-
gingeropolous
idea - maybe i can do it, probably someone here can accidentally do this when they poop - basically, get this code:
apollo.open-resource.org/flight-control/noncewatch
-
gingeropolous
and host it and actually keep it up to date
-
gingeropolous
to get fancy, run stats on the data to detect new patterns when they emerge and highlight them
-
Adreik
What statistical patterns in nonces would be considered interesting? Is there a specific banding pattern that would be considered indicative of ASIC activity; why?
-
gingeropolous
usually its anything that deviates from random, or deviates from the existing patterns
-
gingeropolous
and it wouldn't really indicate ASIC activity, but it would indicate that there is something new. It could be a tweaked mining software, or a new mining software, etc
-
gingeropolous
actually, what you could do is correlate the block receive times to the nonces, and see if the quick block sets have different nonce patterns
-
gingeropolous
though the n is probably too small
-
gingeropolous
Adreik, u can check out a lot of the nonce sleuthing that occurred circa 2019 to see how nonce analysis suggested / confirmed ASICs
-
Adreik
Yeah, I remember reading something about that which was why I asked about ASIC patterns in nonces
-
Adreik
Why is there banding in the first place since if it's a cryptographic hash function it should be completely flat distribution?
-
Adreik
(Unless software was choosing non-random nonces to test)
-
rehrar
ok, computers plugged in
-
Prox1
I see we're talking about XMR.
-
Prox1
It's much more private than BTC, but as was said by seth, it's not perfect.
-
Prox1
You should use it if privacy is your main concern.
-
yanmaani
where does the line go between a SPV and a non-SPV node? Is a node which scans but doesn't download the blockchain SPV?
-
Adreik
Is there any way to specify the transaction key when signing a transaction, or is it generated automatically?
-
Adreik
Only generated automatically, I mean
-
UkoeHB_
he left.. what situation would you want to sign a transaction with a different transaction's key?
-
gingeropolous
yanmaani.... i think that difference exists if you think of a wallet connected to a remote node as SPV....
-
gingeropolous
but its not really a node
-
s4rc1na[m]
in your opinion, what is the best exchange service for XMR to € or $?
-
asymptotically
s4rc1na[m]: if you don't mind sending off photos of your id, stool sample, etc., kraken is nice
-
asymptotically
otherwise you might like localmonero.co
-
s4rc1na[m]
but localmonero is trading website and at the end you'll be recognizable through your bank account or paypal or ... and that's something I'm not a big fan of
-
s4rc1na[m]
but sending stool sample is no issue :)) there is shitexpress.com that can do that on my behalf with about 12 bucks
-
charolastra
they should rename it to notsolocalmonero then
-
yanmaani
gingeropolous: Yeah, but what if you'd make it so that the local node downloads a reduced blockchain?
-
yanmaani
Only the stuff it needs the view key to decrypt, adn there's some kind of tree so it can see it's legitimate
-
yanmaani
is that a full or a SPV node? It doesn't check the validity of transactions, but it has all the other trappings of a full node
-
yanmaani
s4rc1na[m]: You can use money orders in the mail
-
gingeropolous
yanmaani, id hazard a guess that what your saying is close to a headers-only sync, and yeah thats possible. Will it ever end up in the monero core software itself? probably not.
-
gingeropolous
but someone can make a standalone client that scrapes the network
-
yanmaani
Well, except for the bit where it needs to be bug-for-bug compatible
-
Adreik
Like Electrum for Bitcoin
-
gingeropolous
yep
-
yanmaani
right
-
gingeropolous
just waiting for that mythical Someone
-
gingeropolous
SomeOne , the Legend
-
yanmaani
yeah but it's not even possible. There can be only one implementation, ever
-
yanmaani
(also it'd require changes to monero)
-
gingeropolous
there's electrum
-
yanmaani
yeah but that has an electrum server
-
Adreik
You could checkpoint the hash at which we RingCT starts being mandatory (new wallets don't need ring member data from before then)
-
yanmaani
and it doesn't do things very securely
-
gingeropolous
naw it wouldn't. i mean, the wallet already is kinda doing that. it just currently discards block information it deems unnecessary
-
gingeropolous
it dloads a block, scans it with keys, and then makes the data go poof afaik
-
Adreik
There can absolutely be multiple implementations of Monero, they just need to be compatible otherwise you get a fork
-
gingeropolous
from a "trusted" remote node
-
yanmaani
gingeropolous: Yeah, but if you want to have only the "is this for me" cleanly separated
-
yanmaani
you wouldn't have to trust the remote node
-
gingeropolous
its the trust thing. you remove actual tx verification, you introduce trust
-
yanmaani
Adreik: Yeah, and they have to be bug-for-bug compatibel
-
gingeropolous
well, u trust the hashes
-
Adreik
Someone could make Monero on brainfuck for all the rest of the network cares
-
yanmaani
gingeropolous: with respect to the miners
-
yanmaani
but you can only do that if the signatures are separated
-
gingeropolous
and i agree.... trusting hashes might be enough. there's been lotsa discussions on this
-
yanmaani
from the diffie hellman things
-
yanmaani
Adreik: No. See Bitcoin's database troubles.
