If anyone had any questions regarding the competence and integrity of the Monero core team, here is the monero-dev irc log:
[13:13] <rfreeman_w> the bug appears to be wrong calculation of variable "cnt" that is supposed to be rounded to 2^n but is not for 514
[13:14] <rfreeman_w> testing and making PR
[13:14] * taaku has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[13:15] * rfreeman_w has quit (Remote host closed the connection)
[13:15] * billotronic has quit (Read error: Connection reset by peer)
[13:15] * rfreeman_w (~rfreeman@gateway/tor-sasl/rfreemanw) has joined #monero-dev
[13:16] * dasdasdasd (b24ef1d5@gateway/web/cgi-irc/kiwiirc.com/ip.178.78.241.213) has joined #monero-dev
[13:16] <superresistant> are we garanted that there will be no rollback ?
[13:16] <superresistant> can the pool operators resume payment ?
[13:17] <fluffypony> superresistant: yes - one 70kb bad block doesn't mess the entire chain up irrevocably
[13:17] <fluffypony> and we're way past it anyway
[13:17] * bagad has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[13:17] * rerfe (4fb8f522@gateway/web/cgi-irc/kiwiirc.com/ip.79.184.245.34) has joined #monero-dev
[13:18] * rerfe has quit (Client Quit)
[13:19] * dEBRUYNE has quit (Ping timeout: 260 seconds)
[13:20] <smooth> yeah but im wondering about the crazy rules about mixing types on bit shifts and stuf
[13:21] <kinglark> ...
[13:21] * wwww has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[13:21] * taaku (7d105f0b@gateway/web/cgi-irc/kiwiirc.com/ip.125.16.95.11) has joined #monero-dev
[13:22] <rfreeman_w> smooth, the error is here:
[13:22] <rfreeman_w> for (i = 1; i < sizeof(size_t); i <<= 1) { cnt |= cnt >> i; } cnt &= ~(cnt >> 1);
[13:22] <smooth> whats wrong with it
[13:22] * sk00t3r (c0853e02@gateway/web/cgi-irc/kiwiirc.com/ip.192.133.62.2) has joined #monero-dev
[13:23] <smooth> fills in all the lower bits then clears all but the upper bit
[13:23] <rfreeman_w> for value of 514 it rounds it to 513, instead of power of two like 512 like in other cases
[13:23] <tewinget> errrrr
[13:24] <rfreeman_w> or, is that not a problem? for 514, and some other numbers like 1026 2050 3074 and so on, it produces odd numbers, while it seems they wanted to produce powers of two
[13:25] * dEBRUYNE (~Henkdenee@27-195-ftth.onsbrabantnet.nl) has joined #monero-dev
[13:27] * Teezy (~ident@91-157-187-191.elisa-laajakaista.fi) has joined #monero-dev
[13:27] <rfreeman_w> I assume resulting cnt is supposed to be nearest lesser power of two there? If yes, then
http://p.suchdig.com/p/pvk. shows difference.
[13:28] * erl has quit (Quit: I used to think I was indecisive, but now I'm not too sure.)
[13:28] * xmining has quit (Ping timeout: 260 seconds)
[13:28] * xmining_ (
xmining@108.62.233.111) has joined #monero-dev
[13:28] * taaku has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[13:29] <rfreeman_w> tewinget, first number that differs is the number that is used in the bad-block, so I think that was the bug that caused it. Any thoughts?
[13:30] <fluffypony> but we only forked 2 blocks later
[13:32] <rfreeman_w> I think it caused that somehow. are the 2 next blocks fully correct?
[13:32] * taaku (7d105f0b@gateway/web/cgi-irc/kiwiirc.com/ip.125.16.95.11) has joined #monero-dev
[13:32] <rfreeman_w> not sure how that problem is exactly resulting in chain split but that must be it
[13:33] <tewinget> I'm gonna go and get some breakfast so I have any energy at all.
[13:33] <moneromooo> I don't suppose this code uses any implementation defined behavior (eg, unsigned overflow) ?
[13:34] <moneromooo> Which might cause, eg, Linux and Windows builds to get different results ?
