-
ooo123ooo1234567
jeffro256[m]: the same as in court: anyone who can be unbiased and know/follow laws/rules
-
ofrnxmr[m]
So.. me
-
ofrnxmr[m]
Do we.... vote? 😆
-
ooo123ooo1234567
100% initial idea was that auditors will find something within 8149, so that I was sitting pointless on found vulnerabilities
-
ooo123ooo1234567
but they didn't find
-
ooo123ooo1234567
It would be interesting to have communication log with them
-
ooo123ooo1234567
but it's private or unavailable
-
ofrnxmr[m]
Would have been nice if YOU WERE PART OF THE COMMUNICSTIONS
-
ooo123ooo1234567
I was against that audit
-
ofrnxmr[m]
So why didnt you stop it
-
ooo123ooo1234567
since it would be useless
-
ofrnxmr[m]
Plowsof, what is the meaning is this?!
-
ooo123ooo1234567
ofrnxmr[m]: UkoeHB and arnuscky wanted to test their hypothesis that auditors who failed 1st time will do better work 2nd time
-
ofrnxmr[m]
Or... how about we do it the correct way
-
ofrnxmr[m]
With your security analysis
-
ooo123ooo1234567
in result nothing interesting + removed names + said this
nitter.42l.fr/veorq/status/1541148206595284992#m "At the same time, one of the most overrated aspects of Cryptography is provable security."
-
ooo123ooo1234567
funny
-
ofrnxmr[m]
Or is that not the correct way
-
ofrnxmr[m]
Facepalm. Twitter. Ooo??
-
plowsof
briefly what is a security analysis / how much did bulletproofs one cost / have you 'done' a security analysis on something and is it public?
-
plowsof
"audit" vs "security analysis" ?
-
ooo123ooo1234567
plowsof:
eprint.iacr.org/2019/654.pdf - research paper with security analysis,
ostif.org/wp-content/uploads/2020/0…/ostif-clsag-audit-final-public.pdf - audit of research paper and implementation based on this
-
ooo123ooo1234567
"sgp_, 19:28 <+selsta> merge 8149 -> merge burning bug -> keep experimental -> try to get more formal security proofs before removing experimental flag, seems perfect" cakewallet ordered 1st failed audit, another conflict of interest
-
ooo123ooo1234567
"sg_, 19:28 <+selsta> merge 8149 -> merge burning bug -> keep experimental -> try to get more formal security proofs before removing experimental flag, besides ooo, does anyone else oppose this" why not to ask is anyone competent besides ooo to vote on this ?
-
ofrnxmr[m]
ooo123ooo1234567: Because if ooo doesnt vote, ooos vote doesnt matter
-
ofrnxmr[m]
Silly
-
selsta
if you share your security analysis then we don't have to merge 8149
-
ooo123ooo1234567
is it possible to know who is taking this decision and full list of participants of that channe l?
-
ooo123ooo1234567
s/taking/making/, s/channe/channel/, s/l//
-
ofrnxmr[m]
You are.
-
selsta
what decision? everyone will agree, if you share your security analysis and if it shows that there are remaining issues then we won't merge 8149
-
ooo123ooo1234567
why I have to prove everytime that there is some bug or that my patch isn't related to some bug, while others are doing blind merges of everything ?
-
ooo123ooo1234567
" everyone will agree " what's the source of this certainty ? are they lacking their own will ?
-
selsta
because it gives us alternative path to move forward
-
ofrnxmr[m]
ooo123ooo1234567: I said, you have a 99% vote
-
ooo123ooo1234567
selsta: Do you know that doing something in a right way is much easier than to prove every time incompetent people that it's bad and it's good ?
-
ooo123ooo1234567
* right way from the beginning is much
-
ofrnxmr[m]
Agreed
-
ofrnxmr[m]
So... instead of letting us merge broken multisig.....
-
ooo123ooo1234567
ofrnxmr[m]: you don't have vote, not sure what's the purpose of this ACK
-
ofrnxmr[m]
The right path, as per ooo, is..... ______<<<___
-
ofrnxmr[m]
ooo123ooo1234567: Im the self appointed ceo
-
ooo123ooo1234567
not funny, only makes angry, since you really don't have any vote
-
ofrnxmr[m]
So long as you arent voting, I do.
