02:38:17 to be clear, my "yep" was to kayaba's explanation. every view tag is independent and is constructed on a per-output basis. even if 2 outputs have the same view tag, it doesn't yield any useful about the outputs, it's just random chance. a single wallet can create a view tag of any value between 0 and 255 for each output when constructing a tx (each view tag in the tx is independent), and a wallet still has to check every single view tag 02:38:18 when scanning 02:45:33 Hi there! Does anyone know if there is any software that can scan every new block and tell me if there is any output (with amount) going to a list of subaddresses I provide (along with the primary address and view key related to them)? 02:45:33 Reading the docs, I see it can be done with wallet-cli (to create wallet file restoring from primary address and view key) and wallet-rpc (to open and close wallet and get txs). But as I want to automate this, I would need to have one wallet-rpc running for each primary address, and query all of them every minute. It don't think it will work with 1k addresses 02:56:02 Perhaps monero-lws 02:57:49 I havent played with it extensively, but it does scan multiple address and view key pairs. 02:57:49 But its meant to be used with wallets. I imagine there to be some functionality to parse the data without a wallet 02:59:34 It doesn't support subaddresses yet 03:10:46 Thanks, I'll take a look at it 03:29:08 here's the current proposal to support subaddresses in monero-lws/light wallet servers in general; I think that would enable exactly what you're looking for: https://github.com/monero-project/meta/pull/647 09:39:21 Was there a large testnet reorg in the last few days? 09:40:32 With "large" meaning 1005 blocks or something similarly dramatic? 09:41:05 Or maybe a fork of testnet which one of my daemons chased down for that many blocks? 09:42:51 I synced testnet two days ago and I don't see any reorgs in the log 09:49:29 Hmmm, strange. 09:50:34 My situation: I have two machines where I claim that testnet is running identically, daemon just compiled from master just this morning, and synced to top of testnet without problems 09:50:49 I have a wallet that opens and refreshed without problems on one computer 09:51:13 On the other it balks and tells me it wants to do a reorg 1005 blocks deep which is larger than the allowed maximum 09:52:14 Currently out of ideas where the difference and/or the problem could be :) 10:48:47 I found a little more: Running daemon and monero-wallet-cli without any special options beside "--testnet" works 10:50:31 If I bind the daemon to the static public IP of the machine like so: monerod --testnet --rpc-bind-ip --confirm-external-bind 10:51:17 And then instruct the wallet to use that like so: ./monero-wallet-cli --testnet --daemon-address :28081 10:52:21 Then the wallet reacts with, probably expected: Warning: using an untrusted daemon at 80.254.179.107:28081 10:53:22 But also gives an unexpected error: 10:53:24 Error: refresh failed: refresh error: reorg exceeds maximum allowed depth, use 'set max-reorg-depth N' to allow it, reorg depth: 520. Blocks received: 0 10:54:24 Possibly there is a reorg, but a smaller one ? When using an untrusted daemon, the wallet quantizes its current height, so will request earlier blocks. 10:54:51 (so a daemon cannot tell a returning wallet from that info) 10:56:40 Not sure I understand what you mean. The wallet is currently synced to almost top of chain, the daemon follows the chain normally 10:56:53 The wallet misses only a few blocks now 10:57:12 Where would a reorg sneak in here? 10:58:42 I always add --trusted-daemon when I connect to my nodes 10:59:06 Hello, is Monero Wallet RPC thread safe? Or should the RPC calls be synchronous? 10:59:30 it should be thread safe 11:01:34 I mean that the wallet will pretend its height, when starting is something like H - H % 1024 or so. 11:01:57 So if it needs to reorg for, say, 5 blocks, it might end up asking for 1005 blocks. 11:02:27 Yeah, but why should that be suddenly a problem? 11:02:29 I think the wallet RPC is thread safe because it handles one connection at a time. 11:02:47 Because there might be a reorg. 11:03:13 But it's single threaded right? 11:03:22 Try "status" in the wallet. It might give you a block hash. 11:03:35 I narrowed down further: The external IP seems to play no role, simply telling the CLI the daemon is untrusted triggers my problem 11:03:39 like so: ./monero-wallet-cli --untrusted-daemon --testnet 11:03:45 Yes, "one connection at a time" implies that, for "interesting" threads. 