12:36:03 > <@rucknium:monero.social> Ok here it is. Also available as an onion hidden service 12:36:03 > https://rucknium.me/posts/financial-marginalization-and-cryptocurrency-payments/ 12:36:03 Nice analysis 17:01:30 "Monero also constantly encodes/..." <- It isn't the only and not the most idiotic thing Monero does currently 17:03:26 "https://ccs.getmonero.org/..." <- centralized server for centralized research; step by step; gingeropolous how to authenticate users for that machine ? KYC ? 17:38:35 "when you say ratio 75%, you mean..." <- view_tag - 67%, view_tag + thread pool changes - 64%; Now i'm trying to understand why privacy issue with sub addresses isn't fixed 17:58:08 "https://github.com/monero-project/monero/pull/7760#discussion_r882293437", it's physical link termination to prevent abuse 18:03:00 by unresponsive client / server 18:04:58 "https://github.com/monero-project/research-lab/issues/62" are there any isolated tests with any of this proposals and view tags ? 18:05:10 why no one of them was implemented ? 18:06:39 "https://hal.inria.fr/hal-01102013/document" this SSL truncation attack looks like trash, it's even related to web dev 18:07:13 MITM + access to client machine with the hope to reuse not terminated session on server 18:12:04 Scanning is slow due to subaddress derivation, view tag adds intermediate point that can be used for early check of owned outputs 18:12:21 But subaddresses have privacy issue which isn't fixed 18:35:54 "https://teddit.net/r/Monero/comments/uyqwty/is_0_confirm_tx_valid/ia6l46u/#c" 0-conf are perfectly valid; facepalm 18:52:55 Mumuks: any news regarding which mod issued ban for a month ? there is at tip: mod is either incompetent or doesn't have access to irc, so that ban was only for matrix side 18:54:33 I didn't though it would take few days to receive details about ban from mod, what's the reason of unexpected delay ? 18:54:42 s/though/thought/ 18:56:06 ooo123ooo12345: I'm waiting for a response 18:56:50 Mumuks: facepalm; scammer is doing few CCS without any work, but the one spent few months for hard problem was banned; 18:56:59 awesome research environment 18:59:15 "https://eprint.iacr.org/2022/510.pdf" this single paper worth more than everything done here for a year (exclulding work of UkoeHB) 19:09:59 "ooo123ooo12345: I'm waiting..." <- It looks like unresponsive abuse. https://github.com/monero-project/meta/issues/679, why is it not transparent ? 19:28:40 "ooo123ooo12345: I'm waiting..." <- I have an idea. Since you're now tracking that bot and just previous ansnwers are unavailable. I can repeat that msg and will check in logs who did it ? 19:28:41 ok ? 19:29:18 "github.com/mj-xmr/SolOptXMR/blob/b7…xmr-logo.svg?short_path=114627d#L19" facepalm 19:41:56 kyc? its ssh keys 19:45:17 gingeropolous: quota per ssh key ? sufficient requirements to add ssh key ? 19:46:53 "sufficient requirements to add ssh key" == KYC if it isn't clear 19:54:55 in general, the procedure has been to communicate using the same github account a person uses to contribute to the monero codebase. 20:05:01 KYC == requesting identity, but I'm sure someone so much smarter than everyone else in here already knew that :) 20:06:30 "in general, the procedure has..." <- 1 line comment in README is contribution ? 20:07:13 merope: github account == identity, it's relative term: identity in some database; clear ? 20:07:56 By your own definition, your own matrix account also constitutes a form of KYC. If you are opposed to it, why are you here so much? 20:20:57 "By your own definition, your own..." <- Spectating 20:22:12 Spectators are supposed to be quiet 20:23:49 merope: Maybe 20:48:42 "KYC == requesting identity..." <- you probably meant someone who is not money driven 20:57:16 ooo123ooo12345: 20:57:16 Apologies if I missed it, but is there a specific goal here? Wheres all this supposed to lead to? 21:00:44 > <@ofrnxmr:monero.social> ooo123ooo12345: 21:00:44 > Apologies if I missed it, but is there a specific goal here? Wheres all this supposed to lead to? 21:00:44 Ask more concrete question 21:06:43 ooo123ooo12345: you seem like a really bright guy who could really help improve monero, but your statements are very rarely actionable or even comprehensible on their own. You say things like "X is broken" but don't give any explanation for why until someone begs your for more details. 21:06:44 I think you want to help (please correct me I'm wrong about that). Your help would go farther if you more clearly communicated the context and intent of your statements. 21:07:44 > <@busyboredom:monero.social> ooo123ooo12345: you seem like a really bright guy who could really help improve monero, but your statements are very rarely actionable or even comprehensible on their own. You say things like "X is broken" but don't give any explanation for why until someone begs your for more details. 21:07:45 > 21:07:45 > I think you want to help (please correct me I'm wrong about that). Your help would go farther if you more clearly communicated the context and intent of your statements. 21:07:45 Specify concrete example ? 21:08:12 * Specify concrete example which need explanation 21:08:12 * Specify concrete example which need explanation ? 