What about we tone it down and remain respectful to one another?
One of the reasons I don't participate much. Trolling and flame wars stopped being interesting to me in the usenet days. YOU KEEP QUIET...YOU LETTER ON A KEYBOARD! (I jest, I'm in agreement that we should just mellow out, no use in getting uppity) |
|
|
|
They are saying however, that the monero blockchain is bloated and that transacting could become very slow in the future because of the large database of transaction information.
Sure, it's an absolutely valid concern. I think the important thing is not to compare Monero's block size with Dash, but firstly with Bitcoin so that we have a baseline. Monero's transactions are smaller than Bitcoin's, like-for-like. So if Monero were a "transparent blockchain" like Bitcoin's we would have a smaller blockchain than Bitcoin for the same transactions! But since part of Monero's "opaqueness" involves hiding the origin of transactions by making inputs appear to come from multiple transactions, this incurs an additional size penalty. This means that, for the same number of transactions, Monero's blockchain is about 4-5 times bigger than Bitcoin's. It is important to note, though, that any privacy feature will have a similar impact. Dash's DarkSend, centralised Bitcoin mixing services, or even decentralised initiatives like JoinMarket (which is built on the CoinJoin scheme) all have an increased transaction size. If they are enforced on every transaction (ie. on a protocol level) it means the entire blockchain is significantly larger - and that applies to Bitcoin too! The reality when it comes to blockchain sizes is that linear blockchain bloat is largely insignificant. What I mean when I say that is this: which is more convenient to host, a 350gb blockchain, or a 1.58tb blockchain? Well they're both inconveniently large, and whilst you could argue that a 350gb blockchain fits on a 512gb SSD today (where a 1.58gb blockchain doesn't) it's obviously growing so fast it'll outstrip that storage space in a matter of months. Basically any blockchain above, like, 20gb is a complete pain in the posterior. The solution to this problem is not to try incremental, linear decreases in blockchain size. If you have a useful cryptocurrency that people are using the blockchain is going to be large. Suck it up, embrace it, accept it right now. Rather, the long-term solution can be found in blockchain pruning, whereby we cut off all the historical data and only keep a subset (the utxoset for Bitcoin, and the txoset + key image set for Monero). In this Bitcoin has a slightly different approach to Monero, where nodes are either "archival" (keeping the entire blockchain) or "current" (keeping a small portion). With Monero we will be implementing pruning in a per-node configurable basis, where node operators can choose to either keep the whole chain (default), keep only the last M blocks, or keep everything from block N. This will mean that, as a node syncs up, it will find progressively more nodes that have the blocks it is requesting, until it reaches the top block in the network, and every node has that available:) |
|
|
|
Given this projects' goals, people using it may assume that if it's Monero, its anonymity is not in question. Actually, based on your own words (in bold in the quoted material above) maybe the slogan on the MyMonero front page very well shouldn't be "Send and receive Monero safely and securely, anywhere and any time", and should, instead, be a warning that makes an effort to explain to people that their view keys are being sent to the server, that they're using a JavaScript-based wallet that is never going to be safe, and that this is only a stopgap solution. That would seem to better fit the principles of this project.
It's one of those situations where we can't qualify every statement that is made. It's like saying that we should change the Monero slogan from "secure, private, untraceable" to "secure (as long as you don't leak your private keys and no exploit or bug exists which lets someone steal your funds), private (as long as you're using i2p, coming soon, and the counterparties you deal with don't reveal your details), untraceable (as long as everyone is using mixin >0 and no systematic reveal of inputs leaks the real one)"...which is not quite as catchy;) |
|
|
|
Last I heard Monero developer FluffyPony is on Vacation because of a sickness he has, funny thing is it didn't matter because I c no different anyway for a 1.5 years so far LOL.
That's news to me...what sickness do I have? Let me know so I can tell my doctor. Perhaps you're thinking of this: https://www.youtube.com/watch?v=09LTT0xwdfw |
|
|
|
The reason I posted the above, is because I don't think it's fair for users to hear that private keys are never sent to the server, because they were (are?) being, for whatever reason.
