so i gotta make clean? error: ‘class boost::asio::ip::address_v4’ has no member named ‘to_uint’; did you mean ‘to_ulong’?

return epee::net_utils::ipv4_network_address(v4ip.to_uint(), 0).host_str();

ima make clean

with 6981

It won't help :)

^

*exhales loudly*

.merges

oki can be tagged now

vtnerd: can you comment how to enable additional logging to fix this dandelion issue? monero-project/monero #6929

or help you find the root cause for this issue

ok, xmrchain.net now on release . 6981 fixed the compile

So the attacker is fire_ice

Fun times

Not sure if I should share on Twitter with my followers to explain, or just ignore him and hope fewer people see it

But interesting he chose to use this for a publicity stunt.

seems like since he's just trying to grab attention, better to ignore it

Yeah that’s the way I’m leaning. Tempted to fight the disinformation but he doesn’t have much of a platform these days so I’ll likely ignore.

Well now we know! Thankful Monero protects sender/receiver/amounts even if someone knows your transaction IDs

the iknowwhatyoudownload part is pretty weird

how is that weird? He is seeing the IP address the tx likely originated from, and combining with iknowwhatyoudownload based off that IP

What does it do exactly? Cross-reference IPs against IPs that occurred in the torrent scene?

ok he can collect tx <-> IP pairs, but it's an IP of a monero node, not that one of a user

yeah pretty much

Inge-: i mean weird he would choose to do that

many run their nodes locally though

using GUI wallet, right?

You are recommended to run your node locally

I prefer a dedi server running 24/7

sure, but it's easy to see who owns a dedicated server

This will definitely bubble up in places, and will create concern regarding Monero privacy. Having an article explaining the attack and its consequences and workarounds would be prudent

It was known all the time (c)

I mean it's obvious IP addresses can be tracked

sure, but for most people this is very abstract until IP addresses and porn preferences are published :P

lol

A well written post about this and the Monero dev response is important IMO.

Monero can be used over TOR anyway

it is the reason there was a kovri project after all, we all knew it was a weakness

In a sense something to be thankful about - is this really the best attack out there? And while good for a PR stunt, it just illustrates the need for protection on the network layer - protection that exists, just isn't highly adopted yet.

I guess he went public after recent PR activity on github. His spy nodes are not secret anymore

the fact that kovri project failed to deliver is certainly a setback for us, even if there's i2p-zero now

yeah, most likely reacting to recent PRs, now he'll have to do some more coding if he wants to continue spying

please voice ErCiccione[m] in here, someone who can

ErCiccione[irc]: <-- this one

moneromooo: can you do his irc nick too? ErCiccione[irc] <-

Thanks inge- moneromooo

I too think an answer would be appropriate. I think this is going to make some noise, which i think it's his point

Inge-: This particular attack was already documented in the Breaking Monero series..

Dandelion should mitigate it somewhat

he can't intercept 100% transactions

Anyway, would be worthwhile yes to post a write-up on how these trollnodes disrupted the network and potentially obtained information regarding IPs associated with transactions

but i wouldn't post it on getmonero

medium or something "less official" would be better IMO. Even just a detailed post on reddit

dEBRUYNE: oh I'm in no way implying it is in any way new or unknown. It has long been clear that your ISP could do this, and seems reasonable that malicious nodes could too.

signed by the "monero dev community"

doesn't even need to be that formal I think. It has already been descripbed, so anyone could make a reasonable reddit post explaining what it does, how it affects privacy, what can be done to avoid it, earlier references to this attack and other things on Breaking Monero, and if any specific steps are being taken moving forward?

ErCiccione[irc]: I think a PSA on Reddit would suffice

In conjunction with the new release that will include mitigations

is reddit supposed to be the main channel of communication instead of the website?

No, but posting it on the website would exaggerate the gravity of the attack, imo

yeah

at the end is doing the usual fireice stuff. Pump a claim to the extreme trying to pull people to check out Ryo

but but but .... ryo is the exact same. Just with fewer nodes and transactions

Bullshit. Ryo is the light at the end of the tunnel. Monero is a cult made by neonazis who hate children and steal candies in the night

"over a year worth of logs and the source code is available for sale". He actively attacked the network and now he is selling the source code. Isn't that selling malware?

Can we keep fireice stuff out of here please.

I considered the discussion dev-related, but i see how this could be more appropriate for -community or monero

Sorry I don’t have voice in -community or might have shared there first, but thought it was relevant to the dev work ongoing for AHPs

Didn’t mean to derail the topic this much, my fault 🙂

Some of it might, but the last few lines definitely weren't.

fair enough

dEBRUYNE could you give voice to this handle and HavenofnBridge in -community?

Alternatively, keep the hoopla out and continue here.

ErCiccione[irc]: Done

thanks

should we add the tor / i2p seed node PR to this release?

If it's not yet, sure.

vtnerd: can you PR 6897 against release branch?

moneromooo: I assume monero-project/monero #6874 will not be required now, apart from the "p2p: add a tor seed" commit?

I assume so.

