[XMR] Monero - A secure, private, untraceable cryptocurrency - page 1537.

Quanttek

member

Activity: 93

Merit: 10

Quote from: Jojatekok on August 24, 2014, 06:56:17 AM

I'm not a pool operator, but if I know right, you should just:

Shut down the daemon and wallet applications
Remove '%AppData%\bitmonero\poolstate.bin' in order to clear your TX mempool
Compile Monero's code from GitHub
Replace the old 'bitmonerod.exe' and 'simplewallet.exe' with the produced ones
Set your minimum TX fees to 0.1 XMR in your node-cryptonote-pool configuration file, by replacing
"transferFee": 5000000000
with
"transferFee": 100000000000
Start the daemon and wallet applications again

Yes, that's how you update the pool. It should not take longer than 5 minutes

perl

legendary

Activity: 1918

Merit: 1190

You can explain , why you have delete key P2P_STAT_TRUSTED_PUB_KEY ?
And what it does exactly?

Jojatekok

sr. member

Activity: 264

Merit: 250

Quote from: fluffypony on August 24, 2014, 06:26:23 AM

Quote from: perl on August 24, 2014, 06:18:29 AM

Yes i agree is verry bad patch. Without my patch my pool is broken.

You make error. I not relay bad transaction and other node not greylisting my pool ( I not relay bad transaction )
I wait all other pool make update for remove patch .

My pool not break consensus off TX Fee.

None of the other pools are using your patch, nor are any of them reporting being "broken".

Your patch breaks the consensus network because it does not prevent malicious nodes from constantly pushing bad transactions by cutting them off. An attacker can spin up 50 ec2 instances and broadcast nonsense transactions (20kb transactions filled with random data) at you at a rate of tens of thousands a second. Because you're not disconnecting their connections, you will burn CPU time verifying the transactions. Even though you aren't relaying the malicious transactions, you are creating a trivial attack vector for someone to take your pool and any nodes that use this patch out of commission.

This patch is bad for you, bad for the network, and fixes an imaginary problem that does not exist.

I'm not a pool operator, but if I know right, you should just:

Shut down the daemon and wallet applications
Remove '%AppData%\bitmonero\poolstate.bin' in order to clear your TX mempool
Compile Monero's code from GitHub
Replace the old 'bitmonerod.exe' and 'simplewallet.exe' with the produced ones
Set your minimum TX fees to 0.1 XMR in your node-cryptonote-pool configuration file, by replacing
"transferFee": 5000000000
with
"transferFee": 100000000000
Start the daemon and wallet applications again

David Latapie

hero member

Activity: 658

Merit: 503

Monero Core Team

Quote from: fluffypony on August 24, 2014, 06:05:09 AM

We'll have a post-mortem later today

I first thought this was a joke, but it is not, the term exists.

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: perl on August 24, 2014, 06:18:29 AM

Yes i agree is verry bad patch. Without my patch my pool is broken.

You make error. I not relay bad transaction and other node not greylisting my pool ( I not relay bad transaction )
I wait all other pool make update for remove patch .

My pool not break consensus off TX Fee.

None of the other pools are using your patch, nor are any of them reporting being "broken".

Your patch breaks the consensus network because it does not prevent malicious nodes from constantly pushing bad transactions by cutting them off. An attacker can spin up 50 ec2 instances and broadcast nonsense transactions (20kb transactions filled with random data) at you at a rate of tens of thousands a second. Because you're not disconnecting their connections, you will burn CPU time verifying the transactions. Even though you aren't relaying the malicious transactions, you are creating a trivial attack vector for someone to take your pool and any nodes that use this patch out of commission.

This patch is bad for you, bad for the network, and fixes an imaginary problem that does not exist.

perl

legendary

Activity: 1918

Merit: 1190

Quote from: fluffypony on August 24, 2014, 06:04:32 AM

The network will be a little bit rocky for the next 48 hours as bad (older) nodes are isolated and segregated off, and good nodes are deployed. I'm seeing around 40% of the nodes the DNS seeders connect to having already upgraded. Pools will still operate just fine, transactions will still go through just fine, the nodes that will suffer from flailing connectivity are the ones that have NOT upgraded, not those that have.

Yes i agree is verry bad patch. Without my patch my pool is broken not broken now ( lower efficiency ).

You make error. I not relay bad transaction and other node not greylisting my pool ( I not relay bad transaction )
I wait all other pool make update for remove patch .

My pool not break consensus off TX Fee.

I have to give miners the best performance possible, actualy is possible only with my patch.
You still want to include a pool perspective

You can explain , you have delete key P2P_STAT_TRUSTED_PUB_KEY ?
And what it does exactly?

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: AlexGR on August 24, 2014, 05:26:06 AM

Can we have some data on the aftermath of the attack? I'm primarily interested in

- number of transactions done in a given timeframe,
- megabytes added as bloat,
- effect in transaction speed
- total cost for the attacker

If there is anything else you find important, please share.