-
ofrnxmr[m]
ofrnxmr[m]: And as far as getting angry... ^
-
ooo123ooo1234567
nitter.42l.fr/kayabaNerve/status/1400453070782271497#m, "Every discussion I had with its author always had them say "this is not audited". Respect the hell out of sarang for that."
-
ooo123ooo1234567
and this human is advocating for merging cryptography changes without security analysis
-
ooo123ooo1234567
and participating in bug bounties of other projects
-
chesterfield[m]
Didn’t we just have an audit
-
chesterfield[m]
Haven’t multiple people looked at the code?
-
sgp_
Jesus, don't drag me into this conversation again
-
sgp_
Here I can play the game too
-
ooo123ooo1234567
even if the last would be audit that particular audit is shitty
-
ooo123ooo1234567
* the last missing component would be
-
chesterfield[m]
Why waste days and days here saying the same thing over and over
-
sgp_
Monero is 100% completely broken and only I know how to fix it, but I can't tell you how because doing so would be unsafe. So you shouldn't use Monero, ever
-
ooo123ooo1234567
chesterfield[m]: audit of C++ implementation without design isn't the same as audit of design + it's implementation
-
ooo123ooo1234567
it's like checking built house without having intended design
-
sgp_
Actually I'll do even better
-
plowsof
this is like wrestlemania
-
sgp_
ooo123ooo1234567 is literally the head of the NSA, and I'm 100% certain despite not being able to prove so publicly or privately
-
ooo123ooo1234567
sgp_: source where it was said ?
-
sgp_
No this is me as an expert saying this
-
sgp_
And under your logic no one else can get a vote because they dumb dumb
-
ooo123ooo1234567
sgp_: source where it was said ?
-
sgp_
Therefore we literally can never trust anything you do, you gotta wait for me to rewrite multisig
-
ooo123ooo1234567
incompetent is only related to knowledge about particular subject, not about general mental abilities
-
ooo123ooo1234567
probably the least offensive adjective which still allows to point out problems
-
chesterfield[m]
I don’t understand why you wouldn’t just simply point out the flaw in the code… people review all the time
-
ooo123ooo1234567
sgp_, do you know details about 1st inferece.ag audit ?
-
sgp_
Anyway ooo123ooo1234567's mission is successful because here I am wasting time talking to someone arguing in bad faith. Yay you win
-
ooo123ooo1234567
are you allowed to share it's cost ?
-
sgp_
What audit, CLSAG?
-
ooo123ooo1234567
no, for cake wallet
-
ooo123ooo1234567
thorchain one
-
sgp_
Wait are you pretending I'm biased because of a "sunk cost"
-
ooo123ooo1234567
No, I'm just asking for the cost if you know
-
sgp_
Like now I'm on the hook to defend their implementation no matter what, something like that?
-
sgp_
Why is that relevant, at all
-
ooo123ooo1234567
it's interesting to compare it with 2nd audit
-
ooo123ooo1234567
just numbers
-
sgp_
It cost $2.50, good deal
-
ooo123ooo1234567
$2500 or $2.5?
-
sgp_
$2.50
-
ooo123ooo1234567
hmm
-
sgp_
The scope of that audit didn't cover any of the existing stuff though, just the thorchain changes
-
ooo123ooo1234567
it would be interesting more about it (including real cost), but it's likely unavailable
-
ooo123ooo1234567
* be interesting to know more about
-
sgp_
But honestly I really think you're overplaying your hand here saying JP Aumasson is less competent at cryptography than a troll who wasted our time at a dev meeting and hasn't proven anything
-
selsta
quite sure JP himself didn't do the audit
-
ooo123ooo1234567
cost / timeline / requested scope / auditors - everything have direct impact on result, give me full info and I'll try to figure out alone why it failed
-
ooo123ooo1234567
* cost / timeline / requested scope / auditors - everything have direct impact on result, if full info would be available then it would be possible to figure out why it failed
-
ooo123ooo1234567
I expected that you will not fire inference.ag audit on code
-
ooo123ooo1234567
and this opportunity would be used on actual cryptography design, since 1st audit really failed
-
ooo123ooo1234567
but it was burned on another paid audit done in private and only on code
-
sgp_
Which first audit? The thorchain one? I'm worried you're confusing scope
-
ooo123ooo1234567
s/would/will/
-
ooo123ooo1234567
<sgp_> "But honestly I really think you..." <- Would you risk with CCS payments and bounty for fix in order to just troll other people with nothing ?