21:08:16 * Specify concrete example which needs explanation 21:15:08 All of your above messages, for starters 21:18:01 Here's one: 21:18:01 > It isn't the only and not the most idiotic thing Monero does currently 21:18:01 ^ That statement seems to imply that Kayabanerve is misguided in his priorities, and that he shouldn't pursue solving the issues he has identified. You do go on to point out some other issues (awesome!) but they're ad-hoc ranging from a criticism of gingeropolous's research machines to a random reddit thread on zero conf transactions (what was your point there?). 21:18:01 In the end, we're all left wondering what was ever wrong with Karabanerve's Ristretto suggestion while simultaneously being distracted by a ton of seeming unrelated stuff. 21:24:12 I really admire your enthusiasm and knowledge ooo123ooo12345, but it's difficult to use most of what you say. If you focused on clearly explaining one issue to us at a time (along with a proposed soultion for that issue, ideally) then I think we'd be better equipped to act on your suggestions. 22:12:53 > <@busyboredom:monero.social> Here's one:... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/9b0d1b7ff2e0c244f7048ed5a8818a06b76a818a) 22:13:18 obviously not random reddit thread 22:14:41 you were asked to do a demonstration, yet you kept dodging the issue 22:15:42 To quote the name of a nice little magazine: proof-of-concept or gtfo 22:16:55 besides, your attack description contains a mistake 22:16:57 "since node of exchange isn't mining then there is 100% chance that it will be double 0 confirmation spend" 22:17:41 That's false, because the mining status of their node is irrelevant - all they have to do is relay the tx further than the other nodes you've relayed to 22:18:12 So the chance is not 100% 22:18:27 It's a race, but cannot assume that you will win 100% 22:19:32 Besides, the "general advice" on accepting 0-conf is to specifically establish a "safe threshold" for the tx amount, beyond which you start requiring at least 1-conf 22:20:20 Ain't nobody gonna set up a race between nodes just to scam $10 off the seller, and nobody with half a brain will accept 0-conf for $1000 22:21:08 So all we have here is yet another case of you throwing words around with no real point behind them 22:24:50 "Seems like he's quietly changing topics. That's a bold move Cotton, let's see if it pays out." 22:29:11 No, it's not enough - because a few closely-connected nodes cannot reproduce the latency effects of an entire network spread across the globe 22:30:02 I'm sure if you spam the link to the same message a few more times you'll convince me 22:31:00 And yes, I know what you meant. Meanwhile, you are completely ignoring the part about the "maximum safe threshold" for accepting 0-conf 22:31:43 xmr.to used to accept up to 0.1 BTC with 0-conf and they didn't have problems with it 22:31:44 You know, the one detail that would make your hypothetical scenario fail in a real-world application, because the cost and effort would not make it worthwhile 22:32:54 ooo123ooo12345[m: Please list one (non-defunct) exchange that accepts 0-conf, and their maximums for accepting 0-conf 22:33:32 You can say "facepalm" all day, but that won't make your argument more convincing 22:35:11 also, in most cases you don't know which node to race against 22:35:24 What do I have to do with it? I'm just a guy asking you to do a proper demonstration of your attack, because so far you've only been blowing smoke 22:35:46 ooo123ooo12345[m: In other words: your whole point is moot, because there is nobody to attack? 22:36:10 ooo123ooo12345[m: Please do so and publish your metodology 22:36:18 But something tells me you won't 22:36:54 After all, you're here to help us, aren't you, O Mighty One? 22:37:57 merope: In other words: incompetent human like is arguing in monero-research-lab channel for support of 0-conf txs; facepalm 22:38:09 * support of insecure 0-conf txs; 22:38:39 Why you're not even pretending that you cares about monero technology, but not about money from your CCS and that scammer 22:38:41 * that scammer ? 22:38:59 * human like you is arguing, * support of insecure 0-conf txs; 22:39:01 I don't seem to recall arguing in favour of exchanges (or anyone else) accepting 0-conf. Could it be that you're putting words in my mouth? 22:40:13 "Besides, the "general advice" on..." <- here you're advocating for support of insecure 0-conf txs 22:40:40 * Why you're not even pretending that you care about monero technology, but not about money from your CCS and that scammer ? 22:41:05 Wrong :D I said "the general advice is", not that "people should accept 0-conf". For someone so smart, you have very poor reading comprehension 22:41:21 Ooopsie 22:41:49 "besides, your attack description..." <- Any mistake left ? 22:42:23 * In other words: incompetent human like you is advocating in monero-research-lab channel for support of insecure 0-conf txs; facepalm 22:43:22 You're as incompetent as that scammer, that's why you're working together; perfect match I suppose 22:44:41 You mean aside from your presence here, the lack of a viable PoC or any proper methodology, your constant misrepresentation of facts (like the fact that "new examples of exchanges going defunct because of my (not) suggestion of accepting 0-conf, or the fact that this "super dangerous race condition" actually has no viable targets, or that it would hardly apply in a real-world scenario), and your manipulation of other people's words? 