00:31:08 -xmr-pr- selsta opened pull request #6982: workflows: bump msys2 action to v2
00:31:08 -xmr-pr- > https://github.com/monero-project/monero/pull/6982
00:57:34 <gingeropolous> so i gotta make clean? error: ‘class boost::asio::ip::address_v4’ has no member named ‘to_uint’; did you mean ‘to_ulong’?
00:57:34 <gingeropolous>              return epee::net_utils::ipv4_network_address(v4ip.to_uint(), 0).host_str();
00:57:57 <gingeropolous> ima make clean
00:59:01 <moneromooo> with 6981
00:59:03 <iDunk> It won't help :)
00:59:07 <iDunk> ^
00:59:51 * gingeropolous smash
01:00:09 * moneromooo briefly ponders building with 1.64 for laughs then forgets about the idea forever
01:19:52 <Lyza> *exhales loudly*
02:55:26 <luigi1111w> .merges
02:55:26 -xmr-pr- 6981
03:00:19 <selsta> oki can be tagged now
03:29:40 <selsta> vtnerd: can you comment how to enable additional logging to fix this dandelion issue? https://github.com/monero-project/monero/issues/6929
03:29:57 <selsta> or help you find the root cause for this issue
04:49:33 <gingeropolous> ok, xmrchain.net now on release . 6981 fixed the compile
13:31:25 <sethsimmons> So the attacker is fire_ice
13:31:36 <sethsimmons> https://twitter.com/fireice_uk/status/1324312876849549317?s=21
13:32:57 <sethsimmons> Fun times
13:34:27 <sethsimmons> Not sure if I should share on Twitter with my followers to explain, or just ignore him and hope fewer people see it
13:34:44 <sethsimmons> But interesting he chose to use this for a publicity stunt.
13:35:16 <hyc> seems like since he's just trying to grab attention, better to ignore it
13:36:29 <sethsimmons> Yeah that’s the way I’m leaning. Tempted to fight the disinformation but he doesn’t have much of a platform these days so I’ll likely ignore.
13:37:00 <sethsimmons> Well now we know! Thankful Monero protects sender/receiver/amounts even if someone knows your transaction IDs
13:42:39 <asymptotically> the iknowwhatyoudownload part is pretty weird
13:43:17 <Inge-> how is that weird? He is seeing the IP address the tx likely originated from, and combining with iknowwhatyoudownload based off that IP
13:43:29 <dEBRUYNE> What does it do exactly? Cross-reference IPs against IPs that occurred in the torrent scene?
13:43:31 <sech1> ok he can collect tx <-> IP pairs, but it's an IP of a monero node, not that one of a user
13:43:39 <Inge-> yeah pretty much
13:43:41 <asymptotically> Inge-: i mean weird he would choose to do that
13:44:14 <sech1> many run their nodes locally though
13:44:19 <sech1> using GUI wallet, right?
13:44:25 <Inge-> You are recommended to run your node locally
13:44:38 <sech1> I prefer a dedi server running 24/7
13:45:09 <hyc> sure, but it's easy to see who owns a dedicated server
13:45:14 <Inge-> This will definitely bubble up in places, and will create concern regarding Monero privacy. Having an article explaining the attack and its consequences and workarounds would be prudent
13:45:31 <sech1> It was known all the time (c)
13:45:42 <sech1> I mean it's obvious IP addresses can be tracked
13:46:02 <Inge-> sure, but for most people this is very abstract until IP addresses and porn preferences are published :P
13:46:10 <hyc> lol
13:46:46 <sethsimmons> A well written post about this and the Monero dev response is important IMO.
13:46:52 <sech1> Monero can be used over TOR anyway
13:47:34 <hyc> it is the reason there was a kovri project after all, we all knew it was a weakness
13:47:45 <Inge-> In a sense something to be thankful about - is this really the best attack out there? And while good for a PR stunt, it just illustrates the need for protection on the network layer - protection that exists, just isn't highly adopted yet.
