UDP
RN: it's a common network protocol lol
RN
yeah, UDP I get that. Just wondered if there was more of a story to it. Σ:Đ
RN
anyway. nice to meet you.
UDP
Yeah nope
UDP
Should probably make one up though I guess
UDP
Same! How about your username? What's does RN stand for?
RN
it is short or ReturningNovice
RN
that had to do with my personal history and skill level at the time... but the longer version of the story takes us off topic. ;)
RN
s/short or/short for/
RN
lots of pple tell me lately I'm not such a novice anymore, but I'm not changing the nick since I've used it so long
dr|z3d
don't believe her, UDP, her initials stand for Random Nuisance :)
UDP
What kind of nuisance we talking here? ;)
dr|z3d
:)
dr|z3d
we're not, but if you want to carry on the random non-dev banter, feel free to hop over to #saltr :)
zzz
dr|z3d, and when did I last touch it?
zzz
-> ant distclean
dr|z3d
oh, you're alive, zzz! I thought you'd gone awol :)
zzz
busy
zzz
-8 shortly
dr|z3d
what you been working on?
zzz
round 2 of the mitigations/fixes
zzz
as promised
dr|z3d
great, look forward to them.
zzz
we'll see
zzz
I don't know wtf your profile issues are but -8 will almost certainly conflict with / not fix them
dr|z3d
great, more merge fun and troubleshooting ahead then.
dr|z3d
the main issue I'm having now with the profiles is that for floodfills, existing profile data seems to be discarded after around an hour of uptime, and then entirely new ffs show up on the profiles page. not sure if that's by design or something I've done.
zzz
did they just get down-rated or are they not on the 'all' tab either? (although even the all tab hides a lot)
dr|z3d
first hour uptime, I see ff profiles that have been known about for what you'd expect, hours or more.
dr|z3d
after that, ff profiles page just shows me profiles that have a first seen time of the a few minutes.
dr|z3d
I've made a bunch of changes to how they're filtered for display, so I can't rule that out entirely, but the first hour of uptime where everything seems normal is strange.
dr|z3d
I've disabled the deleteOldProfiles routine from running for now, so profiles only get nuked at session start.
dr|z3d
I thought I might have set the STORE_TIME too low in PeerManager, so I modded that up and the same issue. so it's not that.
dr|z3d
in other news, idk's pastebin seems to mangle newlines, but that aside, some rough edges tidied up: paste.idk.i2p/CanonistCockatoo/read
dr|z3d
all "obvious" pages now styled correctly as per theme.
zzz
ofc profiles get promoted/demoted/deleted all the time, but figuring out if it's being done correctly would take a LOT of logging and staring at it
zzz
best done on a low-bw router
dr|z3d
you're not wrong there :)
zzz
anyway, the checkin from an hour ago is a week's worth of work and a big help if you want to start with that
zzz
just waiting for one more test on the profile stuff to finish
dr|z3d
I've been looking at a couple of routers both high and low b/w to assess the issue, they both display the same symptom after an hour of uptime.
zzz
yeah I'm just saying if you want to stare at logs do it on the low b/w one
zzz
that's why I don't run any high b/w routers
zzz
and rarely any ff, although I am now b/c I need to get them right with the changes
dr|z3d
what's the general thrust re profiles?
dr|z3d
10-4
dr|z3d
some issues you'll only see on high b/w routers, so it's good to have a diverse set to monitor.
zzz
basics, expire more, save/load less
zzz
mirror of the RI changes
dr|z3d
ok
dr|z3d
a good amount of the stuff you're doing there I've been doing for a while, more or less.
zzz
will be more todo though because I think the in-mem profiles may still be out of hand
dr|z3d
quite possibly. I don't bother with those for low-end/unreachable routers at all.
zzz
MRs always welcome if you think you have a good idea
dr|z3d
you don't want an MR from me *chuckle*
dr|z3d
but I'm happy to suggest attack strategies.
zzz
well you'd have to make it pretty :)
dr|z3d
speaking of pretty, when you want to look at pretty, deploy that css above :)
zzz
I need defense strategies
dr|z3d
ok, well here's one thing you might want to think about..
zzz
i don't run a pastebin
dr|z3d
that's not _for_ a pastebin.. you're being intentionally obtuse? :)
zzz
send your attack strategies to mr. salt
zzz
no
zzz
you said its a fix for his pastbin mangling newlines?