-
gingeropolous
well an spv node wouldn't provide data for new nodes to sync from
-
gingeropolous
that bollucks
-
yanmaani
It could keep a cache of X megabytes
-
gingeropolous
i mean, i guess you could have an unverified data set, and then feed it to someone else for them to verify
-
yanmaani
that's better than the current remote node system
-
yanmaani
It can let it be verified by the hashes
-
yanmaani
"I'd like the block with the hash asdasd1213123123 please" "OK here's some data which hashes to that, this is what you asked for, validation is your problem"
-
gingeropolous
right. l, like i said, its a slippery slope adding those kinds of shortcuts to trustlessness
-
Adreik
Realistically many times you recieve a payment you know what block range it's in, and may even know the transaction hash. So the SPV XMR wallet could request a specific block range, plus some other randomly generated ones for making ring sigs with
-
yanmaani
gingeropolous: Well as long as you trust the miners. If you don't trust the miners, they might as well do a 51%
-
Adreik
No need to download the full block to check every transaction if the user knows what transaction(s) are theirs and where they are
-
gingeropolous
there's a great bitcoin PR thread about this on their github. it set me right about the philosophy of the core software
-
yanmaani
and I imagine you could do fraud proofs - "this mined block is invalid, because this UTXO comes from nowhere"
-
Adreik
The core software shouldn't have it, but it's fine for something like cake/electrum
-
gingeropolous
yep
-
gingeropolous
the core software has one goal. to create the monero network. if the core software doesn't do that, there is no network.
-
gingeropolous
bbbuuuut if it does more, more people will download it and use it!
-
gingeropolous
you say.
-
gingeropolous
indeed
-
yanmaani
No, that's not my complaint
-
yanmaani
something like cake or electrum would be fine
-
gingeropolous
thats what i say :)
-
yanmaani
but you need changes to the actual block format in the protocol
-
gingeropolous
im talking to meself :)
-
yanmaani
to make it secure
-
gingeropolous
i think monero has that in place
-
yanmaani
Oh ok. Yeah, but there's also the second issue: you will need a bug-for-bug compatible re-implementation of monerod
-
gingeropolous
why?
-
Adreik
Not "bug for bug", just consensus rules
-
gingeropolous
an spv node shouldn't be sharing its information
-
yanmaani
gingeropolous: Are you familiar with Bitcoin's database woes?
-
gingeropolous
its effectively your own dumbed down node
-
yanmaani
Adreik: Bugs are consensus rules.
-
gingeropolous
you shouldhn't spread your dumb
-
Adreik
Depends
-
yanmaani
no, always
-
Adreik
If it's a bug with flush-tx pool, for example
-
yanmaani
for a re-implementation to be useful, it has to:
-
Adreik
Or anything else internal
-
yanmaani
1) see all invalid blocks as invalid
-
yanmaani
2) see all valid blocks as valid
-
yanmaani
if it sees a valid block as invalid, it will fork off. That's extremely bad.
-
yanmaani
If it sees an invalid block as valid, that's less bad, because of the miner stuff, but it's still not good. If you're not mining with it, it's acceptable, but bugs can go both ways.
-
Adreik
yes, but a "bug" could also be something like "freezes for a minute if block starts with hash 012", which isn't really as much of a problem
-
yanmaani
That's not what I'm talking about
-
yanmaani
for an actual example, see bitcoin's database woes
-
Adreik
Yes, you are talking about consensus rules
-
yanmaani
yeah, and some of those are bugs
-
yanmaani
and you do not want to fix them
-
yanmaani
Bitcoin has bugs that would cause hardforks if fixed. A successful re-implementation must implement those bugs on purpose
-
Adreik
Monero is not cowardly in the face of scheduled hardforks where everyone agrees that they should upgrade to the latest implementation
-
yanmaani
That's entirely irrelevant here
-
Adreik
Bitcoin can have the first coinbase unspendable or whatever forever, that's their problem
-
yanmaani
if monero has some weird bug, you have to implement it too up until the hardfork
-
Adreik
It's likely moot because the SPV server would share pretty much all the logic from regular monerod.
-
yanmaani
And your implementation will always have flaws. So unless you can maintain a slimmed fork of Monero, it's basically impossible
-
Adreik
With regards to block validation
-
Adreik
The responses to the wallet's RPC requests or whatever would be different of course
-
yanmaani
yeah if the SPV server is just gutted monero then it's fine. But then you can't run it as part of the normal network anymore
-
Adreik
I think there has been a misunderstanding: SPV node (meaning client) vs SPV server
-
Adreik
SPV server would be basically a full node with slight modification in how it responds to requests from wallets
-
Adreik
SPV client will be a heavily modified version of wallet
-
yanmaani
Sure, but then you need that distinction. If you can gut monero sufficiently, you can just have all the nodes be SPV servers
-
Adreik
So backup a minute: what's the main problem that people say is an issue with the current remote node system, that it takes too long to download the blocks and check if any transactions are yours using the private viewkey?
