Rucknium

joined 1 year ago
MODERATOR OF
townforge
sorted by: new top controversial old
1
Stressnet First Week Report (monero.town)
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
2 comments fedilink
 

(Thanks to spackle for this writeup!)

The first week has been a wild ride, and there is a lot to share. Presented roughly by order of importance:

PR Improving Node Startup

Restarting a node while there is a large mempool can take over an hour in extreme conditions, since the node must process all the mempool transactions before resuming regular operation. 0xFFFC has addressed this with a massive speed up in PR 9376. These changes are now in use on the stressnet, to great effect.

Block Sync Size

Block propagation and network synchronization suffer at larger block sizes, which encourages the creation of alternative chains. Setting '--block-sync-size 1' allows nodes to handle larger blocks more easily, and this is now standard practice on the stressnet. Further updates are expected on this soon.

Ongoing Investigations

  • Block sync size
  • Wallet-to-daemon connectivity and performance enhancements
  • Tx pool management (including flush_txpool processing time)

General Announcements

  • Go to monitor.stressnet.net to see network stats
  • explorer.stressnet.net is offline for now
  • Node operators should upgrade to latest release for a smooth(er) stressnet experience. Older releases struggle with larger blocks, and ban too many nodes.
  • Congratulations to strawberry, winner of the wallet draining competition
  • Ongoing discussion is being held on Matrix at #monero-stressnet:monero.social and Libera Chat IRC on ##monero-stressnet.

Stressnet Stats

  • This plot shows the block sizes on stressnet over the past week
  • Largest Block: 2.49 MB at height 2521514
  • Most transactions processed in an hour: 33074 (equivalent of 794000 tx per day)
Monero for DDoS protection in c/[email protected]
[–] [email protected] 0 points 2 months ago

Do you know about Primo? I think it was only a proof-of-concept, never used widely: https://monero.stackexchange.com/questions/11752/what-is-primo-private-monero-payments

Primo is a protocol and associated suite of software allowing a website to request payment for service by mining Monero to an address owned by the website owner.

Monero Stressnet: Run a Stressnet Node to Improve Monero in c/[email protected]
[–] [email protected] 0 points 3 months ago

At least 3 new nodes joined the network in the last hour. Thank you! Keep them coming.

1
Monero Stressnet: Run a Stressnet Node to Improve Monero (monero.town)
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/[email protected]
2 comments fedilink
 

Monero has a problem. The suspected spam transactions from earlier this year showed that Monero nodes do not cope with high transaction volume as well as expected. Monero protocol developers have been trying to get to the root of the issue, but the problem only appears when nodes are handling high transaction volumes.

Since the spam is over (for now), the only way to help developers find and fix the bottlenecks is to run a separate test network that will be spammed with transactions. We call it "stressnet". The performance bottlenecks are potential blockers for privacy improvements like larger rings sizes and/or Full Chain Membership Proofs (FCMPs). To quote developer selsta: "a large increase to the ring size is going to risk the stability of the network if we don't fix the known daemon [node] inefficiency bugs first."

A testnet fork (the stressnet) has been created to stress test the node and diagnose performance bottlenecks. To participate, you can simply run a node using this slightly modified open source release of monerod (launch monerod with --testnet): https://github.com/spackle-xmr/monero/releases/latest

Testing begins on June 19th at 15:00 UTC. Current bugs require a significant number of connections to observe, so we need as many nodes on the stressnet as possible.

Ongoing discussion is being held on Matrix at #monero-stressnet:monero.social and Libera Chat IRC on ##monero-stressnet.

FAQs

  • What are the risks to running a stressnet node?

The anonymity set of running a node on the mainnet Monero network is in the thousands. The anonymity set of running a node on this stressnet will be in the dozens at best. If you run a stressnet node on your machine, the IP address of your machine (or the proxy's IP address if your machine uses a proxy) will be visible to other nodes on the network. If you have an extreme threat model, this may be an unacceptable risk for you.

The Monero node process may consume a lot of your computer's resources like CPU and especially RAM. You can set the priority of the node lower using nice or just quit the process if it is taking up too much of your resources.

  • How can I see what's happening on the stressnet?

We have set up a stressnet blockchain explorer at https://explorer.stressnet.net/ . We are working on more ways to visualize the stressnet activity.

  • When should I sync up my node?

As soon as possible. The initial sync may take over 24 hours to complete. Once spamming starts on June 19th, it may be difficult to sync from scratch.

  • How much storage space do I need?