We'll have a post-mortem later today

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

Quote from: perl on August 24, 2014, 04:41:07 AM

monero.crypto-pool.fr as playing the games, the first 3 biggest pool has make mandatory update.

This is an incredibly bad patch. It completely breaks the consensus network and relays broke transactions (not just those with the incorrect fee). Pools and nodes deploying this patch will allow an attacker to DDoS the entire network with bad transactions. I cannot emphasise strongly enough how bad this patch is, applying sets us on a path to destroying Monero completely.

The network will be a little bit rocky for the next 48 hours as bad (older) nodes are isolated and segregated off, and good nodes are deployed. I'm seeing around 40% of the nodes the DNS seeders connect to having already upgraded. Pools will still operate just fine, transactions will still go through just fine, the nodes that will suffer from flailing connectivity are the ones that have NOT upgraded, not those that have.

David Latapie

hero member

Activity: 658

Merit: 503

Monero Core Team

The Monero Status Android Widget had been added to the OP
Note to Bitcoin moderator: next time you delete a post, please notify of the reason.

AlexGR

legendary

Activity: 1708

Merit: 1049

Can we have some data on the aftermath of the attack? I'm primarily interested in

- number of transactions done in a given timeframe,
- megabytes added as bloat,
- effect in transaction speed
- total cost for the attacker

If there is anything else you find important, please share.

David Latapie

hero member

Activity: 658

Merit: 503

Monero Core Team

Quote from: thefunkybits on August 21, 2014, 08:49:08 PM

only a few spots left in our Monero XMR giveaway!

Find out how to claim your FREE 0.4 XMR here:
https://bitcointalksearch.org/topic/petitioning-cryptsy-btc-e-and-others-for-moneroxmr-731365

I updated the OP accordingly

Quote

Giveaways
Petitioning Cryptsy, Btc-e and others for Monero(XMR)

Globb0

legendary

Activity: 2702

Merit: 2053

Free spirit

OK will do.

Thankyou

David Latapie

hero member

Activity: 658

Merit: 503

Monero Core Team

Quote from: Globb0 on August 22, 2014, 12:32:09 PM

Missive timeline overview

I added this link to the OP (Longer summary of each missive by Globb0).
Remember to update on the same post. Thanks for your efforts.

David Latapie

hero member

Activity: 658

Merit: 503

Monero Core Team

Could some esperanto speaker propose motto in esperanto? Let's first consider it in English then after in Esperanto. The actual motto could be slightly changed after the move to esperanto, for euphonic reasons (traduttore, traditore).

Below a compilation of previous proposals I am aware of. I also opened a reddit for this, it will probably be easier to handle there. Also note that this is an exercice in style and it doesn't constitute an official sanction of the motto idea, even though I am in the core team.

I also opened a reddit, which will probably be easier to handle than Bitcointalk: Monero motto in Esperanto.

Quote from: Jshank on August 06, 2014, 12:11:45 PM

Quote from: aminorex on August 06, 2014, 12:04:05 AM

Also, I propose an official motto for monero, suitable for business cards, physical coins & c.:

Quote from: aminorex on August 06, 2014, 12:47:33 AM

Monero est priquiditas pro populo.

Because: Quidquid latine dictum sit, altum videtur.

"Securing Freedom through Privacy" - Google Latin "Praesent libero per Securitate"
"Securing Financial Liberty through Privacy" - Google Latin "Aliquam erat volutpat Securitate libertas"

perl

legendary

Activity: 1918

Merit: 1190

monero.crypto-pool.fr as playing the games, the first 3 biggest pool has make mandatory update.

Resulrs broken my pool and dev (fluffony) not interest me for help résolve the problem ( is problem off pool ).

I resolve on solo with bad patch. ( DEV Bitmonero have been able to limit patch on transaction with bad fee and no other problem badhash per exemple )

Code:

--- a/src/cryptonote_protocol/cryptonote_protocol_handler.inl
+++ b/src/cryptonote_protocol/cryptonote_protocol_handler.inl
@@ -273,7 +273,7 @@ namespace cryptonote
if(tvc.m_verifivation_failed)
{
LOG_PRINT_CCONTEXT_L0("Tx verification failed, dropping connection");
- m_p2p->drop_connection(context);
+ //m_p2p->drop_connection(context);
return 1;
}
if(tvc.m_should_be_relayed)

For information pool for admin:
If you update with new patch bitmonerod Before other.

When other node relay to you transaction fee 0.005.
You reject TX + Disconnecter node on P2P + add in greylisting.
After you reconnect at node when greylisting is not switch to blacklisting.

Your pool is connected only 3 node and you make orphan and get last block with many time.

I have fixed code with comment line disconnect node send bad transaction.

Actualy my patch is bad (You can flood bitmonerod off my pool with bad transaction).