11:04:01 I tried hitting the wallet rpc with multiple parallel requests and shit went wrong 11:04:43 OK, that's odd. Maybe someone made it handle several calls at once then. Pretty sure there's a comment in hte source saying "don't do that". 11:04:47 Then I decided to make it synchronous which seemed to behave better 11:05:39 Another wallet wants to go back 153 blocks now, and again tells that this is too much. 11:07:06 Stnby[m]: Seems like a lot of rpc binding libs allow this to happen, we should probably place those mutexes in our lib to make it safe 11:07:55 A third one 898. 11:08:09 How could they all hit the same reorg problem? 11:08:36 Did you use them all at about the same time ? 11:08:48 Probably not, no 11:08:58 How probably ? 11:09:07 I check 11:09:23 Within a day or so of each other. 11:10:28 No. I guess that also the reason they all want to go back a different number of blocks. 11:10:44 Because their caches do stand at different heights now 11:10:59 One is almost at top, the other two different numbers of weeks back 11:11:04 The comment's still there about threads. Maybe the underlying code now does a listen/accept/handoff which would be unfortunate. I don't think it's super likely though. So maybe the problem is elsewhere... 11:11:57 Did you run these wallets off a temporarily branched chain (ie, when using --fixed-difficulty etc for testing) ? 11:12:27 No, and they still sync properly, I just have to leave out " --untrusted-daemon" for the CLI wallet ... 11:13:35 Did you keep the old caches ? 11:13:52 Probably could fish them out of some backup. 11:14:18 Then change "status" or other to print the height and hash of the top block they have. Compare with the chain. 11:14:40 If it's on the chain, it looks like a bug. If it's not on the chain, it looks like a reorg. 11:15:18 print_block in monerod remembers old orphans, usually. 11:15:28 I synced now one wallet to top, without " --untrusted-daemon ". Started again with " --untrusted-daemon ", and now it want to reorg 555 deep. 11:15:49 All my alt chains are 1 block long. Very nice... 11:16:06 Then it is almost certainly a bug. 11:16:09 Somebody around with current master compiled who could check running the CLI wallet with " --untrusted-daemon " with that, with any wallet? 11:16:35 I have done a lot of dumb things in the last 5 years of Monero, who knows :) 11:17:18 I confirm https://p2pool.io/u/4daa3896be2dbbc1/fail.png 11:17:38 Ok, so it's not me. 11:17:52 It works perfectly fine with --trusted-daemon 11:17:54 Can somebody please inform the CEO? 11:18:03 Monero is broken :) 11:18:23 BTW I'm testing p2pool + testnet right now - https://github.com/SChernykh/p2pool/issues/153 11:18:25 If it's only a problem with untrusted nodes, it's not a problem :) 11:18:31 Lol 11:18:33 so I have the wallet and testnet node at hand 11:18:37 But still, I'll try to have a look. 11:19:18 Are you looking at it sech1 ? 11:19:46 Are there any devs in here that have experience with monero-javascript? 11:20:12 Reorg error? No, I have no idea what to look at. 11:20:25 OK, I will then. 11:20:26 Plus I have to go now 11:21:06 I'm testing p2pool during testnet fork 11:58:21 rbrunner: https://github.com/monero-project/monero/pull/8331 11:58:45 (tests not run yet, but I don't expect they'll fail (but then I never do)) 12:00:35 Thanks, that was fast. Is this an old error then, nothing to do with recent changes? 12:00:44 Since 2020 I think. 12:00:55 So not too recent, but not too old. 12:01:41 I wonder why I only hit that today. Before I was probably using an early 0.17 version. 12:02:25 Maybe because you usually use your local node ? 12:03:21 You could bisect I guess, maybe something else "hid" this before. 12:03:34 I caused that "untrusted" situation on my Monerotech.info webwallet by using the external IP maybe starting 1 year ago. 12:04:03 Anyway, I will try the fix. 12:04:16 Already fixed? Nice 12:09:52 Works. 12:44:53 Looks like it already broke right after the patch in 2020. 12:45:21 That might mean close to nobody uses untrusted nodes :) 12:45:38 Or, more likely, people mindlessly add --trusted-node for those. 12:45:54 Or just stop using monero. 