00:00:16 if you connected manually to a malicious node, thats probably a "you problem" 00:00:41 I agree 00:00:42 GUI connects to malocious nodes automatically :D 00:01:02 @ofrnxmr:xmr.mx: And advertises the feature to noobs 00:01:05 select a trusted node manually 00:03:30 didn't monero.fail get flooded with a sea of I2P nodes suddenly one day? 00:44:01 Yea 01:03:03 getmonero also says this in the faq: "All transactions on the network are private by mandate; there is no way to accidentally send a transparent transaction. This feature is exclusive to Monero. " > on monero front page since I remember 01:05:31 is there a single system that doesn't have a kind of viewkey feature? even tornado has it. maybe some coinjoin impls? 01:06:57 just_another_day: that is true 01:07:06 there is no way to actually send a transparent transaction 01:07:17 but monero doesn't stop you from leaking your view keys or sending rnadom people proof that you sent the TX 01:07:29 s/actually/accidentally/ 01:07:46 because that's not accidental 01:09:37 As in, you can't make a transaction open to everyone 01:09:56 Like Z vs T on others 01:10:05 can't I publish my view key in the open? 01:10:27 How do you do this in the network? 01:10:35 ^ 01:10:37 You can send it here, or post it on a website 01:10:40 you can only do this off-chain 01:10:54 it's not a big difference really 01:10:54 i mean, you can shove your keys in tx_extra 01:11:02 It is a big difference 01:11:06 it is 01:11:23 if you wanna publish your keys so badly, monero won't stop you 01:11:29 Specially that even your transactions mask others 01:12:01 we want transactions hidden from a single adversary primarily 01:12:41 and this adversary can persistently ask for the keys 01:12:56 They can ask for your spend keys 01:12:58 Or for you to provide interactive proofs 01:13:02 Regardless 01:13:13 no one is gonna give them spend keys 01:13:17 that sounds like a problem outside the scope of monero 01:13:27 why would someone want to make their transactions public anyway? I'm confused. 01:13:31 No one is going to give them view keys 01:13:33 See? 01:13:33 if the adversary has a 5 dollar wrench on the top of your head 01:13:42 then they'll make you give them anything 01:13:46 because aml demands so 01:14:03 rrjo1zj8p7lhtl15lylp: for example Monero donation wallet operates in the open 01:14:08 people happilty compromise their privacy doing kyc 01:14:17 no one wants to lose their coins 01:14:33 It's transactions are still the same class as others, but they have shared their local keys 01:14:36 Remember that for you to decode your keys that sort of key exists 01:14:44 Cindy: we're going back and forth, but the adversary powers are not unlimited 01:15:15 just make a new wallet, send your coins to your new wallet, be careful. 01:15:15 Then the adversary asks you to move to their wallet that reports but you keep your keys 01:15:27 i just want to maximize the political cost of forcing users to make their wallets transparent 01:15:36 Or asks you to make an interactive proof for every tx ever automatically 01:15:53 don't admit to having a wallet maybe lol 01:16:06 And same way, can't tx again with them if you ever withhold proofs 01:16:15 Note you can prove you have not received or having received a transaction without sharing tx keys 01:16:24 I wish I had enough money that I actively needed to be creative to not lose it. I play with pennies. 01:16:39 View keys* 01:16:43 This is again using the proof system 01:17:06 if i want to reveal my transactions or not, i should have the option to 01:17:10 DataHoarder are you on Reddit? Maybe just write an anti-FUD post? 01:17:11 Which is not an addition on top but something solely possible due to cryptography 01:17:30 explaining all the stuff 01:17:56 I just deleted the spend keys from my wallet 01:18:05 I feel safe now 01:18:10 Well there's the carrot derivation scheme and the PQ pages on MRL issue tracker and turnstile one 01:18:12 But people won't read 01:18:42 And will get stuck in semantics of what is view key or decoding etc 01:18:44 And what exists due to cryptographic reasons or as a side effect 01:18:48 nioc: do you like looking at a number :P 01:18:56 are you looking to get your coins out? or you looking to please regulators by saying hey look here's my wallet, hey look here's my transaction history etc? 01:18:56 Because you can just use BTC if you want to be out in the open. Most countries have delisted XMR for a reason I think. Your trying to accomplish the opposite of what xmr is supposed to do? 01:19:15 And what is a designed feature 01:19:17 Like here already :P 01:19:19 Now imagine doing this on reddit 01:19:27 : but what if i want to have transparent fundraisers 01:19:42 use btc 01:19:44 this is a secondary goal to Monero 01:19:49 Atomic swaps btw ^ 01:20:14 your trying to fish with dynamite. use a fishing rod 01:20:19 It is a primary goal 01:20:21 To be able to be auditable by you or other reporting selectively entirely by you 01:20:22 pursuing secondary goals is good, but not hurting the primary goal 01:20:30 Cindy: yes, hold only 01:20:52 (This is your own freedom to use the methods provided as you see fit( 01:20:54 monero's better not be auditable, so that we don't get aml bs 01:21:22 The primary goal is safe cash system , and now that includes quantum forward secrecy 01:21:24 I'm so confused why anyone would want this. 01:21:24 Auditable by people you chose 01:21:36 i understand the quantum play 01:21:47 my wallet no longer has keys and is now non auditable \o/ 01:21:54 You can also audit that blocks are mined with the right rewards 01:21:56 (That is why miner tx outputs are in the clear) 01:21:58 Real cash is audited by excel spreadsheads. that's why authorities don't like real cash 01:22:04 I want Monero to be the same 01:22:06 same reason why people like to be transparent sometimes 01:22:24 You also can prove the receiver you sent them funds 01:22:26 Instead of them claiming they received nothing 01:22:30 why the monero CCS does the same thing 01:22:34 even the monero general fund 01:22:38 I use cash but have never used excel, this time imma not joking 01:22:44 you can get the view keys of those wallets if you want, and look at how much they got 01:22:55 Imagine swapping funds in DEX 01:22:57 Without any way to prove the swap lol 01:23:27 This is what auditable is, and gives actual force to the transaction/money 01:23:29 Instead of sharing pictures that are fake 01:23:47 Cindy: if they already do this, why would we need more powerful view keys? 01:24:00 To make it transferable in a way you can prove doing so (without other person lying about it) 01:24:16 Again 01:24:18 They are not being ADDED 01:24:41 also to make the balance more accurate 01:24:48 They are a side effect of splitting spend and key image for quantum forward secrecy (and being able to migrate in the future) 01:24:48 in case people pull from the wallet 01:24:50 Also it's not even dependent on hardfork 01:25:07 CARROT is possible with cryptonote? 