<ammortel> 18 Block reorg from qubic?!

<rbrunner7> Yes

Indeed

<plowsof:matrix.org> Would rolling DNS checkpoints have prevented the reorg going above 9? that is what i have come to understand

<rbrunner7> I understood the same, the checkpoints would have blocked at 10

<ofrnxmr:xmr.mx> @plowsof:matrix.org: Yes

<kevino:tchncs.de> But its very hard to implement?

<ofrnxmr:xmr.mx> No

<privacyx> @kevino:tchncs.de: Its just needs some rigorous testing first...

<ofrnxmr> I rigorously tested it

<privacyx> @ammortel: Yeah they are gloating about it on Nitter. That CFB persom is gloating like his 💩 dont stink claiming Monero exisits at his mercy because he allowed it to stay on. Just shows we dealing with bunch immature retards. I cant wait to we deal with this I hate how he trying get attention and headlines on back of Monero

<ofrnxmr> the only thing that needs testing is the actual domains that we plan on using

<privacyx> @ofrnxmr: Yeap I saw your discussions about the testing appreciate your work bro thankyou

<plowsof:matrix.org> @ofrnxmr: so we've got the decentralised option where each domain is a separate machine belonging to different people who despise each other but love monero (wont conspire to help each other and/or harm the network), each will secure the machine the monero node is running on and keep 99%, they will likely need to rent a fo [... too long, see mrelay.p2pool.observer/e/1tfYibUKbHY5ajRr ]

<ofrnxmr> Yeah, fuck the decentralized option atp

<plowsof:matrix.org> i think the top pools would rather handle this themselves rather than relying on others

<ofrnxmr> that is a lot more work to deploy

<plowsof:matrix.org> i.e their own DNS peoples with glue

<ofrnxmr> And will almost certainly cause a chainsplit

<plowsof:matrix.org> short term we just have to pretend that the moneropulse domains are super decentalised behind the scenes?

<plowsof:matrix.org> i just can't see the top pools accepting a few guys from featherwallets node list are going to secure their bags

<ct:xmr.mx> lol they are super decentralized behind the scenes

<syntheticbird> @plowsof:matrix.org: When Romanian empire was under attack, they postpone democracy and elected a leader to govern and protect them. moneropulse have this role

<plowsof:matrix.org> secure their bags -> blocks lost above 10 re-orgs**

<syntheticbird> I don't know if I made this shit up or if I heard it in a movie

<ofrnxmr> The decentralizing of the domains doesnt do anything positive aside from decettralizong the point of failure

<ofrnxmr> Negatives are that decentralized domains can have different rules about ttl, or unreliable participants

<plowsof:matrix.org> so my suggestion of allowing these pools to just say fuck this we'll figure it out is going to increase chance of chain split 100%?

<ofrnxmr> Yes

<plowsof:matrix.org> to make the domains configurable easily

<ofrnxmr> If nodes disagree on the point to which they will roll back to, they will build different chains

<ofrnxmr> The finalized checkpoint tip has to be common amongst >50% of net hash

<ofrnxmr> If plowsof checkpoints block 500 and ofrn checkpoints block 502, during a reorg, plowsof will build and checkpoint new blocks for 501 and 502, which can never be accepted by ofrn

<ofrnxmr> the domains are configurable easily. Change the domains in the code and rebuild :P. But this is not a good idea.

<ofrnxmr> You want to be on the same checkpoints as everyone else

<plowsof:matrix.org> i think moneropulse has to be controlled entirely on core infra for the immediate short term. with 0.5 persons with access needing to put fires out across (hopefully) 7 vps running monero full nodes rather than 1 which is proxied across the domains

<ofrnxmr> Its dns, doesmt have to be on their infra at all

<ofrnxmr> Its 1 script, 1 node, updating 7 dns at once

<ofrnxmr> Automatically

<ofrnxmr> they are on cloudflare afaik

<ofrnxmr> Whats the worst that can happen? Cloudflare can inject malicious entries? I highly doubt cloudflare is going to do such a thing

<ofrnxmr> i think the only thing we need to discuss, is how often, how deep, and how many checkpoints to push

<ofrnxmr> example that i think works:

<ofrnxmr> How often = every time tip ends in 0 or 5 block (approx every 10mins)[... more lines follow, see mrelay.p2pool.observer/e/3oujirUKUjQzZVZ5 ]

<plowsof:matrix.org> the only worst thtat can happen is the 1 node is offline and theyre empty lol

<plowsof:matrix.org> needs redundancy still for the centralised quick fix

<plowsof:matrix.org> good that the short term fix is doable

<privacyx> @ofrnxmr: Security-wise: “depth 5, 10 blocks” is strong protection.