[13:34] <rfreeman_w> moneromooo, well it does
[13:34] <rfreeman_w> the verification of hash seems to depend on sizeof(size_t)
[13:35] * Davet (615c1b1d@gateway/web/cgi-irc/kiwiirc.com/ip.97.92.27.29) has joined #monero-dev
[13:35] <rfreeman_w> it will break faster on 32 bit
[13:35] <rfreeman_w> maybe for some implementation it would even pass for 514?
[13:35] <sk00t3r> How can I confirm I am on the correct chain? My deamon has not been on in a few days.
[13:36] <smooth> rfreeman_w sizeof(size_t)*8 i think. it should be bits not bytes
[13:36] * taaku has quit (Client Quit)
[13:36] <rfreeman_w> ok give me few minutes I will make PR that we can review
[13:36] * Davet has quit (Client Quit)
[13:37] * uzer111 (567fd0d9@gateway/web/cgi-irc/kiwiirc.com/ip.86.127.208.217) has joined #monero-dev
[13:38] <rfreeman_w> Who ever written that original code anyway? With no comments and in style perfect to hide corner case bug
[13:38] <smooth> its retarded there is a much better way to figure that out, maybe in O(1) some bit twiddling thing
[13:38] <smooth> anding with cnt-1 or something
[13:39] <smooth> i never remeber those tricks
[13:39] * Yolo (25b957a7@gateway/web/cgi-irc/kiwiirc.com/ip.37.185.87.167) has joined #monero-dev
[13:39] <smooth> but as coded im pretty sure my fix is right
[13:39] <tewinget> if we're pretty sure on rounding down to nearest power of 2 (or up)
[13:39] * rdymac has quit (Excess Flood)
[13:39] * Yolo has quit (Client Quit)
[13:39] <smooth> test it with smaller numbers
[13:39] <smooth> you get the same results
[13:39] <smooth> its when it gets bigger (since sizeof(size_t) =8) it doesn't work
[13:40] <tewinget> uint i = 1; while (i < cnt) i << 1; i >> 1; cnt = cnt & ~i;
[13:40] <tewinget> done
[13:40] <smooth> yeah that probably works too
[13:40] <smooth> better make sure its exactly the same as the old one for smaller numbers though
[13:40] <smooth> im a little more comfortable with the small fix, but this is fine if teted
[13:41] * sammy007 (~sammy007@unaffiliated/sammy007) has joined #monero-dev
[13:42] * rdymac (~rdymac@unaffiliated/rdymac) has joined #monero-dev
[13:44] * Jojatekok (50635747@gateway/web/freenode/ip.80.99.87.71) has joined #monero-dev
[13:45] <Jojatekok> hello!
[13:45] <smooth> Jojatekok hi there
[13:45] <Jojatekok> good luck with recovering the situation of Monero... :/
[13:45] <Jojatekok> it will strenghten us, though
[13:45] <Jojatekok> and release weak hands
[13:45] <smooth> Jojatekok we think we found the exploit
[13:45] <smooth> still analyzing it
[13:46] <Jojatekok> smooth: freakin' awesome o.O
[13:46] <Jojatekok> acting in 8 hours, like a boss :O
[13:46] <smooth> ive been up for like 80
[13:46] <Jojatekok> and took down Polo trading in 10 min
[13:46] <smooth> i was getting ready to crash when the attack started
[13:46] <Jojatekok> yeah, awesome
[13:46] <smooth> with the spam
[13:46] <hegemoOn> sk00t3r: use "diff" command inside your bitmonerod
[13:46] <hegemoOn> and look at the block level
[13:46] <smooth> i had a really, really bad feeling about the spam attack being purposeful
[13:46] <rfreeman_w> this detects and tests the bug:
https://github.com/rfree2monero/bitmonero/commit/b417abfb7a297d09f1bbb6de29030f8de9952ac8[13:47] <hegemoOn> diff
[13:47] <hegemoOn> 2014-Sep-04 14:46:57.879129 BH: 203144, DIFF: 1275428366, HR: 21257139 H/s
[13:47] <Jojatekok> wow guys
[13:47] <hegemoOn> current valid blockchain is 203144
[13:47] <Jojatekok> okay, Monero is officially a serious coin
[13:47] <sk00t3r> hegemo0n: Thanks man.
