00:10:39 ndorf: Do you have any recommendations for a secure and convenient wallet application that isn't a full node, for that "public" wallet usage? 00:11:24 Unfortunately, I'm going to have to try building a full node myself to see how well that flies, because it's not in packages for my favorite OS. 00:11:36 s/going/probably going/ 00:11:42 There's cake wallet, if you have an iphone. 00:11:49 I don't. 00:11:51 it's easy to build. there are also official signed binaries 00:12:12 easy if it builds here 00:12:31 what OS/distro? 00:12:38 I'll hunt down the signed binaries and see if they have an OpenBSD build. 00:12:55 ah. no official OpenBSD binary AFAIK. it does build out of the box on OpenBSD though, just need the deps. 00:13:05 Mymonero also, they have a non web version. 00:13:10 ndorf: good to know 00:13:25 And you can run your own server too, optionally. 00:13:30 OpenBSD 6.8, at least 00:13:39 Yeah, I keep up to date with OpenBSD. 00:14:00 (It's so ridiculously easy to update that it'd be pretty dumb to fall behind by more than a week.) 00:16:21 apotheon: do you prefer obsd to hbsd? 00:16:40 i was under the impression it was missing some safeties like ASLR and PIE 00:19:18 There are trade-offs for any reasonable OS choice, of course, though OpenBSD does support ASLR and PIE. 00:19:51 i think he's right actually and OpenBSD provides ASR, not ASLR. 00:20:03 not too sure of the tradeoffs. 00:20:18 "In 2003, OpenBSD became the first mainstream operating system to support a strong form of ASLR and to activate it by default.[2] OpenBSD completed its ASLR support in 2008 when it added support for PIE binaries." from Wikipedia 00:20:36 (easiest way to find a reference) 00:20:42 apotheon: https://nitter.dark.fail/lattera/status/932696312218341376 00:20:50 (note: lattera is the main HardenedBSD dev) 00:21:19 I'm familiar with @lattera. 00:22:26 I'm curious about his definitions for ASLR vs. ASR, but nothing in that suggests it's less secure. 00:23:20 It performs well enough that I don't notice the difference, and I haven't ever had a memory issue as a result of AS(L)R fragmentation, so I'm not sure what practical downsides I'm supposed to suffer. 00:23:40 If there is something that might affect me, of course I'd be interested in seeing something more substantive about it. 00:25:00 I'm also willing to take some hits to performance for security, if the trade-offs are reasonable, as in the case of OpenBSD tending to disable some of the more egregiously bad speculative execution stuff as much as possible by default but allowing us to turn it on if needed. 00:25:14 i don't know enough to say one way or the other. would also be interested in learning more 00:25:50 i agree that the claim doesn't seem to say anything about worse security, only worse performance 00:26:02 The main thing that brought me to OpenBSD, though, was the code review policies, and the main thing that kept me here apart from that is the fact that it feels considerably less aggravatingly heavy and complicated than other systems I've used. 00:26:22 Yeah, if the only problem is worse theoretical performance that I don't even notice, I don't care. 00:26:28 i kind of doubt that either one provides all that much security, in which case the performance criticism might be valid 00:27:25 original OpenBSD commit from 2001 says " 00:27:26 it slightly harder to write generic buffer overflows. This doesn't really 00:27:26 give any real security, but it raises the bar for script-kiddies and it's 00:27:28 really cheap." 00:27:34 (sorry for the mispaste) 00:27:56 https://github.com/openbsd/src/commit/586305f1a3147dd4bf94ef73578cab42a5c47708 00:27:58 Yeah, OpenBSD tends to prioritize less-hyped security benefits over less-useful. 00:29:00 People sometimes point at something OpenBSD doesn't have yet as some kind of crushing proof of its broken security model, despite the fact their security value is iffy, while it's busy rolling out actually useful stuff (like pledge and unveil, for instance). 00:29:29 agreed. would be neat to add pledge/unveil support to monerod, in fact 00:29:37 indeed 00:29:55 if you want a desktop alternative to the official GUI you could check out Feather Wallet https://featherwallet.org/ 00:30:57 still in beta but I've been using it and it's solid, configured to use a curated list of public nodes by default though you can set custom nodes as well 00:31:07 Lyza: I'll add that to the (still short) list of options. Thanks. 00:31:26 something tells me an OpenBSD user might be happier with the CLI :) 00:31:31 indeed 00:31:53 I'll probably use monerod (I assume that's the official CLI implementation) for full node. 00:32:09 monerod is the daemon, monero-wallet-cli is the CLI wallet. both are bulit by default from the main source tree 00:32:12 . . . and, obviously, something else for not-full-node, if I end up doing that for a wallet. 00:32:16 gotcha 00:32:24 apotheon: I did not know that, cool. Are there any aspects of a security model you feel are missing from OpenBSD that exist in HardenedBSD? I notice a chart here, if you could speak to it?: https://hardenedbsd.org/content/easy-feature-comparison 00:32:31 I haven't run a full node since bitcoind a long, long time ago. 00:32:51 . . . when Monero didn't exist. 00:33:26 it's pretty straightforward, just need to have enough space, preferably on SSD or other flash storage 00:33:51 knowledgewizard[: Some of those have names that don't really tell me what they are. 00:35:14 apotheon: you're probably right about all of this, i've just been browsing cve's and i notice hbsd has... shockingly... zero, in five years of life 00:35:38 knowledgewizard[: I am pretty sure, though, that none of the options in that table other than OpenBSD have the same level of attention to verifying clean, uncompromised, unbroken code that OpenBSD has, and I don't know if any of them having the kind of check-the-world imperatives every time someone discovers a "new" kind of vulnerability (unless NetBSD has the latter; I wouldn't know for sure, 00:35:44 but I don't think it does). 