00:09:37 And its not "my" space 00:10:11 This sentence is just a copy paste. 00:10:11 its the _monero_ space 00:14:09 Oh I get it) 00:14:22 Thank you 00:27:41 Community-supported film premiering at San Diego Film Festival this Saturday, Oct 21! (with another event in Cali, York(UK) and Cuba) https://www.reddit.com/r/Monero/comments/17ajnzs/communitysupported_film_premiering_at_san_diego/ - geonic 04:01:36 someone asked about Monero in the Q&A after the premiere today 04:01:59 one of u guys? 07:38:28 have you seen this classic? 07:38:45 file Monero is the cash of crypto (XMR) ｜ GetMonero [sppcRLqkgbri].mp4 too big to download (3012654 > allowed size: 1000000) 07:38:45 Monero is the cash of crypto (XMR) ｜ GetMonero [sppcRLqkgbri].mp4 07:40:28 Very stimulating 08:16:28 Wow ahhahahaha 08:16:31 Cool video 08:49:54 <4rkal:monero.social> Should we care about operating system diversity for monero nodes?(Like tor does) 08:51:54 <4rkal:monero.social> Eg asking for more people to run on bsd etc 10:15:01 Yes 10:19:51 why? 10:20:58 In case of a 0day that targets a specific OS 10:21:18 oh you're right 11:07:02 <123bob123:matrix.org> Feature not a bug! 11:24:26 <4rkal:monero.social> If we do care about it then why aren't people asked to run on more rare platforms like bsd? 11:24:41 <4rkal:monero.social> Feel like most nodes are run on Linux or docker 11:24:48 <4rkal:monero.social> Could be a potential problem 11:27:15 <4rkal:monero.social> Would be pretty cool to have the os type in the /get_info 11:30:20 this way attackers could use monero API to filter which node to attack 11:31:05 <123bob123:matrix.org> Same with version 11:31:43 because bsd distros have a very small community... and its not as accessible as linux. Also I don't believe BSD is more secure than a correctly configured Linux distro but that's another topic 11:32:12 you're supposed to stay updated 😝 11:32:39 <123bob123:matrix.org> My wallet doesnt sync 11:32:44 <123bob123:matrix.org> What version 11:32:46 <123bob123:matrix.org> 1 11:32:59 <123bob123:matrix.org> Ok update 11:32:59 <4rkal:monero.social> Pretty sure Linux ssh has a 0day a while back that was not present on some bsd platforms 11:33:07 <4rkal:monero.social> Most* 11:34:33 since BSD and Linux use OpenSSH I suppose its more related to compiler flags used by the BSD team than the platform. And don't get me wrong Ubuntu and Fedora are shitty distro compared to OpenBSD security-wise 11:36:46 <4rkal:monero.social> Might have been openssl lol don't remember 11:37:30 <123bob123:matrix.org> Yeah i think it was 11:37:38 <123bob123:matrix.org> With a later version 11:39:05 openssh is maintained by the openbsd team so bsd usually gets patched quicker 11:39:45 <4rkal:monero.social> Should also probably discourage people from running windows nodes (at least public ones). If there was a windows 0day we would probably never find out/find out years later. 11:40:20 <123bob123:matrix.org> Botnets keep the m$ development going 12:04:24 https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/416 ofrnxmr 12:15:05 I disagree. Windows in its architecture and software solutions is **far more secure** than Linux and BSD. Your point isn't about security but transparency. "Open Source is more secure, than Proprietary" and "Microsoft could keep the 0day for themselves". 12:15:05 First , there are a LOT OF security vulnerabilities discovered on Linux that has been introduced months and years away (https://www.linuxkernelcves.com/cves). There is not a lot of Windows Kernel vulnerabilities that has been discovered. And the most used attack vector for complete access are third-party drivers (drivers, not kernel). Linux on the other hand find its attack vector s in the software flow, as linux is basically an init running a hell tree of different programs glue together that call another hell dependency tree. Windows don't suffer that as libraries are standardized on their platform. Windows also have Windows Defender (that does some job, suprisingly) and HardwareVirtualizedControlIntegrity, PAtchGuard, exploit mitigations like ASLR 48 bit etc... Security measures nowhere to be found yet on Linux and BSD or not enabled by default. 12:15:07 As for the second point, it is hard (at microsoft) to keep a vulnerability secret for the NSA (lets say), as multiple security teams are working and sharing their works. I don't say its impossible, but it is not common. 12:15:07 So I do think we shouldn't discourage people from running windows nodes. It would be for philosophical reason and monero organization have no benefits of doing so. Despite being in contradiction with the overall culture of the monero community (most monero users are power linux user) 12:21:50 <4rkal:monero.social> Lost me at windows defender works... 