01:11:48 sech1: sech1: re "Once you get a huge stake, you don't need to spend much resources to maintain it": you ideally launch a staking consensus mechanism with a delay in activation, giving time for stakers to lock coins, and even after launch, first just use it to come to consensus about its own state. this allows honest stake to [... too long, see https://mrelay.p2pool.observer/e/5sGckLAKSFk5blhX ] 01:12:10 when Ethereum transitioned (they switched to full proof of stake, not what we're discussing here, well, not me), they ran the staking consensus layer on mainnet, with real funds in "standalone" mode for ~20 months before it became the primary mechanism. not that Monero should wait that long, but it gives you an idea. 01:12:44 my point is, securing a large-enough malicious stake (>33% to stall finality, >67% to take it over) should be economically infeasible, because 1) finite supply at any moment, 2) liquidity constraints. trying to buy up so many coins should drive the price up exorbitantly, eventually pricing the attempt out. in our case, XMR is already highly illiquid. 01:13:03 33% of staked* coins 01:13:22 ofrn, exactly 01:13:25 there's the nuclear option of forking out malicious stake, which is very much social coordination, but the PoW moral equivalent has already happened multiple times (Cryptonite variant 1 fork, Cryptonite-R fork, RandomX fork). both are last-resort ways for the community to render consensus-producing resources useless when centralization threatens the chain. 01:13:33 which is probably less than an exchange would be able to stake at any givrn point in time 01:13:34 IMHO, in the case of forking out stake, even if the community can't agree if they would ever resort to it in the future, the technical possibility is a very strong deterrent for potential attackers. 01:14:51 Exchanges can, do, and will stake user deposits. both with permission (staking pools) or without (like tradeogre staking zano) 01:15:34 I imagine protocols like serai would also become stakers 01:17:01 i dont think it's safe to assume that the stake will be distributed / not concentrated to 1 or 2 entities 01:19:33 yes, my points suppose that that the honest portion of self-custodial XMR holders who are willing to stake outweigh CEX holdings. I'm confident that this is currently the case, otherwise Monero is already a social failure and we shouldn't waste time with bolstering the consensus. 01:25:00 holders? Sure. 80% of the supply was printed in like 4 years. Active? Thats another question. 01:26:05 10% of pre-rct outputs remain unspent, thats probably (i havent checked) close* to 10% of the total supply 01:27:15 Now, what about the other 90%? Churned, spent, who knows. Its private. 01:27:15 we do know that a single entity donated 400k to monero twice, and spammed thousands of xmr to the generalfund 01:27:29 if Serai were to become a staker, which I don't think it would, simply on the grounds of unnecessary protocol complexity, the only way I can imagine that implemented would be using its own consensus, which should be decentralized enough to not pose a threat (otherwise keeping significant XMR there is a threat to LPs and a reas [... too long, see https://mrelay.p2pool.observer/e/2f_VkLAKN3BZR1lC ] 01:28:31 serai is an example. Who's to say it wouldnt be a less friendly operation 01:31:41 and no, i dont think holders willing to stake outweigh cex holdings. And a TFL has limited stakers 01:31:53 Its not like "anyone with 0.5xmr can stake" 01:38:30 it's very probable XMR whales 1) don't keep it on a CEX, and 2) check in a few times a year to see what is going on with the protocol that secures a significant value of their holdings. 01:38:41 they also very probably wouldn't behave in a way that destroys the USD value of their XMR, like LP'ing in a scammy AMM DEX chain, but I admit it's a concern. 01:40:14 yes, to avoid DDoS, a staking consensus would have a minimum stake requirement. that's not an issue. the power law distribution applies here. 03:28:05 @chaser: If you can loan your xmr out on kucoin (for margin), and now earn extra from staking, why wouldnt you?. There are a lot of people who only check in every few years 03:29:06 usually people who have big bags that they bought at low prices, checking in during bull markets, so they can sell some 04:37:32 @ofrnxmr:xmr.mx: I already told you. if I'm a large holder, I'm sensitive to the USD valuation of my XMR, so I pay attention to ecosystem news, like a protocol change where leaving my XMR on Kucoin could lead to XMR losing value (my bag) and potentially losing my XMR (be that in-protocol automatic slashing, or getting forked [... too long, see https://mrelay.p2pool.observer/e/jfuNlrAKY19DdUJX ] 05:16:18 Sounds idealistic instead of realistic 05:20:51 Allowing people to borrow your coins is an incentive to loan them out. It doesnt hurt your valuation to earn 10% by loaning your coins out to traders who provide liquidity on orderbooks. 05:20:51 There are whole services for taking loans against your crypto as well. investors dont care about "xmr", they care about earnings. Pooled staking and margin loans dont hurt that bottom line 05:24:08 And pooled staking is more of an attraction for people who otherwise dont qualify for the staking minimums. 07:39:11 Imagine spending 2 billion dollars pumping monero up and then you just get forked out. GGs, thanks for the tax money Mr nation state > <@chaser> IMHO, in the case of forking out stake, even if the community can't agree if they would ever resort to it in the future, the technical possibility is a very strong deterrent for potential attackers. 