PGP key fingerprint: 5D5E 08A2 389D F225 ABD0 781B 291E 0C22 9D63 1697
At least 3 new nodes joined the network in the last hour. Thank you! Keep them coming.
AFAIK Trocador was getting DDoSed. They said they set up Cloudflare temporarily. They are looking for a better solution.
Some messages from https://matrix.to/#/#Trocador.app:matrix.org
Hey there! We were under a heavy ddos attack, so we moved to CF temporarily to help our defenses. As soon as it’s over we’ll get out of cloudflare. We apologize for the inconvenience, we are looking into alternatives for the next time we suffer a bigger attack like this
[From Tuesday]: We literally moved there 16:00 UTC as a contingency, so it’s not even 24 hours yet. We are looking into alternatives for next time a massive DDoS happens
An economist, a chemist, and an engineer were stranded on a desert island. And between them they had only a single can of beans, but no can opener.
The engineer suggested that he climb a palm tree to a precise height, then throw the beans a precise distance at a precise angle. ‘And when the can hits,’ he said, ‘it will split open.’
‘No,’ said the chemist. ‘We’ll leave the can in the sun until the heat causes the beans to expand so much the can will explode.’
‘Nonsense,’ said the economist. ‘Using either method we’d lose too many beans. According to my plan, there will be no mess or fuss and not a single bean will be lost.’ Well, the engineer and the chemist said, ‘We’re certainly willing to consider it. What’s your plan?’ And the economist answered, ‘Well, first assume we have a can opener.’"
In economics, the devil is in the assumptions. It is the responsibility of the reader of an economic model to understand what the assumptions are and their implications, and decide for him/herself if the assumptions are reasonable and useful, “All models are wrong, but some are useful”, after all.
I agree with you that the assumption of coin loss being a function of total coins in the supply is…doing a lot of work in this model. IMHO, this is an interesting intellectual exercise, but its connection to reality or anything that people really care about in their daily lives is not very strong.
The news that you missed is that Large Language Models (LLMs) like ChatGPT are unreliable sources of information. Look for another source if you need reliable information about anything.
The first one isn’t text to speech and the second is not FOSS. If you have a good FOSS TTS that has examples of what the voices sound like, I would like to be linked to it :)
Yes it will be text-to-speech again. I will try another voice. Thanks for the feedback.
Where are all the WOMEN standing up for private digital cash?
In my MoneroKon talk this weekend I will be analyzing data on cryptocurrency investment and use as payment: https://cfp.monerokon.org/2024/talk/NVF8ZN/ According to EU and US data, men definitely get more involved in cryptocurrency, but the gender divide is more lopsided in investment activities than payment activities. In other words, women are less likely to use cryptocurrency as a means of payment than men, but they are much less like to buy cryptocurrency as an investment than men.
You could interpret that as “the way to get women interested in peer-to-peer electronic cash is to focus on it as a means of payment instead of as an investment.” Or the opposite: “Women investing in cryptocurrency is a relatively unexplored market segment!” Anything else you want analyzed, you have about 12 hours to ask before I finalize the analysis.
I know Ruckinum ran an analysis and thinks this is not a black marble flood, but I can’t help but think it’s a way go somehow break the anonymity of monero, whether just sent amounts, or received amounts, which would still give a wealth of information.
I didn’t run a quantitative analysis of the large number of 150-input transactions on May 2. I just guessed that it’s not an actual black marble flood since it doesn’t fit the definition or attack model of Noether, Noether, & Mackenzie (2014) and Chervinski, Kreutz, & Yu (2021).
Are the transactions reused?
Yes, each output can be re-used an unlimited number of times as a decoy in other transactions.
If they are reused, then they can tell the real spend by discarding any spend that’s been used more than once. Is that correct?
No. If every output that is created is spent, then on average each output will appear in 16 rings of other transactions. A Monero wallet do not check how many times an output has been used by other transactions when it is deciding which outputs to select as decoys.
They run or have compromised a lot of ‘activist’ nodes and xpubs are sent to the nodes in light wallets, unsure if this is how it works, or if that was unique to Samourai’s whirlpool design. If this was the case, light wallets use currently online available servers, so chances are a user connects their wallet to tens of servers. Users who run their own nodes would be unaffected but I think the majority of monero users use light nodes.
In normal operation, most Monero wallets do not send an “xpub” (in Monero this would be the Private View Key). The terminology can be confusing. In Monero, a “light wallet” is a wallet where the user gives a view key to a server to perform the blockchain scan on behalf of the user. The person or company running the server can see which transactions belong to the user and how much XMR is being sent to them. The MyMonero wallet works like this. Feather is not a light wallet with this definition, despite its name. Feather wallet and most wallets like Cake, Stack, the GUI/CLI wallets, etc., ask a local node (on the user’s own machine) or remote node (on someone else’s machine) for the entire blockchain data during a period of time and do the decryption of the wallets’ transactions on the user’s own device. That’s why wallet sync takes a long time for those wallets when they are opened after being closed for a long time.
The remote nodes can collect some limited data like the user’s IP address (if the user is not using Tor) and the last time the user synced the wallet. A malicious remote node can attempt to give the user a false decoy/output distribution (this is what Feather was trying to prevent with the initial, but flawed, code) and it can give the user’s wallet an incorrect fee to pay (but the user can notice that the fee is too high and disconnect from the remote node. More information about remote node privacy is in Breaking Monero Episode 07: Remote Nodes (sorry for YouTube link. Use your favorite private YouTube front-end to view it): https://www.youtube.com/watch?v=n6Bxp0k7Uqg
Good question. You didn’t get hacked. You approved the payment to Mullvad.
When you send XMR to an “integrated address”, Ledger does not display the integrated address on the device. It displays the raw Monero address. Mullvad probably uses integrated addresses.
SethForPrivacy said:
At present, the UX around integrated addresses can be confusing and even outright dangerous, like how the Ledger always displays the underlying address instead of the integrated address, making address verification difficult or impossible depending on the application.
I don’t know if there are plans to fix this or if it can be fixed at all.
At the meeting, kayabaNerve (Luke Parker) suggested:
What’d likely be easiest, in a pure-C++ way, is to explicitly intended Monero’s DKG to match MRL-0009 (if not already) and have it audited to line up. Then, a Musig2-esque CLSAG should be formalized (likely a modification of MRL-0009’s Musig-DN-esque CLSAG?) and Monero should explicitly intended to match it. The fact it lines up should be audited.
My conclusion:
If anyone really wants to work on multisig, especially in the direction of kayabanerve’s proposal, please speak up. IMHO, this was a productive conversation, but I don’t expect any action to be taken unless more labor [is] put toward the problem.
Thanks. AGPL vs. MIT, if you mean the cuprate Rust implementation of a Monero node, I was just the messenger for that CCS fundraiser. I am not involved in the project. But there is a little intersection with the fungibility defects issue. If Monero’s main wallet code wallet2 would be AGPL (which it isn’t. It is BSD, which is similar to MIT) then the closed source multi-coin wallets that implement Monero wouldn’t be able to use it. That would increase the number of wallets producing fungibility defects because they wouldn’t use the wallet2 procedure.
Thank you! I tried to be clear. Looks like I succeeded :) Let me know if you have any questions or comments.
Do you know about Primo? I think it was only a proof-of-concept, never used widely: https://monero.stackexchange.com/questions/11752/what-is-primo-private-monero-payments