00:36:33 i have to wonder if that's a meaningful metric. does anyone apply for CVE numbers for hbsd? and how many FreeBSD CVEs apply equally to HBSD? 00:36:39 knowledgewizard[: My thoughts on security are that the OpenBSD approach is very solidly aimed at the fundamentals; the non-fundamentals can be covered by additional tools if needed; and none of that is worth a hill of beans if there's a problem in your basic code and design that allows someone to bypass all of it. 00:36:44 maybe not all, because of the mitigations, but probably at least some. 00:36:50 (on the security of OpenBSD versus others, though) 00:37:12 i agree with you heartily about architectural purity 00:37:32 what about jails? i read something about linux supporting separation better than bsd 00:37:57 i think it was in that document about the m guy's insecurities, i can find it but im sure youve read it 00:38:06 personally i think jails are far better than cgroups or any other linux containerization i've seen, despite predating it by like a decade 00:38:35 FreeBSD jails are awesome; chroot isn't even close to the same thing. Only FreeBSD, HardenedBSD, and DragonFly BSD have FreeBSD jails. Linux has some stuff that's similar, but it's more difficult to use in the same ways, and easier to use in ways I find frankly horrifying. 00:38:41 that being said, freebsd's lack of overlay/unionfs support makes them a bit clumsy to use. 00:38:50 . . . but jails aren't really much of a security measure. It's much more just a convenience measure. 00:38:53 (symlinks? really?) 00:39:10 OpenBSD used to have jails like the FreeBSD style, but ditched them because nobody was using them. 00:39:40 this is the article with criticisms, i would love if you are able to refute any, i have great fondness for obsd: https://madaidans-insecurities.github.io/openbsd.html 00:39:45 yeah OpenBSD will readily ditch any code that's not actively maintained, for better or worse 00:39:51 . . . which is sad, because there are cases where I'd want to use them. When I absolutely need them for some server purpose (I don't see much point on an end-user laptop), I just set up FreeBSD. 00:40:44 Ditching unmaintained code is a pretty good way to keep your attack surface low. 00:40:57 indeed. 00:41:17 contrast to FreeBSD, which keeps unionfs around despite the fact that it's been unusably broken for like 20 years 00:41:17 i think the two i saw that were alarming were the mandatory access control piece missing (like AppArmor) and also something about GUI isolation and sandbox escapes? 00:41:32 The W^X criticism doesn't seem true as far as I'm aware. My impression (I haven't looked at it lately) is that OpenBSD 00:41:50 's W^X can be made immune to undesirable shifts like that. 00:41:55 sorry about that errant newline 00:44:00 I love how it says TRAPSLED (supposedly) doesn't do anything since introduction of ASLR, as if that means there's a problem with OpenBSD security. That's like saying that since the introduction of an anti-lock brake system some previous power-distribution balancing doesn't do anything for braking in inclement weather. It's a weird red herring, as far as I see. Am I missing something? 00:44:39 I'd have to look into the RETGUARD complaint to even know what this person is implying is wrong with it. 00:45:10 the verified boot complaint is quite valid, as OpenBSD can't even be used with libreboot/coreboot. or rather it can, but not in the presence of FDE 00:45:15 so, useless for a laptop 00:46:08 Yeah, I would like to have verified boot, but among my various needs that ranks pretty low right now. 00:46:29 OpenBSD is not interested, the official recommendation is "use the vendor-provided firmware" 00:47:19 speaking of FDE, you cannot chain softraid, so you can't encrypt a mirror for instance. also quite unfortunate, although at least there i s some interest in fixing that, i think 00:49:19 MAC could be nice in some circumstances, but if you don't need it for your use case it doesn't matter. 00:49:36 You can get equivalent security in some use cases without MAC per se. 00:50:20 Yeah, mirror RAID and FDE don't get to co-exist on OpenBSD. It's a little sad. 00:50:52 . . . theoretically, in my case, because I don't need mirroring. 00:51:09 By the time I do, it'll probably be there. 00:51:23 careful, i've already been waiting for a few years :) 00:51:32 that's probably the only thing keeping me from using it on my main workstation 00:52:45 as far as laptops go, no mirroring there, but i have libreboot or coreboot on most of mine, so can't use OpenBSD with FDE there either. 00:53:25 all that being said, i do enjoy it where i can use it, i just wish i could use it in more places. 00:56:04 I have a friend working on coreboot+FDE. 00:56:26 sweet 00:56:34 anywhere i can watch for updates? 00:56:38 I have no idea when it'll be ready, but I'm hoping. 00:56:45 Nah, he's basically basement-hacking with it. 00:57:04 I only know about it because I know him in meatspace. 00:57:04 gotcha. well, you can add 1 to the number of people that would be very excited to see it 00:57:14 duly noted 00:57:47 I want that for some of my elderly laptops that I'd like to set up for various purposes (e.g. cypherdeck built on a ThinkPad T500). 00:58:45 not sure what cypherdeck is, but i have several laptops that are only running linux because of this 00:58:49 or maybe the T510 instead, if I can figure out its hardware issue 00:59:31 "Cypherdeck" is a "cyberdeck" derived name for a computer whose sole purpose is to be a secure machine for dealing with encrypted communications and so on. 01:00:58 ah, yep. exactly one or two of my usecases as well 01:01:01 At this point in my life I have the privilege of mostly being able to just use whatever OS I like, and just prioritize what I do based, to some degree, on what's easy to do on my OS of choice. 01:01:25 apotheon: it sounds like the only real offender is the boot security 01:01:48 it would be nice to see a librem key + GELI setup that watches both the mobo firmware and the preboot auth step 01:01:53 boot security and compatibility with free boot firmware in the first place 01:02:21 "use the vendor-provided firmware" is just laughable, IMHO. especially from the same people that refused to support e.g. early Raspberry Pis because of the non-free firmware required to boot 01:02:38 I'd love to have something like GEOM for OpenBSD. 01:02:46 . . . but that's FreeBSD-only. 01:03:08 Filesystem feature composition is an awesome idea. 01:03:33 ndorf: Yeah, that's a bit odd. 01:03:41 off-topic, but speaking of FreeBSD, make sure you never use a construct like (foo | geli -k- dev1 dev2 ...) with FreeBSD and GELI. it's badly broken 01:03:59 ndorf: On balance, all considerations included, I still prefer OpenBSD for almost everything, but there are definitely downsides. 