> <@rucknium:monero.social> Ok here it is. Also available as an onion hidden service

> rucknium.me/posts/financial-margina…ization-and-cryptocurrency-payments

Nice analysis

<kayabanerve[m]> "Monero also constantly encodes/..." <- It isn't the only and not the most idiotic thing Monero does currently

<nioc> "ccs.getmonero.org..." <- centralized server for centralized research; step by step; gingeropolous how to authenticate users for that machine ? KYC ?

<jberman[m]> "when you say ratio 75%, you mean..." <- view_tag - 67%, view_tag + thread pool changes - 64%; Now i'm trying to understand why privacy issue with sub addresses isn't fixed

"monero-project/monero #7760#discussion_r882293437", it's physical link termination to prevent abuse

by unresponsive client / server

"monero-project/research-lab #62" are there any isolated tests with any of this proposals and view tags ?

why no one of them was implemented ?

"hal.inria.fr/hal-01102013/document" this SSL truncation attack looks like trash, it's even related to web dev

MITM + access to client machine with the hope to reuse not terminated session on server

Scanning is slow due to subaddress derivation, view tag adds intermediate point that can be used for early check of owned outputs

But subaddresses have privacy issue which isn't fixed

"teddit.net/r/Monero/comments/uyqwty/is_0_confirm_tx_valid/ia6l46u/#c" 0-conf are perfectly valid; facepalm

Mumuks: any news regarding which mod issued ban for a month ? there is at tip: mod is either incompetent or doesn't have access to irc, so that ban was only for matrix side

I didn't though it would take few days to receive details about ban from mod, what's the reason of unexpected delay ?

s/though/thought/

ooo123ooo12345: I'm waiting for a response

Mumuks: facepalm; scammer is doing few CCS without any work, but the one spent few months for hard problem was banned;

awesome research environment

"eprint.iacr.org/2022/510.pdf" this single paper worth more than everything done here for a year (exclulding work of UkoeHB)

<Mumuks> "ooo123ooo12345: I'm waiting..." <- It looks like unresponsive abuse. monero-project/meta #679, why is it not transparent ?

<Mumuks> "ooo123ooo12345: I'm waiting..." <- I have an idea. Since you're now tracking that bot and just previous ansnwers are unavailable. I can repeat that msg and will check in logs who did it ?

ok ?

"github.com/mj-xmr/SolOptXMR/blob/b7…xmr-logo.svg?short_path=114627d#L19" facepalm

kyc? its ssh keys

gingeropolous: quota per ssh key ? sufficient requirements to add ssh key ?

"sufficient requirements to add ssh key" == KYC if it isn't clear

in general, the procedure has been to communicate using the same github account a person uses to contribute to the monero codebase.

KYC == requesting identity, but I'm sure someone so much smarter than everyone else in here already knew that :)

<gingeropolous> "in general, the procedure has..." <- 1 line comment in README is contribution ?

merope: github account == identity, it's relative term: identity in some database; clear ?

By your own definition, your own matrix account also constitutes a form of KYC. If you are opposed to it, why are you here so much?

<merope> "By your own definition, your own..." <- Spectating

Spectators are supposed to be quiet

merope: Maybe

<merope> "KYC == requesting identity..." <- you probably meant someone who is not money driven

ooo123ooo12345:

Apologies if I missed it, but is there a specific goal here? Wheres all this supposed to lead to?

> <@ofrnxmr:monero.social> ooo123ooo12345:

> Apologies if I missed it, but is there a specific goal here? Wheres all this supposed to lead to?

Ask more concrete question

ooo123ooo12345: you seem like a really bright guy who could really help improve monero, but your statements are very rarely actionable or even comprehensible on their own. You say things like "X is broken" but don't give any explanation for why until someone begs your for more details.

I think you want to help (please correct me I'm wrong about that). Your help would go farther if you more clearly communicated the context and intent of your statements.

> <@busyboredom:monero.social> ooo123ooo12345: you seem like a really bright guy who could really help improve monero, but your statements are very rarely actionable or even comprehensible on their own. You say things like "X is broken" but don't give any explanation for why until someone begs your for more details.

>

> I think you want to help (please correct me I'm wrong about that). Your help would go farther if you more clearly communicated the context and intent of your statements.

Specify concrete example ?