12:22:49 <4rkal:monero.social> Windows should never be used for a server or anything that requires high uptime and security. You have a lot less control over your system 12:24:20 <4rkal:monero.social> Public nodes have no reason to run on windows 12:25:14 <4rkal:monero.social> You can run a node on windows if you use it as your main os etc. But I see no point in running a public node on Windows 12:26:44 <4rkal:monero.social> You can run a node on windows if you use it as your main os etc. 12:36:00 <4rkal:monero.social> Might be biased against windows lol. Might be a good idea to diversify idk. It just feels like windows is a black box. If a vulnerability exists on Windows it will probs not Linux and vice versa 12:36:30 lets first get people running nodes powered by solar energy 12:36:54 STARS CAN MINE MONERO ????? 12:37:00 and then look into HAM radio for when the internet is turned off 12:49:43 is the threat model of a 0 day exploit being used to "turn the machine off" realistic? or would they just mine monero on it? 13:04:06 You're not biased, that's reality. It's unsafe to run nodes on Windows https://www.gnu.org/proprietary/proprietary-back-doors.en.html#windows-update 13:05:01 but i read that windows is far more secure (it was written in bold) 13:05:36 By using Windows you agree with Microsoft's EULA: you grant permission to have them access access to your files and device at any given time without notification. 13:05:48 I assume that many people run nodes on windows 13:06:12 By using Windows you agree with Microsoft's EULA: you grant permission to have them access access your files and device at any given time without notification. 13:07:10 tbh if you think about it its unsafe to run anything on modern x86 cpus since they all have remote access built in 13:07:37 is this a "monero binary" issue or >society 13:08:12 RISC-V binaries have arrived if this helps matters 13:08:17 Diversify but not with Windows, choose free software like BSD, Haiku OS and others. 13:08:40 even reactos is a viable option nowadays 13:08:51 if you want something that behaves like windows 13:11:38 Yep it doesn't have to be an unix-like. http://www.microkernel.info/ 13:12:39 again, philosophical reason. You're like a lot of people, misunderstanding privacy and security. And for your cause you twist the privacy of windows as a security arguments. I've lost too many hours trying to explain to some gnu/fsf maximalists how their vision is irrationial. So i'll let you this link : https://madaidans-insecurities.github.io/linux.html. This article has been wr itten by the lead dev of Kicksecure, the based distro on which Whonix run on. 13:13:00 <4rkal:monero.social> Monero kernel confirmed? 13:13:50 It's not philosophical, there are literal backdoors and an invasive EULA. 13:14:15 <4rkal:monero.social> Also just because Linux has a public list of previous vulnerabilities doesn't mean it's less secure. Exactly the opposite it means that a lot more vulnerabilities have been found and OPENLY discussed 13:14:26 I don't accept the EULA so I can't use it. 13:14:49 Anyways, it would be cool to get Monero running on SculptOS 13:15:51 Update cycle is by definition an attack vector. It's called supply chain attack. And your argument for FOSS OS to be safer is based on "I trust more free devs that support free software than a company". Its philosophical 13:15:59 Update cycle is by definition an attack vector. It's called supply chain attack. And your argument for FOSS OS to be safer is based on "I trust more free devs that support free software than a company". It is philosophical 13:16:58 GLibc has way more CVEs than Musl, doesn't mean Musl is hidding something and GLibc is safer 13:17:26 <4rkal:monero.social> By developing closed source software you are limited to the capabilities of your team. Open Source is not limited in any aspect skill wise. 13:18:09 No it isn't. I simply don't agree with the fucked up EULA. The code, I can audit myself. Which is something I already get paid to do to a degree. 13:18:27 I'm not advocating 100% windows is better than linux. I'm speaking purely from a security perspective. Because everyone can configure linux like they want doesn't mean they're gonna make it more secure 13:19:10 https://genode.org/download/sculpt already supports Rust and glibc I think. It's an interesting concept. 