[XMR] Monero - A secure, private, untraceable cryptocurrency

[cAPSLOCK]

I don't know who Peter Todd is but if he was HIRED to be a consultant for Monero it is really really unprofessional for him to be publicly defaming the code on twitter before privately giving his input to the devs. In the corporate world if say IBM were having some issues with their books and hired an outside accounting firm to come audit and straighten things out, then said firm went on twitter and publicly went "Hoo Boy! It's amazing IBM functions at all considering they basically use monkeys with crayons to do their accounting!" That would not fly and would immediately tank the price of the stock. When people have money on the line, why would this guy be publicly slandering the code when he has been hired as a consultant???

I agree with this position.  I am disappointed at that display.  I think it can be said, but this was a bad way to do it.

[jl777]

Well, Peter Todd was right.  It's politically incorrect, but he's not known for tact and charm.  He's known for creative technical solutions.

And frankly, if IBM were doing its accounting with crayons and monkeys, and you didn't inform the stakeholders, you'd be very irresponsible.

I am curious if the cryptonote code base is intentionally done with crayons and monkeys. What is to be gained from this?
Simple things like their reference code didnt compile for me. Now I am always having problems getting all the modules installed, but I would think a supposed reference code should compile. So if it doesnt compile, then what other problems are there?

Didnt make sense to me and I didnt have time to investigate

James

[iCEBREAKER]

I would have thought that Peter Todd (previously a core bitcoin dev) would have enough on his plate as he recently (few weeks ago) joined the Viacoin dev team.

We had already talked to Peter about consulting for us before that. He does various consulting work, especially open source projects. He explained on reddit (go find it if you care) that one of his consulting clients happens to be Viacoin, and he didn't even know much about what they are doing. In typical pump-and-dump fashion, Viacoin quickly turned that consulting gig into him being their "chief scientist" and promptly put out a slicked up press release about it.

In short you are reading too much into it, and for what its worth we won't be wasting any of our donation money writing press releases and trying to promote a consulting gig as something more than what it is.

Peter Todd is the new CEO of Monero!  That's great news!  

[smooth]

Well, Peter Todd was right.  It's politically incorrect, but he's not known for tact and charm.  He's known for creative technical solutions.

And frankly, if IBM were doing its accounting with crayons and monkeys, and you didn't inform the stakeholders, you'd be very irresponsible.

I am curious if the cryptonote code base is intentionally done with crayons and monkeys. What is to be gained from this?
Simple things like their reference code didnt compile for me. Now I am always having problems getting all the modules installed, but I would think a supposed reference code should compile. So if it doesnt compile, then what other problems are there?

Didnt make sense to me and I didnt have time to investigate

James

I haven't looked at it (we are forked from bytecoin, though the copyrights on the code still say cryptonote) but from what I remember, their reference code is more of a toolkit and probably requires some edits to turn into a working coin.

Any of the working cryptonote forks should be easiler to build. I've never done anything other than (install dependencies and) type make.

[Anon136]

Well, Peter Todd was right.  It's politically incorrect, but he's not known for tact and charm.  He's known for creative technical solutions.

And frankly, if IBM were doing its accounting with crayons and monkeys, and you didn't inform the stakeholders, you'd be very irresponsible.

I am curious if the cryptonote code base is intentionally done with crayons and monkeys. What is to be gained from this?
Simple things like their reference code didnt compile for me. Now I am always having problems getting all the modules installed, but I would think a supposed reference code should compile. So if it doesnt compile, then what other problems are there?

Didnt make sense to me and I didnt have time to investigate

James

It is a bit of a bastard to get up and running in my experience. also hi james. unexpected to see you over here.

[cAPSLOCK]

Well, Peter Todd was right.  It's politically incorrect, but he's not known for tact and charm.  He's known for creative technical solutions.

And frankly, if IBM were doing its accounting with crayons and monkeys, and you didn't inform the stakeholders, you'd be very irresponsible.

His assessment of CN code is correct imho.  It's a mess.  Shouting "Cryptonote code is terribad" on twitter is extremely foolish.

(Edited to remove funny, put possibly insulting last line)

[TheKoziTwo]

What does all of these users have in common?

SCAM? Too many big headed hero members telling you noobs to buy a shitcoin. Karma is a bitch.

Obvious shitcoin, James.

[XMR] Monero - A secure, private, untraceable cryptocurrency ?? wtf

Or maybe the price will tank and you will end up a bagholder... hero members endorsing this shit should be slapped.

Boolberry is doomed also. CryptoNote coins are now officially shit because of Monero and insiders.

