--- Log opened Mon Sep 14 00:00:18 2020
00:17 -!- jonatack [~jon@109.232.227.133] has joined #joinmarket
00:17 -!- jonatack [~jon@109.232.227.133] has quit [Client Quit]
00:18 -!- jonatack [~jon@109.232.227.133] has joined #joinmarket
00:26 -!- tlo1337 [~tlo1337@2605:b100:e005:6b:ee0d:d1dc:54ae:dbb1] has quit [Ping timeout: 244 seconds]
02:06 -!- Evanito [~Evanito@cpe-76-87-174-228.socal.res.rr.com] has quit [Read error: Connection reset by peer]
02:45 -!- ghost43 [~daer@gateway/tor-sasl/daer] has quit [Quit: Leaving]
02:46 -!- ghost43 [~daer@gateway/tor-sasl/daer] has joined #joinmarket
02:51 -!- jonatack [~jon@109.232.227.133] has quit [Ping timeout: 256 seconds]
02:55 -!- waxwing__ [~waxwing@81-178-157-31.dsl.pipex.com] has joined #joinmarket
02:57 -!- waxwing_ [~waxwing@92.40.182.74.threembb.co.uk] has quit [Ping timeout: 240 seconds]
03:19 -!- Kasey14Bashirian [~Kasey14Ba@static.57.1.216.95.clients.your-server.de] has joined #joinmarket
03:28 -!- jonatack [~jon@37.164.23.29] has joined #joinmarket
04:14 -!- vrana [~mvranic@gateway/tor-sasl/vrana] has quit [Remote host closed the connection]
04:20 -!- vrana [~mvranic@gateway/tor-sasl/vrana] has joined #joinmarket
04:38 -!- rdymac [uid31665@gateway/web/irccloud.com/x-phocmcdvtzwijjdu] has joined #joinmarket
04:43 -!- jonatack [~jon@37.164.23.29] has quit [Ping timeout: 260 seconds]
04:56 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #joinmarket
05:59 -!- waxwing__ is now known as waxwing
05:59 -!- waxwing [~waxwing@81-178-157-31.dsl.pipex.com] has quit [Changing host]
05:59 -!- waxwing [~waxwing@unaffiliated/waxwing] has joined #joinmarket
06:00 < waxwing> dave_uy, also if it's the test pit on darkscience, i'm currently seeing swreloffer not sw0reloffer from my log
07:01 < waxwing> it seems that the user runnng the hidden service has to be part of the `debian-tor` group in order to start the HS. That seems a bit shitty.
07:01 < waxwing> Or is that only if you use cookie authentication. is there another way i wonder.
07:01 < waxwing> i kind of hate telling users that not only do they need to edit the tor config file, they also need to add their user to another group, *and* restart the server/computer.
07:01 < waxwing> i mean it's a once-only thing but all the same. yuck.
07:05 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #joinmarket
07:07 < waxwing> emzy, ping ^ do you have any thoughts or corrections on that?
07:08 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 244 seconds]
07:46 < ongo> is it a good idea to run JoinMarket on Tor?
07:50 -!- Kasey14Bashirian [~Kasey14Ba@static.57.1.216.95.clients.your-server.de] has quit [Ping timeout: 264 seconds]
08:01 < waxwing> ongo, there's different aspects, it's logical/sensible to connect to the IRC servers over their hidden services.
08:01 < waxwing> it's also nice to have your bitcoin core be configured for Tor, but there's a question about whether it should be only Tor, (onlynet=onion isn't it?), i'll let the experts advise on that
08:02 -!- Evanito [~Evanito@cpe-76-87-174-228.socal.res.rr.com] has joined #joinmarket
08:11 < ongo> I have onlynet set already
08:11 < ongo> is it adviseable to run Joinmarket and core on the same machine, both over Tor?
08:41 < belcher_> if you run core over tor then it becomes a bit harder for your ISP to tell you're using bitcoin
08:41 < belcher_> so in certain threat models that is useful
08:41 < belcher_> however bitcoin has a easily-visible traffic signature, so bitcoin-over-tor can still be found... probably for max privacy you'd use blockstream satellite because its receive-only
08:42 < belcher_> joinmarket over tor is definitely a good idea
08:45 < ongo> belcher_: what about running jm and core on hte same machine on tor? Does it change anything privacy wise?
08:53 < belcher_> i dont think so
08:53 < belcher_> because they'd both use different tor circuits
09:00 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has joined #joinmarket
09:15 -!- asy [~asymptoti@gateway/tor-sasl/asymptotically] has joined #joinmarket
09:26 < emzy> waxwing: I think the question was. Do you need to be in the debain-tor group to use a hidden service. The answer will be no. 
09:27 < emzy> Not sure I get the question right.
09:31 < waxwing> emzy, if you use cookieauthentication then it won't allow access to reading the file (control.authcookie)
09:31 < waxwing> 'is there another way' was my way of asking 'should i do something different than enable the controlport and then enable cookie authentication in the config file torrc?'
09:32 < waxwing> because that works but it requires read access to /var/run/tor/control.authcookie .. at least it does on Ubuntu
09:32 < belcher_> how does bitcoin core automatically create hidden services without the user needing to add groups?
09:32 < waxwing> right good question but i'm not making a persistent hidden service with its own directory, maybe there's a difference there?
09:33 < waxwing> or no more likely it's to do with cookie authentication .. hmm i'm not sure now
09:34 < emzy> I think cookie authentication is optional. 