01:25:20 This is also what people misunderstand 01:25:22 It's not a consensus protocol (unless turnstile becomes relevant in the far future) 01:25:24 Yes 01:25:26 Carrot is two things 01:25:28 this is the explanation that makes sense. I get what your saying here. For escrow related issues. > To make it transferable in a way you can prove doing so (without other person lying about it) 01:25:29 this all feels like ddos 01:25:54 An output format (this is just a convenience) 01:25:56 And an addressing mode (new) 01:26:17 i'll let Ghost speak. He's a new voice here 01:26:27 The new addressing mode is not even implemented in wallet and probably won't be ready and doesn't matter 01:26:32 I'm just repeating myself really 01:26:41 ya think 01:26:57 It can come later, or someone else can add it 01:26:59 The legacy wallets also use the outputs, either old or new 01:27:07 im a noob, don't listen to me 01:27:27 noobs welcome 01:27:29 Carrot native wallets could just ... put this onto tx extra today 01:28:00 This is why it's called an addressing mode too, and addressing modes stay entirely on the wallet / client side 01:28:57 in theory does Carrot wallet help get xmr relisted on delisted platforms? is that the goal? more onramps to pump price? 01:29:25 it will not get it relisted, it will still work too well 01:29:26 The hardfork carrot output format doesn't add any new wallet format. The output format however allows deriving legacy or new better (unrelated to wallet features) so eligible addressing schemes (new carrot, partially legacy) can also get quantum forward secrecy 01:29:28 No way that helps 01:29:59 If anything it prevents future quantum adversaries from getting your history 01:30:01 More reason to deliat 01:30:13 @rrjo1zj8p7lhtl15lylp:matrix.org: I don't think that's the goal, but could be an effect of it, but we wouldn't know until it comes 01:30:20 I need to learn what your talking about. I'm aware of quantum risk , but not really knowledgeable on how what your talking about helps. 01:30:29 FCMP++ makes tracking via rings or outputs also not possible 01:30:31 So they can't do chain analysis 01:30:59 You will see an effort to increase spy nodes or attempt to remove features that make people safer 01:31:16 But isn't the PQ plan quite new? I mean, the OVK debate dates back to 2021/22 01:31:27 quantum, here is a link but good luck reading it :) https://gist.github.com/jeffro256/146bfd5306ea3a8a2a0ea4d660cd2243 01:31:27 DataHoarder: how is this achieved. we don't like chain analysis this I do know 01:31:37 So OVKs predate PQ 01:32:12 the history has already been explained to you 01:32:37 and the decision process 01:32:54 is this some sort of operation to destroy the brain cells of monero developers 01:32:58 and make them dumber? 01:33:13 DataHoarder says OVKs are a consequence of PQ 01:33:23 it's ok, DataHoarder is an alien, this is ez 4 him 01:33:27 Jamtis is before that 01:33:51 Not gonna lie Thankful, at this point its looking like you looking to argue, or have some never ending debate, people have explained you a LOT , multiple times 01:33:55 Again NO 01:33:57 It is a side effect 01:33:59 Of splitting spend key into something that you can use to generate key images 01:34:44 his username is accurate 01:34:53 to monero devs, it is just_another_day of arguing 01:34:56 It's not OVK -> bolt it onto quantum for reasons 01:34:58 It's that the scheme to allow quantum forward secrecy and it staying safe on an active environment necessitates the split 01:35:28 And because it exists, you can use it locally (or same as the other keys) 01:35:30 But without ability to SPEND 01:36:00 Cause spend key ended up separate due to the aforementioned reasons 01:36:26 @rrjo1zj8p7lhtl15lylp:matrix.org: There are no decoys anymore 01:36:59 The entire past Monero history is effectively your decoy ser 01:37:29 So you can't do statistical analysis 01:37:31 Even in the face of a cex or tagging attack done by entities 01:37:42 just_another_day you are getting an amazing depth of knowledge provided to you, it certainly worth something 01:37:46 may I suggest that you give DataHoarder a donation 01:38:01 You can't tag outputs and see where decoys might have used them in a ring signature 01:38:06 sure 01:38:13 the more I read the more I realize I don't know. Weren't the decoys a good thing? or your talking about CA sneaking stuff in? leaving breadcrumbs? 01:38:32 Stuff like this https://p2pool.observer/sweeps 01:38:34 Which I built on p2pool to show the point 01:39:00 decoys are good but have weaknesses, the only weak part of monero 01:39:04 Every mining output there can be tagged to come from a miner, so when multiple outputs are used you can statistically determine how likely it was them or not 01:39:08 Decoys are good 01:40:03 DataHoarder: where can I donate you for your time spent here? 01:40:05 But when tagged you can be open to stuff like this, or black marble attacks (see research paper( 01:40:07 FCMP++ effectively makes the decoy set be as large as all outputs in Monero 01:40:11 Meaning you can no longer do any statistical analysis at all 01:40:36 thank you 01:40:39 It is a chain membership proof that says "yes I exist in Monero" 01:40:55 I'm glad I joined this group 01:41:09 The linked p2pool observer page has a donation address at the end 01:41:11 Or blocks.p2pool.observer on the header menu 01:41:13 Under about 01:41:42 On the sweeps page I linked you can click in some 01:42:12 You can see how I previously tagged some known public mining outputs, then when they are spent in a group it is likely it was this miner 01:42:16 I don't decode amounts, or destination 01:42:28 your a smart man, this is all above my intelligence level. 