00:13:56 <needmoney90> panic over?
00:39:07 <viperperidot[m]> Is there a way to make donations to the devs?
00:40:30 <moneromooo> There is an address in the README.md file, and even a donate command in monero-wallet-cli.
00:41:00 <moneromooo> There is also ccs.getmonero.org so you can choose what/who you donate to.
00:54:14 <viperperidot[m]> Thanks everyone for putting out the fire today
02:24:56 <ngd> So, hf done done yesterday?
06:20:39 <Snipa> .merges
06:20:39 -xmr-pr- 6862 6875 6881 6882 6886 6891
07:17:10 <Snipa> .merges
07:17:11 -xmr-pr- 6886
11:44:40 <sech1> I have a number of peers which report height 0 or 1 connected to my node, are these "asshole" peers? moneromooo
11:46:10 <selsta> no
11:46:30 <selsta> "asshole" peers will report your own height
11:46:55 <trashpanda[m]> Is it possible they are newly syncing peers?
11:46:55 <trashpanda[m]> If they continue to report that height after several blocks, though, I'd be inclined to call them asshole peers
11:47:07 <trashpanda[m]> Oh, I guess theres a specific kind of asshole you're talking about. Oops
11:47:13 <selsta> It is possible that they are nodes with --no-sync
11:47:37 <selsta> (if they show height 0)
11:50:45 <moneromooo> Sometimes they report 0, possibly when they don't know your height yet.
11:58:36 <sech1> yes, they were showing 0 but then changed to normal height
12:01:27 <trashpanda[m]> Maybe a simple way to detect is to tet them: report a bogus height and see if they echo it back
12:08:13 <selsta> you can pop e.g. 200 blocks and start with --no-sync
12:08:21 <selsta> if the peers show your height they are malicious
12:08:30 <trashpanda[m]> test them*
12:11:01 <sech1> trying it now
12:17:45 <sech1> that's A LOT of assholes: https://paste.debian.net/hidden/a67347a7/
12:18:11 <sech1> 24 of 44 connected peers
12:19:37 <hyc> a lot seem to come from the same subnets/ISPs
12:20:20 <hyc> we should probably add subnet masking to the Ban command
12:20:23 <sech1> what are they trying to achieve? Drop Dandelion++ transactions?
12:20:29 <moneromooo> I did, for this very reason :)
12:20:50 <moneromooo> They predate dandelion by a lot.
12:21:31 <sech1> So what's their purpose? Track all transaction IPs?
12:21:41 <binaryFate> nice stats sech1. Could you try the same test on larger sample of several hundreds nodes?
12:22:57 <hyc> moneromooo: is that in current code? isn't in "help ban" text
12:23:03 <sech1> I'm not sure I can lure more peers, but I'll try with --out-peers 128
12:23:52 <moneromooo> Yes. It's been there for a good while now.
12:23:59 <sech1> started with --out-peers 128 and --no-sync, let's wait for some time
12:25:03 <hyc> I wonder if they're just using modified monerod code, or if something written from scratch
12:27:09 <hyc> 54.39 is owned by OVH
12:27:13 <UkoeHB_> what's the criteria for being an asshole in this context?
12:27:28 <hyc> node lies about its own blockheight
12:27:37 <sech1> you can't sync from that node
12:27:39 <hyc> always reports same as yours
12:29:00 <iDunk> Here's my current ban list  https://paste.debian.net/hidden/0b76ef00/
12:29:06 <binaryFate> doesn't propagate txs
12:29:18 <iDunk> And yes, most, if not all, are OVH.
12:30:37 <hyc> then we could prob report to ovh for sabotage/etc
12:31:17 <hyc> at the least it would inconveniene these guys, drive up their cost to move to new hoster
12:31:23 <binaryFate> could we detect the non-tx-propagation? Given long enough time sample so it's statistically significant, a node that doesn't propagate enough transactions compared to average/median/whatever of other nodes must be an asshole
12:31:35 <binaryFate> if it never sends you anything
12:36:11 <sech1> https://paste.debian.net/hidden/da371ec1/
12:36:14 <sech1> 84 of 150 peers
12:37:14 <sech1> iDunk I see they're in your list already
12:39:33 <sech1> does anyone know how to add fail2ban rule for these? Any lines in the log to look for?