-
sgp_
> The client requested a review of the changes introduced by the thor_monero_signing_parallel... (full message at
libera.ems.host/_matrix/media/r0/do…e6e8583e2d9cee8fb6c6746d151bfcaff4e)
-
sgp_
The changes
-
sgp_
The Monero base portion wasn't audited
-
sgp_
Also what CCS payments???
-
ooo123ooo1234567
sgp_, it was already discussed in -dev and -lounge, did you those arguments about diff that includes full vulnerable function ?
-
ooo123ooo1234567
sgp_: the one for p2p
-
ooo123ooo1234567
* sgp_, it was already discussed in -dev and -lounge, did you see those arguments about diff that includes full vulnerable function ?
-
ooo123ooo1234567
<sgp_> "But honestly I really think you..." <- There are no questions to whoever did that audit as long as it doesn't affect monero development
-
sgp_
ooo123ooo1234567: No, I would need it linked. But it's probably easier for me to just ask kayaba
-
sgp_
If they indeed missed something obvious, I can communicate that with them
-
ooo123ooo1234567
sgp_: are you joking ? inference.ag did 2nd audit with UkoeHB being involved, what are you going to communicate further ?
-
sgp_
Oh the second audit from Rino?
-
ooo123ooo1234567
<selsta> "i don't think the audit was..." <- do you know the cost ?
-
selsta
no
-
ooo123ooo1234567
<selsta> "they would obviously prefer..." <- what's the next date for hardfork ?
-
selsta
we will hardfork august 13
-
selsta
or what do you mean with next date?
-
ooo123ooo1234567
would be there something like: we do this hardfork and the next will be only 1 year away unconditionaly
-
ooo123ooo1234567
There is clearly no consensus regarding importance of cryptography changes, but is there at least consensus that it's ok to do the next hardfork somewhere sooner if there are things to change ?
-
selsta
bulletproofs++?
-
selsta
or do you have something else in mind?
-
selsta
i think another hardfork in a year is doable, 6 months like initially is too short these days
-
sgp_
Hardforks have happened sooner if there's good reason. There's precedent
-
sgp_
But that's what it takes, good reason. Else think a year+
-
ooo123ooo1234567
I don't want to wait another year in the same shitty environment where I had to prove every change why it's important
-
sgp_
If the cryptography bugs are indeed critical, then yes hardforks can happen sooner. That's what happened with RingCT
-
ooo123ooo1234567
I thought that some delay hf would be fair punishment for poor development process and it would be enough time for me to implement may changes including bulletproofs++, but now you're talking about one more year
-
ooo123ooo1234567
and it's boring
-
ooo123ooo1234567
should I keep then this vulnerability to ask you all to do another hardfork in few months ?
-
ofrnxmr[m]
Youre talking about 1yr
-
ooo123ooo1234567
s/may/many/
-
ofrnxmr[m]
HF can happen any time necessary
-
sgp_
Ugh, if there was a real vuln you could describe then do it now before we do anything. But you don't seem to get this and I'm not having another convo about this
-
ooo123ooo1234567
can we have at least consensus with development process ? which you all are successfully hi-jacked with that meeting
-
sgp_
I feel now isn't the time for that because we'll get mixed up in other drama, but overall I agree that some project formalization of processes and "project management" would be useful
-
ooo123ooo1234567
I was talking a lot about development process and it went to nothing
-
sgp_
-
ooo123ooo1234567
the same with cryptography changes
-
ooo123ooo1234567
and revived scammer would be a cherry on top of that
-
selsta
ooo123ooo1234567: what do you mean with delay hf?