* Specify concrete example which need explanation

* Specify concrete example which need explanation ?

* Specify concrete example which needs explanation

All of your above messages, for starters

Here's one:

> It isn't the only and not the most idiotic thing Monero does currently

^ That statement seems to imply that Kayabanerve is misguided in his priorities, and that he shouldn't pursue solving the issues he has identified. You do go on to point out some other issues (awesome!) but they're ad-hoc ranging from a criticism of gingeropolous's research machines to a random reddit thread on zero conf transactions (what was your point there?).

In the end, we're all left wondering what was ever wrong with Karabanerve's Ristretto suggestion while simultaneously being distracted by a ton of seeming unrelated stuff.

I really admire your enthusiasm and knowledge ooo123ooo12345, but it's difficult to use most of what you say. If you focused on clearly explaining one issue to us at a time (along with a proposed soultion for that issue, ideally) then I think we'd be better equipped to act on your suggestions.

> <@busyboredom:monero.social> Here's one:... (full message at libera.ems.host/_matrix/media/r0/do…b7ff2e0c244f7048ed5a8818a06b76a818a)

obviously not random reddit thread

you were asked to do a demonstration, yet you kept dodging the issue

To quote the name of a nice little magazine: proof-of-concept or gtfo

besides, your attack description contains a mistake

"since node of exchange isn't mining then there is 100% chance that it will be double 0 confirmation spend"

That's false, because the mining status of their node is irrelevant - all they have to do is relay the tx further than the other nodes you've relayed to

So the chance is not 100%

It's a race, but cannot assume that you will win 100%

Besides, the "general advice" on accepting 0-conf is to specifically establish a "safe threshold" for the tx amount, beyond which you start requiring at least 1-conf

Ain't nobody gonna set up a race between nodes just to scam $10 off the seller, and nobody with half a brain will accept 0-conf for $1000

So all we have here is yet another case of you throwing words around with no real point behind them

"Seems like he's quietly changing topics. That's a bold move Cotton, let's see if it pays out."

No, it's not enough - because a few closely-connected nodes cannot reproduce the latency effects of an entire network spread across the globe

I'm sure if you spam the link to the same message a few more times you'll convince me

And yes, I know what you meant. Meanwhile, you are completely ignoring the part about the "maximum safe threshold" for accepting 0-conf

xmr.to used to accept up to 0.1 BTC with 0-conf and they didn't have problems with it

You know, the one detail that would make your hypothetical scenario fail in a real-world application, because the cost and effort would not make it worthwhile

ooo123ooo12345[m: Please list one (non-defunct) exchange that accepts 0-conf, and their maximums for accepting 0-conf

You can say "facepalm" all day, but that won't make your argument more convincing

also, in most cases you don't know which node to race against

What do I have to do with it? I'm just a guy asking you to do a proper demonstration of your attack, because so far you've only been blowing smoke

ooo123ooo12345[m: In other words: your whole point is moot, because there is nobody to attack?

ooo123ooo12345[m: Please do so and publish your metodology

But something tells me you won't

After all, you're here to help us, aren't you, O Mighty One?

merope: In other words: incompetent human like is arguing in monero-research-lab channel for support of 0-conf txs; facepalm

* support of insecure 0-conf txs;

Why you're not even pretending that you cares about monero technology, but not about money from your CCS and that scammer

* that scammer ?

* human like you is arguing, * support of insecure 0-conf txs;

I don't seem to recall arguing in favour of exchanges (or anyone else) accepting 0-conf. Could it be that you're putting words in my mouth?

<merope> "Besides, the "general advice" on..." <- here you're advocating for support of insecure 0-conf txs

* Why you're not even pretending that you care about monero technology, but not about money from your CCS and that scammer ?

Wrong :D I said "the general advice is", not that "people should accept 0-conf". For someone so smart, you have very poor reading comprehension

Ooopsie

<merope> "besides, your attack description..." <- Any mistake left ?