09:35 < waxwing> i see, but is there an issue with not using any authentication? the comments seemed to suggest you should
09:37 < emzy> I think you sould use it, because otherwise all that can access the port on localhost have full control over tor. 
09:38 < emzy> But it is enough to have a copy of the control.authcookie
09:39 < waxwing> to copy it you have to read it though .. seems like there'll be an extra step anyway. but .. yeah that would be better to not mess around with user groups.
09:41 < emzy> giving the user the additional group feels cleaner to me.
09:42 < waxwing> yeah i don't know. i mean, right now, i am using the python package txtorcon and it "just works" as long as this authentication part is sorted out. i wouldn't want to have to modify those functions.
09:43 < waxwing> i put it in the documentation in the PR here: https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/73c38c4f5ff40b19b616aeb36558e8a4d65bfe82/docs/PAYJOIN.md#configuring-tor-to-setup-a-hidden-service
09:44 < emzy> It's a one line command "sudo usermod -a -G debian-tor username"
09:44 < emzy> ok already there :)
09:44 < waxwing> it's not quite though - you have to restart
09:46 < emzy> not necessary. You need a new shell.
09:46 < waxwing> that's what i thought but .. it didn't seem to be the case.
09:46 < emzy> for example logout of ssh and relogin is enoug.
09:46 < waxwing> also online searches revealed the same. maybe i missed something.
09:46 < emzy> forking a new shell is not enough.
09:47 < waxwing> well, anyway, let them restart, it's good for the soul :)
09:48 < emzy> you need a new "login shell"
09:49 < emzy> the internet says "exec su - <username>" is a good option.
09:51 < waxwing> emzy, oh interesting. i wonder if just logout/login on the desktop would do? i can experiment a bit. but it isn't the most important thing to me.
09:51 < emzy> yes will do.
09:51 < waxwing> my only real concern right now is if i tell people to add the user to debian-tor and that is something that people *shouldn't* do.
09:52 < waxwing> i feel like even if it's the easiest way, it probably isn't the correct way.
09:53 < emzy> no that is the normal way. Same for sudo access or on the old times modem access.
09:53 < waxwing> ok
09:53 < emzy> s/on/in/
09:55 < emzy> using old unix ways. With ACL you can give a list of users access to a file, without groups.
09:57 < waxwing> belcher_, according to section 3 here: https://github.com/bitcoin/bitcoin/blob/6ea73481222e9365f47492ef1be9b4870f70428b/doc/tor.md#3-automatically-listen-on-tor
09:57 < waxwing> it's basically the same thing; "Connecting to Tor's control socket API requires one of two authentication methods to be configured. It also requires the control socket to be enabled, e.g. put ControlPort 9051 in torrc config file. For cookie authentication the user running bitcoind must have read access to the CookieAuthFile specified in Tor configuration."
09:58 < waxwing> and that section 3 is for ephemeral while section 2 is for persistent. i think i have the version in section 2 on my node.
09:58 < emzy> setfacl -m u:USERNAME:r /var/run/tor/control.authcookie
09:59 < emzy> that's a modern alternativ. untested.
09:59 -!- DeanWeen [~dean@gateway/tor-sasl/deanguss] has joined #joinmarket
10:00 -!- Dean_Guss [~dean@gateway/tor-sasl/deanguss] has quit [Remote host closed the connection]
10:00 < emzy> Normaly every linux suld now have a filesystem that supports it.
10:42 -!- kristapsk [~KK@gateway/tor-sasl/kristapsk] has quit [Remote host closed the connection]
10:53 -!- kristapsk [~KK@gateway/tor-sasl/kristapsk] has joined #joinmarket
12:23 -!- waxwing_ [~waxwing@92.40.183.39.threembb.co.uk] has joined #joinmarket
12:25 -!- waxwing [~waxwing@unaffiliated/waxwing] has quit [Ping timeout: 240 seconds]
15:07 -!- asy [~asymptoti@gateway/tor-sasl/asymptotically] has quit [Quit: Leaving]
15:11 -!- coconutanna [~coconutan@gateway/tor-sasl/coconutanna] has quit [Ping timeout: 240 seconds]
15:11 -!- coconutanna- [~coconutan@gateway/tor-sasl/coconutanna] has joined #joinmarket
17:32 -!- waxwing__ [~waxwing@81-178-157-31.dsl.pipex.com] has joined #joinmarket
17:35 -!- waxwing_ [~waxwing@92.40.183.39.threembb.co.uk] has quit [Ping timeout: 264 seconds]
17:57 -!- DSRelBot [~DSRelBot@p5486686d.dip0.t-ipconnect.de] has quit [Ping timeout: 260 seconds]
17:58 -!- HackRelay [~jmrelayha@p5486686d.dip0.t-ipconnect.de] has quit [Ping timeout: 244 seconds]
18:09 -!- DSRelBot [~DSRelBot@p5486692d.dip0.t-ipconnect.de] has joined #joinmarket
18:12 < grubles> huh TIL about gettimelockaddress
18:12 -!- HackRelay [~jmrelayha@p5486692d.dip0.t-ipconnect.de] has joined #joinmarket
18:13 < grubles> oh that's for fidelity bond wallets only?
21:31 -!- tomo_ [tomo@ctrl-c.club] has joined #joinmarket
23:20 < belcher_> grubles yep
23:31 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 240 seconds]
23:40 -!- belcher_ [~belcher@unaffiliated/belcher] has quit [Ping timeout: 244 seconds]
23:53 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #joinmarket
--- Log closed Tue Sep 15 00:00:19 2020