00:00:33 "glitter has use cases though..." <- nice. this is really cool. we should have Monero glitter lol 00:01:45 I first learned about this topic from a girl that worked for an online store that repacked and sold this alibaba glitter in small 1-5 gram packages and called it "bio glitter". They mainly sold to hippie girls going to festivals 01:37:24 * plowsof11 uploaded an image: (2114KiB) < https://libera.ems.host/_matrix/media/v3/download/matrix.org/sNtLjgmaUKBzxMlNOvuwwlEq/Screenshot%20from%202023-07-06%2002-34-04.png > 01:38:08 i saw that message and thought about your ccs idea lukeprofits ^ 01:43:20 stable coin UX / fees to get it back to something usable suck - i'd rather accept Mastercard 01:47:21 also Justin left a new comment: https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/398#note_21773 03:33:00 "also Justin left a new comment..." <- didnt know this existed: https://github.com/cake-tech/autoforward-autoconvert are people really running monero hotwallets with wallet-rpc in a vps? 03:36:23 * spirobel[m] uploaded an image: (38KiB) < https://libera.ems.host/_matrix/media/v3/download/monero.social/HrfTxQARtsTevYySxTBGgeoJ/Screenshot%20from%202023-07-06%2011-35-45.png > 08:12:09 heh. Signal not only didn't want to integrate xmr, you can't even donate XML to them 08:19:18 XML lol 08:19:36 can I donate JSON? 08:20:16 XMR* 08:20:19 blah 10:15:20 "didnt know this existed: https:/..." <- > are people really running monero hotwallets with wallet-rpc in a vps 10:15:26 what else are you supposed to do? 10:15:44 i run my hot wallets in docker on a weird port for extra protection 10:15:50 but its still a hot wallet 10:15:59 (not exposed to the internet of course) 10:24:41 Expose or port 10:25:04 wym 10:26:10 In docker 10:26:17 Expose or port. 10:26:37 none 10:26:46 auto forwarding would mean that funds would only exist for ~10 blocks, then sent out. if someone gained control over your vps hot wallet , at least the entire balance wouldn't be there. an alternative could be "auto create unsigned transactions" - and then when you have time, get them signed offline .. then upload the key images (i don't think any FOSS/easy solution for this exists atm) 10:26:50 i run the wallet-rpc in a monero network 10:26:52 Unplug interweb? 10:26:56 s/monero/docker/ 10:27:08 and connect the image that needs wallet-rpc to said network 10:27:57 its hard being your own bank sometimes 10:28:15 Bank of plowsof 10:28:58 ah yes i do my own auto forwarding 10:29:30 literally just 10:29:39 async function sendAllToColdWallet() {... (full message at ) 10:29:46 * ```... (full message at ) 10:30:12 run this every couple minutes 10:30:18 in a loop 10:35:38 KISS nice! 10:40:05 "none" <- iirc, docker exposes everything globally by default unless you explicitly configure it not to 10:40:40 "what could possibly go wrong?" 10:40:47 merope: it doesnt 10:41:06 to expose a port you have to either explicitly specify it 10:41:11 or run it in host network mode 10:41:42 it acts like a NAT 10:41:53 Yest 10:41:53 port: 11:46:02 "> are people really running..." <- This part I enjoyed the most:... (full message at ) 11:46:28 lol 11:47:31 thats like putting metal bars and covering all of your windows while leaving your door wide open 11:47:38 Sudo ufw disable 11:47:49 I disabled your firewall! 11:48:06 error: you're not in sudoers group 11:48:26 🤦‍♂️ 11:48:42 Have i been reported? 11:48:56 this incident VILL be reported 11:49:03 you VILL not use sudo 11:49:03 Sob 11:49:08 and you VILL be happy 11:49:08 🏃‍♂️💨 11:49:44 chmod +s DanrdarkIsnotthe 11:51:22 that emoji looks like fart rocket, lol 11:53:29 i can confirm^ 11:54:16 After burner 11:56:25 So business wallet is dead in water now? 11:56:56 Xmr to usdc circle blackrock 11:57:07 only now? 11:58:03 I give hope where there is none 12:00:10 lukeprofits: comradeblin sideshift has an issue with xmr (not available since at least 2 days and counting) 12:02:33 Up shit creek 12:13:43 "lukeprofits: comradeblin..." <- Who cares 12:13:51 Business wallet is a joke 12:14:18 Doesnt need a swap at all. "design" stage is retarded 12:14:54 Like "im here to make money. That is all. I dont even use xmr, probably" 12:15:39 sidefknshift + fiat is like 5% losses 12:16:06 Wtf kind of "easy" or "smart" or incentive to use such a shit system 12:16:17 