Where is the bad peer list for monerod? How do I incorporate that into my monerod?

gui.xmr.pm/files/block.txt; --ban-list <filename>

And since someone mentioned it looks centralized, here's one I just made, that's very incomplete, from my own logs: paste.debian.net/hidden/3de24812

I removed my logs earlier today so not much to go :) It's like 25% of the whole set.

moneromooo: can i get the full set pls?

Sure. Open the first link in a browser.

got it

done

jjjjjjjjjjHoward Chu

@hyc_symas

·

59m

Dear @Twitter

that could have been a lot worse, lol

cryptodigianarcapitalist Choose your money jjjjjjjjjjjjjjjjjjjjjjjjjjjjjikkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk

kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkHoward Chu

@hyc_symas

·

59m

hi

ho

Does sb know what the issue could be for the following problem: Im running a remote node and it is constantly not synced, because it is always two blocks behind. I do use the v17.1.5. I never had this issue before. Im running the monerod in a vm. Could the issue be limited io performance?

My guess is that you are unlucky and have connected to a number of "asshole peers" that are running a sybil attack and not relaying blocks

xmrpow: try using a known good remote node (e.g. supportxmr or xmr.to or some such).

Ok. So increasing incoming peer connections should solve the problem?

if you are running a node, then I think increasing connections (incoming or outgoing) gives you more chances of finding good nodes. adding the banlist would also help a lot

<@moneromooo> gui.xmr.pm/files/block.txt; --ban-list <filename>

Since when do these kind of attacks appear? I never had sth like that before.

past few months

weird thing is that I dont get more than 50 connections even when I set it to 500...

default is like what, 8 ?

I think it was sth between 10-20...

How long does it normally take to find new peers?

No idea

Back when I was running xmrpow.de I had no problems getting 200+ inc connections.

I dont get it why I cant get more than 30 inc connections. Does sb else have any idea ?

hyc's opsec probably compromised by cats

hyc's cats are level 80 hackers

they type his password first to unlock pc, then wreak havoc

Strange thing seems to be happening with monerod; I let it run overnight to download the blockchain, but now it never fully syncs and is always 2 blocks behind. When I restart it it seems good for a while, but according to the gui client it's constantly stuck at 2 blocks remaining.

It's also spitting an error in bitmonero.log each time.

lkhd: reddit.com/r/Monero/comments/k3hoew…you_run_a_public_remote_node_please

There's a suggestion there

Thank you, I'll leave it running for a bit with the ban list and see how it goes.

Seems good now. Thanks, dEBRUYNE!

what does it mean if show_transfers shows a transaction as "pending"

does the network have it already?

Pending means it hasn't been mined yet

but i remember seeing the message that a transaction is "pooled"

It gets to the memory pool first, then it will be mined

look for your transaction's hash in the transaction pool: explorer.monero.fyi

pending is for txes you send, pool for txes you did not.

It's crazy how Monero is #16, and not even near Litecoin anymore. Why do you think that happened moneromooo?

How much does it cost to 51% Monero? Is it low compared to LTC?

Litecoin mining is dead

so is xmr

Kronovestan: How so?

It doesn't seem dead to me.

It seems quite alive, in a community sense.

it's not profitable by any means

I heard that, why is this happening?

randomx

So how do you get out of this rut?

They're not gonna.

Maybe the asic resistance meme wasn't really the way things work?

They want the coin to be hard to mine. Just like BTC is annoying now.

Why won't "They gonna? lol

matthewcroughan: what exactly did not work?

selsta: The idea that everyone should be able to mine on their home computer.

RandomX did not guarantee profitable mining

selsta: The result of this is less seeders for the torrent ;P

1 cpu 1 vote kinda thing but they did not think about 100+ cpu farms some people have.

They don't make as much money as they would like to = Monero is dead. lol

imagine if we took a torrent client and said only residential IPs are allowed to seed

it guaranteed ASIC resistance which it successfully did

r/moneromining is alive in comparison to the litecoin mining sub

Yes, but did you read what I said?

We haven't become more inclusive by using randomx, we've become exclusive.

litecoin still exists?

matthewcroughan: who did we exclude?

everyone with a computer can mine

it has to be a specific type of computer

you are free to create a RandomX ASIC

you're forgetting that it's not 1 cpu 1 vote

ARM CPU, Intel CPU, AMD CPUs all can mine RandomX

everyone with enough money to mass huge farms can still do so

yes, but they now have to be special farms

farms that are limited by nature of GPU markets, CPU markets

this has limited the scope of participants

ridiculous claiming that RandomX is exclusive and a specific ASIC would be inclusive

selsta: it is, in a roundabout way, exclusive

like the one AMD dev's workstation that earns him a couple xmr over night

because ASICs aren't limited by these real world markets in the same exact way, it'd be a larger pool of participatns

that's rare for most people

their point is not to make the coin inclusive/exclusive, but to make money. They don't make as much money as they would like to, so they shit on it. It only menas randomx is working

FPGA mining would also be nice.

matthewcroughan: you can ASIC and FPGA mine RandomX

Because there just aren't enough CPUs/GPUs to go around

nothing stops you

you're also forgetting that people's CPUs/GPUs are terrible

at least FPGAs/Asics would offer a natural curve of progression

"AMD dev's workstation that earns him a couple xmr over night" <-- I call it total BS

you know how XMrig competes with other miners to become more efficient?