dr|z3d
no
dr|z3d
I said it mangles new lines, but have a look. it's intact. it's for zzz.i2p
zzz
then you didn't say what it was for
dr|z3d
it's the completion of the coloring work you started and left hanging probably 15 years ago? :)
zzz
no time for that
zzz
lets wait and see if the screen reader guy is happy first
dr|z3d
I thought you'd have figured that out after the open sans discussion yesterday and the consequent .zip file.
zzz
out of my mind until he responds, I've done what he asked but seems unlikely to fix anything
zzz
so I'll sit and wait
dr|z3d
mv red2.css red2.css.backup and then deploy. but in your own time, no rush. I think you'll be pleasantly surprised by the results.
zzz
if you have the answer for a disabled member of the community who needs help, I suggest you help him
dr|z3d
do remember who you're dealing with, network's #1 blowhard pedant. :)
zzz
rather than use it as an opportunity to jerk me around
dr|z3d
and tbh, I'm more interested in helping the community at large, hence that css file.
zzz
if I give you the unminified css can you give me a patch that fixes his issue and only that?
dr|z3d
firstly, I'm not jerking you around.
dr|z3d
if you want to be obstinate, that's on you. I invested time into fixing your half-finished website theme. enough time.
dr|z3d
but whatever, you want to write off my work as jerking you around, ok. and in answer to your question, no. I don't need unminified css, and I'm not going to just fix some perceived issue that I cannot reproduce.
zzz
telling me to install stuff while refusing to tell me what it's in reference to was not helpful
zzz
if you can't reproduce it either, then we're stuck until he responds
zzz
I'll fetch and save your css and take a look when I have time, thanks
dr|z3d
"stuff" being a single truetype font family available in your repo, but I take your point. I was trying to give you something to smile about.
zzz
it's too horked with the lines and it has smart quotes in it, it's unusable/unreviewable from that pastebin
dr|z3d
skank.i2p/zzz.zip (updated with new css file).
dr|z3d
there are a couple of icons in there for the footer for rss feed / twitter.
zzz
ok thx
dr|z3d
just insert them in the footer somewhere and I'll make them look pretty.
dr|z3d
and do install fonts-open-sans when you have a moment.. site will work fine without, but best with. the extra font weight support's in all the alt fonts, but open sans is the closest to your original Verdana choice.
dr|z3d
back to the main topic, you're only currently blocking inbound connections from perma-banned peers, not session-banned peers. maybe that could be tightened up?
dr|z3d
I've added session-banned peers in these commits: gitlab.com/i2pplus/I2P.Plus/-/commit/848aed80f284f8b8d4a541fe8811ddc0219e5bae & gitlab.com/i2pplus/I2P.Plus/-/commit/24ba5cf25c8b600ea19d275b5665ade68647c613
dr|z3d
I suspect isBanlisted(hash) also covers permabanned peers, but that was the initial stab.
zzz
peers get temp banned for unreachable; so as designed, you should allow them incoming
zzz
if eldorado had user-selectable themes I'd just throw it in there as an option but it doesn't
dr|z3d
to review it you mean?
dr|z3d
re allowing incoming, unreachable peers will be permitted incoming connections once the ban expires, no, so not sure what the problem is with preventing incoming connections while they're banned.
zzz
because they're only banned because they're unreachable, so there's no reason to refuse a connection the other way
zzz
that and a host of similar changes are probably bad for the network and definitely would be at scale
zzz
re: theme, I mean as a selectable option, no review needed, but alas not available
dr|z3d
Well we need a separate class of ban then to differentiate between "offensive" routers and routers with reachability problems. Failing that, I'll figure out some way to check the ban reason and block on that basis.
zzz
you're swinging the banhammer around way too recklessly to buy any of that back
zzz
correct, there's no reason code stored in the banlist, except there is, but it's a string for display only, so it's messy
zzz
so the only classification is temp. vs. permanent
dr|z3d
yeah, so I'm suggesting a 3rd class, temp,perm and "reachability" or whatever.
zzz
lot of work
dr|z3d
I'll figure out a way of not blocking unreachable peers from inbound, but the main point is making sure offensive routers get the full treatment.
zzz
forever = expires > 2 days from now, unless you've hacked that too
dr|z3d
don't want to set bans that long for offensive routers, just clutters the banlist.
dr|z3d
really prefer not to have 90K routers cluttering my banlist if I can avoid it.
zzz
then stop adding all your hacks to ban more routers
dr|z3d
it's fine, bans are doing what they're intended to do.
dr|z3d
for now, banlisted = no access to inbound ports.
zzz
most of your issues are self-inflicted
dr|z3d
re eldorado, just throw the new theme up there and solicit feedback.