13:19:14 <4rkal:monero.social> So a black box is more secure than a glass box? 13:19:33 <4rkal:monero.social> You don't know shit about windows cause it's closed source 13:19:40 at least the open source community is learning from their past mistakes, and acknowledging that some of the software really is insecure - microsoft doesnt seem to learn at all 13:19:55 "I don't agree with the EULA, the code should be opened so i can audit it myself" 13:19:55 "No it is objective and not an opinion" 13:20:56 Yes it is objective 13:21:18 If you agree with it that's fine 13:21:32 Windows API is shared publicly by microsoft, Undocumented syscalls and Windows internals (liek the bones of the kernel) are explained by the devs themselves in updated books. You can even run the kernel and bootloader in debug mode with symbols too reverse-engineer it. Believe it or not, security researchers know a lot about windows 13:21:45 Windows API is shared publicly by microsoft, Undocumented syscalls and Windows internals (liek the bones of the kernel) are explained by the devs themselves in updated books. You can even run the kernel and bootloader in debug mode with symbols to reverse-engineer it. Believe it or not, security researchers know a lot about windows 13:22:00 Windows API is shared publicly by microsoft, Undocumented syscalls and Windows internals (liek the bones of the kernel) are explained by the devs themselves in updated books. You can even run the kernel and bootloader in debug mode with symbols to reverse-engineer it. Believe it or not, security researchers know a lot about windows. React OS have an open-source outdated source cod e of the NT Kernel 13:22:06 Windows API is shared publicly by microsoft, Undocumented syscalls and Windows internals (liek the bones of the kernel) are explained by the devs themselves in updated books. You can even run the kernel and bootloader in debug mode with symbols to reverse-engineer it. Believe it or not, security researchers know a lot about windows. React OS even have an open-source outdated sourc e code of the NT Kernel 13:22:46 Reasonable doesn't mean objective 13:23:41 That's not true at all because NTAPI isn't publicly documented fully to this day. 13:25:20 yep, because these are syscalls. and are not meaned to be used by user-facing apps. But guess what people have already got them all on github 13:26:03 yep, because these are syscalls. and are not meaned to be used by user-facing apps. But guess what people have already got them all on github : https://github.com/hfiref0x/SyscallTables 13:26:39 It's not shared publicly with microsoft 13:26:54 It's not shared publicly by microsoft 13:27:09 It's harder for you to know when they change things here and there 13:27:53 > **Undocumented syscalls** [...] are explained by the devs themselves in updated books 13:28:18 debug symbols exist that's why this github is up to date 13:28:30 they're not making a lot of effort to hide how windows work 13:28:37 Who are these devs? Microsoft employees? What are updated books? 13:29:27 https://archive.org/details/windows-internals-part1-7th, 8th edition is coming next year 13:29:48 Microsoft emplyees yes 13:29:48 https://archive.org/details/windows-internals-part1-7th, 8th edition is coming next year 13:29:48 Lmao 13:30:09 You made it sound like these are announced in release notes by m$ 13:30:25 <4rkal:monero.social> Look there's a reason that all servers run Linux (not just because it's free). But because it's fast af and open. Don't need to reverse engineer it to understand how it works. 13:30:41 they're not, i can give you that 13:30:42 Honestly sounds like you're coping in here 13:31:20 Trust me bro, yeah no 13:31:30 yeah you're right. Just trying to prove how siren statement "windows is unsafe for monero nodes" is wrong 13:31:47 ? 13:34:36 <4rkal:monero.social> If we start thinking like that we should prolly not use the internet since it is controlled by ISPs, not use Intel processors etc. 13:35:25 thx for unattended point. People like Siren despise Windows not because it is run by a company (ubuntu is run by canonnical) 13:35:35 thx for unattended point. People like Siren despise Windows not because it is run by a company (fedora is run by Red Hat) 13:36:09 but because they need this feeling of having their systems under their control and understanding to fully feel safe. 13:36:30 thx for unattended point. People like Siren despise Windows not because it is run by a company (fedora is run by Red Hat and is also subjet to patriot Act) 13:38:03 yep for sure. not even arm processors are safe you know. Intel have ME, AMD have PSP, ARM have Trustzone. So even a raspberry pi is unsafe 13:38:27 yep for sure. not even arm processors are safe you know. Intel have ME, AMD have PSP, ARM have Trustzone. So even a raspberry pi is unsafe. that is just being paranoïd 13:38:54 For the third time, I'm not retarded enough to give outright permission for a third party to access my device like this. 13:40:54 Exploiting these things remotely are way harder than software. And this is a poor excuse to subject yourself to more proprietary software. 