That's fair enough, and I apologise for misreading your comment as trolling. Two things, then. First up, it hasn't occurred (at all) since that thread, and at the time I could not reproduce it by regular access even from different machines around the globe. I also couldn't reproduce finding the errant code (as it would appear by default, ie. without fudging JS versioning) either via archive.org or in Bing / Google's cache. Since then I have checked periodically to see if it is appearing, but have not seen the session-to-cookie snippet pop up. The snippet has not existed on the server in any way, shape, or form for many, many months, and so I can only assume it was isolated and unexpected. Needless to say that if it *is* ever reproducible by me then I will be able to tackle the exact cause and fix it from there. Which leads me to the second thing I wanted to mention: I made it clear in that original thread, and it behoves repeating, web-based wallets are not "safe". Where a local wallet has a set of security risks (eg. a deviant local process can hijack your transactions as they are being built and redirect the funds) web wallets open up an additional class of security risks: trusting code that is delivered live, and passes through multiple points on the Internet. Using MyMonero involves trusting your ISP, trusting CloudFlare, trusting the CA, trusting MyMonero, and trusting the various data providers en-route, each and every time you use the web wallet. That having been said, MyMonero represents a smaller attack surface than a Bitcoin / altcoin-based web wallet where the keys are held on the server, as MyMonero is unable to spend funds independently of the user. Thus this attack would involve serving up compromised JavaScript, which would be noticed were it done on any sort of scale. To that end, I'd like to reiterate my original comment from our previous discussion on the security of MyMonero: It is important to note JavaScript-based wallets are never going to be really safe, and MyMonero is no exception. I've said before that MyMonero is merely a stopgap solution until we have libraryise completed (so that third-party GUI developers can better hook into core functions) and/or we've found an SPV-style solution (our current work is on using a bloom filter for viewkeys instead of passing the raw viewkey) for lightweight wallets. In fact, the website even says quite clearly: "The clients below are ideal if you are using Monero for the first time".
One final bootnote: the view key is sent to the MyMonero server every single time, so we don't state that "no keys" are sent to the server, merely that the spend key is not. That is a factually correct statement, barring any number of circumstances outside of our control, such as a user's ISP being compromised. I hope it is unnecessary for me to qualify that statement every time I make it:) |
|
|
|
"It is not sent to the server" For the sake of the Monero community I think I have to point out here that this is actually a lie that is told repeatedly by Fluffypony & Smooth and other core members. As I showed back in June, and Smooth is fully aware of, MyMonero.com had code specifically inserted to send private keys to the server, and was doing so successfully (and as far as I know, still is) https://bitcointalk.org/index.php?topic=1077775.msg11529538#msg11529538Fluffypony provided an explanation that it was used for 'testing' on that thread, but as far as I know, the Monero community was never told about it officially, apart from my post in the alt section. So if you have used MyMonero, it's likely your private keys *have* been sent to the server, and also stored in clear text on your own HD in a cookie. I never saw an announcement that this as fixed, or that the vulnerability exists - if it's fixed and you still want to use MyMonero, the safe thing to do is move your funds from any old addresses to new addresses, as the old ones are potentially compromised. I'm going to hazard that you're not BlockaFett, as he and I had a good chat about this months ago and all was resolved. He seemed a reasonable, logical person who understood the situation and was content with the resolution. He's also perfectly capable of following up on his own research, you seem to lack the technical chops to do so. Pity, one always hopes that trolls will be a little less "talk" and a little more "action". Nonetheless, it's probably not a bad idea for you to exit stage right and let BlockaFett talk on this matter if he so desires. |
|
|
|
Bitcoin is perfectly fungible. Anyone who claims otherwise is confusing economic concepts.
