00:00:03 <mnt_grrrl> anyone seen issues with .8?
00:00:13 <selsta> crash?
00:00:41 <mnt_grrrl> mine has been stable just wonder how it is going for other people
00:00:53 <selsta> it should be fairly stable with tor blocked
00:01:02 <moneromooo> Maybe you need to increase incoming connections to allow more attackers in ?
00:01:20 <mnt_grrrl> :)
00:01:46 <slighty_toasted> Both my Linux and MacOS nodes with --dns-blocklist have been running smoothly so far
00:31:17 <selsta> everyone having issues with crashing nodes: 7244
00:32:19 <selsta> https://github.com/monero-project/monero/pull/7244
10:18:33 <Inge-> does --dns-blocklist also block tor nodes?
10:39:30 <Mochi101> Wow, marx is vicious!
10:40:24 <ErCiccione[m]> Inge-: it does not
13:00:25 <selsta> Inge-: not possible currently, there are too many exit nodes to enter into dns records
13:02:04 <dEBRUYNE> gingeropolous, Snipa: xmrchain seems to be down
13:14:51 <Lovera[m]1> I'm getting something in my Monero node
13:15:04 <selsta> explain?
13:16:21 * Lovera[m]1 uploaded an image: 20210101_131736.jpg (97KiB) < https://matrix.org/_matrix/media/r0/download/matrix.org/hGcPKctuqYEUKZoCOKgkpnpB/20210101_131736.jpg >
13:17:19 <selsta> that is normal
13:17:29 <selsta> just hashrate variation
13:18:32 <Lovera[m]1> 👍 thanks, firts time seems
13:23:11 <Lovera[m]1> Im running the last release .8, w/o dns and txt list... uptime 18 Hours. No issues, no problems... but
13:23:11 <Lovera[m]1> Some friends have been experiencing crash with .8 ...
13:25:22 <selsta> yea the attack is back
13:25:28 <selsta> we should have a new version out later today
13:28:30 <M5M400> I should really start automating daemon updates more
13:30:32 <Mochi101> Go enterprise and hire someone to do it M5M400
14:39:36 <cornfeedhobo> M5M400: i think that every release now that I've got my alpine builds stable
15:39:06 <mark_bleep[m]> <M5M400 "I should really start automating"> Do you mean updating from source?
16:16:36 <M5M400> mark_bleep[m]: I mean generally automate build/deploy on my ~40 boxes
16:25:36 <gingeropolous> thanks dEBRUYNE . monerod became unresponsive
16:27:00 <aspow33> hello
16:27:13 <mark_bleep[m]> <M5M400 "mark_bleep: I mean generally aut"> I'm looking into ansible for this, especially because it doesn't need a client install.
16:27:23 <aspow33> happy new year
16:28:01 <aspow33> why "here base_requested_outputs_count = (size_t)((fake_outputs_count + 1) * 1.5 + 1)"
16:28:14 <aspow33> is 1.5 and no 2 or anything else
16:28:50 <mark_bleep[m]> <aspow33 "is 1.5 and no 2 or anything else"> Magic number
16:29:07 <aspow33> ?
16:29:47 <mark_bleep[m]> <mark_bleep[m] "Magic number"> Sorry I'm being glib, it's a programming term, but I don't know enough about this code to know if it applies
16:36:12 <selsta> gingeropolous: did you have dns blocklist enabled?
16:36:32 <selsta> when monerod became unresponsive?
16:41:06 <selsta> if yes, that's something we will fix in the next release
16:42:02 <selsta> https://github.com/monero-project/monero/pull/7239
16:42:12 <aspow33> anyone here to know why  1.5 and not anything else below
16:42:14 <aspow33> base_requested_outputs_count = (size_t)((fake_outputs_count + 1) * 1.5 + 1)
16:42:54 <mark_bleep[m]> <hyc "mark_bleep: if you think you're "> I'm sure many people know things I don't. But I can't read their minds.
17:08:31 <monerouser1144> Merry New Year everyone!!! :-)  https://www.youtube.com/watch?v=0jFOdtweVWI
17:23:40 <donkeydonkey[m]> happy new year! my node has been running all night without killing
17:27:42 <mark_bleep[m]> Woot
18:29:09 <gingeropolous> selsta, i did not. just the standard blocklist. dns is enabled now
18:29:49 <selsta> gingeropolous: don't enable DNS block list for now
18:29:55 <selsta> until next version
18:30:10 <gingeropolous> so i guess it got attacked? it was weird because the system service was fine, but i couldn't find monerod in top
18:32:29 <selsta> see -dev, dns block list can cause monerod to deadlock and freeze, will be fixed in next version
18:32:38 <selsta> so don't enable it for now until next version
18:32:44 <gingeropolous> ok
18:36:19 <M5M400> selsta: man, thanks for the heads up
18:49:36 <monerouser1144> Should I use the Whonix apt repo for monerod ? I plan to do some work on automating the mass-provisioning of monero nodes (using Ansible etc).
