-
johnfoss68[m]
-
Ghulie
.usd
-
heinz9
If monero would become forbidden, would it still have a bright futute in the darknet?
-
plowsof
if the darknet was forbidden we'd screwed!
-
heinz9
"EU bodies agree to phase out anonymous crypto payments "
-
heinz9
I could ln
-
heinz9
I could link to a non english newspaper site about that
-
plowsof
i assume fiat on / off could be 'forbidden' but if they can't 'ban crypto' then people can always exchange 1 crypto coin for another on the 'darknet'? is this something that worries you?
-
plowsof
speaking of anonymity networks, there was a 1500$ bounty opened yesterday to allow passing username:password to the --proxy flag of (if im not mistaken) monero-wallet-rpc
-
ooo123ooo1234567
repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/327, another incompetent developer will get more for "6. As UkoeHB suggested, figure out a better directory structure for the Seraphis code"
-
plowsof
don't worry, he is going to fix monero , monero-gui and monero-site, get your cheque books out
-
ooo123ooo1234567
are you joking ?
-
plowsof
yes
-
ooo123ooo1234567
"I am open to implement anything else the community finds necessary." why 1-2 years for Seraphis ? it should be possible within 6 months
-
ooo123ooo1234567
everything isn't important
-
ooo123ooo1234567
"8. Review pull requests on monero-site, monero, and monero-gui" without knowledge of current code ?
-
ooo123ooo1234567
"9. Implement other issues on monero and monero-gui if there is time" how is it possible to do useful work without knowledge of code and what is important/unimportant currently ?
-
plowsof
the proposer has energy , motivation. im sure the scope of his work / rates could be made more realistic for a first ccs (and he even offers 1 month). more importantly we have someone willing to contribute to monero, can't blame him for trying to market himself
-
ooo123ooo1234567
it's just general purpose programming: get task -> read code -> edit code -> test code -> submit PR
-
ooo123ooo1234567
there is not so much monero related
-
nioc
what happened to the prerequisite of having contributed / worked on mooonero voluntarily before opening a CCS?
-
ooo123ooo1234567
<plowsof> "the proposer has energy , motiva..." <- bullshit, remove requirement for "social influencing" and there will be a lot of participants
-
plowsof
it all requires 'time' - time that could be spent on important things that makes us happy (reading reddit / eating). if i need my fence to be painted .. its easy, i've done it before but , my neck and back would probably be hurt after it, so i'll pay someone to do it for me, and when they are here, they'll have a choice of coffee/tea and a selection of reasonably priced biscuits
-
ooo123ooo1234567
nioc: it's better than nothing, but this prerequisite isn't sufficient
-
plowsof
before opening a ccs i want to see that youve had atleast 1 mental breakdown from slave labour contributions
-
ooo123ooo1234567
"1 mental breakdown from slave labour contributions" any examples of those who had ?
-
ooo123ooo1234567
plowsof: What prerequisite would you add for auditors ?
-
plowsof
(im just typing mine out now lol)
-
plowsof
cryptography / audits , i have no idea so i can't offer an opinion
-
plowsof
if i paid 10?k for an audit that reads like a wikipedia article and states publicly known issues (or so im told) i wouldnt be happy , but , what can you do
-
r4v3r23[m]
<ooo123ooo1234567> ""I am open to implement anything..." <- why do you say this? is koe working on a monero-specific implementation?
-
ooo123ooo1234567
<r4v3r23[m]> "why do you say this? is koe..." <- It would be pretty stupid to work on Seraphis implementation not monero-specific
-
ooo123ooo1234567
-
ooo123ooo1234567
> <@r4v3r23:matrix.org> why do you say this? is koe working on a monero-specific implementation?
-
ooo123ooo1234567
* It would be pretty stupid to work on Seraphis implementation that isn't monero-specific
-
ooo123ooo1234567
"Take it to -community if you want to continue the convo ...", Seth For Privacy , what's your suggestion ?
-
ofrnxmr[m]
"funny how you all are ignoring problems in monero repo, but attacking me personally; at the same time no one was attacking that scammer;"... (full message at
libera.ems.host/_matrix/media/r0/do…2e0aa2b3074ff7abcca9acead6cf4bf3b1d)
-
r4v3r23[m]
<ooo123ooo1234567> "It would be pretty stupid to..." <- seraphis is a framework and isnt monero specific. koe said it would be needed to be passed onto devs to be implemented specifically to monero. are you saying that he's doing that himself?
-
ofrnxmr[m]
ooo123ooo1234567:
-
ofrnxmr[m]
plowsof: resigned so ccs complaints need to be paid up front
-
ofrnxmr[m]
/s
-
rbrunner
plowsof: "before opening a ccs i want to see that youve had atleast 1 mental breakdown from slave labour contributions" Well said.
-
jeffro256[m]
It's character building
-
w[m]
-
ooo123ooo1234567
-
w[m]
Yeah, say "I approve. Merge 7760"
-
w[m]
Or "we cant merge 8149 because it needs _redacted_. Im working on it. Should have something to show by xyz date"
-
w[m]
But no, you just whine
-
w[m]
And then we vote
-
w[m]
Meanwhile everybody is willing to do ask you ask. You just wont say what to do. Just complaining. Its weird.
-
w[m]
I dont mean to call you out in public.. but pretty sure you dont check your messages.
-
w[m]
All of us just want progress.
-
w[m]
We were working on ccs but plowsof had to step away. Luigi had to step away. People have shit going on and are volunteering their time and energy to trying to figure out what you want
-
selsta
w[m]: jberman's review is not wasted time, we will merge 7760 for v0.18
-
ooo123ooo1234567
I want fair compensation for spent time on that security analysis + wrap it into multisig paper + do the same with bulletproofs++ and then seraphis
-
rbrunner
Usually people want their stuff merged, sometimes they even long for it, not the other way round.
-
ooo123ooo1234567
and you instead of paying to someone who would do the same, paid for useless audit and trying to convince me that security analysis isn't needed
-
ooo123ooo1234567
it's kind of shows that that work costs 0
-
w[m]
ooo123ooo1234567: So lets get it done!
-
w[m]
Step 1?
-
ooo123ooo1234567
"path forward : admit the above scenario -> ..." it was posted in -dev, but no one replied
-
ooo123ooo1234567
just admit that it's important
-
rbrunner
"it" being ...
-
ooo123ooo1234567
security analysis for cryptography changes
-
w[m]
Done by? Cost? Timeline?
-
rbrunner
The End.
-
ooo123ooo1234567
cost - I don't even know how to calculate it, timeline - spent ~2 months, done by - few months ago ?
-
ooo123ooo1234567
rbrunner: ?
-
rbrunner
6 minutes elapsed
-
w[m]
ooo123ooo1234567: And you did the analysis? Its completed? And you've fixed further issues ready to be reviewed?