01:42:45 But in many cases in sweeps I attribute the transaction to the miner entity 01:42:52 I appreciate the help in understanding a lot. 01:42:58 hang out and it slowly sinks in :) 01:43:15 I mark the sweeps as well, sometimes you can see secondary sweep groups 01:43:17 FCMP++: none of this is possible 01:43:21 Even if you know all outputs of someone via other means 01:43:49 Yes and I should be sleeping too 01:43:54 I just looked one last time, my curse 01:44:50 I have reimplemented the new hardfork features to test on stressnet, carrot output format and derivations for legacy, and carrot 01:45:19 I have raised concerns when I couldn't replicate results or when changes were done, I brought these for my own review 01:45:47 I made a list of changes to do to also make life easier for mining (which saw some implemented) 01:46:17 Example https://git.gammaspectra.live/P2Pool/consensus/src/branch/master/docs/STRESSNET.md 01:46:45 I didn't need to but I went and also reimplemented the PQ Turnstile as part of my end to end tests 01:46:47 This is how I learned about all of this 01:49:09 Can even play a game with the donation stuff neat 01:49:11 So someone sent me this just now-ish https://blocks.p2pool.observer/tx/693687f1ca2037a0e826f67f9ecb22697b2513b4f215f08b984b43aca0318bde 01:50:36 However I could claim to have received nothing. The sender can then generate an OutProofV2 (available under advanced -> prove?) or share the tx key. Others can then verify this on the block explorer by entering the details or on their local Monero GUI or CLI 01:51:07 https://irc.gammaspectra.live/66017aede397c3d9/IMG_8297.jpeg 01:51:09 That section 01:52:36 this is why selective proofs exist 01:53:25 have a good night and thx 01:53:33 I don't know who sent that, or which address came from or where the change went to 01:54:31 Maybe I'll peek around again I was sleepy but not anymore thanks for the excitement 01:54:53 a single tx proof is great, but allowing users to make their entire wallet transparent indefinitely is dangerous 01:55:09 I'm reasearching everything you posted. It is starting to come together a bit more clearly. Have a great night. 01:55:17 have a good night 01:56:27 All in all the concern is: the new addressing features of Carrot (not the hardfork tx format, but the upcoming wallet addressing) allows an user to disclose a value that allows tracking not just incoming but all spends, without allowing spending. This value is necessary for forward secrecy in the face of a quantum opponent 01:56:29 Options: 01:57:27 No new wallet addressing ever (it's not tied to hardfork) and no quantum secrecy . Someone could still release a wallet that implements it regardless 01:57:55 Make this value (OVK) be within advanced menus with a warning, and tbh, also add a warning to incoming view keys 01:57:57 And spend keys cause some people shared them 01:58:56 c. Make sharing dangerous values an advanced feature only available in CLI for Monero. For example, seed words or spend keys, or full view keys (OVK) 01:59:50 The no new wallet thing, can you further explain? Don't people do this quite frequently? 01:59:54 c. Part two: make them available via an alternate launch mode of GUI (but with a command line arg to start it for advanced users); or alternatively a very angry message 02:00:25 I mean no new wallet addressing mode (Carrot) 02:00:27 Not just no new wallets XD 02:00:57 You could make the argument that allowing users to share these is harmful and stupid, however, users ability to be stupid is also part of their freedom 02:01:59 DataHoarder: people get joined bank accounts with their wives, people give debit cards to their kids. I have thought of setting my kids up xmr wallets to show them the ropes. 02:02:20 Otherwise you'd be limited and cannot use Monero as a business if your financial auditor requires access to a spend wallet 02:02:23 realistically, OVKs will be promoted as a tool for charity audits, get added to every wallet and then AML will start abusing it 02:02:50 but why is that not done today 02:03:04 @just_another_day:matrix.org: they can't change every wallet, lets be realistic. 02:03:25 wallet devs will do it themselves 02:03:49 oh look a new cool feature to imrpove ux 02:04:10 DataHoarder: Monero is still niche 02:04:11 "fine, i'll do it myself" 02:04:15 And such wallet devs can do it today or later 02:04:17 That is the part I don't get here. It doesn't matter what Monero devs do 02:04:38 carrot is an infohazard 02:04:47 Someone else can do it ON Monero protocol/transactions 02:04:49 Like we already have non compatible wallets generated 02:04:52 What carrot 02:05:21 addressing scheme 02:05:22 The transaction output format? 02:05:24 Or addressing scheme 02:05:52 The only part that hard forks is tx format. Which doesn't bring up carrot addressing scheme with it 02:06:07 but it enables it? 02:06:20 The tx format is shared with Jamtis (for them to be compatible) 02:06:22 Not at all 02:06:53 They could put the same data in tx extra instead 02:06:55 And do it today 02:07:53 But no point was seen on this as the part that brings partial forward secrecy (even for legacy) it's the tx format 02:08:36 @just_another_day:matrix.org: Don't use the wallet format if you don't like it 02:08:41 keep your old wallet 02:08:49 It will still work on FCMP++ 02:08:52 Then carrot addressing format extends this and allows self send, change and internal txs to also be fully forward secret, and opens the way fur future full quantum encryption schemes 02:08:54 The hardfork brings FCMP++ and tx output format 02:09:22 You WANT FCMP and the output format 02:09:24 Keep fighting towards the carrot addressing scheme if that is what you want 02:09:47 @jeffro256: i don't want everyone to require shari OVK as an AML policy 02:09:53 isn't carrot and info-hazard only if you decide for it to be an info-hazard? > <@just_another_day:matrix.org> carrot is an infohazard 02:10:51 This is why the FUD is everything overreaching and tying everything 02:11:11 But the issue isn't about the hardfork per se 02:11:22 You have an issue, as I listed above: a future upgrade (in this case not a hardfork) brings a feature you view as bad or challenging. Listed are ways to go with it 02:12:20 But suddenly it's "stop the hardfork"???? All on Reddit cause FUD mixes it all up, and this is only good for detractors or adversaries of Monero 02:13:06 it seems the fear here is a misunderstanding, thinking monero is perfect right now, and that change will make it easier to get your wallet doxxed or that all wallets will be required at some point to do this. Even if that may or may not be the case. 02:13:19 I'm certain @jeffro256 would be open for this (carrot addressing scheme, quantum safety and the generate image key) to be brought on an MRL meeting item or somewhat explanation as this seems to be a contention item 02:13:47 It is clear cryptographically why it's needed but this usually doesn't transfer over to general understanding 02:13:53 DataHoarder: I posted the "Is optional transparency good for Monero?" post, it didn't get that much of attention, but then people started to generate AI slop based on it 02:14:45 So asking for clarifying the need of it: good, but instantly seeing it as an extra bad feature is a bad way to bring the topic up 02:14:57 hasn't monero always been optionally transparent? 