People are stuck with their crappy CPUs/GPUs, so they're not participtaing anyway

now, only the people with the luxury of exposure to better CPUs/GPUs participate

troll

yeah

the luxury of exposure to good cpus/gpus is *harder* than exposure to asics/fgpas

Because there's less of them to go around

I can buy parts and built Ryzen 5 3600 rig for $450

even if I don't go looking for cheaper used parts

How is that exclusive?

selsta: you can't get access to an epyc cpu though, can you?

The performance range of all CPUs is absolutely massive

there are CPUs that aren't worth mining on, and they dominate the available options.

why would I buy epyc CPU for mining?

Can you prove to me that the range of CPUs that are worth mining on, isn't the same as ASICs?

A class of expensive CPUs that are hard to buy.

At the very least, can you not agree that it has taken the profit out of mining in a way that disincentivised the creation of rigs to do it because of the cost of expansion?

the cost of expansion is much greater, the required componentry is less plentiful, and varies massively in large quantities. You would struggle to build homogenous rigs.

And this is good

I don't want to see massive CPU farms for Monero

The homogenaity of a fleet of miners is important structurally for anyone running an operation.

sech1: Fair enough, but then doesn't this make mining for profit less feasible?

No

Buy a PC for other tasks, mine in background

More miners, more decentralization

Pls no CPU farms here

Mining for profit becomes disincentivised, which makes it stagnant.

Stagnant means mining is barely profitable for everyone, if at all.

That's equality, that's egalitarian .

It will always be barely profitable

as soon as price rises, more miners will join

Yes, for everyone

because millions of Ryzens have been sold so far

whereas asics make it profitable for a few

and it's funny to see that people are unhappy with the result of true equality ;P

Everyone got equally poor, sweet

because now nobody has an advantage, and it's destroying the market

it will remain to be seen whether this is really bad, I don't know if it is

but on the surface, it would seem like incentivising security of the network is a large priority

I said already, I prefer to see tens of thousands of hobby miners rather than a couple dozen corporate businesses mining Monero

if there is no gold rush to be a part of, I don't see the point of mining monero

So don't mine Monero and GTFO

bitcoin has a perpetual gold rush for example

so that's why miners expand, but here it's likely that the network will always have a low hashrate because nobody is incentivised to set up a large operation

if there is no gold rush to be a part of, I don't see the point of mining monero -> Monero was not created to make miners reach. If you don't see the point of mining if it doesn't make you rich, you are probably in the wrong place

And who actually knows if it's good or bad to have some element of centralized mining in the way BTC does?

Monero daily rewards is around $100k

Bitcoin daily rewards is around $20M

you won't see large operations with these numbers

Is there an equasion to take the amount of centralization in BTC mining and compare it to Monero?

Just comparing the hashrates and adjusting for algo isn't good enough

what exact problem you're trying to solve?

if attempting at all

None, I'm just very curious

I want to know if the security, based on decentralization of mining, rather than raw hashrate,

-if

because clearly monero looks very very insecure based on hashrate alone, but that is not the full story

why would monero look very insecure based on hashrate?

compared to what?

Monero network hashrate requires 3 of top 5 supercomputers combined to 51%

how is that not secure?

sech1: that's an arbitrary metric, "3 of 5 supercomputers" lol

what metric are you using?

matthewcroughan: Looks like most of your points are backed by feelings, not actually numbers

You got access to 4 of top 5 supercomputers at your fingertips? lol

sech1: I don't know what constitutes a supercomputer in terms of hardware

vs a regular computer

randomx doesn't care how powerful your computer is, isn't it based on available cache?

so what metric are you using to claim the hashrate is very very insecure?

Hi! I'm experiencing something strange. Using monero-gui 0.17.1.5 on macos. After a few moments from starting, the "waiting to sync" clears and "daemon blocks remaining" hovers around 2. Yet, the monerod status shows up-to-date. Is this the best place to ask what may be up?

dharrigan use block list from selsta, this is malicious nodes reporting fake block height

sech1: I guess I do not have one, I thought it was but I was wrong :/

1.61 GH

are there any other chains running RandomX we can compare to?

Ah right, I do have that downloaded, let me configure that (I thought I had, but I may have fscked up somehwere.)

^ latest version, download and add --ban-list /path/to/block

to you daemon flags

List of RandomX coins: miningpoolstats.stream/monero

the next release will have so mitigations against this attack

other RandomX coins are orders of magnitude smaller

yes, that's crazy

well then I'm now wondering what people are complaining about ;D

out of interest, what *is* the profitability of mining now?