-
ooo123ooo1234567
push back it a bit in order to have time for more changes that can be only via hardfork
-
selsta
i mean there is no rule that we have to wait X between hardforks
-
ooo123ooo1234567
optimistically bulletproofs++ included, problems found from work on multisig and few MRL issues
-
ooo123ooo1234567
<selsta> "i think another hardfork in a..." <- why did you say this then ?
-
ooo123ooo1234567
I agree that as soon as we know all requirements for the next hardfork cycle we can do much faster than currently
-
ooo123ooo1234567
e.g. firmware for trezor and ledger are easy things to do, it's certainly not a blocker
-
selsta
i just think 6 months is quite optimistic, but not impossible if we have good reasons to upgrade
-
selsta
you asked me without any reasons to upgrade
-
ooo123ooo1234567
Did I ever had bad reasons for any changes ?
-
ooo123ooo1234567
s/had/have/
-
selsta
no
-
ooo123ooo1234567
What was optimistic plan for rino with experimental multisig becoming non experimental ?
-
ooo123ooo1234567
hf + 1 week/ 1 month/2 months ?
-
ooo123ooo1234567
it's all shitty since you don't know about underlying issues, but anyway what was their plan ?
-
selsta
my idea was to either use your security proof (compensated) or hire someone to write security proof for multisig
-
selsta
and not remove label before that
-
ooo123ooo1234567
can you imagine someone who can write security proofs in current environment ?
-
selsta
that's why i suggested hire cryptographer to do it, now where to find someone is different questionn
-
ooo123ooo1234567
I can't imagine how it will work given problems basic comp-sci and review
-
ooo123ooo1234567
* given problems with basic comp-sci
-
ooo123ooo1234567
* given problems with basic comp-sci, * and review process
-
plowsof
<sgp_> "
youtu.be/MjNXmJUk2Jo" <- great presentation thanks, (this is my first HF experience, everything makes sense now, chaos!)
-
ooo123ooo1234567
<selsta> "my idea was to either use your..." <- can you estimate time to do the job via this way ?
-
selsta
months
-
dukenukem
-
ooo123ooo1234567
do you know whether rino wants to use multisig instantly after hf or only after removal of experimental flag ?
-
selsta
i don't know, no
-
ooo123ooo1234567
binaryFate: can you comment on plans of your project regaring multisig ?
-
ooo123ooo1234567
s/regaring/regarding/
-
ooo123ooo1234567
dead silence
-
selsta
it's 4am lol
-
ooo123ooo1234567
Is it possible to allow them do hardfork as they want
-
ooo123ooo1234567
* allow them (rino/ukoehb/...) do hardfork
-
selsta
rino is a web application, why would they need a hardfork?
-
ooo123ooo1234567
but shortly after it there will be the next, what is the most optimistic duration ?
-
ooo123ooo1234567
only +6 months ?
-
ooo123ooo1234567
* Is it possible to allow them (rino/ukoehb/...) do hardfork with whatever patches they want
-
selsta
you have to be more clear with what you mean, why would koe do a hardfork?
-
ooo123ooo1234567
that -dev meeting chosen path of arnuscky+ukoehb
-
ooo123ooo1234567
ok it will happen on 13th august or whatever they've chosen
-
ooo123ooo1234567
the next one when ?
-
ooo123ooo1234567
<ooo123ooo1234567> "optimistically bulletproofs..." <- with all of this
-
selsta
if you are asking shorter than 6 months, no
-
selsta
optimistically 6 months, realistically 9 months
-
ooo123ooo1234567
what's realistic delay for the upcoming hardfork then ?
-
ooo123ooo1234567
* what's max realistic delay
-
ooo123ooo1234567
selsta: do you know break down of this period ?
-
selsta
why there was delay this time?
-
ooo123ooo1234567
selsta: no one was pushing for it, until people related to multisig started to push hardfork; are you about this delay ?
-
selsta
bp+ pr was unapproved for months
-
ooo123ooo1234567
also a lot of PRs were unmerged before some push on merges, I didn't even reviewed them yet
-
selsta
unmerged?
