👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2026/05/06
~dr|z3d
@RN
@T3s|4
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%acetone
%mareki2p
%snex
+Atticfire
+FreefallHeavens
+Onn4l7h
+Onn4|7h
+fa
+marek22k
+onon_
+profetikla
+qend-irc2p
+r00tobo
+sexy
+uop23ip
Arch
Danny
Irc2PGuest21708
Irc2PGuest28384
Irc2PGuest4937
Irc2PGuest66257
Irc2PGuest75631
Irc2PGuest99986
Over1
RTP_
Watson
ahiru
anontor
cims
i2potus
interesting
justaperson
lokzz
luvme3
mahlay
makoto
n2_
nilbog
not_bob_afk2
pinotto
poriori
r00tobo[2]
rednode
sahil
uberius
user_ygg2_
dr|z3d ebbs and flows, this channel, sexy. busy coding right now, but don
dr|z3d 't think we're dead :)
sexy ahaha dont wory, I understand
dr|z3d *thumbs up*
dr|z3d are you an I2P, I2P+ or i2pd user?
sexy i2p+ for my client, and i2pd for servers
dr|z3d OK, you're a good person to perform a random poll on, then.
sexy im trying to gauge which I prefer, so far it's i2pd because it's much simpler to configure, but I want to give each a shot
sexy ahaha yep
sexy sometimes I use an i2pd server to browse eepsites but it's kinda random. im connected to irc via i2pd
dr|z3d we've had some ai-inspired reporting lately, some of the issues would be completely removed by having a mandatory console login.
dr|z3d so, that's what I'm working on right now for I2P+
sexy mandatory console login? to report bugs and whatnot? i dont quite follow
dr|z3d nothing stressful, when you open the console, it'll present a login page with default passwords visible which you're obviously encouraged to change once you've logged in. also presents a dropdown with the time limit on your session. thoughts?
dr|z3d obviously the router will run just fine whether you're logged in or not.
dr|z3d login to your own console. to prevent various classes of potential exploits.
sexy- ahh to prevent opening up the console for all to see
dr|z3d it's all local, there's no remote server connection.
dr|z3d that's a side effect, but the main reason is to prevent various "CSRF" attacks.
sexy- isnt the i2p console inaccessible when your browser is set to use the i2p proxy?
sexy- if I pull up 127.0.0.1:7657 in my browser I get an error message from i2p+
sexy- ^^ (when proxying through i2p)
dr|z3d if you attempt to access your own console via the proxy, sure, won't work. that's why you always exclude localhost or whatevr you're accessing the console on from your proxy.
sexy- I dont see csrf attacks in your secondary browser, especially ones targetting your i2p console to be that prevelant. but that's also security through obscurity which isnt ideal
dr|z3d that's a different issue entirely. configuration issue. there's no explicit protection there.
sexy- a password protected lgoin page would be cool. it could also mean I could expose my i2p console to my LAN with less worries, and without fussing about with SSH tunnels or anything
dr|z3d this isn't security through obscurity. this is security by design.
sexy- i meant that hoping csrf attack doesnt happen because i2p is small is security through obscurity :) - not a password protected login page
dr|z3d well, we have some mitigations, but a mandatory login is the big "fuck you" to attackers. leaves no door open.
sexy- yep for sure
sexy- i think more people would use it for opening the i2p router console to LAN rather than to prevent csrf attacks
dr|z3d couple that with https access, which i2p+ enables by default, and you're all good.
sexy i didnt know i2p+ could do https
sexy i had nginx setup as a reverse proxy to do ssl termination + basic http auth
dr|z3d we already have optional password support, but it's optional, and doesn't present a login page, just a popup. so a mandatory login with a custom page is next level.
dr|z3d it's also been known to very occasionally bork the router until a restart, so this should address that as well.
dr|z3d if you updated from i2p, then it won't be enforced, but may still be enabled, not sure. 127.0.0.1:7667 if it is.
dr|z3d self-signed cert.
dr|z3d 127.0.0.1:7657/help/faq has an entry re https in the console.
zzz dr|z3d, looked closer at your allowOrigin(), basic approach looks sound, but it has IPv6 bugs, and I don't think you can exempt localhost at the bottom. I have to rewrite for jetty 12 also and then will put it in ServletUtil so I only have to write it once
dr|z3d thanks for the review, zzz. ipv6, localhost, will have a look at those.
zzz one of the headers you dealt with [] and one you didnt
dr|z3d yeah, I see that, have a fix I'm about to push.