All cryptonote coins offline on Bittrex. RIP CryptoNote.

We should make a blacklist of all Senior and Hero Members who were promoting this shitcoin. Monero and Boolberry threads should be moved to the Trashcan.

Seems that Monero is totally broken.

And this is why adoption for cryptonote is at least 5 years behind bitcoin API.....all you hero shills love talking it up....

its untested - no business in their right mind would accept this technology when flaws like this exist.

Back to the drawing board...maybe you can look at the bloat / scalability issue while you are at it!

Monero devs took CryptoNote protocol and tried to implement some changes without any understanding of what they're doing. Probably XMR’s devs questionable modifications lead to this kind of attack. That is what you get when you steal the code you are not capable of maintaining.

Remember kids: you should not modify a code if you’re not completely sure what it will cause. Currently people are paying with their funds because of the incompetent Monero devs. Reminds me too much of a real world situation, when the bank closes people loose funds they've invested. I hoped we wouldn't see it in the crypto world.

https://twitter.com/petertoddbtc/status/507407230204125184

"First time I'm compiling #monero, and its consensus is broken :/ "

HAHAHAHAH RIP MONERO

Why do you keep throwing good money after bad? Monero developers have confirmed their incompetence numerous times, and you still continue investing in XMR. I understand that you’ve put a lot of effort and money in it but you should not be tied up to the sunk costs.

It seems that you've been lured into thinking that Monero is going to the moon when actually it is doomed. I think you should rethink your commitment before you've lost even more.

Hint: no avatar

[Patel]

Devs, when will you give exchanges the green light to trade?

[AKWAnalytics]

Devs, when will you give exchanges the green light to trade?

https://twitter.com/Poloniex/status/507571637214920704

[Nekomata]

XMR is the future.

[aminorex]

sounds more like you were? are? considering changing the codebase entirely.

Not a core dev here, just a very experienced one commenting from observation:

It is necessarily an incremental process, in the context of a working system.  Breaking things that people depend on is anathema.  And you would be surprised at the sort of unsupported edge cases that people come to depend upon.

Removing functionality which is not actively causing a more serious problem is very undesirable.  Sometimes it is practically unavoidable, however.

The evolution of the XMR codebase will be a long series of focused refactorings (think of replacing a hip with titanium) and cross-cutting ones (think of chemotherapy to kill a blood cancer circulating throughout the body).  It's not a large codebase, but it is an (often unduly) complex one.  The cost and time are sunk mostly into the links between the parts, the interfaces.  The more there are and the more complex those interfaces are, the longer it takes and the more it costs.

If you try to basically rewrite the thing before rolling out a big gem, maintenance costs can bankrupt your development effort, and the released feature set is stagnant.  Although it takes longer, as long as it is viable, it is wise to choose the incremental refactoring path.  Then incremental features which are practically necessary can be released as the improvements in infrastructure allow.  

In general, refactoring is the process of performing correctness-preserving transformations on the code, until the interfaces fall along the boundaries necessary to contain the complexities inherent in the feature requirements into modules which have more managable size and complexity.  It is slower than rewriting, but far less risk.

In crypto, as in embedded vehicle or weapon controls, minimizing risks takes on profound importance.  

[Patel]

Devs, when will you give exchanges the green light to trade?

https://twitter.com/Poloniex/status/507571637214920704

Thanks

[Skinnkavaj]

Mintpal price is about 0.00415 now, HitBTC was frozen at 0.00380 after some had dumped on low volume (2,500 XMR) at the last moment.

All I ask is that the most reputable and highest-volume exchange, Poloniex, would:
- announce the resumption of trading at least 1 hour in advance;
- allow traders to enter orders during this time;
- arrange a market-clearing procedure at the moment when the trading starts, so that the existing bids and asks that coincide, would be matched with each other at the midprice that clears all of them, to not favor sellers or buyers.

Code:

<@fluffypony> busoni: also, thoughts on this - https://bitcointalk.org/index.php?topic=583449.msg8672104#msg8672104 ?
<busoni> fluffypony: I can announce in advance, but the other things are not possible
<@fluffypony> 100%
<busoni> The new trading engine does not allow crossed orderbooks
<busoni> Okay, I'll announce an unfreeze in about an hour... the wallet should be finished resyncing by then.

Trading should be resumed in hours.

[dga]

1) Can you already rule out that the same (or similar) attack can be mounted again?

2) Can you already rule out conclusively that no lasting damage was done (as in: according to the pre-attack ownership situation)? Any chance that some subtle damage was done that'll be discovered only later?