Visa is cheapet 12:16:42 sideshift doesn't even have XMR now 12:17:20 And doesnt rely on some shithole swap site that may or may not have reserves 12:17:23 Exch,for example, often has less than 2 xmr 12:18:51 sech1: Ban 13:39:47 "auto forwarding would mean..." <- it is just a bad idea to run this in a vps. Somebody just needs to have passive access to steal the money and not even leave a trace. Even doing this on a dedicated server means that you trust the people in the datacenter. But in case of a vps ... the barrier to entry is very low and you dont know who has access to it. It would make sense to run this at home on a raspberry pi (if 13:39:47 you dont tell anyone about it). But to run this on hardware you dont control (doubly sow if "virtual") is just too cowboy 13:41:16 it would probably be detected pretty quickly 13:41:22 if you have a decent volume of transactions 13:41:23 "This part I enjoyed the most:..." <- > <@trasherdk:monero.social> This part I enjoyed the most:... (full message at ) 13:41:36 naphtha[m]: how so? 13:41:55 you'll notice that transactions stop coming in to the cold wallet 13:42:16 Aren't you not supposed to connect the cold wallet to the internet? 13:42:19 cold? 13:42:49 but yeah there's no reason other than convenience to run it on a vps as opposed to something like a pi 13:42:51 recanman[m]: no? 13:42:58 recanman: view only wallet 13:42:59 you only need the view key of the cold wallet 13:43:10 plowsof11: Sorry, I keep forgetting about htat 13:43:13 s/htat/that/ 13:43:23 I learned all blockchain concepts from bitcoin 13:43:32 s/Sorry,//, s/htat/that/ 13:44:29 naphtha[m]: you would have to monitor the incoming transactions of the hot wallet from a different server and make sure they match the amounts coming into the cold wallet .... but then again why not send to the cold wallet directly? 13:45:26 spirobel yes the "auto forwarder" could run on a pi on hardware you have control over yes (more secure than running on a vps) 13:45:34 spirobel[m]: most payment systems create a different account for each transaction 13:45:38 mine included 13:45:51 you can't create an account with a view key only 13:46:11 naphtha[m]: thats why we have integrated addresses. 13:46:11 needs to be a hot wallet 13:47:17 it could hurt privacy 13:47:24 if you only use integrated addresses 13:47:37 i think? 13:48:16 naphtha[m]: How? 13:48:20 naphtha[m]: no. subaddresses are there for users to give different addresses to different people: your grandma gets one and your glitter dealer gets a different one 13:49:07 if you have a merchant website this situation simply does not apply. Because you have only one "identity aka address" anyway 13:49:28 arent they supposed to be depreciated in favor of subaddresses (even though subaddresses arent consensus) 13:49:47 TrasherDK[m]: integrated addresses have the same public address 13:49:52 embedded in them 13:49:55 in plaintext 13:50:00 i think, i never used them 13:50:34 Payment IDs 13:50:37 * Payment IDs? 13:50:46 so if someone got access to your tx history, they could see that you sent money to your glitter dealer's website 13:50:58 with subaddresses they would only see that you sent money to some random address 13:51:00 ofrnxmr[m]: that is wrong. They wont be deprecated. And seraphis will offer similar functionality. Fun fact: every single monero transaction looks like a transaction to an integrated address. (with a random payment id) 13:51:15 that is done to achieve transaction uniformity 13:51:40 people that say that they will be deprecated simply dont know what they are talking about and just make stuff up. 13:51:52 Ah, yes. integrated address was deprecated some time ago. I'm thinking of payment id. 13:52:12 They are kind of the same? 13:52:14 it is exactly for the use case so you can easily run a webshop with just view keys 13:53:02 Integrated address is the `+ + +` right? 13:53:51 TrasherDK[m]: that is just wrong. They also cant be deprecated. completely infeasible. Monero will even work with "integrated subaddresses" even though noone considered that. 13:54:22 recanman[m]: normal address is the same without the payment id 13:54:59 Well, memory isn't wat it used to be:... (full message at ) 13:56:42 someone help me understand this 13:57:03 whats the "payment_id"? 