RN
I've noticed in 2.1.0-07 my participating peers looks like a sine wave going from about 3K to 4K and back. Previously it was mostly flat. I'll see what happens in 2.1.0-8. Things overall running pretty smooth, except more frequent tunnel drops, but still very usable.
zzz
um
zzz
no such thing as 'participating peers'
RN
s/peers/tunnels/
zzz
10 minute sine wave frequency?
RN
mm... lemme zoom in a bit
RN
looks more like an hour\
RN
the other router is already on -8 and I cleared the graph data
RN
mm... lemme zoom in a bit
RN
looks more like an hour\
RN
the other router is already on -8 and I cleared the graph data
zzz
if you are hitting limits a 10 minute cycle is normal and common because you reject for a while. haven't seen an hour cycle before
zzz
click persist graph data and you won't lose it next time
RN
yeah, I should turn that back on while testing dev versions
zzz
doesn't cost much
zzz
thx for testing -8
RN
I have a credit on my account, so it is fine. :þ
zzz
you always have credit with me :)
RN
Σ:Đ
zzz
how do we figure out if we need to do a release?
zzz
twitter poll? reddit?
RN
but I think there is more exposure on reddit than twitter...
zzz
my 2.1.0-0 java i2p router is:
zzz
a) doing ok
zzz
b) frequently crashing or barely usable
zzz
c) I'm not running 2.1.0-0
zzz
you always need the last one b/c ppl love to click
RN
d) I'm new and don't know what to compare to
zzz
ooh good
zzz
what we can't do is a poll 'should we do a release' b/c that will be 99-1
dr|z3d
it's a substantial set of changes, a release is a good idea.
zzz
we will do it, sometime...
dr|z3d
trust your gut instinct. if you think the network as a whole will be improved with an early release, go for it. users aren't really in a position to know that.
zzz
cost/benefit
dr|z3d
and just as importantly, if orignal is ready for an early release, his users will benefit more.
zzz
and risk
dr|z3d
sure, you can also opt to let the latest set of changes bed in for a while, see if there are any related issues that crop up.
zzz
ideally it should soak for at least a month
zzz
diff at 75% of the size of the last one
dr|z3d
is there anything else you've got lined up you might want to deliver this cycle?
zzz
DnD :)
dr|z3d
dungeons and dragons? what are you smoking? :)
zzz
snark dragndrop
dr|z3d
ah
dr|z3d
you got that working on chrome yet?
zzz
no, chrome bug
zzz
then I tried ff on win and it didn't work either
dr|z3d
sounds like more headache than it's worth until moz/goog fixup their shizz.
obscuratus
Has anyone every used the 'confidential' click box for reporting issues on git.idk.i2p?
obscuratus
Does it sufficiently restrict access for an issue that may be sensitive (maybe not). Presumably the confidential option can be lifted later if it's deemed OK for view by everyone.
dr|z3d
I think that's about right, obscuratus.
dr|z3d
easy fix to the isBanlisted/isBanlisted forever conundrum, zzz. add a 3rd method, isBanlistedHostile which checks for routers with a bantime of >=1h.
zzz
why would you not ban a hostile router forever?
dr|z3d
for reasons I outlined above. you don't want to choke up your banlist with ephemeral routers.
zzz
not gonna happen in canon anytime soon, but perhaps your banhammer cannon needs more nuance
dr|z3d
I've already implemented it pursuant to your issue with blocking inbound for temp banlisted routers.
zzz
I'll give you credit for one thing, I finally gave up on U routers in tunnels. The huge attacker fleet of LU routers is killing expl. build success
dr|z3d
yeah, I figured a long time ago that U routers are U for absolutely f'ing useless :)
dr|z3d
U and floodfill? ban.
zzz
I looked and xU for x > L is averaging < 1 tunnel per hour. I thought we were giving them some cover traffic, but no
zzz
ofc if salt switches back to XfR it won't help, but for now it does
dr|z3d
moving target, but the mitigations shouldn't hurt and just close off obvious areas of exploitation.
dr|z3d
router here's varying build success between 60-80% right now.
zzz
trying to fixup profiles to really penalize the losers, that code hasn't gotten attention in a long time
dr|z3d
you might consider uncommenting the good/bad send count for ffs.
dr|z3d
gives you another metric you can gauge performance by with a view to banning the shit.
dr|z3d
(or maybe there's enough datapoints already to do that)
zzz
the XfR storm was brief and didn't really get a good sense of how it affected netdb performance
dr|z3d
they're good values to plot in the floodfill profile table, easy for users to understand.
zzz
focused mostly on tunnels
dr|z3d
ok, so I guess you're looking at the med/long term tunnel accept/reject/fail values to work out where a peer should be deemed useless.