sexy- is this channel for only i2p+ or for general i2p discussion too?
dr|z3d general, we're not racist here :)
sexy- x)
sexy- what browsers do you guys like using for i2p? i setup tor browser with foxyproxy
onon_ ^
onon_ Me too
orignal firefox
dr|z3d librewolf
dr|z3d surprised you're not on librewolf, orignal.
orignal librewolf is for wiggers ))
dr|z3d don't be a donut. :)
dr|z3d orignal -> resident channel donut.
sexy- i used librewolf for a long time but found that torbrowser without tor is less work to setup
leopold dillo bowser ,(
sexy- lol read that as dildo browser at first
dr|z3d whatever works for you. torbrowser's not a bad choice.
orignal use netpositive ))
dr|z3d anyone suggesting dillo needs their head testing.
sexy- dillo looks neat. never heard of it before
orignal dildo?))
dr|z3d dillo is a pile of steaming. it's good for one thing - finding http parsing errors.
orignal dr|z3d do you use haiku?
dr|z3d I suggested it to you, remember.
dr|z3d haven't touched it in a while.
dr|z3d welcome to #saltr, fa
orignal suggested what?
orignal netpositive?
dr|z3d haiku.
dr|z3d we had a discussion about how you thought it was shit, and then you installed it.
dr|z3d I'll tell you one thing, it doesn't much like running in a vm.
orignal I run it on P4 ))
fa Dillo brings me old internet vibes :)
orignal who did I say it was shit if it's BeOS?
orignal fa then try netpositive ))
dr|z3d I don't recall the specifics, something like "nobody uses it" or whatever your throwaway line was at the time.
dr|z3d anyways, bare metal, p4, probably runs great.
orignal yes it runs peferctly on P4
dr|z3d probably not quite as lean and mean as beos, which would run fine in 512MB iirc, maybe even 256.
dr|z3d back when 512MB was a huge amount of ram.
dr|z3d amusing how times change, now 64GB seems barely adequate.
orignal that P4 has 3Gb of memory
fa My first computer had like 32MB or something, it ran Windows 3.1 or something
orignal my first computer was MSX ))
sexy- if i was your wife i think i'd be pretty contempt with 512MB :(
fa MSX had cartridge, tape or what was it called. I remember seeing one such computer, I was a kid at the time, thought it was a old gaming console xD
fa Little did I knew :)
orignal mine had tape
RN contempt?
RN LOL
dr|z3d content :)
RN *** gets stuck re-reading the typo ***
RN yeah, I know
dr|z3d read between the lines, RN :)
RN just reat the sentence a few times thinking "Shirly they didn't mean that..."
orignal wiggers, tell me the reason why i2p doesn't use some pluggabl transports for NTCP2?
sexy- omg ive been spelling that wrong all my life :,(
orignal what that?
sexy- lol yepp
orignal the solution is easy
dr|z3d spidery lines...
orignal just speak Russian
orignal pronouciation is always the same as spelling ))
orignal ooops, it's belarussian
orignal Russian is more complicated ))
dr|z3d an amusing typo at that.
sexy- the best reason to learn russian is that russian girls are sexy
orignal polish much better
sexy- polish girls are just russian girls but a little crazier
orignal and they say "bobr kurwa" ))
sexy- polish girls are hot too
sexy- just hearing a girl say "kurwa" leads to an instant erection
orignal ja pierdole )
dr|z3d welcome to #saltr, loveme
loveme hi
dr|z3d we have sexy and loveme tonight, is this some sort of conspiracy I should know about? :)
sexy- "love me, sexy!"
fa I think they are the same person. But... I can't tell for sure :)
sexy- fa: hush ;)
fa They might be the same person trying different I2P routers ninja
sexy- or the same i2p router with different keys
sexy- maybe loveme is my siamese twin and we are learning how to circumvent government censorship together today
fa You're in good company then :)
fa *** Waves goodbye ***
dr|z3d leaving so soon, fa?
fa Sleep time. Be back tomorrow. Gnight yall.
dr|z3d aight, laters o/
sexy- favourite i2p torrent trackers? ive been using tracker2.postman.i2p, but want to expand my horizons
dr|z3d that's as good as it gets.
dr|z3d most if not all other trackers are open trackers, so there's not much browseable content.
sexy- hmm I see
sexy- what kind of speeds do you tend to see while torrenting?
dr|z3d Depends on the swarm size, your allocated bandwidth, the quality and length of your tunnels.
dr|z3d On a good swarm with all the right boxes ticked, not unusual to see 1MB/s or so.
sexy- I got peak 3.3MiB/s on one torrent with 2-hop in/outbound tunnels
sexy- but most the rest are hovering around 1MiB/s
dr|z3d that's nothing to be sniffed at.