07:40:52 Some with 1 xmr has more xmr than most CEXs > <@ofrnxmr:xmr.mx> and no, i dont think holders willing to stake outweigh cex holdings. And a TFL has limited stakers 08:23:31 @unt0ld:matrix.org: Example (checkpoints): https://arxiv.org/abs/1710.09437, https://eth2book.info/capella/part2/consensus/lmd_ghost/ 08:24:12 sech1: once you have enough compute, you can nuke the chain forever on government contracts 08:27:18 amazons cost to mine on older hardware is super low, especially if they get contracted by the feds to do so 08:27:43 they already spent 650k on a chainalysis contract that didnt really produce anything 08:28:37 that money could EASILY be used to contract amazon to erase 3-5 days of monero history to permanently damage trust in the chain 08:29:17 multi-month erasure for a few million 08:29:36 extremely cheap if you really think about it 08:30:08 attacking PoS requires a massive up-front investment and pumps Monero, which puts tons of eyes on it 08:30:51 the PoS-Attack pump would attract fomo-buyers which just makes it even more expensive 08:34:06 also consider that its just a denial of service. if they try to double spend, even if they have most of the stake it can just be forked and slashed. its not like their shenanigans will be unnoticed by market participants. 08:39:54 for Eth style extreme slashing to be effective, best to assume a startup phase with 67% honest validators. Can we expect that ? 08:40:19 the problem with pos is that the stake requirements are picked arbitrarily high. higher stake percentages of total market cap and in terms of individual nodes does not necessarily increase security. Especially if it is a result of nominal inflation that is gifted to stakers. Weird second layer concepts like "liquid staking" g [... too long, see https://mrelay.p2pool.observer/e/6oeHnbAKY2hrZWQt ] 08:47:54 the question is: how many market participants can the attacker fool for long enough that a certain alternative chain where he double spent is reality? the issue with eth is that the whole system is overcomplicated and most people dont run their own nodes and just trust what ever is preset in their wallet. 08:49:41 complex slashing systems and liquid staking just make the system harder to reason about. The complexity also comes with the side effect of making bugs and subtle differences between implementations more likely. 08:50:23 last time i looked into eth staking the node would have cost $80k in stake and 800 in gas fees 08:52:14 you also need to do shit like setting up a mev block builder 08:52:29 because otherwise you are missing out on large percentages of the APY 08:52:33 dont have that in monero 08:59:05 Another turn: am I the only one who is into recursive reputation systems eg eigentrust ? Too complex to get the idea across ? Basically all these resilient systems try to capitalize on a honest (trusted) startup phase - thats the bottom line of my review of ~50 papers on the topic. 09:07:54 @antilt:we2.ee: : similar to long range attacks in pos you could eclipse a node and feed him the wrong history. no way to get around the fact that you get the software and a trusted by most initial / current state from a trusted source 09:08:58 once that is accepted it is best to keep the system as simple as possible. most communities treat this like the floor is made of lava though. 09:14:29 @spirobel:kernal.eu: monero community may be not there yet. Many think in terms of perfect decentralization/trustlessness /away 09:23:00 it is time to wake up. better to accept it and build something that is truly decentralized, not just mental gymnastics to pretend it can side step CAP / FLP impossibility. 11:44:08 this ignores the fact that millions of XMR have been seized by govts over the years already, and will continue to do so, and also that the govt could quietly pressure kraken and other exchanges that hold significant reserves without ever buying a thing > <@monerobull:matrix.org> attacking PoS requires a massive up-front investment and pumps Monero, which puts tons of eyes on it 11:48:22 I found a solution: Just psyop people into buying Monero. Increases security budget without introducing any new problems. 11:49:44 Monero $10k EOY. 11:52:36 Imagine monetary base jumping kills your net worth 🤣 11:53:33 Imagine thinking that it takes 2 billion$ to acquire 34% of the stake > <@monerobull:matrix.org> Imagine spending 2 billion dollars pumping monero up and then you just get forked out. GGs, thanks for the tax money Mr nation state 11:55:08 Way less with the seizures of monero 11:55:23 @ofrnxmr:xmr.mx: It's a realistic number for moneros size 11:56:21 Market cap is not a realistic number. Its the number if all coins were sold at the current market price 11:56:57 It's not about marketcap 11:57:13 Acquiring a large stake is one way to bias PoS, but another more subtle is pressuring existing validators representing 33+%, this doesn't cost anything to a willing state actor, and given a small validator set it would be rather easy to identify enough of them. > <@monerobull:matrix.org> the PoS-Attack pump would attract fomo-buyers which just makes it even more expensive 11:57:14 It's about the estimated cost 11:58:11 If you but 500m worth of coins, the price is likely 2x on exchanges, opposite if you sell that much. Unless you're buying OTC (and not staking your botnet, dnm, or seized xmr), its not 2billion 11:58:16 @jwinterm:matrix.org: where isthis figure of "Millions of XMR" have been seized coming from ? 11:58:29 @hbs:matrix.org: If our validators are all behind Tor, that's going to be very annoying 11:58:31 @jack_ma_blabla:matrix.org: my ass 11:58:49 @jwinterm:matrix.org: Based ass 11:59:20 @ofrnxmr:xmr.mx: 20 million pushed us over 400$ 11:59:31 You have no idea how illiquid monero is 11:59:40 Exactly 11:59:42 Youre proving my point 11:59:59 What? That PoS would be insanely expensive to attack? 