anyone seen issues with .8?

crash?

mine has been stable just wonder how it is going for other people

it should be fairly stable with tor blocked

Maybe you need to increase incoming connections to allow more attackers in ?

:)

Both my Linux and MacOS nodes with --dns-blocklist have been running smoothly so far

everyone having issues with crashing nodes: 7244

does --dns-blocklist also block tor nodes?

Wow, marx is vicious!

Inge-: it does not

Inge-: not possible currently, there are too many exit nodes to enter into dns records

gingeropolous, Snipa: xmrchain seems to be down

I'm getting something in my Monero node

explain?

that is normal

just hashrate variation

👍 thanks, firts time seems

Im running the last release .8, w/o dns and txt list... uptime 18 Hours. No issues, no problems... but

Some friends have been experiencing crash with .8 ...

yea the attack is back

we should have a new version out later today

I should really start automating daemon updates more

Go enterprise and hire someone to do it M5M400

M5M400: i think that every release now that I've got my alpine builds stable

<M5M400 "I should really start automating"> Do you mean updating from source?

mark_bleep[m]: I mean generally automate build/deploy on my ~40 boxes

thanks dEBRUYNE . monerod became unresponsive

hello

<M5M400 "mark_bleep: I mean generally aut"> I'm looking into ansible for this, especially because it doesn't need a client install.

happy new year

why "here base_requested_outputs_count = (size_t)((fake_outputs_count + 1) * 1.5 + 1)"

is 1.5 and no 2 or anything else

<aspow33 "is 1.5 and no 2 or anything else"> Magic number

?

<mark_bleep[m] "Magic number"> Sorry I'm being glib, it's a programming term, but I don't know enough about this code to know if it applies

gingeropolous: did you have dns blocklist enabled?

when monerod became unresponsive?

if yes, that's something we will fix in the next release

anyone here to know why 1.5 and not anything else below

base_requested_outputs_count = (size_t)((fake_outputs_count + 1) * 1.5 + 1)

<hyc "mark_bleep: if you think you're "> I'm sure many people know things I don't. But I can't read their minds.

Merry New Year everyone!!! :-) youtube.com/watch?v=0jFOdtweVWI

happy new year! my node has been running all night without killing

Woot

selsta, i did not. just the standard blocklist. dns is enabled now

gingeropolous: don't enable DNS block list for now

until next version

so i guess it got attacked? it was weird because the system service was fine, but i couldn't find monerod in top

see -dev, dns block list can cause monerod to deadlock and freeze, will be fixed in next version

so don't enable it for now until next version

ok

selsta: man, thanks for the heads up

Should I use the Whonix apt repo for monerod ? I plan to do some work on automating the mass-provisioning of monero nodes (using Ansible etc).

do they update monero?

Last I checked whonix's monero package wasn't up to date

I looked at gitlab.com/whonix/monero-gui and ccs.getmonero.org/proposals/adrelanos-debian-package.html

It seems to be on 0.17.1.7 (2 weeks ago)

well that sucks since they got CCS funding to keep the repo up-to-date

yep...

other don’t get funded and keep it up to date

what other?

just other repo maintainers

is there actually a reliable / trusted-ish debian repo for monero?

or u mean in general

yes, not debian specific

gotcha

to be fair, v0.17.1.8 is only a couple days out

but afaik the whonix repo has been behind in the past

Apparently monero network is currently attacked by a person with intimate knowledge of it. However in the future others might try "generic" denial-of-service attacks. Will monerod be able to handle many concurrent incoming connections to the p2p and rpc ports without crashing?

Lyza: monero-project/monero #7260

monerouser1144 For P2P you can manually configure the maximum in/out peers, with reasonable default values.

not sure about RPC though

public rpc nodes will always be the most vulnerable

selsta moneromooo y'all the best

^^

i entered my email address to monero-announce⊙lgo but I didn't get anything in my inbox about the new monerod v0.17.1.8

we did not send anything out yet because the second attack started

wdym, you dont want people to stop their 0.17.1.7 nodes to update to v0.17.1.8 ?

I think the idea is that if people get a mail for every minor version, they'll start ignoring them.

quick Q. I have own remote node. Trying Cake wallet and syncing from it. Is it syncing as fast as possible? I mean if I authenticate as admin can it be faster?

The bottleneck is most likely your phone, not the node.

ok thanks

Syncing on my Xs took pretty much a whole day and the phone was running pretty hot

167k blocks on 6s ;) Will try my PC then.

What'd happen if you'd get a serious DoS attack against the Monero network?