18:49:56 <selsta> do they update monero?
18:52:14 <slighty_toasted> Last I checked whonix's monero package wasn't up to date
18:53:10 <monerouser1144> I looked at https://gitlab.com/whonix/monero-gui and https://ccs.getmonero.org/proposals/adrelanos-debian-package.html
18:54:26 <monerouser1144> It seems to be on 0.17.1.7 (2 weeks ago)
19:44:37 <Lyza> well that sucks since they got CCS funding to keep the repo up-to-date
19:44:52 <selsta> yep...
19:45:17 <selsta> other don’t get funded and keep it up to date
19:45:28 <Lyza> what other?
19:45:44 <selsta> just other repo maintainers
19:46:38 <Lyza> is there actually a reliable / trusted-ish debian repo for monero?
19:46:44 <Lyza> or u mean in general
19:46:52 <selsta> yes, not debian specific
19:46:56 <Lyza> gotcha
19:48:21 <selsta> to be fair, v0.17.1.8 is only a couple days out
19:48:30 <selsta> but afaik the whonix repo has been behind in the past
19:50:20 <monerouser1144> Apparently monero network is currently attacked by a person with intimate knowledge of it. However in the future others might try "generic" denial-of-service attacks. Will monerod be able to handle many concurrent incoming connections to the p2p and rpc ports without crashing?
19:59:34 <selsta> Lyza: https://github.com/monero-project/monero/pull/7260
19:59:51 <slighty_toasted> monerouser1144 For P2P you can manually configure the maximum in/out peers, with reasonable default values.
19:59:58 <slighty_toasted> not sure about RPC though
20:00:35 <selsta> public rpc nodes will always be the most vulnerable
20:00:48 <Lyza> selsta moneromooo y'all the best
20:01:00 <slighty_toasted> ^^
20:32:25 <ecneicston> i entered my email address to monero-announce⊙lgo but I didn't get anything in my inbox about the new monerod v0.17.1.8
20:32:54 <selsta> we did not send anything out yet because the second attack started
20:33:54 <ecneicston> wdym, you dont want people to stop their 0.17.1.7 nodes to update to v0.17.1.8 ?
20:35:57 <moneromooo> I think the idea is that if people get a mail for every minor version, they'll start ignoring them.
21:19:50 <focus-u-f> quick Q. I have own remote node. Trying Cake wallet and syncing from it. Is it syncing as fast as possible? I mean if I authenticate as admin can it be faster?
21:22:07 <slighty_toasted> The bottleneck is most likely your phone, not the node.
21:24:02 <focus-u-f> ok thanks
21:26:32 <slighty_toasted> Syncing on my Xs took pretty much a whole day and the phone was running pretty hot
21:32:45 <focus-u-f> 167k blocks on 6s ;) Will try my PC then.
22:39:42 <yanmaani> What'd happen if you'd get a serious DoS attack against the Monero network?
22:39:56 <yanmaani> Like, sending 10 Gbit of random traffic to each public node
22:41:35 <mark_bleep[m]> <yanmaani "Like, sending 10 Gbit of random "> More nodes= more better resistance to this.  If every network has nodes then it becomes a general ddos for everyone
22:45:54 <yanmaani> mark_bleep[m]: You need substantially more bandwidth to bring down the router for an entire network than to bring down an individual node.
22:46:04 <yanmaani> A retail ISP might just be providing say 100 Mbit, for instance
22:51:51 <mark_bleep[m]> <yanmaani "mark_bleep: You need substantial"> It's not about bringing down the router of a single node, it's about increasing the cost to bring down all the nodes.
22:53:22 <yanmaani> mark_bleep[m]: there's like 2k nodes, even at 1gbit a piece you'll just need ~2tbit
22:53:52 <mark_bleep[m]> <yanmaani "mark_bleep: there's like 2k node"> Agreed, that's way too low.
22:54:15 <monerofanboy> OVH includes DDOS protection automatically in all of their VPS/dedicated servers. Their DDOS mitigation is legit in the respect that is has withstood then record level DDOS attacks.
22:55:51 <monerofanboy> Amazon lightsaiil is the same, it costs more than OVH for a VPS, but it includes Amazon's AWS shield
22:56:11 <monerofanboy> level 3 and level 4 ddos protection.
22:56:18 <monerofanboy> layer*
22:56:37 <yanmaani> monerofanboy: If all nodes except those on commercial hosting providers went down, would the network still survive?
22:57:42 <monerofanboy> idk if would even be possible to even take down all of the commercial vendors.