12:00:08 if monero was highly liquid, id agree that coins were widely distributed 12:00:33 34% STAKE is NOT 34% of the supply 12:00:37 Monroe is distributed because it's used 12:01:13 sourced from govt-aligned LLM: 12:01:13 > In summary, while the U.S. government has seized an unknown total quantity of Monero from various darknet market operations, the only publicly confirmed figure to date is the 11,993.15882 XMR from the AlphaBay case. 12:01:24 that is 12k in 2017 12:01:28 @ofrnxmr:xmr.mx: If you assume similar levels of participation as on other pos systems, ~20-30% of the supply would be staked 12:01:31 dnm adoption of monero accelerated from there 12:01:41 and there has been probably dozens of markets shutdown since then 12:02:08 I feel like a million plus or minus by all govts in the 8 years since then is a pretty good guess 12:02:11 thx ass 12:02:19 K and M a huge difference > <@jwinterm:matrix.org> sourced from govt-aligned LLM: 12:02:43 @jack_ma_blabla:matrix.org: that's one market from 8 years ago... 12:02:43 @monerobull:matrix.org: So an entity would need 7-10% of supply, and 80% of supply was printed in 4 yrs (jwintem, confirm?) And 10% is still unspend pre-rct inputs 12:02:51 Widely distributed, my ass 12:03:14 how many xmr are sitting on kraken rn? a million? 12:03:18 @jwinterm:matrix.org: count the number of busts where xmr was recovered 12:03:23 how much do you expect plebs to stake? 12:03:36 @jack_ma_blabla:matrix.org: it's undisclosed and therefore ucountable 12:03:51 Staking is not much more complicated than running a node 12:04:00 @jwinterm:matrix.org: enough, if there is a incentive ; without incentive we have 12k nodes 12:04:04 @monerobull:matrix.org: or mining, and no one mines... 12:04:06 @jwinterm:matrix.org: Theyd have to use staking pools, or stake on a cex, since TFL staking has limoted stakers 12:04:17 @jwinterm:matrix.org: Fuck mining 12:04:20 I'm mining 12:04:28 But my PC can only pull 65 watts 12:04:35 I can't scale it up 12:04:35 @jack_ma_blabla:matrix.org: We have like 4k nodes. 8k are spy nodes 12:04:52 anyone in this channel is an ultranerd and therefore not representative of "most people", even most xmr users imo 12:05:08 @ofrnxmr:xmr.mx: 4k connectable ? there are plenty behind nat and not active 24/7 12:05:37 @jack_ma_blabla:matrix.org: Right. More like 1.5k LOL 12:05:37 The fact is that the people just don't have nearly enough compute compared to the data centers 12:05:59 It's easier for individuals to add 1k$ of network security via staking than mining 12:06:05 Old report has 80% of monero neteork traffic handled by 10% of the network, "super nodes" 12:06:08 @jwinterm:matrix.org: yes but you are representative 12:06:12 @monerobull:matrix.org: No it isnt 12:06:22 It definitely is 12:06:26 @jack_ma_blabla:matrix.org: neigh weigh jose 12:06:26 @ofrnxmr:xmr.mx: remote nodes ? 12:06:31 @jack_ma_blabla:matrix.org: What? 12:06:41 Me as a hardcore monero supporter can be out hashed for pennies 12:06:45 @monerobull:matrix.org: Bro, are you not keeping up? 12:06:59 TFL is not "staking for everybody" 12:07:13 @ofrnxmr:xmr.mx: super nodes are those public nodes like cake ? 12:07:16 eth is a 32 eth minimum. You need 110k to become a validator 12:07:23 Staking adds security asymmetricly 12:07:37 @jack_ma_blabla:matrix.org: No, they {were} nodes that serve >1000 connections 12:07:39 @ofrnxmr:xmr.mx: How many times is monero smaller than eth 12:07:52 > As of 2025, centralized exchanges (CEXs) account for 24.0% of all staked ETH, representing 8.13 million ETH. 12:07:56 @monerobull:matrix.org: monero staking is intended to be like 100 validators 12:08:08 Bullshit 12:08:12 Thats not you. Your little bag aint worth 1 piconero 12:08:16 Serai can do 150 per network already 12:08:23 everyone with enough xmr, for example 16xmr is not a huge amount > <@ofrnxmr:xmr.mx> TFL is not "staking for everybody" 12:08:42 @jack_ma_blabla:matrix.org: Again wrong. Its not intended to scale to 1000+ users 12:08:51 Who says thay 12:08:55 kayaba 12:09:03 @ofrnxmr:xmr.mx: why so ? 12:09:05 Kayba said 109 validators? 12:09:14 When serai can do 150? 12:09:15 serai doesn't exist afaik...but kind of beside the point imo, people are lazy and most people leave coins on exchanges, especially when the exchange offers to stake for them and take a small cut of their stake rewards 12:09:30 which leads to the govt being able to just pressure regulated exchanges to control the network 12:09:38 Monero has barely any exchanges anymore 12:09:48 You can buy it overtime and with other sources( staking and seizures) > <@ofrnxmr:xmr.mx> If you but 500m worth of coins, the price is likely 2x on exchanges, opposite if you sell that much. Unless you're buying OTC (and not staking your botnet, dnm, or seized xmr), its not 2billion 12:09:49 which makes it even more of an issue 12:10:07 @jwinterm:matrix.org: wont they be slashes if they do anything funny ? 12:10:11 All pleb stake goes straight to kucoin + kraken 12:10:29 @ofrnxmr:xmr.mx: easist way to buy xmr 12:10:37 how do you slash the slasher? 