-
w[m]
So whats the holdup? Why dont you request compensation and submit the work instead of letting scammers drain the well?
-
ooo123ooo1234567
How much to request ?
-
w[m]
Most people write their own invoices. Do you want the decentralized community to vote on your compensation?
-
ooo123ooo1234567
Cost of problems will rise in case if they will be overlooked and reach mainnet
-
w[m]
As plowsof said, nobody wants you to burn yourself out.
-
ooo123ooo1234567
* Cost of discovered problems will
-
rbrunner
"Its completed?" Well, is it?
-
revuoxmr
Revuo Monero. Issue 126: June 23 - 30, 2022.
revuo-xmr.com/issue-126.html
-
ooo123ooo1234567
<w[m]> "Most people write their own..." <- I want environment changes so that similar problems will not appear again, in this case I will be able to disappear and become just monero user again
-
ooo123ooo1234567
But for some reason I don't know how to do it
-
ooo123ooo1234567
everyone either wants me to do this work or not do this work at all
-
rbrunner
I honestly don't understand the last statement
-
rbrunner
And, well, you did not yet answer whether you did or did not a multisig security analysis on your own, and if yes, how far it is
-
ooo123ooo1234567
> <@w:monero.social> And you did the analysis? Its completed? And you've fixed further issues ready to be reviewed?
-
ooo123ooo1234567
>
-
ooo123ooo1234567
> So whats the holdup? Why dont you request compensation and submit the work instead of letting scammers drain the well?
-
ooo123ooo1234567
it's completed enough for code changes to know how to fix or write exploit, everything optional was skipped to save time
-
rbrunner
And the problems for making it public are the possible exploits?
-
w[m]
And this analysis is of 8149? Finds issues the audit missed? And can be fixed by someone else? If youre the only one that knows of the issues, are you going to fix as well? Have anyone in mind to fix or review?
-
ooo123ooo1234567
it's multisig analysis end-to-end, not only 8149
-
rbrunner
If you try hard, trying to put yourself into our shoes, are you able to see how it might confuse to no end that you hold that, but don't want to show anybody?
-
ooo123ooo1234567
"Have anyone in mind to fix or review?" My naive plan was to write cool paper that could be reviewed just due to it's interest
-
rbrunner
Why was that naive?
-
rbrunner
Did anybody speak out against you writing a cool paper?
-
ooo123ooo1234567
Because of everyone voted against importance of security analysis
-
ooo123ooo1234567
if it isn't needed then what's the purpose of paper ?
-
selsta
ooo123ooo1234567: my plan step said that we don't remove experimental flag before security analysis
-
ooo123ooo1234567
I'm not crazy to spent time on useless papers
-
selsta
either through you or we fund someone else to do it
-
ooo123ooo1234567
it's either useful or useless,
-
ooo123ooo1234567
s/spent/spend/
-
rbrunner
I am pretty sure you won't agree, but IMHO with our voting we did *not*, repeat, *not* vote against importance of security analysis
-
rbrunner
We just weighted things very differently than you
-
rbrunner
I interpret you to say that importance of security analysis trumps almost everything else. We don't agree.
-
selsta
<+selsta> merge 8149 -> merge burning bug -> keep experimental -> try to get more formal security proofs before removing experimental flag
-
selsta
that was my suggestion most people agreed with
-
ooo123ooo1234567
it's the hardest part, if someone can do this then everything else is much easier
-
rbrunner
Thanks, you were faster to find it than me :)
-
rbrunner
Seems to me your point of view leads to either A) no hardfork now, or B) Monero without multisig at all for months. Seems to me we could not agree on either A) nor B)
-
selsta
i mean b) will be the case either way for real word applications
-
selsta
world*
-
selsta
unless they are okay with the risk
-
rbrunner
Well, you know, if I look what other teams for other cryptos are doing, our torments inflicted on ourselvers are ... pretty special :)
-
rbrunner
Torments of doubts, taking care, and being careful
-
rbrunner
ooo might disagreee ...
-
rbrunner
I know what: Put a gigantic "Experimental" label over the whole of Monero software, asking at every start "Experimental? Really want to continue?" Problem solved :)
-
selsta
rbrunner: i mean it's different here, ooo told us there are remaining issues and they would be found with security analysis (if done correctly)
-
rbrunner
It's good to be careful, wouldn't want the team to act in any other way, but you can overdo even that
-
rbrunner
Yes, understood. That's why I ask the fact they don't seem ready to publish *anything* to *anybody* seems pretty confusing
-
rbrunner
They are making it really, really easy to people who are sceptical to feel confirmed: All smoke and mirrors
-
rbrunner
Unfortunately
-
ofrnxmr[m]
If multisig is known to be dangerously broken, even after 8149, then ooo only need to make that clear to someone
-
ofrnxmr[m]
And multisig will be fully disabled.
-
ofrnxmr[m]
No vote will override an exploit..
-
rbrunner
One would think, yes. But somehow it seems, well, more complicated, although I don't understand much
-
selsta
ofrnxmr[m]: it's fine if you use multisig internally where all involved people are trusted
-
selsta
ofrnxmr[m]: i'm quite sure he has said it multiple times now, there are issues remaining that are found with security analysis, ow i don't know about the severity
-
ofrnxmr[m]
Thats what I thought, but ooo makes it sound as though they have proof of something worse
-
ofrnxmr[m]
So, if that is the case.. let someone know....
-
selsta
what do you mean with worse?
-
selsta
a malicious person can steal funds from multisig if he participates
-
selsta
that's what's i imagine, similar to now
-
plowsof
what are the worst real world implications of this multi sig 'bug' - for example for projects like RINO who use 'multi sig' in some way?
-
plowsof
does this effect the average monero enjoyer
-
plowsof
are there serious funds at risk now? or only later - if people assume its safe?
-
selsta
something like haveno would be at risk
-
plowsof
so i buy monero on haveno , and there is some escrow thing but i can just bypass it and 'unlock the funds' ?
-
selsta
something like this, yes
-
selsta
rino less, but it would destroy their trustless claim, and basically make it a custodial wallet
-
monerobull[m]
Haveno is changing to 2/2 right
-
monerobull[m]
But is it signed using the monero multisig?
-
ooo123ooo1234567
> <@w:monero.social> Meanwhile everybody is willing to do ask you ask. You just wont say what to do. Just complaining. Its weird.... (full message at
libera.ems.host/_matrix/media/r0/do…801ec188c023b617856a2732eb31c0e9491)
-
w[m]
For a couple weeks ^
-
w[m]
He's back now
-
w[m]
Not sure if hes back 100%, but he was here for the meeting
-
ooo123ooo1234567
it calls vacation
-
ooo123ooo1234567
* it's called vacation
-
w[m]
Plowsof, dont you dare take a vacation. Work 24/7 for free
-
ooo123ooo1234567
-
w[m]
Ok. Maybe not as big โฅ๏ธ
-
w[m]
What im saying to you, is if jberman opens a ccs to review your PR's, and you wont approve them.... how is this a good thing
-
w[m]
If mj opens a ccs and charges to attend meetings OBVIOUSLY that is bullshit. You dont need ooo123 to explain that.