The stressnet blockchain is about 10GB now. The stressnet could use up to 50GB of storage by the time testing completes. Pruning your node is fine.

  • How long will the stressnet run?

We hope that it will run for two months. If it takes more time than expected to track down the bottlenecks and test patches, the stressnet could go on for longer.

  • Would it be possible/advisable to run it alongside a mainnet node?

Yes, this is fine. If you also run a testnet node (this would be rare), then you have to change the stressnet node's default ports and the blockchain storage location. Instructions are in the README of spackle-xmr's monero GitHub repo.

Why does Trocador use Cloudflare MITM? in c/[email protected]
[–] [email protected] 0 points 3 months ago (4 children)

AFAIK Trocador was getting DDoSed. They said they set up Cloudflare temporarily. They are looking for a better solution.

Some messages from https://matrix.to/#/#Trocador.app:matrix.org

Hey there! We were under a heavy ddos attack, so we moved to CF temporarily to help our defenses. As soon as it's over we'll get out of cloudflare. We apologize for the inconvenience, we are looking into alternatives for the next time we suffer a bigger attack like this

[From Tuesday]: We literally moved there 16:00 UTC as a contingency, so it's not even 24 hours yet. We are looking into alternatives for next time a massive DDoS happens

On the math of the inflationary effects of tail emission in c/[email protected]
[–] [email protected] 0 points 3 months ago

An economist, a chemist, and an engineer were stranded on a desert island. And between them they had only a single can of beans, but no can opener.

The engineer suggested that he climb a palm tree to a precise height, then throw the beans a precise distance at a precise angle. 'And when the can hits,' he said, 'it will split open.'

'No,' said the chemist. 'We'll leave the can in the sun until the heat causes the beans to expand so much the can will explode.'

'Nonsense,' said the economist. 'Using either method we'd lose too many beans. According to my plan, there will be no mess or fuss and not a single bean will be lost.' Well, the engineer and the chemist said, 'We're certainly willing to consider it. What's your plan?' And the economist answered, 'Well, first assume we have a can opener.'"

In economics, the devil is in the assumptions. It is the responsibility of the reader of an economic model to understand what the assumptions are and their implications, and decide for him/herself if the assumptions are reasonable and useful, "All models are wrong, but some are useful", after all.

I agree with you that the assumption of coin loss being a function of total coins in the supply is...doing a lot of work in this model. IMHO, this is an interesting intellectual exercise, but its connection to reality or anything that people really care about in their daily lives is not very strong.

Did I miss some big de-listing news for Kraken and it's US based customers? in c/[email protected]
[–] [email protected] 0 points 3 months ago (1 children)

Right. As far as I know, a LLM will not give you a proper source if you ask it how it knows some information. A website found through a search engine will have a source for its info (or it's probably unreliable if it has no sources).

You as a human being have a right and responsibility to know the source of information and use your reasoning abilities to decide if the source is reliable. An LLM interrupts this process. I don't understand how people are absorbing information without sources or a way to critically think about if the information may be accurate.

Did I miss some big de-listing news for Kraken and it's US based customers? in c/[email protected]
[–] [email protected] 0 points 3 months ago (4 children)

The news that you missed is that Large Language Models (LLMs) like ChatGPT are unreliable sources of information. Look for another source if you need reliable information about anything.

Monero social media site starts off with educational shit talking in c/[email protected]
[–] [email protected] 0 points 3 months ago (1 children)

The first one isn't text to speech and the second is not FOSS. If you have a good FOSS TTS that has examples of what the voices sound like, I would like to be linked to it :)

Monero social media site starts off with educational shit talking in c/[email protected]
[–] [email protected] 0 points 3 months ago (3 children)

Yes it will be text-to-speech again. I will try another voice. Thanks for the feedback.

Monero social media site starts off with educational shit talking in c/[email protected]
[–] [email protected] 0 points 3 months ago (5 children)

Where are all the WOMEN standing up for private digital cash?

In my MoneroKon talk this weekend I will be analyzing data on cryptocurrency investment and use as payment: https://cfp.monerokon.org/2024/talk/NVF8ZN/ According to EU and US data, men definitely get more involved in cryptocurrency, but the gender divide is more lopsided in investment activities than payment activities. In other words, women are less likely to use cryptocurrency as a means of payment than men, but they are much less like to buy cryptocurrency as an investment than men.