13:41:43 yep and I agree with you. I too don't like that. But its about privacy, not security. So don't use a privacy argument to justify that monero nodes are insecure on windows 13:43:08 Microsoft does get hacked. Them having a way to remotely access your compute can be exploited and used by attackers. 13:44:02 Even if you don't care about security. On the privacy side you should be even more worried since glowies also get access. 13:44:14 Microsoft does get hacked. Them having a way to remotely access your computer can be exploited and used by attackers. 13:45:50 I think I communicated my point. Our view is just incompatible based on our difference on the values of privacy and security and relations between the two. If you think nsa want to find you, feel free to think window is shit 13:45:51 I think I communicated my point. Our view is just incompatible based on our difference on the values of privacy and security and relations between the two. If you think nsa want to find you, feel free to think windows is shit 13:47:46 Microsoft is a shit CNA that often downplays severity of reported vulnerabilities. I have experience working at corporate in security and I know how they react to internal teams discovering vulns. 13:49:16 It's a nightmare compared to FOSS. Having this insight I cannot trust Microsoft to have good practices and act responsibly. 13:56:13 what do you think will happen if they push some sort of a regulation or sanction in US that makes it illegal for you to operate a node? 13:57:08 microsoft will delete the Monero organization on github since they own it. there is nothing stopping them from compiling a list of windows users that have monero software installed and providing it to the US government. 13:57:32 just because something is allowed today doesn't mean it will be tomorrow 14:04:35 <4rkal:monero.social> I do understand that there is a certain appeal to bring over protective. But we have to be realistic here. Saying that no one should run a node on windows is just stupid. We need people to run nodes. Also most probably the downsides of windows will probably take them to Linux if they care enough. I mean automatic updates, increased ram usage (2gb on idle is not normal) also almos 14:04:36 <4rkal:monero.social> t everything that has to do with system administration is 10x harder on windows 14:05:09 <4rkal:monero.social> Let the free market decide 😉 14:06:12 I run a node on Windows. And I run my home server on Windows. You just don't know how to cook Windows. 14:07:12 <4rkal:monero.social> Just don't see a point in learning it. 14:07:31 <4rkal:monero.social> I mean even setting path variables on windows is retarded 14:10:09 Logically speaking no one should run a node on Windows. It makes no sense. It's harder to administer, more expensive to operate because it's resource hungry, less secure and private. You'll also have worse uptime. 14:10:44 There are better candidates for diverisifying nodes 14:11:01 also winblows igay 14:11:11 also winblows is gay 14:11:16 yeah bro I'm sure monero nodes will run fine on Minix or seL4 14:11:23 yeah bro I'm sure monero nodes will run fine on Minix or seL4 atm 14:11:46 no wait i'm not sure if that was you that linked to microkernel 14:12:03 anyway best os is seL4 obviously 14:12:04 <4rkal:monero.social> That's what I'm saying. If they are open enough to understand that I'm sure they will have no problem switching to linux. The problem is that most normies just use what they are comfortable with. 14:12:42 <4rkal:monero.social> Not saying that running a node harms the network in any way, just doesn't make sense to me 14:12:53 <4rkal:monero.social> On windows* 14:13:22 They'll harm themselves and they're the minority so 14:13:34 <4rkal:monero.social> But I do think we need the operating system diversity 14:19:27 Quite funny that the people who use monero here think avoiding proprietary software is being over protective. Guess what is over protective then? Using Monero. Your bank will most likely never fuck with you if you're already allowed to have a bank account. Or you will not get financially surveilled if you use other cryptocurrency as long as you don't commit major crime. Go ahead a 14:19:28 nd stop using Monero then. 14:19:59 Even architecture diversity. Amd64 aarch64 riscv 14:22:27 amd64 is x86_64 14:22:50 amd64 is x86\_64. that's literally same as intel 14:22:58 ~amd64 is x86\_64. that's literally same as intel~ 14:23:03 amd literally introduced amd64 first 14:23:07 nvm i misread the sentence 14:23:11 then intel implemented it and called it x86-64 14:26:07 they have same base opcode map. just wanted to say amd64 asm runs on intel and x86_64 asm runs on amd, in practice its the same 14:26:51 Because it is the same. Intel and AMD have cross-license agreement on everything x86 14:27:23 nice god bless x86 patent as they say 15:22:30 <4rkal:monero.social> https://github.com/monero-project/monero/issues/9031 15:23:30 4rkal: is this for restricted rpc nodes? 