01:04:23 specifically, it will use the null key for dev2 and subsequent. silently. 01:05:03 I think that "off-topic" comment is allowable as much as the rest of this discussion. I mean, most of the OpenBSD discussion since bringing up compiling monerod on OpenBSD has been off-topic for the channel, in some respect. 01:05:17 ndorf: Yikes. 01:05:25 indeed. i tried to report it but didn't get anywhere 01:05:36 and yeah, this is all off-topic, but hey, it's better than the fireice spam. 01:05:55 good point 01:06:03 as to OpenBSD, one thing is for sure: you know what you're getting. if it works for your use case, great. if not, use something else 01:06:08 Speaking of off-topic, I'm now annoyed that my solder order got delayed. 01:06:29 ndorf: Yes, exactly. 01:06:39 It's a lot easier to know what you're getting than with other systems, too. 01:06:56 yeah the documentation is top-notch, and so is the read/maintainability of the code. 01:06:58 and holy crap is stuff straightforward 01:09:54 Quick Q: which BSD variant would you suggest for a guy with some basic linux (mostly ubuntu/debian) experience in order to learn and move to BSD? 01:10:08 To do stuff like run a small VPS 01:11:03 ha, well, as i kind of just said, "it depends" 01:12:07 if it's a typical VPS with just one or two services running, then any one will work fine, personal preference. 01:12:36 endor00[m]: OpenBSD is probably easier to learn than the others. Rely heavily on the FAQ. 01:12:42 if you want jails and ZFS (probably not much applicable to VPS), then you want FreeBSD 01:13:14 if you want lean and mean, i'd go for OpenBSD 01:14:29 Right, so I guess I could start with OpenBSD for the vps, and then play around with FreeBSD on a laptop 01:14:59 assuming your VPS provider supports it, yeah 01:15:06 The main thing I haven't figured out yet is the actual difference between the variants, in practical terms 01:15:26 Like, Ubuntu vs Arch it's easy to figure out 01:15:36 My experience is that laptop functionality often works more immediately on OpenBSD. I've never had a problem with suspend/resume on OpenBSD, for instance. 01:16:00 in terms of overall architecture, they're more similar than different 01:16:08 It's also a lot easier to change defaults for suspend resume than on systemd/GNU/Linux systems. 01:16:14 FreeBSD has more visible features. also, more bloat. 01:16:24 . . . but yeah, for user-facing architecture BSD Unix systems are very similar. 01:16:28 as mentioned above, OpenBSD aggressively strips parts that are not widely used and actively maintained 01:16:47 FreeBSD... well, let me put it this way. it ships with sendmail in base, and enabled by default 01:16:57 Yeah, that's concerning. 01:17:17 If you want ZFS, I'd go so far as to choose FreeBSD over *anything* else, actually. 01:17:33 . . . but I'd go with dfly's HAMMER, probably, if I needed to go that way. 01:17:39 FreeBSD 13 is moving to OpenZFS in base, so that distinction may not be valid much longer. 01:18:43 HAMMER looks very interesting, but i'd hesitate to use it on anything resembling "production" just yet. maybe i'm just a wuss 01:18:56 har 01:18:57 ZFS of course has proven itself over decades at this point. 01:19:11 true 01:19:24 I just really don't feel like I need all of ZFS for . . . anything in my life. 01:19:35 Is zfs that much better than stuff like ext4? 01:19:42 5 years ago, i'd say FreeBSD is the only game in town for ZFS, but lately it's been even better on Debian (IMHO) 01:19:57 comparing ZFS to ext4 is kind of like comparing any Unix to MS-DOS 01:20:07 just not even playing the same sport 01:21:01 endor00[m]: ZFS has a lot of features stuff like ext4 doesn't have. If you need those features, it's not a matter of "better", any more than there's a question of "better" when what you need is to climb a mountain and you're trying to decide between an eighteen wheeler and a nice pair of boots. 01:21:23 a more apt comparison would be ZFS to btrfs 01:21:32 ndorf: How is Debian better for ZFS? 01:21:43 but ZFS has been rock-solid for longer than btrfs existed, and btrfs has been eating people's data for most of that time. 01:22:07 It still can't do certain things with ZFS without potential for license violation issues, which means you have to compile shit yourself to get best-possible performance on a Linux kernel. 01:22:12 apotheon: it supports overlays, for one thing 01:22:38 I see. That's interesting. 01:22:46 yeah, that's why i specified Debian instead of e.g. Arch -- the kernel version never changes, so you don't have mismatches 01:23:38 Cool, thank you both for the interesting pointers! I'll investigate further 01:27:51 just use windows that always works great! (said no one ever lol) 01:28:18 some people do, in fact, say that. quite conveniently, because they can subsequently be ignored 01:28:38 kek 01:28:49 said no one ever with any sense 01:29:01 right tool for right job applies to anything 01:29:40 just because a hammer is not useful to perform brain surgery doesn't mean the hammer is of no use 01:30:05 Windows might be useful as a hammer, in a pinch. 01:30:15 Right, great for knocking your teeth out when rotting. 01:30:19 . . . or, technically, the computer with Windows installed on it. 01:30:23 i'd beat her off with it 01:30:31 "When C++ is your hammer, every problem looks like a skull" 01:30:46 Actually, Windows is better at something specific than everything else in the world: 01:30:55 uninstalling 01:30:57 a sub-set of Windows copatibility 01:30:57 kek 01:31:48 s/cop/comp/ 01:32:02 is it true that recent Windows versions have ads in the base OS? 01:32:27 yeah but not in the web site ads sense 01:32:37 i mean close enough 01:32:58 but they don't put up a tampax ad while you're working or anything 01:33:06 lol 01:33:17 is it just in search results or something? 