Let's imagine I have some coins that I stole during Evolution's demise. Are you willing to swap all of your coins for mine? Or put differently: if I borrow your car for a month, and at the end of that month I give you back the same make, same model, same year, same colour car, is that ok? Bitcoin isn't fungible for the same reason that you won't appreciate me giving you some random car in exchange for yours, regardless of the properties of that car. |
|
|
|
Unless he is running the biggest scam of all time   Muhahahahahaa...I'm secretly raising an ARMY of ponies! We're going to...uh...errrrm...have the best petting zoo of all time! |
|
|
|
We've seen recently how discord between developers and also between factions in the larger community has slowed Bitcoin's development (and perhaps depressed its price), affecting the entire cryptocurrency sector. Monero's politics is more opaque. Here are some questions:
1. Do the XMR devs get along?
2. Do they share a vision for Monero's future?
3. Are there significant points of technical disagreement?
4. Does everyone agree on the development path (for example, that code review and optimization should precede "official" GUI development).
5. Does everyone agree on Monero's "governance model"?
The answers will influence Monero's probability of success and its price.
1. Yes, which is actually surprising considering we didn't know each other at all before we found Monero and each other (some of us knew of each other, othe and I spoke a bit because he'd bought GPU frames from me) 2. I think 1 is a testament to this: we share a vision, and because of that we get along 3. Well we're certainly not perfect, and we are going to sometimes say things out rightly incorrect or based on flawed assumptions. You'll notice that there are no qualms about disagreeing with each other or correcting each other, even publicly, because we're not "buddies". We sharpen each other and bring out technical excellence in each other. 4. Yes very much so. We were very keen on pushing a GUI out until the block 202612 attack, which was a huge wake-up for us. Realising the fragility of the Monero code and network helped us get on track and re-prioritise. 5. Yes I think it's naïve to imagine we'll never have a serious disagreement, but I also think that individually we've got less of an "ivory tower" complex than expected. We're all generally accepting of each other's ideas, and we also don't hold on to our mistaken beliefs which such vigour that we can't accept correction. We seem to be comfortable with our lives and individual success, so ego and pride rarely play any role in discussion and decision-making. |
|
|
|
personally i would welcome a freezed master branch for new features and also new "official" beta test bins. We can let it run on different OS, we can support you with testing. Most also can compile it themselfs but you would reach more possible testers if you post some windows bins again.
it seems that the newest work was merged to developement branch, so i guess this is also what the devs have in mind more or less?
is 0.9 "feature complete" ? current state seems very stable to me too, runs fine on my machines, only experienced small and allready known troubles.
All of this. I'd say though that the majority cannot/will not compile it themselves, making official binaries even more important. There are a handful of small things we need to finish and merge into development and master before we can release 0.9 RC, and then go from there. |
|
|
|
Regarding #6, this is possible but will cost you 10 XMR. Importing into simplewallet is free.
<fluffyponies hate this guy If you create the seed, then log into MyMonero with it, THEN send coins to it, you won't have to pay the import fee (I think). It won't be a "real" cold storage account at that point though. You might as well create an address @ MyMonero instead to be honest. Of course it'll be a 13 word seed instead of 25 word, if you have some reason for preferring one over the other. Edit: looks like saddam hasn't updated http://moneroaddress.org yet. Grabbing mooo's version from Github should work great. That's correct - the import function is a convenience tool for people who want mobile access to an existing wallet or similar. It chews up some of the CPU cores on the backend (and hammers the disk) whilst it scans through the whole blockchain, so the fee is for us to offset the added cost of extra availability for this. |
|
|
|
It was run with --batch-size 1000
This may be an obvious question, but you have enough free disk space, right? |
|
|
|
seems to me like there is some memory leak with 0.9 beta on win 7 x64. after letting it run 24h something like 8 gb of ram was used, but not visible in the task manager. once i stopped it ram droped down to the usual levels. will try to retest so i can give better feedback.  Bear in mind that the memory usage is NOT constant. LMDB is greedy for free memory so it can cache aggressively, but it's also very willing to give that memory up to anything else that needs it. On an under-utilised system you can expect LMDB to suck up as much available memory as it can, whereas on a busy system you'll see it drop down to the <100mb mark for the most part. |
|
|
|
Hey Monero-ites... I have a question RE: MyMonero vs. the offline-wallet generator software.