You could interpret that as "the way to get women interested in peer-to-peer electronic cash is to focus on it as a means of payment instead of as an investment." Or the opposite: "Women investing in cryptocurrency is a relatively unexplored market segment!" Anything else you want analyzed, you have about 12 hours to ask before I finalize the analysis.

Incident report: Denial-of-Service (Feather Wallet) in c/[email protected]
[–] [email protected] 0 points 4 months ago (1 children)

I know Ruckinum ran an analysis and thinks this is not a black marble flood, but I can’t help but think it’s a way go somehow break the anonymity of monero, whether just sent amounts, or received amounts, which would still give a wealth of information.

I didn't run a quantitative analysis of the large number of 150-input transactions on May 2. I just guessed that it's not an actual black marble flood since it doesn't fit the definition or attack model of Noether, Noether, & Mackenzie (2014) and Chervinski, Kreutz, & Yu (2021).

Are the transactions reused?

Yes, each output can be re-used an unlimited number of times as a decoy in other transactions.

If they are reused, then they can tell the real spend by discarding any spend that’s been used more than once. Is that correct?

No. If every output that is created is spent, then on average each output will appear in 16 rings of other transactions. A Monero wallet do not check how many times an output has been used by other transactions when it is deciding which outputs to select as decoys.

They run or have compromised a lot of ‘activist’ nodes and xpubs are sent to the nodes in light wallets, unsure if this is how it works, or if that was unique to Samourai’s whirlpool design. If this was the case, light wallets use currently online available servers, so chances are a user connects their wallet to tens of servers. Users who run their own nodes would be unaffected but I think the majority of monero users use light nodes.

In normal operation, most Monero wallets do not send an "xpub" (in Monero this would be the Private View Key). The terminology can be confusing. In Monero, a "light wallet" is a wallet where the user gives a view key to a server to perform the blockchain scan on behalf of the user. The person or company running the server can see which transactions belong to the user and how much XMR is being sent to them. The MyMonero wallet works like this. Feather is not a light wallet with this definition, despite its name. Feather wallet and most wallets like Cake, Stack, the GUI/CLI wallets, etc., ask a local node (on the user's own machine) or remote node (on someone else's machine) for the entire blockchain data during a period of time and do the decryption of the wallets' transactions on the user's own device. That's why wallet sync takes a long time for those wallets when they are opened after being closed for a long time.

The remote nodes can collect some limited data like the user's IP address (if the user is not using Tor) and the last time the user synced the wallet. A malicious remote node can attempt to give the user a false decoy/output distribution (this is what Feather was trying to prevent with the initial, but flawed, code) and it can give the user's wallet an incorrect fee to pay (but the user can notice that the fee is too high and disconnect from the remote node. More information about remote node privacy is in Breaking Monero Episode 07: Remote Nodes (sorry for YouTube link. Use your favorite private YouTube front-end to view it): https://www.youtube.com/watch?v=n6Bxp0k7Uqg

1
Discussing pre-Seraphis Full-Chain Membership Proofs (FCMP) at Monero Research Lab meeting tomorrow (github.com)
 

Context in the MRL logs: https://libera.monerologs.net/monero-research-lab/20240401

1
Research: March 2024 Suspected Black Marble Flooding Against Monero: Privacy, User Experience, and Countermeasures (github.com)
 

I have some preliminary research for you:

https://github.com/Rucknium/misc-research/blob/main/Monero-Black-Marble-Flood/pdf/monero-black-marble-flood.pdf

March 2024 Suspected Black Marble Flooding Against Monero: Privacy, User Experience, and Countermeasures

On March 4, 2024, aggregate Monero transaction volume suddenly almost tripled. This note analyzes the effect of the large number of transactions, assuming that the transaction volume is an attempted black marble flooding attack by an adversary. According to my estimates, mean effective ring size has decreased from 16 to 5.5 if the black marble flooding hypothesis is correct. At current transaction volumes, the suspected spam transactions probably cannot be used for large-scale “chain reaction” analysis to eliminate all ring members except for the real spend. Effects of increasing Monero's ring size above 16 are analyzed.

1
[MAGIC] vtnerd Monero dev work for Q1/Q2 has been fully funded! (monerofund.org)
 

Thank you to all donors!

The MAGIC Monero Fund's campaign to raise 226 XMR (28,800 USD) for three months of vtnerd (Lee Clagett) development work has succeeded.

vtnerd will work on Monero and Monero Light Wallet Server (LWS). The LWS increases Monero's capacity for more users and transactions. LWS will be even more important when Seraphis (next generation Monero transactions) is implemented because Seraphis will improve the user privacy and speed of light wallet servers.

