way garbled
zzz also, there shouldn't be any negative value errors thrown in the datagram handling, you may want to track that down
dr|z3d public static void toLong(byte target[], int offset, int numBytes, long value) throws IllegalArgumentException {
dr|z3d if (numBytes <= 0 || numBytes > 8) throw new IllegalArgumentException("Invalid number of bytes");
dr|z3d if (value < 0) throw new IllegalArgumentException("Negative value not allowed");
dr|z3d for (int i = offset + numBytes - 1; i >= offset; i--) {
dr|z3d target[i] = (byte) value;
dr|z3d value >>= 8;
dr|z3d }
dr|z3d }
dr|z3d and:
dr|z3d public static void toLongLE(byte target[], int offset, int numBytes, long value) {
dr|z3d if (numBytes <= 0 || numBytes > 8) {throw new IllegalArgumentException("Invalid number of bytes");}
dr|z3d if (value < 0) {throw new IllegalArgumentException("Negative value not allowed");}
dr|z3d int limit = offset + numBytes;
dr|z3d for (int i = offset; i < limit; i++) {
dr|z3d target[i] = (byte) value;
dr|z3d value >>= 8;
dr|z3d }
dr|z3d }
dr|z3d in DataHelper.java
zzz sure but where from zzzot
dr|z3d public void messageAvailable(I2PSession session, int id, long size, int proto, int fromPort, int toPort)
T3s|4 dr|z3d: thanks - now I see there are both Unified and Sticky options - also noted on the 7 hops :)
zzz there's a lot of fromLong and toLong calls, which one?
dr|z3d dunno, not being explictly logged, the error is the fall through exception.
zzz in my source the exception stck trace is logged, perhaps you've modded it
dr|z3d probably, e.getMessage() instead of the full stack trace.
dr|z3d as a general rule, I try to avoid printing stack traces to the logs unless they're errors.
dr|z3d welcome to #saltr, sidereal
sidereal thanks!
zzz dr|z3d, next time you rebuild it, pls change it back to log the stack trace so we can catch it
dr|z3d aight, I'll add a conditional for _log.shouldInfo()
T3s|4 welcome sidereal: liking your nick, despite that almost no one realizes: A sidereal day on Earth is approximately 86164.0905 seconds (23 h 56 min 4.0905 s or 23.9344696 h) --> nor the implications for their lives, or their real Birthdays / Anniversaries :)
sidereal thanks! and yeah, it's a really fun nick
uop23ip dr|z3d, sidebar sticks now in my setup. Never looked for its behaviour before, but i like it that way, thanks
dr|z3d good stuff, uop23ip, glad you're enjoying it.
dr|z3d It's been on my mind for a while, zzz, but I've always assumed NTCP takes priority, but seeing no inbound SSU connections makes me think in the transition to SSU2 I might have missed something or got a dodgy merge. Any pointers on where I should be looking? I've reviewed various udp classes, can't see anything obviously borked.
FreefallHeavens_ Hello, does the reseeding over clearnet use ECH?
dr|z3d comparitech.com/blog/vpn-privacy/what-is-ech
dr|z3d Currently, I believe the answer is "no" FreefallHeavens_
FreefallHeavens_ So if the domain name can be seen in the handshake it can be blocked by censors. As far as I can see all the reseed domains are conspicuous, and many outright have reseed in their name. A while back R4SAS was hosting an i2pseeds.su3 that was periodically updated via script. This had the advantage of only exposing a connection to github.com and isn't blocked unless all of github is. But now
FreefallHeavens_ downloads require being logged in. Are there other reseed packages hosted on ambiguous, high-traffic sites?
dr|z3d Not currently, no. The issue with hosting on github is that it made harvesting routerinfos trivial.
FreefallHeavens_ The reseed URLs are all publicly accessible. How is exposure from hosting on github different from a malicious actor periodically downloading the reseed file from any one of the other reseed sites?
dr|z3d revisions.
dr|z3d that and the non-requirement of a specific user agent.
RN don't we still have in-net reseed hosts?
RN use the outernet ones for bootstrap then switch over?
dr|z3d we never did, at least not hosts that can be specified for use in the reseeding process.
FreefallHeavens_ Attackers with the resources to alter a router software maliciously and the machines to spam an entire network were being effectively held at bay by the difficulty of spoofing a user agent?
RN never is a long time... and I'm pretty sure a while back we did. Though there was debate about utility.
dr|z3d There is no method to prevent a persistent attacker from mapping routerinfos over time.
dr|z3d Providing a revision based selection of routerinfos, however, lowers the barrier to entry and provides a historical snapshot at any given moment, not what we want.