I made an offline address and then tried to "open" it with the given mnemonic seed words in MyMonero, i.e. I was kinda just testing how all this might work IF some day I wanted to make a safe address, to put some monero on it, and then later (eventually) access it again to move/spend the money.
But the ADDRESSES that resulted were NOT the same!
Is that correct? How is this supposed to work, exactly?
For sake of illustration since I'm not gonna USE these addresses now, here is what I got:
Offline Generated Address:
4AYrGeied2XEbaL3uk3gBK1z95DQrcVwncMr5kXPUd7T4RoHhjxyryRWU7qvsp2wJ6L4g1eFaqM6YbD 6RX52j4KQ8PfuBk8
MyMonero Address:
4AYrGeied2XEbaL3uk3gBK1z95DQrcVwncMr5kXPUd7T4UcUpNefenD8HSZ7d9XWSXhmELmfCkvRQGT hzNeCUkaJKDd9nTV
MyMonero View Key (Private)
0ce617dbd51845dd6ada2f3b2d040b5deb6dde38f6640f65abc2a36518045802
MyMonero Spend Key (Private)
8c81ca3b40ae5c199ee10819b9c29959dcc4e97242d93cc6119938ea3858c303
Mnemonic Seed Was:
gigantic motherly lordship worry pool karate lopped certain major demonstrate pepper colony jobs people befit merger lending envy lectures sifting puzzled nanny lodge paper certain
So...? IF I had sent money to that first address WOULD IT have BEEN there at this "second" address? I suppose I could just test it with a few cents worth, LOL, but seriously this doesn't seem RIGHT.
An address is an address and for normal humans to EVER be able to understand any of this stuff I think at least THAT has to be consistent.
That...is...weird. MyMonero's viewkey is completely wrong, it should be 0a731057880aec5b222887ee5101e5d8b6c0734c30cefb293f512f4c75637009. I'm going to have to figure out what's gone wrong. Did you use the HTML offline generator, as in this one: https://github.com/moneromooo-monero/monero-wallet-generator ? I can answer this. It's due to the way the MyMonero code derives the viewkey, which is different than simplewallet. Now, for "MyMonero" 13 word seeds, this is correct as it's the established behavior. For 25 word seeds, things can get a bit wonky. Without getting too technical, simplewallet only generates "seeds" that are valid private keys, but will accept *any* 25 word seed. Mooo's address generator currently produces random seeds, not ensuring they are valid private keys. Due to the way MyMonero creates the view key, it will come up different ("random seed" vs "valid private key seed"). If anyone is interested in the code, I wrote it up here a few days ago: http://pastebin.com/MHYZzWWzSimple answer: if you send coins to either of those addresses, they'll be recoverable; you'll just have to pay attention (you can "properly" generate the view key from the seed and log into MyMonero with the other method if you want). Bonus: here's the seed for that address which will work for both simplewallet and MyMonero (will produce your first address): hoisting sorry alerts sieve request stockpile eels bemused digit ivory acidic guru jobs people befit merger lending envy lectures sifting puzzled peeled maze mocked lectures Oh look at you go, I was trying to figure out how the offline generator could be generating seeds that MyMonero can't detect are simplewallet seeds, looks like you've solved it:) Will you PR it to the offline generator? |
|
|
|
Hey Monero-ites... I have a question RE: MyMonero vs. the offline-wallet generator software.
I made an offline address and then tried to "open" it with the given mnemonic seed words in MyMonero, i.e. I was kinda just testing how all this might work IF some day I wanted to make a safe address, to put some monero on it, and then later (eventually) access it again to move/spend the money.
But the ADDRESSES that resulted were NOT the same!
Is that correct? How is this supposed to work, exactly?
