01:00:04 <revuoxmr> Revuo Monero Issue 221: December 5 - 12, 2024. https://www.revuo-xmr.com/weekly/issue-221/
02:17:26 <m-relay> <s​ervers.guru:matrix.servers.guru> monerobull @monerobull:matrix.org: i checked my cloudflare what I did was the under attack mode + custom waf rule with managed challenge for everyone. Not interactive one.
02:17:41 <m-relay> <s​ervers.guru:matrix.servers.guru> That worked in my case.
02:18:13 <m-relay> <s​ervers.guru:matrix.servers.guru> Also a constant rate limiting rule.
02:18:59 <m-relay> <s​ervers.guru:matrix.servers.guru> Then you can see the challenge solved rate ( next to the rule) if it is working as expected it should be very low.
02:24:38 <m-relay> <s​ervers.guru:matrix.servers.guru> Also probably not accurate anymore as you said your hosting provider changed your ip but there is quite a few result for monero.town in censys
02:24:39 <m-relay> <s​ervers.guru:matrix.servers.guru> https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=EXCLUDE&q=monero.town
02:24:54 <m-relay> <s​ervers.guru:matrix.servers.guru> If one of those ips was the previous one, that would allow the attacker to bypass cloudflare entirely.
02:25:37 <m-relay> <s​ervers.guru:matrix.servers.guru> You probably already knows that but if the ip have been exposed before being behind cloudflare it is pointless.
02:25:55 <m-relay> <s​ervers.guru:matrix.servers.guru> You probably already knows that but if the ip have been exposed before being behind cloudflare it is pointless to set it up afterwards.
02:35:36 <m-relay> <s​ervers.guru:matrix.servers.guru> You can also check historical data at securitytrails.com
02:45:08 <m-relay> <s​ervers.guru:matrix.servers.guru> Actually there is a complete record of monero.town ip as of July with associated ip.
02:45:18 <m-relay> <s​ervers.guru:matrix.servers.guru> Actually there is a complete record of monero.town dns as of July with associated ip.
02:45:32 <m-relay> <s​ervers.guru:matrix.servers.guru> Seems to be when you switch to cloudflare.
02:46:00 <m-relay> <s​ervers.guru:matrix.servers.guru> 5 months ago
02:47:28 <m-relay> <s​ervers.guru:matrix.servers.guru> I'll post it here as ip is not valid anymore.
02:47:35 <m-relay> <s​ervers.guru:matrix.servers.guru> https://matrix.monero.social/_matrix/media/v1/download/matrix.servers.guru/bBdNzpCxCNNGvQpNumaZbhHi
02:49:34 <m-relay> <s​ervers.guru:matrix.servers.guru> Might be how cloudflare was bypassed before your hosting provider changed your ip if it didn't change since then.
02:50:03 <m-relay> <s​ervers.guru:matrix.servers.guru> Sorry for the off topic.
02:53:10 <m-relay> <s​ervers.guru:matrix.servers.guru> https://matrix.monero.social/_matrix/media/v1/download/matrix.servers.guru/rTatOFdlHcADrXGgYgfEmIeX
05:13:23 <m-relay> <r​ottenwheel:unredacted.org> Holy shit, doesn't this look exactly the same as ccs.getmonero.org but with different colors? plowsof Diego Salazar 
05:13:23 <m-relay> <r​ottenwheel:unredacted.org> https://ccs.particl.io/
05:13:36 <m-relay> <r​ottenwheel:unredacted.org> Guess Firo was one of... a few? 🤔
05:13:52 <m-relay> <d​iego:cypherstack.com> I didn't make that one for them. :P
05:14:06 <m-relay> <r​ottenwheel:unredacted.org> Neither you did for Firo, the first one. :P
05:14:30 <m-relay> <d​iego:cypherstack.com> I did actually. They hired me to fork and do the illustrations, so I did.
05:14:31 <m-relay> <r​ottenwheel:unredacted.org> It was the big geonic or whoever else noticed the first one was copied and pasted, because the repo didn't have any license back then, no?
05:14:44 <m-relay> <r​ottenwheel:unredacted.org> So you forked and did the illustrations of CCS v1 for Firo?