22:45:53 ooo123ooo12345[m: You know what they say about dogs? The louder they bark, the less they bite. And so far, you've been barking a lot ;) 22:46:20 Or perhaps you can't take the heat of competition? 22:47:53 merope: "https://libera.monerologs.net/monero-research-lab/20220519#c97578", is it precise enough instructions for you to test it locally or not ? have you tried to do port scanning of monero nodes ? 22:48:21 Oh man, the fourth time of you posting that link was the charm! 22:48:32 And yes, I have done port scanning of the entire network :D 22:49:21 And as we've already established, a local test is not representative of the real-world scenario 22:50:12 merope: or perhaps the scammer you're working with can't take the heat, that decides to ban/ignore everyone who is pointing out his incompetence 22:50:24 * his incompetence; you did the same at least once; why did you unignore me ? 22:50:44 * his incompetence; you did the same at least once; why did you not putting me again in ignore list ? 22:50:58 "You know what they say about..." <- don't touch dogs, good animals 22:51:08 I didn't unignore you, you just showed up with a new account and I was bored. Don't worry, you'll be ignored once I get bored with you 22:51:48 merope: Now write network app to do low latency broadcast of txs and the one which will detect txs in mempool of monero nodes; after that start interacting with exchange until you bisect it's node 22:52:21 As for mj (which you seem to struggle mentioning by name), he's just too busy doing actual work - you know, like a professional would 22:53:12 merope: do you mean that work that would take only 10% of week time, but not actual monero development ? 22:53:23 ooo123ooo12345[m: But I'm just an incompetent scammer :( Why don't you show me how it's done, so that I may learn my lesson from the best? 22:54:22 I think we all agree that 0-conf is fine for small transactions and larger transactions should wait for confirmations, with the line between "small" and "large" being determined by the receiver's risk tolerance. This debate is a bit of a dead horse in my eyes. 22:54:22 And maybe you guys can take the personal insults to your DMs? 22:55:47 > <@busyboredom:monero.social> I think we all agree that 0-conf is fine for small transactions and larger transactions should wait for confirmations, with the line between "small" and "large" being determined by the receiver's risk tolerance. This debate is a bit of a dead horse in my eyes. 22:55:47 > 22:55:47 > And maybe you guys can take the personal insults to your DMs? 22:55:47 Any example of "small transactions" case ? 22:57:38 It sounds more like dead merchant with almost 0 traffic 23:00:05 "But I'm just an incompetent..." <- For the beginning it's enough to stop you from spreading misinformation. 23:04:19 Buying a coffee at a physical coffee shop. Speed at checkout is important, the value of the coffee is low, and any person who does try to game the system would be unable to make repeat offences thanks to physical security measures like cameras. 23:04:55 BusyBoredom[m]: surveillance cameras will prevent 0-conf tx abuse; facepalm; 23:05:30 the merchant can decide themselves if it's worth to eat the loss in this case 23:05:53 BusyBoredom[m]: good clothes, 1 night and some student can earn some money 23:05:54 hahahaha 23:06:01 s/good/cover/ 23:06:58 * cover clothes, 1 night and some competent poor student may earn some money 23:07:49 if ooo123ooo12345 came into my coffee shop, and he performed a double spend / abused a 0conf tx i would say wow.. nice work, and i'd tip him a further 10$ and say bro, are you still helping the devs with the multi sig fix? yeah? awesome , and i'd give him a free cookie and tell him he can come back anytime free of charge 23:18:57 "in general, the procedure has..." <- what is the minimum requirement for "contribute to the monero codebase" ? As soon as you will start to raise threshold to prevent spam your server become as centralized as anything else. 23:20:10 s/become/becomes/ 23:40:00 "if ooo123ooo12345 came into my..." <- It's probably one of the most shallow problem. Multisig is much deeper, but not even the deepest. And such problems in every layer. I can't dig deeply in all directions alone. 23:47:20 "what is the minimum requirement..." <- Do you have a suggestion for a decentralized research platform? This is an example of a statement that we can't really act on without more information, so it makes you seem like you're just trying to pick fights. If you have a suggestion, please say it and maybe it'll become a reality :) 23:56:19 "Do you have a suggestion for a..." <- Do developers need centralized server for compilation ? No. Do UkoeHB need centralized server for most of research and development on transaction protocol ? No. Did this paper https://eprint.iacr.org/2022/510 need centralized server ? No. Do anyone need centralized server to read / write code / math ? No. 23:56:44 What are you referring to as "decentralized research platform" in current environment ? 23:57:08 s/Do/Does/