IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2023/01/09
dr|z3d zzz: seeing complaint about Blocklist file not found: [..].i2p/blocklist-country.txt on every startup.
dr|z3d if that's something that can safely be ignored, we probably don't want it generating a warn log event.
zzz yeah that's only if in hidden mode, to block same-country routers
dr|z3d so we want to check for hidden mode and then only generate that warning if it can't be found then, probably, no?
zzz not worth the effort, just lower the level if it's bugging you
dr|z3d ok, no worries.
dr|z3d re hidden mode, I notice when that's active it blocks all routers in the same country, regardless of whether or not the local router's in a hostile country. intentional? necessary?
zzz dunno
zzz if you're scared enough to set hidden mode, then why not
dr|z3d yeah, I dunno either. just thought I'd mention in passing.
dr|z3d that patch you committed earlier seems to be holding up, no evidence of the previous error so far.
zzz super, thanks for testing and report
dr|z3d thanks for fixing
zzz even if everything's perfect, we need another day, because I haven't started my code review yet and it's a big one
zzz and feeling sheepish after the chacha / encrypted ls2 fiasco
dr|z3d bah, easy mistake to make. everyone gets tired :)
dr|z3d fortunately someone spotted it, one of our chinese friends, no? so we're good.
zzz thats why other eyeballs even more important than mine on the review. I can't see my own screwups
zzz get cocky and you get smacked down in a hurry
dr|z3d very true. some humility never hurt anyone :)
dr|z3d I wonder if an automated java fuzzer wouldn't be helpful.
dr|z3d or if you want a fuzzer with probably the best name out there (and more recently updated): github.com/tehmasta/jazzer-Java-Fuzzer-
dr|z3d trying to find a fuzzer that can be automated in gitlab as a task.
dr|z3d gitlab/github
zzz doesn't sound easy because you really need to teach it about the protocols to get any half-decent results
dr|z3d here's one that hooks into github's CI: github.com/marketplace/fuzzit-dev
dr|z3d yeah, it may be of limited use, but then again, it might be good at spotting NPEs and other irritations that can be overlooked.
zzz i2pd would probably benefit because C++ but it doesn't seem like it would be too fruitful against an overflow-proof language like java
zzz yeah effort vs. reward
zzz not saying it wouldn't find issues
dr|z3d sure, ideally we're looking for something that required minimal effort to generate useful results, not something that requires days or even hours of tuning.
zzz but explotable vulnerabilites vs. irritations? not so sure
dr|z3d I'm going to see what that CI fuzzer app brings to the table if I can get it working. if it seems worthwhile, I'll let you know.
zzz yeah. obv. you have to pick an interface/protocol (I2CP, I2NP, SAM, tunnel builds, ratchet, SSU2, NTCP2, ...) to point it at, even if you don't teach it
zzz just to give an example of the issues with not teaching it, SSU2 protocols are protected by a Poly1305 MAC, so only 1 in 2**128 randomly-generated crap will get through to actually being processed
dr|z3d ok, could be a complete waste of time, we'll see. if it's just a question of installing it and nothing else, no harm in taking it for a spin.
zzz have fun
dr|z3d haha, thanks. "fun"
dr|z3d re adding a service line to /logs, zzz, if you're going that route, might be better as Wrapper: {version} or n/a
dr|z3d you could also factor in whether or not the install is running from /usr/bin or ~/ I guess to make debugging even easier.
dr|z3d I already display router install location and config dir just so the user knows where they are.
lbt The build.xml describes (echo) a target "bundle" but has no such thing actually. It seems to be redundant to "git-bundle" - which is contained and probably working (I'm missing dependencies). Not sure if there were plans to do something there like making a bundle without the "call" to make the .torrent or so? Otherwise that echo-line could just be deleted from what it looks like to me.
lbt It's mentioned as "bundle" in some documentation though