12:46:02 I admit I do this:P 12:46:10 Stop using monero ? :D 12:46:30 Add --trusted-node. But I run my own nodes 12:46:52 in wownero cli it makes you pass "--this-is-a-malicious-spyware-node" before adding any remote node 12:47:20 Sounds like something I'd add. 12:49:24 UkoeHB: do you have a prefered wording for "multisig is disabled, enable with set x=1" ? 13:10:52 i'm working on a monero node running on kicksecure (https://kicksecure.com) on top of a debian 11 vps... you guys have a great day 13:19:43 Hey! Want to start contributing to/working on projects in the space. I'm a CS sophomore in India good with C, C++ and Rust. Do tell me where and how I can start! 13:25:01 very possible... i am a web designer, system admin, highly skilled in html/css, bash scripting, and gimp 13:28:30 You can look around at what floats your boat. There's monero, the GUI, mymonero, monero-lws, haveno, and more. 13:28:49 C/C++ means monero I guess. 13:30:11 If you want to hack on monero itself, it's easy: biuld the source, use it, find something that's a bit broken, not good enough, etc, that annoys you, and fix/improve it. 13:30:59 I suggest minimal changes (ie, no reformatting or changes just because you like it better the new way). Separate patches by self contained change if possible. 13:31:01 Nice! Will do that. Any other projects using a C/C++ codebase other than Monero core? 13:31:16 There's a CONTRIBUTING.md file with that kind of guidelines. 13:31:33 The GUI has some C++, but it's mostly boilerplate IIRC. The meat is JS. 13:31:44 monero-lws is also C++. 13:31:49 Yep got it. Hack around and find out and if I get a solution worth implementing at scale with proper security (with no reformatting or major changes), submit a PR? 13:32:06 Right. 13:32:29 Great, that works very well. Thank you. 🙏 13:32:57 Major changes is fine once you're comfortable with the code. It's more like... no unnecessary changes. 13:33:32 Especially the "my editor reformatted the whole file" nightmare :D 13:34:08 Will take some time to get comfortable with the code itself. Still in the learning process, but enjoying every bit due to the community. Probably the first time I've seen non gatekept research unlike universities etc where you require credentials 13:34:13 You can also look at github for issues, see if one of them looks easy and something you'd want to work on. 13:34:24 moneromooo: Haha! Definitely not :D 13:35:19 moneromooo: Don't necessarily need easy. Willing to be a long term contributor and grind on the problem if it has the potential to teach me a lot! 13:36:04 Well, you gotta start with easy bits. I did. 13:36:36 If you don't, you run the risk of losing interest. 13:36:43 Up to you of course. 13:37:23 Oh! Would love to hear your journey if you could elaborate :) 13:38:00 Well... I just wanted to contribute, so I looked at something easy to start with, that's all. 13:38:19 I read code, and I found something that looked buggy, if memory serves. 13:38:31 So I patched it. Hopefully less buggy now. 13:39:18 And as I read code, I got more comfortable with it, what's where, what does what, etc. Allowing me to work on more complex stuff. 13:39:29 Pretty standard really. 13:39:54 i'm learning python now, to create gui front-ends for running bash script... the masses need the gui... make it very pretty in gimp... large scale adoption is the key for monero's future... payment interfaces running as apps on mobile 13:40:34 Anyone managed to statically build monero, with `BUILD_GUI_DEPS` on? 13:40:37 Ah. I used to dream of some generic GUI maker that'd run --help on programs and auto generate a GUI from that. 13:40:44 On mac m1*. 13:42:13 quila[m]: what are you trying to do? 13:42:56 a generic gui maker... interesting to say the least 13:43:53 selsta: I am want to build `libwallet_merged.a`. I managed to do in on Big Sur, but since Monterey I could not do it anymore. 13:43:54 Pipe dream I think. You'd end up with something verbose and not really usable in practice. 13:44:37 quila[m]: did you test release-v0.17 or master branch? 13:44:39 Paste errors to paste.debian.net and post the URL here. 13:46:25 selsta: Yes, I have. 13:46:38 moneromooo: Sure, let me grab the logs. 13:46:46 I mean which branch did you test? both? 13:46:46 Which of the two ? 13:47:08 there were some changes in master branch a while ago 13:47:21 true... a gui for me is python executing script, nice logo, minimal, very clean css interface 13:47:31 I usually just do with the release branch, sorry. 