<plowsof11> "glitter has use cases though..." <- nice. this is really cool. we should have Monero glitter lol

I first learned about this topic from a girl that worked for an online store that repacked and sold this alibaba glitter in small 1-5 gram packages and called it "bio glitter". They mainly sold to hippie girls going to festivals

i saw that message and thought about your ccs idea lukeprofits ^

stable coin UX / fees to get it back to something usable suck - i'd rather accept Mastercard

also Justin left a new comment: repo.getmonero.org/monero-project/c…als/-/merge_requests/398#note_21773

<plowsof11> "also Justin left a new comment..." <- didnt know this existed: github.com/cake-tech/autoforward-autoconvert are people really running monero hotwallets with wallet-rpc in a vps?

heh. Signal not only didn't want to integrate xmr, you can't even donate XML to them

XML lol

can I donate JSON?

XMR*

blah

<spirobel[m]> "didnt know this existed: https:..." <- > are people really running monero hotwallets with wallet-rpc in a vps

what else are you supposed to do?

i run my hot wallets in docker on a weird port for extra protection

but its still a hot wallet

(not exposed to the internet of course)

Expose or port

wym

In docker 

Expose or port.

none

auto forwarding would mean that funds would only exist for ~10 blocks, then sent out. if someone gained control over your vps hot wallet , at least the entire balance wouldn't be there. an alternative could be "auto create unsigned transactions" - and then when you have time, get them signed offline .. then upload the key images (i don't think any FOSS/easy solution for this exists atm)

i run the wallet-rpc in a monero network

Unplug interweb?

