Recent comments in /f/I2P

cumlord wrote (edited )

yea use what you're gonna be most productive with. i2p+ has a good throttle/filter system that helps a lot, not a lot of problems because of that, but like if you try to host a wordpress site here with i2pd you're gonna have a bad time

sort of fun challenge for me to try doing stuff without js, depends what you wanna do though, but get pretty far using some combination of frames refresh and cookies. http://simp.i2p/chat is jank, no doubt, but, no js needed lmao. possibly relevant to your security outfit, the chat page http://simp.i2p/botcheck attempts to do a bot challenge with css. unless you're specifically worried about bot spam that's completely unnecessary, just giving some ideas for stuff that can be done without js

lots of neat css tricks out there, like http://simp.i2p/search the styled dropdown is a checkbox, and http://gatheryourparty.i2p has a star rating on the posts but the stars are radio buttons. snex has that one setup with a ruby backend

not so familiar with those ecosystems, but think it's a little slower getting started like this but once you've got some templates it gets faster ;)

2

jackal wrote

You can install i2pd over Termux, and then tweak and edit the config files using nano or vim from Termux as well so I assume adding keyrings must be trivial, you technically could even host an eepsite if you use i2pd running on top of Termux. I have no idea if the Java implementation can run over Termux as I never tried but it probably can.

1

dev OP wrote

Seems like PHP the way for darknet. As you mention, even I am using JS blockers on my browser while surfing on darknet. I never work with C# ecosystem but I heard about Blazor. Looks fine for darknet as long as not creating any JS on client side.

Thank you for sharing your experience.

1

dev OP wrote

Flask also good option on backend but it's been a while I don't use python, and don't feel productive the syntax :) Thank you for sending me scanners tools tho, I will definitely gonna check it out before publishing it.

Seems like PHP + HTML + CSS still solid option for my case. I still wanna figure out how can I find a way to become more productive on PHP. I like the Laravel ecosystem but seems like most of the frontend from JS tech which is not suitable for me. I checked the symfony but seems like they are also continue with some other JS tech on frontend.

Thanks for your comment and good projects

2

dev OP wrote

Looks promising but looks like cloudflare backed, in documentation they showing cloudflare and other cloud providers deployment ways. If I would create something on hidden service or i2p, i probably would host myself, i mean managing on linux server with Nginx. I assume you can do it with pm2 but still not like strong way to manage. In the other hand, I didn't find any template engine like pug on node.js, maybe I couldn't find it. Thanks for writing it tho, learned a new tech on JS ecosystem :)

1

johnbaconator wrote

I'm guessing the best backend would be anything that does serverside rendering (SSR), like PHP. This means the HTML page is built on the server dynamically before it is sent to your web browser. Many people on the darkweb use javascript blockers so any sort of interactivity will likely be broken, so no React or whatever people use nowadays. PHP is a great choice because of how old it is and how easy it is to set up, though anything is fair game. I personally use Blazor (C#) for my website and it lets me create reusable components and easy integration with databases through EF Core

2

cumlord wrote (edited )

don't think that's a bad idea. probably any decent web framework just with html/css would probably be fine. http://terminus.i2p does this with php/html/css, it's source is on http://git.simp.i2p/fuzzykitten/dev_endboard. i've used flask a lot for some things like http://git.simp.i2p/simp/i2music. there's a rust based wsgi/asgi server granian that offers better performance over the normal gunicorn/uvicorn, also some good web frameworks in rust too though not as mature as many of the standard options. there's vulnerability scanners active in i2p even if you don't publish it to a registrar just to keep in mind, i'm always a little concerned about which endpoints are exposed and how they'd be abused

3

hypertext8589 wrote

By "unsecure JS" they usually mean the fact that clientside javascript can make XHR requests to clearnet servers that try to impersonate you. It was historically an attack vector during the early days of I2P when the recommended way to use it was FoxyProxy which was installed in your normal browser and only routed through your 4444 links ending with "*.i2p". This setup was unsecure as fuck because clearnet XHR requests from i2p page weren't routed through i2p and thus revealed your real IP address. I think those days are long gone and people mostly don't use I2P like that. I personally use "multi-account containers" Firefox extension and everything within I2P container is required to route through 4444 even if it's XHR to clearnet. Average users probably use a dedicated browser or run it within Tor browser. And even then, if you still consider clientside JS to be unsecure, in case of tech like NextJS when you can have purely serverside JS, it's no different from PHP. Idk about Nuxt, but I assume you can also have 100% SSR there.