12:43:48 <sech1> moneromooo would be nice to add some detection and print their IPs in the log, then it's easy to use fail2ban
12:44:09 <selsta> monerod supports banning ips
12:44:16 <moneromooo> Yes, it just needs to find a good way to detect them, because as soon as we do they'll start hiding.
12:45:03 <moneromooo> And categorization by partial peer lists seem like a good way to me, it's just not obvious how to do it.
12:45:20 <moneromooo> k-means maybe.
12:45:41 <moneromooo> But peer lists are partial and evolving per node.
12:52:39 <sech1> banning 114 IPs fron iDunk's list really helped, only a few asshole peers now
12:53:00 <azy> how are they asshole peers?
12:53:06 <sech1> they're fake
12:53:15 <sech1> don't sync, don't relay tx
12:53:33 <binaryFate> would love to have an in at OVH and know who's doing this
12:53:46 <binaryFate> if anyone reads this... :)
12:54:29 <sech1> getting quite a few new IPs now
12:57:15 <selsta> https://paste.debian.net/hidden/54cda36c/
12:57:23 <selsta> ^ iDunk + my node + sech1 combined into 1 list
12:57:33 <selsta> not many more than iDunk’s list
12:58:13 <azy> so theyre surveillance nodes?
12:58:24 <sech1> 136 IPs in my iptables list now
12:58:41 <sech1> still got 3 more connected so far :D
13:02:09 <sethsimmons> Is there an easy way to pass that to monerod as one bulk list? Might be good to keep growing it as an interim fix, especially for those with syncing issues due to it.
13:05:42 <selsta> yea would be nice to have an option to easily specify ban list
13:05:53 <sech1> ban list in iptables doesn't really help, monerod connects to them as out_peers
13:06:56 <sech1> unless I add them as outgoing IP bans too...
13:09:53 <UkoeHB_> pardon my ignorance... is there a node setting where you just listen and don't participate? is this just a normal configuration behavior?
13:12:40 <nssy> by participate do you mean mining?
13:13:04 <nssy> Also you are better off asking in #monero
13:13:06 <UkoeHB_> relaying tx and serving old blocks
13:13:30 <sech1> --no-sync in command line does that
13:13:42 <sech1> but mirroring your own block height is not normal behavior
13:13:43 <selsta> every node that is not synced will have that behaviour
13:14:26 <MoneroArbo> v0.17.1.1 seems to have ended my issue with outgoing i2p peer connections dropping constantly, which was still an issue in v0.17.1.0
13:14:52 <MoneroArbo> Ig I'm wondering if that was intentional as the github issue hasn't moved
13:15:14 <selsta> MoneroArbo: it also got better for me but I don’t think much has changed code wise, maybe we just have more I2P and Tor peers now?
13:15:57 <selsta> I have 7 I2P peers and 10 Tor peers
13:16:30 <selsta> sech1: does iptables outgoing work for you?
13:16:39 <sech1> works now
13:16:49 <sech1> at least it shows blocked packets now
13:17:32 <MoneroArbo> could be! but I'm definitely noticing a significant different between yesterday and today. Though even before that I noticed incoming peers would often stay connected for 100s of minutes while outgoing connections still dropped after at most 5 minutes. Which Ig means *some* peers were having successful outgoing connections. Anyway, totally better
13:17:33 <MoneroArbo> now, I have outbound peers that have been connected for like 30 minutes
13:18:54 <selsta> but sending over i2p / tor works quite well now, once we have seed nodes it will even be easier to setup
13:20:07 <MoneroArbo> yeah I've been using it for awhile but I've been hvaing to add peers as priority nodes so it'd keep reconnecting. gonna try turning that off. and if it works for me still I'll close the github issue?