13:47:50 <sech1> I guess he went public after recent PR activity on github. His spy nodes are not secret anymore
13:49:04 <hyc> the fact that kovri project failed to deliver is certainly a setback for us, even if there's i2p-zero now
13:51:13 <hyc> yeah, most likely reacting to recent PRs, now he'll have to do some more coding if he wants to continue spying
13:52:41 <Inge-> please voice ErCiccione[m] in here, someone who can
13:53:44 <Inge-> ErCiccione[irc]: <-- this one
13:54:29 <Inge-> moneromooo: can you do his irc nick too? ErCiccione[irc] <-
13:55:03 <ErCiccione[irc]> Thanks inge- moneromooo
13:55:45 <ErCiccione[irc]> I too think an answer would be appropriate. I think this is going to make some noise, which i think it's his point
13:58:05 <dEBRUYNE> Inge-: This particular attack was already documented in the Breaking Monero series..
13:58:28 <sech1> Dandelion should mitigate it somewhat
13:58:36 <sech1> he can't intercept 100% transactions
13:59:02 <dEBRUYNE> Anyway, would be worthwhile yes to post a write-up on how these trollnodes disrupted the network and potentially obtained information regarding IPs associated with transactions
13:59:28 <ErCiccione[irc]> but i wouldn't post it on getmonero
13:59:44 <ErCiccione[irc]> medium or something "less official" would be better IMO. Even just a detailed post on reddit
13:59:54 <Inge-> dEBRUYNE: oh I'm in no way implying it is in any way new or unknown. It has long been clear that your ISP could do this, and seems reasonable that malicious nodes could too.
13:59:55 <ErCiccione[irc]> signed by the "monero dev community"
14:01:31 <Inge-> doesn't even need to be that formal I think. It has already been descripbed, so anyone could make a reasonable reddit post explaining what it does, how it affects privacy, what can be done to avoid it, earlier references to this attack and other things on Breaking Monero, and if any specific steps are being taken moving forward?
14:02:12 <dEBRUYNE> ErCiccione[irc]: I think a PSA on Reddit would suffice
14:02:21 <dEBRUYNE> In conjunction with the new release that will include mitigations
14:04:15 <charuto> is reddit supposed to be the main channel of communication instead of the website?
14:04:49 <dEBRUYNE> No, but posting it on the website would exaggerate the gravity of the attack, imo
14:05:07 <ErCiccione[irc]> yeah
14:05:34 <ErCiccione[irc]> at the end is doing the usual fireice stuff. Pump a claim to the extreme trying to pull people to check out Ryo
14:05:57 <Inge-> but but but .... ryo is the exact same. Just with fewer nodes and transactions
14:06:39 <ErCiccione[irc]> Bullshit. Ryo is the light at the end of the tunnel. Monero is a cult made by neonazis who hate children and steal candies in the night
14:11:53 <ErCiccione[irc]> "over a year worth of logs and the source code is available for sale". He actively attacked the network and now he is selling the source code. Isn't that selling malware?
14:13:04 <moneromooo> Can we keep fireice stuff out of here please.
14:14:40 <ErCiccione[irc]> I considered the discussion dev-related, but i see how this could be more appropriate for -community or monero
14:15:20 <sethsimmons> Sorry I don’t have voice in -community or might have shared there first, but thought it was relevant to the dev work ongoing for AHPs
14:15:32 <sethsimmons> Didn’t mean to derail the topic this much, my fault 🙂
14:15:38 <moneromooo> Some of it might, but the last few lines definitely weren't.
14:16:49 <ErCiccione[irc]> fair enough
14:18:38 <ErCiccione[irc]> dEBRUYNE could you give voice to this handle and HavenofnBridge in -community?
14:24:13 <moneromooo> Alternatively, keep the hoopla out and continue here.
14:25:46 <dEBRUYNE> ErCiccione[irc]: Done
14:26:11 <ErCiccione[irc]> thanks
14:42:45 <selsta> should we add the tor / i2p seed node PR to this release?
14:43:25 <moneromooo> If it's not yet, sure.
14:45:21 <selsta> vtnerd: can you PR 6897 against release branch?
14:47:21 <selsta> moneromooo: I assume https://github.com/monero-project/monero/pull/6874 will not be required now, apart from the "p2p: add a tor seed" commit?
14:48:01 <moneromooo> I assume so.
14:55:47 <gingeropolous> <hyc> the fact that kovri project failed to deliver is certainly a setback for us, even if there's i2p-zero now >>> aye. maybe this will light a fire under making kovri/i2p happen?
14:56:17 <gingeropolous> i mean, the kovri code is still there, right? there are functional pieces of a c++ i2p router
14:56:30 <selsta> It does not make sense to continue Kovri.