$0.75-0.8/day for my Ryzen 3700X

this is at 10.34 kh/s

that's pretty low, considering power fits in

It's not a mining rig

I'm pretty sure some people with a bunch of AWS credits or whatever have at a couple of points controlled >51% of the hashrate

Lyza no, they had less than 1 GH/s max

oh yeah that's another thing, when you open it up to CPUs, you can do shit like that

around 40% of the network at peak

because the markets already exist

kinda funny :D

Oh okay so they only had like 40% of the hasrate, hooray :/

omg

Network is bigger than it was back then

that's totally it, people who have the money **still** get to play more than everyone else

In July/August it was 1.2-1.3 GH/s when that AWS attack happened

so what did randomx solve if you can do that?

that's pretty bad for just being some bloke with some AWS credits, is all I'm saying

matthewcroughan: you can also 51% attack ASIC controlled networks

randomx did not solve the issue, and made everyone equally poor

RandomX did not claim it is 51% proof, no PoW network is

selsta: you can't buy asics for bitcoin fast enough to 51% it lmfao

It'll become more secure as the price rises

you can buy CPUs on amzn fast enough to 51% xmr

Hashrate will grow naturally

100% of the asics that will mine BTC are mining BTC.

1.6 GH/s now, higher than it was in summer (not counting AWS/Azure hackers)

0.1% of the CPUs that will mine XMR are mining XMR

anyone can come along and buy 99.9% of the CPUs

Do you see what I am saying? The hardware that exists to mine BTC is bottlenecked by physical manufacturing limitations

and all of it is being used *to mine* today.

yea, it is easy to buy 120k CPUs and then attack monero

And how much would it cost to buy 99.% of CPUs? Probably more than what 51% would give

everyone can do it from home :D

let me just say I'm not on board with matthew here about "making everyone poorer" or whatever and I like the idea of RandomX.... but at least with bitcoin, probably 80% of the ASICs that exist are already mining and the ones that aren't are old as shit. When the network is commodity hardware, though, and <<1% of it is directed at your PoW, it's relatively easy to bring on, say, another 2% and dwarf the legit miners. Compared to if you wanted to 51% an ASIC

coin and had to first acquire / manufacture a bunch of ASICs

sech1: the existence of that AWS attempt proves you are incorrect

it's not as dramatic as what I am saying

but it *is* doable, compared to BTC, which would require innovation in manufacturing process to accomplish lol

it was a hack, not a direct buy

the same spike in owned hashrate requires industrial activity with BTC

physical activity, rather than spinning up VMs in a datacenter of available silicon

Bitcoin is 150x the market cap, it obviously is more secure against 51% attacks

The same exclusive access provided by money that you get with Asics is available on Monero today. It's called buying CPUs from a cloud provider :D

Last I heard, you need to pass KYC to buy BTC miners. Your country's customs can block it. Or confiscate it.

How is this any less exclusive than the asics though?

sech1 I think that's missing the point. A single entity, Amazon, and probably others like Microsoft, not to mention governments, could pretty trivially launch a 51% attack. And yes, the Monero network is a ton smaller than the bitcoin network, but even accounting for scale, I think the weakness being highlighted here persists

It depends. No one knows their full capacity, maybe that 900 MH/s miner was already mining at the limit

and back when we had ASICs ASIC manufacturers had like 80-90% of the whole hashrate

and that was before they even announced the ASICs

900 MH/s is several times more than top supercomputer (on RandomX) already

sech1: if it was their full capacity it would have made mainstream news

like, Amazon would have made a press statement

yeah I agree I'm not really arguing for ASICs per se, I'm just saying that the highlighted issue seems... you know, real

selsta: all working again. thank you kindly! :-)

no the full capacity, but more likely full "dormant" capacity

Their cloud is actively used by... everyone?

it certainly concerned me to see basically one entity contorl ~40% of the hashrate Idk how it could not legitimately concern everyone

They can't just stop everything and attack Monero

No but there is an available attack vector for anyone with the money

with asics it's not that simple

that's all I'm saying, it's far simpler to attack XMR, all you need is money

Lyza, it's not much a concern because it's costly to do so without some particular purpose that would guarantee roi

with BTC you need more than money to attack it

With BTC it's simple. Just pay the existing miners more to point hashrate at your pool

You just need to offer enough money

sech1: that cost is exponentially higher than the easier methods

so the result is that people just play the game

paying existing miners more than the mining? Wtf? Just mine yourself and make some btc lmfao

If XMR costed $19k today, network hashrate would be... 200 GH/s

try attack that

It all depends on daily rewards of the network

And it would consume 10,000x more power than BTC

Don't just compare BTC and XMR. BTC daily rewards are 200 times higher

and there would be absolute outrage about how XMR is destroying the planet

I don't see how it would consume more power that doesn't make sense

Really? Tell me how BTC ASICs are not destroying the planet

CPUs at least can be used for everything else

Because the kind of units doing the work are less efficient

and mine in background

The money people spend to mine, including on elericity, is going to approach the block reward it can't sustainably be any higher

If XMR was 19K, there'd be farms.