01:33:34 more like they recommend "related" things such as when you type on start menu there are web results which can be promoted 01:33:56 so bing search engine is basically integrated 01:34:47 and some screens have "related" things, even the auto-changing lock screen background images with "news" that takes you to web pages which i'm sure are promoted in some fashion (m$ surely gets paid by someone to recommend it) 01:35:51 when you search for things on start menu like an installed program you know you have there are app store recommendations for other win 10 apps you can install 01:36:06 much of it can be disabled or hidden in some sense though 01:36:37 sounds maybe not too dissimilar from when Ubuntu put up Amazon search results by default a few years ago 01:37:30 yeah basically similar but all microsoft entities trying to upsell you in some fashion even if it's more info you didn't ask for 01:38:46 like the cortana crap built in is like alexa's delayed sister 02:27:47 More like alexas red headed stepchild 02:30:39 mean 02:30:40 lol 02:59:22 [21:48:07] WARNING: Sigyn in #monero 02:59:34 thanks for the heads up bot :) 04:19:58 .faucet 04:19:59 strike: Access denied for faucet. Are you logged in? 04:21:54 .faucet 04:21:55 strike: 1/4 of 16 04:22:05 4 04:22:05 strike: @bonuspot tipped 0.0000042 XMR to strike [30d2c7ac] Wait ≈23 hrs 56 min before trying again. @bonuspot: 0.0122866 04:22:17 .bal 04:22:18 strike: 0.0018316 XMR 04:58:49 knowledgewizard[: I looked into madaidans-insecurities itself a bit and what I see other people saying (and even what he says in response) lines up with my initial impression: the person who writes this stuff basically goes through checklists of security features and uses the lack of those features as a way to trash-talk software so that he can build some kind of credible reader base, regardless 04:58:55 of the functional value of the features in question or any use-case/threat-model concerns. 05:02:11 knowledgewizard[: In fact, I've seen him in one case defending his lack of giving the same attention to Apple and Microsoft products by dismissing such questions with words to the effect that Apple and Microsoft are very security conscious so there's nothing to report. He has also asserted that privacy isn't relevant to his security analyses. That's like saying that the likelihood of dying if 05:02:17 you get into an accident in a particular car isn't relevant to the safety characteristics of the car, or something equally absurd, so I guess if he doesn't like a particular product he can dismiss counter-arguments by saying "Oh, that's privacy, not security, so I wasn't talking about that." Then again, he also mentions privacy as a reason something is less secure sometimes, so he contradicts 05:02:23 himself. 05:03:07 knowledgewizard[: I wouldn't take what he says at face value, and I've seen him actually dismiss some software as having poor security basically for not having a particular feature when it does, but under a different name. 05:03:39 knowledgewizard[: If you want real advice on security, I recommend discussing your threat model first, then figuring out what software you need to address it. 05:08:51 knowledgewizard[: To be fair, though, he does make some good points in his various posts about things, though perhaps only by copying things others have said. 05:27:07 Howard Chu is a high IQ scholar, he has more Google images with a violin than Sting with a guitar, he singlehandely saved NASA from doom. Why can't the saviour of NASA save Monero? 05:37:59 * kenepops[m] sent a long message: < https://matrix.org/_matrix/media/r0/download/matrix.org/VLMUNnAgSvbabBnxhThVqkDY/message.txt > 05:46:10 For a community that prides itself on manipulating people, you can't manage a single guy that spends most of his time in his underpants :D 06:05:34 umm ok.wtf does that even mean LoL 06:07:20 Bill48105, the spammer is the 'one guy in his underpants' who thinks people should waste their time trying to stop him. 06:16:17 "he has more Google images with a violin than Sting with a guitar" 06:16:21 No shit. Sting is a bassist. 06:18:30 how would they even know if hyc saves Monero, or spends it all? 07:12:32 lol ok Mochi101 07:13:22 not sure how that asshat thinks he wasn't "managed" having been shut down and unable to spew nonsense in here 07:14:26 "you were pwnd biatch!" (nm i got 100's of ip's klined & nothing I said was actually seen by anyone) 07:56:11 .ogre ryo 07:57:24 jfc Inge- 07:57:36 Are you drunk? 07:57:41 :P 07:58:24 You checking on your shorts Inge- ? 08:11:24 *burp* 08:38:46 hello 08:39:14 can you tell me the blockchain size please? 08:39:29 It's big 08:40:05 around 100 GB now 08:40:14 More than 100 Gb. 08:40:46 less than 100 GB actually, if you count proper gigabytes, not "normie" gigabyte 08:41:36 I already downloaded 102GB 08:41:46 It's 98.85 GB on my node 08:41:51 :/ 08:42:07 106,141,814,784 bytes 08:43:38 ok thank you 09:27:10 sech1: I wonder what your extra 3 GB are... 09:27:52 oh wait, that was kb... not so big a diff then 09:27:58 105,805,083,594 09:48:10 Inge- it depends on when you sync and how the sync goes (which nodes you connect to, the size of block batches you get from them etc), lmdb creates some spare space when resizing 10:13:18 already posted? pony realvision interview out: https://www.realvision.com/shows/the-interview-crypto/videos/monero-privacy-oriented-digital-cash?source_collection=3c97f854117f4d3ea62350df2291bc62 10:13:32 sebastian ALMOST pronounced the name right 10:38:43 Why does the Saviour of NASA take a group achievement award and present it as a proof of individual glory? twitter.com/hyc_symas/status/1203709575226183683 12:51:10 ping 12:51:10 pong 12:51:18 ty 12:52:55 is there a valid alternative to xmr.to? 13:12:58 there are no true replacements but fixedfloat.com can send a fixed amount of BTC for Monero like xmr.to did, and is reliable for me and has reasonable fees 13:13:49 There's one called xmr.is that's been promoting as an alternative but it's new and nobody really knows who's behind it. It converts both ways though, has an onion link, and supports altcoins 13:15:54 changenow.io also offers a fixed rate option and if you go through xmrexchange.io proceeds will supposedly be donated to the Monero project, though tbh I haven't seen proof of that 13:16:01 thank you Lyza 13:16:08 np 14:01:52 apotheon: Thanks for the detailed reply and for taking time out of your day to read on what i sent, i can definitely agree that he is arbitrary. His articles read similar to the neocities dig deeper articles which will wildly chastise a provider while ignoring another one purely on conjecture, and never really provide a solid comparison the way HBSD at least attempts to with its chart, for better or worse. 