-
ooo123ooo1234567
probably the same as your unapproved for months
-
ooo123ooo1234567
* PRs were unapproved/unreviewed/unmerged before
-
selsta
vtnerd wanted to review bp+, but then moved focus on multisig and then became unavailable for a bit
-
selsta
it took a while until we got other reviewers for bp+
-
selsta
but also no one really pushed for it
-
ooo123ooo1234567
what will determine delay of this hardfork ?
-
ooo123ooo1234567
again crowd vote ?
-
ooo123ooo1234567
I didn't see yet any situation when decision was takes exclusively with logic without any crowd
-
-
ofrnxmr[m]
Something like this
-
ofrnxmr[m]
ooo123ooo1234567: You're referring to H.
-
selsta
ooo123ooo1234567: we already decided on delay today, August 13
-
selsta
the logic was... 1 month for everyone to upgrade, plus a couple days more to tag and put out release binaries
-
ooo123ooo1234567
13th AUG - hf, release - ?
-
selsta
release 1 month before
-
selsta
with second release 1 week before
-
ooo123ooo1234567
13th July ?
-
selsta
that's the plan, yes
-
ooo123ooo1234567
second release 1 week before what ?
-
selsta
hf
-
ooo123ooo1234567
what's the purpose of this release ?
-
ooo123ooo1234567
* this release 1 week before hf?
-
selsta
hardware wallet changes that are not ready until first release, and also whatever fixes we find inbetween
-
ooo123ooo1234567
why we ? does anybody is going to search for something ?
-
selsta
we = project
-
selsta
for example
monero-project/monero #8379 fixes a crash but i'm not sure if it gets reviewed in time for the first release
-
selsta
or the deadlock
-
ooo123ooo1234567
<selsta> "hardware wallet changes that are..." <- bulletproofs++ certainly not a fix
-
selsta
but how would you get bulletproofs++ ready in 3 weeks?
-
selsta
second release can't contain any consensus related changes unless it's an emergency
-
ooo123ooo1234567
<selsta> "but how would you get bulletproo..." <- with enough enthusiasm it's possible
-
cryptogrampy[m]
Sometimes I don't know if I'm reading the same thousands of posts that I miss in a day or if my Alzheimer's is getting worse
-
ooo123ooo1234567
cryptogrampy[m]: is it even possible to write code with Alzheimer ?
-
cryptogrampy[m]
Did we hardfork already? What year is it and how many monero e-commerce solutions are there
-
cryptogrampy[m]
ooo123ooo1234567: No I write everything in one of those drag and drop puzzle languages
-
cryptogrampy[m]
I think it's called Scratch
-
ooo123ooo1234567
is it layered sarcasm ?
-
ooo123ooo1234567
* is it multi layered sarcasm ?
-
cryptogrampy[m]
Compile to monero payment gateway
-
plowsof
all of your sparring partners are sleeping ooo, you must recharge and prepare for battle again tomorrow
-
cryptogrampy[m]
A young man named plowsof who works at my nursing home introduced me to this language. I had been spending hours and hours a day making puzzles and this kind gentleman introduced me to the computer puzzle coding language
-
cryptogrampy[m]
And I will be forever grateful
-
kinghat[m]
fucking hilarious
-
ooo123ooo1234567
plowsof: is it multi layered sarcasm or truth ?
-
kinghat[m]
bro you are a machine
-
plowsof
just some jokes ooo
-
ooo123ooo1234567
kinghat[m]: why ?
-
-
kinghat[m]
plz keep them coming. my brain needs it after reading that backlog.
-
kinghat[m]
puzzle factory
-
cryptogrampy[m]
Upcoming monero payment gateway I'm prepping a ccs for:
-
-
ooo123ooo1234567
plowsof: is it at least old man behind that profile ?
-
ooo123ooo1234567
or also just joke ?
