Hey guys, just letting you know, we had to update our Trocador server today, so there might have been some instability on the service, but now everything is working again

The dump eet phenomenon happened with me

Prices for a memecoin went down by a lot right when I bought at above last sell price

* bought at a price above last

Anyway can someone explain 10 confirms to me?

Some people on the internet had said it was because of decoys, but isn't ring size 16 now

10 confirms to improve decoy selection

if you spend too fast, it might be obvious which input is spent

simple explanation

that explanation is nonsense.

the only real reason is to prevent txns being invalidated by reorgs.

as for "spending too fast" it doesn't matter how many confirms you restrict.

if you want to spend fast and N confirms=20, then everyone will start spending after 20 confirms.

if you set N=5 then everyone will start spending after 5.

the actual number is irrelevant, as far as spending-as-soon-as-you-can goes.

hyc: Reorgs should be mostly impossible after 2 confirmations, right?

not impossible but highly unlikely

so why do the official wallets want 10 confirmations? wouldn't 5 basically make a tx immutable?

in normal operation, we've never seen more than 2-deep reorg. a 51% attacker could choose an arbitrarily deep reorg.

10 confirmations makes a 51% attack much more expensive

on my node's logs I see we had 3 depth-3 reorgs in 2018 and 1 in 2019

no others sine 2018

people need to quit their whining about the 10 confirmation requirement. if they want a weak chain they can use something else.

they should learn to break larger denomination coins into smaller ones, make change when they need to.

wallet authors might spend some effort thinking about how to make that more convenient

but weakening defense against 51% attacks is fucking stupid.

It's true that 10 confirms might make the network more secure but a 20 minute lock time isn't convenient for normal users

If we want Monero to replace the global banking system, we need to make it atleast as convenient as bank transfers

crypto is about being your own bank

that means being responsible for making change for yourself

and if you do it in advance, so you always have several usable coins in your wallet, then the confirmation time has no impact on your spending ability

the convenience issue is BS. it only requires a little advance preparation.

you can do it once/day, or whatever time before you leave the house to go shopping, or whatnot

hyc: I was wondering though, was 10 chosen for a specific reason, or would it be worth researching into a longer/shorter lock?

We've seen miners come online that seem to have bursts of 10% of the network hash etc.

Assuming: just because we havent seen deeper then 3, doesn't mean there arent shadow miners or offline farms able to reorg 4+ (potentially much more?)

Usability is not BS, but reducing the minimum confirmations is not an acceptable solution as elaborated already.

However, wallets should do a MUCH better job communicating the lock time to the user, and they also should offer single click workarounds. UX Example:

When the first transaction arrives in a freshly created wallet, the user is confronted with the lock time, maybe the first time ever. This is a good time for a popup saying "Don't worry, this is normal, you can spend in about 20min. Note that this lock time applies the the change you get too."

Then on a second popup it could recommend: "To spend several times in quick succession we recommend keeping independent coins. Click this button to generate them now. Alternatively this wallet can generate change automatically. Set slider (eg. 1-5) how much coins to keep at minimum.)

On that note, anybody got update on what happens to monerujos PocketChange feature? Its listed as "funded" and "WIP"

i noticed user monerobull answering questions in the reddit 'ask anything monday' thread, thanks ! reddit.com/r/Monero/comments/10j94d…ask_anything_monday_january_23_2023

Plowsof why did you write that so weird

im watching you sir

sometimes those threads are not active, nice to see

I see every single god damn comment in the subreddit (60-70% bot garbage), might as well answer questions

Weird name though

MAAM

Not my idea 🤷‍♂️

The bot garbage put me off the subreddit completely. I gradually noticed I was spending hours of my life reading trash just to think "bot comment again"

Have an insider in magic grants now

Magic Grant for stopping reddit bots plz

blankpage[m]: Just go to 4chan.org/biz/xmr

"We are really seeing the good research here, man" 🫣💀💀

We at biz have infinitely more monerochans than reddit ever will

I previosuly went to the subreddit for insightful technical comments and news, not monerochan

It should be WAY better as of a couple of days ago

Reddit has r/monerochan for that

Oh there is a bot fix already on reddit?

monerobull[m]1: Meh, I'd rather have cocaine and meth monerochan than reddit monerochan

If that is true and it has worked then you have really made my week 🙏

We also have McAfee

Not really a fix but you guys shouldn't see most bot comments anymore

I still see them in reddit push notifications

but when I open reddit to answer, they're not there :D

It's still a ton of work since you need to manually remove them all

weird, because I get a notification, open immediately and it's not there. Is it auto-hidden?