<ofrnxmr> the dns checkpointing node doesnt have to be static or local

<ofrnxmr> Can also have fallbacks

<plowsof:matrix.org> we'll need this 1 script 1 node editing dns testpoints asap me thinks

<ofrnxmr> Its already done (in R) by rucknium

<ofrnxmr> But we need to test moneropulse on testnet

<ofrnxmr> We havent tried the moneropulse domains yet

<ofrnxmr> Could be that cloudflare is unusable

<plowsof:matrix.org> monero-project/monero #10064#issuecomment-3259592231

<ofrnxmr> On testnet, we used various domains that rucknium, tevador, and vtnerd own

<ofrnxmr> Yeah i sent him a dm

<plowsof:matrix.org> we could have this as a moneropulse wikipedia pade to ppost upto date goings on @ docs.getmonero.org/infrastructure/monero-pulse

<plowsof:matrix.org> seeing something @ dig -t txt testpoints.moneropulse.net +dnssec

<plowsof:matrix.org> will inspire us with confidence. just have to wait

<321bob321> I propose we use DNS-over-QUIC cause its close to qubic.

<syntheticbird> hi @malori:xavi.lu

<syntheticbird> nice name

dan bob is alive!!!

<321bob321> Hiding from drone strikes

successful so far :)

hey vik please tweet about jb also

<longtermwhale:matrix.org> cloudflare is a single point of failure. > <@ofrnxmr> Whats the worst that can happen? Cloudflare can inject malicious entries? I highly doubt cloudflare is going to do such a thing

<ofrnxmr:xmr.mx> Boohoo

<ofrnxmr:xmr.mx> I'm, as we speak, monitoring dns updates across multiple endpoints, and i'll take "single point of failure" over 3/5 failures to meet consensus

<syntheticbird> I hate democracy

<ofrnxmr:xmr.mx> You need 2/3rd of thr servers to agree entirely. Having multiple points of failure makes it easier for the whole operation to fail, simply due to inconsistencies across implentations

<rucknium> As a last resort, mining pools can always stop enforcing DNS checkpoints if any man-in-the-middle attack is suspected to occur. Anyway, the records would have DNSSEC enabled.

<ofrnxmr:xmr.mx> Disabling checkpoints is as simple as restarting the node and dropping the flag

<321bob321> If we put the cert on all nodes we can get cloudflare full TLS mode.

<sgp_> Is there any reason at all that this isn't merged? A finality layer is WAY preferable to DNS checkpoints outside of emergency scenarios repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/604

<ofrnxmr:xmr.mx> this isnt answering your question, but dns checkpoints are a finality layer too

<ofrnxmr:xmr.mx> What you mean to say, is that POS is preferrable to DNS, but thats debatable

<sgp_> Right, but DNS checkpoints are in practice way more centralized than a well implemented finality layer

<ofrnxmr:xmr.mx> DNS is opt-in

<sgp_> Oh come on, anyone who doesn't opt in is on a different network. We've had these circular convos for weeks now

<ofrnxmr:xmr.mx> Its essentially a miner-lead soft fork

<ofrnxmr:xmr.mx> If you dont opt-in, you follow majority hashrate

<sgp_> Hence a different network....

<sgp_> (in this reorg case)

<sgp_> Which is utter trash

<ofrnxmr:xmr.mx> Its whatever network has majority hashrate, which would/should be the honest miners

<ofrnxmr:xmr.mx> the reorg would be reorged out

<sgp_> Then no need for DNS checkpoints, we're back in circular convo land

<ofrnxmr:xmr.mx> no, dns checkpoints combat selfish mining

<ofrnxmr:xmr.mx> Instead of temporarily hijacking the chain, the hijacking is prevented (unless it can be sustained)

<sgp_> It still splits the network if someone doesn't want to submit to the holy DNS record™️ #decentralization

<ofrnxmr:xmr.mx> anyway, my point is that using dns as a talking point for pos isnt relevant

<sgp_> Hence why I'm mad

<sgp_> I'm glad DNS checkpoints are being considered, but I'm mad that finality layer is considered a totally different thing and this proposal has sat without being merged for weeks

<ofrnxmr:xmr.mx> @sgp_: It forks off the malicious miners. It doesnt simply caise a net split unless the malicious side IS the majority

<ofrnxmr:xmr.mx> Which is same shit as pos halting

<ofrnxmr:xmr.mx> The main differences are, one if these is a consensus change, and one isnt. One is a bandaid, and one is a (likely) permanant change

<ofrnxmr:xmr.mx> The question of why isnt it merged falls to mrl and dev to decide whether to pursue. Theres support and opposition, and as you know, its not an implementation

<sgp_> It's to fund the research not to decide we must commit to the option when it's merged

<ofrnxmr:xmr.mx> Its a write up / book / research topic. Framing it as "finality layer better than dns" is dishonest, because the ccs isnt for a finality layer

<ofrnxmr:xmr.mx> For all we know, its on luigis desk waiting to be merged. Dns mitigations could have been rolled out over a week ago, yet here we are, no book, and 117 invalid txs

<ofrnxmr:xmr.mx> The ccs doesnt help our immediate situation, dns does. I'd rather see dns + pop than to anchor monero consensus to another blockchain, and barring that, were looking like well over a year away from a finality layer hard fork

<sgp_> Fwiw I agree that DNS is one of the only actual short term options

<sgp_> Hence why I support them