-
plowsof
is there a "hacker one" bounty for the 'multi sig' vulnerabilities that ooo knows about ?
-
ooo123ooo1234567
Do you know what was the cost of exploits for multisig ?
-
w[m]
NO!
-
w[m]
Only you do
-
plowsof
actually no
-
ooo123ooo1234567
100xmr
-
plowsof
xmrsale got 85 xmr
-
ooo123ooo1234567
fantastic
-
ooo123ooo1234567
do you know who reviewed those exploits ?
-
w[m]
Ping pong
-
plowsof
no ๐ณ
-
w[m]
And the answer issaa
-
ooo123ooo1234567
UkoeHB / luigi1111
-
w[m]
Who not ooo
-
w[m]
* Why not ooo
-
w[m]
Where were ya?? Sleeping?
-
ooo123ooo1234567
yes, but both currently are against mandatory security analysis
-
w[m]
Who cares is they are Lol
-
w[m]
s/is/if/
-
w[m]
They arent the CEO and president
-
w[m]
Plowsof is CEO and Selsta ia head manager
-
plowsof
i don't understand the 100 xmr and ' exploits reviewed ' ? you mean they review exploits submitted to hacker one?
-
ooo123ooo1234567
yes
-
ooo123ooo1234567
the one that were fixed in my PRs and then in resubmitted 8149
-
ooo123ooo1234567
s/PRs/PR/
-
plowsof
so you are owed '100xmr' even though it is a tiny sum?
-
selsta
plowsof: he got 100xmr for submitting the bugs
-
selsta
and fixing them
-
ooo123ooo1234567
and that kayabanerve said "I'll add 10xmr for new exploit"
-
plowsof
ahh ok ok, thanks
-
ooo123ooo1234567
selsta: Not fixing
-
ooo123ooo1234567
for fix there was a promise with 100xmr, but I didn't take it
-
ooo123ooo1234567
and fix was pushed upfront into repo
-
selsta
ah ok i didn't know
-
ooo123ooo1234567
* promise with additional 100xmr, but
-
plowsof
is it because 100 xmr is a joke? for the impact of such an exploit?
-
kayabanerve[m]
I said 10 for a previously unknown one leading to loss of funds/keys, from the meeting, until the hard fork. Therefore, it's not yet relevant to this discussion unless you have submitted something new to koe
-
ooo123ooo1234567
it's probably max currenly across all hacker one bounties
-
kayabanerve[m]
As a side note, bug bounties generally pay the discloser, not the correcter. I couldn't comment on the specific terms here
-
ooo123ooo1234567
I've spent 1 month on that fix and no one submitted anything else in parallel
-
plowsof
so 100 xmr is '11k USD for a critical? exploit in a cryptocurrency?
-
ooo123ooo1234567
also I've said everything I knew about it at that time to UkoeHB in order to stall anything and went to do work on security analysis
-
plowsof
but 85 xmr will get you xmrsale
-
w[m]
ooo123ooo1234567: So why did you submit to hackerone
-
ooo123ooo1234567
In the worst case if you wouldn't find anything then it would be ok to resubmit my patch and merge it
-
w[m]
Instead of coming here and requesting 1000 xmr
-
ooo123ooo1234567
But I've found something and it means those who are merging it as is are incompetent
-
ofrnxmr[m]
ooo123ooo1234567: selsta: this^
-
ofrnxmr[m]
I dont know what he's referring to
-
ooo123ooo1234567
w[m]: because 2 months ago everyone was happy with that scammer
-
ooo123ooo1234567
* found something (via security analysis) and it, * merging it (resubmit via 8149)as is
-
ooo123ooo1234567
* found something (via security analysis) and it, * merging it (resubmit via 8149) as is
-
w[m]
ooo123ooo1234567: Fk that scammer. Cmon now. People are fish and scammers catch fish.
-
w[m]
Dont worry about him so much
-
plowsof
1000 xmr is more reasonable though , for 700 you can get a pretty front end
-
w[m]
plowsof: Hahahahaha no you cant. More like 1400 now
-
plowsof
ohhh sorry , true
-
ooo123ooo1234567
funny that kaybanerve was in similar situation with report to polynetwork with comp-sci fix (not even cryptography) where he was treated unfair, but anyway he is against me currently in this env
-
ooo123ooo1234567
s/anyway//
-
plowsof
comparing monero bounty rewards to other cryptocurrencies , we can show all the graphs we want of adoption , but the reality is the max we will pay for an exploit is 10kusd?
-
w[m]
plowsof: Easier to make money exploiting donators via ccs than find code exploits
-
ooo123ooo1234567
* order to not stall anything
-
ooo123ooo1234567
<kayabanerve[m]> "I said 10 for a previously..." <- yes, 10 for new vulnerability, are you joking ?
-
w[m]
If all you want is fair compensation, remember this isnt a company. You're an entrepreneur.
-
w[m]
If you accept 100xmr.. that on you..
-
w[m]
Request more.
-
plowsof
lets see that 10 xmr be donated to a pot on monero bounties ? under a well written / defined bounty?
-
w[m]
And dont request in private and complain about how someone said no. Make your funding request and eventually it will be funded.
-
w[m]
Why? Businesses RELY on the fixes
-
ooo123ooo1234567
> <@w:monero.social> If all you want is fair compensation, remember this isnt a company. You're an entrepreneur.... (full message at
libera.ems.host/_matrix/media/r0/do…b1f9c4ea59214b3a4a6d285acd6e6afe51c)
-
ooo123ooo1234567
it was one of my reply, didn't use it
-
ooo123ooo1234567
* see you all on rekt.news; R.I.P. monero
-
plowsof
and you can not complain about 10xmr as it is kayabas personal money
-
kayabanerve[m]
While I definitely believe moneros bug bounty is incompetent, I offered that from my personal funds. I'm not a millionaire
-
kayabanerve[m]
<ooo123ooo1234567> "funny that kaybanerve was in..." <- You weren't promised funds you were later denied, from what I've read
-
ooo123ooo1234567
kaybanerve should know how it's hard to find something interesting, it's really like a joke
-
kayabanerve[m]
I don't hate monero for having a low bounty. I was frustrated poly for misclassifying a critical exploit though
-
ooo123ooo1234567
kayabanerve[m]: what did you read ?
-
kayabanerve[m]
But I am frustrated with our bounty...