"less efficient" is relative

And those farms would be gargantuan.

You could mine BTC with a single PC

if everyone agreed to that

efficiency only matters in mining in that it gives you a competititve advantage, it doesn't actually make anything more "efficient" in terms of securing the network

Bitcoin ASIC most likely get thrown out after they are not profitable anymore.

yeah, and the result would be funny, because the hardware isn't purpose built

so it would be funny to see warehouses filled with x86 pcs

CPUs can be used for a long time.

No matter how efficient your ASIC is, it will always balance at certain $ income per kW*h spent

efficiency only matters if your ASIC is more efficient than others

I see a lot of space for Monero mining to expand into businesses and such directing their excess CPU capacity at mining, versus dedicated farms

under that scenario it's in a sense a tool to reduce waste: wasted CPU cycles

I mean that's basically how I used it, every CPU I have mining Monero is also responsible for other tasks

Question: do nodes have a way of detecting and ignoring bad peers on the fly? Kinda like i2p does by auto-banning bad peers for x amount of time (which can vary from a few hours for minor stuff to 6 months for malicious stuff)

Or is the static banlist the only way for now?

It is possible to detect specific behaviour, but the attacker can simply change behaviour to circumvent it.

We could compare how long a node says it has a greater blockheight than us vs how long it waits to send us the missing blocks

^ does this basically

we will include it in the next release

I would like to take this opportunity and thank fireice_uk for tirelessly testing the reliability of the Monero network :)

Cool! That way we won't need to manually maintain banlists, we can just let nodes decide on their own who's misbehaving

The best is probably a combination of ban list and automatic detection.

If you know a list of malicious nodes there is no reason to not ban them.

Can't check the code rn: is there an extra penalty for repeat offenders? So first kick is, say, 10m, second 1h, third 1 day, so on

The attacker will turn any behaviour off that gets them banned anyway as it would make the spying useless.

Hello everyone

Okay, to give you an update. A new telegram group was created, because I saw something that probably is not what I saw. But anyway there's an uncensored chat that is hard to drive. The other group is called @get_monero.

Ultimately, a spy cannot be detected. This one only can because he's being obvious about it.

Was thinking nodes could also share blacklists among eachother to add extra 'penalties', so when you detect a bad node that somebody else warned you about already you immediately go for harshed punishments.

But I'm guessing that would be prone to abuse if an attacker manages to DoS a legit node while also misreporting it as malicious

This other chat is handled by me, I'm who is riding it. Before the uncensored became what it is now I know moderators wanted to create a group where a more open discussion could be for those interested.

Ryo community reached me, told me they wanted to help out. I know this topic is hard as it sounds. They are there and they want to help out and take the conversation into another level.

<lh1008[m] "Ryo community reached me, told m"> Sus af

Given the blatant conflict of interest

Fireice just wants us too stop fighting because the same issues Monero has Ryo could have.

He asks if he could just not be banned at sight.

<endor00[m] "Sus af"> Well, I don't have conflicts with the community.

uhhh the dude is actively attacking the network, how's he talking about he wants to stop fighting. he's the only one fighting as far as I can tell. everyone else is just minding their damn business

<lh1008[m] "Fireice just wants us too stop f"> could not, Ryo has, the same issues monero has ryo has

Every time we tried to talk to him, he ended up being an asswhole to us. Fool me thrice, etc. And now asking not to be banned or countermeasured when actively misbehaving ? You gotta be kidding.

<lh1008[m] "Well, I don't have conflicts wit"> I mean from the Ryo side, given that its origin is to explicitly show how bad Monero is and the ongoing network attack

<Lyza "uhhh the dude is actively attack"> Yep, but the only way to find a solution is to find where we're vulnerable, and he found it, so he knows something we don't.

I know this is hard

For me is harder, I would have just ran

Forget about it, but I couldn't

<lh1008[m] "He asks if he could just not be "> Even assuming genuine intent (which at this point is hard to believe), there's a difference between not getting banned on sight and being given mod powers over a community

Classic bipolar disorder, or just hypocrisy? Can FUK stop attacking the network, for starters?

I'd rather not, it's useful.

he doesn't and he doesn't want them, he just said please don't ban at sight

he crossed the line

<moneromooo "I'd rather not, it's useful."> tha attack?

ban at sight is the best line of behaviour

<sech1 "he crossed the line"> yes, I know

Well, unless he happens to findsomething bad I guess. But so far he gets his kicks I guess, and we make the network a little bit better. So all win.

yeah stopping with the active attack against the network would be a nice as a sign of good will, otherwise, pfft

Thing is, one day someone actually dangerous will attack, and it's best we tweaks things before that happens.

<moneromooo "Well, unless he happens to finds"> Yep, that's it. I know we can, and I told them we don't need them, but I'm just trying to fix a broken relation, this might be stupid I know. But it happened, here we are today.