[13:48] <rfreeman_w> the bug causes the hash function to run time too many, so it causes random results. For future all allocs should at least zero fill the memory.
[13:48] <smooth> rfreeman how is it random
[13:49] <smooth> uninitilized memory hashed into it?
[13:49] <hegemoOn> sk00t3r: if not, then download the blockchain boostrap, stop bitmonerod, erase the current blockchain.bin, and replace it by the fresh downloaded one and startagain bitmonerd
[13:49] <sammy007> so is fluffypony's patch is a preventive cure for now?
[13:49] <rfreeman_w> smooth, seems so. didn't tested fully
[13:49] <smooth> that would explain consensus failure i think
[13:49] <smooth> or would it
[13:49] <fluffypony> sammy007: not merged yet - we're deciding
[13:50] <rfreeman_w> smooth, the fix for the bug is not released yet? because I'm preparing final PR
[13:50] <smooth> nothing released yet
[13:50] <rfreeman_w> the 30 block size is just temporary to fix miners right? should I finish my PR? a
[13:50] <smooth> seems to me the block woudl just get rejected a lot
[13:50] <Jojatekok> fluffypony: there should be an alarm system implemented into the blockchain, which core devs may control
[13:50] <Jojatekok> fluffypony: like in Bitcoin
[13:50] <smooth> rfreeman_w yes that is temp
[13:50] <smooth> 30kb
[13:50] <sk00t3r> hrgrmo0n: Thanks. I'll do that tonight if I see Im on the wrong one. I doubt it since it has been a few days since I have opened bitmonerod
[13:50] <Jojatekok> fluffypony: but our alarms may block outgoing TXes after block 'n'
[13:51] <fluffypony> Jojatekok: that's centralised, we won't do that
[13:51] <sammy007> fluffypony: just my 5 cents, seems it can affect pool's payouts
[13:51] <hegemoOn> sk00t3r: you cannot know until you check
[13:51] <Jojatekok> ok, ikr, but BTC has it...
[13:51] <fluffypony> Jojatekok: that's just an alerts system, which we will implement once we've decided how we want to do so
[13:52] <smooth> fluffypony> Jojatekok well i could see it as a temporary measure while the code is so sucky
[13:52] <Jojatekok> smooth: exactly
[13:52] <fluffypony> also just because an alert is issued doesn't mean people will upgrade
[13:52] <Jojatekok> fluffypony: that's why there should be alertimportance levels
[13:53] <Jojatekok> so, for instance, an alarm may talk about a mandatory update, and block all the incoming and outgoing TXes
[13:53] <smooth> we may need to do somethign special about that block
[13:53] * taaku (7d105f0b@gateway/web/cgi-irc/kiwiirc.com/ip.125.16.95.11) has joined #monero-dev
[13:54] * tacotime has quit (Ping timeout: 240 seconds)
[13:54] * bobbydoe (48e58189@gateway/web/cgi-irc/kiwiirc.com/ip.72.229.129.137) has joined #monero-dev
[13:57] * dadadoo has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:00] * oiearg has quit (Quit: Page closed)
[14:00] * taaku has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:01] * oiaerga (175cd202@gateway/web/freenode/ip.23.92.210.2) has joined #monero-dev
[14:03] * rfreeman_w has quit (Ping timeout: 264 seconds)
[14:05] * eaf (54724df9@gateway/web/freenode/ip.84.114.77.249) has joined #monero-dev
[14:05] * Tom_Cruise (~Tom@107-206-162-128.lightspeed.irvnca.sbcglobal.net) has joined #monero-dev
[14:08] * amin0rex has quit (Read error: Connection reset by peer)
[14:08] * amin0rex (~alk@71-8-128-127.dhcp.stcd.mn.charter.com) has joined #monero-dev
[14:09] * Tom_Cruise has quit (Ping timeout: 245 seconds)
[14:12] * rfreeman_w (~rfreeman@gateway/tor-sasl/rfreemanw) has joined #monero-dev
[14:15] * eaf has quit (Ping timeout: 246 seconds)
[14:16] * xmrhodler (57725749@gateway/web/cgi-irc/kiwiirc.com/ip.87.114.87.73) has joined #monero-dev
[14:17] <rfreeman_w> smooth, maybe bin that block by hash and disable part of normal validation?