<hyc> the fact that kovri project failed to deliver is certainly a setback for us, even if there's i2p-zero now >>> aye. maybe this will light a fire under making kovri/i2p happen?

i mean, the kovri code is still there, right? there are functional pieces of a c++ i2p router

It does not make sense to continue Kovri.

is it worth the effort, if i2p-zero works?

i2p zero works, but its not as easy as if it was in the monero code. i mean, i have i dunno how many nodes. i think i have kovri running on 1

i mean i2p-zero

whatever. the i2p protocol / router

and if i can't muster the patience to get it working, imagine your average GUI downloader

its default or its useless

end of story

I suppose. sure, if it takes more than one or two steps

IMO integrating Tor directly into the wallet makes more sense, I2P takes multiple minutes to initialize.

tor isn't instantaneous either

so does refreshing a wallet :)

from my experience Tor only takes a couple seconds.

IMO integrating tor with the wallet is fine, if "integrating" means "provide a canned shell-script to invoke wallet with torsocks"

yeah, i mean running bisq is pretty painless. that does everthing over tor right?

but ultimately an i2p/tor enabled node coudl still blackhole a dandelion stem if its first in the hop. though i guess thats a different problem

and the initiator can also fluff so nvm

so what would it take to have a turnkey tor operation? seems like we need to bundle the tor daemon

I don't see much value in duplicating/forking that code just to somehow merge it directly into the monero codebase

but we could setup reproducible builds for it, and bundle the resulting binaries

then what - do we make a decision to just abandon using clearnet for tx propagation?

does it make sense to do what was discussed before, txs over tor, blocks over clearnet? that means keeping double the number of peer connections, really

seems better to just totally abandon clearnet

with fluffy blocks, that shouldn't be a big deal. ?

blocks over Tor will make it even easier to sybil attack

we mostly care about tx <-> ip so just tx over Tor / I2P makes sense, else keeps latency down

also*

ok

so - are we going to build our own tor binary? that seems the next step

then - do we set it up on a different port, and use it unconditionally?

or do we check for an existing tor on the standard port, and only use ours if there's none already there?

FWIW I PRed 6947 a week ago to run with tor automatically. Needs tor installed though.

wondering if that's good enough. relying on users to know how to install tor?

probably not going to fly for windows users

Fair enough. Someone else can do something for windows.

any guesses if our user population is still primarily windows? or maybe windows users running tor inside a linux vm

IMO we have to fix this issue where outbound connections drop with I2P / Tor

then we can look into how to bundle Tor

I still get "Lost all outbound connections to anonymity network" once an hour or so

I thought the conclusion was the outbounds drop because there are too few of those peers around?

fluffypony, anyway to see which binaries are downloaded the most from getmonero.org?

hyc: possible

sorry, any way to see.

my node has no outbound tor connections, many inbound

or perhaps pigeons ?

mine has 2 outbound currently, but they drop sometimes

I don't think I've had any outbound in many days

I wonder if restarting/wiping p2pstate would help

anyway, I think CLI users can start Tor/I2P manually fine. Same way they start daemon manually. Bundling is more interesting for GUI.

m2049r, any chance tor/i2p could be bundled into monerujo?

hmmm

these are cache-misses for the past week, gingeropolous

1. /gui/linux64 - 5.6k

2. /gui/win64install - 4.1k

3. /gui/mac64 - 3.8k

4. /gui/win64 - 3.3k

5. /cli/win64 - 1k

6. /cli/linux64 - 0.7k

7. /cli/androidarm8 - 0.7k

8. /cli/mac64 - 0.5k

I would expect the data from the CDN is similar

awesome, thanks! so yeah looks like GUI's gotta happen to be useful

i2p-zero could be a plugin for the GUI, right? like a button that just says "launch i2p-zero" and then switches to a status indicator

fluffypony: That's only from last week?

Those numbers are actually fairly impressive

gingeropolous: we will most likely integrate Tor into the GUI

e.g. by adding it as a submodule and shipping together with GUI

Coudln't there be some crawling going on that would explain these numbers? I find it hard to believe that more than 100 persons download the arm bins *every day*

hmmm.... wouldn't guess one way or another. but there are more ARM-based compute devices in the world than there are PCs

that bin is for android phones only, or raspy too?

android

androidarm is android only

ok still a bit hard to believe but hey nice if true

not just for phones - also for tvboxes, etc. - there's a huge potential userbase, at least an order of magnitude larger than PCs

potential huge userbase absolutely. It's great if already that common or at least played with

dEBRUYNE: yeah last 7 days

and again, those are only times when people hit the CDN and their local CDN endpoint doesn't have the file and redirects them to source

so it's only cache-misses

.merge+ 6983

Added

gingeropolous: ^^ new PR to fix filtering, you might want to update your node

hmm, do I have to add 18080 to I2P seed nodes?

ok, xmrchain.net on that latest hotness

gingeropolous: do you still maintain spn4ef3gddveqxkco6fhh7epyxnvdmei4w6hioiiunfvvljxgcoa.b32.i2p ?

selsta, yes

should I add it to monero-project/monero #6984 ?

sure, it'd be better if it was on the other seed node i maintain though. this server I always forget i have to pay around christmas. so it'll last until christmas

it is easy to setup both i2p and tor on the same server

but yea, we can add your seed node later if you want to add a different one