1

dev OP wrote

I am using Nuxt.js and Vue.js on my professional job. But whenever I research about creating webapp or website on hidden service or i2p, people start talking about how unsecure JS. Even some of the marketplaces on hidden services have two options, no js and js modes. Already talked a bit with ChatGPT but seems like not giving any good answer, that's why decided to create this post.

Maybe I will go with PHP on backend and Pure HTML, CSS on frontend. Seems like it will take a lot of time to setup my boilerplate. Thank you for answer :)

1

hypertext8589 wrote

PHP is a fine choice, but I'd use NextJS personally. I wouldn't go for NoJS, but it's entirely possible to create 100% NoJS website (even forum, imageboard, store) using NextJS. You need to learn a bit of modern web technology to understand how this works. My best suggestion is to talk to ChatGPT about web development in context of I2P and keep asking questions for clarification until you get all the details.

1

minetest_i2p wrote (edited )

"getting I2P up and running is more of a challenge. It's not a deal-breaker, but it does require more technical know-how than the average user is likely to have."

Honestly I see this as a strength. It gives a barrier of entry to block out stupid asf normies such as the ones on Tor. Most people here are actually cool, I guarantee the seed/leech ratio on postmans tracker would be 1000% worse if it was as easy as Tor simply because normies ruin everything. also the people that run most of the biggest services here are easily reachable because of the smaller and more chill user base. I can fr just hit up notbob on irc or idk (probably postman as well but havent done that).

TL;DR Tor users are sux because there is not a barrier of entry.

3

bolvan wrote

Hi. I2P rulez, ya.

Can anybody tell my what's wrong with exit.stormycloud.i2p outproxy last week? Can not open many sites, unsable connection...

2

cumlord wrote

it's good to hear newcumers experience bc it exposes these sorts of weaknesses. i have some guides available that need to be reworked/organized anyway, would appreciate input or like topics you think important that's lacking http://simp.i2p/i2p-guide. didn't have one on eepsites since there's more than a few floating around. the "chat" tab will also let you ask questions on #i2p, which is the support channel for i2p (links to IRC2P) without JS or a proper IRC client setup.

2

johnbaconator wrote

I'm also pretty new to this I2P and invisible network thing but this place seems a lot more fun than tor. Every time I think of tor I think CP rings and drugs, but this place just makes me think of pre-2010 and IRC and shit. I even tried making my own eepsite with Blazor and tried making it look like it came straight out of 2000. Seems a lot more straightforward and simple on the frontend for setting up invisible services (just set up a tunnel and a port and now you have a unique link to use) but it takes a lot of dedication to keep maintained because the router also acts like a tor node.

2

c00kiepast3 wrote

I also use PAC Proxy method with this config. I deleted all of my whitelisted domains from the config.

function isYggdrasilIPv6(host) {
 host = host.replace(/^\[|\]$/g, "");
 var parts = host.split(":");
 if (parts.length < 2) return false;
 var first16 = parseInt(parts[0], 16);
 return first16 >= 0x200 && first16 <= 0x3FF;
}

function FindProxyForURL(url, host) {
 if (isYggdrasilIPv6(host)) {
 return "DIRECT";
 }

 if (dnsDomainIs(host, ".i2p")) {
 return "SOCKS5 192.168.1.X:4447";
 }

 if (dnsDomainIs(host, ".onion")) {
 return "SOCKS5 192.168.1.X:9050";
 }

 var whitelist = [
 ""
 ];

 for (var i = 0; i < whitelist.length; i++) {
 var domain = whitelist[i];
 if (host === domain || host.endsWith("." + domain)) {
 return "DIRECT";
 }
 }

 return "SOCKS5 192.168.1.X:9050";
}
4