13:20:27 <sech1> selsta looks like your ban list is almost complete, I've got only 4 new IPs so far
13:23:07 <sethsimmons> Via iptables outgoing, correct? Not via monerod bans?
13:23:18 <sech1> iptables outgoing and ingoing connections
13:23:48 <sethsimmons> Is it possible to ban a list in monerod?
13:23:59 <sethsimmons> That would be more portable if we want to recommend this for others, since FWs vary so much.
13:23:59 <sech1> not that I know of
13:24:24 <sech1> 26 peers connected, all good so far...
13:24:32 <sech1> 132 banned IPs in the list right now
13:24:55 <moneromooo> You can do something like:
13:25:12 <moneromooo> cat LIST | while read ip; do ./monerod ban $IP; done
13:25:28 <moneromooo> Guess it doesn't work for windows.
13:25:47 <sech1> but it's only temporary ban
13:25:48 <selsta> also not persistent after restart
13:25:53 <gingeropolous> banning ips is just wackamole
13:26:14 <sech1> I had 60% of connected fake peers before
13:26:17 <sech1> this is serious
13:26:52 <sethsimmons> Quite the Sybil attack
13:26:54 <gingeropolous> aye, a bandaid is needed, sure. is a script up to scan and block these?
13:27:10 <selsta> gingeropolous: we have a list of ips
13:27:20 <selsta> no good way to ban them yet apart from firewall
13:27:30 <sech1> 4 more IPs again...
13:29:59 <hyc> you could also write a custom rule for fail2ban that just takes a list of IP addresses
13:30:02 <hyc> and lets it deal with them
13:30:10 <sech1> https://paste.debian.net/hidden/20f43970/
13:31:07 <sethsimmons> Wow those “asshole nodes” were almost all of my in peers
13:31:16 <sethsimmons> Down from 55 to 7
13:33:44 <sech1> yes, I had 32 out + 51 in peers before, now it's 26 out + 3 in
13:34:11 <binaryFate> gui bins are on website
13:35:27 <gingeropolous> anyone have access to this? https://www.sciencedirect.com/science/article/pii/S0020025518306728
13:35:54 <sech1> my latest list with 138 IPs seems to catch them all so far
13:36:13 <selsta> sech1: should we update dns today?
13:36:19 <selsta> binaryFate: ^
13:37:51 <binaryFate> yes I don't see why not. Lot of people probably waiting
13:38:06 <gingeropolous> hrm, loki uses a PoW in its p2p to prevent sybil apparently: https://medium.com/@LokiNetwork/preventing-sybil-attacks-runes-pow-and-captchas-a358e241cff6
13:38:29 <binaryFate> do you want to give it few hours to check everything is allright with that version?
13:39:03 <binaryFate> up to you selsta and everyone who work on gui. My confidence is neutral/uninformed
13:40:55 <selsta> yea it will depend on fluffy’s availability anyway
13:41:04 <selsta> in the evening would be perfect
13:41:09 <selsta> gives us a bit of time
13:46:31 <xiphon> gingeropolous: "loki uses a PoW in its p2p"
13:46:33 <xiphon> ^ no
13:46:58 <gingeropolous> sorry, just skimmed :(
14:03:08 <hyc> I've put sech1's list into my outbound iptables as well
14:03:40 <hyc> outbound is enough, it will prevent responding to any TCP connect handshakes
14:04:27 <sech1> so only outbound list will do? I'll try
14:05:13 <hyc> yeah. I created a new chain "junk", added DROP rules for all of those destination addresses
14:05:27 <hyc> and forward to it from my OUTPUT chain
14:05:46 <sech1> forward with which rule? They can use different port numbers
14:05:55 <hyc> just protocol tcp
14:07:38 <coolhat> Hi, in the `cryptonote_core/blockchain.cpp` file
14:08:13 <coolhat> the case in line 3130 seems to overlap the case in line 3143
14:08:40 <coolhat> it seems the latter 'if' won't be triggered at all
14:09:10 <coolhat> on the mastre branch
14:09:59 <moneromooo> Looks like a merge bug. And I did this so long ago I have no clue which one I meant now.