14:56:32 <hyc> is it worth the effort, if i2p-zero works?
14:57:10 <gingeropolous> i2p zero works, but its not as easy as if it was in the monero code. i mean, i have i dunno how many nodes. i think i have kovri running on 1
14:57:17 <gingeropolous> i mean i2p-zero
14:57:24 <gingeropolous> whatever. the i2p protocol / router
14:57:40 <gingeropolous> and if i can't muster the patience to get it working, imagine your average GUI downloader
14:58:05 <gingeropolous> its default or its useless
14:58:06 <gingeropolous> end of story
14:58:07 <hyc> I suppose. sure, if it takes more than one or two steps
14:58:39 <selsta> IMO integrating Tor directly into the wallet makes more sense, I2P takes multiple minutes to initialize.
14:59:56 <hyc> tor isn't instantaneous either
14:59:59 <gingeropolous> so does refreshing a wallet :)
15:00:26 <selsta> from my experience Tor only takes a couple seconds.
15:00:47 <hyc> IMO integrating tor with the wallet is fine, if "integrating" means "provide a canned shell-script to invoke wallet with torsocks"
15:00:59 <gingeropolous> yeah, i mean running bisq is pretty painless. that does everthing over tor right?
15:03:14 <gingeropolous> but ultimately an i2p/tor enabled node coudl still blackhole a dandelion stem if its first in the hop. though i guess thats a different problem
15:03:29 <gingeropolous> and the initiator can also fluff so nvm
15:05:32 <hyc> so what would it take to have a turnkey tor operation? seems like we need to bundle the tor daemon
15:05:59 <hyc> I don't see much value in duplicating/forking that code just to somehow merge it directly into the monero codebase
15:07:13 <hyc> but we could setup reproducible builds for it, and bundle the resulting binaries
15:11:38 <hyc> then what - do we make a decision to just abandon using clearnet for tx propagation?
15:13:15 <hyc> does it make sense to do what was discussed before, txs over tor, blocks over clearnet? that means keeping double the number of peer connections, really
15:15:01 <hyc> seems better to just totally abandon clearnet
15:15:29 <hyc> with fluffy blocks, that shouldn't be a big deal. ?
15:15:54 <selsta> blocks over Tor will make it even easier to sybil attack
15:16:56 <selsta> we mostly care about tx <-> ip so just tx over Tor / I2P makes sense, else keeps latency down
15:17:01 <selsta> also*
15:17:04 <hyc> ok
15:18:54 <hyc> so - are we going to build our own tor binary? that seems the next step
15:19:37 <hyc> then - do we set it up on a different port, and use it unconditionally?
15:19:57 <hyc> or do we check for an existing tor on the standard port, and only use ours if there's none already there?
15:25:27 <moneromooo> FWIW I PRed 6947 a week ago to run with tor automatically. Needs tor installed though.
15:29:36 <hyc> wondering if that's good enough. relying on users to know how to install tor?
15:29:45 <hyc> probably not going to fly for windows users
15:30:22 <moneromooo> Fair enough. Someone else can do something for windows.
15:30:34 <hyc> any guesses if our user population is still primarily windows? or maybe windows users running tor inside a linux vm
15:30:38 <selsta> IMO we have to fix this issue where outbound connections drop with I2P / Tor
15:30:52 <selsta> then we can look into how to bundle Tor
15:31:27 <selsta> I still get "Lost all outbound connections to anonymity network" once an hour or so
15:31:29 <hyc> I thought the conclusion was the outbounds drop because there are too few of those peers around?
15:31:37 <gingeropolous> fluffypony, anyway to see which binaries are downloaded the most from getmonero.org?
15:31:50 <selsta> hyc: possible
15:31:57 <gingeropolous> sorry, any way to see.
15:32:35 <hyc> my node has no outbound tor connections, many inbound
15:32:38 <gingeropolous> or perhaps pigeons ?
15:32:59 <selsta> mine has 2 outbound currently, but they drop sometimes
15:33:18 <hyc> I don't think I've had any outbound in many days
15:34:03 <hyc> I wonder if restarting/wiping p2pstate would help
15:35:39 <selsta> anyway, I think CLI users can start Tor/I2P manually fine. Same way they start daemon manually. Bundling is more interesting for GUI.
15:36:50 <gingeropolous> m2049r, any chance tor/i2p could be bundled into monerujo?
