1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
|
Received: from sog-mx-2.v43.ch3.sourceforge.com ([172.29.43.192]
helo=mx.sourceforge.net)
by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
(envelope-from <lrossouw@gmail.com>) id 1YxYOP-000897-QE
for bitcoin-development@lists.sourceforge.net;
Wed, 27 May 2015 10:16:57 +0000
Received-SPF: pass (sog-mx-2.v43.ch3.sourceforge.com: domain of gmail.com
designates 209.85.217.174 as permitted sender)
client-ip=209.85.217.174; envelope-from=lrossouw@gmail.com;
helo=mail-lb0-f174.google.com;
Received: from mail-lb0-f174.google.com ([209.85.217.174])
by sog-mx-2.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.76) id 1YxYOO-0003Zh-7x
for bitcoin-development@lists.sourceforge.net;
Wed, 27 May 2015 10:16:57 +0000
Received: by lbbuc2 with SMTP id uc2so3816133lbb.2
for <bitcoin-development@lists.sourceforge.net>;
Wed, 27 May 2015 03:16:49 -0700 (PDT)
X-Received: by 10.152.4.72 with SMTP id i8mr21248388lai.32.1432721809816; Wed,
27 May 2015 03:16:49 -0700 (PDT)
MIME-Version: 1.0
References: <CANe1mWwi+fxFU43_2mq-yd_qRsmCwMu_c5wWOpvFS4Un_FoT+Q@mail.gmail.com>
<23111107.dfGN69SrR9@crushinator>
<20150526051546.GB23502@savin.petertodd.org>
<2558087.GVnsa68lBj@crushinator>
<CANEZrP3tR-PTHnrAj4ptZnLh0PuWO_TWZ0FqpYe2TLNJC5C+xQ@mail.gmail.com>
In-Reply-To: <CANEZrP3tR-PTHnrAj4ptZnLh0PuWO_TWZ0FqpYe2TLNJC5C+xQ@mail.gmail.com>
From: Louis Rossouw <lrossouw@gmail.com>
Date: Wed, 27 May 2015 10:16:49 +0000
Message-ID: <CAELsELuvhrDh27-FayEW=w=V5oN0UB+4qrAi1NspRR3bfUzbUg@mail.gmail.com>
To: Mike Hearn <mike@plan99.net>, Matt Whitlock <bip@mattwhitlock.name>
Content-Type: multipart/alternative; boundary=089e014942488943ea05170d8a9d
X-Spam-Score: -0.6 (/)
X-Spam-Report: Spam Filtering performed by mx.sourceforge.net.
See http://spamassassin.org/tag/ for more details.
-1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for
sender-domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(lrossouw[at]gmail.com)
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
X-Headers-End: 1YxYOO-0003Zh-7x
Cc: Bitcoin Dev <bitcoin-development@lists.sourceforge.net>
Subject: Re: [Bitcoin-development] Zero-Conf for Full Node Discovery
X-BeenThere: bitcoin-development@lists.sourceforge.net
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: <bitcoin-development.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=bitcoin-development>
List-Post: <mailto:bitcoin-development@lists.sourceforge.net>
List-Help: <mailto:bitcoin-development-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/bitcoin-development>,
<mailto:bitcoin-development-request@lists.sourceforge.net?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 10:16:57 -0000
--089e014942488943ea05170d8a9d
Content-Type: text/plain; charset=UTF-8
Also think it would be useful.
Created an issue for it some time back:
https://github.com/bitcoin/bitcoin/issues/3802
I think nodes don't "only" have to connect to LAN nodes. Especially with
headers first.
They can still connect to other nodes as well. Having said that security
is problematic in any case on a hotel wifi or similar. All traffic can be
spoofed.
With HF they'd be loading most of the data from the LAN node though.
This will help people having multiple nodes at home reduce bandwidth and
improve sync without difficult setup.
On Tue, 26 May 2015 at 12:50 Mike Hearn <mike@plan99.net> wrote:
> Very interesting Matt.
>
> For what it's worth, in future bitcoinj is very likely to bootstrap from
> Cartographer nodes (signed HTTP) rather than DNS, and we're also steadily
> working towards Tor by default. So this approach will probably stop working
> at some point. As breaking PorcFest would kind of suck, we might want a
> ZeroConf/Rendezvous solution in place so local LANs can capture Bitcoin
> traffic away from Tor (with some notification to the user, presumably).