14:10:12 <moneromooo> Thanks, I'll search for history.
14:10:26 <coolhat> ok, glad it's noted
14:11:24 <sech1> coolhat did you run some static analysis tool to find this?
14:11:35 <coolhat> no I was just lucky
14:13:07 <sech1> static analysis is good at detecting this type of bugs (impossible "if" conditions etc)
14:13:39 <moneromooo> It can be removed, it's a duplicate.
14:14:04 <moneromooo> While on static analysis, it'd be nice to have monero back on coverity, it occasionally finds real bugs...
14:14:34 <sech1> what's needed for this?
14:14:36 <selsta> core team has to set it up
14:14:57 <selsta> https://scan.coverity.com/users/sign_up
14:15:00 <selsta> "Sign in with github" afaik
14:15:17 <hyc> it was already setup, did it expire?
14:17:12 <selsta> afaik it was anonimal’s account
14:17:33 <selsta> and he stopped updating his repo
14:17:39 <hyc> ah
14:44:32 <fluffypony> oh hmmm
14:44:43 <fluffypony> I can do it from my account
14:44:53 <fluffypony> it just has to be an org member right?
14:46:24 <moneromooo> It would be better to be a core team account, to avoid the current state.
14:46:42 <moneromooo> But any is better than none.
14:46:45 <fluffypony> moneromooo: yeah - I meant that it has to be a member of the monero-project org
14:47:04 <M5M400> moneromooo: cat LIST | while read ip; do ./monerod ban $IP; done <- one can do that with a running daemon in background? nice
14:47:22 <sethsimmons> Installer still links to v0.17.0.1 for Windows GUI: https://downloads.getmonero.org/gui/win64install
14:47:30 <selsta> sech1: cache probably
14:47:33 <selsta> fluffypony: do you also have time for DNS hashes today / tomorrow?
14:47:58 <moneromooo> M5M400: Yes.
14:48:06 <sethsimmons> <selsta "sech1: cache probably"> Yup, darn cache always gets me...
14:48:07 <fluffypony> ok I've added it - does anyone want email notifications for new defects?
14:48:16 <fluffypony> also do we want the badge?
14:48:31 <sech1> I used to receive coverity e-mails
14:48:53 <moneromooo> I don't want email, I'd never see it anyway. As long as I can login from time to time and mark stuff as fixed or irrelevant.
14:48:59 <hyc> I did too, but would prefer not to now. have no patience for the 99% false positives.
14:49:00 <fluffypony> sech1: is that self-service
14:49:04 <fluffypony> ok
14:49:33 <sech1> no, I was just added somewhere at some point and started receiving them. Don't mind receiving them again.
14:49:57 <fluffypony> I have no idea how to set this up so that it's automated
14:50:12 <fluffypony> selsta: will do it tomorrow
14:50:33 <moneromooo> Thanks.
14:53:37 <moneromooo> I assume it's monero-project/monero ?