14:01:52 Regarding threat models, it's pretty straightforward to model an individual in a society these days, so I will not agree that threat modeling is useful outside of businesses. Overall, though, that's one of the best and most evenhanded replies I've ever received to being presented with points against one 14:02:02 * apotheon: Thanks for the detailed reply and for taking time out of your day to read on what i sent, i can definitely agree that he is arbitrary. His articles read similar to the neocities dig deeper articles which will wildly chastise a provider while ignoring another one purely on conjecture, and never really provide a solid comparison the way HBSD at least attempts to with its chart, for better or worse. 14:02:02 Regarding threat models, it's pretty straightforward to model an individual in a society these days, so I will not agree that threat modeling is useful outside of businesses. Overall, though, that's one of the best and most evenhanded replies I've ever received to being presented with points against one's original stance, so cheers. 15:27:21 cryprozoidberg sounds like he is still in contact with Saberhagen 15:28:00 mabye he is Saberhagen 15:36:12 wow sounds so sketchy 16:13:56 what's the trick to prevent the spam DMs? 16:14:00 some mode setting 16:14:33 /mode lza_menace +R 16:14:37 ty 16:15:15 > Prevents users who are not identified to services from joining the channel. 16:37:30 knowledgewizard4: I'm not sure how you mean that a threat model isn't required. Certainly, an individual rarely needs to perform a detailed analysis of the type some corporations and other large orgs perform in producing a threat model, but for instance it makes sense to establish your privacy/security needs before trying to secure yourself in accordance with those needs, though -- and that, in 16:37:36 a nutshell, is how you develop a threat model and address it. 16:37:38 ok guys I bought some Monero time to go uppie 16:39:51 knowledgewizard4: In short, if you don't need fine-grained mandatory access controls more than you need to ensure you're not using a pre-compromised system, giving up greater assurance of code verification to get MAC support is a violation of an appropriate threat model. 16:50:40 apotheon: you definitely need to *have* one, but the act of modeling is frequently going to result in the same thing for a human person, and i see frequently where people parrot the idea of threat modeling because their IT guy at work said it in a different *context* and I feel the term is very overused, it's a personal pet peeve 16:51:33 I'm just using it in a more lax sense for everyday humans, sorta; part of the model is determining the depth of the model. 16:53:01 . . . but to harp on the MAC thing for a moment, I've rarely (if ever) encountered a lone human being with a personal, single-user laptop whose threat model for that device justifies caring much about MAC. 16:53:51 Meanwhile, almost *all* their threat models should account for the highest level of assurance the code hasn't been compromised before install that they can reasonably get. 16:54:05 (OS code in particular) 16:54:32 Every time I see an OS feature matrix, though, it essentially reverses that relationship. 16:55:25 Then, there's the fact that many people will fight tooth and nail against modelling threats in a way that takes into account the dangers of systemic surveillance. 16:56:22 At that point, I just figure that person has a different preferred threat model and give up on trying to point out that they could end up killed in a no-knock raid as a result of correlated social graph features. 17:00:24 new monero user hare, what causes the block chain sync to take so long? mines been syncing now for 5 or 6 days. is that normal? i'm not seeing huge network usage, so it it CPU causing it to take so long? 17:00:55 using monero gui from getmonero.org on linux 17:01:31 Using a spinning disk instead of a SSD is a major cause of sync slowness. 17:01:33 apotheon, looks like we're reaching the end of the line 17:02:00 ah right yes it's on HHD cos of size. 17:02:39 Katar: need ssd apparently, it will be slow even after it's fully synced 17:02:49 If you can, syncing on SSD then moving the chain to HDD when done will be much better. 17:02:52 i ran into the same issue, i just turned it off until my ssd comes in the mail 17:03:08 i was told yesterday it's slow on hdd even post-sync 17:03:18 apotheon: Yeah what gets me is how schools are drilling orwellian surveillance into kids through covid and in general 17:03:18 or the day before rather 17:03:28 bur still usable, even if slower 17:03:31 It is, but since you get a lot less to verify, it's not very significant I think. 17:03:33 but* 17:03:35 so you get that desensitization so no one puts it in their personal view of the world as a threat at all 17:04:06 but it will eventually sync and if left on 24/7 should be ok on HHD? 17:04:16 Yes. Eventually. 17:04:38 How old are you, and what is your life expectancy left ? 17:04:43 like within the next few days? 17:04:52 Years. 17:05:22 Katar: do a monerod status, it will tell you how much time you have left 17:05:23 Nah, kidding. Days I guess. Some people reported more than a week on HDD but you're almost there already. 17:05:30 there are 17920 blocks left, down from 100k's 17:05:34 hdd? o_0 17:05:35 good luck 17:05:37 17:01 < as2333> apotheon, looks like we're reaching the end of the line 17:05:38 Oh you're good then. 17:05:45 as2333: Please elaborate. I'm not sure I get what you're saying. 17:05:48 it told me 9.1 days 17:05:49 ok thanks ppl :) 17:06:02 Katar: did you do `monerod status` 17:06:31 no using gui, did that come with the download? 17:06:44 i don't know, i built mine from source 17:06:48 How much SSD storage do you need for the Monero blockchain? 17:07:09 ~100 GB for the whole chain, or ~35 GB if pruned. 17:07:11 current blockchain ought to take up around 100gb+ 17:07:21 so a tb should be ok? 17:07:35 comman dnot found, i'll justr leave it a few days. i guess i can prune it when done and put onto the main SSD 17:07:37 Let me get my calculator to compare 1 TB to 100 GB... 17:07:47 does it increase speed to dedicate one sdd to just the chain? 17:07:51 Yes, looks like 1 TB is larger. 