[XMR] Monero - A secure, private, untraceable cryptocurrency - page 1472.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: coins101 on September 06, 2014, 04:24:10 AM

Some questions tied to speculative thoughts on the attack.

When the network was spammed to try and bloat the block chain, was that actually part of the attack? Wouldn't you want to slow down the network and cause some transaction volume to slow as part of the prep work?

Maybe if you were trying to take control, a slower network, down to what you could manage, would be a necessity.

To counter the block chain spamming, was the fork to increase the fees an anticipated outcome for the attacker and something he was relying on, or was that a problem that required him to force another fork?

Although the events were some weeks apart, it is still quite a lot of attack activity in a relatively short period of time.

Happy to delete this post if you think it just promotes unnecessary FUD.

Let's address all this after we are done with recovery and have official builds up.

coins101

legendary

Activity: 1456

Merit: 1000

Some questions tied to speculative thoughts on the attack.

When the network was spammed to try and bloat the block chain, was that actually part of the attack? Wouldn't you want to slow down the network and cause some transaction volume to slow as part of the prep work?

Maybe if you were trying to take control, a slower network, down to what you could manage, would be a necessity.

To counter the block chain spamming, was the fork to increase the fees an anticipated outcome for the attacker and something he was relying on, or was that a problem that required him to force another fork?

Although the events were some weeks apart, it is still quite a lot of attack activity in a relatively short period of time.

Happy to delete this post if you think it just promotes unnecessary FUD.

papa_lazzarou

hero member

Activity: 649

Merit: 500

Quote from: 5w00p on September 06, 2014, 02:42:05 AM

Quote from: Mumbles on September 06, 2014, 02:06:11 AM

lol. Is that like a $5 USD bounty?

Quote from: 5w00p on September 06, 2014, 12:44:12 AM

2.5 XMR Bounty to create AWS Linux AMI to mine XMR on CPU and GPU https://bitcointalksearch.org/topic/m.8695669

Yeah, thanks for doing the math on that one. You get an ass hat for that.

Dude, right now its not profitable. You are better of buying XMR with the money you'll spend on AWS.

otila

sr. member

Activity: 336

Merit: 250

Quote from: fluffypony on September 06, 2014, 12:59:37 AM

Just to correct this - we're NOT going to be using the CN tree_hash.c change, because as you pointed out it's not entirely correct. Our correctly patched tree_hash.c is here: https://github.com/rfree2monero/bitmonero/blob/pr-fix-treehash2/src/crypto/tree-hash.c

well, you get integer overflow due to incorrect range check for cnt:

Code:

size_t ints_size = cnt * HASH_SIZE;

Check rather that cnt <= SIZE_MAX/HASH_SIZE

Anyways, it does not help because you use alloca(), you probably have 8 MiB stack size limit on Linux.

tree_hash_cnt could be simplified, I have

Code:

size_t cnt = (size_t)1 << __fls(count - 1);

(__fls from Linux source code)

Jungian

legendary

Activity: 930

Merit: 1010

Quote from: Mumbles on September 06, 2014, 02:06:11 AM

lol. Is that like a $5 USD bounty?

Quote from: 5w00p on September 06, 2014, 12:44:12 AM

2.5 XMR Bounty to create AWS Linux AMI to mine XMR on CPU and GPU https://bitcointalksearch.org/topic/m.8695669

He offers something. If you don't like it, don't take it. What do you offer?

5w00p

hero member

Activity: 644

Merit: 502

Quote from: Mumbles on September 06, 2014, 02:06:11 AM

lol. Is that like a $5 USD bounty?

Quote from: 5w00p on September 06, 2014, 12:44:12 AM

2.5 XMR Bounty to create AWS Linux AMI to mine XMR on CPU and GPU https://bitcointalksearch.org/topic/m.8695669

Yeah, thanks for doing the math on that one. You get an ass hat for that.

I'm one guy with a few XMR, trying to mine my way to some more XMR. I'm not a pool op, a dev, a BTC early-adopter, or anything like that.
I could have begged for help, but instead I offered a bounty. Glad you got a lulz.

drawingthesun

legendary

Activity: 1176

Merit: 1015

Quote from: Mumbles on September 06, 2014, 02:06:11 AM

lol. Is that like a $5 USD bounty?

Quote from: 5w00p on September 06, 2014, 12:44:12 AM

2.5 XMR Bounty to create AWS Linux AMI to mine XMR on CPU and GPU https://bitcointalksearch.org/topic/m.8695669

Hopefully it could be a $250 bounty in several months...

polecrab

member

Activity: 68

Merit: 10

Quote from: tacotime on September 06, 2014, 12:16:51 AM

Quote from: aminorex on September 05, 2014, 09:22:58 PM

Quote from: smooth on September 05, 2014, 08:59:26 PM

More soon.

Any update on the updated update regarding the updated update yet?

Yeah. We tried a couple different things and this one seems to work.

https://github.com/tewinget/bitmonero/commits/202612_exception

We may replace the tree-hash code still because that solution from CN isn't quite right either, but you can download this, build, and try syncing it to the main chain now if you'd like.

Thanks you and other devs for getting on top of this. It's a distraction from progressing with features, but just like addressing a bug in a production application, you should gain some knowledge out of all this that can be of value in the future.

Mumbles

newbie

Activity: 50

Merit: 0

lol. Is that like a $5 USD bounty?