But the public doesn't get exposed anymore so yeah mostly "fixed"

or sometimes, if it's not a bot comment, it remains hidden for a few hours after notification, and _then_ becomes visible

sech1: Can't go into details in case the botmasters listen in

The tech support ones are the best lol

"Dear sir, Monero tech support is here to help you"

sech1: That's probably when we manually approve something

not sure if you can control it, but you probably need to filter push notifications too

because it seems everything gets through there

Hmm in that case I guess the botspam might still be visible in other reddit frontends I use with a redirect extension. Maybe I will have to go back to regular reddit in exchange for hiding the noise

Good to know

State secrets for fighting bots

Btw, semi-related to monero, dread forum should be up within this week

Yup

why not just fully ban all bots?

They'll create new accounts

they do that anyway

I think bots already get banned, there wouldn't be any reason not to

sech1: i noticed pools update the block template > resend the block height with more tx in it.

When solo mining to daemon using xmrig, should the "new job" be updating the number of tx as well? Seems it only changes when a new block is mined

yes

I'll made a setting in config.json for this

*make

Thanks!

gm

morning narodnik

Monero daemon+wallet in C is my wet dream

* daemon+wallet in pure C is

cockliuser[m] what about Rust?

Rust is not very portable

Besides, 1Gb binaries aren't very convenient

I was just asking because someone here wanted Monero in pure Rust not long time ago :D

Yeah rust people are a bit like evangelists

C++ is fine. Everything C can do, C++ can do too. In extreme cases, linking with .c files is always an option.

Nothing against C++, just think that OOP isn't really needed in most cases

Imo C would fare better and potentially increase performance if used properly

C++ can get better performance in many cases. Simple example is std::sort in C++ vs qsort in C

you can't inline the comparison callback in C, but compiler can inline it easily in C++ due to how templates work

in C it must be a pointer to function and a function call

Still, C++ has the inherent complexity problem

Templates and inlining can get a clean and compact code in C++ whereas you'd have to write 10x code in C to get the same performance (because you have to inline functions by hand).

Templates are more syntactic sugar I'd argue

Besides, OOP by itself adds a level of complexity

yes, but with templates you don't have to make a copy of qsort every time

And complexity is bad for secure systems

OOP is not required in C++

you can use C++ as "C with templates" most of the time

"C with templates and constexpr"

It isn't, but it's a feature

More features generally are regarded as complexity

C is more strict in that matter

yes

my point is C++ can be faster exactly because it's more complex

I agree that it can be faster

But not more secure

Monero uses a lot of C where security is needed - see monero/src/crypto folder

Yes, the primitives are all c

If you care about security then you want Rust or Ada, or Pascal or whatever but not C. Picking C for security is the wildest claim I've ever heard.

esac212[m]: Every industrial cryptography library is written in C :)

Memory-safety is the compiler handholding the developer (imo)

Yeah, we see the consequences of "every library in C" with OpenSSL CWEs :D

* CVEs

cockliuser[m]: C compiler manages stack for the developer. Is it handholding?

"everything in C" is only because "everything before" was in C

C for programming languages = Bitcoin for cryptocurrency

Grouping CVEs under faults of C is disingenious

We have no evidence that using rust would've stopped those CVEs from occuring

sech1: Bitcoin is more like COBOL

sech1: C is still nice when you want or need to know what happens on the hardware level

A programming language that makes buffer overruns and/or use-after-free impossible would certainly avoid many CVEs from OpenSSL

and it's not C or C++

OpenSSL has it's own complexity problem

I prefer the OpenBSD devs' implementation of SSL/TLS

<cockliuser[m]> "Memory-safety is the compiler..." <- Also, "handholding" is a cornerstone of any security-oriented engineering. The more mistakes can be eliminated by putting domain-specific constraints and by enforcing known good practices to approach a specific problem the better.

This may sound weird, but C# would be better than C/C++ to write secure code - simply because it does bounds checking for all arrays, is strongly typed, detects uninitialized variables, and has better memory safety

esac212[m]: That isn't the responsibility of the language

As soon as you make that the language's responsibility, you keep adding features until the language stops being useful

See: Rust

I know Rust better than I ever wanted to know it. There are almost no new features in Rust. The last serious expansion(async/await) was added 4 years ago. All they're doing now is they're trying to fix bugs, inconsistencies and logical fallacies of the language released in 2015.

<sech1> "This may sound weird, but C..." <- Doesn't sound weird at all

esac212[m]: I'd argue that the cargo infrastructure, and the reliance on llvm is a whole clusterfu.k in itself

Besides, rust isn't portable to many architectures

And from the almost unusable WTF is that Rust 2015 they made a great progress to almost usable Rust of today.

Cargo is not mandatory, you can replace it with any build system you like. GCC backend is coming too, so LLVM won't be the only option quite soon.