22:58:42 <monerofanboy> completely different networks, ovh, amazon, google, etc all have their own ddos protection services. even if ovh's network entirely crashed, the odds of Amazon's going down internationally at the same time
22:58:51 <monerofanboy> the odds of that happening have to be near zero
22:59:50 <monerofanboy> let along all of the other commercial vendors without DDOS protection, like DO, Hetzner, Contabo, etc.
23:01:44 <slighty_toasted> What are the community's thoughts on a service like TorServers.net but for Monero nodes? I think I could get it up and running within a week. Users who aren't technically capable of running and maintaining their own node could sponsor a node for a monthly fee or donate to a general fund. All funds would go directly to server fees with full transparency.
23:02:28 <yanmaani> monerofanboy: You don't have to take down the entire vendor. If I send 10 Gbit of traffic to a Hetzner server in a rack with a 100 Gbit interconnect, it'll go down.
23:02:41 <yanmaani> So, if only OVH, AWS, Google Cloud, etc were left, would the network still sruvive?
23:03:17 <yanmaani> slighty_toasted: seems like of dubious gain - how are you going to ensure quality? the main benefit from running a full node is that you use it, and give it economic strength.
23:03:48 <yanmaani> When people say "use a full node," the intended meaning is something like "contribute to making the social consensus definition of 1 XMR be that which a proper full node says it is, rather than some centralized service"
23:04:06 <yanmaani> running full nodes that just move around data and nothing else doesn't really do this
23:04:59 <monerofanboy> "If I send 10 Gbit of traffic to a Hetzner server in a rack with a 100 Gbit interconnect, it'll go down." 100 gb is nothing for OVH, Google, and Amazon, in the respect that all 3 face regular attacks like that.
23:07:01 <monerofanboy> i.e., https://securityaffairs.co/wordpress/51640/cyber-crime/tbps-ddos-attack.html
23:07:19 <slighty_toasted> yanmaani: I would assume most users sponsoring a node would use it for connecting from their wallet. From reading a few of the recent Reddit threads it seems the users this service is catering to run a local blockchain without P2P seeding or public RPC.
23:11:00 <yanmaani> monerofanboy: yes, I know of this, but Hetzner famously does not offer DDoS protection
23:11:27 <yanmaani> or, rather, they do offer DDoS protection, of the model "we will protect ourselves from DDoS attacks by immediately terminating your contract if you ever get DDoSed"
23:11:39 <yanmaani> slighty_toasted: So do you get access to the node if you sponsor it?
23:12:33 <monerofanboy> If OVH hosts many nodes because of the price/DDOS protection. If the entirety of OVH's network had an outage at all of their DDOS mitigated data centers, I would expect to see some hiccups in the network, especially if someone sent a DDOS, but nodes from from other DDOS protected vendors would keep the network going, i.e., Amazon, Google, etc.
23:12:44 <monerofanboy> Because OVH*
23:16:42 <slighty_toasted> yanmaani: As in SSH access to the server? I'm open to the idea but my initial thought is it's probably not a good idea. If a user sponsors a node due to not being capable of running their own, and I foresee this being most users of this service, I wouldn't want them tinkering with the server.
23:17:09 <slighty_toasted> I could maybe restrict their access to the monero user, but what's the point then?
23:17:21 <monerofanboy> It's worth mentioning that my OVH full nodes have been hit by DDOS attempts several time and OVH has easily mitigated those attacks every time.
23:24:32 <M5M400> OVH DDoS protection is pretty neat, yes.
23:29:00 <jess> i run wireguard on an OVH VPS and tunnel literally all my traffic on all my devices out of it
23:29:12 <jess> never know when you're going to upset a ddoser :p
23:44:45 <kinghat[m]> is the wg server local or on the vps?
23:44:57 <jess> on the vps
23:45:53 <kinghat[m]> ya i have it setup that way too
23:46:21 <kinghat[m]> though im not fond of having the server on the vps
23:48:34 <kinghat[m]> also, OVH doesnt want you hosting public nodes of anything like I2p/TOR/crypto
23:50:07 <kinghat[m]> ionos on the other hand replied with this:
23:50:07 <kinghat[m]> > For TOR and i2p, they are both supported on our root servers. However, you will be the one to configure the server and install those apps. For crypto-currently like bit-coin, if you are going to use the server for mining, I suggest to use the Dedicated servers with NVMe. But if you are going to use the server for trading apps, then our VPS servers are the recommended one.
23:50:17 <kinghat[m]> take that for what it is 😂
23:58:17 <monerofanboy> I don't know a single vendor that allows a person to mine anything on their VPS servers.
23:58:57 <kinghat[m]> ya i never mentioned or wanted to mine, just network nodes
23:59:00 <monerofanboy> VPS vendors oversell the CPUs on the servers, so a "noisy neighbor" would cause all sorts of problems.