10:46:20 If I sign the same string with the same spend key, can I get a different signature? 11:22:38 I would say no. Seems to me to be the whole point: Same string singed with the same spend key (with the same algorithm and parameters of course) must give the same signature. 11:38:06 Sir if the new advanced user feature is converted from 24 words to 25 words, after I reset the ledger hardware wallet, can I access the same monero assets with just 24 words without +25 words in ledger hardware wallet? I don't mean passphrease in ledger hw. I mean the seed phrease (advanced users) for just the monero in ledger hardware wallet. 11:39:55 Hmm. That's my thinking too, but still getting a different signature. This is via monero-cpp and testnet if that matters, but I don't think it should. Straight calls to `wallet2::sign()`. 12:07:46 I'm trying to update the monero-javascript library, and for some reason, since updating to v0.18.1.2, `num_mainnet_hard_forks `, `num_testnet_hard_forks`, and `num_stagenet_hard_forks` from hardforks.h are all improperly initialized to 0 when built with WebAssembly. I confirmed they initialize correctly in v0.18.1.0. any ideas what could be causing that? 12:15:19 jozsef[m]: Just checked the code of wallet2::sign: Looks almost trivial, nothing non-deterministic in sight - and why should it? How would you check the signature otherwise? 12:15:27 woodser: Is `monero_wallet_full::sign_message()` tested within monero-javascript? (Can't find anything that would call it.) 12:16:07 Not sure I understand you question. 12:16:39 At this point I'm simply printing the signature. 12:17:10 and I get 'SigV2KfxLpk4bqBBcuEFmH11K9DEbj7n6BDDBxCXx24XJ3uFqWYxhD7HCJUmFK96XZaPjb1SAYoSK4o7QtNCDaxnD8cNe' and 'SigV24hsxZpanELHE9B77KD91rJAqhEc86QsyR5mNv2ShdYhVE5prscPL98a14z2wsVvm9uCyfXMer9dbabWtnHCJxJab' 12:17:28 jozsef yes, that function is tested here: https://github.com/monero-ecosystem/monero-javascript/blob/200acd9f8348ded51402e42c813ee87ed7ac1507/src/test/TestMoneroWalletCommon.js#L2265 12:21:19 People can check the validity of a signature with the corresponding public key, if I am not gravely mistaken? 12:23:42 Yes. I believe that's what woodser's test above does. Now I'd like to test if I get the same signature for the same message + wallet. Not assuming a problem with either wallet2 or monero-cpp, just trying to narrow it down where I'm abusing the API somehow. Probably the easiest is to add a wallet2 test if that does not exist. 12:48:22 solved my issue with the hardfork constants by explicitly including hardforks.cpp, fyi :) 13:00:27 I verified that the signatures returned from `wallet2::sign()` _are_ different for the same input `data`, `signature_type`, and `index{0,0}`. I find that strange. 13:30:58 Noob here: PGP signatures include the time of signature. Does `wallet2::sign()` include the time? 13:38:51 Rucknium[m]: as far as I can see no 16:22:40 Nitter.net/chainrx/status/1593608330127237121 16:22:55 Saw this just now. 16:23:05 Regarding a potential Sybil attack 16:24:38 \>tweet not found 16:24:39 I hope you have a screenshot 16:26:57 Nitter.net/chainrx/status/1593620605605224448 16:27:07 Sorry about that 16:27:22 This link should work 16:31:47 https://nitter.net/chainrx/status/1593619056585629697 16:32:50 #xmr bootstrap exploit: #monero has 4 bootstrap seeds & 4 update servers (see pics) all resolve to gandi.net a french provider, 16:32:50 If this is true, it’s really stupid to have all eggs in one basket 16:33:11 a free audit nice 16:34:22 plowsof: We need hackathons 16:41:02 lets wait for reactions but i personally have not much clue whats going on here? "de anon" meaning finding the ip of clear net nodes? like get_peer_list? find which have public rpc? (its more than 200) bonus points for finding unrestricted nodes and using their peer lists too? https://github.com/plowsof/xmr-get-fee-estimate-test 16:47:06 ok ignore me^ im hearing the tweet is bs but hopefully someone clarifies for us 16:49:57 > <@nikg83:matrix.org> #xmr bootstrap exploit: #monero has 4 bootstrap seeds & 4 update servers (see pics) all resolve to gandi.net a french provider, 16:49:57 > 16:49:57 > If this is true, it’s really stupid to have all eggs in one basket 16:49:57 nevertheless ^ 17:06:06 does he think every transaction my node broadcasts is from me 17:06:07 otherwise this whole thing makes zero sense 17:40:35 Is there a way to use "play monero"? I want to create an API for a monero-based point of sale so I can sell shit online, but I need a way to test it. 17:45:42 there's the testnet for that :) 17:54:00 stagenet is the real play-money 17:54:40 in terms of integrating with things, testnet is the play-money for people playing with the blockchain itself 18:11:27 Never heard of these, thanks guys! 18:14:28 One more question. How come Monero hasn't adopted Matrix spaces? Any reason? 18:35:52 "#xmr bootstrap exploit": Announcing an exploit with a Twitter thread and mysterious screenshots of parts of code? 18:36:24 And making statements that at least sound to me like mixing up two things badly, communication between nodes, and communication between wallets and nodes? 18:36:52 I guess I am too old for such Twitter threads, and too dumb to understand what they hint at :) 18:36:59 even he-who-shall-not-be-named isn't as dumb as that 21:04:14 plowsof: The IP addresses of the seed nodes are listed in the code 23:42:03 regarding that tweet: our DNS seed nodes are empty and we use hardcoded IPs on mainnet / testnet / stagenet 23:43:26 so I think they tweeted first before even verifying if what they claim works