RN *** sniffs and goes to open a window "it smells like boys locker room in here!" ***
dr|z3d *** chuckles. ***
sexy- debian + i2pd + qbittorrent is using 250MB of ram. pretty impressive
sexy- i2pd so far is significantly lighter than the java client
sexy- and onon's ramblings about i2pd being so much better have been getting to me x)
zzz dr|z3d, we caught a stray intended for you github.com/i2p/i2p.i2p/issues/148
dr|z3d thanks, zzz. already fixed, garden variety npe.
dr|z3d new login page in latest + builds (dev and release). to enable, either set a router console password on /configui or add routerconsole.enforceLogin=true to your configs.
dr|z3d please test, report any issues. session should persist after a router restart. /logout will log you out. if you set routerconsole.enforceLogin=true without an existing console password, the login page should prompt you to set a user/pass.
dr|z3d (and allow you to set a user/pass on that page)
zzz you're gonna wish you had finished the Jetty 12 port before you did all that (((
dr|z3d probably. :)
dr|z3d still, I think it goes some way to heading of the prospect of revolt.
dr|z3d *off
dr|z3d when it's enforced, no password will just oblige you to set one on the login page.
dr|z3d not a perfect solution by any means, but it's something.
zzz I'll not speculate on the prospects of your user base revolting
dr|z3d :)
T3s|4 o/ dr|z3d is setting routerconsole.enforceLogin=false (or doing nothing) the equivalents of a permanent opt-out?
zzz dr|z3d, I pushed my first take on the CSRF stuff. webapps and more tweaks to follow
dr|z3d T3s|4: only if you don't have a password configured.
dr|z3d zzz: nice. borrow any of my stuff, or clean room implementation? :)
zzz I rewrote your allowOrigin(), the nonce stuff I did from scratch
zzz ok. everything goes thru HCH.allowOrigin(), including webapps and plugins, you didn't need to copy it to snark and susi. you fooled me
dr|z3d roger that, looking at it now.
zzz thats why I stuck my in ServletUtil I thought I'd have to share it. wrong.
dr|z3d I fooled you! LOL
dr|z3d so we just shove it in HostCheckHandler and we're good, then?
zzz the origin stuff, yeah, HCH is at the top of the chain, there's a pic in RouterConsoleRunner
zzz so I'm more % done than I thought...
dr|z3d I guess it doesn't much matter for your implementation, it's only defined once.
dr|z3d good, good. less is more when it comes to effort :)
zzz but I was about to call it twice
dr|z3d check your github CI errors, you got a javadoc issue preventing the CI from completing.
zzz thx
zzz ongoing discussion w/ idk, not sure if I'm losing or he's ignoring me
dr|z3d what's the crux?
zzz CI thats always broken or is not monitored is useless
dr|z3d I can't access your logs, but you should be able to. copilot will explain the issue and a fix if you ask it.
dr|z3d probably just setting allow fail in build.xml for javadocs would fix.
zzz it's the <tt> that came in with the json-simp[le update
zzz might have already fixed it once years ago. sigh.
dr|z3d in build.xml -> failonerror="false"
dr|z3d for your javadoc targets.
zzz then we would definitely never fix things
dr|z3d javadoc should still complain when you run the target.
zzz but it pukes out a zillion things
zzz yup, fixed it May 31 2020
dr|z3d yeah, it does have a tendency to puke large. got bored with that, so I fixed all the issues.
dr|z3d I get 2 warnings now.
zzz I saw the javadoc change when I reviewed the diff, but I didn't go back thru the history to see which was right, that's my bad
zzz so, done with javadoc, done with origin, back to nonces
zzz the snark fix will be easy
zzz will copy over some of it from CSSHelper
dr|z3d_ > reminder, <tt> is deprecated, use <code>
zzz yeah thats the answer
zzz the snark fix will be easy
zzz will copy over some of it from CSSHelper
zzz the royal pain is something they didn't find, been on my list a couple years
zzz almost all the buttons on the i2ptunnel index page are just links. only a couple are POSTs. it's really bad
zzz dont suppose you've already fixed them?
dr|z3d no