02:15:22 you've got me convinced, but I'm not an expert 02:15:46 It has nioc 02:15:48 Part of the whitepaper too 02:16:27 i like the option b or c > Make this value (OVK) be within advanced menus with a warning, and tbh, also add a warning to incoming view keys 02:16:46 Yeah just_another_day that is how FUD works. Any organic traction is increased exponentially 02:17:17 You have doubts, you ask, then send people in panic with other people helping along the way and saying different things 02:18:16 Suddenly the only thing the hardfork brings is OVK: but it's not even part of the hardfork! And a weeks before the FUD was about quantum security and how Monero has done nothing. Which we point carrot tx format, carrot addressing scheme, and FCMP++ to combat current BS 02:19:20 It's not even scheduled, it's not even in the code yet 02:20:11 It's in stressnet on a different codebase still having changes, and the part people are talking about isn't even in the code yet or implemented for wallets (and doesn't need to, it's not in a rush as it's not part of the hardfork) 02:20:28 maybe a stupid question, but would it be possible to implement PQ-secure cryptography before a quantum computer emerges and migrate everyone from legacy addresses to this new scheme without the intermediate CARROT step 02:20:50 That is the desired pathway 02:21:05 However in case it's too sudden the turnstile is there as fallback 02:21:16 And once that's around you can't transact using old systems anymore 02:21:35 how long will people have to migrate? 02:21:36 Also, there is a cutover date for such moves too 02:21:38 Afterwards only the turnstile would work 02:22:08 ohhh like literal turnstile, one way in, no going back 02:22:08 There is no information around this. That is why the turnstile exists as a fallback 02:22:42 so is it like a toll bridge? 1:1 or will people be racing to swtich? 02:22:42 If the opportunity arises they'd definitely like not using this turnstile (it exposes some details to edite it's all verified and cannot be faked even against a quantum adversary) 02:22:51 No race 02:23:11 They go one way 02:23:13 Well not even one way per se, they just use that to move old outputs 02:23:43 A special way to unlock them instead of any new quantum safe scheme 02:24:13 Which by necessity is incompatible (it's not ed25519) 02:24:48 what happens to people that don't actively pay attention to what is happening? will they just be at increased risk? or they can migrate later or how does that look for laymen trying to stay secure and up to date? 02:25:44 But questions like these would be something to actually bring up into any future topics in research lounge maybe, but note that is a research focused channel and usually expects at least some form of understanding 02:25:53 The PQ Turnstile would be for those people 02:26:17 At some point, it'd be turned off. You can read on the gist about that 02:26:47 That is not decided not planned. It just lays down the technical means to accomplish a failover migration 02:26:49 > just increased risk 02:27:19 A quantum adversary can fake membership proofs so they can't be allowed to transact 02:27:49 They can also go backwards and break legacy wallets and have their history compromised pre-hardfork, or conditionally after 02:28:20 They also could fake and inflate amounts if allowed to transact normally 02:29:13 do you have any predictions when someone might achieve a functional quantum device capable of all these scary things? What is your mental timeline for this happening? years? months? 02:29:19 That is again why the PQ Turnstile has to do things in a special way to ensure a quantum adversary cannot fake the membership, the amounts or double spend 02:29:47 I'm thinking 5-10 years, but I guess that is being optimistic, reality moves quickly. 02:29:50 The specific people you are worried about might have some before normies get to know 02:30:19 As always, it's a few years away since 20y ago 02:30:21 I think they are close, just too glitchy/buggy to be reliable right now 02:30:49 It is taken seriously, including by the same agencies 02:31:18 The research, implementation, move and standardization has to happen now to be ready for it in 10 years for example 02:31:48 For Monero the scheme also has to be economically/usability viable and not have say, as a random pull, 1 GiB tx sizes 02:32:15 @rrjo1zj8p7lhtl15lylp:matrix.org: 30 years 02:32:18 Or require a day to generate or decode a transaction 02:32:48 Such parameters are discussed here https://github.com/monero-project/research-lab/issues/151 02:33:47 Also just realized nioc every time I waste my energy with FUD you also advertise donations lol 02:33:49 Same with Qubic 02:34:12 Wait are the viewkey guys the same people saying we should be no block limit 02:34:47 (Also: calling something FUD unless extreme lies is usually about bringing it down to the actual complaint that was made way bigger and wide than necessary due to many factors( 02:35:46 Unrelated random number, but everyone usually participates in these discussions in MRL meetings 02:36:21 You can view via matrix too but there's also a history of meetings on github and also logs on https://libera.monerologs.net/monero-research-lab/20260126 02:37:04 I'm reading the git you sent. 02:37:04 I think I would just observe those discussions for now, I wouldn't want to offend anyone by wasting their time sounding uniformed. lol 02:37:16 Feel free to observe 02:37:43 -lounge tends to be a bit more open, but it also assumes some general knowledge . 02:38:13 (As said Zero to Monero 2.0 pdf gives a great annotated overview) 02:40:15 Sleep is finally coming \o 02:40:30 me too brother 04:10:59 It's been "only 5 years away" for more than 5 years now. So very hard to predict. > <@rrjo1zj8p7lhtl15lylp:matrix.org> do you have any predictions when someone might achieve a functional quantum device capable of all these scary things? What is your mental timeline for this happening? years? months? 06:49:01 getmonero has been broken on furryfox-based browsers since at least 2 days ago 06:49:06 https://mrelay.p2pool.observer/m/matrix.angled.rip/HPXnJtqhthapHbMSMukzJaPw.png (image.png) 06:49:21 https://www.reddit.com/r/Monero/comments/1ql7uaf/this_is_what_i_see_when_i_visit_getmoneroorg/ 06:50:28 also the reddit is actually full of tards 06:50:58 why are we defending low effort ai slop posts https://www.reddit.com/r/Monero/comments/1qmm9co/removal_of_uquirkyfisherman4611s_post_about/ 09:04:58 @angled:matrix.angled.rip: What was it about? 