Death by Dangerous By Design Defaults, Dumb DoH Degrades DNS's Dignity.

Firefox recently introduced DNS over HTTPS in firefox for "securing" application dns. I am personally of the opinion that applications should NOT attempt to work around a broken system resolver as this is a system issue that is out of scope of the application. But I digress. While DoH is a security upgrade in theory and in practice (most of the time) vs normal DNS, firefox's implementation contains a fatal flaw in the default settings that make it effectively off unless you explicitly turn it on.

By default DoH in firefox is "oppurtunistic". Specifically if your upstream DNS makes use-application-dns.net eplicitly not resolve firefox turns DoH off. Yes DNS is rather insecure and your ISP can do whatever it wants and that's kind of the problem. Firefox is depending on your system's DNS being secure to ... uh... secure appliation level dns in Firefox. See the problem yet? The real …

Read more ...


Life Update Blog June 2020

Today I get my airconditioner from amazon prime delivered, allegedly. It's june, it's humid and my window fan isn't cutting it. Nothing much changes in Jeff land yet the world is going insane at the moment. Alas politics is not the topic of this blog post.

The topic is... daily life.

It's saturday morning and I am doing bug triage on github as if it was a weekday. The work week has been going for the past 2 years or so as I am a workaholic and use work as an escape from my real life problems. I am still a shitty person in person and online. I don't think I ever grew up. Sometimes I wonder what I am doing, maybe this is an early mid life crisis. One thing for sure is that I need a non computer related hobby (yea, but like, can your non computer related …

Read more ...


Lokinet with DNSCrypt-Proxy

Intro

This is a quick intro with how to use lokinet with dnscrypt-proxy on ubuntu/debian based distros to secure your dns queries from spying eyes, as requested by someone on an XMPP muc.

Setup

You want to first install dnscrypt-proxy

# apt update
# apt install dnscrypt-proxy

Next install lokinet see this blog post on how to do that.

Configuration

By default your system will want to use dnscrypt-proxy as system resolver, this is fine as you can always forward dns for .loki and .snode to lokinet.

In /etc/dnscrypt-proxy/dnscrypt-proxy.toml you want to add an option to provide a fowarding file:

forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'

In a new file at /etc/dnscrypt-proxy/forwarding-rules.txt'put the following forwarding rules:

loki 127.3.2.1
snode 127.3.2.1
0.10.in-addr.arpa 127.3.2.1

The first rule says to forward the .loki gtld to lokinet …

Read more ...


opentracker.i2p.rocks

New stable opentracker now online with announce urls:

http://opentracker.i2p.rocks:6969/announce
udp://opentracker.i2p.rocks:6969/announce

Installing Lokinet on Ubuntu

Intro

This blog post will guide you through the process of installing lokinet using our apt repo and is aimed at people whom are just getting into linux and may not know how to do such.

Setup

If you want to learn don't copy paste, if you want it to just do stuff and don't care yeah just copy paste.

Open up a terminal, in stock ubuntu it's control alt T.

Now we want to grab the apt repo's public keys, this is used to verify packages.

curl -s https://deb.imaginary.stream/public.gpg | sudo apt-key add -

(This requires you to enter your admin password because it is using sudo)

Next we want to add the apt repo to the system's apt repo list:

echo "deb https://deb.imaginary.stream $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/imaginary.stream.list

(This will auto detect what version …

Read more ...


Quick Lokinet Update, June 2019 (1 year in).

One year has passed since working on lokinet full time and we've managed to make something that works and does stuff. The upcoming release is being held off until "stability fixes" are applied. When lokinet works it works very well, the problem we face right now is (I suspect) some lingering path handover logic errors which can be tuned out with time. I'd really like to do a release but have been to hold off until the "stability fixes" are applied. I don't know how long that will take and would rather do a release now so we can start iterating on scaling the network and handling any possible issues in that. Over all I suspect are ready for launch.

Lokinet on mobile

The next step in development is the mobile port, which I am dreading. The lokinet code was not made with mobile in mind, it was made to …

Read more ...


i2pd 2.24 released

i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.

I2P (Invisible Internet Protocol) is a universal anonymous network layer. All communications over I2P are anonymous and end-to-end encrypted, participants don't reveal their real IP addresses.

I2P client is a software used for building and using anonymous I2P networks. Such networks are commonly used for anonymous peer-to-peer applications (filesharing, cryptocurrencies) and anonymous client-server applications (websites, instant messengers, chat-servers).

I2P allows people from all around the world to communicate and share information without restrictions.

i2pd is licensed under the 3-clause BSD license, binary packages are available for Debian, Ubuntu, OS X, FreeBSD, Android and Windows.

View release on GitHub

Changelog for i2pd version 2.24:

Added

  • Support of transient keys for LeaseSet2
  • Support of encrypted LeaseSet2
  • Recognize signature type 11 (RedDSA)
  • Support websocket connections over HTTP proxy
  • Ability to disable full addressbook persist

Changed

  • Don't load peer profiles if non-persistant …

Read more ...


Why I wrote LLARP

Recently I happened across a bitcoin talk thread while peeking at my blog's http access log at a time when I should've been doing work instead.

I'll probably take this chance to make it very clear what llarp/lokinet is and is not and why it even exists in the first place.

I can say that, in my opinion, llarp/lokinet is attempting to be a protocol to replace i2p.

I2P has a mountain of technical debt in their protocols that have been taking several (5+) years now to rectify. It is in fact easier to rewrite the whole thing than to rebase the protocol atop sanity. I am not the first person to suggest this by any means, nor the first to attempting it. The first attempt I have seen was the shadow protocol from 2013. For whatever reason it died off, I personally suspect it was because of …

Read more ...


Lokinet Update March 2019

We are most likely on schedule for an end of Q1 2019 "public release" of lokinet if all goes well in the internal testing phase. ( don't know why we are considering it a public release since the code is public already but eh... ‾\(._.)/‾ ) We have an internal code freeze in mid march and I hope to have a stable build ready.

Unit tests are HARD D:

It's been about 10 months since I started working on lokinet full time. The master branch on github has been relatively stable for 2 months and work on the staging branch is very heavy. We have currently 855 test cases across 95 test suites and we're not even close to full test coverage. You can generate a progress report on unit test converage as of now (March 2019) here. My personal goal is to get at least 85% coverage on the code base …

Read more ...


i2pd 2.23.0 static arm build

my unofficial static arm build for i2pd 2.23.0 is up here.

make sure to check the signature and verify the hash

b2sum:

e4cf21c06ae441030253dcb636eb05f0b5dc6405879b86b3b8f734a3195856ab20163c780c1c144e47f50dd9f8dc748bd243739262e2bd98fe05dac473c5c4b8  i2pd

the build was compiled with -Os and stripped for smaller size, so you may have better speed on systems without speculative execution like the raspberry pi 1.

uses:

  • openssl 1.1.1a
  • boost 1.62.0