<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>iasds</title><link>https://iasds.github.io/</link><description>Recent content on iasds</description><generator>Hugo</generator><language>en</language><lastBuildDate>Fri, 03 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://iasds.github.io/index.xml" rel="self" type="application/rss+xml"/><item><title>Coordinated Deployment and Reachability Asymmetry of Chinese I2P Routers</title><link>https://iasds.github.io/i2p/i2p-cn-paper/</link><pubDate>Fri, 03 Jul 2026 00:00:00 +0000</pubDate><guid>https://iasds.github.io/i2p/i2p-cn-paper/</guid><description>&lt;p>We are releasing a preprint that characterizes a cluster of Chinese I2P routers discovered via passive DHT scanning.&lt;/p>
&lt;h2 id="key-findings">Key Findings&lt;/h2>
&lt;p>Across five i2pd 2.60.0 floodfill instances, we scanned the I2P network over multiple collection rounds (June 29 – July 1, 2026) and discovered &lt;strong>20,701 unique routers&lt;/strong>.&lt;/p>
&lt;p>&lt;strong>The matched CN cluster&lt;/strong> (58 routers) exhibits:&lt;/p>
&lt;ul>
&lt;li>&lt;strong>2–3× elevated floodfill declaration rate&lt;/strong> (27–36% vs. 14–20% global baseline) in their RouterCaps — yet zero were observed participating as active floodfills.&lt;/li>
&lt;li>&lt;strong>Version lock on 0.9.66&lt;/strong> (79.3% of CN routers vs. 1.8% globally) — a 43× enrichment.&lt;/li>
&lt;li>&lt;strong>82.8% share a high-bandwidth XfR/XRG RouterCaps template&lt;/strong>; 32.8% explicitly carry the floodfill flag (f) via XfR.&lt;/li>
&lt;li>Concentrated on &lt;strong>Alibaba Cloud (AS37963, 46.2%)&lt;/strong>, with no &lt;code>knownRouters&lt;/code> or family declarations, and ongoing IP rotation.&lt;/li>
&lt;li>&lt;strong>Four China-vantage-only routers&lt;/strong> — observed only from inside China&amp;rsquo;s GFW, unreachable from Singapore and Tor exit paths — with TCP RST/timeout behavior consistent with selective reachability filtering along the path.&lt;/li>
&lt;/ul>
&lt;h2 id="our-approach">Our Approach&lt;/h2>
&lt;p>We distinguish &lt;strong>three separate concepts&lt;/strong> throughout the paper:&lt;/p></description></item><item><title>Build Security Doesn't Need Full Determinism — A Practical Multi-Sig + Transparency Log Approach</title><link>https://iasds.github.io/qubes/build-security-multi-sig/</link><pubDate>Thu, 11 Jun 2026 00:00:00 +0000</pubDate><guid>https://iasds.github.io/qubes/build-security-multi-sig/</guid><description>&lt;p>Qubes&amp;rsquo; current release signing flow relies on a single point of trust — one person holds the release key. It&amp;rsquo;s worked for over a decade, but &amp;ldquo;hasn&amp;rsquo;t been compromised yet&amp;rdquo; isn&amp;rsquo;t the same as &amp;ldquo;can&amp;rsquo;t be compromised.&amp;rdquo;&lt;/p>
&lt;p>Everyone agrees deterministic builds + multi-signature is the right direction. Issue #816 has been open for years, which shows the community knows its value. But full determinism is a heavy lift — getting thousands of packages across dozens of upstream projects to produce bit-identical output is a massive undertaking.&lt;/p></description></item><item><title>Clash Gateway — Transparent Proxy Guide</title><link>https://iasds.github.io/qubes/clash-gateway-guide/</link><pubDate>Fri, 15 May 2026 00:00:00 +0000</pubDate><guid>https://iasds.github.io/qubes/clash-gateway-guide/</guid><description>&lt;h2 id="intro">Intro&lt;/h2>