-
luigi1112
that bounty has lasted quite a few years, perhaps more fundraising should occur
-
kayabanerve[m]
ooo123ooo1234567: That the original submitter was offered 100? You were also offered some and turned it down? Feel free to correct me if I'm wrong? I haven't really been paying attention
-
kayabanerve[m]
luigi1112: I personally think in this game of online dick measuring we should offer 5m. There's just no way we can
-
ooo123ooo1234567
I'm 100% that UkoeHB / luigi wouldn't be able to write that fix as needed
-
ooo123ooo1234567
That's why separate bounty for a fix
-
monerobull[m]
What is going on here, since when do we have 100 xmr bug bounties
-
kayabanerve[m]
Because we can't, if we're discussing what we can, we'd want to get rid of the current structure
-
luigi1112
monerobull[m] this is just high severity hackerone bounty
-
kayabanerve[m]
It's set to pay out 10 criticals. Why tf do we expect 10
-
monerobull[m]
So not monero?
-
kayabanerve[m]
Ideally, we'd raise 1m and have two 500k blocks
-
kayabanerve[m]
monerobull[m]: It is monero
-
ooo123ooo1234567
kayabanerve, what are you talking about ?
-
monerobull[m]
Is this about a recent bug
-
kayabanerve[m]
ooo123ooo1234567: A better bug bounty program?
-
ofrnxmr[m]
monerobull[m]: Multisig
-
monerobull[m]
Ah ok
-
kayabanerve[m]
monerobull[m]: Both multisig and ooo's claims they're hiding one
-
kayabanerve[m]
I don't believe them, personally
-
ooo123ooo1234567
kayabanerve[m]: Did you catch me at least lying here ?
-
ooo123ooo1234567
* at least once lying here
-
selsta
kayabanerve[m]: hiding what?
-
kayabanerve[m]
Regardless, if the previous bounty was 100, I'd imagine the next bounty to be worth a similar amount due to pay out its structure?
-
ofrnxmr[m]
selsta: An exploit
-
kayabanerve[m]
So what's the issue there?
-
kayabanerve[m]
ooo123ooo1234567: I can't prove it but I assume you are since you refuse to provide evidence
-
ooo123ooo1234567
kayabanerve[m]: you're talking too much about things that you don't understand
-
ooo123ooo1234567
kayabanerve[m]: I have unresolved conflict with UkoeHB, but in current environment he knows more than others probably
-
plowsof
luigi1112: interesting, i think the open ended monero bounties site would be ideal? ... but at this point i dont know what issue / PR is being reviewed / fixed.. im totally lost. a well written / defined bounty (but we need 'some' social influencing to advertise the real world impact of the problem i guess) such a bounty can be shilled and hopefully funded to a more acceptable number ( delivering pizzas for several months will earn you
-
plowsof
more than 100xmr)
-
kayabanerve[m]
If you have a new critical, you're eligible under hackerone and under any supplementary programs. If you want to discuss raising further funds, you should be clear about the amount on the table and the amount you want
-
ooo123ooo1234567
I don't want to leak another vulnerability, I wasn't satisfied with previous treatment of vulnerability
-
ofrnxmr[m]
ooo123ooo1234567: Personal conflict?
-
kayabanerve[m]
Hiding it leaves it unresolved. If you plan to make a public pr, as you've claimed, you'll leak it then
-
ofrnxmr[m]
Leading to you dont want to tell UKoeHB?
-
kayabanerve[m]
Either be responsible, and disclose it responsibly now, before the hard fork, with whatever financial arrangements you can get
-
kayabanerve[m]
Or admit this is an ego/extortion trip with no relation to actually helping
-
kayabanerve[m]
The end
-
ooo123ooo1234567
It doesn't matter what humans internally use as a motivation to solve technical problems; your work on serai - is it ego trip or not ?
-
kayabanerve[m]
I'd consider koe, selsta, jberman responsible parties for disclosure. Officially, from that list, I believe it's selsta. Practically, it's koe
-
ooo123ooo1234567
UkoeHB work on Seraphis - is it ego trip or not ?
-
ooo123ooo1234567
kayabanerve[m]: it could be both for better result
-
ofrnxmr[m]
Sitting on an exploit because you dont like someone
-
ofrnxmr[m]
Not an ego trip
-
ofrnxmr[m]
Straight up kid shit
-
selsta
i'm not a useful party to disclose lol i would forward it to koe
-
kayabanerve[m]
I'm going to leave unless the discussion actually continues. I do believe the current bug bounty program is malformed and needs further funds though
-
kayabanerve[m]
selsta: Yeah but if they won't talk to koe you'll forward it lol
-
kayabanerve[m]
> <@ofrnxmr:monero.social> Sitting on an exploit because you dont like someone
-
kayabanerve[m]
> Not an ego trip
-
kayabanerve[m]
> Straight up kid shit
-
kayabanerve[m]
Eh. I'd get it if it's for money
-
kayabanerve[m]
Like you can pull a hyc and say it's merc bs
-
ofrnxmr[m]
The point forwarding the disclosure isnt to have the person understand it
-
ofrnxmr[m]
Its to acknowledge there is an issue.
-
kayabanerve[m]
I know what it's like to be broke, underrepresented, and have work with X yet unappreciated
-
kayabanerve[m]
But they haven't said an X nor clarified what they say on the table, so we can't even have that discussion
-
ooo123ooo1234567
kayabanerve[m]: why are you against me then ?
-
ooo123ooo1234567
You don't even know full context
-
kayabanerve[m]
Read my most recent message
-
kayabanerve[m]
You haven't told me how you've personally been wronged by a bounty. If you said it earlier, I either skipped it or misread it. Sorry if so
-
plowsof
the problem is lack of funding / reward for the bounty / thing thats broken , pls fix
-
kayabanerve[m]
If you were wronged, sure, I'll advocate for you. You have to explain that though
-
ooo123ooo1234567
kayabanerve[m]: I was have to communicate with UkoeHB and explaining what was the problem in those exploits
-
ooo123ooo1234567
s/was/had/, s/have//
-
kayabanerve[m]
If you weren't wrongef, just underappreciated, that's a separate discussion where you need to post numbers
-
luigi1112
hackerone paid 100, and IIRC the genfund was going to offer another 100 for timely fix
-
kayabanerve[m]
And didn't they say they turned it down?
-
kayabanerve[m]
So tbc, correct me if I'm wrong
-
kayabanerve[m]
Someone else reported and was paid. Ooo was offered 100 to fix and turned it down.
-
ofrnxmr[m]
<ooo123ooo1234567> "for fix there was a promise with..." <- ^
-
luigi1112
no ooo reported
-
luigi1112
and received 100
-
kayabanerve[m]
In that case, even if ooo now wants payments, they weren't wrong
-
kayabanerve[m]
luigi1112: Got it. So they were paid the agreed upon amount which was fully acknowledged as a crit
-
kayabanerve[m]
Offered +100 to fix. Turned it down. Fixed anyways
-
luigi1112
there isn't an agreed upon amount really
-
ooo123ooo1234567
kayabanerve[m]: Yes, I had to explain to UkoeHB why is it critical
-
luigi1112
just a % of pot
-
ooo123ooo1234567
and now this situation with 8149
-
luigi1112
which is loose
-
kayabanerve[m]
While I think 100 is too low in general, I'd say ooo has no claim to being wronged
-
kayabanerve[m]
luigi1112: Right, that's one of my issues. There's multiple pots yet we only display sum pot balance
-
kayabanerve[m]
There's no way to know which pot is where
-
kayabanerve[m]
ooo123ooo1234567: so you explained it and got paid. How do you feel wronged?