15:23:49 we want to avoid node fingerprinting, so it's unlikely that this will be implemented 15:23:54 we dont even show the version of monerod 15:24:34 Yeah, i dont want anyone knowing im running ubuntu4n00bz on my onion 15:24:49 Or "ahahahaha its a pi" 15:25:17 and if this is only for unrestricted node. what's the point. you know what you run anyway. 15:25:40 i have a 0day exploit for ubuntu4n00bz, let me see who is running it 15:26:01 And attack all the ubuntu nodes 🔥 15:26:02 can I buy gf with monero token 15:26:07 <4rkal:monero.social> Why is node fingerprinting bad? 15:26:38 wownero DGAF (node version is displayed loud and proud) 15:26:46 Why do strangers need to know my free space? My hardware specs? My os? My # of connections? 15:26:47 fingerprinting is always bad for privacy 15:26:49 Sounds sus 15:27:04 Nobody aside from the person hosting the server needs to know any of that info 15:27:23 The key to friendship is transparency 15:27:36 <4rkal:monero.social> Why do you need privacy for a *public* monero node. 15:27:59 <4rkal:monero.social> Knowing what operating system you are running is pretty important 15:28:00 Untrusted remote node = bad 15:28:11 <4rkal:monero.social> In case of 0day 15:28:36 i dont know what operating system im running unless its in /get_info 15:28:47 <4rkal:monero.social> Other users dont 15:29:00 I need to know what os plowsof is running, before i use his rpc 15:29:20 plowsof, are you on 20.04? Or or 22.04? 15:29:41 how to buy monero from coinbase 15:29:51 if i dont trust plowsof, i should _not_ use his node 15:30:13 <4rkal:monero.social> This isn't about trust. It is about a potential 0day 15:30:31 If i do trust plowsof, does that mean he trusts casual observers who can ddos him? 15:30:47 i dont even have a last will and testament 15:30:58 you're stressing me out 4rkal! 15:31:01 Or feds to be like "77% of monero is run in ubuntu" 15:31:19 More like "nunyadamnbizness" 15:31:37 fortnite x monero collab when 15:31:49 If i say i run on android, its up to you to trust me 15:31:59 And what version of android im running, ia nunyabizness 15:32:02 Is* 15:32:44 <4rkal:monero.social> This is to get some stats of what the general network is running. To be more covered in case of a 0day 15:32:47 this is more of an awareness campaign ... perhaps you could approach the animated vidya team with the idea? 15:33:04 Again sus 15:33:20 I want stats on how much is transacted per day 15:33:20 core team has download stats from the getmonero.org server 15:33:27 Lets add transparency there too 15:33:46 not ideal for knowing the exact OS version but still 15:34:19 Flatpak has stats too 15:34:30 <4rkal:monero.social> https://metrics.torproject.org/platforms.html . Something like this is useful to have 15:34:37 at least, for how many current linux flatpak users 15:34:59 either way, part of the restricted-rpc setting is making every node look the same. this feature would be the opposite. 15:35:10 asking why public rpc nodes need privacy is a different discussion 15:36:33 And according to tor metrics, its like 0% windows. 15:37:20 unpossible 15:37:52 for example if I host a public rpc node and then later decide to put it behind Tor, I don't want people to be able to link them together just by my exotic OS setup / platform 15:38:08 also 0% mac 15:38:37 <4rkal:monero.social> how exotic can it be? 15:38:58 Android? Pi? Rockpro? Mac? Moneronodo? Moneroos? 15:39:11 <4rkal:monero.social> Could just have windows/linux/any bsd / other unix? idk 15:39:37 <4rkal:monero.social> Doesn't have to giveaway too much info 15:39:45 > either way, part of the restricted-rpc setting is making every node look the same. this feature would be the opposite. 15:40:10 but what if 15:40:24 Some nodes _are_ fingerprintable 15:40:36 Because they run funny implementation 15:40:51 or block mordinals 💢 15:41:11 Last thing i need is someone like "haha, ofrn uses windows @ his home ip. I know he disabled his antivirus" 15:41:46 <4rkal:monero.social> Maybe just for public ones then? 15:42:01