[XMR] Monero - A secure, private, untraceable cryptocurrency - page 1488.

tacotime

legendary

Activity: 1484

Merit: 1005

Quote from: oda.krell on September 04, 2014, 10:54:07 AM

Back on topic:

Thanks, tacotime, smooth, fluffypony for keeping us update in realtime. This is precisely the emergency response I was hoping for.

Two questions:

1) Can you already rule out that the same (or similar) attack can be mounted again?

2) Can you already rule out conclusively that no lasting damage was done (as in: according to the pre-attack ownership situation)? Any chance that some subtle damage was done that'll be discovered only later?

1) yes, it's an overflow bug in C.
2) yes, once the nodes all update no more corrupted blocks should be generated. the corrupted block now needs to be hardcoded into the software.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: oda.krell on September 04, 2014, 10:54:07 AM

1) Can you already rule out that the same (or similar) attack can be mounted again?

2) Can you already rule out conclusively that no lasting damage was done (as in: according to the pre-attack ownership situation)? Any chance that some subtle damage was done that'll be discovered only later?

I'll answer both at the same time. This particular attack can't be mounted again. We haven't pushed out the official fix yet, but exploit it requires growing the blocks sizes, which takes time. We'd never let that happen. The full fix will be out soon. This hole is plugged.

Any software can have vulnerabilities and exploits. This is exacerbated by the fact that we got the code from a bunch of lying scammers who despite that character flaw, happen to have some talent when it comes to cryptography and to a lesser extent coding. We are reviewing the code and paying qualified people to review the code in order to identify and correct problems to the greatest extent possible. Further we will be restructuring, refactoring, and/or replacing some of the code in order to further increase its robustness and trustworthiness (removing obfuscation for example).

iCEBREAKER

legendary

Activity: 2156

Merit: 1072

Crypto is the separation of Power and State.

Quote from: cAPSLOCK on September 04, 2014, 10:44:10 AM

Quote from: klee on September 04, 2014, 04:54:35 AM

I hold both XMR and BBR (until something better may arise) - I don't see any reason for hostility between the two projects...

It is both annoying and intriguing actually.

The reason for the hostility is a cross between sibling rivalry and the narcissism of minor differences.

The more we have in common with other people, the more horrified and antagonized we are upon disagreement.

A Christian and a Buddhist can more easily have a nice enlightening exchange of theological perspectives without conflict than say, an Orthodox Jew and an Ultra-orthodox one. Because less cognitive dissonance is triggered and less ego is at stake.

Last night's Troll Block Crisis, however, did more to build bridges between and demonstrate the resiliency/anti-fragility of XMR/BBR than any grousing in the aftermath can undo. Cool

Quicken

sr. member

Activity: 280

Merit: 250

Quote from: aminorex on September 04, 2014, 10:57:49 AM

Quote from: GreekBitcoin on September 04, 2014, 10:40:47 AM

Oh well price will obviously fall. Price will obviously come back. The time frame that this will happen is unclear. One things is sure. Panic sellers and panic buyers will lose...

I believe that MP and the XMR markets on Poloniex have operated continuously with no substantive price movement. The moonshot may resume uninterrupted.

I think the XMR markets on Polo were/are actually stealth-frozen. Although nothing shows on the exchange page, I tried to put an order in, and it told me the market was frozen.

aminorex

legendary

Activity: 1596

Merit: 1030

Sine secretum non libertas

Quote from: klee on September 04, 2014, 10:41:23 AM

Quote from: GreekBitcoin on September 04, 2014, 10:40:47 AM

Oh well price will obviously fall. Price will obviously come back. The time frame that this will happen is unclear. One things is sure. Panic sellers and panic buyers will lose...

How they can both lose??

Careful timing.

aminorex

legendary

Activity: 1596

Merit: 1030

Sine secretum non libertas

Quote from: GreekBitcoin on September 04, 2014, 10:40:47 AM

Oh well price will obviously fall. Price will obviously come back. The time frame that this will happen is unclear. One things is sure. Panic sellers and panic buyers will lose...

I believe that MP and the XMR markets on Poloniex have operated continuously with no substantive price movement. The moonshot may resume uninterrupted.

mmortal03

legendary

Activity: 1762

Merit: 1011

Quote from: DogTheHunter on September 04, 2014, 09:18:58 AM

There have been too many issues that have come to light recently.

The mining exploit that has been going on and has just been disclosed shocked me.

That wasn't recent, and it was Bytecoin that made use of that to do a massive pre-mine. There is/was no "mining exploit" in Monero. The uncovering of that was the whole reason Monero was created in the first place.

Quote

This looks like an unravelling of the problems, not a temporary blimp. At the back of my mind now is: 'what next?'

I'm an investor, Peter Todd is more competent to give a technical analysis. It doesn't look good.

If you can't get your facts straight, then you shouldn't invest. There's no "unraveling" of problems here indicative of anything. Bitcoin also had bumps in the road.

aminorex

legendary

Activity: 1596

Merit: 1030

Sine secretum non libertas

As usual, I am delighted to see the outcome, and impressed by the rapid isolation of what is actually a fairly subtle defect in rather obfuscated code, the promptness and effectiveness of the damage control, and the well-ordered transparent process which got us there.