13:57:28 if its random then it really doesnt look like enough entropy 13:57:50 8 bytes 13:59:10 naphtha[m]: it should be longer I agree. but even in its current form it is enough to distinguish payments 14:00:59 "that is just wrong. They also..." <- if someone is interested in this topic you can read this comment: https://github.com/monero-ecosystem/monero-javascript/issues/90#issuecomment-1149474885 addresses are all just public keys all the way down. 14:04:15 https://ccs.getmonero.org/funding-required/ ❤️ 14:07:17 Pluja updated sideshifts page to show Monero is not accepted https://kycnot.me/exchange/sideshift.ai 14:10:49 https://kycnot.me/changelog showing its maintained 👍️ naphtha s kyun.host features there.. now with no javascript! 🚀 14:13:24 someone from my matrix notified him lol it was just a test 14:13:28 no js version is tor only 14:13:52 main site still needs js until i finish the next update which also implements a fully featured no js version 14:37:12 "didnt know this existed: https:/..." <- How else are you supposed to send payments to auto-convert? 14:38:16 "This part I enjoyed the most:..." <- > <@trasherdk:monero.social> This part I enjoyed the most:... (full message at ) 14:41:11 "but yeah there's no reason other..." <- the autoforwarder can be run on anything, including a pi if you have it laying around. If it makes you feel better, add the half sentence to say "Basically any VPS will do, or a Raspberry Pi." 14:42:41 maybe you're all used to sketchy privacy-focused servers, haha. Most people use servers from pretty big names like AWS, who don't care about stealing your $500 incoming payment 14:43:12 It still isn't good practice to allow that attack to exist in the first place. 14:43:14 hey, kyun isn't sketchy, it's ran from a basement and protected by 5 gypsies with knives 24/7 14:43:17 in any case, the script will work on any linux box, no matter your config or situation 14:43:20 totally legitimate 14:44:04 recanman[m]: yeah, but for high uptime like we need for a web store, running it all on a local raspberry pi isn't sufficient either :) 14:44:27 you dont REALLY need high uptime if its just a forwarder 14:44:51 sgp[m]: Well, for critical applications like these, there is on-prem, and you should employ fault-tolerance anyways. 14:45:40 an individual probably doesn't need high uptime for a this, sure. but we are talking in the context of web stores, and most people don't like the idea of having funds unnecessarily sit in a volatile asset 14:46:03 just use an old laptop and tailscale funnel if behind nat 14:46:14 less exposure 14:46:31 fwiw, I would like to see someone write a script to auto-convert to a stable using Trocador, ChangeNOW, etc. instead of Kraken 14:46:54 vdo: doesnt matter if you are behind nat for this purpose 14:47:01 sgp[m]: https://trocador.app/en/docs/ 14:48:21 it would take some minor work for someone to use their api to get a variable quote, send the xmr to there (making sure it was > the min), etc. 14:48:42 then boom, user gets stablecoin or whatever else they want 14:49:31 related to this, does binance/kraken/whatever have an api for selling xmr? i'd imagine having a market where you receive monero and it automatically converts to fiat for you using your cex would be really helpful in making normies accept monero 14:49:46 Yup, see https://github.com/cake-tech/autoforward-autoconvert/blob/main/autoconvert-kraken-XMR-to-USD.py 14:50:18 is that usdt or actual usd? 14:50:24 usd 14:50:30 oh wow 14:50:32 this is for usdc https://github.com/cake-tech/autoforward-autoconvert/blob/main/autoconvert-kraken-XMR-to-USDC.py 14:51:24 I recommend people have an isolated Kraken account for the store only for security reasons. Kraken allows users to have multiple accounts, with justification 14:53:28 i was expecting them to not allow api access for any selling or buying 14:53:33 its surprising that they allow this 14:54:59 it simply involves adding an order for XMR -> USD 14:56:21 the benefit to using an instant exchanger, assuming you trust them not to steal your money, is that you can send the stable to another non-custodial wallet of yours, so there are no remaining api key permissions where, if the key was exposed, they could try to mess with the funds in the kraken account 14:56:45 obligatory "wen serai / atomic swaps" 14:57:32 