17:08:00 knowledgewizard4: Yeah, there's always a new angle on convincing people systemic surveillance is good. 17:08:16 (or at least ignorable and inevitable) 17:08:49 knowledge is power, centralize the knowledge and you have... basically communism, or feudalism, depending on what flavor you take 17:09:23 apotheon, I mean, govcorp is about to reach absolute power. 17:09:43 Why lie about something that can be easily disproven? monerologs.net/monero/20201207#c165563 - github.com/fireice-uk/cryptonote-speedup-demo/blob/master/ecops64/ecops64-c.c#L4 Why steal from your community and then laugh at them? reddit.com/r/Monero/comments/6d5yt5/what_fluffypony_just_did_is_not_ok Reason is the same - to laugh at morons that are gullible enough to believe you and repeat your lies. 17:09:57 ...things like monero notwithstanding 17:10:02 That sounds a lot like "Alice is a redhead, I knew this redhead who was a schoolteacher, therefore Alice is a schoolteacher". 17:10:41 moneromooo: One would presumably want to prepare for growth of the blockchain, and keep in mind the fact that the more storage space you have the less the SSD has to consume more of its write-lifetime shuffling data around. 17:11:01 I probably could've phrased that more clearly. 17:11:19 Sure. Sounds good. 17:11:42 as2333: Oh, I see. Well . . . there are countervailing forces, so I hope not. 17:12:40 moneromooo: . . . so I wouldn't want to just rely on a 110GB SSD for a 100GB blockchain. 17:13:19 apotheon: pruned node is fine too 17:14:12 selsta: Ah, another thing that might not have been available when I last ran a full node of anything. I should look up information on running a pruned node. 17:14:23 selsta: Thanks for mentioning that. 17:14:56 echelon: found monerod thanks. and hi btw :) 17:15:10 Unless you want to look up specific historical data a pruned bode is basically equivalent in normal usage. 17:15:28 Also only ~30GB and grows slower. 17:15:45 Oh, reminds me: once we get triptych, there'll be another tradeoff with that: 17:15:54 apotheon, I hope so too, but as far as I can tell the ultimate product of the so called indutrial revolution is just automted totalitarianism. 17:16:02 hi guys hows it goin 17:16:18 pseudoOuts are needed to prove balance with triptych, and these are currently in the prunable part of the tx. 17:16:50 So either they get moved to unprunable or you can't prove old txes on a pruned node. 17:17:51 Actually, the wallet might be able to keep that since it's just for its own txes, then ship it with the proof... Thank you, rubber ducks. 17:17:58 * moneromooo goes back to it 17:20:27 as2333: I could throw out the names of various books as terms of art at this point, I guess, to raise the specter of hope. For instance, thanks to the incipient homebrew industrial revolution and bit by bit growth of peer to peer technologies we may soon benefit from an upswell of accidental agorism and rapid growth of the second realm, thus destroying the foundations of the surveillance police 17:20:33 state. 17:20:49 as2333: . . . but it's kind of difficult to tell what's actually going to happen, I think. 17:22:47 moneromooo: Are you saying pruned nodes might become less suitable for the kinds of use cases that make full-node-for-privacy a good idea because of some new feature called "triptych", except you realized there really isn't a problem? 17:23:17 Mostly. I realized there might not be a problem, not quite sure yet. 17:25:37 how would the wallet get that data in the first place,if the node doesn't have it? 17:26:11 It would likely refresh more than once a week. But if not, it would not. 17:27:24 hm, yeah. also restoring an old wallet would leave you SOL with that 17:28:24 kind of an edge case i suppose, if you need to prove it's probably a tx you sent recently 17:29:16 For txes you send, you know the data in the first place, unless you've restored the wallet. 17:30:19 apotheon, the problem I see with that line of thinking is that it overlooks how industry operates. For instance, production of raw materials is especially controlled and centralized, and if you have no access to raw materials, then there's not much you can do. 17:36:17 apotheon, an even bigger problem is that people believe whatever their masters tell them to believe. Just look at the current flu farce and how the pretense of 'rule of law' vanished overnight. 17:36:18 assuming you want to support the edge case of the restored wallet, could it be better to just have the node refetch that data from the network when needed? since it would only be for one tx, not all of them 17:43:01 as2333: Yeah, I'm wondering how much "recovered" materials can help. 17:44:07 as2333: A counter-point is the fact that Napster->BitTorrent provides an example of how altering the economic behavior of people in large numbers gives rise to new cultural movements that oppose the surveillance police state (in this case, among other things, I'm particulary encouraged by the growth of an anti-copyright movement). 17:45:47 moneromooo and/or ndorf: Is the take-away that I should probably stick to a full (non-pruned) node if I want to be sure? What's the potential practical downside of a pruned node, exactly, in everyday terms? 17:48:35 apotheon: keep in mind we're discussing an edge case where you've restored a wallet from seed and now want to prove a tx from it 17:49:01 aside from that, AFAIK there are no privacy or other downsides, except that your node can't bootstrap a new node now 17:51:47 but you still support the network with a pruned node 17:57:19 apotheon, indeed one can get valuable supplies from garbage dumps. 17:58:27 ndorf: . . . so, basically, it might destroy my ability to prove to the IRS that yes, I did indeed give away 3.8 Monero last year, and thus don't have it any longer to count in my tax filings. 17:59:01 ndorf: Is there another class of circumstances that leaps to mind for why you'd want to prove it? Are we talking about some kind of proof for purposes of validating transactions on the blockchain somehow? 17:59:54 this is for proving you sent a given tx. e.g. "i paid you" "no you didn't" "yes i did, here's the proof" 18:00:22 I see. 18:00:27 How far away is tryptch development? Have we had a CCS proposal yet? 18:00:28 Yeah, that does seem kinda important. 18:00:38 ndorf: thanks 18:01:10 as2333: Anyway, I guess the upside is that I'm not ready to just cash it in and figure we're all inevitably doomed in the near future with no way out. 18:01:16 s/upside/upshot/ 18:01:35 The up*side* would be if it turns out we're *definitely not doomed*. 