But yeah, for most poeple banning is the best thing, definitely.

moneromooo if you put it like this, then yeah...

let the guy play with his 165 fake nodes :D

Okay, I understand. No hard feelings. The chat is open to everyone anyway.

Thank you all for your answers, I won't talk about this any more.

Have a good day. :)

I mean I appreciate your intent the guy just hasn't done anything at all to demonstrate any good will or change of attitude as far as I can see

I'm not even in telegram :D

<Lyza "I mean I appreciate your intent "> Well, he stopped posting it in the uncensored

In the end, we just want to be left alone. We don't have to deal with anyone we don't feel like dealing with. Basis of freedom and privacy. Why we fight to keep a private comms system with tor, and now private money system with monero.

<Lyza "I mean I appreciate your intent "> Repeatedly over the years, I might add

We just want others to stop yapping at our heels at every step of our way in life.

Okay, that's good enough for me.

Thank you moneromooo

:)

And there's always people who'll try to spy on you, tell you what to do or not do, etc. Usually govt spies. But not always.

We just need more people to smell the coffee and start using privacy tech. Tor's getting a bit out of that shitty criminal pigoenhole, though of course plenty of little shits will use it for no good.

I guess I'm here on IRC which is pretty public, but hey. Choice.

We gotta be thankful for those people who give us the tools we need to try and effect that "being left alone" part. So thanks al cypherpunks to date.

We all build on each other's shoulders. To mangle a quote.

And yes, so many would have us fail, for reasons we won't get into. One day, hopefully before I die, privacy will again be seen as a right and not a suspect activity.

But until then we'll just have to contend with all calibers of malcontents, from simple asshole to govts looking for total information awareness on poor little us.

That's my goal in life. To be left alone, and to choose who I associate and deal with.

Choice, and consent.

One day, maybe. Hopefully to come before I die of old age.

But even if I do, others will build upon what we do here.

So we help, even if in a small way.

And future genrations have a little better chance to get through to a world where their privacy is once again respected.

How old are you moneromooo ?

:D

Well, hopefully you're an Indian cow.

Have you ever seen an Indian Steak House?

Do you thnk I'd have lived this long if I had ?

:D

lh1008: cannot answer in -community so i'm doing it here: "We are more opened to discussions about vulnerabilities and to reach more communities" What does this mean? do you feel the community is not open to discussions about vulnerabilities?

Because being "more open" imply we are not actually that open, and i'm curious to know where that feeling comes from

It doesn't mean that, it means like moneromooo said, those attack vectors are needed for improvements to come.

I don't understand how that relates to my question

do you feel vulnerabilities are not discussed enough?

Well, I feel we're very closed. Moderation is seriously heavy. Reddit telegram. I know IRC can also ban people, so, there's the hard truth.

No, you're trying to mislead my action. I was shut in telegram for pointing people to no be censored and I didn't understood it.

I never once had the feeling moderation on reddit is heavy (i don't really use telegram), actually i had the opposite feeling sometimes

I'm trying what?

I did understand later then. We all are doing the job. Some do theirs, I do mine, you do yours, devs do theirs. So bannig fireice for example is something that was done because he couldn't behave.

Shutting me for example was for something too. I have to take care of what I say.

Now I understand, not everyone likes what I do, and I also need to respect their decisions.

I thought I was doing no harm until I harmed unconsciously.

So I understood that it's me who has to change, and I'm doing it. And this is because you all helped me out. So I'm grateful once again.

Is this all Telegram related?

Yes selsta

Maybe better to keep Telegram stuff to Telegram, no one knows about it here

So the chat is for the community service but I will be there helping out and paying more attention.

I would guess most people here don’t use telegram

Yes I know selsta, I won't speak about it again.

you can speak about it, but I guess most people will not be familiar with it

It's weird, there's a lot of "OK, I won't speak anymore" here, but I've not seem him banned once...

Telegram is such a toxic and spammy environment

<lh1008[m]> <Lyza "uhhh the dude is actively attack"> Yep, but the only way to find a solution is to find where we're vulnerable, and he found it, so he knows something we don't. I know this is hard <<-->> I did not read all the scrollback to see if this was addressed but AIUI every p2p network has this vulnerability

Yeah, I felt it that way too.

Yeah, it get's tough, but we need to be there too :)

so he doesn't know what others don't

nioc: yep, every p2p network can be sybil attack, but he abused things to make his attack more effective than necessary

nioc: yeah. It's definitely not something he found. He just sloppyly exploited a known vulnerability

which we are slowly fixing over the last couple releases

<nioc "<lh1008[m]> <Lyza "uhhh the dud"> Yes, those things are addressed in breaking monero series. I have been watching them closely, but not sure if it has that exact name.

Guys, when I set my in_peers to 200 im not getting above 30 inc connections. Isnt that a little bit strange? Does sb have any ideas what the reason could be for this?

The asshole is slurping all the connections.

In general, if every peer starts 12 outgoing connections and half the nodes do not accept incoming connections, you'd expect a node accepting incoming connections to have about 24.