Here are the full details of vtnerd's proposed work:

vtnerd is the author of Monero-LWS, and has been a contributor to the Monero codebase since 2016. He is a veteran of four CCS proposals; [1], [2], [3], [4]

This proposal funds 480 hours of work, ~3 months. The milestones will be hour based; 160 (1 month), 320 (2 months), 480 (3 months). At the completion of hours, he will provide the Monero Fund committee references to the work that was completed during that timeframe.

Some features that are being targeted in monero-project/monero :

  • Get new serialization routine merged (work on piecemeal PRs for reviewers sake) (already in-progress)
  • Complete work necessary to merge DANE/TLSA in wallet2/epee.
  • Adding trust-on-first-use support to wallet2

Work targeted towards vtnerd/monero-lws :

  • Optional full chain verification for malicious daemon attack (already-in progress)
  • Webhooks/ZMQ-PUB support for tx sending (watch for unexpected sends)
  • ZMQ-pub support for incoming transactions and blocks (notifies of any new transaction or block)
  • Implement "horizontal" scaling of account scanning (transfer account info via zmq to another process for scanning)
  • Make account creation more "enterprise grade" (currently scanning engine re-starts on every new account creation, and uses non-cacheable memory) * Unit tests for REST-API
  • Create frontend LWS C/C++ library
  • Provide official LWS docker-image
  • Provide official snap/flatpak/appimge (tbd one or all of those)
  • Provide pre-built binaries
  • (Unlikely) - reproducible builds so community members can verify+sign the binary hashes
  • It is unlikely that all features will be implemented, at which point the unfinished features will roll into the next quarter.
1
MRL meeting on prohibiting new custom timelocks (github.com)
 

Last week rbrunner7 argued that future Monero transactions should not be able to set custom timelocks. This proposal was discussed in this week's Monero Research Lab meeting.

Monero's timelocks have been a "solution in search of a problem" for a long time. However, Alex from Local Monero said he had a special use for them:

Sometimes, we ban a certain user permanently from our platform. Sometimes, that user tries to return to the platform. We catch them and warn them not to return again or there will be consequences. They ignore us and return to our platform. In these cases, we take the XMR that they placed in the arbitration bond and send it to them in a timelocked transaction to disincentivize them from trying to return again.

The rough result of the meeting was to evaluate time lock puzzles as an off-chain replacement for custom unlock times. xFFFC0000, a new Monero dev, said that he would investigate time lock puzzles soon.

Need help with understanding how XMR (sub)addresses work in c/[email protected]
[–] [email protected] 0 points 7 months ago (1 children)

Good question. You didn't get hacked. You approved the payment to Mullvad.

When you send XMR to an "integrated address", Ledger does not display the integrated address on the device. It displays the raw Monero address. Mullvad probably uses integrated addresses.

SethForPrivacy said:

At present, the UX around integrated addresses can be confusing and even outright dangerous, like how the Ledger always displays the underlying address instead of the integrated address, making address verification difficult or impossible depending on the application.

I don't know if there are plans to fix this or if it can be fixed at all.

0
Almost entire balance (2675 XMR) of Community Crowdfunding System (CCS) Monero wallet has been stolen (github.com)
 

Timeline of events

In the last Monero General Fund transparency report in March 2023, the General Fund held 8452 XMR. As far as we know, this separate wallet is safe and unaffected. It would be possible to pay people with active CCS proposal from the General Fund, but nothing has been decided.

0
[CCS] Alternative Monero node written in Rust has moved to Funding Required (ccs.getmonero.org)
 

Why

Currently, Monero only has one node written in C/C++, many would see this as an issue. Having only one implementation makes us more vulnerable to implementation bugs, having another node will help us to spot and fix these issues.

monerod's code is also a bit of a mess, as many devs who have worked on it would agree. Cuprate is a fresh start and is built with modularity in mind which will lead to a cleaner and easier to understand codebase.

Having a consensus rules document will make it easier for developers to build software to interact with Monero. It will also make it easier to spot potential issues with consensus rules.

1
Townforge testnet with new features launches August 12 (townforge.net)
 

Version 0.35 of the Townforge testnet will start August 12. The tentative start time is 3:00 UTC. Get the new software on the Downloads page.

Some of the new features:

  • Light source and water cubes can be placed in buildings.

  • The shape of cubes can be changed.

  • The road buildings subsidy is based on a new connected graph algorithm.