[14:17] <rfreeman_w> pin
[14:18] * xmrhodler has quit (Client Quit)
[14:19] * xmrhodler (57725749@gateway/web/freenode/ip.87.114.87.73) has joined #monero-dev
[14:20] * grubles (~grubles@unaffiliated/grubles) has joined #monero-dev
[14:21] * PestoQuinty has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:24] * safas has quit (Ping timeout: 246 seconds)
[14:29] * Tom_Cruise (~Tom@107-206-162-128.lightspeed.irvnca.sbcglobal.net) has joined #monero-dev
[14:30] * uzer111 has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:32] * MoneroChat has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:34] * Tom_Cruise has quit (Ping timeout: 264 seconds)
[14:36] * InfoFront (32f702cd@gateway/web/cgi-irc/kiwiirc.com/ip.50.247.2.205) has joined #monero-dev
[14:37] * lucasjones has quit (Remote host closed the connection)
[14:39] * MoneroChat (42831398@gateway/web/cgi-irc/kiwiirc.com/ip.66.131.19.152) has joined #monero-dev
[14:42] * etc (45fb29b7@gateway/web/freenode/ip.69.251.41.183) has joined #monero-dev
[14:43] <smooth> rfreeman_w yes thats what we have to do
[14:44] <rfreeman_w> is that expected result of fork/etc? cryptonote_protocol_handler.inl:353 [73.46.4.206:54603 INC]sent wrong NOTIFY_RESPONSE_GET_OBJECTS: block with id=3a8a2b3a29b50fc86ff73dd087ea43c6f0d6b8f936c849194d5c84c737903966 wasn't requested, dropping connection
[14:44] <smooth> rfreeman_w i dont know ask fluffypony
[14:45] <fluffypony> rfreeman_w: the expected result is the fork
[14:45] <fluffypony> I would imagine
[14:45] <rfreeman_w> okey
[14:49] <kinglark> i think it's ok now
[14:51] <rfreeman_w> Researched BBL: it seems they do the loop to sizeof(size_t) * 8 so it will also crash, just on bigger transactions numbers
[14:52] <rfreeman_w> a friend will prepare a text to reply about BBL being (not)immune on forum, in fact this work fixes mistake in seemingly all CN coin
[14:52] <tewinget> it's...just why? it's such a simple operation.
[14:53] <tewinget> it's literally bitshifting one way from 1 while you bitshift the other way from count...
[14:54] <rfreeman_w> who needs math or CS classes when you can just duur the hurr C code. Though personally I half-suspects malice. But who knows
[14:54] <hegemoOn> 2014-Sep-04 15:51:34.069230 [P2P8]ERROR /home/netmonk/bm/bitmonero/src/cryptonote_core/tx_pool.cpp:108 Transaction with id= <c9cb35206f78b8e2c326630d69159cc117d4307fe7ab108af3147bb456983212> used already spent key images
[14:55] <kinglark> my pool has synd of
http://monerochain.info/[14:55] <kinglark> it looks ok now
[14:56] * Guest343 has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:57] * deliberately_unc has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[14:57] * dasdasdasd has quit (Quit:
http://www.kiwiirc.com/ - A hand crafted IRC client)
[15:00] <Gekz> time to port the codebase to Rust I reckon
[15:01] <fluffypony> nah
[15:01] <Quanttek> ^
[15:01] <fluffypony> JavaScript
[15:02] <Quanttek> PHP is the best
[15:02] <jwinterm> why not fortran? do they have boost for fortran?
[15:02] <hegemoOn> well i would think about ocaml
[15:02] <fluffypony> Quanttek: you know that Timekoin is actually written in PHP...
