• 2 Posts
  • 14 Comments
Joined 6 months ago
cake
Cake day: May 14th, 2024

help-circle




  • suffering non-stop DDoS attacks for the last three weeks, and they are using ToR exit nodes to conduct such attack

    This doesn’t add up:

    1. Exit nodes are not involved in onion site visits. Exit nodes are only involved in connections from Tor to the clearnet.
    2. The tor network itself does not have a particularly massive amount of exit node bandwidth, and anybody trying to use a large fraction of that will attract the attention of the tor developers. I have a very hard time believing that the bits per second you can push through tor exits result in a bandwidth bill that a popular exchange (like yours!) has any difficulty affording.

    Blink twice if you’ve been threatened by a three-letter agency.

    Good luck,


  • WASM is the millennials getting their turn to learn that “those who do not learn from history are doomed to repeat it”.

    Letting the bloated web offload more of its bloat to clients will simply result in an even worse web obesity crisis than already exists. The computational burden needs to stay with the side (the content producer) that has the ability to reduce the level of bloat. Anything else is a broken incentive structure.


  • This is precisely what Hashcash is. Hashcash is widely acknowledged as the primary ancestor of Bitcoin.

    Also, Tor now has a system like this built-in. It uses PoW. It’s quite new (less than a year old) and you have to explicitly enable it, but I’m sure the trocador admins know about this.

    But seriously, regarding enshittification, I don’t think javascript makes websites any harder to ddos. Rather, you get ddossed until you cry uncle and comply with the demands that you help MITM and fingerprint your customers. Javascript happens to be useful for fingerprinting. It has very little to do with ddos mitigation.


  • I also don’t understand why websites are still using bespoke hand-rolled XMR payment frontends – unless they are exchanges or (like localmonero) super-Monero-gurus… BTCPay server’s Monero support is so good at this point… I have used it uncountably-many times and not once had any kind of problem.

    Please folks, if you’re going to accept Monero, consider using BTCPay Server.








  • It seems like everyone is trying to drag me to their favorite messenger

    Yes, because people treat messenger choices as a popularity competition.

    Look how many people I got to switch to crapware just because they wanted to chat with me! I must be super socially powerful! Woo hoo! Meanwhile, the technical consequences of this strategy are… predictable: crapware.

    Opt out of all the noise and just stick to IRC.


  • Everybody reading this message should also read this, since it gives the details: https://github.com/haveno-dex/haveno/blob/master/docs/deployment-guide.md#register-keypairs-with-privileges

    There are no servers in Haveno. Instead, there is a “developer (public) key” hardwired into the client. Instead of the owner of the localmonero.co domain (and TLS certificate, and onion url key), there is the “developer public key”. The developer public key you have in your client basically decides “whose Haveno” you want to use. This is a good thing! I always worried about the localmonero.co domain being seized by a simple letter being sent to their registrar. With the developer key system this can’t happen. The thugs have to actually go hunt down whoever has this key. The key isn’t even kept online (like a TLS key or an onion key).

    Whoever has the developer key decides who the arbitrators are. Just like localmonero – whoever owned the domain name got to decide who the arbitrators were.

    I think OP’s posting is kind of an unnecessarily-scary way of saying that the client ought to ask the user to type in this key (or several of them!) at installation time, instead of being compiled in. That is a great idea.