Like, sending 10 Gbit of random traffic to each public node

<yanmaani "Like, sending 10 Gbit of random "> More nodes= more better resistance to this. If every network has nodes then it becomes a general ddos for everyone

mark_bleep[m]: You need substantially more bandwidth to bring down the router for an entire network than to bring down an individual node.

A retail ISP might just be providing say 100 Mbit, for instance

<yanmaani "mark_bleep: You need substantial"> It's not about bringing down the router of a single node, it's about increasing the cost to bring down all the nodes.

mark_bleep[m]: there's like 2k nodes, even at 1gbit a piece you'll just need ~2tbit

<yanmaani "mark_bleep: there's like 2k node"> Agreed, that's way too low.

OVH includes DDOS protection automatically in all of their VPS/dedicated servers. Their DDOS mitigation is legit in the respect that is has withstood then record level DDOS attacks.

Amazon lightsaiil is the same, it costs more than OVH for a VPS, but it includes Amazon's AWS shield

level 3 and level 4 ddos protection.

layer*

monerofanboy: If all nodes except those on commercial hosting providers went down, would the network still survive?

idk if would even be possible to even take down all of the commercial vendors.

completely different networks, ovh, amazon, google, etc all have their own ddos protection services. even if ovh's network entirely crashed, the odds of Amazon's going down internationally at the same time

the odds of that happening have to be near zero

let along all of the other commercial vendors without DDOS protection, like DO, Hetzner, Contabo, etc.

What are the community's thoughts on a service like TorServers.net but for Monero nodes? I think I could get it up and running within a week. Users who aren't technically capable of running and maintaining their own node could sponsor a node for a monthly fee or donate to a general fund. All funds would go directly to server fees with full transparency.

monerofanboy: You don't have to take down the entire vendor. If I send 10 Gbit of traffic to a Hetzner server in a rack with a 100 Gbit interconnect, it'll go down.

So, if only OVH, AWS, Google Cloud, etc were left, would the network still sruvive?

slighty_toasted: seems like of dubious gain - how are you going to ensure quality? the main benefit from running a full node is that you use it, and give it economic strength.

When people say "use a full node," the intended meaning is something like "contribute to making the social consensus definition of 1 XMR be that which a proper full node says it is, rather than some centralized service"

running full nodes that just move around data and nothing else doesn't really do this

"If I send 10 Gbit of traffic to a Hetzner server in a rack with a 100 Gbit interconnect, it'll go down." 100 gb is nothing for OVH, Google, and Amazon, in the respect that all 3 face regular attacks like that.

i.e., securityaffairs.co/wordpress/51640/cyber-crime/tbps-ddos-attack.html

yanmaani: I would assume most users sponsoring a node would use it for connecting from their wallet. From reading a few of the recent Reddit threads it seems the users this service is catering to run a local blockchain without P2P seeding or public RPC.

monerofanboy: yes, I know of this, but Hetzner famously does not offer DDoS protection

or, rather, they do offer DDoS protection, of the model "we will protect ourselves from DDoS attacks by immediately terminating your contract if you ever get DDoSed"

slighty_toasted: So do you get access to the node if you sponsor it?

If OVH hosts many nodes because of the price/DDOS protection. If the entirety of OVH's network had an outage at all of their DDOS mitigated data centers, I would expect to see some hiccups in the network, especially if someone sent a DDOS, but nodes from from other DDOS protected vendors would keep the network going, i.e., Amazon, Google, etc.

Because OVH*

yanmaani: As in SSH access to the server? I'm open to the idea but my initial thought is it's probably not a good idea. If a user sponsors a node due to not being capable of running their own, and I foresee this being most users of this service, I wouldn't want them tinkering with the server.

I could maybe restrict their access to the monero user, but what's the point then?

It's worth mentioning that my OVH full nodes have been hit by DDOS attempts several time and OVH has easily mitigated those attacks every time.

OVH DDoS protection is pretty neat, yes.

i run wireguard on an OVH VPS and tunnel literally all my traffic on all my devices out of it

never know when you're going to upset a ddoser :p

is the wg server local or on the vps?

on the vps

ya i have it setup that way too

though im not fond of having the server on the vps

also, OVH doesnt want you hosting public nodes of anything like I2p/TOR/crypto

ionos on the other hand replied with this:

> For TOR and i2p, they are both supported on our root servers. However, you will be the one to configure the server and install those apps. For crypto-currently like bit-coin, if you are going to use the server for mining, I suggest to use the Dedicated servers with NVMe. But if you are going to use the server for trading apps, then our VPS servers are the recommended one.

take that for what it is 😂

I don't know a single vendor that allows a person to mine anything on their VPS servers.

ya i never mentioned or wanted to mine, just network nodes

VPS vendors oversell the CPUs on the servers, so a "noisy neighbor" would cause all sorts of problems.