[15:02] <fluffypony> and I'm not even joking
[15:02] <Quanttek> oh wow
[15:02] <Quanttek>
http://bjorn.tipling.com/if-programming-languages-were-weapons[15:02] <Quanttek> I like the php one
[15:04] <fluffypony>
https://github.com/knightmb/timekoin/tree/master/server/v3.51[15:04] * pen has quit (Ping timeout: 260 seconds)
[15:06] <Quanttek> I have a friend, who loves php 'because you can use it everywhere and wordpress is written in it, which I always use as foundation'
[15:06] * Kushedout (~Kushedout@adsl-69-231-114-69.dsl.irvnca.pacbell.net) has joined #monero-dev
[15:08] <Gekz> Quanttek: fucking hell
[15:08] * dnaleor_ (~creveroel@ptr-212-224-214-4.dyn.mobistar.be) has joined #monero-dev
[15:08] <kinglark> 2014-09-04 22:05:20 [pool] (Thread 2) New block to mine at height 202652 w/ difficulty of 1220524081
[15:09] <fluffypony> you're on a fork
[15:09] <jwinterm> so is there going to be a mandatory update pronto? some explanation of what happened beyond commit messages?
[15:09] <othe> of course jwinterm
[15:09] <Quanttek> kinglark: you have to delete the blockchain and then bootstrap from op
[15:10] * xn2 (~xnbya@ec2-54-76-136-90.eu-west-1.compute.amazonaws.com) has joined #monero-dev
[15:10] <Quanttek> kinglark: current pools, I know about, who use the current version are coolmining, cryptograben, cryptonotepool.og.uk, *.fr and hashinvest
[15:10] * [tymat] (
tymat@pris.im) has joined #monero-dev
[15:10] <jwinterm> the corrupted block was accepted because of a memory overflow exploit? does that mean that all clients that accepted the block suffered from the same exploit?
[15:10] <Gekz> Quanttek: just finished that post
[15:10] <Gekz> I actually laughed
[15:10] <jwinterm> cool othe
[15:10] <Gekz> it's really funny
[15:10] <jwinterm> I will be patient
[15:12] <smooth> jwinterm they got different hash results because they were reading from uninitizliaed memory
[15:12] <smooth> jwinterm yes there will be an update very soon
[15:13] <jwinterm> so it's not something that could be exploited to do bad things to someone's computer beyond the monero client, I guess is what I'm curious about?
[15:13] * iourzzz has quit (Ping timeout: 246 seconds)
[15:13] <jwinterm> luckily I haven't synced my client(s) in about 30 days
[15:13] <hegemoOn> well it seems its not a classical buffer overflow
[15:13] <hegemoOn> but a basic bug on bit arithmetic
[15:14] <hegemoOn> you believe you test a certain value
[15:14] <hegemoOn> but you test another value
[15:14] <hegemoOn> so if your condition is <16 and in reality you compute <17
[15:14] <hegemoOn> there is a little space
[15:15] <hegemoOn> for 16 to be valid
[15:15] * tf2honeybadger (~kevin@unaffiliated/tf2honeybadger) has joined #monero-dev
[15:15] <hegemoOn> it seems: 14:22:11 rfreeman_w | for (i = 1; i < sizeof(size_t); i <<= 1) { cnt |= cnt >> i; } cnt &= ~(cnt >> 1);
[15:15] <kinglark> my wallet ver is 0.8.8.3
[15:16] <hegemoOn> the error is here, and the shift is not behaving as coder expected
[15:16] <hegemoOn> kinglark: its not a matter of wallet
[15:16] * tacotime (~ttttttttt@198.52.200.63) has joined #monero-dev
[15:16] <fluffypony> kinglark: shut your daemon down, delete your blockchain, download the bootstrap from us, start it up again
[15:16] <rfreeman_w> hegemoOn, I fixed the bug
[15:17] * grubles has quit (*.net *.split)