12:10:42 @jack_ma_blabla:matrix.org: Haveno 12:10:59 @monerobull:matrix.org: not easy as a cex 12:11:03 @monerobull:matrix.org: Thats just plain false 12:11:04 Definitely is 12:11:12 Definitely is not 12:11:18 @jack_ma_blabla:matrix.org: not easy as mining 12:11:19 Way easier to set up haveno than registering a KYC cex account 12:11:23 @jwinterm:matrix.org: that will be answered by the book 12:11:47 @p-q:matrix.org: Nobody mines because you get 3 cents per day 12:11:47 color me skeptical 12:11:48 @monerobull:matrix.org: its easier for plebs to open a kyc acc 12:12:28 Barely anyone invests in monero like that 12:12:36 Monero is not a pleb coin 12:12:43 Most plebs who use it use it to buy drugs 12:12:43 Barely anyone in THE MONERO MATRIX COMMUNITY 12:12:51 Not to make 1.5% apy 12:12:51 Get out of your bubble for 13seconds 12:12:53 no incentive to invest > <@monerobull:matrix.org> Barely anyone invests in monero like that 12:13:00 We, the community, produce like 100tx/day 12:13:13 There are another 29900 txs that arent us 12:13:13 Historically Monero is a shit investment 12:13:22 Id rather buy eth for number go up 12:13:26 @monerobull:matrix.org: Thats also false 12:13:51 @ofrnxmr:xmr.mx: i spam the rest 29000 for it to look active 12:14:00 @ofrnxmr:xmr.mx: Tell that to my eth I sold for monero 12:14:12 @monerobull:matrix.org: since randomx 12:14:14 @jack_ma_blabla:matrix.org: at least 5k of those are some service that only sends txs every other day 12:15:18 I believe without PoS we will sooner rather than later get hit with a multi day reorg 12:15:29 It's not even that expensive 12:15:42 You could probably make profit by shorting at the same time 12:15:45 And double spending 12:15:54 we are just waiting for it > <@monerobull:matrix.org> I believe without PoS we will sooner rather than later get hit with a multi day reorg 12:16:16 @monerobull:matrix.org: not enough oi to make profit 12:16:46 Especially once serai is live 12:16:56 A multi day reorg could be very profitable 12:17:16 Fuck I didn't even consider that 12:17:21 Serai will make it more likely to happen 12:17:26 Can you go 24hrs without glazing serai 12:17:30 4.1M xmr seized by govts prove me wrong https://pastebin.com/yHc0dpLi 12:17:48 serai will not launch or with 720 block conf > <@monerobull:matrix.org> Especially once serai is live 12:19:01 @ofrnxmr:xmr.mx: "serai will create a doublespend Honeypot that makes a 51% attack profitable" -ofrn cAn yOu stOp gLaZinG 12:19:40 Thats 3 serais in 5mins, can we go for 4? 12:19:52 3mins* 12:19:56 Strawman 12:20:44 im not using serai glazing as a counter arguement 12:21:23 You're completely derailing the discussion with petty insults 12:21:37 This discussion has been derailed for hours 12:22:06 PoS = cfb won 12:22:45 Cfb could have already successfully double-spend 12:23:47 The data center risk is so much higher than the theoretical case of the feds holding a ton of monero for some reason 12:23:54 Guys, if you can't mine and want to secure Monero with a stake, I just found out Monero actually already has a superior version of PoS that does not have any of its problems... It's called buying the coin. (which raises the price, which raises the miner reward, which raises the hash rate) 12:24:45 Doesn't change the fact that globally Amazon and Google have more compute than all individuals combined 12:24:48 @monerobull:matrix.org: this is a false dichotomy 12:24:53 Which is really the core issue with PoW 12:25:08 @monerobull:matrix.org: so switch to zano 12:25:14 I really need to add colors to the nicks :D 12:25:38 @monerobull:matrix.org: A single rack probably has 100x more compute than everyone talking here rn 12:25:48 @ofrnxmr:xmr.mx: Scam 12:26:37 Having more than 3 data center providers mine 50% of Monero is already better decentralization than Bircoin BTW. 12:27:16 They would mine a secret chain and just nuke us one day 12:27:30 Nobody would be aware until it's already too late 12:28:14 If we lose Monero because we cling to an insecure consensus mechanism that would be such a tremendous shame. We already lost what Bitcoin could have been. 12:30:21 PoS seems much more insecure than dedicated hardware based PoW, considering govts have seized approx millions of XMR and they could easily apply pressure to large exchanges which also hold tons of XMR (and plebs have proven they prefer to leave coins on exchanges to "secure the network" when PoS is involved) 12:30:41 when is the last time doge or btc was attacked in this manner? basically never 12:30:45 monerobull needs to rebrand as monerobear 😭 can keep the mb initials still 12:30:50 cfb can't even manage to attack ztrash 12:31:17 Yeah, I am literally so bearish 12:31:37 Even though everything aside from PoW is mega bullish 12:32:03 But it doesn't matter if you have serai and fcmp and all that stuff coming if the chain could be voided 12:32:56 Cfb mining 20 blocks in a row is what made me realize RandomX can't be it 12:33:29 The first time our consensus mechanism is attacked and it immediately folds 12:33:32 Great 👍 12:33:54 The community response doesn't even register on the total nethash 12:33:57 what abt when bitmain had 90% 12:34:08 Because individuals just don't have that much compute 12:34:42 @ofrnxmr:xmr.mx: Right now Amazon and Google have 99% 12:34:45 @monerobull:matrix.org: whould woulda thought that renting hashrate that is already mining monero, wouldnt increase the hashrate 12:36:07 You'd think that all the people jumping on gupax to help ward off a pre-announced, direct attack would be noticeable 12:36:16 No you wouldnt 12:36:26 Simple math 12:36:36 You'd think it would "activate sleeper agents" who care about monero but don't mine because it's not profitable 12:36:52 But even if it did, it doesn't even make a dent 12:36:54 what movie are we watching 12:37:17 This convo isnt remotely research related 12:37:34 The facts are qubic mined 20 blocks in a row 12:37:42 no they didnt 12:37:49 They literally did 12:37:58 10,000 people giving 10 kilohash each would only be 100 MH, under 2% of the current hashrate total 12:38:01 They mined + orphaned enough blocks to commit 20 in a row 12:38:17 They didnt mine 20 in a row 12:38:22 Holy semantics 12:38:27 true, last 24h backlock is 95% offtopic > <@ofrnxmr:xmr.mx> This convo isnt remotely research related 12:38:30 The chain has 20 blocks in a row, all by qubic 12:38:44 That's what matters 12:39:38 that doesn't actually matter so much is selfish mining mititagtion is successful, because they don't have the hashrate to do that honestly 12:40:05 They already did do it? 12:40:28 ok? the chain is still working. you're acting like the sky has already fallen 12:40:29 if I had 10MH I could flip on at any time, but I would loose money because power costs more then coins I get, what would be the best time to switch it on to defend the network? 