>
>
>
> On Tue, May 26, 2015 at 7:47 AM, Matt Whitlock <bip@mattwhitlock.name>
> wrote:
>
>> On Tuesday, 26 May 2015, at 1:15 am, Peter Todd wrote:
>> > On Tue, May 26, 2015 at 12:52:07AM -0400, Matt Whitlock wrote:
>> > > On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:
>> > > > Do any wallets actually do this yet?
>> > >
>> > > Not that I know of, but they do seed their address database via DNS,
>> which you can poison if you control the LAN's DNS resolver. I did this for
>> a Bitcoin-only Wi-Fi network I operated at a remote festival. We had well
>> over a hundred lightweight wallets, all trying to connect to the Bitcoin
>> P2P network over a very bandwidth-constrained Internet link, so I poisoned
>> the DNS and rejected all outbound connection attempts on port 8333, to
>> force all the wallets to connect to a single local full node, which had
>> connectivity to a single remote node over the Internet. Thus, all the
>> lightweight wallets at the festival had Bitcoin network connectivity, but
>> we only needed to backhaul the Bitcoin network's transaction traffic once.
>> >
>> > Interesting!
>> >
>> > What festival was this?
>>
>> The Porcupine Freedom Festival ("PorcFest") in New Hampshire last summer.
>> I strongly suspect that it's the largest gathering of Bitcoin users at any
>> event that is not specifically Bitcoin-themed. There's a lot of overlap
>> between the Bitcoin and liberty communities. PorcFest draws somewhere
>> around 1000-2000 attendees, a solid quarter of whom have Bitcoin wallets on
>> their mobile devices.
>>
>> The backhaul was a 3G cellular Internet connection, and the local Bitcoin
>> node and network router were hosted on a Raspberry Pi with some Netfilter
>> tricks to restrict connectivity. The net result was that all Bitcoin nodes
>> (lightweight and heavyweight) on the local Wi-Fi network were unable to
>> connect to any Bitcoin nodes except for the local node, which they
>> discovered via DNS. I also had provisions in place to allow outbound
>> connectivity to the API servers for Mycelium, Blockchain, and Coinbase
>> wallets, by feeding the DNS resolver's results in real-time into a
>> whitelisting Netfilter rule utilizing IP Sets.
>>
>> For your amusement, here's the graphic for the banner that I had made to
>> advertise the network at the festival (*chuckle*):
>> http://www.mattwhitlock.com/bitcoin_wifi.png
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Bitcoin-development mailing list
>> Bitcoin-development@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
--089e014942488943ea05170d8a9d
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Also think it would be useful.=C2=A0<div><br></div><div>Cr=
eated an issue for it some time back:=C2=A0<a href=3D"https://github.com/bi=
tcoin/bitcoin/issues/3802">https://github.com/bitcoin/bitcoin/issues/3802</=
a></div><div>I think nodes don't "only" have to connect to LA=
N nodes. Especially with headers first.</div><div>They can still connect to=
other nodes as well.=C2=A0 Having said that security is problematic in any=
case on a hotel wifi or similar.=C2=A0 All traffic can be spoofed.</div><d=
iv>With HF they'd be loading most of the data from the LAN node though.=
</div><div>This will help people having multiple nodes at home reduce bandw=
idth and improve sync without difficult setup.<br></div><div><br></div><div=
><br></div><div><div class=3D"gmail_quote">On Tue, 26 May 2015 at 12:50 Mik=
e Hearn <<a href=3D"mailto:mike@plan99.net">mike@plan99.net</a>> wrot=
e:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-l=
eft:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">Very interesting Matt=
.<div><br></div><div>For what it's worth, in future bitcoinj is very li=
kely to bootstrap from Cartographer nodes (signed HTTP) rather than DNS, an=
d we're also steadily working towards Tor by default. So this approach =
will probably stop working at some point. As breaking PorcFest would kind o=
f suck, we might want a ZeroConf/Rendezvous solution in place so local LANs=
can capture Bitcoin traffic away from Tor (with some notification to the u=
ser, presumably).</div><div><br></div><div><br></div></div><div class=3D"gm=
ail_extra"><br><div class=3D"gmail_quote">On Tue, May 26, 2015 at 7:47 AM, =