s/monero/docker/

and connect the image that needs wallet-rpc to said network

its hard being your own bank sometimes

Bank of plowsof

ah yes i do my own auto forwarding

literally just

async function sendAllToColdWallet() {... (full message at <libera.ems.host/_matrix/media/v3/do…bad00d403fb8b5c4939938c2c5c26670781>)

* ```... (full message at <libera.ems.host/_matrix/media/v3/do…809a2a28c1f86cb3d8ffa6acfff28962fee>)

run this every couple minutes

in a loop

KISS nice!

<naphtha[m]> "none" <- iirc, docker exposes everything globally by default unless you explicitly configure it not to

"what could possibly go wrong?"

merope: it doesnt

to expose a port you have to either explicitly specify it

or run it in host network mode

it acts like a NAT

Yest

port:

<naphtha[m]> "> are people really running..." <- This part I enjoyed the most:... (full message at <libera.ems.host/_matrix/media/v3/do…42e3f0228e9835b6c04af3cfea7dc18598b>)

lol

thats like putting metal bars and covering all of your windows while leaving your door wide open

Sudo ufw disable

I disabled your firewall!

error: you're not in sudoers group

🤦‍♂️

Have i been reported?

this incident VILL be reported

you VILL not use sudo

Sob

and you VILL be happy

🏃‍♂️💨

chmod +s DanrdarkIsnotthe

that emoji looks like fart rocket, lol

i can confirm^

After burner

So business wallet is dead in water now?

Xmr to usdc circle blackrock

only now?

I give hope where there is none

lukeprofits: comradeblin sideshift has an issue with xmr (not available since at least 2 days and counting)

Up shit creek

<plowsof11> "lukeprofits: comradeblin..." <- Who cares

Business wallet is a joke

Doesnt need a swap at all. "design" stage is retarded

Like "im here to make money. That is all. I dont even use xmr, probably"

sidefknshift + fiat is like 5% losses

Wtf kind of "easy" or "smart" or incentive to use such a shit system

Visa is cheapet

sideshift doesn't even have XMR now

And doesnt rely on some shithole swap site that may or may not have reserves

Exch,for example, often has less than 2 xmr

sech1: Ban

<plowsof11> "auto forwarding would mean..." <- it is just a bad idea to run this in a vps. Somebody just needs to have passive access to steal the money and not even leave a trace. Even doing this on a dedicated server means that you trust the people in the datacenter. But in case of a vps ... the barrier to entry is very low and you dont know who has access to it. It would make sense to run this at home on a raspberry pi (if

you dont tell anyone about it). But to run this on hardware you dont control (doubly sow if "virtual") is just too cowboy

it would probably be detected pretty quickly

if you have a decent volume of transactions

<TrasherDK[m]> "This part I enjoyed the most:..." <- > <@trasherdk:monero.social> This part I enjoyed the most:... (full message at <libera.ems.host/_matrix/media/v3/do…7cdf02a5b8839280c07adf1c33d33ecee46>)

naphtha[m]: how so?

you'll notice that transactions stop coming in to the cold wallet

Aren't you not supposed to connect the cold wallet to the internet?

cold?

but yeah there's no reason other than convenience to run it on a vps as opposed to something like a pi

recanman[m]: no?

recanman: view only wallet

you only need the view key of the cold wallet

plowsof11: Sorry, I keep forgetting about htat

s/htat/that/

I learned all blockchain concepts from bitcoin

s/Sorry,//, s/htat/that/

naphtha[m]: you would have to monitor the incoming transactions of the hot wallet from a different server and make sure they match the amounts coming into the cold wallet .... but then again why not send to the cold wallet directly?

spirobel yes the "auto forwarder" could run on a pi on hardware you have control over yes (more secure than running on a vps)

spirobel[m]: most payment systems create a different account for each transaction

mine included

you can't create an account with a view key only

naphtha[m]: thats why we have integrated addresses.

needs to be a hot wallet

it could hurt privacy

if you only use integrated addresses

i think?

naphtha[m]: How?

naphtha[m]: no. subaddresses are there for users to give different addresses to different people: your grandma gets one and your glitter dealer gets a different one

if you have a merchant website this situation simply does not apply. Because you have only one "identity aka address" anyway

arent they supposed to be depreciated in favor of subaddresses (even though subaddresses arent consensus)

TrasherDK[m]: integrated addresses have the same public address

embedded in them

in plaintext

i think, i never used them

Payment IDs

* Payment IDs?

so if someone got access to your tx history, they could see that you sent money to your glitter dealer's website

with subaddresses they would only see that you sent money to some random address

ofrnxmr[m]: that is wrong. They wont be deprecated. And seraphis will offer similar functionality. Fun fact: every single monero transaction looks like a transaction to an integrated address. (with a random payment id)

that is done to achieve transaction uniformity

people that say that they will be deprecated simply dont know what they are talking about and just make stuff up.

Ah, yes. integrated address was deprecated some time ago. I'm thinking of payment id.

They are kind of the same?

it is exactly for the use case so you can easily run a webshop with just view keys

Integrated address is the `<pub. spend key>+ <pub. view key> + <payment ID> +<checksum>` right?

TrasherDK[m]: that is just wrong. They also cant be deprecated. completely infeasible. Monero will even work with "integrated subaddresses" even though noone considered that.

recanman[m]: normal address is the same without the payment id