12:40:46 while qubic hash rate skyrockets? 12:40:55 At night when qubic announced a marathon 12:41:09 there is no announcing 12:41:17 the marathons come at times set in code 12:41:23 regularly. 12:41:56 If you switch on 24hrs before the attack, you can raise the difficulty. 12:41:57 if you switch on during the attack, you may be able to help create a longer chain especially if you are successful in selfish mining an extra block (and ignoring the reorg) 12:42:05 @monero.arbo:matrix.org: I wouldn't be so concerned if not for the fact that we literally can't protect against it if Amazon decides to attack 12:42:06 And we wouldn't even be aware they even are attacking 12:42:09 or would it help more to raise the long term average by mining prior for a bit longer (lower total hash rate = more coins = not as expensive to mine) 12:42:13 Amazon and Google do not own anything close to 99% of compute. They're like 25-30 each at best. There is Azure, there is Alibaba or whatever the chinese cloud is (you bet they would be mining with plausible deniability even though mining is banned in China), there is Hetzner and OVH in Europe... etc. > <@monerobull:matrix.org> Right now Amazon and Google have 99% 12:42:29 Trust in monero could be destroyed in a single block 12:42:53 @unt0ld:matrix.org: Google has more than Amazon and Microsoft combined 12:42:57 #monero:monero.social please 12:43:00 that's been true, not a new development by any means. that was probably true when RandomX was deployed > <@monerobull:matrix.org> I wouldn't be so concerned if not for the fact that we literally can't protect against it if Amazon decides to attack 12:43:10 Compared to our network they have total dominance 12:43:52 using commodity hardware like CPU already implies your miners will be dwarfed by non-miners 12:44:04 @ct:xmr.mx: Burst helps the most against a burst attack 12:44:20 @monerobull:matrix.org: How do you figure? 12:44:46 immediately speaking energy would best be used getting mining pools to coordinate on detective mining 12:44:54 wasnt asking you mb 12:44:54 How about tweaking the mining algo to favor ARM devices while at the same time keeping the RAM requirement? It could be the most decentralized PoW. Billions of phones would mine. Or a multi-pow: 50% same old RandomX, 50% tweaked RandomX favoring ARM. Is there anything in the ARM architecture that can be taken advantage of to implement this idea? 12:45:09 @ofrnxmr:xmr.mx: Attackers who just want profit don't want to spend hundreds of thousands for sustained majority 12:45:29 They rent a ton of short term hash for tens of thousands, attack and leave 12:45:33 user000: nobody wants to melt their phone to mine Monero. phones have terrible thermal synamics 12:45:35 dynamics 12:46:05 @monerobull:matrix.org: I agree that pow still works against these kinds of threats in the long term 12:46:22 A 3 hour reorg won't destroy monero 12:46:24 user000: datacenter ARM cores are going up and have extreme amount of cores and ram 12:46:45 But if someone really wants to destroy it, they can. 12:46:46 they are even more out of hands of people 12:47:16 How about riscv 12:47:21 economically speaking, it's on receivers to wait until enough PoW has been accumulated e.g. you'd want to wait a full 24 hours to confirm 100k in XMR. If you let $1000 worth of poW confirm your $100k transaction, that's on you 12:47:59 I'm not worried about short term doublespends 12:48:14 data center ARM would completely mog phones. actual solutions: 1. increase price 2. increase miner rewards 12:48:14 I'm worried about a months long reorg 12:48:29 > months long reorg 12:48:33 Maybe checkpoints can prevent that 12:48:38 that is already done with regular releases and checkpoints 12:48:42 increase fees 12:48:50 @ct:xmr.mx: somebody wanted to use like USB sha256 ASICs or something to supplement RandomX but I think that was tabled for various reasons 12:49:22 That makes me slightly less worried 12:49:27 For Monero, I'd hope to target hundreds, more ~500 : : 12:49:37 See ofrn 12:50:04 has there been serious discussion about fee increases? I'm all for it as a simple countermeasure 12:50:11 Won't help 12:50:23 long reorgs are prevented by DNS checkpointing if you want an immediate solution. i don't even think it's even that centralized if there are enough domains. it's like a social finality layer of something. no need to overcomplicate in short term imo 12:50:23 Fees make up a tiny fraction of the block rewards 12:50:24 @monerobull:matrix.org: See what? 12:50:36 Separately, thanks : for your twitter replies I was pinged on calling that bs 12:51:24 Separately, I agree this conversation isn't really research. It's eternal debate on if PoW or PoS would actually be better. 12:51:32 Oof ok 12:51:42 So that would be ~11k xmr per staker 12:51:52 That is a lot higher than I would have imagined 12:52:39 My opinion is even if Qubic hasn't themselves 'broken' PoW, though I believe they could have done a 10+ block reorg, they've demonstrated it is breakable if not broken. I believe a PoS layer is far less likely to be broken, but we could get a PoS layer and it could immediately be broken. 