I'll answer both at the same time. This particular attack can't be mounted again. We haven't pushed out the official fix yet, but exploit it requires growing the blocks sizes, which takes time. We'd never let that happen. The full fix will be out soon. This hole is plugged.

Any software can have vulnerabilities and exploits. This is exacerbated by the fact that we got the code from a bunch of lying scammers who despite that character flaw, happen to have some talent when it comes to cryptography and to a lesser extent coding. We are reviewing the code and paying qualified people to review the code in order to identify and correct problems to the greatest extent possible. Further we will be restructuring, refactoring, and/or replacing some of the code in order to further increase its robustness and trustworthiness (removing obfuscation for example).

I think you need to take a break. You are unintentionally saying stupid things.

This particular attack can't be mounted again.

Implies - so other attacks are still possible?

Any software can have vulnerabilities and exploits.

Implies - don't trust Monero with your anonymity just yet.

we got the code from a bunch of lying scammers who despite that character flaw, happen to have some talent when it comes to cryptography and to a lesser extent coding.

Where do you start with this statement.

Implies

- We didn't have the technical skill in the first place, so we are just using anything we could find
- Quality assurance in the code was never a priority

We are reviewing the code and paying qualified people to review the code in order to identify and correct problems

Implies - We haven't got a clue. So we are paying for temporary help.

Get some sleep. For investors, this sort of loose talk, from someone that is an established part of the team, gives zero confidence in the project.

This isn't stupid at all - he's being accurate.  If you heard someone from the dev team saying anything except what smooth just posted, you should be running.

Yes, of course there are other attacks that can, and, if the coin continues to be successful, will be mounted against Monero and the other cryptonote coins.

It's a new codebase, and it was inherited from an unknown set of developers whose motivations, competence, and trustworthiness are unknown.

If you're buying Monero or any other coin based on the codebase, you'd damn well better be doing it with your eyes open:  These coins are new.  They're not based on a fork of the bitcoin codebase.  They're different, and they come will all sorts of attendant risks of bugs and vulnerabilities.  That's also part of what makes them interesting, and not just a blah-blah "i cp'd bitcoin and tweaked a parameter".

Don't rail at the developers for being honest with you.  Thank them for assuming you're adult enough to deal with reality, and thank them for not misrepresenting what they're working on.

You're criticizing the developers for bringing in external expertise?  Give me a break.  Taking over a foreign codebase that's got interesting cryptography and implements a distributed system is hard.

As I said about an earlier Monero bug:  https://bitcointalk.org/index.php?topic=583449.msg7988816#msg7988816

the test is how the team responds, whether they're able to identify and fix the bug, and whether the quality of the code and the process for preventing bugs improves over time.

So I have a very concrete suggestion for you:  Shut up for a moment.  Give all of the devs involved a day or two to recover from what must have been an annoying and stressful bug hunt.  And then ask *politely* if they'll include in the next Missives a summary of the things they're doing to improve the codebase and the development process for the coin, such as progress on regression testing and the ability to do things on testnets, elimination of buggy coding patterns, etc.  See what's been changed, if anything, from the previous bugs, and if there's improvement going on, and then decide for yourself whether the trajectory is good or not.

[PestoQuinty]

This attack on XMR was meant to distract bears attention from BTC, so the bulls can do their job lol jk.
Still, I hope we will capture this BTC bull moment (if its not over already)...

[rpietila]

W h a t   a   g r o s s   i r o n y that the most legitimate and economic initial distribution of any cryptocoin existing (and therefore the most potential #2 coin in the months and years to come) happens to be a coin with an unbelievably messy codebase, intentionally made scammy, buggy, unoptimized, crippled and obfuscated by the (B)CN scamdevs.

[crypto_zoidberg]

Note to newcomers: BBR is the only (non-XMR) cryptonote coin that is not conclusively proven to be lead by the original CN scamteam

Well, thanks, at least some recognition

[Nekomata]

XMR is the future.

[sleepdog]

Any sign of a Win 64 blockchain download?

Just re-did mine from the one in the 1st post and it ended up on the wrong fork...

Just quoting to try and raise this request out of mire of squabbling. 

[aminorex]

W h a t   a   g r o s s   i r o n y that the most legitimate and economic initial distribution of any cryptocoin existing (and therefore the most potential #2 coin in the months and years to come) happens to be a coin with an unbelievably messy codebase, intentionally made scammy, buggy, unoptimized, crippled and obfuscated by the (B)CN scamdevs.

The universe abhors a bad implementation of good math, and always entrusts it to stronger hands.

Okay, it's not QED, but it's still an elegant theory.