For sake of illustration since I'm not gonna USE these addresses now, here is what I got:
Offline Generated Address:
4AYrGeied2XEbaL3uk3gBK1z95DQrcVwncMr5kXPUd7T4RoHhjxyryRWU7qvsp2wJ6L4g1eFaqM6YbD 6RX52j4KQ8PfuBk8
MyMonero Address:
4AYrGeied2XEbaL3uk3gBK1z95DQrcVwncMr5kXPUd7T4UcUpNefenD8HSZ7d9XWSXhmELmfCkvRQGT hzNeCUkaJKDd9nTV
MyMonero View Key (Private)
0ce617dbd51845dd6ada2f3b2d040b5deb6dde38f6640f65abc2a36518045802
MyMonero Spend Key (Private)
8c81ca3b40ae5c199ee10819b9c29959dcc4e97242d93cc6119938ea3858c303
Mnemonic Seed Was:
gigantic motherly lordship worry pool karate lopped certain major demonstrate pepper colony jobs people befit merger lending envy lectures sifting puzzled nanny lodge paper certain
So...? IF I had sent money to that first address WOULD IT have BEEN there at this "second" address? I suppose I could just test it with a few cents worth, LOL, but seriously this doesn't seem RIGHT.
An address is an address and for normal humans to EVER be able to understand any of this stuff I think at least THAT has to be consistent.
That...is...weird. MyMonero's viewkey is completely wrong, it should be 0a731057880aec5b222887ee5101e5d8b6c0734c30cefb293f512f4c75637009. I'm going to have to figure out what's gone wrong. Did you use the HTML offline generator, as in this one: https://github.com/moneromooo-monero/monero-wallet-generator ? |
|
|
|
fluffypony & co, Just a quick update to say that I've sync'ed from scratch on my Windows box using the beta binaries, took me about 50 minutes to be fully up-to-date. This is on a relatively recent desktop (about 2 years old, with an SSD), and shoddy Internet access. The only interesting observation I have at the moment, is that it was much faster to get me a fully sync'ed blockchain, than it is to get simplewallet to perform a full wallet rescan (as when doing a wallet restore). I have no clue if this is due to less parallelization of the simplewallet code, or just the nature & complexity of the work in this instance. Task Manager tells me that a freshly started bitmonerod, is using about 26MB of RAM, though I figure it might not be fully settled yet. w00t w00t  In the next day or two, I'll try out some tiny transfers in-and-out, as well as daemon solo'ing (which I am willing to bet that I'll give up before I've found a block  ). Big Cheers!Bit of both - syncing up only requires tx/block verification, whereas simplewallet actually has to check each transaction for your viewkey. The other problem is that there's no parallelisation in simplewallet, and it chews memory on large wallets (as it keeps the entire cache in-RAM which is silly). We'll be addressing both of those in a future release. |
|
|
|
Thanks dEBRUYNE and double-thanks fluffypony.
Trying out the beta now, will report back any issues I might have (or on IRC if it looks lengthy for whatever reason).
Whats this i here about a new beta? Is there an OS X beta? Not yet - we're getting segfaults on older versions of OS X, busy fixing it now. Beta binaries are compiled sorta on-demand when someone is helping to test a specific feature / commit but doesn't have a compile environment. |
|
|
|
I sympathize with the child there. Freedom of speech is only ever a good thing when I am free to say whatever the fuck I want, and others can only say whatever the fuck pleases my ears. Smooth must not be allowed to express his opinion by means of post/trust/rating/whatever! Oh ... Wait ... I see what you did there Guess you were spotted very early on, off you go back on ignore little Inquisitive Troll(TM). Please stop posting off-topic nonsense on this thread. I haven't followed developments as closely as I would like, do we have any up-to-date community built binaries so I could try out the DB version on my Windows box? I know of the cautionary notes and caveats, just wondering if anyone has published binaries yet. This is from last week: https://downloads.getmonero.org/monero.win.x64.v0-9-beta.zipExercise the appropriate level of care with it being a beta. We've recently found and solved what we hope to be the only major, breaking database issue (that could have caused major issues if we'd tagged prematurely), but that means that prior LMDB sync ups have to be resynced from scratch or imported from a fresh blockchain.raw export. |
|
|
|
|
Show Posts