12:53:17 My personal goal for now is to not fundamentally conclude PoS is off the table, and to do research on a finality layer to best explain the topic and step us forward _if_ we were to adopt it. 12:53:20 Slightly below 10k xmr if we assume 10% is lost 12:54:30 @monerobull:matrix.org: How did we get here? 12:54:43 Assuming 30% of float is staked 12:54:48 Split that across 500 12:55:12 If we have 1.4b USD of stake? 12:55:53 Roughly 12:55:58 Eh. It gets better when you consider one validator could have multiple stakes, and when you consider cutting off everyone below X. 12:56:15 @captaincanaryllc:matrix.org: Fees make up average of 1.2% of block reward, so 10x fees would make effective block reward more like 0.72 XMR instead of 0.6 12:57:14 @kayabanerve:matrix.org: Makes sense 12:57:32 It would be vastly higher than eth in any case 12:57:59 To be fair, eth staking is in direct competition with all the other ways you can make money on eth 12:58:24 So there will be less staking demand on eth than monero 12:58:32 ETH also has the advantage of having options like Rocketpool which I don't think Monero has the capabilities to support 12:58:55 We could probably build a custom solution into the protocol 12:59:00 Thorchain has one 12:59:16 Although that again just adds complexity 13:03:00 @unt0ld:matrix.org: it won't solve anything but it's not bad imo.... potential issue is while ~10 cent fees may make sense now, if XMR were 10k it'd be more like $3 13:03:42 although if XMR were 10k I guess you'd expect dynamic blocks + fee algo to kick in 13:04:03 The work of FCMP++ already separates membership from ownership. Support of delegating whole stakes would be trivial and inherent to the concept of security (don't require the private Monero spend keys be hosted by an always-online node). 13:04:14 We get a fee increase with fcmp right 13:04:46 For partial stakes, transaction chaining and multisig may be sufficient. 13:04:48 Monero mining budget has just been too pathetic. Sorry it's true. I know so many potential miners forgo mining Monero. 13:04:53 Depends on the changes made to fees 13:04:56 @monerobull:matrix.org: depends whether you mean per tx or per byte 13:05:18 In either case, "maybe, maybe not" 13:08:01 Even increasing fees is useful, but cope. I hate the anti-moonboy and not caring about the price culture because the price is absolutely crucial for the security. 13:08:14 PoW PoS doesn't matter. 13:08:46 I don't think that's why XMR price is suppressed 13:09:07 then all some entity has to do to attack the coin is to short it :) 13:09:28 it doesn't matter if it's like 1% that is liquid if that's what's used to print a "price" somewhere in a tracker 13:10:41 Central banks, finance regulation NGOs, and academics literally wrote paper specifically singling Monero as a threat and proposing price suppression and obscurity as attack measures. And then Monero people play right in their hands and say "we don't care about price". Well, you should. 13:11:16 I mean I agree but caring about price isn't going to get us a Coinbase listing, you know 13:11:32 what's your actual proposal 13:11:46 You don't need listings. Liquidity being so low is also an advantage to pump the price. 13:12:34 although for what it's worth increasing the price won't change the fact that we have 0.8% inflation which means security budget relative to network size will stay small at any price 13:14:05 @jwinterm:matrix.org: @jwinterm:matrix.org: how so? they seize the coins and then what?if they do this a monero fork appears where the gov coins are slashed to 0. the old chain loses value rapidly as the liquidity moves to the new one. I dont understand why this is still not clicking with people. The government can also j [... too long, see https://mrelay.p2pool.observer/e/3M7xpLAKX1NOT1FB ] 13:15:19 @unt0ld:matrix.org: people say it to differentiate us from the gambling crypto culture, which is universally hated by normies 13:16:18 @unt0ld:matrix.org: tbh both pro and anti moonboy is cringe. price talk is reflexive on the way up and on the way down. it does not really solve anything. it is just noise in the background > <@unt0ld:matrix.org> Even increasing fees is useful, but cope. I hate the anti-moonboy and not caring about the price culture because the price is absolutely crucial for the security. 13:16:22 water under a bridge 13:16:42 and even the meta debate about it is just noise 13:17:37 I kinda agree. There just need to be culture shift to recognize hoarding monero as a means of securing it. 13:19:25 Too much "oh I will just swap to monero and spend it, don't need to keep it" mentality. 13:20:29 Adoption > hoarding 13:20:48 Solution: Narrative of Monero as a better than Swiss bank account. That's an adoption. 13:20:58 .. but this is casual #monero:monero.social discussion 13:20:59 @unt0ld:matrix.org: actually true, been saying this for awhile 13:22:00 the narrative needs to make sense. The issue if you have a bunch of overinvested tweakers is that the thing self regulates. they will look overeager and there will be drama on twitter and that will lead to less new people after a while 13:23:42 I am not against it. Its most likely a distraction though and better to focus on fundamentals 13:23:54 belief is the wound that knowledge heals 13:24:58 I used to believe that. Then the knowledge that people tend to disregard knowledge contrary to their beliefs cured that wound. 