Well, memory isn't wat it used to be:... (full message at <libera.ems.host/_matrix/media/v3/do…26191a7b53c67dedf03e1b933006cc4fccb>)

someone help me understand this

whats the "payment_id"?

if its random then it really doesnt look like enough entropy

8 bytes

naphtha[m]: it should be longer I agree. but even in its current form it is enough to distinguish payments

<spirobel[m]> "that is just wrong. They also..." <- if someone is interested in this topic you can read this comment: monero-ecosystem/monero-javascript #90#issuecomment-1149474885 addresses are all just public keys all the way down.

ccs.getmonero.org/funding-required ❤️

Pluja updated sideshifts page to show Monero is not accepted kycnot.me/exchange/sideshift.ai

kycnot.me/changelog showing its maintained 👍️ naphtha s kyun.host features there.. now with no javascript! 🚀

someone from my matrix notified him lol it was just a test

no js version is tor only

main site still needs js until i finish the next update which also implements a fully featured no js version

<spirobel[m]> "didnt know this existed: https:..." <- How else are you supposed to send payments to auto-convert?

<TrasherDK[m]> "This part I enjoyed the most:..." <- > <@trasherdk:monero.social> This part I enjoyed the most:... (full message at <libera.ems.host/_matrix/media/v3/do…253b52e73aa02393c07f932a713f89eb24d>)

<naphtha[m]> "but yeah there's no reason other..." <- the autoforwarder can be run on anything, including a pi if you have it laying around. If it makes you feel better, add the half sentence to say "Basically any VPS will do, or a Raspberry Pi."

maybe you're all used to sketchy privacy-focused servers, haha. Most people use servers from pretty big names like AWS, who don't care about stealing your $500 incoming payment

It still isn't good practice to allow that attack to exist in the first place.

hey, kyun isn't sketchy, it's ran from a basement and protected by 5 gypsies with knives 24/7

in any case, the script will work on any linux box, no matter your config or situation

totally legitimate

recanman[m]: yeah, but for high uptime like we need for a web store, running it all on a local raspberry pi isn't sufficient either :)

you dont REALLY need high uptime if its just a forwarder

sgp[m]: Well, for critical applications like these, there is on-prem, and you should employ fault-tolerance anyways.

an individual probably doesn't need high uptime for a this, sure. but we are talking in the context of web stores, and most people don't like the idea of having funds unnecessarily sit in a volatile asset

just use an old laptop and tailscale funnel if behind nat

less exposure

fwiw, I would like to see someone write a script to auto-convert to a stable using Trocador, ChangeNOW, etc. instead of Kraken

vdo: doesnt matter if you are behind nat for this purpose

sgp[m]: trocador.app/en/docs

it would take some minor work for someone to use their api to get a variable quote, send the xmr to there (making sure it was > the min), etc.

then boom, user gets stablecoin or whatever else they want

related to this, does binance/kraken/whatever have an api for selling xmr? i'd imagine having a market where you receive monero and it automatically converts to fiat for you using your cex would be really helpful in making normies accept monero

Yup, see github.com/cake-tech/autoforward-au…in/autoconvert-kraken-XMR-to-USD.py

is that usdt or actual usd?

usd

oh wow

this is for usdc github.com/cake-tech/autoforward-au…n/autoconvert-kraken-XMR-to-USDC.py

I recommend people have an isolated Kraken account for the store only for security reasons. Kraken allows users to have multiple accounts, with justification

i was expecting them to not allow api access for any selling or buying

its surprising that they allow this

it simply involves adding an order for XMR -> USD

the benefit to using an instant exchanger, assuming you trust them not to steal your money, is that you can send the stable to another non-custodial wallet of yours, so there are no remaining api key permissions where, if the key was exposed, they could try to mess with the funds in the kraken account

obligatory "wen serai / atomic swaps"

right

then i wonder why there is no solution yet

like a payment gateway for woocommerce/whatever

that allows sellers to accept xmr and auto convert to fiat

I argue this is a solution. BTCPay Server to track invoices, autoforwarder to send to Kraken, autoconverter to convert to USD on Kraken

Could it be better integrated? Absolutely

i mean something easier yeah

plug n play

naphtha: NOWPayments does that AFAIK

NOWPayments will get you to a stable easily

ah shit yeah i remember now

then why tf is monero so rare to see as a payment method

pisses me off

whats their fee?

1% + spreads I think. Not for large businesses imho

0.5% + spreads

is that not cheaper than kraken?

kraken is definitely cheaper

sgp[m]: how come? pretty sure stripe fees are similar

Kraken's highest fees are 0.26% + spread

in practice, spreads are probably at least 100 bips (1%) tighter

someone should make an autoconvert for Binance too; their spreads are tight

withdrawing from binance might have some issues though...

<plazma_69> do we have an official sessions and simpleX chat group

There are meetings every week, check the issues for the Monero Community Workgroup at github.com/monero-project/meta

<bridgerton[m]> "<plazma_69> do we have an..." <- No simplex chat group.

* chat group. (here's the next meeting monero-project/meta #857)

<plazma_69> ok thanks

I confirmed that you can still trade Monero on SideShift through Cake. They didn't tell me why they disabled Monero on their website :/