FreefallHeavens_ Okay, so even though an attacker could well be doing this revision work, it was best that YOU didn't facilitate it. I get that. Does hosting on a large, ambiguous website still remain an option?
dr|z3d Sure, why not, if someone wants to host on aws, or azure, we probably won't complain.
dr|z3d of course, that doesn't address the principal issue which is the host part, but hey. got any contacts at google.com or microsoft.com? :)
FreefallHeavens_ No, but neither did we have any at github.com. I'm hoping to get creative and find some opportunity here.
FreefallHeavens_ Likely some other form of user content.
dr|z3d stagano-encoded images on imgur.com maybe :)
FreefallHeavens_ And who's gonna implement the client-side decoding in the reseed code? XD
dr|z3d you, apparently. :)
FreefallHeavens_ I'm barely reliable enough to hold a job.
dr|z3d yeah, but can you code?
FreefallHeavens_ PROBABLY well enough for PARTS of this project? I would never dare to have people depend/wait on me again. This is a tested and recurring failure.
FreefallHeavens_ My other question is about addressbook subscriptions. Is there any timestamping and logic so that in the event of a conflict, the latest-updated entries take precedence, or a way to arrange subscriptions to have priority?
dr|z3d well, ech sounds like a good idea if we can implement it. see if you can identify what we need.
dr|z3d first entry wins in the addressbook.
dr|z3d subscriptions used to be prioritized based on order, but no longer.
FreefallHeavens_ I have no idea about Java dependencies and I'd be looking for a relevant module/lib/whatever-they-call-these-in-java with about the same accuracy as an LLM.
FreefallHeavens_ I will try though.
FreefallHeavens_ I can tell it's no longer by order because they get hard rearranged alphabetically in both the web UI and the txt file.
FreefallHeavens_ My final question is if there's any way to disable the red badge counters on new addressbook and log entries (it's driving me nuts!)
dr|z3d sure there is. I2P+ :)
dr|z3d otherwise, you'd have to talk to zzz, but currently I don't think there's an opt-out.
dr|z3d zzz: he don't like your bubbles!
FreefallHeavens_ I'd rather not make my mental illness someone else's problem.
FreefallHeavens_ Oh yeah! Does the HTTPS handler for reseeds support PQC? Not like the I2P-side stuff you've been implementing but existing web standards that I know are already out.
dr|z3d in I2P+ you can modify the UI any which way with override css which persists a restart. unfortunately, in canon I2P, you now need to compile I2P yourself to modify the css.
dr|z3d (and we don't have any red bubbles to begin with).
FreefallHeavens_ I'm gonna try and just sort that on my side with an ad blocker.
dr|z3d sure, you can selectively block elements with uBlock.
zzz all the https (TLS) stuff is done by Java, not by us; your best chance to have the most secure TLS options is to use the latest Java
dr|z3d re pq on the reseed hosts, dunno, that's probably more a question of what's offered on the server cert-wise, but there may also be stuff to do on the router end.
dr|z3d and what zzz said.
FreefallHeavens_ You have no control over any parameters of the connection like ciphers, certificate authorities and such?
zzz we do some excludes of bad/ancient ciphers, but thats it
zzz TLS crypto negotiation is independent of certs/CAs
FreefallHeavens_ This method won't give you any control over ECH either then.
zzz right. check the java docs for when they added ECH, if they have
FreefallHeavens_ On a first look, I found an open issue requesting its inclusion and someone mentioning in March that it was "close to publication" but no other updates and the issue is still open.
zzz re: bubbles, sorry to hear that, no option now but it wouldn't be hard
FreefallHeavens_ I think I found something that supports it? And it looks Java-pluggable...? To my untrained eye? wolfssl.com/products/wolfssl-jni-jsse
FreefallHeavens_ And of course its branding had to be furry-adjacent, I never can try to distance myself from my filthy nature!