05:14:47 <m-relay> <d​iego:cypherstack.com> And it was I who forgot to put said license on the first one
05:14:51 <m-relay> <r​ottenwheel:unredacted.org> I thought they had forked and deployed on their own.
05:14:53 <m-relay> <d​iego:cypherstack.com> I did, yes.
05:15:00 <m-relay> <d​iego:cypherstack.com> No sir.
05:15:07 <m-relay> <r​ottenwheel:unredacted.org> That's... interesting, for lack of a better word.
05:15:35 <m-relay> <r​ottenwheel:unredacted.org> https://github.com/particl/ccs-front || https://github.com/particl/ccs-back
05:16:26 <m-relay> <d​iego:cypherstack.com> When I had discussed with Core about its creation the first time, I was always talking about how cool it'd be to make not just a cryptocurrency, but other neat infrastructure that could be used across other FOSS projects. CCS, Kovri, etc.
05:16:37 <m-relay> <d​iego:cypherstack.com> They were always "yeah, man!"
05:17:07 <m-relay> <d​iego:cypherstack.com> so when Firo asked for my help on theirs, I didn't think much of it.
05:18:09 <m-relay> <d​iego:cypherstack.com> But I was wrong for two reasons: 1. I forgot to put a license. So Firo's one was in violation of license as technically the CCS was view-only, and not FOSS.
05:19:11 <m-relay> <d​iego:cypherstack.com> 2. People saw it as a conflict of interest that I made the CCS for Monero (with help from Devin from Globee and xiphon), and then got paid to do a fork for a competing project.
05:20:15 <m-relay> <d​iego:cypherstack.com> I hold that both reasons are silly, but others don't.
05:20:39 <m-relay> <d​iego:cypherstack.com> Particularly because I KNOW I'd spoken with core several times about being excited to make infrastructure that other FOSS projects could use (even outside of the crypto space, was my hope)
05:21:55 <m-relay> <d​iego:cypherstack.com> https://repo.getmonero.org/monero-project/ccs-back/-/blob/master/LICENSE?ref_type=heads
05:33:59 <m-relay> <j​effro256:monero.social> Mfw FOSS is free and open source
06:26:30 <m-relay> <m​onerobull:monero.social> Yeah but they for some reason didn't and now they don't have the new IP
06:29:32 <m-relay> <m​onerobull:monero.social> The results are pretty random, just sites that mention .town somewhere
06:30:00 <m-relay> <s​ervers.guru:matrix.servers.guru> Yes true for censys. However the real ip show up on security trails.
06:30:35 <m-relay> <s​ervers.guru:matrix.servers.guru> The old one that is.
06:30:55 <m-relay> <s​ervers.guru:matrix.servers.guru> > <@monerobull:monero.social> The results are pretty random, just sites that mention .town somewhere 
06:30:57 <m-relay> <s​ervers.guru:matrix.servers.guru> Yes true for censys, didn't know what it was so didn't know if it was accurate or not. However the real ip show up on security trails.
06:31:25 <m-relay> <m​onerobull:matrix.org> Yeah that one was public for a while
06:32:22 <m-relay> <s​ervers.guru:matrix.servers.guru> Maybe check with the managed challenge on cloudflare then if you haven't already.
06:32:42 <m-relay> <s​ervers.guru:matrix.servers.guru> I think that is the mandatory manual captcha check.
08:00:55 <m-relay> <s​ervers.guru:matrix.servers.guru> > <@monerobull:monero.social> The results are pretty random, just sites that mention .town somewhere 
08:00:57 <m-relay> <s​ervers.guru:matrix.servers.guru> Yes true for censys, didn't know what the ip was so didn't know if it was accurate or not. However the real ip show up on security trails.
13:49:03 <nioCat> <d​iego:cypherstack.com> Particularly because I KNOW I'd spoken with core several times about being excited <> we may have found the person writing the tweets 
14:53:03 <m-relay> <d​iego:cypherstack.com> Lmao! Nah bruh. Haven't been excited in years since then. ;)
17:37:18 <m-relay> <r​ucknium:monero.social> https://xcancel.com/W0wn3r0/status/1867624088686182661
17:37:51 <m-relay> <r​ucknium:monero.social> > Serious Wownero vulnerability disclosed by Rucknium at Monero Research Labs: https://codeberg.org/wownero/wownero/issues/488
17:37:51 <m-relay> <r​ucknium:monero.social> > Basically 80% of true ring members deducible since 2022 😭😭😭 Kind of on-brand for WOW tbh tho 😁 PR welcome!