[15:17] * tymat has quit (*.net *.split)
[15:17] * heyyou has quit (*.net *.split)
[15:17] * TheNat has quit (*.net *.split)
[15:17] * Kushed has quit (*.net *.split)
[15:17] * dnaleor has quit (*.net *.split)
[15:17] * osensei has quit (*.net *.split)
[15:17] * beavisboy has quit (*.net *.split)
[15:17] * AJIekceu4_ has quit (*.net *.split)
[15:17] * xnbya has quit (*.net *.split)
[15:17] * sandor111 has quit (*.net *.split)
[15:17] <hegemoOn> fluffypony: problems he has +17 monerod to manage
[15:17] <rfreeman_w> hegemoOn, there was a bug in way they calculate which parts of data need to be hashed and part ended up not hashed
[15:17] <smooth> hegemoOn the shift is fine, it just doesn't looop enough times
[15:17] <hegemoOn> rfreeman_w: yeah so its not a buffer overflow
[15:17] <smooth> it was counting bytes it sould count bits
[15:17] <hegemoOn> or integer overflow
[15:17] <hegemoOn>
[15:17] * billotronic (62dc12ca@gateway/web/freenode/ip.98.220.18.202) has joined #monero-dev
[15:17] <smooth> well, its not buffer ovverflow but it does access uninitialized memory later in the function
[15:18] <hegemoOn> its just a wrong test
[15:18] <hegemoOn> no unitary test performed !
[15:18] <nuke1989> what miners should do? i stopped mining for now. But should i continue and if yes which pools are okay?
[15:18] <smooth> everything should be fine from here
[15:18] <Gekz> rfreeman_w: patch?
[15:18] <hegemoOn> who signed the QA ?
[15:18] <fluffypony> hegemoOn: lol
[15:18] <fluffypony> QA
[15:18] <fluffypony> good one
[15:19] <smooth> im sure they do QA the exploits to make sure they work
[15:19] <hegemoOn> yeah i can have some humor
[15:19] * mikezackles (~mikezackl@ec2-23-20-38-155.compute-1.amazonaws.com) has joined #monero-dev
[15:19] <hegemoOn> nuke1989: swithc to my pool
[15:19] <hegemoOn> im on the right side of the blockchain
[15:19] <hegemoOn>
http://monero.coolmining.club[15:19] <hegemoOn> the risk is that you will mine on a pool on the wrong side of the blockchain
[15:20] <hegemoOn> and never get reward
[15:20] <nuke1989> hegemoOn, okay
[15:21] <rfreeman_w> Gekz,
https://github.com/rfree2monero/bitmonero/commit/b417abfb7a297d09f1bbb6de29030f8de9952ac8 that is my fix look at date, cryptonote was later
Will release nicer patch soon
[15:21] <Gekz> I saw that one.
[15:21] <Gekz> looking for the clean one.
[15:21] <Gekz>
[15:21] * Guest78271 has quit (Quit: leaving)
[15:23] * AJIekceu4_ (~AJIekceu4@91-203-170-146.broadband.sbor.net) has joined #monero-dev
[15:23] * TheNat (~bartek-de@84-10-39-162.static.chello.pl) has joined #monero-dev
[15:26] * EsteNuno (~EsteNuno@223.205.172.143) has joined #monero-dev
[15:27] * etc has quit (Quit: Page closed)
[15:27] * EsteNuno_ has quit (Ping timeout: 255 seconds)
[15:27] * sandor111 (uid42202@gateway/web/irccloud.com/x-ygkvlfwjjthorbkl) has joined #monero-dev
[15:27] * sandor111 has quit (Client Quit)
[15:27] * sandor111 (uid42202@gateway/web/irccloud.com/x-tbnhijsrcbhvctgf) has joined #monero-dev
[15:27] * osensei (~sensei@190.246.100.165) has joined #monero-dev
[15:28] * villabacho (~kvirc@bg-3.or.uni-bonn.de) has joined #monero-dev
[15:28] <hegemoOn> nuke1989: i dont see you
[15:29] * yo (2ebd2702@gateway/web/cgi-irc/kiwiirc.com/ip.46.189.39.2) has joined #monero-dev
[15:29] * yo is now known as Guest31350