-
cryptogrampy[m]
I love you either way
-
cryptogrampy[m]
Wait you're not my grandson
-
cryptogrampy[m]
Where am i
-
kinghat[m]
cryptogrampy[m]: prolly going to waste a grip auditing this 🍝
-
cryptogrampy[m]
I unironically may write something for node-red
-
kinghat[m]
i thought you didnt write anything in `node-red` 🤔
-
plowsof
this is after hours -community (multi layered sarcastic / humour chat from people who should be sleeping)
-
plowsof
i learned some Flash skills at school
-
» kinghat[m] recharging for battle
-
cryptogrampy[m]
Oh you most certainly can write node-red nodes/flows
-
cryptogrampy[m]
Just imagine a monero payment gateway node that no one uses that never gets finished. Could be huge
-
kinghat[m]
thanks for the laugh plowsof. im out ✌️
-
cryptogrampy[m]
If anyone has android/react native exp and wants to make a wallet, feel free to reach out btw
-
plowsof
goodbye kinghat 👋
-
cryptogrampy[m]
kinghat[m]: Goodnight king
-
kinghat[m]
look into tauri. should have mobile support in v2(they are working on it).
-
BusyBoredom[m]
I <3 tauri
-
BusyBoredom[m]
Been using it for a side project, I'm very happy with it
-
ofrnxmr[m]
<cryptogrampy[m]> "1656647098307.jpg" <- Is this cryptogrampy or a friend?
-
kayabanerve[m]
ooo123ooo1234567: If I do the first implementation of an experimental protocol and it relies on an experimental proof, yes, of course I'm going to respect the author for not grandstanding and explicitly saying it should have formal review before being deployed .-. That's literally me taking your side on... (full message at
libera.ems.host/_matrix/media/r0/do…21069fa7cff696a9bebbdb1f40024ea43fa)
-
kayabanerve[m]
Bah. Sent that with nicer spacing and Matrix removed it :( Regardless, sorry for the long message everyone, and I don't plan to keep this up here
-
kayabanerve[m]
Side note, basic swap was mentioned. It appears to be by Particl and they did a Python impl of the swap protocol back in the day. Their work now appears to be a continuation of it
-
rbrunner
At first sight, that looks promising, right? If they really deliver
-
kayabaNerve
I assume trades won't have fees, yet it'll run over Particl, a BTC fork, and have their TX fees :/
-
kayabaNerve
Though I'm kinda just commenting on what generally happens when BTC forks launch DEXs. Still have to look a bit
-
rbrunner
Did not get the impression that Particl, the coin, will be involved. I understood all direct pairings of coins through true atomic swaps. But who really knows
-
kayabaNerve
... yeah, no, this looks much better than I expected according to their blog post
-
rbrunner
:)
-
kayabaNerve
It is using Particl's, written as the project's, SMSG. I'm trying to confirm that's impermenant with no relation to Particl, the coin
-
rbrunner
I think they borrow some communication mechanism, but that can't hurt I would say
-
rbrunner
from the Particl code base
-
rbrunner
Ah, you say the same, that's "SMSG"?
-
rbrunner
Yup
-
rbrunner
-
rbrunner
With this, if they can really get it off the ground, BTC-to-XMR atomic swaps suddenly would get a nice GUI
-
kayabaNerve
Right, and I don't see fees built into SMSG :)
-
kayabaNerve
Nice. Good for them. I'll try to review the code at some point
-
ooo123ooo1234567
> <@kayabanerve:matrix.org> ooo123ooo1234567: If I do the first implementation of an experimental protocol and it relies on an experimental proof, yes, of course I'm going to respect the author for not grandstanding and explicitly saying it should have formal review before being deployed .-. That's... (full message at
libera.ems.host/_matrix/media/r0/do…699ef7d26062f1ad9b5e795351246511fa8)
-
ooo123ooo1234567
it's for me
-
kayabanerve[m]
... actually, no. CLSAG is proven IIRC. So is FROST. While multisig in Monero isn't FROST, the additive key share system is identical. The only distinction is how we generate keys, which isn't the discussion we're facing here.
-
kayabanerve[m]
*It's also identical to MuSig2
-
kayabanerve[m]
To be more specific, yes, Schnorr is linear. Simple fact of life. CLSAG is effectively Schnorr and... I do understand the signing process as a whole, regarding nonce handling, has differences and don't contest that.
-
kayabanerve[m]
I'm highlighting the simplicity and consistency for Schnorr though.