right 14:57:54 then i wonder why there is no solution yet 14:58:00 like a payment gateway for woocommerce/whatever 14:58:12 that allows sellers to accept xmr and auto convert to fiat 14:59:43 I argue this is a solution. BTCPay Server to track invoices, autoforwarder to send to Kraken, autoconverter to convert to USD on Kraken 15:00:14 Could it be better integrated? Absolutely 15:00:19 i mean something easier yeah 15:00:22 plug n play 15:00:27 naphtha: NOWPayments does that AFAIK 15:00:31 NOWPayments will get you to a stable easily 15:00:49 ah shit yeah i remember now 15:00:53 https://guides.monero.com/docs/tutorials/accept-monero-as-merchant/#for-simple-web-stores-nowpayments 15:01:12 then why tf is monero so rare to see as a payment method 15:01:13 pisses me off 15:01:26 whats their fee? 15:01:38 1% + spreads I think. Not for large businesses imho 15:01:54 0.5% + spreads 15:03:08 is that not cheaper than kraken? 15:03:16 kraken is definitely cheaper 15:03:49 sgp[m]: how come? pretty sure stripe fees are similar 15:04:41 Kraken's highest fees are 0.26% + spread 15:08:33 in practice, spreads are probably at least 100 bips (1%) tighter 15:09:13 someone should make an autoconvert for Binance too; their spreads are tight 15:24:36 withdrawing from binance might have some issues though... 15:25:42 do we have an official sessions and simpleX chat group 15:31:56 There are meetings every week, check the issues for the Monero Community Workgroup at https://github.com/monero-project/meta 15:32:01 " do we have an..." <- No simplex chat group. 15:32:18 * chat group. (here's the next meeting https://github.com/monero-project/meta/issues/857) 15:33:55 ok thanks 16:05:15 I confirmed that you can still trade Monero on SideShift through Cake. They didn't tell me why they disabled Monero on their website :/ 16:12:30 "an individual probably doesn't..." <- is it possible to track incoming payments via the kraken api? They could let customers send directly to their kraken deposit address if they dont want to hold monero. (to tell payments apart the last 5 digits of the payable amount can be a random number that is associated with the order) 16:12:51 spirobel[m]: Kraken prevents this with their ToS 16:16:21 "the autoforwarder can be run..." <- just leave out the part with the vps. It is not a good idea to store hotwallet keys in a vps. AWS or not you dont know how many people have read access to it. And this could bite you later when there is more volume or the wallet is used in another context. 16:18:06 this tool is not bad in general. basically solves the business wallet use case. But dont run it on a remote server and especially not a vps. 18:22:26 If your threat model includes your VPS provider, then you most likely have the resources to host your own on-premise wallet server. If not, then you lack the fundamental resources to run your business 18:22:33 * VPS provider stealing from your hot wallet, then 18:22:45 i dont think the only threat is the provider 18:23:07 or, rather, not directly 18:23:15 Which is why I didn't say that ;) 18:23:51 i mean in this case. running it on a vps is a bad idea but not because the provider would snoop 18:24:33 some providers have horrible security, insecure proxmox passwords, vulnerable software running on a wide open unfirewalled network 19:32:48 1234 19:32:53 Best one 20:37:30 Thats plowsof's pin 20:37:33 Dont tell anyone though 20:38:08 i have to change it to 1111 now , thanks! 20:39:46 no, that's luigi's 20:53:23 With /1 like 24/25 20:53:35 1111/1 21:04:56 i need professional opinion here 21:05:05 this might be the first time i have to reject a .town application 21:05:16 ofrnxmr: plowsof what do you think 21:05:18 * monerobull[m] uploaded an image: (78KiB) < https://libera.ems.host/_matrix/media/v3/download/matrix.org/HfCsFscrlpUWMBxQrqHPAHor/grafik.png > 21:05:38 (thats the only tweet on that account) 21:10:16 Kyc 21:10:18 Fixed 21:11:55 "In order to verify your account we have to do further verification" kek 21:12:39 Please send 1xmr to this address to verify your not a bot 21:12:48 Pow ftw 21:24:22 "Hohol"? 