13:47:58 It's fine. That branch ought to build. 13:48:58 I have also tried to change the arch to `apple-latest`/`apple-a14`/`apple-m1`. 13:49:17 Let build it again to share the logs. 13:51:44 selsta: do you run `make release-static` or `release-static-mac-x86_6` to build on M1? (btw I tried both) 13:52:15 Monero builds nicely, only GUI_DEPS on causes the error. 13:54:30 on another tip... i created my first nft, sized for a twitter banner, as the musk-rat bought twitter and only a matter of time before nft format allowed as banner images there... going price: 10 xmr ;) made a screenshot and put up on one of my web pages if anyone wants to see it... very colorful :) https://alt-web.xyz/ 13:56:01 "Paste errors to paste.debian.net..." <- There you go: https://paste.debian.net/1240950/ 13:57:24 The error seems to be: clang: error: the clang compiler does not support '-march=x86-64' 13:57:28 If I build it with arch `apple-latest` it can make it to 50% or somthing. 13:57:34 Unlcear where from due to -j10. 13:57:51 Can you try with -j1 so we see where it comes from ? 13:58:23 "There's a CONTRIBUTING.md file..." <- I guess this: https://github.com/monero-project/monero-site/blob/master/CONTRIBUTING.md 13:58:52 I don't see anything setting x86-64 specifically for GUI deps. 13:59:04 moneromooo: Sure. Do you want me to change the arch to `apple-latest` also? 13:59:20 Or just same command? 13:59:31 Try same for now. 14:00:43 moneromooo: https://paste.debian.net/1240953/ 14:00:44 Hmm. Looking at the Makefile, release-static does assume x86_64. 14:01:03 Doesn't explain why the rest of moneor would build though. 14:01:04 Yes... 14:01:42 * quila[m] sent a code block: https://libera.ems.host/_matrix/media/r0/download/libera.chat/2336b4f7377a45e5042f6a74106a0550a0eb589d 14:01:50 I don't use release-static on Mac 14:02:10 Fails in the first file with the "top level" biuld system. You sure the rest of monero built ? 14:02:27 These are the archs I got. 14:02:29 Oh, maybe only with apple-latest then ? If so, try with apple-latest nw please. 14:03:06 apple-m1 seems nice too. 14:03:21 Or you could wait for hyc, who built for m1, I never did so I'm blind here. 14:03:40 You can set ARCH=default 14:07:49 Weird, I don't know what I did overnight but none of those are progressing now. 14:07:56 Same error. 14:08:15 Let me try `apple-a14` and `default`. 14:08:27 You might need to remove CMakeCache.txt from your build tree, cmake is a bit of an ass when it comes to changing settings. 14:08:30 ```clang: error: the clang compiler does not support '-march=apple-m1'``` 14:08:46 Try default or native then as selsta said. 14:09:22 When you have something working, a new make target for M1 can be added :) 14:12:12 `default` seems to have gone through. 50% now. 14:19:16 moneromooo: it failed at 92% https://paste.debian.net/1240955/ 14:21:29 Looks like it just needs extra libs to link against. 14:21:39 How this `default` works behind the scenes? It seems to corresponds to `arm64`. 14:21:42 EVP_MD_size sounds like openssl. 14:21:53 event_* is probably libevent 14:22:27 sech1: you had the libevent problem recently, no ? Fixed it ? 14:28:47 Building it with `native` results in the same error: https://paste.debian.net/1240960/ 14:32:30 My libevent to have been built on `arm64`. Same for openssl. 14:33:00 quila[m]: did you install it with homebrew? 14:33:18 selsta: Yes... 14:36:55 Just to clarify, I have managed to build this in the past on Mac x64 Big Sur. It has then failed on mac x64 Monterey and now M1 Monterey. 14:37:52 I even innocently copied the `.dylib` from the old machine to this one but it seems Rosetta don't like it. 14:38:18 You might have to compile static openssl yourself? Not sure. 14:40:04 I do have the openssl static libs: 14:40:04 ```/opt/homebrew/opt/openssl@3/lib/libssl.dylib: Mach-O 64-bit dynamically linked shared library arm64``` 14:40:30 (static lib is also here, just can't run `file` on it) 14:40:33 try to install openssl⊙1 14:40:44 Let me try that. 14:41:56 and remove @3 14:45:38 Ok, I am building now with openssl1.1. 14:50:33 moneromooo I fixed it by compiling on another machine (I was able to fix libevent undefined symbols, but there was another library that gave linker errors) 14:51:05 nettle library: undefined reference to `nettle_rsa_public_key_init' and so on 14:53:53 "and remove @3" <- Same error: https://paste.debian.net/1240964/ 14:54:07 sech1: are you on M1? 