If this level of service does not suffice to elicit your financial contributions for the core commensurate with your financial benefit, you are a scoundrel and a cad.

nexern

hero member

Activity: 597

Merit: 500

Quote from: xulescu on September 04, 2014, 10:46:18 AM

Quote from: nexern on September 04, 2014, 10:41:43 AM

ot: interesting how quick people are starting to worship the blockchain, viewed as an untouchable entity from above. i tought this tech was made to
give us, the people, the power back to decide. what sense does it make if we don't use this power but replacing the authority enslavement by an
blockchain enslavement?

The bolded part is indeed part of what the whole point is. The part which is also italicized is not precisely true. The tech is made to PREVENT arbitrary "us, the people" from deciding. That's why there is a consensus protocol.

interesting and i thought i can decide by which client i am running on my box and therefore which chain i am supporting. isn't this what you would call a free decision?

oda.krell

legendary

Activity: 1470

Merit: 1007

Quote from: cAPSLOCK on September 04, 2014, 10:44:10 AM

Quote from: klee on September 04, 2014, 04:54:35 AM

I hold both XMR and BBR (until something better may arise) - I don't see any reason for hostility between the two projects...

It is both annoying and intriguing actually.

+1

Quote from: mechanikalk on September 04, 2014, 10:45:31 AM

Everybody knows that Dingleberry (BBR) is crap.

-1

(Sorry for the sort of low content post, but sometimes, that's all the information that needs to be transmitted, imo.)

Back on topic:

Thanks, tacotime, smooth, fluffypony for keeping us update in realtime. This is precisely the emergency response I was hoping for.

Two questions:

1) Can you already rule out that the same (or similar) attack can be mounted again?

2) Can you already rule out conclusively that no lasting damage was done (as in: according to the pre-attack ownership situation)? Any chance that some subtle damage was done that'll be discovered only later?

mechanikalk

member

Activity: 99

Merit: 91

Quote from: fluffypony on September 04, 2014, 10:47:45 AM

Quote from: mechanikalk on September 04, 2014, 10:45:31 AM

Everybody knows that Dingleberry (BBR) is crap.

Stop it.

I am kind of flattered to get a response from fluffypony...

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: mechanikalk on September 04, 2014, 10:45:31 AM

Everybody knows that Dingleberry (BBR) is crap.

Stop it.

xulescu

sr. member

Activity: 263

Merit: 250

Quote from: nexern on September 04, 2014, 10:41:43 AM

ot: interesting how quick people are starting to worship the blockchain, viewed as an untouchable entity from above. i tought this tech was made to
give us, the people, the power back to decide. what sense does it make if we don't use this power but replacing the authority enslavement by an
blockchain enslavement?

The bolded part is indeed part of what the whole point is. The part which is also italicized is not precisely true. The tech is made to PREVENT arbitrary "us, the people" from deciding. That's why there is a consensus protocol.

mechanikalk

member

Activity: 99

Merit: 91

Everybody knows that Dingleberry (BBR) is crap.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: Quicken on September 04, 2014, 10:40:27 AM

Great news on the fix Dev's. I see my main mining pool has just resumed payments, but Polo is still frozen. A few questions:

1) Will the fix require a new build for everyone?
2) I think someone (smooth or fluffy) said the Windows blockchain download hadn't been checked yet a few hours ago. Is it safe to download the new Windows chain yet?
3) Any other guidance on what to do to get going again?

Thanks,
Q

Yes there will be a new build. I'm not sure about the Windows blockchain. We'll follow up on that.

cAPSLOCK

legendary

Activity: 3766

Merit: 5146

Whimsical Pants

Quote from: klee on September 04, 2014, 04:54:35 AM

I hold both XMR and BBR (until something better may arise) - I don't see any reason for hostility between the two projects...

It is both annoying and intriguing actually.

mechanikalk

member

Activity: 99

Merit: 91

Can people please stop talking about Dingleberry (BBR) on the Monero thread.

whap

member

Activity: 106

Merit: 10

Good job to the devs. I wish i was equally talented with girls as they are with coding. I'm donating some beloved XMR as soon as this incident is safely withstood.

nexern

hero member

Activity: 597

Merit: 500

it is embarrassing to see how some parts of the this community blaming just reflexively others (many see them as competitor) attacking monero.
what a nonsense. until the devs haven't analysed the sources and more details are published, this looks just like a flaw (better now than later btw),
no matter what language the source is written in.

i also don't understand why this should have any real effect on the price except that some scared speculators are jumping out but so what?
either monero is usefull and operational at a certain point or not. this is what counts. just fix the flaw and go on, there is still a need for monero but
no need to concern much about speculators, only interested in making some quick cash, without any real interest in what monero is made for.

this tech is new, just expect problems and don't draw an armageddon from every single event on negativ price-action.

ot: interesting how quick people are starting to worship the blockchain, viewed as an untouchable entity from above. i tought this tech was made to
give us, the people, the power back to decide. what sense does it make if we don't use this power but replacing the authority enslavement by an
blockchain enslavement?

klee

legendary

Activity: 1498

Merit: 1000

Quote from: GreekBitcoin on September 04, 2014, 10:40:47 AM

Oh well price will obviously fall. Price will obviously come back. The time frame that this will happen is unclear. One things is sure. Panic sellers and panic buyers will lose...

How they can both lose??

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1488. (Read 4670622 times)