Matt Whitlock <span dir=3D"ltr"><<a href=3D"mailto:bip@mattwhitlock.name=
" target=3D"_blank">bip@mattwhitlock.name</a>></span> wrote:<br><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc s=
olid;padding-left:1ex"><div><div>On Tuesday, 26 May 2015, at 1:15 am, Peter=
Todd wrote:<br>
> On Tue, May 26, 2015 at 12:52:07AM -0400, Matt Whitlock wrote:<br>
> > On Monday, 25 May 2015, at 11:48 pm, Jim Phillips wrote:<br>
> > > Do any wallets actually do this yet?<br>
> ><br>
> > Not that I know of, but they do seed their address database via D=
NS, which you can poison if you control the LAN's DNS resolver. I did t=
his for a Bitcoin-only Wi-Fi network I operated at a remote festival. We ha=
d well over a hundred lightweight wallets, all trying to connect to the Bit=
coin P2P network over a very bandwidth-constrained Internet link, so I pois=
oned the DNS and rejected all outbound connection attempts on port 8333, to=
force all the wallets to connect to a single local full node, which had co=
nnectivity to a single remote node over the Internet. Thus, all the lightwe=
ight wallets at the festival had Bitcoin network connectivity, but we only =
needed to backhaul the Bitcoin network's transaction traffic once.<br>
><br>
> Interesting!<br>
><br>
> What festival was this?<br>
<br>
</div></div>The Porcupine Freedom Festival ("PorcFest") in New Ha=
mpshire last summer. I strongly suspect that it's the largest gathering=
of Bitcoin users at any event that is not specifically Bitcoin-themed. The=
re's a lot of overlap between the Bitcoin and liberty communities. Porc=
Fest draws somewhere around 1000-2000 attendees, a solid quarter of whom ha=
ve Bitcoin wallets on their mobile devices.<br>
<br>
The backhaul was a 3G cellular Internet connection, and the local Bitcoin n=
ode and network router were hosted on a Raspberry Pi with some Netfilter tr=
icks to restrict connectivity. The net result was that all Bitcoin nodes (l=
ightweight and heavyweight) on the local Wi-Fi network were unable to conne=
ct to any Bitcoin nodes except for the local node, which they discovered vi=
a DNS. I also had provisions in place to allow outbound connectivity to the=
API servers for Mycelium, Blockchain, and Coinbase wallets, by feeding the=
DNS resolver's results in real-time into a whitelisting Netfilter rule=
utilizing IP Sets.<br>
<br>
For your amusement, here's the graphic for the banner that I had made t=
o advertise the network at the festival (*chuckle*): <a href=3D"http://www.=
mattwhitlock.com/bitcoin_wifi.png" target=3D"_blank">http://www.mattwhitloc=
k.com/bitcoin_wifi.png</a><br>
<div><div><br>
---------------------------------------------------------------------------=
---<br>
One dashboard for servers and applications across Physical-Virtual-Cloud<br=
>
Widest out-of-the-box monitoring support with 50+ applications<br>
Performance metrics, stats and reports that give you Actionable Insights<br=
>
Deep dive visibility with transaction tracing using APM Insight.<br>
<a href=3D"http://ad.doubleclick.net/ddm/clk/290420510;117567292;y" target=
=3D"_blank">http://ad.doubleclick.net/ddm/clk/290420510;117567292;y</a><br>
_______________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</div></div></blockquote></div><br></div>
---------------------------------------------------------------------------=
---<br>
One dashboard for servers and applications across Physical-Virtual-Cloud<br=
>
Widest out-of-the-box monitoring support with 50+ applications<br>
Performance metrics, stats and reports that give you Actionable Insights<br=
>
Deep dive visibility with transaction tracing using APM Insight.<br>
<a href=3D"http://ad.doubleclick.net/ddm/clk/290420510;117567292;y" target=
=3D"_blank">http://ad.doubleclick.net/ddm/clk/290420510;117567292;y</a>____=
___________________________________________<br>
Bitcoin-development mailing list<br>
<a href=3D"mailto:Bitcoin-development@lists.sourceforge.net" target=3D"_bla=
nk">Bitcoin-development@lists.sourceforge.net</a><br>
<a href=3D"https://lists.sourceforge.net/lists/listinfo/bitcoin-development=
" target=3D"_blank">https://lists.sourceforge.net/lists/listinfo/bitcoin-de=
velopment</a><br>
</blockquote></div></div></div>
--089e014942488943ea05170d8a9d--
|