14:55:20 <hyc> it should be sufficient to periodically poll all idle peers that claim to have our blockheight, and retriee the last N block hashes from them
14:56:33 <gingeropolous> that seems easily outsourced
14:56:51 <hyc> but it will take time & compute resources either way
14:58:03 <hyc> I guess could use a randomly generated list of block heights then
14:58:09 <hyc> and a different list for each peer
15:02:20 <hyc> another possibility might be to randomly generate invalid txns and send to them
15:02:37 <hyc> then see if they send them back or correctly reject them
15:03:13 <gingeropolous> so the attacker runs 1 real node and then forwards 1k ips to that service
15:04:00 <gingeropolous> could probably even use the public remote nodes
15:05:20 <sech1> yes, sybil attack can use one beefy node to serve data to 1000 fake nodes
15:05:42 <gingeropolous> ... but at least they are running 1 beefy node now, as opposed to none
15:05:50 <hyc> right
15:07:33 <gingeropolous> i mean, a wacky idea would be to periodically use the monero network to "test" a random peer or a collection of peers. peers that are aggregating on the backend will have a different response than an honest peer ... perhaps
15:07:43 <gingeropolous> though dunno how a pine64 on a 5400 rpm would hold up
15:09:03 <gingeropolous> ... monero is technically a botnet
15:09:06 <MoneroArbo> wondering if this an issue that might've been seen & solved on other networks or is it somehow unique to cryptonote / monero
15:09:24 <hyc> it's a common problem for all p2p networks
15:09:51 <sech1> torrent clients solve it by using peer rating
15:10:01 <sech1> but it's easy for torrent, they can just verify downloaded blocks
15:10:36 <MoneroArbo> what about bitcoin
15:11:00 <hyc> easy to do, but perhaps no point
15:11:14 <hyc> the objective is generally to spy on user privacy
15:11:20 <hyc> but bitcoin has no privacy to begin with
15:11:36 <MoneroArbo> ah I see I didn't know this was a privacy issue
15:11:52 <hyc> there could be other objectives too, isolating a node from the real network
15:12:07 <hyc> but that would be such a targeted attack most nodes wouldn't see it happening
15:14:07 <hyc> the most obvious objective is to map the network and the propagation of txs, to track where they all originate
15:35:07 <MoneroArbo> that makes sense thanks for the explanation
16:01:08 -xmr-pr- PostNZT opened issue #6919: Malwarebytes reports RiskWare.BitcoinMiner malware
16:01:08 -xmr-pr- > https://github.com/monero-project/monero/issues/6919
16:03:46 <selsta> moneromooo: would you be okay with adding --block-list parameter to monerod that reads ips from file? if yes I will work on it, does not sound too difficult
16:05:07 <moneromooo> Yes.
16:06:58 <sech1> would be also nice to watch this file for modifications
16:54:50 <binaryFate> why not in bitmonero.conf?
17:01:37 <StickyMann> getmonero.org still has version 0.17.1.0 for Win64-bit posted. Need update to 0.17.1.1, Noticed when verifing hash. I felt the need to say something as Im the last person in the world to still be using windows and nobody else would ever notice.
17:03:23 <selsta> StickyMann: try different browser
17:03:34 <selsta> or private browser window
17:03:37 <selsta> it is probably cached
17:08:01 <M5M400> ++ sech1 | would be also nice to watch this file for modifications
17:14:22 <StickyMann> +selsta  -- ty, that did it  --- I SWORE I cleared that cache earlier....
17:14:37 <selsta> the cache is a bit too aggressive on the website
17:27:23 <selsta> when I call block_host() with std::numeric_limits<uint32_t>::max() I get a compile error suggesting to use unit16_t (which works)
17:27:41 <selsta> but from daemon I can block for unint32_t::max seconds
17:27:54 <selsta> from daemon meaning typing "ban ip -1"
17:28:53 <selsta> hmm
17:28:55 <selsta> found the issue
17:29:24 <selsta> I was entering the port number, not the time :D
18:15:10 <moneromooo> Who controls the travis setup ?
18:15:19 <moneromooo> selsta: might be you ?
18:15:23 <selsta> no
18:15:30 <selsta> hmm
18:15:30 <moneromooo> Do you know who does ?
18:15:32 <selsta> luigi has access
18:15:36 <moneromooo> ty
18:15:38 <selsta> I think all of core
18:15:45 <selsta> but luigi changed stuff for me
18:58:42 <selsta> moneromooo: if I want to add config-file support for my new --ban-list flag, which file should I take a look at?
18:58:55 <selsta> ./monerod --ban-list works now, but no idea about config file
18:59:39 <moneromooo> It's automatic AFAIK. Never used it though.
18:59:52 <gingeropolous> selsta, what i've discovered with the config file is that you add multiple lines for an array
19:00:17 <gingeropolous> so, ban-ip=xxx
19:00:28 <selsta> right
19:00:31 <selsta> I had wrong syntax
19:00:33 <selsta> it worked nice
19:01:24 <gingeropolous> oh does list point to a newline delimited file?
