zzz
ping eyedeekay
eyedeekay
pong zzz, if it's about the news I am working on it
zzz
no, more generally
zzz
can we do some high-level coordination here?
zzz
details may need to be taken offline
zzz
but who's doing what and when
eyedeekay
Yeah OK
zzz
so what are you working on?
eyedeekay
I am doing a news, blog, forum update as we speak, with some difficulty but will be done soon
zzz
what about fixes?
eyedeekay
I am observing the effect on i2pgit.org for suggesting some mitigations for services hosted on floodfills
eyedeekay
I am also looking into how to exempt pre-contacted floodfills from IP checks in sybil tool
eyedeekay
Which may overlap with my understanding of 165.1
eyedeekay
I am not working in 165.2/3 or signed RIs yet
zzz
well
eyedeekay
Right now multihoming on a non-floodfill seems to be improving i2pgit.org's reachability
zzz
prop. 165 is nothing now but a bag of ideas and alternatives, and we have no ETA for a 2nd draft
zzz
options 2 and 3 are not specified fully and not currently implementable
zzz
option 1 isn't either, but we could fake our way through it
eyedeekay
\/RI/DSM/
eyedeekay
Yeah 1 is at least close to something orignal's already done sort of
eyedeekay
But 2/3 require more decision making
zzz
signed RI discussion is in saltr now, again, just the beginning of an idea
eyedeekay
Which one and more importantly why that particular solution
eyedeekay
Since roughly 5 have been floated so far
zzz
until there's a 2nd draft of prop 165 there's nothing to be done
zzz
the attacks touch a number of functional areas that may require fixes
zzz
let me first list them, from my notes:
zzz
- sybil
zzz
- ff peer selection
zzz
- tunnel peer selection
zzz
- ssu2 (prop 165)
zzz
- netdb clogging
zzz
- HFDSMJ
zzz
- NTCP2
zzz
- throttlers all over
zzz
- banning/blocking
zzz
eot
zzz
I have a suite of changes covering about 5 of the above
eyedeekay
That mostly agrees with what I am looking at but I didn't have NTCP2 on my list at all, and given the stalemate on 165 was focusing on block/ban mechanics and peer selection
zzz
you have fixes for any of that?
zzz
any particulars we need to coordinate on?
eyedeekay
Not ready yet but I am trying to tame the threat-point inflation in the sybil tool with a couple approaches, partly by capping the total penalty for same-IP threats and partly by applying a bonus for being precontacted
zzz
did you see what i said in saltr (yesterday?) about sybil IP checks can't be salvaged?
zzz
my conclusion is they can't be fixed, at least not short term
zzz
I can tune them for today's attack but not tomorrow's or the next day
zzz
but open to hear something different
dr|z3d
never got any feedback on my suggestion to assign a random family to every router if it's not already part of an existing family. nuts?
eyedeekay
I think that most of the stuff the sybil tool looks at is ambiguously meaningful, which is why it assigns threat points and bans at a threshold
eyedeekay
but the current problem with the IP checks is that it's super easy to inject a thousand threat points by putting out fake RI's on the same IP
eyedeekay
So what I'm trying to figure out is how to make sure that IP addresses are still meaningful to the sybil tool, but not so meaningful as to override all sense
eyedeekay
To me that seems like there could be either a "cap" on the same-IP penalty, or a "scale" of diminishing penalties
eyedeekay
Which is general
eyedeekay
"Not clones" isn't the same as "not sybil" so maybe the bonus scales to the same-IP penalty
zzz
yeah I went down that road too
zzz
sybil is by definition heuristic-based
zzz
so almost by definition it can be gamed / worked around
zzz
my thesis is that sybil was our downfall
zzz
our throttles and peer selections were actually working pretty well, and need only minor tweaks
eyedeekay
I can definitely agree with that, our most glaring and impactful problem for this attack is the attacker gaming the sybil tool
zzz
I have sybil code to check for same ip/port, and check for which one we actually talked to before, etc etc
zzz
not happy with any of it
zzz
longer-term, maybe, but I'm quite wary of any of it as a short-term fix
eyedeekay
So do we just disable it?
zzz
yeah, so my proposal is:
eyedeekay
There are some Redditors asking for threat point recommendations, I am tempted to tell them to do so
zzz
hold that thought
eyedeekay
Ok
zzz
1) disable all ip checks in sybil
zzz
2) one-time delete of the sybil blocklist on disk, as it's currently clogged with badness
zzz
3) package of minor tweaks to other subsystems listed above
zzz
4) cut that as a release relatively soon, don't wait for anything requiring a proposal
zzz
eot
zzz
alternative would be a more ambitious set of changes, possibly including proposals, on a longer schedule
dr|z3d
re 2), a button to remove all sybil bans would be handy.
eyedeekay
Let's start with your stated proposal
dr|z3d
re 4), if getting the release out as soon as possible is a consideration, maybe forego the formal release process and just push an update via the su3 servers.
zzz
for the redditors, disabling sybil and deleting the file and restarting is better than tweaking threat points
eyedeekay
That's what I'll relay to them
zzz
so how I suggest we proceed is:
zzz
- I check in 1) and 2), with a bump to -3, because I need a bump to know when to delete the file
zzz
- send you a WIP patch for 3) privately for you to review/test
zzz
that might put us on a path to get a release out in a couple weeks
zzz
FYI the file is ~/.i2p/sybil-analysis/blocklist-sybil.txt
zzz
the sybil page button is hidden behind advanced config but they can get to it with a direct link
eyedeekay
That plan works for me, 2.5.1 could happen second week of may if all goes well
orignal
so new release in may?
eyedeekay
Point release, 2.5.1 for us
eyedeekay
Not an API bump
zzz
I do not suggest putting sybil disable stuff in the news, just tell them to hang tight
orignal
then we will make 2.51.1 too
zzz
but keep working on sybil tweak ideas, maybe we'll come up with something
zzz
I'll share more of my concerns about sybil gaming privately
zzz
orignal, maybe. You have an ETA on a 2nd draft of prop. 165? That may factor into our plans
zzz
eyedeekay, you want a MR for 1) and 2) ?
eyedeekay
Yes please
zzz
ok I'll work on that
orignal
not sure
zzz
and then on cleaning up the collection of tweaks for 3), which I'll get to you privately with some explanations
zzz
email is pretty broken but I'll figure something out
zzz
if this plan holds, I'll want to push susimail search to tx for translation, but that can wait a few days
zzz
and the big-changes-in deadline would be over
zzz
ofc if there's no proposals implemented and no API bump, there's no need for release coordination between the two projects, go for it when ready
zzz
eyedeekay, please don't make any promises in news or on reddit, just say we're working on it
eyedeekay
I won't commit us to anything
not_bob
I'll poke RTP to post something on his social media when it's time to urge people to upgrade.