18:02:27 Triptych is at least a year away, I would not worry about that now re pruned nodes 18:02:59 WillSellBody4Xmr: afaik mooo started coding it 18:03:47 To be clear, sarang coded it, and I'm plugging it into monero. 18:06:12 How easy is it to turn a pruned node into a full node? 18:06:47 pretty easy, delete the pruned chain and restart without the prune flag :) 18:07:03 ouch-ish, but yeah, seems "easy" 18:07:05 WillSellBody4Xmr the second tryptich audit was recently funded 18:07:28 whoops 18:07:33 maybe i'm wrong and you can sync only the diffs, i don't know. 18:07:40 senility strikes again 18:07:51 either way, the pruned data is like 2/3 of the total size, so. 18:07:52 moneromooo: What's the implication of that statement -- that you have an interesting in it, or that it's coming sooner than selsta suggested, or what? 18:07:57 that os the second BP+ audit 18:08:13 apotheon, well, I don't think doom is inevitable, it's just that it looks likely given current trends. 18:08:30 as2333: I guess we need to work harder, then. 18:08:49 (and smarter) 18:09:05 What statement ? 18:09:17 moneromooo: about sarang and you 18:09:33 Just credit where credit is due. 18:09:39 ah, cool 18:09:41 thanks 18:10:19 apotheon, (and yes the free software/hardware movement is great) 18:11:09 I prefer the "open" movement(s), for purposes of increased license compatibilities and thus greater likelihood of broad uptake of useful protocols, among other reasons. 18:11:35 Those who identify with the "free" phrasing tend toward much stricter licensing. 18:12:07 (in my observations) 18:13:41 Live open or die. 18:18:41 Open love, open relationships, open software. 18:19:24 moneromooo: assuming you want to support the edge case of the restored wallet, could it be better to just have the node refetch that data from the network when needed? since it would only be for one tx, not all of them 18:19:32 (sorry if you already saw this and chose to ignore it deliberately :)) 18:19:51 open relationships aren't for everyone though 18:20:30 I ignored, at some point I need to stop replying to speculation etc. 18:20:57 But it turns out I had already got out of that problem in my patch and I had forgot :D 18:20:59 fair enough 18:24:56 (sorry, I just don't want to start thinking through this when prompted when I have other things to do) 18:25:50 no need to apologize, i just didn't know if you even saw it -- my own fault for not tagging you originally 18:26:24 open hearts, open minds; let's not forget those 18:26:34 open wallets? 18:26:50 18:19 < Bill48105> open relationships aren't for everyone though 18:27:00 true 18:27:08 You can always just keep your modifications to yourself. 18:32:45 this is starting to sound like the cuck central 18:33:09 what does cuck even mean 18:33:22 let's not do this here please 18:37:39 I think relationships should ideally be cliques (graph theory type) 18:38:20 but yeah a bit off topic 18:38:51 I was gone for a bit, but it seemed like it was said tryptch is part of bullproofs+? I didn't know that 18:41:20 It was wrong, then. 18:42:25 so not part of bulletproofs+, I guess 18:42:31 WillSellBody4Xmr: Separate features, but they may be 'activated' in the same scheduled network upgrade 18:42:49 Why is tryptch a better algorithm? Like in terms of O(n) to O(ln), how does it do that? 18:44:54 It stores signatures for a ring in logarithmic space, as opposed to linear. 18:45:08 How? 18:45:41 I don't know. Look for sarang's repos and you should find a paper explaining the maths. 18:45:48 Math 18:46:08 I guess triptych is so named because of some reference to the number three and how things "appear" to an observer. . . . 18:46:27 . . . but that's just a guess based on the use of the word. 18:46:43 Which repo would that be in? Zero to Monero? 18:47:15 https://github.com/SarangNoether 18:48:00 https://eprint.iacr.org/2020/018.pdf 18:48:13 Thanks! 18:49:05 I guess WillSellBody4Xmr got the desired response and left the channel to focus on reading it. 18:49:11 maybe 18:49:42 It might be time for me to order a big SSD and stick it in an old computer. 18:49:47 lol good luck with that 18:50:14 ndorf: How much does RAM matter for performance when syncing a node? 18:50:28 Bill48105: Was that sarcastic? 18:50:46 not sure about that, i've never tried with less than 4GB but it works fine with that 18:50:50 yeah regarding will sell person 18:50:58 oh, I see 18:51:04 they did say thanks that's a plus 18:51:07 right 18:51:30 pretty rare after helping people unfortunately 18:51:35 ndorf: I'm kinda surprised that SSDs actually matter much for sync performance. I'd expect the bottleneck to be network bandwidth. 18:51:57 but yeah ssds are much more affordable in decent sizes these days 18:52:05 Yeah, I try to express my gratitude when I get help, but sometimes even expressed gratitude can get lost in the shuffle of an active channel. 18:52:18 wb WillSellBody4Xmr 18:52:43 or accidentally hitting x and closing chat LoL 18:52:58 I'd have to get an SSD with SATA interface for the old computer in question, unfortunately. I only have one system right now with M.2 as its primary storage interface. 18:53:21 SATA would be fine i think. it's about random access 18:53:23 Bill48105: yeah, that too 18:53:27 like i said yesterday, even a good microSD card works pretty well :) 18:53:33 pcie :) 18:53:51 seek time must be more important than write speed 18:54:14 Ah, random access! That makes a lot of sense. 18:54:21 I get it now, I think. 18:54:32 I keep my wallet on my old 850 (SATA SSD) and it's fine 18:54:54 no doubt once syncd it doesn't take much to keep up 18:54:56 Why isn't downloading in total up to a point with sync from there preferred, then? 18:54:59 even on hdd 18:55:08 security I'm guessing 18:55:38 bootstrap or snapshot are common with multiple coins 18:55:39 I guess that would depend on availability of someone you trust about as much as you trust the network as a whole. 18:55:41 Yeah syncing still took a day or two even with a zen 3950 a couple of years ago 18:55:51 apotheon: FWIW, I use a $7 pci-e adapter for my nvme drive, works great. 18:56:13 just need linux and initrd on a different drive, since the bios won't see it 18:56:26 So, like, just let it run in the background while you do other things. 