09:38:40 DataHoarder: Is there a more latest version to this? It was published in 202 09:38:44 2020* 11:22:21 @torir:matrix.org: It's interesting because bitcoin was released around the time when moore's law hit and confirmed it's peak. imo we are nowhere near having to worry about Quantum Computers cracking EC cryptography since the applications are very niche at this point. 11:23:23 I think I read that it's a Q-bit issue, far to few Q-bits at present. Not to say that they can't catch up, but it's orders of magnitude off 11:24:19 Most of the Quantum hype was used to secure VC funding 12:31:48 https://redlib.perennialte.ch/r/Monero/comments/1qjsizi/this_controversy_is_really_good/ 12:31:48 "Currently when you send Monero to Kraken, it's like cash - no coin history available, so none is needed. After this change they will demand viewable history back to the origin or the coins will be blacklisted. So you are removing fungibility (the MAIN FEATURE of Monero) with this change. And what is gained? An easier way to c [... too long, see https://mrelay.p2pool.observer/e/x_eknuAKOXBHdHAz ] 12:31:52 is this comment true? 12:40:43 as someone who got fudded by this the other day 12:40:43 1. they could already demand history if they wanted. if you can provide the entire history by yourself you could already. "back to origin" is clearly impossible 12:40:43 2. just dont use exchanges who act like that 12:40:43 3. does not impact privacy of anyone who does not leak their key[... more lines follow, see https://mrelay.p2pool.observer/e/jKzFnuAKS04wZUIw ] 12:43:09 @tuw:matrix.org: Congrats. 12:43:36 ty it also doubles as a heater 12:47:14 @tuw:matrix.org: Pool or solo ? 12:47:27 p2pool 12:47:36 need the frequent dopamine hits 12:47:37 Based. 12:48:49 jesus christ 12:48:50 the FUD never ends 12:49:22 @sbt:nope.chat: No 12:49:22 Its based on assumptions and speculation about a niche scenario that does not scale due to friction and compute resources 12:49:22 Furthermore with the viewkeys you are not able to get receivers or senders, so fungibility not impacted, and privacy not impacted for everyone else either 12:50:07 And if this was mandated it is possible to already do today and always has been 12:50:19 I think what's most interesting about the FUD, is how people are proposing scenarios that don't make sense for Monero users to end up in. 12:50:43 @pyratevevo:matrix.org: Yeah sorry, I'm out of loop 12:51:11 @pyratevevo:matrix.org: The FUD assumes that the average Monero user is a knuckle-dragging troglodyte who will paste their view keys and compromise their privacy with no pushback 12:51:50 @sbt:nope.chat: That wasn't directed to you, don't worry. 12:53:51 @redsh4de:matrix.org: It's like gubbermints and CEXs will start going door to door hunting for viewkeys. 12:53:51 Or the monero user willingly providing the keys to said parties for some unknown reason, where one shouldn't come in contact with them in the first place. 12:54:54 Even if they do provide, I don't understand the argument of tainted monero 12:55:17 That's simply impossible right? 12:57:17 @sbt:nope.chat: in their mind, taint = unknown origin 12:57:48 For btc etc, taint = known origin 13:00:26 @ofrnxmr:xmr.mx: Unknown origin, so all the Monero's in the world ? 13:00:50 Yeee 13:00:59 Retards 13:03:23 Wonder how much of this is a malicious campaign or genuine lack of knowledge. 13:03:42 probably mostly the later 13:03:48 Has anyone tried RoboSats ? I'm trying to find some sane way to get any cryptocurrency so I can then exchange it for XMR x3 13:03:52 AHHHHH MY LE HECKING PRIVATE MONERO 13:03:59 THEY WANT TO MAKE IT LE TRANSPARENT 13:04:21 @ity:itycodes.org: or buy it directly: retoswap.com 13:04:56 @pyratevevo:matrix.org: Some are even speculating monero has been infiltrated by three letter agencies, on reddit 13:06:28 @sbt:nope.chat: This is something that should always be readily examined, but currently, no evidence suggests this is the case. 13:13:13 @monerobull:matrix.org: Well, that needs me to have a large amount of Monero already, and can't find anything below a 100€ 13:13:29 nope 13:13:32 Don't exactly wanna yolo with a 100€ 13:13:35 Huh 13:13:39 https://boldsuck.github.io/haveno-reto-docs/haveno-ui/no_deposit/?h=deposit#2-taking-a-no-deposit-offer 13:14:41 Let's say that an agency does decide to take on Monero, what will be the most likely attack vector they'd choose ? Hashrate takeover ? Cracking the fungibility ? 13:15:27 51% attack that wipes a month plus of history 13:15:34 cost, 10 million? 13:15:52 @ity:itycodes.org: Check XMRBazaar. 13:15:54 this is why im not all in on xmr right now 13:16:04 we need daily checkpoints 13:16:39 @monerobull:matrix.org: The cost to pull this off ? 13:16:42 id assume, yes 13:17:10 That's a little troubling, yeah. 13:17:28 @monerobull:matrix.org: And more p2pool miners. 13:17:59 doesnt matter if net-hash itself is overpowered with one AWS contract 13:18:17 without safeguards, this will eventually happen 13:18:38 imo it's currently moneros fatal vulnerability 13:18:49 @monerobull:matrix.org: Make it harder for em to do in the meantime. 13:19:02 With more miners. 13:19:03 and why i sold the majority of my coins before the giga pump -.- 13:19:20 @monerobull:matrix.org: Not very bullish of you.. 13:19:32 personal risk managment 13:19:54 cant fault me for de-risking when new information changes my risk model 13:19:59 the FUD scenario makes no sense 13:20:18 if all monero users were like that, they would be super easy to scam 13:20:47 "YOUR COINS MAY BE FLAGGED. please paste in your seed to validate them" 13:20:56 I think this will be a bigger issue in a possible future where monero gets wider adoption. Larger exposure increases the risk for a state actor to do something about it. 13:21:43 Because right now it seems like they could do it if they feel like it. Not pocket change but also not that expensive of an operation. 13:21:45 pyratevevo: whoever's benefiting from this are most likely the state actors who are investing in quantum computers 13:21:57 and counting on them to decrypt the past history of monero transactions 13:22:05 recent history 13:22:06 not just past 13:22:26 I'm not talking about the FUD. 13:22:33 oh 13:22:51 @monerobull:matrix.org: It was just a joke about your username. 13:23:07 i know :P 13:23:42 Cindy: We're talking about the risk of Monero going under after a 51% state actor attack. 