-
luigi1112
there's only 1 pot
-
plowsof
the monero network is secured by 10kusd (currently) this sucks
-
kayabanerve[m]
Having to explain a bug to receive acknowledgement isn't being wronged
-
ooo123ooo1234567
kayabanerve[m]: I also explained a lot of details in fix too
-
luigi1112
plowsof I guess like 90k
-
kayabanerve[m]
luigi1112: It's written as 10% of 60% and I believe it's written as a 60% pot of initial funds raised
-
luigi1112
either way not a lot
-
kayabanerve[m]
ooo123ooo1234567: ... right, but you said that you turned the fix payment down
-
ooo123ooo1234567
It was important to tell to UkoeHB since he is working on Seraphis, and this kind of knowledge might be helpful, but this situation with 8149
-
luigi1112
kayabanerve[m] ok. Again that's loose.
-
selsta
luigi1112: one critical cryptography vulnerability = 10k
-
kayabanerve[m]
So if you still want it, I'd say you should get it, but I won't say you were wronged there
-
kayabanerve[m]
luigi1112: Right, different comment, not relevant now
-
ooo123ooo1234567
kayabanerve[m]: If you wouldn't deny importance of security analysis, then I would probably get it anyway
-
kayabaNerve
ooo123ooo1234567: to be clear, I'm not against you here. You just haven't successfully explained to me the issue
-
ooo123ooo1234567
since exploit -> fix -> security analysis -> deeper issues -> one more fix
-
kayabaNerve
... so are you still trying to claim the bounty for the fix?
-
luigi1112
selsta yeah but I can imagine far worse vulnerabilities. You could say this should be 20% or something, but much higher is hard to justify IMO.
-
kayabaNerve
or are you saying you were paid for one bounty when there was multiple?
-
w[m]
ooo123ooo1234567: Im confused. Why did you write the multisig pr if it should not be merged yet?
-
kayabaNerve
Because you explicitly said you turned down the payment for the fix IIRC.
-
ooo123ooo1234567
kayabaNerve: I wanted to keep this whole situation in private, I'm not fully exposed here like you (with real name)
-
kayabaNerve
If you want, we can PM on Matrix
-
ooo123ooo1234567
kayabaNerve: I don't trust you enough to PM about it
-
kayabaNerve
I've tried reaching out to you before. As much as I don't appreciate your attitude, I do respect your skill and do want to work with you
-
kayabaNerve
Not the new exploit. Your comments on the historical bounty payment
-
w[m]
ooo123ooo1234567: You trust nobody though
-
kayabaNerve
No need to disclose any security issues, though I assume they're known. If you believe you're owed money, you're welcome to explain, here or in PM, what action(s) you did, what payment(s) were expected accordingly, and what payment(s) you received
-
w[m]
And nobody knows you.
-
w[m]
You could post it on Reddit tomoorow morning. Might has well get a move on. E
-
w[m]
You said you want to go back to just being a monero user.. so pass kaya the ball
-
ooo123ooo1234567
kayabaNerve: I would be satisfied with changes in CCS, that way I would be able to earn via new work and competing with others without underpayment
-
ooo123ooo1234567
* in CCS process, that
-
ooo123ooo1234567
it will also eliminate a lot of development process issues
-
w[m]
Others like who ๐ฅฒ
-
ooo123ooo1234567
It's even more important hackerone
-
kayabaNerve
Also, just because my submitted vulnerabilities have been comp-sci doesn't mean I'm a bad cryptographer. Sure, koe is better, and I have a guess you are too (though I couldn't say for certain), yet I'm able to implement proofs, see their effects, and reason through their part in a system
-
kayabaNerve
Again, Hackerone is a mess. luigi1112: My comment was I believe it's written as 60% of the initial funds raised would be for criticals (as in, if a critical happens, the sum balance drops yet so does the amount for criticals). Then it's 10% for that
-
ooo123ooo1234567
kayabaNerve: implementing cryptography designed and proven by others isn't hard, koe don't want yet to learn how to do security analysis
-
kayabaNerve
I may have misread it, but regardless, it's an unclear system that should be moved to fixed amounts.
-
w[m]
And Luigi just said hackerone has ~90k in the pot.
-
kayabaNerve
And then 10%? We seriously expecting 10 criticals?
-
kayabaNerve
w[m]: Different comment, again
-
luigi1112
10% of the total pot not the 60%
-
plowsof
shall we trick everyone to funding the hacker one pot and call it a payment processor and start a ccs?
-
kayabaNerve
Because luigi1112 acknowledges one pot, so it may be used as 6% of the pot per critical, yet then the comment is the math here is confusing because I never had that assumption
-
kayabaNerve
luigi1112: In that case, I've constantly misread whatever the fuck the spec is
-
kayabaNerve
Thanks for clarifying
-
ooo123ooo1234567
-
ooo123ooo1234567
* kaybanerve voted aganist importance of security analysis, not ready to catch the ball probably
-
kayabaNerve
I'd like to move it to fixed amounts, where criticals get up to 500k. While I believe it should be 10x that, I don't believe we can raise 10m. I think there's a small chance we could raise 1m.
-
kayabaNerve
ooo123ooo1234567: I can't do security analysis. If koe is uninterested, that's their decision. If you're able to, and interested, the CCS exists, and I'd donate. I'd not two issues though
-
monerobull[m]
The general fund had like 1 million last time i checked
-
kayabaNerve
The CCS is largely about popularity, one of its flaws. Accordingly, you may not get funded.
-
selsta
monerobull[m]: not with current price
-
w[m]
ooo123ooo1234567: Kaya didnt vote against.
-
w[m]
Can speak for themselves, but pretty sure they've said multiple times that all they want to see is some sort of proof that the analysis needs to be completed before merge
-
luigi1112
kayabaNerve I wouldn't read that much into the spec. There's a pot, which from memory was around 1k xmr. Various vulnerabilities got various payouts with very loose agreement on what is reasonable.
-
monerobull[m]
How the hell do you expect us to raise a million for bugbounty
-
kayabaNerve
I said I don't believe a formal spec + proof is necessary. I would still love to see one.
-
luigi1112
(as a % of the total, NOT as a $)
-
kayabaNerve
Beyond that, even if you were popular, you're actively trying to hold the community hostage
-
monerobull[m]
selsta: Yeah :/
-
ooo123ooo1234567
> <@w:monero.social> Kaya didnt vote against.
