[XMR] Monero - A secure, private, untraceable cryptocurrency

[Andretti83]

Is there any article/video explaining the probabilities of getting a reward and/or profitable mining.

If you launch monerod and start mining (start_mining     your_address      number_of_cpu_threads) and then after a minute or two invoke stat (mining_status) it will show your hashrate and approximate amount of xmr in day, month, year.

[bitebits]

https://www.monerooutreach.org/stories/dandelion.html

Monero stands on its Peer To Peer (P2P) communication network. The network’s blockchain-aware computers—called nodes—share the information that powers Monero, such as node addresses, historical blockchain data, blocks as they are mined, and new transactions to be added to blocks. The nodes are identified using Internet Protocol (IP) addresses, though, exposing risk that observers can connect IP addresses to transactions, deanonymizing the data they contain. Dandelion++ is a method for hiding this connection that is planned for an upcoming Monero software release. This article describes how Dandelion++ works and what it will do for users of Monero.

[phishead]

https://www.monerooutreach.org/stories/dandelion.html

Monero stands on its Peer To Peer (P2P) communication network. The network’s blockchain-aware computers—called nodes—share the information that powers Monero, such as node addresses, historical blockchain data, blocks as they are mined, and new transactions to be added to blocks. The nodes are identified using Internet Protocol (IP) addresses, though, exposing risk that observers can connect IP addresses to transactions, deanonymizing the data they contain. Dandelion++ is a method for hiding this connection that is planned for an upcoming Monero software release. This article describes how Dandelion++ works and what it will do for users of Monero.

Man I learned a lot more about how the P2P networks differ in BTC vs XMR by reading this that I never knew before.  Excited to see if this passes the smell test for everyone when testing it out

[Fallenkeith75]

https://www.monerooutreach.org/stories/dandelion.html

Monero stands on its Peer To Peer (P2P) communication network. The network’s blockchain-aware computers—called nodes—share the information that powers Monero, such as node addresses, historical blockchain data, blocks as they are mined, and new transactions to be added to blocks. The nodes are identified using Internet Protocol (IP) addresses, though, exposing risk that observers can connect IP addresses to transactions, deanonymizing the data they contain. Dandelion++ is a method for hiding this connection that is planned for an upcoming Monero software release. This article describes how Dandelion++ works and what it will do for users of Monero.

Man I learned a lot more about how the P2P networks differ in BTC vs XMR by reading this that I never knew before.  Excited to see if this passes the smell test for everyone when testing it out

Same, it's pretty interesting

[tbct_mt2]

Maybe I get you wrong, but it seems like what you saying is, BTC would still be mined for 80+ years. Technically true. But in 2 month 87.5% of all BTC will be already mined.

And after another two halvings that would be 96.875%.

Basically for 50 of those 80 years miners would literally mine last 0.1% of Bitcoins.

It is true because the Bitcoin will officially jump into its deflation phase (next decades) after the coming halving. We have been very closely to the next halving of bitcoin. I don't know what Satoshi will think of and do if he can recreate Bitcoin. Maybe another fair deflation scheme will be chosen. It will never happen so let's look at the first two halvings of bitcoin. Many bitcoin mined and unintentionally destroyed (because of its very low value during those early years), now we have too little bitcoin available for using in real situations. It is somewhat a reason to help its price rising more.

[ZeeeN]

Maybe I get you wrong, but it seems like what you saying is, BTC would still be mined for 80+ years. Technically true. But in 2 month 87.5% of all BTC will be already mined.

And after another two halvings that would be 96.875%.

Basically for 50 of those 80 years miners would literally mine last 0.1% of Bitcoins.

It is true because the Bitcoin will officially jump into its deflation phase (next decades) after the coming halving. We have been very closely to the next halving of bitcoin. I don't know what Satoshi will think of and do if he can recreate Bitcoin. Maybe another fair deflation scheme will be chosen. It will never happen so let's look at the first two halvings of bitcoin. Many bitcoin mined and unintentionally destroyed (because of its very low value during those early years), now we have too little bitcoin available for using in real situations. It is somewhat a reason to help its price rising more.

if next asic miner have more power than today(2X-3X performance) and after that more new one is more performance too(10X-20X compare today)

it make bitcoin mined faster than 80+ years? 

[stas]

the price of BTC would have to be very high by this time. otherwise it won't be profitable.

[Sipizter]

Maybe I get you wrong, but it seems like what you saying is, BTC would still be mined for 80+ years. Technically true. But in 2 month 87.5% of all BTC will be already mined.

And after another two halvings that would be 96.875%.

Basically for 50 of those 80 years miners would literally mine last 0.1% of Bitcoins.

It is true because the Bitcoin will officially jump into its deflation phase (next decades) after the coming halving. We have been very closely to the next halving of bitcoin. I don't know what Satoshi will think of and do if he can recreate Bitcoin. Maybe another fair deflation scheme will be chosen. It will never happen so let's look at the first two halvings of bitcoin. Many bitcoin mined and unintentionally destroyed (because of its very low value during those early years), now we have too little bitcoin available for using in real situations. It is somewhat a reason to help its price rising more.

if next asic miner have more power than today(2X-3X performance) and after that more new one is more performance too(10X-20X compare today)

it make bitcoin mined faster than 80+ years? 