-
ooo123ooo1234567
<kayabanerve[m]> "... actually, no. CLSAG is..." <- ok, disagreement
-
ooo123ooo1234567
"I'm offering my personal help, if we can at least talk things through, and you actually were wronged.",
libera.monerologs.net/monero-dev/20220514#c94874, Do you agree that It was supposed to roll multisig as is without experimental flag before that meeting ?
-
ooo123ooo1234567
yes/no ?
-
ooo123ooo1234567
s/roll/release/
-
rbrunner
The linked statement is from May 14. Opinions can and do develop, seems to me.
-
ooo123ooo1234567
-
rbrunner
Yeah, I remember that :)
-
kayabanerve[m]
It's hard to say? The general agreement was multi sig had to be done but we were still discussing how to do it. Therefore, it wasn't necessarily without the experimental flag. Regardless, we agreed it should have one, so it's irrelevant to now
-
ooo123ooo1234567
ok, another disagreement
-
kayabanerve[m]
Okay, do you have a point with this that leads to progress?
-
kayabanerve[m]
If this is us acknowledging our differences to clear the past, sure. If this is us acknowledging our differences so you can say we're different and you don't want to actually move forward together, I'll just head out now and save us the time
-
kayabanerve[m]
Because for some reason, I still try to work things out with you, despite all the ways you either tell or show me it's most likely pointless :/
-
ooo123ooo1234567
can you just honestly acknowledge without any conditionals ?
-
ooo123ooo1234567
at least once
-
ooo123ooo1234567
* honestly acknowledge or not without any
-
kayabanerve[m]
I've been in your position and I know you want these black and white answers. The issue is they don't necessarily exist
-
ooo123ooo1234567
kayabanerve[m]: thanks
-
kayabanerve[m]
So sure, if you want an overly simplistic answer, at that point in time, yes, we had plans to release multi sig and didn't have plans to include the experimental label
-
kayabanerve[m]
It just ignores that as part of our plans for multisig the label was proposed and we adopted it since we were actively planning
-
ooo123ooo1234567
kayabanerve[m]: would it possible to do that active planning without my replies ?
-
ooo123ooo1234567
before May I was silent in public
-
kayabanerve[m]
I have no idea. I'm not a psychic
-
ooo123ooo1234567
I waited few meetings to be sure that perspective is stable
-
ooo123ooo1234567
<kayabanerve[m]> "It just ignores that as part..." <- can you help me to find any public message before 14th May about such plans ?
-
ooo123ooo1234567
s/14th/7th/
-
ooo123ooo1234567
<kayabanerve[m]> "If this is us acknowledging..." <- "If this is us acknowledging our differences to clear the past, sure." yes, it's needed to move forward
-
kayabanerve[m]
Are you saying that the discussion you quoted actively discussing how to merge multisig isn't active planning?
-
kayabanerve[m]
I didn't say the label had been proposed yet. I said it was proposed when we were still planning
-
kayabanerve[m]
It's not acting in good faith to say we didn't plan to have the label we came up when planning
-
kayabanerve[m]
We were planning. It was a suggestion. We adopted it. It's part of the plan. Therefore, it's been planned
-
kayabanerve[m]
I couldn't care less when it came up with in the plans. I'd only chastise Monero if we rejected legitimately beneficial suggestions, delaying their inclusion in our plans.
-
kayabanerve[m]
And while you believe your suggestions are legitimately beneficial, most people do not, and I don't believe their inclusion is delayed. We'll get security proofs when we do. The distinction is we're not letting them be roadblocks leaving users critically insecure
-
ooo123ooo1234567
I agree that even with knowledge about potential problem It's better to merge 8149 with experimental flag, rather than not at all
-
ooo123ooo1234567
But was there any value in knowledge about potential problem and did it help to make a decision about experimental flag ? yes/no /
-
kayabanerve[m]
I am happy to hear that :)
-
rbrunner
I want to contribute a "wow"
-
ooo123ooo1234567
I wanted to prevent failure, since I was somehow responsible for UkoeHB knowledge about that patch
-
kayabanerve[m]
I'll also know that we don't have knowledge about a potential problem, as in, there's a potential problem that may be an issue. We've been told there's potentially a problem with no evidence. We can't live our lives around that.