Now, I don't know what the ratio of nodes accepting incoming connections is. But my point is, if you set the limit to 10k, you're not going to get 10k.

My node has ~60 or so like I looked, but it goes up down.

I've also got about 30, seen up to 60 or 70 but not much more

moneromoo: I wanted to increase the inc connection count in order to get rid of these sybil nodes, because im always 2 blocks behind and I didnt want to use a ban list in the first place.

That would not get rid of them.

xmrpow: if you don't want to use the ban list you can compile monero-project/monero #7055

But then they could do no harm right?

selsta: Thanks for the hint!

I don't think in_peers is related to this.

Does sb know how many nodes these guys are operating in total?

130

130 known. It is likely that there are more that are more hidden to continue spying.

Do you think it could be related to this chain analysis company?

This attack, no.

But chain analysis most likely have spy nodes.

What would be in for the attackers?

Power over people.

The oppressive effect of knowing a nebulous set of others you never see know what you do.

moneromoo: Isnt it a bit critical to solve the problem with a centralized ban list and adding "good" peers manually?

You can specify your own ban list. There is nothing centralized about this.

But like I said, you can compile monero yourself and avoid using the ban list.

selsta: How can I check wether a peer is bad or good?

If you use CLI you can completely ignore it, you can transact fine even with this attack. This is mostly to annoy GUI users.

Enter "sync_info" and look for peers that claim higher target height.

What's funny here is that if there's a competent spy, those patches will increase their share of the network connections :)

And how do I know which target height is the right one?

The one you have blocks for.

There's a leeway of, I dunno, maybe a couple dozen seconds for you to get a blck and verify it, just in case.

Usually faster, but sometinmes it takes a while.

<matthewcroughan "if there is no gold rush to be a"> strengthening a monetary network which allows private digital transactions?

When I start monerod with ./monerod --add-peer node.supportxmr.com:18081 . Shouldnt I see the ipaddress of the supportxmr node with print_cn?

*port: 18080

dixie__flatline[: monero and bitcoin are not capable of that on-chain

matthewcroughan: monero is not capable of what?

being money, for the same scaling reason as BTC

ask DNM guys

they have been using it as money for some time now.

yeah, in low volume

neither can power the world economy on chain

well, there is a huge leap between now, and powering the world economy.

give it time.

currently, monero allows private digital monetary transactions.

no, I mean if you do the math, it can't

you don't have to wait

matthewcroughan: leave the door open for new research and findings with regards to scaling blockchains.

unless you have a second layer solution, nothing can provide that sort of transactional capcity

Monero definitely scales better than bitcoin, and more importantly Monero scales with hardware power and network bandwidth

dixie__flatline[: I don't need to wait to tell you that the base layer doesn't support more than 32 transactions per second

ok

I do not have to wait for any research to tell you that

Yes, Monero has more capacity than BTC, what about it ? That doesn't solve scaling.

I like Monero and think it's better, for what it's worth.

I don't get your point. Monero is working today, and now. It might not work in the future -- in which, we would be using something else.

matthewcroughan: you come off as whining on a point that nobody knows to solve yet.

Whining..?

I'm not complaining about anything

moaning

I replied to what *you* said.

well I have been reading your various complaints above

anyways

I'm not complaining or moaning about anything.

They're not complaints..

What sentence suggests I'm complaining about any of it? What did I say that was so bad?

insistent back - and - forth, after the fact that many people has replied, comes off as whining. But that's just my opinion. You are free to write whatever.

matthewcroughan you said XMR can't be money because it can't scale to global demand but it doesn't actually have to scale to global demand to be money

Lyza: Fair enough, but you must know what I'm getting at.

I think he was referring to it being more than a niche

It will be an asset, more than it is money, until second layer.

The point I was trying to make is that the economics of RandomX lend it more to stability.

maybe, but we seem to be a long way off from needing second layer solutions, if we ever will

Less fluctuation in mining, so less volatility in price, should be

XMR is for sure one of the least volatile alts

Lyza: You shouldn't think that..

You shouldn't think "Second layer is a long way off, so idgaf"

it will be transformational for the community

long way off if ever, plus LN sucks so I definitely don't want that for XMR even if it were possible

Once you are able to swap between BTC/XMR seamlessly, you are opened up to the BTC economy

right now we're stuck in the XMR economy

What we want is to be open to all other coins economies

We want for the difference between coins to be an implementation detail

LN Sucks? News to me. Was pretty good when I used it.

I think a big pull for XMR is the security and anonymity

Being spied on is not am implementation detail to me.

wwwcrudcow[m]: security and anonymity is guaranteed on LN.

seems to be mostly what people care about

For the same technological reasons it is guaranteed on XMR, your transactions on LN are just as private.

well with other cyptos being traced

moneromooo: the wallets should automatically handle this in the background, abstractly

just as wallets today do replace-by-fee and coinjoin for you

there should be an atomic swap protocol that auto routes through xmr/btc for you, to establish private transactions on both chains

XMR doesn't have the economy BTC does. So you can't *just* use XMR.

ehhhh

I don't think adding atomic swaps with XMR to btc makes bitcoin private, that's just another form of opt in privacy

entering and exiting the network is a weak point for privacy you actually do want to stay within the network as much as possible

no, imagine you could go from XMR -> BTC on Lightning Network, without a starting BTC balance

and never having to leave the LN

then BTC is private

still don't like LN

Then, BTC is *just* as private as XMR, and you only used XMR as far as your wallet is concerned.