dr|z3d
I guess there's enough data in the profile to work out a reliability score.
zzz
see recent CapacityCalculator changes
dr|z3d
oh, you've been busy again. never noticed :)
zzz
trying to get the incredibly shitty LU fleet downgraded
zzz
while hopefully having mostly the same result even if they switch to R
zzz
there were a ton of high cap LU's with capacity scores > 7
dr|z3d
yeah, not good. I don't build any tunnels with L regardless of reacability. helps.
zzz
never mattered until there were thousands
justmessin
zzz apologies if this comes across as a complete noob but L/LU routers? XfR?
zzz
sure but they were still taking up high cap slots
dr|z3d
L = slow, X = fast, f = floodfill.
justmessin
not familiar with either the i2pd or java i2p codebases however id like to help. driz3d and "U" / "XfR" ?
justmessin
XfR is transfer rate or
zzz
so trying to knock them down no matter what the caps
zzz
the bad ones that is
dr|z3d
I try to avoid profiling L tier.
dr|z3d
in theory that should keep that out the high caps range, but I see a few here. nothing U, however.
dr|z3d
maybe some of your recent changes have reinstated them. will have to double check.
justmessin
im guessing theres already some system for banning 'bad' floodfill routers locally, that is floodfill routers that you've locally determined to be bunk
justmessin
even if so doesn't fix the issue of an actor doing this again and passing as normal until it was set, establishing themselves as 'good' floodfill peers
zzz
justmessin, there's a legend at the bottom of the profiles page
zzz
dr|z3d, I think we also need to turn the new peer bonus into a penalty
zzz
but need to be careful about just started + long downtimes
zzz
will think about it
justmessin
zzz thanks. if I understand correctly every router has a keypair. if ranking was possible locally (by downtime, bad peer count, whatever) - this could be advertised and signed by the router. other routers use their own rating to determine how trustworthy another routers rankings are
justmessin
although that could lead to the same issue of gaining legitimacy for a period of time and then triggering. fast enough redistribution would prevent it from becoming a problem
zzz
no, that's not our design. everybody does their own rating, we would never trust somebody else's rating
dr|z3d
justmessin: we're discussing specifics. if you want to read up on the generalties, geti2p.net/en/docs/how/peer-selection
dr|z3d
Blinded message
justmessin
zzz: ah understood. driz3d: okay thanks
dr|z3d
you might be onto something there, zzz. maybe new profiles need a bit more cred before they're marked up, like some good sends etc.
zzz
the idea was to help integrate new peers but not helping us now
dr|z3d
the assumption's turned on its head right now, that new peers are a good thing. obviously not the case at the mo.
zzz
somebody suggested it, maybe obscuratus, bud didn't remember we were doing the opposite
zzz
no time for charity when everybody's a thief
zzz
doesn't look like you've meddled much in capacity calculator but that's a key spot for policy impl.
zzz
w.r.t. client tunnels ofc
obscuratus
Ah, you changed the Sybil costs. It's playing hell with my testing network. :D
zzz
but also expl. during congestion aka now
zzz
yeah ipv6 sybil. maybe still needs tweaks
zzz
but probably shouldn't be running in test mode
dr|z3d
no haven't "meddled" much with cap calc.
dr|z3d
that last set of changes is the first time I think I've done consecutive merge commits without a conflict.
obscuratus
I just change the sybil threshold, and it let's me test it sometimes.
zzz
I never ran a testnet long enough for sybil to kick in
zzz
obscuratus, want to try to submit an MR to fix it? I could use some help around here
zzz
just find the spot to add if (!_context.getBooleanProperty("i2np.vmCommSystem"))
zzz
so the analyzer never runs
dr|z3d
apps/routerconsole/java/src/net/i2p/router/web/helpers/NetDbHelper.java looks like the probable place.
zzz
whoever starts the timer
zzz
no dr|z3d not in the console
dr|z3d
and router/java/src/net/i2p/router/sybil/Analysis.java probably.
dr|z3d
more likely the latter.
dr|z3d
former's only for console display.
zzz
if you dont start the timer it wont run
dr|z3d
yeah, all you need is to detect vmcomm and enable router.sybilEnableBlocking if true.
dr|z3d
or rather, disable.
dr|z3d
if (_context.getProperty(PROP_BLOCK, DEFAULT_BLOCK))
dr|z3d
doBlocking(points);
dr|z3d
&& !vmcomm.system
zzz
and ofc the setting is allowLocal, not vmCommSystem
dr|z3d
yeah, that was shorthand :)