13:23:47 which wont be possible after the fork > and counting on them to decrypt the past history of monero transactions 13:24:19 monerobull: exactly, which is why they're trying to get people to go against carrot 13:25:20 pyratevevo: why bother with a 51% attack, besides it won't even help in their case (besides destroying monero.... for a little bit) 13:25:38 quantum computers on the other hand will let them decrypt any transaction history and walk back key derivations 13:25:52 honestly realising it is just constant FUD is making me so much more bullish. if the powers that be want monero to fail so badly I want it to succeed more 13:26:17 tamp from $800 -> $450? BULLISH 13:26:40 Cindy: Maybe I'm wrong, but it feels like even a temporary attack could have long lasting consequences. 13:27:10 just look at pubic 13:27:30 they did their reorgs crap months ago.. and people have already forgotten about them 13:28:21 Cindy: I actually didn't read about the aftermath of that yet. I was following just when it first started then for the entirety of last August I wasn't following the news for reasons. 13:29:28 their shitcoin has actually been on its all-time low ever since the attack 13:30:29 now for a state actor, i'm sure they'll have much more resources to do an actual 51% attack 13:30:42 better yet if they borrow some computing resources from their supercomputers 13:30:49 @tuw:matrix.org: I'm starting to think these Monero exit boating accidents could turn more beneficial than harmful if they keep happening. 13:30:49 When it happens next time and the price shoots up again, treat yourself with a couple things profiting off the inflated exchange rate. And when it crashes back down, go back to accumulating more XMR. 13:31:32 a month-deep reorg would destroy trust in monero > they did their reorgs crap months ago.. and people have already forgotten about them 13:31:45 Cindy: If I remember correctly, it turned out they were faking hashrate or something ? 13:31:51 nobody could rely on it as a payment network 13:31:54 Exactly. 13:32:08 with daily checkpoints at least the damage would be contained to 24 hours 13:32:46 Daily checkpoints sounds like a rational idea. What's the developers thoughts on it ? 13:33:05 federal agencies have more than enough computing resources to mine out monero entirely 13:33:05 people screamed about a PoS finality layer 13:33:31 just look at their recent supercomputers 13:33:38 so now they are trying to do it with less reliable methods 13:34:24 @monerobull:matrix.org: Such as ? 13:34:41 node-based checkpoints 13:35:06 @monerobull:matrix.org: I'm not too knowledgeable about cryptography so this went over my head. 13:35:36 Cindy: I assume there's a "but" here. 13:36:19 their latest supercomputer (El Capitan) has 43,808 AMD 4th gen EPYC 24-core CPUs 13:36:37 hosted at the lawrence livermore national laboratory 13:37:03 Damn. 13:37:31 if we multiply that to a similar CPU in randomX benchmarks (AMD EPYC 9254 24-Core Processor) 13:37:44 it is about 1.2 GH 13:37:59 the randomx benchmarks are bench-maxxed 13:38:09 in reality you get about half of what that site says 13:38:21 never understood the freakout about this either > <@monerobull:matrix.org> people screamed about a PoS finality layer 13:38:21 block production would still be done by proof of work, a finality layer would just decide which block is final to prevent re-orgs as a whole, with collateral being put up so that the finalizers act in a fair manner 13:38:53 some people thought the feds might hold more than 30% of the supply lol 13:39:12 My cpu gets what is labeled "average hashrate" on the benchmark website. 13:39:12 The "high" value I never reached, probably with over clocking and shit. 13:39:22 ah so baseless conspiracy theories yet again 13:39:22 sounds like what is going on here with the view keys lol 13:39:34 and if they would, they could halt finality 13:39:44 and who is going to trust the pow chain when finality is already halted 13:40:00 the point is the feds have plenty of hashrate to use against monero 13:40:06 but i've yet to see them actually do it :P 13:40:14 imo we should just go pure PoS because its the most expensive to attack, PoS/PoW hybrid is just PoS with extra steps anyways 13:40:23 wouldn't in that case it would just fall back to the existing system? it is cheaper to use CPU power than buy up Monero 13:40:30 monerobull: no 13:40:38 then who will get the tail emissions 13:40:55 you will turn monero into passive income for the rich 13:40:58 PoS stakers? 13:41:08 for running validator nodes? 13:41:27 the stake is proportional to how much they have? 13:41:34 you could even reduce the total emission amount 13:41:52 thats how PoS usually works yeah 13:41:56 disagree, i still think block production should be done by CPUs to be egalitarian > <@monerobull:matrix.org> imo we should just go pure PoS because its the most expensive to attack, PoS/PoW hybrid is just PoS with extra steps anyways 13:42:14 with pure PoS we could have near-instant finality 13:42:22 And they need about a little over 3GH/s to wreck havoc, yes ? > it is about 1.2 GH 13:42:38 pyratevevo: they have a lot of setups around the country than just that :P 13:42:47 especially at the NSA or CIA 13:43:07 So they really can just to ahead and do it at any time.. 13:43:14 yes 13:43:24 correct 13:43:35 the reason why they haven't is 1) it's a waste of resources to them 13:44:08 real Sword of Damocles type shit 13:44:10 like how would you justify using up millions of dollars in resources from those supercomputers to attack some niche privacy coin 13:44:35 that'll just go up with mitigations in a week or month 13:44:37 Cindy: Yeah, thats what I said earlier when I mentioned maybe it'll be more worthwhile in the future where presumably Monero becomes big enough that's it's a problem for them. 13:44:47 bro they kidnapped venezuelas president using brain-emp guns 13:44:59 they can do whatever the fuck they want 13:45:46 Moving away from the long term risks, just checked the mining stats and supportxmr is dangerously close too.. 13:46:40 I think maduro was a bit higher up on the list than morono 13:46:44 very unlikely that theyll do anything 13:46:57 @monerobull:matrix.org: Separate topic, but don't believe just because they snatched one person means theyre unstoppable. 13:46:57 Their big and scary delta force failed elsewhere. 13:47:09 Cat remains unconcerned 13:47:31 our puny little bit of hashrate is not stopping them 13:49:00 @monerobull:matrix.org: I'm not knowledge about this, but let's say supportxmr admin goes rogue for arguments sake, can they also mess up the network this way ? 