* In other words: incompetent human like you is advocating in monero-research-lab channel for support of insecure 0-conf txs; facepalm

You're as incompetent as that scammer, that's why you're working together; perfect match I suppose

You mean aside from your presence here, the lack of a viable PoC or any proper methodology, your constant misrepresentation of facts (like the fact that "new examples of exchanges going defunct because of my (not) suggestion of accepting 0-conf, or the fact that this "super dangerous race condition" actually has no viable targets, or that it would hardly apply in a real-world scenario), and your manipulation of other people's words?

ooo123ooo12345[m: You know what they say about dogs? The louder they bark, the less they bite. And so far, you've been barking a lot ;)

Or perhaps you can't take the heat of competition?

merope: "libera.monerologs.net/monero-research-lab/20220519#c97578", is it precise enough instructions for you to test it locally or not ? have you tried to do port scanning of monero nodes ?

Oh man, the fourth time of you posting that link was the charm!

And yes, I have done port scanning of the entire network :D

And as we've already established, a local test is not representative of the real-world scenario

merope: or perhaps the scammer you're working with can't take the heat, that decides to ban/ignore everyone who is pointing out his incompetence

* his incompetence; you did the same at least once; why did you unignore me ?

* his incompetence; you did the same at least once; why did you not putting me again in ignore list ?

<merope> "You know what they say about..." <- don't touch dogs, good animals

I didn't unignore you, you just showed up with a new account and I was bored. Don't worry, you'll be ignored once I get bored with you

merope: Now write network app to do low latency broadcast of txs and the one which will detect txs in mempool of monero nodes; after that start interacting with exchange until you bisect it's node

As for mj (which you seem to struggle mentioning by name), he's just too busy doing actual work - you know, like a professional would

merope: do you mean that work that would take only 10% of week time, but not actual monero development ?

ooo123ooo12345[m: But I'm just an incompetent scammer :( Why don't you show me how it's done, so that I may learn my lesson from the best?

I think we all agree that 0-conf is fine for small transactions and larger transactions should wait for confirmations, with the line between "small" and "large" being determined by the receiver's risk tolerance. This debate is a bit of a dead horse in my eyes.

And maybe you guys can take the personal insults to your DMs?

> <@busyboredom:monero.social> I think we all agree that 0-conf is fine for small transactions and larger transactions should wait for confirmations, with the line between "small" and "large" being determined by the receiver's risk tolerance. This debate is a bit of a dead horse in my eyes.

>

> And maybe you guys can take the personal insults to your DMs?

Any example of "small transactions" case ?

It sounds more like dead merchant with almost 0 traffic

<merope> "But I'm just an incompetent..." <- For the beginning it's enough to stop you from spreading misinformation.

Buying a coffee at a physical coffee shop. Speed at checkout is important, the value of the coffee is low, and any person who does try to game the system would be unable to make repeat offences thanks to physical security measures like cameras.

BusyBoredom[m]: surveillance cameras will prevent 0-conf tx abuse; facepalm;

the merchant can decide themselves if it's worth to eat the loss in this case

BusyBoredom[m]: good clothes, 1 night and some student can earn some money

hahahaha

s/good/cover/

* cover clothes, 1 night and some competent poor student may earn some money

if ooo123ooo12345 came into my coffee shop, and he performed a double spend / abused a 0conf tx i would say wow.. nice work, and i'd tip him a further 10$ and say bro, are you still helping the devs with the multi sig fix? yeah? awesome , and i'd give him a free cookie and tell him he can come back anytime free of charge

<gingeropolous> "in general, the procedure has..." <- what is the minimum requirement for "contribute to the monero codebase" ? As soon as you will start to raise threshold to prevent spam your server become as centralized as anything else.

s/become/becomes/

<plowsof[m]> "if ooo123ooo12345 came into my..." <- It's probably one of the most shallow problem. Multisig is much deeper, but not even the deepest. And such problems in every layer. I can't dig deeply in all directions alone.

<ooo123ooo12345[m> "what is the minimum requirement..." <- Do you have a suggestion for a decentralized research platform? This is an example of a statement that we can't really act on without more information, so it makes you seem like you're just trying to pick fights. If you have a suggestion, please say it and maybe it'll become a reality :)

<BusyBoredom[m]> "Do you have a suggestion for a..." <- Do developers need centralized server for compilation ? No. Do UkoeHB need centralized server for most of research and development on transaction protocol ? No. Did this paper eprint.iacr.org/2022/510 need centralized server ? No. Do anyone need centralized server to read / write code / math ? No.

What are you referring to as "decentralized research platform" in current environment ?

s/Do/Does/