14:54:34 no, it was an Ubuntu x64 VM 14:58:37 Hummm... It seems I will have to investigate further. If anyone if manages to build statically with `BUILD_GUI_DEPS` ON on M1 chip let me know. I will do the same if I find out. 14:59:48 Not sure if anyone from cake wallet is in the room. 15:01:21 That could help* 15:02:33 and compiling without build_gui_deps works? 15:03:00 selsta: Yes, it does. 15:12:26 That IS really odd since build_gui_deps is just an extra wallet lib. The binaries get build regardless. 15:16:51 quila[m]: how did you enable build_gui_depy? 15:18:05 selsta: I updated the line 1244 of CMakeLists. 15:22:15 can you double check by setting it to OFF on line 1244 to see if it compiles? 15:25:30 Sure, doing it now. 15:31:40 Ok, I get the same error. With `BUILD_GUI_DEPS` OFF. It seems it just `STATIC=ON` related. moneromooo sorry for the misleading info earlier, I probably ran some other command. 15:33:40 Yes, I can totally see that static would do that. 15:34:09 So you just need to find out what static libs link to those libs that aren't linked in. 15:35:28 I ran `debug-static-all` and got same problem: https://paste.debian.net/1240968/ 15:35:42 Then detect and add them to the link line, either through the lib that depend on them (ie, if libX wants libY, detect libY and "set X_LIBRARY $X_LIBRARY $Y_LIBRARY" or so) or through EXTRA_LIBRARIES if it's "most programs need that system lib", like librt, libdl etc. 15:36:18 For an example of this, see how libpgm is detected and added to libzmq, since libzmq is sometimes built with pgm support. 15:36:39 That's why pkg-config was made, but cmake NIH obviously. 15:37:22 It seems I don't have `nghttp2` installed on my machine. 15:37:35 * quila[m] sent a monero code block: https://libera.ems.host/_matrix/media/r0/download/libera.chat/375a9f4e5d648f157ce187d9b9ad4a368774d72f 15:39:11 You can add it to the deps list in README.md. If there's none for Mac yet, you can add it. 15:40:22 Hopefully it's just that. Do you recognize `_event_base_dispatch` function? 15:40:53 Likely libevent/libevent2/ 15:40:56 Or any of these:```undef: _event_base_set... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/92bf5cacfb623643414859e13430380778de573d) 15:41:18 grep in /usr/include (or wherever on mac) 15:44:00 Ok, I can see problems here. 15:44:08 * quila[m] sent a code block: https://libera.ems.host/_matrix/media/r0/download/libera.chat/5233628d4f8b51c300f624aec776d64a4da7884f 15:44:14 My internet might be off more than on for the next hour or so, good luck 15:44:28 Cool, thanks for the help. 15:45:10 Brew didn't install static libs for `libevent`. 15:45:54 that's why I thought you might have to compile the dependencies yourself 15:53:32 "that's why I thought you might..." <- I assumed it was good practice to brew recipes include static and shared libs... But `monero/contrib/brew/Brewfile` is definitely missing `nghttp2`. 15:55:33 I need to come back to this later. Thanks selsta and moneromooo for the help. 16:00:21 I didn't catch everything in the scrollback. what's he trying to build on M1? 16:00:58 release-static 16:02:21 I'll give it a shot. unfortunately the apple version of compilers deviate from gcc/clang normal target names 16:02:48 gcc/clang want aarch64-apple, apple compilers want arm64-apple 16:03:16 that's one of the things I had to account for in #8312 16:05:26 hyc: https://paste.debian.net/1240964/ 16:05:32 that were the openssl linking errors 16:07:39 I just did make release-static and got 16:07:40 24%] Building CXX object contrib/epee/src/CMakeFiles/obj_epee.dir/byte_slice.cpp.o 16:07:40 clang: error: the clang compiler does not support '-march=x86-64' 16:07:56 something in CMakeLists.txt is still assuming darwin only has x86-64 16:20:44 hyc: you have to edit ARCH=x86-64" to default in Makefile 16:21:10 make release-static has the ARCH still hardcoded 16:24:27 ah I see. I changed it to native for now 16:26:48 .merges 16:26:48 -xmr-pr- 8046 8312 16:29:39 .merge+ 8315 8308 8307 8266 16:29:39 Added 16:30:12 jberman[m]: did you run unit tests with https://github.com/monero-project/monero/pull/8330 ? 16:30:24 CI has timed out, seems it got stuck somewhere 16:31:36 hyc: something else, jeffro256[m] implemented your comment suggestions, can you take another look? https://github.com/monero-project/monero/pull/8322 16:34:47 ok 16:35:53 I kinda don't see the need for reorganizing sha256 into its own source & header files 16:36:18 that strikes me as gratuitous churn 16:36:28 anyone else have opinions there? 