&lt;p>This guide explains how to set up a transparent proxy gateway on Qubes OS using &lt;a href="https://github.com/iasds/qubes-clash-gateway">qubes-clash-gateway&lt;/a>, powered by &lt;a href="https://github.com/MetaCubeX/mihomo">mihomo&lt;/a> (formerly Clash Meta).&lt;/p>
&lt;p>Unlike per-AppVM proxy configurations, this approach turns a single NetVM into a proxy gateway. All downstream AppVMs get proxied automatically with &lt;strong>zero configuration&lt;/strong> — just set the NetVM and go.&lt;/p>
&lt;p>&lt;strong>What it does:&lt;/strong>&lt;/p>
&lt;ul>
&lt;li>Transparent proxy for all TCP/UDP traffic&lt;/li>
&lt;li>DNS fake-ip to prevent DNS pollution&lt;/li>
&lt;li>GeoIP rule-based routing (CN direct, foreign proxy)&lt;/li>
&lt;li>Subscription parser supporting Clash YAML, vmess/vless/ss/ssr/trojan/hy2/tuic/wireguard&lt;/li>
&lt;li>Terminal controller &lt;code>clashctl&lt;/code> + Web UI for management&lt;/li>
&lt;/ul>
&lt;p>&lt;strong>How it works:&lt;/strong>&lt;/p></description></item><item><title>I2pd netvm based on debian guide</title><link>https://iasds.github.io/i2p/i2pd-netvm-guide/</link><pubDate>Wed, 15 Jan 2025 00:00:00 +0000</pubDate><guid>https://iasds.github.io/i2p/i2pd-netvm-guide/</guid><description>&lt;p>This guide demonstrates how to set up i2pd as a netvm, allowing you to easily proxy traffic through the i2p network to access the clearnet or i2p services. This significantly enhances security and privacy.&lt;/p>
&lt;p>This method is an improved implementation compared to the &lt;a href="https://forum.qubes-os.org/t/i2pd-netvm-guide/31402">I2pd netvm guide&lt;/a>, utilizing debian-12 and avoiding the outdated i2pd-qt and archlinux community template.&lt;/p>
&lt;h2 id="installation">&lt;strong>Installation&lt;/strong>&lt;/h2>
&lt;ol>
&lt;li>
&lt;p>First, you need a &lt;strong>debian-12-xfce&lt;/strong> template VM.&lt;/p>
&lt;/li>
&lt;li>
&lt;p>Clone this template and name it &lt;strong>debian-12-xfce-i2pd&lt;/strong>.&lt;/p></description></item><item><title>Consulting</title><link>https://iasds.github.io/store/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://iasds.github.io/store/</guid><description>&lt;p>I provide paid technical consulting for privacy, anonymity, censorship resistance, and security engineering.&lt;/p>
&lt;p>&lt;strong>Rate:&lt;/strong> $120/hour. For small, well-defined tasks, I can quote a fixed cap before work starts.&lt;/p>
&lt;h2 id="what-i-can-help-with">What I Can Help With&lt;/h2>
&lt;ul>
&lt;li>&lt;strong>Privacy and anti-doxxing&lt;/strong>: personal exposure assessment, public data footprint review, cleanup planning, account and identity compartmentalization, and social-engineering risk reduction.&lt;/li>
&lt;li>&lt;strong>Censorship circumvention&lt;/strong>: proxy and relay infrastructure design, deployment review, operational hardening, and troubleshooting.&lt;/li>
&lt;li>&lt;strong>I2P infrastructure&lt;/strong>: private testnets, hidden services, router deployment, measurement tooling, and custom application integration.&lt;/li>
&lt;li>&lt;strong>Qubes OS&lt;/strong>: installation planning, template and qube layout, network isolation, hardening, troubleshooting, and security review.&lt;/li>
&lt;li>&lt;strong>Security engineering&lt;/strong>: protocol and architecture review, dependency audit, cryptographic design review, threat modeling, and implementation guidance.&lt;/li>
&lt;/ul>
&lt;h2 id="typical-deliverables">Typical Deliverables&lt;/h2>
&lt;p>Depending on the scope, the result may be:&lt;/p></description></item></channel></rss>