  • Player accounts can be auctioned.

  • The appearance of player avatars can be customized.

  • Some new collectible card game named Coru. (I don't know what Coru is. It's in the git commit messages.)

New Townforge light source blocks

1
Townforge FAQs (monero.town)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
0 comments fedilink
 

What kind of game is it?

Townforge is a multiplayer turn-based economic strategy game and 3-D building architecture platform. You manage buildings and items to try and make a profit from them. Townforge is entirely blockchain based: all player actions are embedded in the blockchain. This is the source of Townforge’s turn based nature, which means that every action you take will be sent to other computers participating, and will only actually happen in the game when mined (i.e., added to the blockchain, like a typical cryptocurrency). This makes Townforge a slow paced long term game.

People will usually want to play a little every day, to maintain their business empire and grow it over time. Note that Townforge is a live game. Your buildings consume/produce materials and income even if you do not actively play, so you do not need to have regular play sessions if you do not want to micromanage.

Townforge Farm

What does Townforge have to do with Monero?

As a base, Townforge uses Monero's code that handles peer networking, the blockchain, and transaction cryptography. All the game logic like creating buildings, farming, and trading items was added over years of development time.

Townforge is a separate blockchain. Nothing that happens in Townforge directly affects the Monero blockchain, and vice versa. However, since both chains use the RandomX hashing algorithm, the Townforge and Monero blockchains can be "merged mined" together like Litecoin and Dogecoin. Merge mining increases the security of both blockchains.

moneromooo, one of the main programmers for Monero, does almost all of the coding for Townforge.

Is Townforge open source?

Yes. Like Monero, Townforge has a BSD-3 open source license.

Is Townforge a "play-to-earn" game?

Not really. The point of the game is to have fun, not to earn money. If you are good at the game you can earn Townforge Gold, but there is no guarantee that the Gold will ever be worth anything. Think of it as a card game between friends where you only bet a little money to "make it interesting".

Townforge placing cubes for buildings

Is the game portion of Townforge private like Monero?

Not quite. It is only pseudonymous.

Out-of-game transactions have Monero-level privacy. After depositing to a game account, in-game actions like buying land and placing cubes for buildings are publicly viewable and linked to the game account. However, an observer cannot link a game account to a wallet address.

Compared to typical web games, there is no website registration, email, etc. You play by interacting with the Townforge blockchain only, and you may use Tor or I2P to do so if you wish to protect your privacy further.

How do I start playing?

Townforge is on testnet, a kind of beta version. You can play now with other players to learn how the game works, enjoy it, and develop strategies, but any Gold, items, or badge achievements you collect will not transfer to the "mainnet" full version of the game later.

To play on testnet, download the current version of Townforge for your operating system on the Downloads page and unzip/uncompress the file.

On Linux or Mac, open Terminal, change directory to inside the unzipped folder, and input:

./townforge --testnet

On Windows, open Command Prompt, change directory to inside the unzipped folder, and input:

start townforge.exe --testnet

ADDING --testnet IS VERY IMPORTANT. You cannot connect to the right network if you don't add --testnet.

Depending on when you start playing, it may take a few hours to fully sync your blockchain with the network.

Create a new wallet. You need some Townforge Gold in your wallet to create a game user account. The easiest way to get gold is to mine Townforge's cryptocurrency blocks into its blockchain. At the bottom of the game's menu is the "Node" panel. Open it and click "Start mining". Other players can gift you Gold to get you started playing, too.

Townforge leveling up

When will mainnet launch?

When the game is ready. It could be months. It could be years.

Where can I find more info?

0
New seed generation exploit in faulty cryptocurrency wallets (milksad.info)
 

Popular documentation like “Mastering Bitcoin” suggests the usage of bx seed for wallet generation.

Secure cryptography requires a source of large, non-guessable numbers. If the random number generator is weak, the resulting cryptographic usage is almost always compromised.

For technical people: in this case, practical wallet security is reduced from 128 bit, 192 bit or 256 bit to a mere 32 bit of unknown key information.

I am not an expert, but if you use a multi-coin wallet that includes Monero, then your Monero could be affected. I don't see a list of wallet software that is affected. It would not be easy to verify that closed-source wallets do not use the exploitable code library.

Q: I used bx to generate my wallets but only use it for non-BTC coins, do I need to worry?

A: Yes. All funds stored on BIP39 mnemonic secrets or BIP32 wallet seeds are affected since the underlying private keys are basically public now.

view more: next ›