I mean I'm no expert but with the routing issues I don't see how it doesn't end up centralized AF

You didn't even know your wallet was using BTC to commit the payment

it was automatic

all you did was scan a qr code, and you paid a merchant, for an item, with XMR. They recieved BTC

this is where we need to get to

Lyza: It's not centralized "af"

I mean yeah that's better than not being able to pay or having to use a centralized service like xmr.to but it's not really preferable at all

it's more centralized than the base blockchaihn

my friend, are you aware of the internet you are using right now?

do you know what bgp routing is?

do you know what is built on TOP of bgp?

payment routing is not like internet routing. at all

this I do know

we leverage the decentralization of BGP, and create more centralized, more managable solutions on top of bgp.

look at how DNS works, it's pretty centralized.

nodes on the internet don't have a fixed number of bits. LN is like a giant abacus lol

But you don't *have* to use DNS. You can use the IP directly.

This is much like how you dont' *have* to use LN. But you're better off doing it that way.

and the compromise is worth it

this is a bad comparison

with XMR -> BTC on LN, in a single **atomic** swap, to pay a merchant in BTC, I have absolutely no idea what oppositin you could have to this.

it's not a bad comparison, because you give up privacy with DNS

you potentially are more tracable with DNS

lol you said earlier LN guaranteed anonymity which is it

yeah, because it's onion routed and uses zero knowledge proofs

moneromoo: When I start monerod with ./monerod --add-peer node.supportxmr.com:18080 . Shouldnt I see the ipaddress of the supportxmr node with print_cn?

Lyza: So you are not discoverable, but if you think that you are, I can't help you, so I'm at least appealing to convenience

You shouldn't be using DNS if you fear LN.

*roll eyes* I never said I feared it I said it's not good

xmrpow: try --add-priority-node

Lyza: yet you haven't even told me why you think it's not good.

It's not my job to prove it's good.

--add-peer says: "Manually add peer to local peerlist", which is not what you want.

What opposition do you have to an **atomic** swap.

keyword, **atomic**.

You spend XMR, someone else recieves that as BTC instead. What can go wrong here?

What is it that you think you're exposing about yourself when this occurs?

You don't even touch the BTC. You spend XMR, some contract happens that sends the XMR to a contract address on the XMR chain, the swap occurs.

well I mentioned how routing issues will lead to centralization. and for me it's frankly not even useful because I don't use btc for micropayments

atomic swaps are good and fine I just am not in favor of anything like LN for Monero

Right, keep it nice and abstract so you don't actually have to comment on anything.

pretty sure Monero doens't even have the scripting ability to suspport implementing LN so it's kind of all a moot point

this conversation is going to lead to my death.

Lyza: eprint.iacr.org/2020/1441

wrong?

selsta: ops, thank you!

> PayMo does not require any modification of Monero and can be readily used to perform off-chain payments. Notably, transactions in PayMo are identical to standard transactions in Monero, therefore not hampering the coins' fungibility.

> we also construct the first fully compatible secure atomic-swap protocol for Monero: One can now securely swap a token of Monero with a token of several major cryptocurrencies such as Bitcoin, Ethereum, Ripple, Cardano, etc.

> v

> two regular users can perform up to 93500 payments over a span of 2 minutes (the block production rate of Monero). This is approximately five orders of magnitude improvement over the current payment rate of Monero.

Copy paste is not strong enough with me :D

bro we really don't need you to copy paste whole paragraphs fro a PDF here

wtf

Lyza: If you're using a regular IRC client, that took up less space than the embed for that URL would take up on Discord or Slack, or MatterMost. What is your opposition?

I'm not spamming, I'm quoting the bits of the article you ought to read, that demonstrate my point.

Because you seem opposed to reading I tried to make it easier for you ;D

fuck you

I'm out. see if anybody else wants to engage with you

Alright. Sorry if I upset you.

you're definitely unpleasant to interact with that's for sure

Thanks :(

You stated: "pretty sure Monero doens't even have the scripting ability to suspport implementing LN so it's kind of all a moot point"

I referenced something which opposes that point of view. You got angry, swear at me and then say I'm unpleasant.

stop trying to drag me back into this god forsaken conversation. I'm not opposed at all to you linking information and for you to act like that is the issue here is at best ignorant

now kindly stop speaking to me

selsta: Thanks again for the github link! I think I understand the issue now. Just in order to verify: The sybil nodes are pretending to have new blocks (although they dont have it) and because of that my node is trying to syncronize with them. But then the sybills are not sending the data to my node and therefore im always not in sync, because there is no sync timeout. Is that correct?

correct, you are in sync but your node thinks it is out of sync

selsta: Will there be a point release which implements the "droping feature"? Im not sure if it s clever to build from master branch?