-
Adreik
Or something else
-
yanmaani
that you must trust your remote node
-
Adreik
That's true for any SPV implementation
-
Adreik
To a certain degree anyway
-
yanmaani
Not in this case. You only have to trust miners.
-
Adreik
What are you talking about here, checking the difficulty of block headers?
-
asymptotically
yanmaani: the remote node can't just make up blocks to send you, they still need to be valid
-
yanmaani
asymptotically: With the current system?
-
yanmaani
Adreik: I'm talking about the current system. You could make a trustless one
-
Adreik
If the remote node makes up a valid block that does not have the highest PoW, does the wallet not discard if it sees a higher PoW? I would have thought it would definitely do that
-
Adreik
@Yan
-
moneromooo
The wallet does not. It is the node's job to follow the correct chain.
-
Adreik
Right, so any "monero SPV" should check PoW totals at least
-
moneromooo
(IIRC yanmaani wants a mode where the wallet queries multiple nodes and votes)
-
Adreik
votes?
-
yanmaani
Adreik: It can't right now
-
yanmaani
it only asks one, and from what I understand it trusts it to check the PoW
-
yanmaani
moneromooo: no voting involved
-
yanmaani
simply check highest PoW and assume miners aren't doing 51%
-
Adreik
asymptotically actually the problem with SPV, the defining characteristic is that a node can just make up a garbage block because the wallet cannot check that, for example, the funds haven't already been spent (key images)
-
Adreik
because it hasn't verified the full blockchain
-
asymptotically
Adreik: but the evil node operator would have to spend a lot of energy mining a fake block that they'd get no reward for
-
Adreik
If they're scamming a business they know uses an SPV for a lot it's worth it, which is why for any large amount (large being personal) you ought to use a full node
-
yanmaani
Sure, but that's only a valid deterrent if it asks more than one remote node
-
Adreik
Sybil attacks
-
Adreik
SPV is always going to be less safe, but that's ok because people in different situations with different priorities make different decisions
-
yanmaani
not really, more like eclipse attacks
-
yanmaani
If your threat model is "all the nodes I'm connecting to are bad" then a full node won't help you
-
yanmaani
With proper SPV, it will be safe as long as you have at least one honest node.
-
Adreik
It will reject their garbage block sending you a commitment of 1,000,000 XMR though
-
Adreik
a full node that is
-
yanmaani
You can't just say that SPV is less safe and then apply it across the board
-
yanmaani
sure but so would SPV, as long as it could query nodes and look for the longest chain
-
moneromooo
Hmm. Actually since we can now pay for RPC service, maybe coding such a voting system would not disincentivize running your own node too much...
-
yanmaani
the pay for RPC service is bad, I think. There's never any incentive to pay for it, nor to operate a for-profit node.
-
Adreik
If it can't find the longest chain, or if a powerful miner is against you the SPV wallet might believe it, whereas the full node will not accept their bullshit. But yeah, SPV wallets might be "less safe" but in a supermajority of situations they are "safe enough"
-
moneromooo
That's the point :)
-
moneromooo
Well the first one is.
-
yanmaani
If nobody will pay for it, how can there be any profit to running one?
-
yanmaani
Miners already have an incentive to run validating full nodes, and to run RPC nodes: to get those sweet, juicy transaction fees a few milliseconds before everyone else
-
moneromooo
There's no profit if noone pays for it. There is profit if everyone pays for it.
-
Adreik
The better thing about hash for RPC is as spam prevention for public nodes. Has there even been a recorded instance of a block mined with RPC hashes?
-
moneromooo
So I expect there'll be a push both sides.
-
yanmaani
But why pay for it though? You will always have people who are financially incentivized to run free nodes
-
yanmaani
(miners)
-
moneromooo
Fair point about miners.
-
Adreik
Isn't a mining node also incentivised to choose not to broadcast high-fee transactions to the other nodes until they have a block solved with it? So a remote node user should want to connect to many nodes to broadcast their transaction.
-
moneromooo
Ugh. Mining nodes may be incentivized to spam lots of invalid txes to other mining nodes.
-
Adreik
Or the SPV wallets should connect to other nodes to poll them for their tx pool to check that their remote node has been honest
-
yanmaani
moneromooo: why?
-
moneromooo
To get them to waste cycles on verification.
-
yanmaani
Adreik: that's true, but if one pool is say 100ms earlier that's an edge
-
moneromooo
Anyway. I should not waste time on IRC.
-
yanmaani
probably cheaper to just rent a trillion gigabits of botnet
-
hv-bridge
<xmrig> 356
-
yanmaani
xmrig: what?
-
hv-bridge
<xmrig> cat + keyboard, sorry
-
xmrpow
gineropolous: Concerning our reddit discussion....
-
xmrpow
Maybe pos would not do a better job.
-
xmrpow
What do you mean by massive barrier to the physical?