13:25:03 Now, I... oh wait. 13:25:31 (a nice way to put it btw) 13:26:19 I can't think of a reason Coinbase wouldn't list XMR at least in the US at this point. it unironically might be worth pursuing. Kraken gets away with it and nobody in power in the US gives a shit about regulating crypto anymore. Gemini even supports shielded Zcash withdrawals 13:30:03 If Monero starts to get some real weight behind it, you may discover things move and turn out that a lot of the anti-monero is just "precautionary" smoke. Monero is a threat to a significant part of the system, yes, but a lot of anti-monero is just smoke with no teeth behind it. 13:43:51 the cheapest fud you can get away with to keep it out of the public's consciousness 14:05:46 > <@spirobel:kernal.eu> @jwinterm:matrix.org: how so? they seize the coins and then what?if they do this a monero fork appears where the gov coins are slashed to 0. the old chain loses value rapidly as the liquidity moves to the new one. I dont understand why this is still not clicking with people. The government can also [... too long, see https://mrelay.p2pool.observer/e/0-WuprAKX1BJb0ts ] 14:05:46 Repeatedly hardforking on short notice is impossible for decentralized network, this would kill it imo 14:06:06 And if they're seizing coins and applying pressure to a few exchanges you may not even know 14:06:31 It's not at all the same as seizing legal hardware and then expending constant energy to run it imo 14:25:05 @jwinterm:matrix.org: you would always know 14:25:14 you cant exactly censor specific transactions in monero 14:25:34 so if you are going for a minority stake attack all you can do is stall out block production 14:25:49 which is of course immediately noticed by everyone 14:44:45 qubic has started mining selfishly and including spam transactions 14:49:17 as last time if anyone wants to monitor if they are on any active big reorgs, you can check https://qubic-snooper.p2pool.observer/tips.txt (refreshes automatically) 14:54:53 @monerobull:matrix.org: Not exactly, but at least for now you can approximately 14:55:54 > <@jwinterm:matrix.org> Repeatedly hardforking on short notice is impossible for decentralized network, this would kill it imo 14:55:54 @jwinterm:matrix.org: if there is no ambiguity around what the right chain is, it is not an issue. Both Eth and sol had downtimes. More stake would not have prevented these down times. At the same time bitcoin had down times as well. The chain even had to be reverted in 2010 14:56:28 On August 15 2010, it was discovered that block 74638 contained a transaction that created 184,467,440,737.09551616 bitcoins for three different addresses.[1][2][3] Two addresses received 92.2 billion bitcoins each, and whoever solved the block got an extra 0.01 BTC that did not exist prior to the transaction. This was possibl [... too long, see https://mrelay.p2pool.observer/e/w8fop7AKbzExYXl5 ] 14:57:14 so the goal should be to make the protocol as simple as possible to make these kinds of bugs unlikely and quick to detect and recover from 14:57:19 @jwinterm:matrix.org: Fcmp 15:11:55 @jwinterm:matrix.org: regarding seizing stake vs seizing legal hardware: yes its not the same. One can be counteracted with the stroke of a fork. The other can't. 15:13:39 If you're quick enough and the seizing party does not have body armor, it can be counteracted with the stroke of a fo maybe it will work in minecraft or in townforge 15:16:20 * incowgnito ponders whether to explain the joke and decides to leave it be 15:16:28 but IRL fork stroking against the government to protect proof of work is most likely ill advised 15:17:56 even with the typo it was clear 15:18:57 any update on the dns checkpointing? 15:19:10 the more interesting question in pos land: is the community willing to entertain the idea that there will be down times eventually. Eth seems to be more conservative on this while sol tip toes into this more openly 16:33:56 DNS checkpoint questions: 16:33:56 1. Is it going to be enabled by default in the next version? 16:33:56 2. How are you going to prevent chain splits between nodes that have it enabled and not? 16:33:56 I suppose the solution is to make sure the top pool operators enable it so the checkpointed chain always wins.[... more lines follow, see https://mrelay.p2pool.observer/e/z7bNqrAKaFVZN0Z4 ] 16:35:30 1. No 16:35:30 2. The longest chain wins. Non-enabled nodes will reorg back to the checkpointed chain, providing that the checkpointed chain has majority hash and is ahead of attacking chain 16:35:30 3. Yes 16:35:30 4. Yes 16:38:52 I thought that it would be enabled with opt out as an option 17:44:40 nioc: i know that jeffro at least is strongly against it 20:15:44 if it only requires the big pools who dont like their blocks being orphaned to use it and exchanges/monero accepting services then it wouldn't have to be opt out. as DataHoarder mentioned today "that is already done with regular releases and checkpoints" reg "months long reorgs" so the checkpoints updated here are neither opt in or out, they just 20:15:44 are? im not sure 20:16:48 yeah, but those release checkpoints are in the deep past 20:16:54 not close to active / fresh tip 20:17:38 I see them being opt-out now, but not long term (once time has been put in removing the bandaid) 20:17:55 if bandaid is not applied across all major wounds it won't do much 20:24:32 plowsof: Yes @plow 20:25:23 i'm not sure if you can opt-out of harscoded checkpoints for reorg depth. --fast-block-sync=0 opts out for block sync, but idk if it also works for reorgs 20:27:15 I'll write a monero-project/monero issue about DNS rolling checkpoints. Does that sound good? It will contain pros & cons and a tentative TODO list. Or does someone else want to do it? 20:30:34 Does the domain registrar (Gandi) sign DNSSEC records or does the domain owner, i.e. Monero core team, sign the DNSSEC records? Wondering what someone could do if the domains were seized. 