21:24:23 No 21:24:32 * No, lol 21:46:24 Did they pay the 0.1 XMR? 21:56:36 It's 0.01 💀 21:57:07 They seem to be a real person working for some exchange, not sure why they didn't have 0.01 xmr 🤷‍♂️ 21:57:19 "i need professional opinion here" <- Russophpbia 21:57:28 * Russophobia 21:58:34 is the verification simply that they're not a bot? 21:58:46 Yeah 21:59:25 What else do you want me to do, actual KYC 😂 21:59:26 they seem to have made the effort to register a fake twitter for you so its elons fault if theyre a bot 22:00:02 Nono that twitter is up since March 22:00:28 Doesn't twitter require a phone number to make an account? 22:00:36 monerobull[m]: Just never did anything besides liking 3 of their own corpo tweets 22:02:04 blankpage[m]: It's not like russian bot farms have ever had a shortage of those... 22:07:09 reject based on low effort verification? 22:08:38 Make 0.01 XMR mandatory 22:21:26 Hm 22:21:42 That would be pretty inconvenient for many 22:22:02 imtelling y 22:22:24 Make it 0.1 xmr 22:22:32 monerobull[m]: Lemmy itself is a little inconvenient to use right now, don't think adding even more friction is a great idea 22:22:50 ofrnxmr[m]: And that would turn everyone away 😅 22:23:02 0.08 refundable 22:23:15 0.01 management fee, 0.01 hosting 22:24:37 While it would certainly discourage spam, that sounds like way too much hassle 22:25:05 We currently don't even have any spam at all 22:25:19 Can keep it in mind if we ever should get it I guess 22:27:38 I think the wording of this needs to change to avoid this problem 22:27:45 "Verifiy you are human by posting this message containing your Monero.Town username on twitter/reddit/mastodon/etc and link the post in the answer field." 22:38:53 you are the better English speaker, how would you improve it? 22:41:00 Please provide the following:... (full message at ) 22:41:15 Missed any? 22:41:27 scan of your drivers license 22:42:00 Yest most important 22:42:00 selfie with 3 fingers holding drivers licence 22:42:11 With spendkey 22:44:54 Honestly I would consider just making the 0.01XMR mandatory. It seems that if they "fail" the first option of verifying by linking to a post then there is no way for them to verify the same account with 0.01XMR 22:47:41 If there was a way for them to fallback to paying XMR then you could say it was at your discretion whether to verify based on a post in another location 22:49:03 So either mandatory XMR, or a way to fallback to paying XMR if they fail a free verification 22:56:11 0.1 escrow. You’ll get it back after 1 month of month. Force hodl. 22:58:28 But yeah a registration fee shouldn’t be a problem for Monero users. Heck make it go to the Monero General Fund. The view keys are public. 22:59:32 * spirobel[m] uploaded an image: (4333KiB) < https://libera.ems.host/_matrix/media/v3/download/monero.social/tutWdhdPDOAuzJZnfKZuniOs/aws_%203.png > 22:59:43 Proof of Monerista 23:06:16 Random registration fee of 0.010000001 to 0.100000000. If the exact value is detected using the general fund view keys you are in. 23:08:02 is the general fund paying the hosting/maintenance fees? 23:10:43 Yest 23:10:59 In btc 23:11:06 Via lightening invoicw 23:11:10 s/invoicw/invoice/ 23:19:58 I don’t know. Depends on monerobull goals. If it’s only for captcha purposes maybe it doesn’t matter. A fund for the instance itself would be better imo. Almost like how Reddit gold worked at the beginning. 23:21:25 Funds are supposed to be used for hosting yeah 23:31:48 Yeah. 0.1xmr input 0.01 still for hosting, 0.01/user paid to whoever can do the refunds, and 0.08 refunded 23:31:48 id still wait for the appearance of bots of spammers trying to get around it 23:32:45 If spammer spams, keep the whole 0.1 23:34:17 the incentives to run stuff in the fediverse are cursed af. Also unclear how the privacy situation is any better compared to big tech. In the end we have to all self host our own sites and use rss or something to tie everything together. 23:34:47 Wallet SDK for Android CCS nearly funded. about 70 XMR left from 295 total 23:35:05 Vtnerd getting close too? 23:35:32 about half way 23:35:45 Someone tag @visa on twitter to fund vtnerd 23:35:51 And @bankofamerica 23:38:36 spirobel[m]: yeah you really shouldnt post anything you aren't comfortable with having out there if having it forever cached on some tiny instance is a problem 23:38:56 s/if having it// 23:39:04 s/if having it// 23:39:57 No dick pics then 23:40:15 did you post those to reddit before? 23:41:05 On r/bitcoin 23:46:30 based