I have not choice. I use the patch or my pool not work.

I do not thank the DEV (fluffony) telling me to wait
DEV: Remember that a crypto is also the Pool and not only your code

rpietila

donator

Activity: 1722

Merit: 1036

Quote from: sammy007 on August 24, 2014, 03:38:04 AM

Quote from: rpietila on August 24, 2014, 02:16:50 AM

Quote from: sammy007 on August 23, 2014, 05:40:43 PM

Quote from: rpietila on August 23, 2014, 03:30:39 PM

Quote from: tacotime on August 23, 2014, 02:13:47 PM

Current tx fees are very low to keep XMR accessible to all users (about 1 cent per 24.4 KB)

when someone comes to me giving a factual example how his monero use actually suffers due to the fees, I will support him from my own pocket, considering this as a donation to monero ecosystem.

Ok, dude, we are pool ops and we are paying tx fees from our profits. Now, when fee raised 20 times, it's significant impact.

The fees go to the miners in the first place, so asking me to support your getting 20 times richer already, is understandably ROTFLMAO.

Why so serious, man? I thought it would be funny!

BTW, it seems exchanges in no hurry, I see last 15 blocks without transactions at all Sad

Rolling on the floor laughing certainly means I found it funny Grin

sammy007

legendary

Activity: 1904

Merit: 1003

Quote from: rpietila on August 24, 2014, 02:16:50 AM

Quote from: sammy007 on August 23, 2014, 05:40:43 PM

Quote from: rpietila on August 23, 2014, 03:30:39 PM

Quote from: tacotime on August 23, 2014, 02:13:47 PM

Current tx fees are very low to keep XMR accessible to all users (about 1 cent per 24.4 KB)

when someone comes to me giving a factual example how his monero use actually suffers due to the fees, I will support him from my own pocket, considering this as a donation to monero ecosystem.

Ok, dude, we are pool ops and we are paying tx fees from our profits. Now, when fee raised 20 times, it's significant impact.

The fees go to the miners in the first place, so asking me to support your getting 20 times richer already, is understandably ROTFLMAO.

Why so serious, man? I thought it would be funny!

BTW, it seems exchanges in no hurry, I see last 15 blocks without transactions at all Sad

rpietila

donator

Activity: 1722

Merit: 1036

Quote from: sammy007 on August 23, 2014, 05:40:43 PM

Quote from: rpietila on August 23, 2014, 03:30:39 PM

Quote from: tacotime on August 23, 2014, 02:13:47 PM

Current tx fees are very low to keep XMR accessible to all users (about 1 cent per 24.4 KB)

when someone comes to me giving a factual example how his monero use actually suffers due to the fees, I will support him from my own pocket, considering this as a donation to monero ecosystem.

Ok, dude, we are pool ops and we are paying tx fees from our profits. Now, when fee raised 20 times, it's significant impact.

The fees go to the miners in the first place, so asking me to support your getting 20 times richer already, is understandably ROTFLMAO.

ArticMine

legendary

Activity: 2282

Merit: 1050

Monero Core Team

Quote from: fluffypony on August 23, 2014, 08:25:20 PM

Linux binaries have been updated to 0.8.8.2 with the temporary fee hike fix: http://monero.cc/downloads/monero.linux.x64.latest.tar.bz2

Please switch to this version - we will have a permanent fix in the next few weeks that will bring the fees back down.

After replacing the linux binaries and running

Code:

./bitmonerod

I get

Code:

Illegal instruction (core dumped)

Operating System, Ubuntu 12.04 64bit

Monero was originally installed using the compilation script http://www.monero.cc/blog/new-version-installation-script-now-cpuminer-installation-support-ubuntu-12-04/index.html on 2014-07-13

Edit1: Should I rerun the script and recompile?

Edit2: I renamed bitmonero to bitmoneroback, ran (to recompile from source)

Code:

git clone git://github.com/monero-project/bitmonero && cd bitmonero && make

and then copied wallet.bin, and wallet.bin.keys, to ~/bitmonero/build/release/src and now everything works fine.

smooth

legendary

Activity: 2968

Merit: 1198

Quote from: xulescu on August 23, 2014, 11:49:29 PM

Quote from: nioc on August 23, 2014, 10:19:30 PM

Back on topic, a question from the cadmium induced drooling masses. For the update, all I need to do is download it and it will replace the files that need to be replaced automatically with nothing else needed to be done on our part?

Would be better if you deleted poolstate.bin after you shutdown the daemon and before you start it up again. If my understanding is correct, you will have hundreds of spam transactions in your mempool and you would have to wait 24h for them to drop out. In the meanwhile, I'm not sure how you would be affected.

This is most important for (solo) miners and pool nodes. For ordinary users having the spam in your mempool for 24 hours doesn't really matter.

Topic: [XMR] Monero - A secure, private, untraceable cryptocurrency - page 1537. (Read 4670972 times)