17:38:26 <m-relay> <o​frnxmr:monero.social> Pretty obvious aint it
17:38:38 <m-relay> <o​frnxmr:monero.social> Theres no on chain volume 🙃, its all coinbases
17:39:47 <m-relay> <o​frnxmr:monero.social> "after the ten block lock." Its three blocks, ruck! RTFM. Wownero -> moon
17:40:06 <m-relay> <r​ucknium:monero.social> This vulnerability isn't about low tx volume. The decoy selection "anchor" was stuck in September 2022. All decoys of the vast majority of txs were all selected from September 2022 and earlier.
17:40:31 <m-relay> <o​frnxmr:monero.social> Yeah ik, i'm just messin
17:40:35 <m-relay> <r​ucknium:monero.social> Yeah, I wasn't sure about how many blocks it was locked.
17:41:15 <m-relay> <o​frnxmr:monero.social> good thing its a memecoin. 20c EOW
18:15:15 <m-relay> <r​brunner7:monero.social> Wow. Just wow. And something so glaringly obvious was overlooked for freaking years? Just check the time scale graph for this WOW transaction - lol:
18:15:18 <m-relay> <r​brunner7:monero.social> https://explore.wownero.com/tx/27b911bc1bcc5ee030ca9fccdfedfac049e9f6e8c940fee3e6bb57dacae7cf75/1
18:16:14 <m-relay> <r​brunner7:monero.social> I wouldn't wish something like this to my worst enemy :)
18:20:09 <m-relay> <r​ucknium:monero.social> The Wownerochan image on the explorer, or whatever, must have gotten in the way 😁
18:21:15 <m-relay> <r​brunner7:monero.social> It gets even better - if I interpret this correctly, they had an assertion in the code that triggered because of this, which they did not understand back then, and just commented out to silence / neuter it: https://git.wownero.com/wownero/wownero/issues/412
18:21:32 <m-relay> <r​brunner7:monero.social> ROFL
18:22:14 <m-relay> <r​ucknium:monero.social> When you disable a sanity check, your blockchain goes into insane mode.
18:22:45 <m-relay> <r​brunner7:monero.social> How did you become aware of this, Rucknium ? Can you, are you allowed to tell? Very curious - pure chance?
18:23:28 <m-relay> <r​ucknium:monero.social> I'm not 100% sure that issue #412 is related to this bug, but looks suspicious, doesn't t? I did a quick search of issues on the repo before I reported the vulnerability, to check if it was already known.
18:24:04 <m-relay> <r​brunner7:monero.social> Yeah, same here, not fully sure, but does indeed look suspicious
18:28:15 <m-relay> <r​ucknium:monero.social> rbrunner7: (1) plowsof wrote WOW support into Wishlist as a Service. (2) nioCat donated WOW to support my server costs: https://rucknium.me/donate/
18:28:17 <m-relay> <r​ucknium:monero.social> (3) mainnet_pat added BCH support to BasicSwap. (4) I asked snex to test BCH<>WOW atomic swaps. (5) Curious about the process, I watch the `wownero-wallet-rpc` logs as the swap happens. Then I see
18:28:24 <m-relay> <r​ucknium:monero.social> `real_output_in_tx_index=1`
18:28:37 <m-relay> <o​frnxmr:xmr.mx> rip snex
18:28:45 <m-relay> <r​ucknium:monero.social> Which should _not_ happen, given that the output was at least a week old
18:28:55 <m-relay> <r​ucknium:monero.social> So really it was a group effort :D
18:29:15 <m-relay> <r​brunner7:monero.social> Thanks. Really cool story, bro :)
18:30:04 <m-relay> <r​ucknium:monero.social> I checked the transaction on the wownero block explorer and saw all but one of the ring members was from 2022 and earlier
18:30:45 <m-relay> <o​frnxmr:xmr.mx> Could this have anything to do with the shared-ring-db
18:30:49 <m-relay> <r​ucknium:monero.social> Then checked a few more. Then adapted by Monero blockchain analysis code to Wownero to assess the full impact.