That wouldn't matter because Bitcoin difficulty adjusts so that the average block time stays at ~10 minutes. So if mining/hashrate goes up then difficulty goes up too.

[ZeeeN]

Still mining XMR, no way I'm stopping.

have other cpu coin make more profit?

[karsyla]

Hi,

can someone explain me, how XMR prevents double spend if there is no public ledger available?

[Iamtutut]

What's the point of mining XMR with GPUs ? I doubt any GPU is profitable.

[dEBRUYNE]

Hi,

can someone explain me, how XMR prevents double spend if there is no public ledger available?

See:

https://monero.stackexchange.com/questions/2158/what-is-moneros-mechanism-for-defending-against-a-double-spend-attack

[VictorGT]

Hi. Sorry if this is a noob question, but I prefer to ask.

Yesterday I download GUI wallet last version for Windows 64 bits, at my main PC (Windows 10 64). Windows Defender didn´t find anyting.

I copy the installer to my backup PC (an old laptop, also Windows 10 64) but here Windows Defender find virus:

Uwasson.A!ml
ScarletFlash.A

I don´t know if installing this last version is safe. Maybe a false positive?. Really strange on one PC is clean, on other virus detected (both computers have Defender updated).

Also, which is the safest URL to access monero official web? I am from Spain. Maybe plain "getmonero.org"?

Thanks in advance.

[bitebits]

Hi Victor,

Yes get the GUI from https://web.getmonero.org/downloads/
You should verify the hash to make sure the file is not tampered with:

You are strongly advised to verify the hashes of the archive you downloaded. This will confirm that the files you downloaded perfectly match the files uploaded by the Monero development workgroup. Please don't underestimate this step, a corrupted archive could result in lost funds. Always verify your downloads!

[Hueristic]

Hi. Sorry if this is a noob question, but I prefer to ask.

Yesterday I download GUI wallet last version for Windows 64 bits, at my main PC (Windows 10 64). Windows Defender didn´t find anyting.

I copy the installer to my backup PC (an old laptop, also Windows 10 64) but here Windows Defender find virus:

Uwasson.A!ml
ScarletFlash.A

I don´t know if installing this last version is safe. Maybe a false positive?. Really strange on one PC is clean, on other virus detected (both computers have Defender updated).

Also, which is the safest URL to access monero official web? I am from Spain. Maybe plain "getmonero.org"?

Thanks in advance.

The only truly safe method is to compile yourself and even that after you have vetted the code. But in reality yes use the official site to download binaries even though that has been compromised in the past. As was stated make sure to check the hash.

[STT]

Should be perfectly safe to use the developers website so long as you check current news, twitter, etc for any compromise.   To put it simply various virus detectors maybe all of them will kick up errors for use of various crypto software.   I have avast earlier astonished to find this unique and suspicious file but to their credit they did get back to me automatically in short order to give it the all clear.    But alot of software just assumes the worst, it'll send to quarantine or block and you will not see it again.   Can be a bit of a pain as its not especially justified.
  Use small amounts until you are familiar imo.

Use or google and read about: HTTPS Everywhere

[VictorGT]

Hi again.

I did a few more test.

First I scan also installer from version 0.15.0.1 (which I am using now without problems). Main computer: no virus. Backup computer: virus!. Humm...

Also I use virustotal.com for both files. Both have half a dozen virus detected, but no GREAT virus (most of them coinminer or related things).

I am "almost sure" it is a false positive.

Last question: when a sofware wallet is compromised, is it shown as a virus?. I think no, just a few routines to send out seeds or make transactions must not be detected virus. Am I right?. Last compromised monero wallet, was detected by antivirus?

I am not really a newbie, but prefer to ask. You know... I read about to check the hash of the downloaded files, but procedure seems a bit complicated to me. I think we need something easier for this...

Thanks to all.

NOTE: only thing that differs my both computers (hardware excluded) is backup PC is running an unregistered version of Windows 10. No idea if this is related to different behavior of Defender.

[Hueristic]

Hi again.

I did a few more test.

First I scan also installer from version 0.15.0.1 (which I am using now without problems). Main computer: no virus. Backup computer: virus!. Humm...

Also I use virustotal.com for both files. Both have half a dozen virus detected, but no GREAT virus (most of them coinminer or related things).

I am "almost sure" it is a false positive.

Last question: when a sofware wallet is compromised, is it shown as a virus?. I think no, just a few routines to send out seeds or make transactions must not be detected virus. Am I right?. Last compromised monero wallet, was detected by antivirus?

I am not really a newbie, but prefer to ask. You know... I read about to check the hash of the downloaded files, but procedure seems a bit complicated to me. I think we need something easier for this...

Thanks to all.

NOTE: only thing that differs my both computers (hardware excluded) is backup PC is running an unregistered version of Windows 10. No idea if this is related to different behavior of Defender.