16:44:44 so I just ran into that nghttp2 symbols unresolved etc 16:46:44 A lot of those epee patches seem pointless, but since I don't contribute much anymore, I'm mostly keeping my mouth shut about it. 16:47:34 it's still basic principle of collaborative dev: minimize churn. do the least amount of changes needed to solve the problem, and nothing more 16:47:59 unless you decide up front that you're going to tackle a major refactoring 16:48:09 which afaik nobody here is trying to do 16:49:11 hyc: refactoring just for the refactoring is bad aim too 16:49:17 it leads to a lot of redundancy 16:49:40 this 8322 touches 14 files just to update the sha256 function 16:49:44 that's nuts. 16:56:56 "A lot of those epee patches seem..." <- like instead of fixing some problems inside, someone decide to polish front door 16:56:57 hahahaha 16:59:06 A nice front door invites people to look inside. Pretty simple concept tbh 16:59:37 so libunbound requires -lnghttp2 and -levent 17:00:18 ^ as inviting as a venus flytrap :P 17:01:11 hey at least they are trapped fixing bugs, instead of running away (which a lot of people do when they see uninviting code) 17:08:26 Well, since rewriting stuff to the format you like can involve unwittingly adding bugs... it's a neverending churnfest :) 17:09:13 I suppose differentiating between "I like this better" and "this is really bad code" can be a fuzzy line. 17:10:10 There was a recent patch for example, where some atomicity was mistakenly lost, and the patch's purpose was to have better atomicity. 17:11:17 (though the underlying intent was actually right, using std::atomic so you would not forget to call atomic read/write) 17:12:06 IIRC there were hangers on in the patch too, the "I like it better that way" type. Shrug. 17:12:20 Well, surely there is some balance between code quality improvements and in-place changes. In-place changes lead to accumulated technical debt, which makes it harder to find bugs and easier to create bugs with future changes. 17:12:41 And also harder to evaluate if new changes are buggy or not. 17:12:46 Right. And different people put the line in different places :) 17:13:23 I'm at one extreme, I'll readily admit. 17:14:30 But hey, I was young too. I once reformatted stuff to remove stray tabs in a code base. That's when I really learnt about conflicts ^_^ 17:14:51 I mean, *really* learnt. 17:15:22 Like, learnt that they do not come up once and then never again. Unless you never use your VCS's history. 17:15:34 * moneromooo shuts up before going too hard on another rant 17:15:48 UkoeHB: I don't believe in any kind of code quality. It always about reading code until you understand what is going on and then something can be changed. 17:16:18 How many comments / code quality patches are needed to make code verification / audit easier ? 17:16:35 If you can afford to spend shitloads of time on code, I'd agree. I don't agree in practice though. 17:17:04 Final code verification implies that everything is untrusted and should not be verified outside of context. 17:17:10 ooo123ooo1234[m]: yeah, but why the hell would some want to read code if it looks like shit? Even if the reader is qualified and competent. 17:17:31 Hey yall, sorry I'm late 17:17:50 I saw that yall were reviewing the SHA256 PR 17:18:28 It's just an enormous waste of time to translate shit code into comprehensible logic. 17:19:46 I want to spend all my time thinking about the logic, not tracing out some bs execution flow. 17:19:48 We would have to rewite that SHA256 code anyways because OpenSSL 3.0 doesnt support it anymore but I figured it it was going to be overhauled anyways, might as well make it look clean 17:20:21 I don't see how the particular source file its in affects its cleanness or code quality 17:20:36 What do we use SHA256 for btw ? I know of the update check, anything else ? 17:21:18 Because we have a giant 2K+ file called "util.cpp" that is largely undertested and unorganized 17:21:20 If it is just that, we can just use keccak instead, since it doesn't have to be compatible with anything else. 17:21:49 UkoeHB: any short example ? 17:21:56 Sorry 1.4K 17:22:51 Hmm. Merge mining (can be changed, not too late), trezor (probably hard to change). 17:23:27 It's used also in merge mining I believe 17:25:03 ... does anything actively merge mine with Monero right now? 17:25:07 ... I'd guess Wownero? 