18:30:51 <m-relay> <o​frnxmr:xmr.mx> Bcuz that thing causes 100 issues with wow
18:31:17 <m-relay> <r​ucknium:monero.social> ofrnxmr: I remembered that, too. Maybe there is the same root issue
18:31:42 <m-relay> <o​frnxmr:xmr.mx> example: use wownero-wallet-cli to send a tx, but when it asks to confirm (Y/Yes/N/No), press enter
18:31:50 <m-relay> <o​frnxmr:xmr.mx> Then try to repeat the tx = fails
18:33:48 <plowsof> good job everyone, 1 less item to add to the wow roadmap
18:35:51 <m-relay> <r​ucknium:monero.social> rbrunner7: I thought the same thing. for a few minutes I wondered if I was just seeing things wrong. Because anyone who would glance at the ring member distribution would notice the problem, if they had any familiarity with how ring sigs are supposed to work.
18:37:30 <m-relay> <o​frnxmr:xmr.mx> wownero up 3% today 💪
19:19:01 <m-relay> <3​21bob321:monero.social> Inverse reaction to news
20:36:47 <m-relay> <3​21bob321:monero.social> https://matrix.monero.social/_matrix/media/v1/download/monero.social/xzBYiUZGxvDSWMrVuhyrZNWO
20:36:55 <m-relay> <3​21bob321:monero.social> seems like that took the news hard
20:39:30 <m-relay> <r​amoses:beeper.com> newbie monero here
21:44:24 <m-relay> <h​avenouser:monero.social> no, u are just upside down 🙃
22:45:49 <m-relay> <d​iego:cypherstack.com> Made by us ;)
22:46:00 <m-relay> <d​iego:cypherstack.com> Good to see our work everywhere.
22:46:50 <m-relay> <r​ottenwheel:unredacted.org> Thought you were going to say you are that only one wow wallet doing the decoy selection properly. Oh, well, almost.
22:47:26 <m-relay> <d​iego:cypherstack.com> Ill get my illustrators to make more wow illustrations in celebration of the vuln
22:48:03 <m-relay> <d​iego:cypherstack.com> Hmmm... would be nice wouldn't it?
22:48:21 <m-relay> <d​iego:cypherstack.com> Its ok, wow barely works as a blockchain regardless
22:48:52 <m-relay> <d​iego:cypherstack.com> Actually funny that wow price is indeed going up though. True to form.
22:49:28 <nioCat> it werks
22:51:56 <m-relay> <r​ottenwheel:unredacted.org> nioCat did you dump all your wownoros yet?
22:52:07 <nioCat> never
23:20:19 <m-relay> <r​ucknium:monero.social> Diego Salazar: You can check if Stack's implementation is affected by following this procedure: https://codeberg.org/wownero/wownero/issues/488#issuecomment-2514139
23:20:33 <m-relay> <o​frnxmr:xmr.mx> It is
23:21:01 <m-relay> <o​frnxmr:xmr.mx> Ive made tx from stack's wow that have the the issue
23:21:07 <m-relay> <o​frnxmr:xmr.mx> Tldr: my 2022 tx's seem ok :D but everyrhing after that arent
23:21:38 <m-relay> <o​frnxmr:xmr.mx> And stack was my main wow wallet. Most of my outgoing wow tx this yr were from stack
23:22:26 <m-relay> <r​ucknium:monero.social> According to my blockchain surveillance, it seems that there is at least one implementation in the wild that does not have the bug.