13:49:07 of course 13:49:12 but it would be more obvious 13:49:26 or people could stop mining their wen it happens 13:49:31 in my horror scenario the feds would drop a fat reorg on us out of the blue 13:50:15 nioc: Would be cool if miners could stop now and distribute the hashrate. Though I don't know if thats tiresome or less profitable for them. 13:51:01 just lazy 13:51:22 with gupax its easier to p2pool mine than config xmrig for a pool 13:51:24 and yet 13:51:53 Yeah Gupax is piss easy to set up, I did it myself allegedly. 13:54:17 No, they need 6+ > <@pyratevevo:matrix.org> And they need about a little over 3GH/s to wreck havoc, yes ? 13:55:09 More like 80% > <@monerobull:matrix.org> in reality you get about half of what that site says 14:00:40 @ofrnxmr:xmr.mx: Don't they only need more than half ? 14:38:34 asics fix this. pos makes rich get richer, those who don't have enough to stake don't grow as fast as inflation, problematic > <@monerobull:matrix.org> imo we should just go pure PoS because its the most expensive to attack, PoS/PoW hybrid is just PoS with extra steps anyways 14:39:17 Isn't PoS also the easier to take over by the rich people entirely? 14:48:08 BlueyHealer: PoS = cantillon effect. bascically new money creation in an economy benefits those closest to the money source first. So I'd agree for sure. 14:48:43 PoS centralises the block production rewards, to want for a better phrase. 14:55:50 and that's why we need asics 14:57:44 @pyratevevo:matrix.org: Yes 14:58:38 if you have 10 and add 5, is 5 half? No. Because there are now 15. 14:59:01 quick mafs 14:59:21 If there is 6gh at current, you have to add 6 to have half of the combined 12 15:04:16 asics will be the most obvious, because they will have to confiscate the miners, instead of stealth building a chain with aws + azure > <@monerobull:matrix.org> but it would be more obvious 15:04:28 pos is broken because everyone keeps their coins on the exchange, instant control loss 15:07:28 on which exchange do you keep XMR 15:07:47 @ofrnxmr:xmr.mx: Mind = blown 15:12:15 it's still current for most of it. will need a revamp for FCMP++ > <@sbt:nope.chat> Is there a more latest version to this? It was published in 202 15:16:15 14:03:23 Wonder how much of this is a malicious campaign or genuine lack of knowledge. 15:16:15 FUD allows a start of a campaign to become run by people that have good intentions but misunderstood it all 15:20:39 @kiersten5821:matrix.org: wouldn't they just need to compel mining farm operators to do their bidding? 15:21:07 like how in bitcoin ~50% of the hashrate is owned by 2 mining farms 15:21:26 Really like 1 underlying pool 15:22:25 lol, even fluffypony is getting same shit questions and FUD 15:22:25 https://x.com/fluffypony/status/2015684629479510514 https://x.com/fluffypony/status/2015474202695131471 https://x.com/fluffypony/status/2015502230011380096 15:22:44 @ofrnxmr:xmr.mx: wdym? 15:23:37 Someone did some analysis and a couple btc pools were really the same pool operator iirc 15:24:37 no way... 15:24:40 well then 15:25:53 DataHoarder: of course mr Maverick is going full fud as well 15:28:57 FUD means engagement 15:30:40 does the account have a verified check mark -> they will be paid for engagement 15:33:55 also wow, fluffy lost a lot of weight, good on him 15:42:06 @ofrnxmr:xmr.mx: i believe it is the same block builder, but separate entities 15:42:32 pools are not farms though, each pool may have dozens or hundreds of farms, and it is sure someone would have blown the whistle > <@intr:unredacted.org> like how in bitcoin ~50% of the hashrate is owned by 2 mining farms 15:43:01 and it will be obvious from the hashrate drop that they are building a different chain, if they are told to mine in covert 15:43:06 because you cannot draw on a reserve of more hashpower than the network has in "hidden" asics, they are all either being used already, or in ewaste 16:42:19 @kiersten5821:matrix.org: The btc hashrate has dropped 50% as a result of government banning mining 16:43:02 cant always assume that 100% of the asics are mining. They obv turn them off when reward doesnt follow consumption 16:43:35 This is POW after all. It costs $ to produce coins 16:47:45 @ofrnxmr: they were rapidly moved to the US and restarted though, the ones that get turned off because of reward drop are usually moved, sold or trashed very quickly, there's not like a huge reserve of asics to secretly mine, it would be obvious instantly if bitcoin was holding steady but all of a sudden the hashrate was dropping 20-30-40-50% 16:47:55 many retired asics out there 16:54:07 they are either trashed or gathering dust in a bunch of random hobbyists garages, just like what happened to the decade-old gpus when eth mining died 16:56:32 @kiersten5821:matrix.org: No production facility runs at full capacity if demand isnt overwhelming. 16:57:50 I might own 100k asics, but only run 50k of them because value is low and difficulty is high 16:58:59 isnt this the Monero GPU asic friendly coin? https://miningpoolstats.stream/moneroclassic 16:59:06 ofc it makes sense to sell old stock, but assuming facilities run at 100% is a bit ridiculous unless price shoots up withiut hashrate following 16:59:42 plowsof: I think so 17:04:57 they're not as autonomous as you think, and the point still stands. It'd be a few dozen people at most, very easy for a government to mess with > <@kiersten5821:matrix.org> pools are not farms though, each pool may have dozens or hundreds of farms, and it is sure someone would have blown the whistle 17:22:36 @ofrnxmr: they are either almost all running or not at all, no one has enough asics to increase the difficulty enough to consider running only part of them. are you saying the difference in profit between the first and the marginal asic is different? i don't know of any electric contracts like that 17:24:23 @intr:unredacted.org: what is the better alternative? pos, where you make calls to 3 biggest exchanges who hold coins for users and companies? resistant pow, where all they do is call aws and azure and say we want to rent some machines? 