Also, I don't recommend to rewrite anything like Monero in Rust for "security" anytime soon. Rust just provides you tools you can use for "defensive programming" and you need to **learn** how to use these tools before approaching any serious projects. From my 4 years of commercial experience with Rust not a lot of folks have an understanding why they're using it. What's worse is they tend to think that just because they're using it

everything automagically becomes fast and safe. As the result the dumbest bugs I've ever seen were written in Rust.

New languages have this problem especially golang :')

If go developers actually understood plan9, distributed computing and unix, everyone would be so better off

But they just use 9pfs sometimes as a tool for network filesystems

Prime example is docker and kubernetes

I'd rather kill myself than touch the docker codebase

cockliuser[m]: Go is not a new language

it was created in 2007

Its very new

cockliuser[m]: +

cockliuser[m]: `+`

xfedex[m]: C was created in the 1970s :)

cockliuser[m]: C++ was created in the 80s and JavaScript was created in 1995 :)

I think Go might become useful in 2050

Go has effectively abandoned the Pike philosophy by adopting Generics in go2 :')

The number of bots/paid spammers in this thread scares me reddit.com/r/Monero/comments/ttgvut/haveno_isnt_a_dex

I think the bot operator is trying to get upvotes on these accounts in the Monero sub so the bots can post in r/cryptocurrency.

r/cryptocurrency counts karma earned on other cryptocurrency subreddits.

If that was so those bots wouldn't be commenting things likely to get downvotes

That thread is filled with bots replying with haveno shill replies without any context or argument

The bots aren't that smart. They're bots. Their comments are usually posted a day or two after the thread. Most normal users don't see them.

Don't want to spread FUD but I feel like haveno paid people to do that

* Don't want to spread FUD but I feel like haveno paid a company to do that

Multiple replies on that post are similar to reddit.com/r/Monero/comments/ttgvut/comment/i32jb1i

how much does running a node actually help the network?

NeroCultist[m]: A normal node? Not much

An i2p node? Much, much moreù

s/moreù/more/

ferb, I know what i'm gonna do today

Well i2p is lesser used

there aren't many i2p nodes, so they are useful to the network

because it's hard to setup, atleast compared to tor

Can't i make a node on clear net, i2p and tor?

all at once

(if i make a node on tor the feds won't raid me right?)

Clearnet node will cause the raid

has a monero node caused a raid before?

Who knows? Maybe it will in the future, maybe they already took over big nodes and now link ip addresses to wallets

* they already raided and took over

The solution is run your own node or use Tor

if running a monero node might cause a raid what if your isp know you're using tor

What is a "big node"? And how could Dandelion++ reduce the benefit of controlling a "big node"?

Rent server far far away using monero

then host you're node there

Big node would be nodes that are included in wallet software.

Some wallets use preferred remote nodes (Both feather and Cake do it, don't know for the others)

I'm going to start self hosting a lot more.

And if you think you're ISP might be triggered by tor, use neighbor wifi?

I hae a fleet of singleboard computers so I will use them to the best of my ability

my goal is 1 XMR node, one self hosted matrix instance and then some other cool shit ontop of it.

what if neighbour is using the same isp

At least it's at the neighbor name, not you'rs

what if government turn internet off

Then all coin go to 0

:(

please correct me, we should be running a tor relay node (not exit) 24/7

so at no point are we "turning on tor for 10 minutes"

isp will know you are using tor , but not specifically when

plowsof11: exact

Tor never off

With Seraphis-level ring size (128+), I wonder how easily even an adversary-controlled "big" remote node could link two transactions sent to it.

And sometime there is more than one instance of tor running

i think alot of users simply plug their taisl usb in once a month

Maybe "popular" is a better term than "big" node

Just use whonix qube, I don't like to reboot

plowsof11: People have been arrested for running relays in the past

Rucknium[m]: Yeah, there listed in wallets nodes list would be the prime target imo

huh

Rucknium[m]: Good lord, how big is seraphis tx?

cockliuser[m]: Move to a free country if that kind of stuff append around you

* Good lord, how big is a seraphis tx?

running your own node of tor will appear the same as a relay node no?

cockliuser: I think 30% larger than current txs with ring size 16

cockliuser said clear not monero node = raid and tor relay = raid

im confused

How? More efficient cryptography

nice

plowsof11: I mean running any kind of server that the government doesn't like might get you raided haha

The solution for that, atleast for a monero node, is to host it over tor

cockliuser[m]: That's why you host it behind tor.

or... Rent a server using the monero and never connect to the server with anything but tor

I already mentioned that

cockliuser: Look at the 2nd graph here "reference set size vs. transaction size": monero-project/research-lab #91

Seraphis is "concise" or "squashed"