Quote from: 5w00p on September 06, 2014, 12:44:12 AM

2.5 XMR Bounty to create AWS Linux AMI to mine XMR on CPU and GPU https://bitcointalksearch.org/topic/m.8695669

Jungian

legendary

Activity: 930

Merit: 1010

Quote from: xiaosu on September 06, 2014, 01:57:08 AM

Hi,i'm new to the community,do we have any good news from dev or some important updates?

Well.. they just waded off one of the most serious attacks in cryptocurrency history. How's that for good news?

xiaosu

full member

Activity: 126

Merit: 100

Hi,i'm new to the community,do we have any good news from dev or some important updates?

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: owlcatz on September 05, 2014, 09:34:00 PM

I did nothing like this, i simply downloaded the 30 day old bin file and it synced to the proer chain. Da fuq is the prob,devs??? Am i a moron here LOL.......

You did nothing wrong - you got lucky in terms of what peers you connected to:) From scratch it will *eventually* find consensus, but you also may be stuck with the wrong short_chain_history, and thus it *expects* the wrong block 202612. This is what we're patching.

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: tacotime on September 06, 2014, 12:16:51 AM

Quote from: aminorex on September 05, 2014, 09:22:58 PM

Quote from: smooth on September 05, 2014, 08:59:26 PM

More soon.

Any update on the updated update regarding the updated update yet?

Yeah. We tried a couple different things and this one seems to work.

https://github.com/tewinget/bitmonero/commits/202612_exception

We may replace the tree-hash code still because that solution from CN isn't quite right either, but you can download this, build, and try syncing it to the main chain now if you'd like.

Just to correct this - we're NOT going to be using the CN tree_hash.c change, because as you pointed out it's not entirely correct. Our correctly patched tree_hash.c is here: https://github.com/rfree2monero/bitmonero/blob/pr-fix-treehash2/src/crypto/tree-hash.c - we patched that two days ago, but it needs to be done in conjunction with the 202612 exception.

5w00p

hero member

Activity: 644

Merit: 502

2.5 XMR Bounty to create AWS Linux AMI to mine XMR on CPU and GPU https://bitcointalksearch.org/topic/m.8695669

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: tacotime on September 06, 2014, 12:16:51 AM

Quote from: aminorex on September 05, 2014, 09:22:58 PM

Quote from: smooth on September 05, 2014, 08:59:26 PM

More soon.

Any update on the updated update regarding the updated update yet?

Yeah. We tried a couple different things and this one seems to work.

https://github.com/tewinget/bitmonero/commits/202612_exception

We may replace the tree-hash code still because that solution from CN isn't quite right either, but you can download this, build, and try syncing it to the main chain now if you'd like.

BTW, this is a test release.

Feel free to build if you are comfortable doing so. We will have a slightly different full release with official builds shortly. Testing continues.

More soon.

tacotime

legendary

Activity: 1484

Merit: 1005

Quote from: aminorex on September 05, 2014, 09:22:58 PM

Quote from: smooth on September 05, 2014, 08:59:26 PM

More soon.

Any update on the updated update regarding the updated update yet?

Yeah. We tried a couple different things and this one seems to work.

https://github.com/tewinget/bitmonero/commits/202612_exception

We may replace the tree-hash code still because that solution from CN isn't quite right either, but you can download this, build, and try syncing it to the main chain now if you'd like.

jl777

legendary

Activity: 1176

Merit: 1134

Quote from: cAPSLOCK on September 06, 2014, 12:07:15 AM

Quote from: jl777 on September 05, 2014, 10:58:59 PM

just checking in
let me know if there is anything I can do to help!
I am very encouraged to see such professional behavior, especially in times of such stress

James

If you are serious have a word with drawingthemoon. He is an asshat.

check my posts in the BBR thread
I also PM'ed him a short to the point question. If he is against me I will recommend the BBR community to shun him
XMR community overnight is all mature and I am very impressed by this!

Let us just hope it is the "little brother" syndrome that takes just a bit of time to grow out of. Give him a day or two.

Thanks

James

AKWAnalytics

newbie

Activity: 52

Merit: 0

Quote from: cAPSLOCK on September 06, 2014, 12:04:31 AM

Quote from: owlcatz on September 05, 2014, 09:34:00 PM

I did nothing like this, i simply downloaded the 30 day old bin file and it synced to the proer chain. Da fuq is the prob,devs??? Am i a moron here LOL.......

Shhhh that's far too easy... stop making sense.

I have a feeling that the devs are being extremely cautious in all regards due to the potential existential threat these kinds of vulnerabilities can pose. The fact that this might seem easy has no bearing on what they perceive are future threats.

They got it, lets just buy cheap XMR...

cAPSLOCK

legendary

Activity: 3766

Merit: 5146

Note the unconventional cAPITALIZATION!

Quote from: jl777 on September 05, 2014, 10:58:59 PM

just checking in
let me know if there is anything I can do to help!
I am very encouraged to see such professional behavior, especially in times of such stress

James

If you are serious have a word with drawingthemoon. He is an asshat.

cAPSLOCK

legendary

Activity: 3766

Merit: 5146

Note the unconventional cAPITALIZATION!

Quote from: owlcatz on September 05, 2014, 09:34:00 PM

I did nothing like this, i simply downloaded the 30 day old bin file and it synced to the proer chain. Da fuq is the prob,devs??? Am i a moron here LOL.......

Shhhh that's far too easy... stop making sense.

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1472. (Read 4670972 times)