17:24:55 Id sooner believe that every farm runs at 50-70% capacity for maximum profit, than that they all run at 90% and minimize profit 17:25:18 you haven't explained why there is any profit difference between the first and marginal asic 17:25:21 asic resistant pow is the lesser of evils, imo 17:25:26 Especially when its like 3 kyc'd pools and registered companies controlling the majority 17:25:59 @kiersten5821:matrix.org: You get paid for your % of global hashrate, not total hashrate 17:26:13 are you saying like 50 different large miners will be colluding to keep it down? 17:26:19 this is impossible exactly what opec and other large cartels have proven impossible 17:26:21 ya 17:26:35 yeah thats not possible 17:27:26 how isnt it 17:28:08 https://thecorner.eu/news-the-world/world-economy/ecuador-leaves-the-opec-to-avoid-production-cuts/83310/ 17:28:10 Same reason 17:28:23 they dont even have to proactively collude. Being profit driven would lead to similar outcome 17:28:38 Theres no benefit to maxing out hashrate if profit doesnt follow 17:28:47 no, being profit driven would be maxing your own asics, because it has maximum profit 17:28:58 because holding 0.2% of the network will not boost the difficulty enough to be unprofitable 17:29:09 you are talking like the socialist economists man 17:29:20 power cost cause a plateau 17:29:27 all these dozens of different big miners are colluding? it's just not borne out by reality 17:31:14 It is plausible that power cost + difficulty can make running balls out profit minimized 17:31:22 haven't seen a power contract with such kind of price increase, typically they negotiate somewhat more power than to run at max, otherwise they just wouldn't buy those asics in the first place 17:31:59 at most the local city is using the power during a storm or something and driving price up tremendously temporarily and then they shut off for a few days but usually everyone will try to run all the asics 17:32:49 if it really is profitable to leave a huge chunk of your asics almost permanently offline, it would be more profitable to just have never bought them in the first place 17:34:09 i dont mean that I mean there is a possible sweet spot in regards to difficulty and power cost where your additional hashrate does not outpace the added power cost to turn them on 17:34:40 again i am saying i have never heard of a power contract where the marginal asic is suddenly much more expensive to run than the first one, do you have any examples of this 17:34:57 Math? 17:34:59 and again, no miner with 1% of the hashrate will have enough impact on the difficulty to cause the marginal asic's profit to be significantly less 17:35:04 Like what? 17:35:35 How many watts does it take run a single ASIC? 17:35:40 Where are you finding these electric contracts where suddenly it costs much more, they will usually pay for a max power draw 17:36:10 bro power is cost per kwH use more kwH you pay more 17:36:20 the cost per kwh is not increasing that much 17:36:27 therefore the cost per asic isn't increasing that much 17:36:42 do you understand what per asic means? 17:39:07 If it takes 100 W to run an ASIC it costs 100000 W to run 1000. 17:39:07 kwH=1000W used for one hour. 17:39:07 you pay power based on usage per kwH[... more lines follow, see https://mrelay.p2pool.observer/e/0KeKp-AKZDh0bGst ] 17:39:33 centralized asic production is a weakness 17:40:00 a point of control 17:40:34 can you point to an example where the cost of the marginal kwh is much greater than the cost of the first kwh 17:40:51 no one negotiates contracts like this 17:40:59 Are ASICs even accessible to an average Joe? 17:42:01 @kiersten5821:matrix.org: No one pays for power based on usage? 17:42:39 do you actually not understand what per kwh or per asic means? 17:42:59 i am telling you there is no contract where a guy pays 0.05 for the first kwh, but then suddenly after spinning up half his asics, it is now 0.20 per kwh 17:43:42 It doesnt have to it can be satic at 0.05 the fuck? 17:43:42 more kwH = more cost 17:44:13 ok, so you don't understand what per asic means, nor what marginal means, no point in discussing further 17:45:25 I don't believe hooftly was arguing that the cost per kwh goes up when more power is used 17:45:43 Im not dude is out to lunch 17:46:11 @kiersten5821:matrix.org: I don't know what this debate is about (just popping in), but many electricity providers do increase the marginal rate when you go over an excess use threshold. If you negotiate a special contract, that may be different. Electrical power generation costs will have many different slopes because of diff [... too long, see https://mrelay.p2pool.observer/e/75ekp-AKbGdxWHVG ] 17:46:12 yes, and obviously the difficulty increase won't cut into profit so much if you have 1% of the global hashrate, so obviously, you should run all the asics, if the first one is profitable 17:47:14 and the other variable being market rates per coin 17:47:19 How is perp cow? 17:48:14 (and difficulty) 17:48:24 yes, what i am saying is most miners will negotiate such that their excess use threshold is somewhat above their total asic capacity, otherwise it would be very pointless to leave a large chunk of the asics off. i have not seen an example where it's so much difference that a significant chunk of the asics will be offline most [... too long, see https://mrelay.p2pool.observer/e/kaSsp-AKS1BtclVq ] 17:48:56 and none of this matters for what I am saying lol 17:50:34 You can have the lowest power rate in the world as long as it is not free there exists a scenario where just paying the extra capacity at the lower rate outpaces the XMR mined in regards to market price swings and difficulty changes. It may make operational sense to operate at lower capaicty 17:51:40 my point is, the claim that for some reason a huge chunk of asic power is available "hidden" and not mining, but could overwhelm the network, is not realistic, at most you will have like 10 or 20% of the hashrate sitting and not mining. no one is keeping their state of the art asics offline in a cartel to keep the difficulty l [... too long, see https://mrelay.p2pool.observer/e/ueS3p-AKMW1JbjFu ] 17:52:31 Ah ok well I was not debating that. your numbers sound logical to me there 17:52:58 But it is entirely possible operations are not a likely are not at 100% capacity 18:04:38 @kiersten5821:matrix.org: When i say "could overwhelm" 18:05:52 Whether asic or cpu, letting them sit idle and you are no longer state of the art, yet monero obviously has many GH of hashrate idle at all times 18:07:02 Why? Simply to maximize profit. It makes zero sense to maintain 6gh if the price of monero dropped to $200 18:29:17 @ofrnxmr:xmr.mx: the non-sota asics that sit idle are sold off to random hobbyists man, have you seen the bitaxe? to maximize profit you sell them, no point in letting them sit idle and praying that bitcoin does a 10x and the difficulty can't catch up fast enough, it just wont happen. after the eth merge, there were so man [... too long, see https://mrelay.p2pool.observer/e/9PXBqOAKT3BNYXdz ] 18:29:17 monero is different obviously because there are other useful things that the cpus can do, not just mining. and of course the chunk of cpu power not mining monero is gigantic 18:29:17 it is like the gold thing. "gold is better money than bitcoin because it has other real-world uses!" but this is not a good thing. same with asics and cpus