It's "sub-linear"

Logarithmic increase in tx size with ring size

16:29 <cockliuser[m]> Don't want to spread FUD but I feel like haveno paid people to do that <-- I have been following these bots for ages and they also posted anti Haveno / Cake comments in the past

I don't know what the point of these bot accounts is

my assumption is , that reddit will only count a 'up / down' vote on a thread

zhoska[xmpp]: ping

so if youre a company who is selling up/down votes you have to position yourself as a market leader - with the most active bots that are eligible to vote on threads

eligibility determined with some algorithm (i have no idea if this is true but it seems to make sense)

<plowsof11> "my assumption is , that reddit..." <- Well actually post karma is worth more than comment karma

But the bots won't get upvotes with posts because they can't post anything that will get upvotes, because they're bots after all

So they just comment random shit

comment random - 1/10 of those bots got a thumb up - this 1/10 bot can now upvote another bot - and then this cascades (assuming that you ave to be 'eligible' to upvote something)

its just an ongoing problem, that the kind mods of reddit have to deal with daily

xkcd.com/810 Someday soon - if you can link in some Reddit bots with ChatGPT

ping

plowsof[m]: pong

thanks, pauliouk had a message not make it through :'(

pauliouksaid : "xkcd.com/810 Someday soon - if you can link in some Reddit bots with ChatGPT"

I think the IRC -> Matrix bot takes one ,essage to wake up. So it eats the first message if there haven't been any IRC messages recently

Rucknium[m]: it does not happen if the room is setup correctly, but #monero might not be setup correctly since it's a new room

who has admin priviliges here on matrix side?

privileges

Hi, I want to send XMR from my linux monero-cli wallet (v0.17.2.3-release) , monerod daemon fails on "E wrong variant type: N10cryptonote12txout_to_keyE, expected txout_to_tagged_key in transaction id=<6..."

matrix-org.github.io/matrix-appserv…on.html#allowunconnectedmatrixusers this has to be enabled

petjutolo[m]: you have to update your wallet

0 days since a 17.2.3 report

THX, with v0.18.1.2-release it works fine now

Hi guys

Is there a type of Monero (sub) addresses that start with 4...?

Cuz I'm trying to make a payment and this is the first time I see an address like that

primary address (or a longer integrated address) begin with a 4

Also, when confirming the transaction of Ledger the device is showing another address. Am I being sandwich attacked?

you can paste the address here to be sure monerotech.info/Home/Address

the ledger will show the base address (of the integrated address) you will also see it on monerotech .info

its a common issue that ledger need to solve

Ah yes, ledger is showing what appears to be the "Base Monero address with payment ID stripped"

So it's all good?

correct, all ok

Awesome. I was having a hart attack for a second there 😅

On another note, do you guys know if any progress is being on cross-chain DEXs?

Because I have been following the potential integration of Haven in Thorchain, which would lead to Monero later. But it's not looking well over there for the time being.

super-punk[m]: *being made

i thought particl's dex is working already

what is the best way send monero from cake wallet to binance? in binance i couldn't find receive feature

don't send monero to binance\

don't do any business with binance

-.-

hyc: in my country the best crypto software is binance

if you tell me how do this job that would be great

Trying to go to fiat?

if you send any money to binance you will never see it again.

if you have to use binance ask their support, they have to provide a receive address, we can't help

binance is the biggest centralized exchange on the planet and so it obviously sucks - but the claim "Binance US just got a $250 million crypto bailout" doesnt sound credible.

it's all there for anyone to see twitter.com/MikeBurgersburg/status/1609277551754575872

<cockliuser[m]> "Btw, semi-related to monero..." <- How do you know this? Even it's onion address will be functional? Will it's address be the same or will it be on a new onion address?

Why binance should obey USA admins?

They also serve Russia, no issue there

<plowsof11> "has a monero node caused a..." <- Maybe not yet, but the day will come. Not in all countries, but in those where Big Brother is the most sophisticated and well financed.

<cockliuser[m]> "The solution for that, atleast..." <- This is true. But your ISP will still catch glimpses of what is going on when the Tor node connects to clearnet nodes

<as2333> "reuters.com..." <- They also sell crypto in Turkey, where it's illegal

xfedex[m] nice =)

so playing devil's advocate here : at least binance doesn't fully toe the US party line

I don't think that "US party line" really likes turkey

So they ignore US 'sanctions' against iran and russia. Ignoring the dictates of the turkish govt isn't directly related, true. Overall those are examples of binance not fully obeying governmetn bullshit.

that said, fuck all exchanges =)

except TradeOgre

Need to funnel money somehow

<fr33_yourself[m]> "How do you know this? Even it'..." <- Hugbunter posted an update

Test