18:56:31 ndorf: When the old computer is a laptop, I'm not sure how I could make use of that, but yeah, that's good to know. 18:56:33 for monero overkill but nice to have options 18:56:37 ah yes 18:57:00 ardent[m]: i recently synced a new node from scratch and it took 3 hours total. 18:57:01 (not that you knew that about my old computer) 18:57:03 running in bg is one thing. beating hard drive to death to sync is another 18:57:24 you listen to the drive? ouch 18:57:29 Damn, three hours vs. more than a week is a big spread. 18:57:38 that's what she said 18:58:14 How much is the sync process likely to hammer a connection that probably averages about 7Mbps downstream? 18:59:46 dunno, the 3 hour sync was on a 100mbit 19:01:06 Officially, my connection is going to be moved from something like 120Mbps to 200Mbps soon, but I don't know how much of that I'll actually get on average. 19:01:10 Oh, shit, I typoed that horribly. 19:01:17 s/7Mbps/70Mbps/ 19:01:28 whew :) 19:01:29 one missed character; one order of magnitude 19:01:40 fuck's sake, apotheon 19:01:56 kek 19:02:03 I blame this keyboard for that one. 19:02:20 so i guess you could expect 4-5 hours with an SSD :D 19:03:16 The key travel on this keyboard is not very deep, so my fingers shy away from hitting too hard, but the stiffness of the initial resistance on the keys is pretty high, so not hitting the keys too hard sometimes results in a missed character, especially farther away from the index and middle fingers on home row. 19:03:38 ndorf: cool, thanks 19:03:46 hmm 19:03:49 I just realized . . . 19:04:02 I *hope* the laptop I had in mind has SATA. I don't think it's IDE. 19:04:13 hooo boy 19:05:40 I'm just going to go check out the spec sheet on that laptop, if it still even exists on the interwebs. . . . 19:08:42 good luck if it's so old that is ide.. wowza 19:08:57 It's difficult to find the info. The vendor doesn't have its datasheet available any longer, apparently. 19:09:01 I think it's SATA, though. 19:09:26 I don't really recall when the norm switched from IDE to SATA for laptops, off the top of my head. 19:09:38 apotheon: here's a nickel, kid 19:09:57 Serial ATA-150 according to a CNET review. 19:09:58 i have usb ssd i should test sync on it 19:10:22 Let's put it this way: 19:10:37 apotheon: https://web.archive.org/web/20190304153157im_/https://assets.amuniversal.com/6b08abb09fbb012f2fe600163e41dd5b 19:10:52 It's old enough to have a DVD±RW drive. 19:11:12 Yeah, I'm quite familiar with that Dilbert strip. 19:11:20 (I've used the "here's a nickel" line myself.) 19:12:24 * apotheon dusts off his shoulder. 19:12:24 i dunno about a nickel, but you can get yourself a Rockpro64 for $60 plus a good 256GB sd card for another $60ish 19:12:54 assuming of course you don't actually need the laptop part 19:13:05 not exactly 19:13:42 I like using old laptops for things because they come with extremely high-quality built-in UPSes for "free", instead of having to pay close-ish to a thousand bucks for a decent UPS. 19:13:47 (among other reasons) 19:15:32 (or I could build a UPS, in which case I get a UPS that costs a hundred bucks or so and multiplies the likelihood of a fire in my home, I guess) 19:16:11 (I'm not a huge fan of homebuilt car battery UPSes.) 19:16:22 heh 19:16:25 (This is another aside, but this time contentless.) 19:16:41 i use a $40 UPS. only tested it once but the rockpro64 was fine with it 19:16:53 lucky 19:17:39 I've had UPSes of wildly varying long-term functionality, compatibility with the systems plugged into them, and so on. I just skip all that now and use a decommissioned laptop for a home server, et cetera. 19:18:13 I periodically have to replace my laptop anyway, so I have a steady (if slow) supply of new integrated-UPS systems available. 19:19:16 Anyway, it'd probably be cheaper to buy a Pinebook than an equivalent SBC, enclosure, UPS, and any other trimmings, so if I feel a need to buy something instead of using what I already have, there's that option. 19:19:26 I could hang it on the wall, and it wouldn't take up any space to speak of. 19:19:42 I could mount it easily on the underside of my desk or a shelf, UPS included, too. 19:20:17 sounds reasonable, actually. pinebook pro is $233 shipped (to USA) 19:20:20 If it's my cypherdeck, I have the benefit of being able to yank power, throw it in a backpack, and hop on my motorcycle. 19:20:25 (in an emergency) 19:21:01 (or, more likely, in the car or pickup) 19:21:15 (or my other motorcycle, I guess) 19:21:28 man, i hate this place, running the ac in the middle of winter 19:21:34 what is wrong with these people 19:21:39 Where are you? 19:21:45 at work 19:21:48 sheesh 19:28:13 what is a hash-trapdoor exactly? 19:33:20 It might refer to the property of a hash function where can go get from input to output but not vice versa (assuming no other knowledge). 20:36:03 Is there any way I can see messages that were sent was I was offline? 20:36:14 *when I was offline 20:38:10 WillSellBody4Xmr: https://monerologs.net/ 20:39:04 WillSellBody4Xmr, are you m/f? Asking for a friend. 20:40:55 m 20:46:26 Hi, I'm not quite sure if this is the correct place to ask this, since from what I can tell monero is mostly focused on triptych / arcturus for log sized ring sigs, but does anyone on here have a decent understanding of RingCT 3.0 and might be able to help me understand it better? 20:48:52 You might want to ask in #monero-research-lab, if you have particular questions. 20:50:20 ok thanks, I'll ask over there 21:12:46 test 21:13:03 Test 21:13:25 messages won't load 21:13:43 yes they do 21:14:14 🤥 21:15:17 * usssser[m] uploaded an image: 20210304_211414_6219675751419103880.jpg (93KiB) < https://matrix.org/_matrix/media/r0/download/matrix.org/NPvJwZOUBluKxAqHCWVAZxBq/20210304_211414_6219675751419103880.jpg > 21:16:22 test failed 21:17:03 did you change name? Oooh.. that's Interesting 21:23:29 ok, another quick question: am I just being incompetent or is there some issue with the #monero-research-lab channel? I don't seem to be able to send any messages over there 😅 21:25:35 Let me check 21:25:59 madhatter369: might be registered only 21:26:24 Yep it might 21:35:42 yeah, that was apparently the problem, thanks 👍 21:37:59 :) 22:57:42 Did you know that all witdraw-buyer-seller-depoist chains are trackable in Monero? No? You should have read Breaking Monero. How many people are you endangering with your 'privacy' coin?