FreefallHeavens_ And if this ain't it then I'll consult in less prominent channels before bringing up a solution again cause I have little idea what I'm doing and I dun wanna spam garbage.
zzz save the effort, we're not going to start replacing core java stuff with 3rd party libs, if you're concerned about reseeding then disable it
FreefallHeavens_ On the contrary I am trying to make sure it doesn't get gutted altogether by censors. But anyway: I don't have any in-network reseed URLs in the reseed list. Should I?
zzz there arent any
FreefallHeavens_ Thanks for your time.
eyedeekay bubbles
eyedeekay oops meant to ctrl-f that
RN Bubbles, go get Ricky and Julian...
eyedeekay Re Reseeds and PQ on the server we're using go std TLS in reseed-tools and forcing everything to the latest ciphers currently but it's *not* doing PQ, when PQ TLS is available in Go std we will enable it
waffles oh my fuck boys
eyedeekay There is always of course the option of a reverse proxy as well
bpb Ahahahaha! I feel the power come to me in my voice!!!
bpb *** is finally trying out I2P+. Blame RN. ***
waffles xd
waffles ur in the cool kids club now
bpb I feel really dirty downloading an exe file though...
waffles i thought that was kinda weird i was like no way this works on linux
bpb I mean, I get that it's just a jar wrapper... and I guess java makes me feel a little dirty but an exe............
waffles turns out its like some universal binary with java yeah
RN bpb, just get the updater file
RN it can convert Canon into I2P+
RN yeah, it is neat the way they make the installer .exe file
bpb RN: But I didn't actually install i2p properly the first time, so I figure this installer might do a better job than just manually running the shell script in my home directory.
RN java -jar works
RN ahh, makes sense. just make sure if you install it separate from your existing that you don't run both accidentally.
RN console is https by default iirc and on a different port.
bpb "What's the worst that could happen?"
RN overwrite your current un-backed up install and something goes wrong.
xHarr You could end up with a franken-i2p =-O
RN the installer is prety tried and true though.
bpb There is nothing of value in my config to backup.
RN not even feet pics?
RN hehe
bpb I keep those with your CCTV files and access them remotely.
RN dr|z3d, you got a new user! one of the old guard...
RN ah, good deal.
bpb Is the main repo on GitHub?
RN skank.i2p and yes there is a git on outernet...
RN url is in topic
RN you as an old timer should remember to read topic... ;)
bpb Hmm... Should I put this on a raspberry pi or run it local? I really want it on a pi, so i2p doesn't eat my wifi bandwidth so much, but I also don't want my network traffic of feet.i2p to be visible on my local network.
RN if you are worried about lan snooping you got bigger problems than I2P can solve
RN ;)
RN yes, it should run on Pi just as Canon can.
RN quit disconnecting... dr appears to be busy...
bpb Ursula couldn't keep me down!
bpb Get it? Because I lost my voice...
RN even with all those tenticles? you be a slippery BrownPaperBag
bpb *** never actually thought of that one... ***
bpb And yeah, I'm worried about lan snooping. I mean... I think most people have creepy IoT appliances plugged into their network.
bpb Or live in their parents' basement where daddy is a network engineer who wants to keep his little BeautifulPrincessBaby safe.
RN and both of those apply to you?
bpb One, both, or neither... yes!
bpb Though... I don't hardly use eepsites, either. So I guess that's maybe not really an issue.
RN *** gives a tissue for non-issue ***
orignal I think i2pd's reseed selects PQ automatically
RN interesting. though how many reseeders have pq enabled? I thought zzz mentioned something about updating the instructions or something after the release settled down.
orignal i2pd uses openssl for TLS
RN I'm guessing yours orignal, and acetone's
orignal which one? python?
RN yeah, I remember that, I remember the noise about ghost
orignal idk what pythong uses
RN the reseed hosts I'm talking about supporting pq
orignal *python
orignal need to check what https uses in python
RN unless you are saying openssl supports pq and it is automagically enabled on the reseed hosts that use openssl
orignal but idk what python uses internally
RN mmkay. a topic for another time then. just a user had asked about pq reseeding and I don't think Canon does it yet so was wondering.
waffles ho do i set up my bittorrent client for i2p again
waffles im not rly seeing anything good on postman tracker tho
xHarr waffles, which client are you using?
bpb Lan snooping really is a problem, potentially, for anyone who shares a lan and doesn't have it locked down.
bpb Though there are a variety of solutions to it, but I digress.
dr|z3d belated welcome, bpb. please register your nick for a more persistent +V
bpb Woohoo!
bpb THIS IS REAL ULTIMATE POWER!!!!
bpb Hi dr|z3d, been a while.
dr|z3d it probably has, your nick evades my memory :)
dr|z3d how are you finding I2P+?
RN bpb is registered, just has issues with nickserv auth.
RN ideally client should handle nickserv on login
bpb *** pouts. ***
bpb I'm poking around at i2p+ before I move over to it here in a bit. Neat enhancements so far from what I can see.
bpb I gotta be sneaky about when I swap routers though so RN doesn't send party vans to my house.
bpb And thank you for the voice!
dr|z3d you're welcome
RN *** stalks bpb's connection ***
RN LOL