17:25:15 * guess Wownero if I had to pick a project to do so? 17:25:20 ooo123ooo1234[m]: https://github.com/monero-project/monero/blob/8349cfe4a63cfc63d50ce3818886b67a05e240a4/src/wallet/wallet2.cpp#L13504 . Figuring out if `update_multisig_rescan_info()` introduced a nonce-reuse bug was a waste of time that could have been avoided with a better design (i.e. code quality). 17:25:35 I was going to say nothing. I didn't knopw about wownoero. 17:25:47 That is interesting. 17:26:02 Yeah, me neither 17:26:07 as far as I know they don't merge mine 17:26:24 IMO, Monero shouldn't have any merge mining code. At all. If another project wanted to setup some merge mining system, that should be completely on them. 17:26:29 Does townforge merge mine with Monero is it a seperate chain? 17:26:35 Tari was the one who wanted to merge mine. Townforge also will. 17:27:03 And I don't care to submit a PR removing the TX Extra byte, as it increases extra decode rate to have it, but if we're saying merge mining somehow has compatibility requirements... 17:27:20 Merging that code means any project can reuse it, which means more hash rate going into monero. 17:28:10 In theory anyway. 17:28:53 Isn't the code in question simply a cleanup of the sha function solely used for updating? How does this feed into merge mining anyways? 17:29:57 MM just uses sha256 because it was there and I needed a hash function I think. Not sure why I picked this one and not keccak. 17:30:13 I would have to look deeper into it, but I believe that that the merge mining code uses it it validate the intgerity of the merge mined blockchsind 17:30:22 (hence "can be changed, not too late"). 17:30:46 Tari is already proposing proxying the Monero mining RPC for its needs. 17:31:47 Considering nothing actively uses this, it personally sounds like MM should be moved to keccak256 at least, or we should drop code from it and leave Tari to augment their proxy to replace the dropped code. 17:34:49 Just to be perfectly clear, the MM code in Monero. It's solely indexing data and providing RPC methods, right? None of it actually affects node operations? 17:35:06 Right. 17:35:09 IIRC. 17:35:13 It's been a while now... 17:35:34 sha256 is also used to verify the checkpoints.dat file , but that could easily be changed 17:35:38 It was meant as an incentive to other chains to start using MM. 17:35:59 But nobody seemed to care so far. 17:36:24 Probably too busy doing stuff for that ethereum house of cards before it crashes down under its own weight :D 17:36:53 I can see this changing with tail emission 17:37:52 MM with Monero could be seen as an option 17:41:38 Does anyone know the comparison of cryptographic security between keccak and SHA256? Because we only "need" one good cryptographicly secure hash function 17:42:06 keccak is the basis for SHA3 17:42:24 I would say it's superior to all SHA2 algos in every meaningful way 17:43:20 I still prefer Blake2b :( But that's a derailment for another day :p 17:44:01 Was this a SHA3 candidate ? 17:44:08 But yeah, keccak is effectively SHA3. It's just minor padding changes from the submitted contestant to the released version that causes people to still call it keccak. 17:44:22 @hyc that's what I figured since it was a SHA3 finalist , so maybe we could start to transition away from SHA256? 17:44:40 Blake2 and Keccak were both candidates. Keccak had lower performance but was more distinct and provided redundancy in case SHA2 was broken IIRC. 17:45:09 blake2 was also designed specifically to be fast on CPUs 17:45:13 Keccak was chosen and just had the padding changes I don't think affect its security in any meaningful way. 17:45:27 We should drop SHA2 though 17:46:29 So... if openssl drops SHA256, does it mean it doesn't support any suite that uses SHA256 ? Or did it just drop it from its public API ? 17:46:53 Just the suite of APIs we were using 17:47:08 You can still use it thru the EVP API 17:47:27 they totally revamped their hashmech API 17:50:44 "ooo123ooo1234: https://github...." <- A better design already known to a reader. Untrusted code verification will be always as hard as this (https://en.wikipedia.org/wiki/Boolean_satisfiability_problem). Even if this state is reached at some point, with addition of anything new full verification will be needed again. The only way is to maintain knowledge about code in memory. Only code of dead project is easy to review. 