-
ooo123ooo1234567
> Can speak for themselves, but pretty sure they've said multiple times that all they want to see is some sort of proof that the analysis needs to be completed before merge
-
ooo123ooo1234567
the difference between me and kaybanerve: I did that work to be sure that there is flaws, kaybanerve wants to see this work done by others to prove that it's necessary
-
ooo123ooo1234567
* the difference between me and kaybanerve: I did that work to be sure that there are no flaws, kaybanerve wants to see this work done by others to prove that it's necessary
-
kayabaNerve
So we need to resolve any known vulnerabilities, and then we could discuss funding work. I'd personally contribute to a bounty/CCS on the matter, and if you feel wronged, and I agree, I'd be happy to advocate for you.
-
plowsof
we need monero marketing department on the phone asap. need hacker one ccs
-
ooo123ooo1234567
necessity of this isn't a question for me
-
kayabaNerve
I still don't have evidence for that despite trying to ask questions to figure out how you were.
-
kayabaNerve
And then if you don't want X, and you don't want Y, we need to discuss what you do want :/
-
kayabaNerve
Yet you frequently harp on bs without moving the convo forward
-
kayabaNerve
So we need to work through that
-
ooo123ooo1234567
kayabaNerve: Did you see changes suggested by me with multiple stages and competition ? This way it wouldn't be about poularity
-
ooo123ooo1234567
s/poularity/popularity/
-
kayabaNerve
Uhhhhhhh probably not? Have a gist available?
-
w[m]
Who is competing.
-
kayabaNerve
Again, I don't read everything, but I would be interested in CCS reform
-
kayabaNerve
It's why we lost the noethers :/
-
kayabaNerve
And we do have MAGIC, yay, but you need to KYC to the charity (not the committee)
-
w[m]
Cmon ooo. You said you were the only one to submit a fix. Our dev community isnt exactly big.
-
kayabaNerve
I don't believe you'd consider that a potential
-
kayabaNerve
w[m]: I believe I could fix any noted problems in the Monero multisig if needed. While no, I wouldn't be able to do the work Drijver did myself, nor review the Musig proofs completely, I can still reason with this as needed
-
ooo123ooo1234567
<ooo123ooo1234567> "project goal -> the next..." <- @kaybanerve, this
-
kayabaNerve
Issue is I need to actually know of issues to do so. Problem there is, I've locked.
-
kayabaNerve
*looked
-
kayabanerve[m]
This just sounds like stricter review on proposals with more explicit milestones and no advance funding?
-
kayabanerve[m]
Do we even have advance funding right now? ๐ค
-
ooo123ooo1234567
kayabaNerve: If they would be here then it wouldn't be needed to prove importance of security analysis
-
w[m]
And no manpower for all of that
-
kayabaNerve
Agreed
-
w[m]
Ploooowwsooooofffff get your ass to work
-
kayabaNerve
I have asked what it'd take for one to come back. It's... a lot :/
-
kayabaNerve
But I do believe it'd be worth it without question.
-
kayabaNerve
Regardless, I won't name or drag them into this conversation rn.
-
kayabaNerve
And it's a lot for us @ Monero. It's not a penny less than they deserve and incredibly reasonable overall.
-
ooo123ooo1234567
kayabaNerve: environment changes or purely money cost ?
-
kayabaNerve
For the noether in question to return? I'm referring to paying their salary
-
ooo123ooo1234567
kayabaNerve: is it private info ?
-
ofrnxmr[m]
Kaya, say yes. DM only
-
kayabanerve[m]
I don't care to drag them into this discussion when they're not relevant. I more meant to comment that valuable people deserve a lot, and Monero needs to find a way to successfully maintain them
-
kayabanerve[m]
I don't care to post their name accordingly, nor do I care to post the amount. If they want to come back, they can post it. The end.
-
monerobull[m]
Dev tax let's go
-
luigi1112
-_-
-
kayabanerve[m]
I'd be very interested in increasing the bug bounty, and I'd hope we could successfully offer 500k per critical with a total bounty fund of ~1.2m. I don't know the state of the current bounty pot/general fund/donation abilities though.
-
ooo123ooo1234567
kayabaNerve: profit oriented and research oriented work are different workflows
-
kayabanerve[m]
But even that, while ensuring security, doesn't help with the dev exodus
-
kayabanerve[m]
I don't think it's profit oriented. It wasn't 250k when I wouldn't be surprised if multiple historical contributors could get that on the market
-
plowsof
im going to make a CCS to fund my round the world boat trip for 2000 xmr. enjoy fixing monero-core and staying poor losers
-
monerobull[m]
kayabanerve[m]: My brother in Christ we have like 500k$ worth of xmr in reserve for the whole project.
-
kayabanerve[m]
monerobull: If it makes you feel better, it'd be per economic damage.
-
w[m]
monerobull[m]: Needs to change
-
kayabanerve[m]
So DoS alone wouldn't be a full crit. Multisig, while critical, would probably me a minimal crit amount, NOT 500k.
-
monerobull[m]
Donate? Make Ponzi coins and pump xmr with the profits?
-
kayabanerve[m]
Issue being you actually need to be in a multisig to attack those...
-
ooo123ooo1234567
kayabanerve[m]: Do you understand that bounties are needed to hide overlooked vulnerabilities, but not reduce their number ? Only changes in development may help with better quality of code
-
kayabanerve[m]
But even the minimum, which would include a DoS to bring down the net, would have to be ~100.
-
ooo123ooo1234567
s/bounties/hackerone/, s/are/is/
-
kayabanerve[m]
ooo123ooo1234567: Bounties catch vulnerabilities, they don't prevent, you're right. They don't hide though. Public disclosure is the way forward
-
w[m]
monerobull[m]: Zcash paid 250k for cake wallet integration..
-
w[m]
If haveno would collect some money from these for profit blockchains, they could pump the fund
-
kayabanerve[m]
And while again, this wouldn't help with devs, and you're right there (and not just with devs but with what devs working on, I'm considering writing sec proofs devs), that'd be next priority
-
ooo123ooo1234567
they hide since private communication of hackerone doesn't motivates developers to fix their development process
-
ooo123ooo1234567
s/motivates/motivate/
-
kayabanerve[m]
Monero crits are disclosed AFAIK
-
kayabanerve[m]
We've disclosed multiple, even the recent unresolved stat work
-
ooo123ooo1234567
And current case with 8149 without security analysis is perfect example
-
kayabanerve[m]
But here's the issue. At the end of the day, I can send a lot of messages, so can you, I can sound responsible, you can sound appropriately frustrated, and it's all fucking hollow.
-
kayabanerve[m]
Not because I don't want to fix this
-
kayabanerve[m]
Not because you don't have reasons to be frustrated
-
kayabanerve[m]
but because what the fuck are we supposed to do
-
kayabanerve[m]
We either need to get a concrete plan or acknowledge this is pointless.