19:02:15 <selsta> yep
19:04:29 <gingeropolous> did u make a script to identify the AHP?
19:04:46 <gingeropolous> i guess AHPs is how it should be typed
19:11:32 <M5M400> banlist already in?
19:11:34 <M5M400> nice.
19:11:51 <selsta> PRed it but now reviewed yet
19:12:24 * M5M400 waves fist at lazy, slow FOSS coders
19:12:29 <M5M400>  /jk
19:13:41 <selsta> hmm does not seem to compile on linux
19:13:44 * selsta loves C++
19:16:08 -xmr-pr- selsta opened pull request #6920: net_node: add --ban-list option
19:16:09 -xmr-pr- > https://github.com/monero-project/monero/pull/6920
19:18:33 <gingeropolous> selsta, so this is how you detected them? <selsta> you can pop e.g. 200 blocks and start with --no-sync
19:18:33 <gingeropolous> <selsta> if the peers show your height they are malicious
19:18:44 <selsta> yes
19:19:12 <gingeropolous> sounds like its time for me to make some ugly bash scripts
19:19:45 <selsta> nice the ips get read backwards lol
19:20:21 <M5M400> inb4 curl https://shitlist.moneroworld.com
19:21:39 <gingeropolous> yeah, we could do that. but you might as well run it yourself every n hours
19:23:22 <nioc> ignorant question, if some people use the ban list option, will that result in those that do not use it having a higher % of AHPs?
19:24:04 <selsta> don’t think so, these nodes don’t limit their in / out peers
19:43:24 <gingeropolous> selsta, how'd u get the height of your peers? from the log output, or is there a command?
19:43:35 <selsta> sync_info
19:44:21 <gingeropolous> thanks
19:49:06 <gingeropolous> wow, i had 2
19:56:37 <iDunk> 6920 compiles and works on Windows.
19:56:51 <selsta> iDunk: force pushed, should still work though
19:57:07 <selsta> previously the IP was reversed and compile failed on windows
19:57:12 <selsta> both should be fixed now
19:57:17 <selsta> s/windows/linux
20:00:48 <ErCiccione> All the peers gotten with sync_info with my same height are assholes? Because if that's the case i have 123 assholes out of 148 total peers
20:01:14 <moneromooo> If your height is the current chain height, probably not :)
20:02:03 <selsta> ErCiccione: you have to pop blocks e.g. 200 blocks and start with --no-sync
20:02:22 <selsta> if they still show your height then yes
20:02:55 <ErCiccione> Aaah sure, makes sense. Got it now
20:04:42 <ErCiccione> I added the IPs in this list to my banned peers (iptables): https://paste.debian.net/hidden/0b76ef00/ is there a new one around that i missed?
20:05:43 <ErCiccione> updated, more than new
20:33:17 <Andre303> Hello, guys! My node stopped syncing on block #2210720 after upgrading to 0.17.0. In logs I can see following message: "2020-10-19 20:17:55.697	[P2P8]	WARNING	cn	src/cryptonote_core/cryptonote_core.cpp:1956	There were 0 blocks in the last 90 minutes, there might be large hash rate changes, or we might be partitioned, cut off from the Monero network
20:33:17 <Andre303> or under attack, or your computer's time is off. Or it could be just sheer bad luck.". Any help? Thanks
20:33:45 <rating89us> you should upgrade to 0.17.1.1
20:34:16 <Andre303> Ok, I will try. Is it some hotfix in 0.17.1.1?)
20:34:21 <rating89us> you're experiencing a bug that is fixed in this new version
20:34:24 <dEBRUYNE> Yes
20:35:01 <Andre303> Got it! Thank you, guys
23:02:42 <ndorf> yes. this bug is fixed in 0.17.1.1
23:03:05 <ndorf> whoa, meant to send that way earlier. ignore plz