IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2022/04/07
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4_
@eyedeekay
@postman
@zzz
%Liorar
+FreefallHeavens
+Leopold
+Xeha
+acetone
+bak83
+cumlord
+hk
+profetikla
+scottpedia
+uop23ip
+weko
An0nm0n
Arch
Dann
DeltaOreo
GucciferZ_
Irc2PGuest35128
Irc2PGuest61987
Irc2PGuest99418
KiloDelt1
Meow
Nausicaa
Onn4l7h
Onn4|7h
Over1
T3s|4__
anon
anu
bio
boonst
carried6590
mareki2pb
not_bob_afk
orignal
poriori_
qend-irc2p_
shiver_
simprelay
solidx66_
thetia
u5657
woodwose
T3s|4 dr|z3d: did zzz directly bump from -11 to -13? If there was a -12, I must not have noticed it. :)
mesh surprised to see so many i2p routers in china
term99 routers everywhere
mesh there's 70K routers out there
mesh but just 5 days ago there were 80K routers
mesh that might explain recent connectivity issues
mesh I genuinely wonder if Russia is succeeding in cracking down on I2P routers
mesh for several years now the Russian gov has been looking to block darknets... coindesk.com/policy/2020/03/11/russia-seeks-to-block-darknet-technologies-including-telegrams-blockchain
mesh and they're apparently willing to spend a lot of money to do so
mesh I also wonder what "offline signatures" are
genka I think it's strange that many dests make streams with libreddit.i2p at the same time. for a while it stops, but then the same thing happens again
genka dr|z3d
genka can i2p router make separate dest for each stream?
mesh genka: what do you mean by streams?
genka tcp streams
genka in i2pd i can see them
mesh genka: for a given web site there's only 2-3 tunnels
mesh but your i2pd router may be participating in many, many tunnels
genka wait
genka i will show you
genka how can i share screenshot
genka fileshare.linuxfarm.i2p and cake.i2p just saying The connection was reset
mesh put it on the web
term99 i would either retry a few time or as stated try tor file share or clearnet
genka sometimes there are 0 streams
genka and sometimes there are so many
genka like that
genka i think it's strange
genka from different dests*
mesh I don't know why i2pd uses the words Stream. That's strange terminology.
mesh In my router I can look at 'Tunnels'
genka mesh: no, it's not a tunnels
genka it's streams that going through tunnels
mesh Some of those tunnels, called "Service Tunnels", are created for a web server. Others exist for the purposes of routing.
genka i think it's streams cuz of streaming library
mesh I don't think so
mesh I think what you're seeing are called "Participating Tunnels"
genka it's streams to libreddit dest
genka there i can see my inbound, outbound tunnels, tags and streams
genka for libreddit
mesh you should talk to dr|z3d hehe. There are streams in I2P... I guess
genka i tagged him
genka waiting
genka for the answer
mesh if I remember correctly, within a given Destion/Session you can have multiple streams. This is because you can have multiple client Sockets that were created by the same I2PServerSocket.
mesh And each client I2PSocket attached to a I2PServerSocket which is attached to a Destination is a single Stream
mesh it's possible your website is very popular and has lots of open sockets?
genka hmm, idk, just asked orignal
mesh genka: what did he say?
genka mesh: nothing yet
genka mesh: I came to the conclusion that this is most likely one person accessing the site, but at the same time, his router creates a separate dest for each stream. orignal said it's possible via SAM. but why is still unknown
mesh genka: strange
dr|z3d you can think of a stream as a single connection to a server or resource. for example, when you're viewing a website, your browser will open multiple concurrent streams to download individual resources.
mesh dr|z3d: all those streams travel over a single tunnel though right? So a stream is just a socket?
mesh I think most browsers by default won't open more than 4 connections. The sort of abuse genka was seeing almost looks like an abusive bot.
dr|z3d ordinarily they would travel over a single dest, though for inbound traffic they may use multiple tunnels afaik
dr|z3d 4? 4 is conservative.
dr|z3d > network.http.http2.default-concurrent100
mesh it looks like mordern browsers set it to 8
mesh I would thnink 100 connections from a single client would constitute an attack
dr|z3d that config I just pasted is from firefox for http/2
mesh dr|z3d: I think that's because http/2 can multiplex multiple connextions over a single connection
mesh err multiple http streams
mesh at which point we get a nice inception: i2p sockets multiplexing over a tunnel pool being used by a browser to multiplex http2 streams
mesh (reason #43435667 why http is a terrible protocol. the protocol generates a single request for every resource)
dr|z3d except i2p won't be supporting http/2 any time soon. or ever.
mesh dr|z3d: I don't see why not
mesh it could work I think but it all depends on being able to pass in custom Connection logic
dr|z3d the why not is the requirement traffic happens over https
mesh but you can use ssl over i2p?
dr|z3d you can, but most don't. and when you do, it's self-signed certs only.
mesh I wonder if that's a java implementation though
mesh it should be possible to layer SSL cleanly on top of i2p I would think. These things are supposed to be cleanly layered between a secure layer and a transport layer, with the secure layer generating discreet data for the transport layer
mesh but it would be a lot of work. Somebody would need to write a javax.net.ssl.SSLSocket that is also an I2PSocket
mesh actually it might be easier than that
mesh it might be as easy as taking the SSLEngine and plugging in the socket input and output streams eg: docs.oracle.com/javase/10/security/sample-code-illustrating-use-sslengine.htm#JSSEC-GUID-3DB6AE99-C0BA-49D1-9ABD-DEF439A965E6
mesh I don't think the I2PTunnel does this or has access to any kind of keystore but it probably could be done
mesh sort of thing should be given to a feature bounty program. I imagine some programmers would enjoy the challenge of implementing ssl over i2p
RN remember mesh "somebody should" == "I volunteer to"
mesh I2P doesn't really need SSL. Everything's already encrypted. All that's really needed is a way to attach a Certificate to a Destination
mesh I think this could be done quite easily with a new NetDB entry a la geti2p.net/spec/proposals/123
mesh but I don't think zzz is too keen on the idea
mesh being able to attach real certs to Destinations would be really cool and open all sorts of possibilities
dr|z3d genka: > you can think of a stream as a single connection to a server or resource. for example, when you're viewing a website, your browser will open multiple concurrent streams to download individual resources.
genka i know
dr|z3d you're probably seeing spiders hitting your site using multiple dests to fly under the radar.
mesh dr|z3d: do you know do long lived Destinations offer better connectivity?
dr|z3d you mean persistent destinations?
mesh dr|z3d: yeah I think so
mesh though I imagine even a long-lived transient Destination would enjoy the benefits
dr|z3d the only advantage of a persistent dest for client tunnels is where you need that dest to be fixed to provide access to a service, for example via dest whitelisting on the server, or for custom hostmasks on irc.
mesh For regular LeaseSets, the expiration is the time of the latest expiration of its leases. For the new LeaseSet2 data structures, the expiration is specified in the header. For LeaseSet2, the expiration should match the latest expiration of its leases. For EncryptedLeaseSet and MetaLeaseSet, the expiration may vary, and maximum expiration may be enforced, to be determined.
mesh Is it possible to customize the timeout of a LeaseSet if you don't expect it to go anywhere for a while?
mesh that document is very confusing btw. I feel like the person who wrote that assumes you already know everything about i2p
dr|z3d you'd need to get clarification from zzz. ordinarily a lease lasts 10 minutes + 1 minute grace period.
mesh ok thanks
mesh well that was fun