-
ooo123ooo1234567
kayabanerve[m]: are you about 8149 now ?
-
kayabanerve[m]
So we have three points here. 1) CCS reform/developer maintenance. 2) Bug bounty. 3) You disclosing/writing security proofs/people writing security proofs in general, under #1.
-
kayabanerve[m]
No. I'm on about these 3 points ^
-
kayabanerve[m]
So if you actually want to make a plan, great. Let's pick an order and work through it
-
plowsof
need more moneys for the pot :(
-
kayabanerve[m]
but please let me sleep first. I've been up 22 hours
-
w[m]
kayabanerve[m]: Never... you work til your drop. For free.
-
kayabanerve[m]
But yes. If you legitimately want to create plans on these discussions, to actually move forward, I'll spend a few hours tomorrow doing what I can to discuss actual steps and create something we can present to parties as needed. We can even discuss it here, not in PM, or in a new channel to limit how much we spam
-
monerobull[m]
I'm just glad we don't have some stupid bridge thing holding a bazillion dollars worth of crypto only to be taken by north korea
-
kayabanerve[m]
But 1) Please let me sleep. 2) There's an agenda above. I'd like you to agree to the bones, feel free to suggest adds/removes/edits of course, and then agree to discuss where we want the systems to be so we can discuss literal actions to accomplish this. Because I agree all three are important, and I'm willing to advocate for you here
-
kayabanerve[m]
But I can't even properly advocate for myself right now beyond begging for sleep
-
ooo123ooo1234567
monerobull[m]: it was marvelous target, hopefully broken multisig will create another one
-
ooo123ooo1234567
* (it was, * another one)
-
kayabanerve[m]
Also, I do plan on offering a notable bug bounty for my work when it's sufficiently far along. While I'd hate to have a submission in my inbox, I'd love for it to be from you.
-
kayabanerve[m]
Though that still isn't technically announced yet, and I don't appreciate you frontrunning me there as you try to manipulate what I spend my time volunteering on :/
-
kayabanerve[m]
So I'd appreciate if you drop it for a few more days while I fight off more bug bounty assholes because I have my own bs there still
-
chesterfield[m]
w[m]: Monero lives in my head rent free
-
kayabanerve[m]
I haven't gotten a response. Feel free to take your time to think on it. I do get why you'd be frustrated, even if I don't know why you are yet (beyond your important PRs being left untouched for months which is horrible. Not contesting that, just noting it seems like there's another rabbit hole here). If we can talk it through, I'd be happy to give an opinion, and yes, happy to fight for you if proper. But I'm still missing
-
kayabanerve[m]
pieces, because even if you tried/thought it's clear, I don't have them. So I'd want to pick this up tomorrow, getting the picture from the start, and discussing action, if you're willing. Else, I go back to being the best dev I can, even if it turns out I'm wrong, and you go back to being the know-it-all holding back I get annoyed with :p
-
kayabanerve[m]
Also, I never advocated 8149 as an end-all be-all secure solution. I advocated for it as a greater good. I believe in maintaining "experimental" until we get formality involved.
-
kayabanerve[m]
While yes, that's a "game of words", it's the real life decision we have to make when we're so invalid already. At worst, we're back where we are. At best, we drop "experimental" in 6 months to a year.
-
kayabanerve[m]
Though yes, I frequently consider practicality over formality, which you're welcome to hold against me. I'd just rather we counter balance instead of you being an anchor there.
-
kayabanerve[m]
Night everyone. Even if I read something from here, waiting till tomorrow to respond, unless it's crit
-
monerobull[m]
-
monerobull[m]
How legit do you think this is
-
-
monerobull[m]
I love how haveno is on there ๐
-
ooo123ooo1234567
<kayabanerve[m]> "I haven't gotten a response..." <- "... happy to fight for you if proper. ..." why do you have vote while others don't ?
-
plowsof
no fees, thats what rug pulls are for?
-
plowsof
it sounds amazing / too good to be true though
-
ooo123ooo1234567
<w[m]> "Who is competing." <- everyone judging by the fact that I can't get reward for my work and had to fight with that scammer, now with others who are merging after shitty audit
-
monerobull[m]
<plowsof> "it sounds amazing / too good..." <- They mention monero compatibility a suspicious amount of times as well
-
ooo123ooo1234567
<kayabanerve[m]> "But 1) Please let me sleep. 2..." <- " ... Because I agree all three are important, and I'm willing to advocate for you here ..." it would be enough to advocate for mandatory security analysis (the one that was done by previous researchers) of cryptography changes (8149 including)
-
ooo123ooo1234567
it looks like you're just earning some popularity for future (MAGIC board / your future project / something else) and you've proven it when in some cases you're against incorrect code, but in other cases you are not against it
-
ooo123ooo1234567
I'm against incorrect code everywhere
-
ooo123ooo1234567
you want to raise bug bounty reward, do some changes in ccs that would prevent loss of prev researchers, but you're against security analysis that helps to catch vulnerabilities more efficiently than bug bounty and prev researchers were mostly busy with this kind of work
-
ooo123ooo1234567
contradiction
-
ofrnxmr[m]
<ooo123ooo1234567> "you want to raise bug bounty..." <- Kaya isnt against the security analysis...
-
plowsof
this 'security analysis' think, is that like a 'deluxe' version of an audit where they show 1+1 is always 2 for the cryptography? how much did the one for bulletproofs cost?
-
plowsof
thing*
-
ooo123ooo1234567
* you're against mandatory security analysis
-
ooo123ooo1234567
<selsta> "rino less, but it would destroy..." <- what is the business plan of rino with experimental multisig ? why they don't want not experimental right with hardfork ?
-
ooo123ooo1234567
funny that I didn't ask them to waste money on audit, didn't ask to help in anyway, but they appreciated shitty audit + 8149 + experimental flag
-
ooo123ooo1234567
why ?