<sgp[m]> "an individual probably doesn't..." <- is it possible to track incoming payments via the kraken api? They could let customers send directly to their kraken deposit address if they dont want to hold monero. (to tell payments apart the last 5 digits of the payable amount can be a random number that is associated with the order)

spirobel[m]: Kraken prevents this with their ToS

<sgp[m]> "the autoforwarder can be run..." <- just leave out the part with the vps. It is not a good idea to store hotwallet keys in a vps. AWS or not you dont know how many people have read access to it. And this could bite you later when there is more volume or the wallet is used in another context.

this tool is not bad in general. basically solves the business wallet use case. But dont run it on a remote server and especially not a vps.

If your threat model includes your VPS provider, then you most likely have the resources to host your own on-premise wallet server. If not, then you lack the fundamental resources to run your business

* VPS provider stealing from your hot wallet, then

i dont think the only threat is the provider

or, rather, not directly

Which is why I didn't say that ;)

i mean in this case. running it on a vps is a bad idea but not because the provider would snoop

some providers have horrible security, insecure proxmox passwords, vulnerable software running on a wide open unfirewalled network

1234

Best one

Thats plowsof's pin

Dont tell anyone though

i have to change it to 1111 now , thanks!

no, that's luigi's

With /1 like 24/25

1111/1

i need professional opinion here

this might be the first time i have to reject a .town application

ofrnxmr: plowsof what do you think

(thats the only tweet on that account)

Kyc

Fixed

"In order to verify your account we have to do further verification" kek

Please send 1xmr to this address to verify your not a bot

Pow ftw

"Hohol"?

No

* No, lol

Did they pay the 0.1 XMR?

It's 0.01 💀

They seem to be a real person working for some exchange, not sure why they didn't have 0.01 xmr 🤷‍♂️

<monerobull[m]> "i need professional opinion here" <- Russophpbia

* Russophobia

is the verification simply that they're not a bot?

Yeah

What else do you want me to do, actual KYC 😂

they seem to have made the effort to register a fake twitter for you so its elons fault if theyre a bot

Nono that twitter is up since March

Doesn't twitter require a phone number to make an account?

monerobull[m]: Just never did anything besides liking 3 of their own corpo tweets

blankpage[m]: It's not like russian bot farms have ever had a shortage of those...

reject based on low effort verification?

Make 0.01 XMR mandatory

Hm

That would be pretty inconvenient for many

imtelling y

Make it 0.1 xmr

monerobull[m]: Lemmy itself is a little inconvenient to use right now, don't think adding even more friction is a great idea

ofrnxmr[m]: And that would turn everyone away 😅

0.08 refundable

0.01 management fee, 0.01 hosting

While it would certainly discourage spam, that sounds like way too much hassle

We currently don't even have any spam at all

Can keep it in mind if we ever should get it I guess

I think the wording of this needs to change to avoid this problem

"Verifiy you are human by posting this message containing your Monero.Town username on twitter/reddit/mastodon/etc and link the post in the answer field."

you are the better English speaker, how would you improve it?

Please provide the following:... (full message at <libera.ems.host/_matrix/media/v3/do…49db151e5649eded9150a589e5ff7de359f>)

Missed any?

scan of your drivers license

Yest most important

selfie with 3 fingers holding drivers licence

With spendkey

Honestly I would consider just making the 0.01XMR mandatory. It seems that if they "fail" the first option of verifying by linking to a post then there is no way for them to verify the same account with 0.01XMR

If there was a way for them to fallback to paying XMR then you could say it was at your discretion whether to verify based on a post in another location

So either mandatory XMR, or a way to fallback to paying XMR if they fail a free verification

0.1 escrow. You’ll get it back after 1 month of month. Force hodl.

But yeah a registration fee shouldn’t be a problem for Monero users. Heck make it go to the Monero General Fund. The view keys are public.

Proof of Monerista

Random registration fee of 0.010000001 to 0.100000000. If the exact value is detected using the general fund view keys you are in.

is the general fund paying the hosting/maintenance fees?

Yest

In btc

Via lightening invoicw

s/invoicw/invoice/

I don’t know. Depends on monerobull goals. If it’s only for captcha purposes maybe it doesn’t matter. A fund for the instance itself would be better imo. Almost like how Reddit gold worked at the beginning.

Funds are supposed to be used for hosting yeah

Yeah. 0.1xmr input 0.01 still for hosting, 0.01/user paid to whoever can do the refunds, and 0.08 refunded

id still wait for the appearance of bots of spammers trying to get around it

If spammer spams, keep the whole 0.1

the incentives to run stuff in the fediverse are cursed af. Also unclear how the privacy situation is any better compared to big tech. In the end we have to all self host our own sites and use rss or something to tie everything together.

Wallet SDK for Android CCS nearly funded. about 70 XMR left from 295 total

Vtnerd getting close too?

about half way

Someone tag @visa on twitter to fund vtnerd

And @bankofamerica

spirobel[m]: yeah you really shouldnt post anything you aren't comfortable with having out there if having it forever cached on some tiny instance is a problem

s/if having it//

s/if having it//

No dick pics then

did you post those to reddit before?

On r/bitcoin 

based