15:37:32 <fluffypony> hmmm
15:37:37 <fluffypony> these are cache-misses for the past week, gingeropolous
15:37:38 <fluffypony> 1. /gui/linux64 - 5.6k
15:37:38 <fluffypony> 2. /gui/win64install - 4.1k
15:37:38 <fluffypony> 3. /gui/mac64 - 3.8k
15:37:38 <fluffypony> 4. /gui/win64 - 3.3k
15:37:38 <fluffypony> 5. /cli/win64 - 1k
15:37:39 <fluffypony> 6. /cli/linux64 - 0.7k
15:37:40 <fluffypony> 7. /cli/androidarm8 - 0.7k
15:37:41 <fluffypony> 8. /cli/mac64 - 0.5k
15:38:31 <fluffypony> I would expect the data from the CDN is similar
15:39:04 <gingeropolous> awesome, thanks! so yeah looks like GUI's gotta happen to be useful
15:41:30 <gingeropolous> i2p-zero could be a plugin for the GUI, right? like a button that just says "launch i2p-zero" and then switches to a status indicator
15:42:23 <dEBRUYNE> fluffypony: That's only from last week?
15:42:29 <dEBRUYNE> Those numbers are actually fairly impressive
15:43:28 <selsta> gingeropolous: we will most likely integrate Tor into the GUI
15:43:52 <selsta> e.g. by adding it as a submodule and shipping together with GUI
15:44:09 <binaryFate> Coudln't there be some crawling going on that would explain these numbers? I find it hard to believe that more than 100 persons download the arm bins *every day*
15:47:56 <hyc> hmmm.... wouldn't guess one way or another. but there are more ARM-based compute devices in the world than there are PCs
15:50:01 <binaryFate> that bin is for android phones only, or raspy too?
15:50:14 <selsta> android
15:50:14 <hyc> androidarm is android only
15:50:51 <binaryFate> ok still a bit hard to believe but hey nice if true
15:50:57 <hyc> not just for phones - also for tvboxes, etc. - there's a huge potential userbase, at least an order of magnitude larger than PCs
15:52:45 <binaryFate> potential huge userbase absolutely. It's great if already that common or at least played with
15:53:27 <fluffypony> dEBRUYNE: yeah last 7 days
15:53:56 <fluffypony> and again, those are only times when people hit the CDN and their local CDN endpoint doesn't have the file and redirects them to source
15:53:59 <fluffypony> so it's only cache-misses
16:22:46 <selsta> .merge+ 6983
16:22:47 <xmr-pr> Added
16:31:08 -xmr-pr- moneromooo-monero opened pull request #6983: p2p: fix endianness when checking IPv6 addresses mapping to IPv4
16:31:08 -xmr-pr- > https://github.com/monero-project/monero/pull/6983
16:45:02 <selsta> gingeropolous: ^^ new PR to fix filtering, you might want to update your node
17:31:08 -xmr-pr- selsta opened pull request #6985: [release-v0.17] net_node: add tor / i2p seed nodes
17:31:08 -xmr-pr- > https://github.com/monero-project/monero/pull/6985
17:31:09 -xmr-pr- selsta opened pull request #6984: net_node: add tor / i2p seed nodes
17:31:09 -xmr-pr- > https://github.com/monero-project/monero/pull/6984
18:04:26 <selsta> hmm, do I have to add 18080 to I2P seed nodes?
18:04:53 * selsta tries it
19:11:12 <gingeropolous> ok, xmrchain.net on that latest hotness
20:01:08 -xmr-pr- woodser opened pull request #6986: Balance includes unconfirmed payments
20:01:09 -xmr-pr- > https://github.com/monero-project/monero/pull/6986
21:14:15 <selsta> gingeropolous: do you still maintain spn4ef3gddveqxkco6fhh7epyxnvdmei4w6hioiiunfvvljxgcoa.b32.i2p ?
22:20:17 <gingeropolous> selsta, yes
22:20:33 <selsta> should I add it to https://github.com/monero-project/monero/pull/6984/ ?
22:22:46 <gingeropolous> sure, it'd be better if it was on the other seed node i maintain though. this server I always forget i have to pay around christmas. so it'll last until christmas
22:28:00 <selsta> it is easy to setup both i2p and tor on the same server
22:28:38 <selsta> but yea, we can add your seed node later if you want to add a different one