20:31:50 pls dont forget the Proof Of DNS comment https://libera.monerologs.net/monero-research-lounge/20250829#c576611 20:31:57 Idk anything about dns, but iirc they are signed by domain owner team 20:32:45 I think the main struggle right now is deciding on the best way to update the checkpoints. I'll attack again in a few mins to see if i can get to another broken state 20:33:40 Gandi's lowest TTL is 5 minutes: https://docs.gandi.net/en/domain_names/faq/dns_records.html#what-is-the-minimum-ttl-value 20:34:25 I'm using a TTL of 5 minutes for the TXT records now. 20:34:32 Does the domain registrar (Gandi) sign DNSSEC records or does the domain owner, i.e. Monero core team, sign the DNSSEC records? Wondering what someone could do if the domains were seized. 20:34:36 at the moment is gandi 20:34:44 but you could delegate the subdomain to your own records 20:34:59 doesn't matter much as root could swap DNSSEC keys if seized 20:35:03 and update records 20:35:15 DNSSEC as it is nowadays protects against active mitm 20:36:19 A smart way to do it, which would require node code changes, it to sign with someone's PGP key that cannot be seized. Then the node checks for the PGP sig. 20:44:20 For DNSSEC, It's better to have our own DNS servers. 20:44:20 As many registar managed DNS, you get the issues on where the registar make the keys and the DNS records (they can still change your entry and DNSSEC will be bypassed). 20:44:20 monerod could use Monero DNS servers by itself instead of using system configured DNS. 20:44:27 I believe the signing of the DNS data with a different key is intentional. Get hold of one key and you not have enough to subvert everything. DNS zone for, er, update hashes on DNS. GPG for binaries. I seem to recall there was a third thing somewhere too. Pony would know details of the setup. 20:46:00 I suppose checkpoints aren't in the way though. 20:50:08 We can use many DNS servers, like one managed per "really trusted" people, monerod could have a list of them and check many to prevent a malicious change 20:57:54 22:36:19 A smart way to do it, which would require node code changes, it to sign with someone's PGP key that cannot be seized. Then the node checks for the PGP sig. 20:58:02 that's quite heavy on TXT records :D 20:58:55 DNSSEC already is heavy unless you use ECDSA ones or Ed25519 (with lackluster support on resolvers when I tested it, 50% or so) 20:59:12 maybe adding one Ed25519 key is fine 20:59:38 no need to have GPG verification within monero daemon then :) 21:06:57 authoritative name servers for all the monero pulse domains seems to be cloudflare. make sure to spread the domains to different servers. 21:07:46 you can have split nameservers for the subdomain in question too 21:31:47 @rucknium: They update faster than 5mins afaict 21:32:24 But probably a good idea for the uodate frequency to be lower than the check frequency (?) 22:16:01 i think all qubic has does is verify a known flaw of PoW. Its not new. Its not novel. 22:22:19 someone just decided to dump a lot of resources into the effort in the hopes of profit 22:37:46 @gingeropolous: It's true, but, nobody cared enough until it happened 22:45:58 it's indeed not novel 22:59:23 I agree; let’s just increase the recommended confirmation time to 20, then 30, then 100, then 720 22:59:23 And when Wubic gets 51% and basically shuts down Monero 50% of the time (which is exactly what they will do), we will just alter our design. 22:59:23 After all, if Monero is just a gigantic mixer for criminals with no use case outside that…..who cares if it is down 50% of the time? 22:59:46 @preland: Can you fk off 22:59:59 @ofrnxmr:xmr.mx: Fine. 23:00:03 leave the trolling to the troll-tolerant rooms 23:09:08 qubic is ahead 7 blocks 23:15:49 Where do you see that> 23:16:06 The snooper appears to be unreachale @datahoarder 23:16:23 nvm, finallt loaded 23:17:41 @lordx3nu:matrix.org: only a 2 block reorg at this time 23:21:59 oh, they are trying to make a nice one 23:27:15 +11, they could do 10 here 23:27:37 usually their strat if they are ahead is wait until monero is at 9 blocks possible, then release 23:30:19 @rucknium:monero.social i think i know how the checkpoints broke 23:30:19 1. Your node created checkpoint 106 23:30:19 2. Your node did not check for the new checkpoint yet 23:30:19 3. My node did not check for the new checkpoint yet[... more lines follow, see https://mrelay.p2pool.observer/e/263CtrAKYVdkdGxW ] 23:33:29 I think we need a better way for the checkpointing node to not get "attacked", i.e. prevent re-orgs to the attacking chain. I don't know if I can self-feed checkpoints without DNS. 23:34:20 --block-notify, with something maybe. 23:34:51 It may also have had an unexpected behavior during the rollback 23:35:06 2025-08-29 19:06:17.352 I Synced 2822112/2822112 23:35:06 2025-08-29 19:07:50.965 W CHECKPOINT FAILED FOR HEIGHT 2822106. EXPECTED HASH: , FETCHED HASH: 05ec63ea579e67dbb4391d7780d6e38c4757dd687e> 23:35:06 2025-08-29 19:07:50.965 E Local blockchain failed to pass a checkpoint, rolling back! 23:35:17 I think this might be a bug 23:35:43 It should have rolled back further than the wrong 106 23:35:44 Without context, that looks like the expected behavior. 23:36:05 8 blocks 23:36:07 But it seems to have rolled back to the wrong block 23:36:23 reorg incoming I think 23:36:26 9 now 23:36:32 it's here 23:36:43 they could have done 11 on this one 23:38:31 9 detected @lordx3nu:matrix.org 23:39:29 > two of those were moneroocean 23:39:37 sigh 23:40:42 @rucknium: i'm liking 144 more and more