Hi guys, im currently fiddeling with the monero-wallet-rpc. I want a local running software to use the rpc calls and nothing else. Am i getting that right that it is enough for security to host the monero-wallet-rpc daemon on localhost or do i have to set other param. in order to prevent outside rpc calls?

You can firewall stuff. You can enforce SSL and set a whitelisted SSL cert. You can set a wallet password.

Are you familiar with jtgrassies c pool software?

In this case i think that i have to use the firewall

No.

dvd13, imho as long as you run monerod with --rpc-bind-ip 127.0.0.1 its cant be accessed by outside of your box.

only app in your machine can access this rpc port

i know, but just wanted to be sure;) Thanks

hello

hi

if is need to speed up new blocks creation for new blockchain until some height what to change emission_speed or smth else

anyone here

hi, according to reddit.com/r/Monero/comments/fb9ylj…ak_detection_overload_operators_new that looks like spam here some screenshots of the .pdf. I know there are parts missing, if somebody thinks a specific part inside can be useful i could try to get it. here some screenshots of the .pdf imgur.com/a/h3XNI3n Its not

meant to look like spam.

fiddleitout: hey, I know this is meant to be helpful but Monero has no problems with memory leaks and logging alloc/free is a known technique.

thanks for your feedback, one of my friends already told me this is how you learn to do it in university anyways, ty for feedback

if you have problems with memory leaks perhaps try rewriting it in Rust

logging is resource-intensive. my leak-detector is far more efficient than every other one in existence. github.com/hyc/mleak

it's also perfectly thread-safe while using no locks of its own

Why not just use valgrind?

you're joking, right?

I use valgrind for lots of things. but it's a machine simulator, it runs 100x slower than native code.

a lot of bugs that you'd want help detecting won't even surface when you change the timing of its runtime environment so drastically

valgrind does excellent memory error detection, like detecting buffer overruns

they use a makro in this article , and compare than

but it uses 10x memory to do its job

(along with the 100x cpu time)

when you know you have no other memory errors, using my tool lets you run your program at near normal speed.

if you don't know that all your potential buffer overruns have been fixed, then my tool would be the wrong choice

srsly though, the README is like 3 paragraphs, you could have read that for yourself already

valgrind's machine simulator is also only single-threaded. while it can emulate multi-threaded code, again, it's a major difference in runtime timing behavior compared to native execution.

don't get me wrong - I like valgrind. I've contributed to it. It's a good tool, extremely useful.

but you could never drop it into a production environment to trace a bug, it would be too slow.

you could never use it with real-world workloads...

ASAN's typically better nowadays. Much faster too.

You do have to rebuild it though, so you've got to know in advance.

Yeah but if you use Valgrind already, what's the point? If you have good test cases, it should find all the memory leaks.

valgrind is too slow to use all the time. I only use it for exceptional circumstances.

Well, once you have run it, isn't that enough? If your tests pass with a clean bill of health, that is.

ASAN is decent but can be fooled, particularly by malware. all you have to do is make sure your memory overruns use the same poison pattern that ASAN itself uses.

Can't this be randomized?

It seems like if you have malware in your test vectors, buffer overruns are the least of your problems.

true. anyway that's out of scope for where we started

Also, about thread safety, isn't ml_sh very thread unsafe? I can't see thread local storage being used

it doesn't need to be. it's only used during initialization, and that only happens right after ld.so invokes it.

Wait, so how does it actually find the allocations? I was looking at ml_imalloc..

But if it stores it before the allocation, then how does it actually find any leaks?

O(n) scan over all memory?

like I said, it is only used during invocation/init

yeah but in the malloc() function

here github.com/hyc/mleak/blob/master/mleak.c#L240

again, read the README

I have... I get that the actual data is stored before the allocation

oh it does do O(n) scan?

there's no other way, really. but since it happens at exit time, it doesn't affect runtime performance.

and linear scan of RAM is fast, there's no noticeable delay in shutdown time even for very large program heaps

10GB/s or so?

And upon free() it removes the sentinel I presume

it's only a 450 line file, no need to presume :P