Checking a hash is dead simple, watch a video.

https://www.google.com/search?q=how+to+check+a+files+hash&client=firefox-b-1-d&source=lnms&tbm=vid&sa=X&ved=2ahUKEwislbfn98noAhXMyKQKHXV4BzoQ_AUoAXoECAwQAw&biw=1333&bih=617

[dEBRUYNE]

Hi again.

I did a few more test.

First I scan also installer from version 0.15.0.1 (which I am using now without problems). Main computer: no virus. Backup computer: virus!. Humm...

Also I use virustotal.com for both files. Both have half a dozen virus detected, but no GREAT virus (most of them coinminer or related things).

I am "almost sure" it is a false positive.

Last question: when a sofware wallet is compromised, is it shown as a virus?. I think no, just a few routines to send out seeds or make transactions must not be detected virus. Am I right?. Last compromised monero wallet, was detected by antivirus?

I am not really a newbie, but prefer to ask. You know... I read about to check the hash of the downloaded files, but procedure seems a bit complicated to me. I think we need something easier for this...

Thanks to all.

NOTE: only thing that differs my both computers (hardware excluded) is backup PC is running an unregistered version of Windows 10. No idea if this is related to different behavior of Defender.

You can safely ignore the warning as long as you properly verify the GPG signed hashes:

https://src.getmonero.org/resources/user-guides/verification-windows-beginner.html

https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html

Thereafter, you can apply this guide to ensure the AV software does not delete required files:

https://monero.stackexchange.com/questions/10798/my-antivirus-av-software-blocks-quarantines-the-monero-gui-wallet-is-there

[nullius]

This:

You can safely ignore the warning as long as you properly verify the GPG signed hashes:

https://src.getmonero.org/resources/user-guides/verification-windows-beginner.html

https://src.getmonero.org/resources/user-guides/verification-allos-advanced.html

Checking hashes alone is of limited use.  What if an attacker totally compromised the website, and changed the hashes to match his malicious replacement of the downloadable files?  Whereas the PGP signing keys should be stored and used with much higher security than can be expected of the webserver.  I think that fluffypony (now binaryfate as the signer?) probably knows how to handle PGP keys. ;–)

I have not reviewed the linked guides.  I did skim the beginning of the Windows beginner guide, and noticed an omission:  It does not explain how to verify the Gpg4win download, when you do not have PGP/GPG installed.

Chicken-and-egg problem?  Not quite:  The Gpg4win maintainers have a Microsoft Authenticode signing key,^* so that you can bootstrap trust using built-in Microsoft Windows features:

https://gpg4win.org/package-integrity.html

That is always the first link that I provide to Microsoft Windows users whom I am tutoring in PGP usage.  I suggest that somebody involved in the Monero Project should add this link to the Windows verification guide, with a concise additional explanation, and perhaps some more screenshots of what this actually looks like in current versions of Microsoft Windows.  The pertinent part of the guide:

https://src.getmonero.org/resources/user-guides/verification-windows-beginner.html

1.2. Use Gpg4win Installer

You will be presented with a security verification screen, click Run.

Check that the file is authentic, then click Run.

I have no Windows in my house, so I can’t see how this works in current versions.  The screenshot’s identification of Intevation GmbH as the signer matches the information currently stated on the above-linked Gpg4win verification page.  Users should understand the significance of this, and also know how to check the key fingerprint.  From my recollection of having used long-obsolete MS Windows versions in the distant past, it should all be point-and-click.

In my opinion, if the signature is valid, you should carefully check which Authenticode key was used to sign the file:  Don’t just blindly rely on the system of certificate authorities trusted by Microsoft to verify to you that your download was signed by... somebody who could follow the procedure to obtain an Authenticode signing key.  At the baseline, you should be aware of the Authenticode signature so that you can watch to see if it is not verified; and you can also check it manually if desired, with a few clicks in Windows Explorer.

The same link provides information on verifying Gpg4win using PGP/GPG signatures, for those who are upgrading (or migrating from a different OpenPGP implementation) and want to check the PGP signatures.

(* Obtaining and keeping an Authenticode signing key requires expense, red tape, and (IIUC) dox to a certificate authority.  It should not be expected of most open-source projects.  Gpg4win really needs one, so that users with no PGP can verify their first PGP software.)


I just noticed that the bitcoin.org download page does not link to any corresponding guide.  For now, I suppose that Microsoft Windows users installing Bitcoin Core can follow the Monero verification guide, but with laanwj’s public key.

I did a few more test.

First I scan also installer from version 0.15.0.1 (which I am using now without problems). Main computer: no virus. Backup computer: virus!. Humm...

Also I use virustotal.com for both files. Both have half a dozen virus detected, but no GREAT virus (most of them coinminer or related things).

I am "almost sure" it is a false positive.

Please don’t waste your time and effort.  For this purpose, “antivirus” software is of negligible (i.e., practically zero) help—even negative help:

Thereafter, you can apply this guide to ensure the AV software does not delete required files:

https://monero.stackexchange.com/questions/10798/my-antivirus-av-software-blocks-quarantines-the-monero-gui-wallet-is-there

If you trust the Monero lead devs, then the PGP-signed hash file does what you want:  It proves that you are installing the software that they themselves provided to you.  If you don’t want to trust, then nothing short of a thorough code audit will suffice.