17:50:44 hehe 17:52:41 quila[m]: this makes the static build succeed on M1 Mac 17:52:46 https://github.com/monero-project/monero/issues/8332 17:56:32 ooo123ooo1234[m]: how about a design where copies of nonces are never made, so even the question itself doesn't have to exist? 17:56:58 sha3 uses exactly the same keccakf1600 function in the main loop, the only difference is the initial message padding 18:01:29 ooo123ooo1234[m]: plus, my complaint was about TIME, converting code into a comprehensible mental model takes time, and it takes less time if the code is cleanly written. Saying you don't want to write clean code is like saying you want to waste people's time (when clearly you are obsessed with other people wasting your time, quite the double standard). 18:03:17 I think this is an issue of "bandwidth". The code "cleverness" has to be high enough that it's good and able, but low enough than enough people can work with it. Too clever and only very few people can handle it, and it'll end up untrusted because few people can verify it. Too low and it's full of gunk. 18:03:26 You want a sweet spot. 18:03:58 And of course I've been advocating for keeping some of the gunk because churn in itself adds some gunk despite the apparent gunk removal... 18:05:12 Bandwidth should not be a bottleneck. You really want to avoid bottlenecks, of which there are many. 18:05:52 "Bandwidth" is probably not the best term here. For the purposes of this argument, I define it as "number of people times their ability to go through and grok the code". 18:06:27 Another bottleneck is the number of independent people being able to read and understand the code. Or at least parts of the code, realistically. 18:06:41 It's a balancing act, sadly. No magic bullet. 18:10:51 There are so many simple things you can do to speed up reading code. Good naming, functions that do only one thing, small comments that help you orient yourself when re-reading code, whitespace that helps the reader parse language syntax. And advanced stuff like minimizing raw loops and conditionals, very judicious use of inheritance, strict interfaces and well-understood pre/post conditions, etc. 18:14:01 UkoeHB: Do you know any code that meets all of this but is vulnerable ? 18:15:07 ooo123ooo1234[m]: Where did I saw clean code is invulnerable? I said clean code is easier to read. Maybe you should re-read my reading rant. 18:16:10 It was not claimed you said that. It's just about shifting a probability distribution. 18:16:18 UkoeHB: Does "easier to read" mean easier to verify correctness ? 18:16:49 Any code more complex then "hello world" has bugs/vulnerabiliteis, it's inevitable. The scale and severity of these bugs can be restricted by good coding/testing/reviewing practices. 18:16:50 Easier to understand means easier to verify correctness. 18:16:52 It means easier to find people willing to verify correctness, and less cost for anyone who wants to verify correctness. 18:17:19 because time = money 18:18:07 But "verify correctness" for large enough code is practically impossible since the combinatorics are just too large. It's *really* hard to keep a large state in one's mind, especially when it changes and rolls back. 18:18:18 UkoeHB: There must be at least 1 example of code that was written in accordance with all of that subjective standards, audited but turned out to be vulnerable 18:18:32 And that's what's needed to *verify* correctness. 18:18:33 or redundancy added by clean code standards helped to hide vulnerability 18:19:26 ooo123ooo1234[m]: you could ask, eg, trail or bits or similar for a bit of code where they found a vuln and the code was really clear/nice/etc. 18:19:35 s/ or / of / 18:20:03 ooo123ooo1234[m] just read articles at https://pvs-studio.com/en/blog/posts/cpp/ - plenty of examples 18:20:04 People like that would likely remember such cases, as htey're their biggest successes. 18:20:56 on topic of clean code with vulns: https://pvs-studio.com/en/blog/posts/cpp/0935/ 18:23:27 ooo123ooo1234[m]: surely there are many such examples. Are you going to ask for a statistical comparison between vulnerable shit code and vulnerable clean code? Maybe I should ask YOU for that statistic, since it's pretty easy to assume that shit code is more likely to contain bugs (i.e. not just conceptual errors, but literal software bugs that can be exploited). 18:25:55