-
selsta
you didn't say what you want compensated for your security proof and if you want to share it in the first place
-
selsta
so the audit was the next best thing to move multisig forward
-
selsta
i don't think the audit was worth it, but it was their funds
-
selsta
they would obviously prefer non experimental multisig at fork
-
ooo123ooo1234567
"meh. mercenaries have no place here." funny to read but not see any replies in direction to that scammer
-
ooo123ooo1234567
* "meh. mercenaries have no place here." funny to see this but not see any replies in direction to that scammer
-
ofrnxmr[m]
This aint twitter
-
ooo123ooo1234567
"Are we doing to have a closed source ooo monero daemon?" funny that there is no similar reply in direction to that statistical defense
-
ofrnxmr[m]
Dont change the subject ๐๐ and accuse others of doing so
-
ofrnxmr[m]
Defending you doesnt go as far as your feelings
-
ofrnxmr[m]
ooo123ooo1234567: That was sarcasm
-
ooo123ooo1234567
"whoever you would give your updated PR to review, then why not tell these people now what the issues are?" because I can't find even 1 human that would insist on proper cryptography changes
-
ofrnxmr[m]
Insinuating that you have a private repo of monero 6.0
-
ofrnxmr[m]
ooo123ooo1234567: You dont _want_ to find one, and if you do, you dont trust them anyway
-
ooo123ooo1234567
"ooo is then invited to propose a new PR on top of it if he wants to prove that there's more to fix" it's clear desire to justify thrown money on audit
-
ooo123ooo1234567
and nothing else
-
ofrnxmr[m]
ooo123ooo1234567: Nobody is justifying the audit
-
ofrnxmr[m]
<selsta> "you didn't say what you want..." <- Selsta JUST finished explaining
-
ooo123ooo1234567
"I truly believe they're just a pissed off obstructionist, not that I believe there's anyone else left to convince " indeed
-
ofrnxmr[m]
Correct road was closed for unknown reasons
-
ofrnxmr[m]
So we climbed a mountain for no reason and are back to square one.
-
ooo123ooo1234567
"While leaving the community in a known critically vulnerable state in the meantime" this argument was even used by that scammer and his friends
-
ofrnxmr[m]
The one who charges for meetings?
-
ofrnxmr[m]
You really take stock in what he says?
-
ofrnxmr[m]
"If you shoot ooo, you famous. If ooo shoots you, he's brainless. Whats an ooo12 to do"
-
ofrnxmr[m]
- Jay z
-
ooo123ooo1234567
"If ooo123ooo1234567 can't convince anyone that 8149 should be stalled further by the end of the meeting, I would like to squash and merge 8149 this week." How is it possible to convince those who don't use critical thinking and don't care about security of changes ?
-
ofrnxmr[m]
Who are "those"?
-
ooo123ooo1234567
"8149 has been thoroughly reviewed, audited, and Koe already implemented everyone's remarks", "once 8149 is merged, we can use this as a new basis of discussion for further improvments" again clear desire to justify thrown money on audit
-
ofrnxmr[m]
If there are problems, where is your review
-
ofrnxmr[m]
Aside from "im angry"
-
ooo123ooo1234567
Btw, that meething is supposed to have unbiased chairperson, which didn't serve role properly
-
ofrnxmr[m]
Supposed to?
-
ooo123ooo1234567
ofrnxmr[m]: meething participants
-
ofrnxmr[m]
This isnt a company. It would be nice but last time I checked it was an informal meeting without an agenda
-
ofrnxmr[m]
The meeting was to decide whether to merge 8149 and you didnt say anything aside from "its insecure"
-
ooo123ooo1234567
it's like visiting judge in a country with total corruption with the hope they will take right decision
-
ofrnxmr[m]
Saying you dont have a vote is crazy. You hold a 99% vote but you abstain
-
ooo123ooo1234567
s/judge/court/
-
ooo123ooo1234567
when/where did I have vote ?
-
ofrnxmr[m]
When you didnt speak up
-
ofrnxmr[m]
You have a vote right this second
-
ooo123ooo1234567
somebody here complained about big tech companies hi-jacking bitcoin meeting in order to push whatever they want
-
ooo123ooo1234567
and in that meeting somebody is pushing for a merged based on shitty audit
-
ooo123ooo1234567
facepalm
-
ooo123ooo1234567
s/merged/merge/
-
ofrnxmr[m]
ooo123ooo1234567: You can hijack this shit. Why tweet so much instead of hijacking? Place your vote already
-
ofrnxmr[m]
Jberman literally said he was with you on 7760 and multisig
-
ooo123ooo1234567
if it was about arguments then I would win even alone
-
ofrnxmr[m]
-
ooo123ooo1234567
if it's about crowd voting then it's already defeat
-
ofrnxmr[m]
ooo123ooo1234567: Its not
-
ofrnxmr[m]
facepalm
-
ofrnxmr[m]
Crowd voting votes tech guy throwing temper tantrum without solutions
-
ooo123ooo1234567
I was answering to questions of different people, after some point +1/+1 and end
-
ooo123ooo1234567
no unbiased chairperson
-
ofrnxmr[m]
s/votes/trumps/
-
ofrnxmr[m]
There is no chairperson, period
-
ofrnxmr[m]
This is monero, not an Amazon board meeting
-
ooo123ooo1234567
without chairperson it's chaos
-
ofrnxmr[m]
Yep
-
ofrnxmr[m]
Hard to hold anons accountable.
-
ofrnxmr[m]
I dont care who chairs a meeting.
-
ofrnxmr[m]
I pushed for 7760 and the dns fixes. Both will make 0.18 where previously the answer was no.
-
ofrnxmr[m]
Does the chair decide whether they get merged? No. You and Jberman do. But in your absence, voting and Jberman did
-
ooo123ooo1234567
how did you push for dns ?
-
ofrnxmr[m]
I asked for it to be prioritized.
-
ofrnxmr[m]
As I did 7760
-
ooo123ooo1234567
"selsta: I'd say it wasn't as thorough as my own review, but at the same time the auditor(s) brought a different set of expertise/experience to the table, which always improves the venn-diagram of concept coverage (e.g. hightlighting the bias issue in hash_to_scalar(), which prompted me to update my seraphis lib)." game of words
-
ooo123ooo1234567
"playing devil's advocate but where do we draw the line between "experimental" or not? There is surely more to Monero crypto and code that isn't as security proved as
-
ooo123ooo1234567
ooo123ooo1234567 would wish for to deserve being non-experimental" it looks like rino is going to enable multisig based on that audit
-
ofrnxmr[m]
So... no multisig?
-
ooo123ooo1234567
since the line between experimental and non-experimental is unclear
-
ooo123ooo1234567
otherwise what's the reason to push for merge of 8149
-
ofrnxmr[m]
How about if we have a game of words and call it "dangerous"
-
ofrnxmr[m]
ooo123ooo1234567: Why not tell someone why its a bad idea. "Rip monero" is the type of response that is a self fulfilling prophecy
-
ooo123ooo1234567
"kayabanerve: Based. I just want to iterate I don't believe they have anything" funny that I didn't submit that multisig vulnerabilities before having working exploit
-
ooo123ooo1234567
* I didn't even submit that
-
ooo123ooo1234567
while others can't even verify their non-cryptographic code in repo
-
ofrnxmr[m]
Nice.
-
ofrnxmr[m]
So
-
ofrnxmr[m]
No multisig?
-
ofrnxmr[m]
Jeopardy music
-
ooo123ooo1234567
"sech1: Can we just be done with disussing 8149 now (in this meeting)?" it's interesting how monero users don't care about code correctness
-
jeffro256[m]
ooo123ooo1234567: who should be the chairperson of Monero ?
-
ofrnxmr[m]
jeffro256[m]: Me. Pft. No other options.