musings on tuning nginx for production.

The nginx default settings are a stroke of accedental or maybe intentional genius. They are so under powered that it is actually amazing they worked for me for as long as I had them. I assume it is this way so that it forces admins to actually pay attention and tune it for production environments. I run an open bittorrent tracker that tracks somewhere upwards of several million peers concurrently and I use nginx as my load balancer for the http side of it.

everything is fire

a few days ago i noticed that the box i was running this massive open tracker on was dogpiling and had a backlog of over 1K connections in the workers in the writing state. after putting nginx performance tuning into the web search, i came to the realization that you are actually supposed to tune nginx for production enviroments because the defaults are …

Read more ...


New GPG Key for signing (again)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



I have yet another new signing key, this time with a new email.

key id: 2CE6F2743138825B7A7E521D025C02EE3A092F2D
Jeff Becker (probably not evil) <jeff@lokinet.io>

bitcoin height: 726016 
bitcoin blockhash: 0000000000000000000a333f89a22811a5d6f204f5710617b65dafa2540b93e5
date: 2022-03-05T14:49:29Z

this key can be found at https://lokinet.io/jeff.asc

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYiJyJhYJKwYBBAHaRw8BAQdAAPFtUhvt/EyIEBI8JswbnTGmPLU7ISCo1aJY
n48hwMG0MUplZmYgQmVja2VyIChwcm9iYWJseSBub3QgZXZpbCkgPGplZmZAbG9r
aW5ldC5pbz6IkAQTFggAOBYhBCzm8nQxOIJben5SHQJcAu46CS8tBQJiInImAhsD
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEAJcAu46CS8tFF4BANjsgVi8DCd8
AoQA9NXmqkS++7fBLrFGC5ia61EoPQfiAP4oRw2hqNP8qgNssYOOvWPIIZwdgxS1
6tFADNaOxjv1DQ==
=xQZL
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQRn72umjnsLDW6099TzV7O0L2+bBQUCYiN5lQAKCRDzV7O0L2+b
BYmmAQDsqCuvfWteGTY4nysMA1QOiae3XvTTrT4K/DSQH06XWAEA6Z6gvJlgYRu7
xmUkA5MIS7902UAEY5E7aeHmMpnsxw8=
=y/cu
-----END PGP SIGNATURE-----

New GPG Key for signing

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I have made a new gpg key for signing only.

Jeff B <jeff@oxen.io> 0F93122F6703A48A6863DA8138BF6648CE62B3E0

key is as follows:   

- -----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYfkqcxYJKwYBBAHaRw8BAQdAMxbyn8VPN6n8Mn1DAiy6HocftdTFvGM9I7zI
nfdFzf+0FUplZmYgQiA8amVmZkBveGVuLmlvPoiQBBMWCAA4FiEED5MSL2cDpIpo
Y9qBOL9mSM5is+AFAmH5KnMCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
OL9mSM5is+CebgEA2bYhZux7xC9dlojBjYVxtxmx556DHd/2PW/U6mu7kRsBAJKh
8k43mJ0B07zmaxjNPfjtNHWSAaEB6aIM2YMZd7QH
=efXH
- -----END PGP PUBLIC KEY BLOCK-----


the current bitcoin block hash is: 

000000000000000000052dd07c94e9272fdf737d7530bd3c5e7baea04e3cab49
block height: 721335
block produced at: 2022-02-01 07:22
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQRn72umjnsLDW6099TzV7O0L2+bBQUCYfksVQAKCRDzV7O0L2+b
Be+CAP9/aIxkaVYV+VDaoTuC4sPqTJZbp0tUqu36zJqizVFyGwEA7qBuk2WMeOqo
jtEtpdknFvRDi0zBkb0EZ49fgHAXsAs=
=+rsi
-----END PGP SIGNATURE-----

Hosting a Lokinet Exit - A Guide for the Lazy

This is a super abridged guide on setting up a lokinet exit node inside docker.

prepare the host

docker using apt:

$ sudo apt install docker docker-compose wget

grab the docker-compose.yml

$ mkdir -p /usr/local/exit/
$ wget https://github.com/oxen-io/oxen-docker/raw/main/lokinet/docker-compose.yml -O /usr/local/exit/docker-compose.yml

turn it on

put the exit node up:

$ cd /usr/local/exit && docker-compose up -d

now get the exit node's .loki address:

$ cd /usr/local/exit && docker-compose exec lokinet print-lokinet-address.sh

client usage

your exit node is now usable, you can turn it on on a lokient client using the lokinet-vpn command:

$ lokinet-vpn --up --exit putyourexitaddresshere

updating

Ocassionally you'll want to update the docker images, you can do that using this command:

$ cd /usr/local/exit && docker-compose pull && docker-compose restart

OH GOD OH FUCK OH GOD

your exit is ready, enjoy the packets.

Custom Images

see our …

Read more ...


New server (Sept 2021)

The datacenter in which my rented OVH dedicated server is located is currently dealing with total shit connectivity.

i2p.rocks has temporarily relocated to a dinky hetzner vps. Some resources may be missing.


The MA local government just installed spyware on your device.

A few days ago, someone had the bright idea to silently and without consent push a government made mobile phone application onto everyone's devices (for your own good).

The scope of what this propriety application does is still not verified.

Regardless of intent or application functionality, This undeniably, is not okay. A government installing a software without notice or consent onto their population's devices is not something a healthy functioning democracy does, it's what a psychotic paranoid despot does. If the Mass Gov truly wants to minimize harm this is the opposite of what needs to be done. All this will do is drive conspiracy theories and deepen a very legitimate mistrust in the institutions that plague the USA (which helped give rise to people like donald trump).

This app does not have a launcher icon. To uninstall this app on android, go to settings -> applications and list all the …

Read more ...


Opportunistic SMTP over Lokinet: it could work...

STMP, isn't. It has a lot of auxillery stuff and it's a nightmare to run a mail exchange. That being said, the excessive flexibility of the protocol stack can be a good thing if you know how to use it.

Given you use a postfix + opendkim setup I have devised a super neato near turnkey way to exchange email between mail exchanegs over lokinet while still coexisting with non lokinet mail exchanges.

To do all this install lokinet, persist the snapp keys in /var/lib/lokinet/lokinet.ini in the [network] section keyfile=/var/lib/lokinet/hs.private, then restart lokinet to apply settings. To get your .loki address do a dig @127.3.2.1 -t cname localhost.loki (after restart of course)

The changes needed for the mail exchange side is actually really simple. My dns configs (bind9 style) for my mail exchange are now effectively this:

IN …

Read more ...


REJOICE, opentracker.i2p.rocks capacity increased

REJOICE, I have increased the number of threads handling udp traffic from 8 to 16 to deal with a recent increase in traffic.

As a result the tracker software was restarted. Probably could have SIGHUP'd it but meh.

This tracker is my personal zen garden type hobby.

You can see traffic stats on the front page of the open tracker here.

Packets go brrrrrrr haha.


The Fediverse - The illusion of community and the beginning of its new normal.

I used the fediverse to shitpost, meme and in general vent my internal monolouge to whoever wanted to listen, that used to be work fine but over the ages it has become more and more... uh... cancerous? Not sure if that word works or not but I can't really think of many other ways to put it. Yes, it's way to too cancerous for even a seasoned shitposter as myself who reguarlly shitposted on there about pretending to hate the french. It reminds me of what happened to 4chan/8chan, in the beginning it was niche and then it got invaded by a wave of shitheads from whence it never recovered. I suspect that that time is coming for the twitter/usenet/web protocol amalgum, sooner rather than later.

I have used the fediverse since around 2017-ish I am not some new admin idiot that just set this up I've …

Read more ...


Febuary 2021 blog update post

Don't worry I am alive, I have been be workaholic-ing away for a while now so I haven't had a lot of time to sit down and make a blog post.

A good quote that is related to this is...

"Now is not the time for beer, that comes later."

~bane from that one batman movie