23:22:44 <m-relay> <r​ucknium:monero.social> Maybe I will do a deeper analysis
23:22:51 <m-relay> <o​frnxmr:xmr.mx> I assume its the ringdb tbh
23:23:29 <m-relay> <o​frnxmr:xmr.mx> i hate the ringdb, even for monero. Seems like an ugly (stores in your home drive by default, like wth? Lol)
23:23:57 <m-relay> <o​frnxmr:xmr.mx> I havent tried the 11.0 implementation
23:25:32 <m-relay> <r​ucknium:monero.social> For example, this one looks fine: https://explore.wownero.com/tx/6ba48277c1590321732a78ab9415d91f97da8a7208ff5d302a6dce92540a9811/1
23:25:55 <m-relay> <o​frnxmr:xmr.mx> that was hardfork. And there are only wowlet, cli, rpc, stack and elitewallet
23:25:57 <m-relay> <o​frnxmr:xmr.mx> Not sure if elitewallet works. never used it to send a tx
23:26:57 <m-relay> <r​ucknium:monero.social> If it was Elite Wallet that had it right 😂
23:33:35 <m-relay> <d​iego:cypherstack.com> Just have wow update to fcmp right away.
23:33:41 <m-relay> <m​ario5555:matrix.org> Tunnel to a hosted VPS through SSH would bypass CGNat on things like starlink and then run a remote Tor on that VPS instance, you could probably do something with i2p also.
23:37:41 <m-relay> <s​hortwavesurfer2009:monero.social> That's a possibility. I remember when I was in high school, setting up my web browser through SSH to tunnel back to my home network so that I basically had my own VPN to get around the school firewall. So as long as I have the money to pay for it, that could work.
23:38:13 <m-relay> <s​hortwavesurfer2009:monero.social> I haven't set up any connection like that in a long time, but I know it wouldn't be hard to find the proper commands.
23:38:21 <m-relay> <o​frnxmr:xmr.mx> Rucknium is like 5 memes today
23:43:59 <m-relay> <r​ucknium:monero.social> Submit vulnerability for a memecoin; get memed. It was inevitable.
23:45:12 <m-relay> <r​ucknium:monero.social> I just see 13 transactions in 2024 that appear unaffected by the bug: https://codeberg.org/wownero/wownero/issues/488#issuecomment-2514678
23:47:27 <m-relay> <o​frnxmr:xmr.mx> Yup
23:48:19 <m-relay> <o​frnxmr:xmr.mx> https://matrix.to/#/!mzmDQgjgqNJMGyTtDm:wowne.ro/$IK1vTaZaEEg2dB7aEDy2wVClzfi1nZd5lWsXNCnBzAI?via=xmr.mx&via=t2bot.io&via=matrix.org
23:48:26 <m-relay> <o​frnxmr:xmr.mx> https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/LThXSNhlnMDURIGhLztODsZT
23:48:37 <m-relay> <m​ario5555:matrix.org> ssh -C ( from memory )
23:50:19 <m-relay> <s​hortwavesurfer2009:monero.social> I want to say it was like ssh -n
23:50:24 <m-relay> <m​ario5555:matrix.org> Forwards the remote back to host with a keepalive so traditional client / server would still work and vise versa like in p2p
23:50:43 <m-relay> <s​hortwavesurfer2009:monero.social> I remember you had to specify the port on the remote system and the port on the local system as well.
23:51:33 <m-relay> <m​ario5555:matrix.org> Yes, I probably have it setup in VSCode for one of my remotes
23:55:18 <m-relay> <r​ottenwheel:unredacted.org> I am testing wow txs. and posting results in Codeberg issue shortly. Going to test: WOWlet; Cake; and Stack.
23:55:26 <m-relay> <r​ottenwheel:unredacted.org> WOWlet is broken.
23:58:35 <nioCat> there is a wow channel 
23:58:39 <m-relay> <r​ottenwheel:unredacted.org> Cake production has a bug where it syncs 20-25k blocks, screen blinks on me, next thing I know I'm on main screen, gotta restart for it to happen all over again. Kind of pointless to try and sync with this current state of affairs. Skipping. Going for Stack, will edit comment when Cake's done.
23:58:51 <m-relay> <r​ottenwheel:unredacted.org> nioCat really? Shocking.
23:58:58 <m-relay> <m​ario5555:matrix.org> I2P is better if want device-network-location agnosticism, SSH you'll still have know where the VM is.
23:59:13 <m-relay> <m​ario5555:matrix.org> [@shortwavesurfer2009:monero.social](https://matrix.to/#/@shortwavesurfer2009:monero.social)