It is PRed to both master and release branch.

Yes, there will be a point release.

hi

hi

selsta: Ok, then you have been right. Monermoo s list ist the best quick fix ;)

My list is partial btw. You want selsta's really.

moneromoo: Ok.

Thank you both for your help!

Is there a way to bind monerod to more than one interface (ideally through the config file)?

(Specifically, rpc-bind-ip)

Yes, though that might not be what you want. 0.0.0.0.

It binds to all interfaces, not a select list.

Right, that

endor00[m]: would this help with what you want to do? monero-project/monero #6948

what do you need to do? might make more sense to use --rpc-restricted-bind-ip in addition

^ that

I want to bind to two specific interfaces, without the restricted-rpc

yeah, no support for just that

Even then, I guess rpc-restricted-bind would only allow me to specify one interface or 0.0.0.0, right?

yes

generally the only things that make sense to me is unrestricted rpc on 127.0.0.1:18081, and restricted on 0.0.0.0:18089

Right, I'm thinking something more along the lines of specifying rpc-bind-ip multiple times, either by repeating the option or by providing a comma-separated list

And I guess the same logic could be applied to both restricted and unrestricted binds

(But I understand the complex rework that it would require)

yeah, and most people don't have multiple distinct network interfaces active

a rather rare use case

Anyone else who uses Cake Wallet seeing issues with it connecting, stating the number of blocks remaining, and never actually syncing? Just started for me today but have heard others mention the issue.

nvm, it's reported here: reddit.com/r/cakewallet/comments/k5…et_not_syncing_stuck_at_1358_blocks

I'll chime in there as well.

sethsimmons: which remote node are you using?

My own, but all of the others have the same issue

I think its a Cake bug, was fine yesterday but they may have pushed a new version

nvm just synced finally with their node

Odd

Do you have access to your node?

Yes

Did you apply the ban list?

Yes, have had it applied from the first release allowing it

And updated yesterday to the latest list too.

okay, if you enter "status" on your node and it says 100% then the issue is on cake wallet side

Height: 2244254/2244256 (99.9%) on mainnet, not mining, net hash 1.57 GH/s, v14, 12(out)+69(in) connections, uptime 1d 2h 25m 21s

F

They got me 😂

Hadn't thought to check that since I've been up to date with ban list all this time

What is the output of sync_info ?

It is possible he setup new IPs again

would be an obvious thing to do, yeah

Just restarted my node but here you go:

did anyone check the owner of those ips? they looked like they could be in the Scaleway/Hetzner ip ranges to me, but I haven't checked

Should have waited to restart to gather info, my bad!

the previous list was all OVH

haven't looked at recent addresses

previous all OVH, new ones DigitalOcean

either way, detaching/attaching a new ip address is rather easily scriptable on these providers

sethsimmons: try the latest block.txt version

I updated it a few minutes ago

or I guess you could go the bruteforce way and switch providers entirely lol

we could force a change of providers, by reporting to the provider's abuse contact

I don't think anyone has done so yet

selsta: where is the latest list? i think mine is outdated as well.

thanks

<selsta "sethsimmons: try the latest bloc"> Updating now

If you still have issues try post the output of sync_info

Will do!

still 100% so far since the restart with new ban list

we really have to do better than whack-a-mole ...

I have been running monero-project/monero #7054 and have over 60 blocks already after a couple hours

and this is with 512 out_peers for stress testing

selsta, is that 60 above the "canonical" block list?

the 60 were automatically banned using #7054

no ban list

ah. nice

Hi!

Hi!

How is everyone?

good how are you

glad to see a fellow Matrix user

I'm tired of my day but good :)

Some fellow Monero users on Matrix haha

Most of the dev discuss is on matrix?

I am quite new in the monero community, quite interested in the dev side.

matrix bridges to IRC

it does

algzk42: Matrix is more like a side thing, the primary is IRC

algzk42: #monero-dev for dev discussion

that's an IRC room

How does the Matrix bridge looks on the irc side?

you have an [m]

Jae: it's indistinguishable from IRC itself, the Matrix users are connected like regular users on IRC, channel moderation is the same

Oh nice

so basically IRC is the main thing, it's unaware of Matrix and Matrix stays subservient to it

nioc: k, good to know, thanks.

like it mirrors the state of the IRC channel but only in some situations can their state be different (it's not meant to happen but you could create a moderation conflict where one user is in one but not the other)

I haven't really used irc since I started to use Matrix tbh

yeah me neither :p

configuring matrix on my emacs. i'll give a try

<algzk42 "configuring matrix on my emacs. "> Is there a thing Emacs doesn't do?

Oh shit, I still have 0.1

Any good Monero wallets on f-droid?

afaik monerujo is on f-droid

yes

You have to add their repo to get it: f-droid.monerujo.io