-
kayabanerve[m]
Though yes, I will note you have have the talent to find/disclose/fix such problems
-
kayabanerve[m]
ooo123ooo1234567: Honestly? I'd have to re-read the chat logs
-
ooo123ooo1234567
kayabanerve[m]: It would be good 7th-14th May -dev
-
kayabanerve[m]
From my current understanding, key word being current and not historically accurate, I don't believe the community believes you actually have an exploitable issue in the multisig signing process beyond what we accept
-
kayabanerve[m]
Though we did just say "experimental" is planned to be kept until we have a formal specification AND review/proofs accordingly
-
kayabanerve[m]
So I'd note your insistence there regarding formal review likely did raise our opinion of it, though I'm unsure where our opinion would've been without you
-
kayabanerve[m]
Regardless, I do think you contributed there
-
ooo123ooo1234567
I think it was mostly decision of UkoeHB based on private previous communication, but it can't be verified via public info
-
ooo123ooo1234567
<kayabanerve[m]> "I've been in your position and I..." <- regarding black and white, I'm operating with black/white always, not only during bug bounty process
-
ooo123ooo1234567
is it the same for you or not ?
-
ofrnxmr[m]
Initially the idea was to remove the experimental flag if the audit came back good.
-
ofrnxmr[m]
Multisig was prioritized because, I assume, we thought it was fixed.
-
ofrnxmr[m]
But the audit was sub par + rumors of an exploit (but no disclosure), so disabled and experimental stuck pending disclosure.
-
rbrunner
"I'm operating with black/white always" I have a hard time to believe that's a promising strategy long time, in the "real world".
-
ooo123ooo1234567
> <@kayabanerve:matrix.org> I've been in your position and I know you want these black and white answers. The issue is they don't necessarily exist
-
ooo123ooo1234567
* regarding black and white, I'm always operating in black/white terms, not only during bug bounty process
-
kayabanerve[m]
Uhhhhhhhhh there's an honest answer and a polite answer
-
rbrunner
In any case, communicating with a group of people in something like a black or white manner is a recipe for trouble
-
ooo123ooo1234567
I don't care politeness mostly, it's either silent/ignore or honest reply from my side
-
kayabanerve[m]
I'll say I acknowledge that mindset and why, and wish it was possible
-
kayabanerve[m]
But it isn't
-
kayabanerve[m]
And that thankfully, that's something I've become more accepting of as I've grown as an individual
-
ooo123ooo1234567
* don't care about politeness mostly,
-
rbrunner
Ah, well, I think we write quite politely here right now. Things probably only turn ugly if opinions differ widely.
-
ofrnxmr[m]
<ooo123ooo1234567> "I don't care politeness mostly..." <- Being honest =/= being productive. You can be honest and play ping pong all day. Easier = being honest and to the point. Dont need to beat around the bush.
-
ofrnxmr[m]
im not the only one who has been trying to tap into our psychic powers to figure out what you're trying to get across..
-
ofrnxmr[m]
<ooo123ooo1234567> "I agree that even with knowledge..." <- ^ when I read this, I almost thought "sarcasm?"
-
ooo123ooo1234567
<kayabanerve[m]> "From my current understanding..." <-
monero-project/monero #8328#issue-1236108836, "There are vulnerabilities in multisig protocol if the parties do not trust each other ..." this disclaimer doesn't credit the source of such danger, and at the same time even after audit it wasn't removed;
-
ooo123ooo1234567
For me it's like choosing something between credit those who prevented failure and not merge and take responsibility for failure + audit + merge
-
kayabanerve[m]
<rbrunner> "Ah, well, I think we write quite..." <- Idk, I said a few bad words last night :O Tired Kayaba loses their filter
-
ofrnxmr[m]
ooo123ooo1234567: Moo wrote this PR in like 5 minutes
-
ooo123ooo1234567
I don't like that I wasn't credited for that prevented failure, also was attacked and now even after audit experimental flag wasn't removed
-
rbrunner
Maybe, but the last 3 hours or so have been really refreshing, if you ask me
-
ofrnxmr[m]
ooo123ooo1234567: Who do we credit? Anon? Ooo?
-
ooo123ooo1234567
* + merge without experimental
-
rbrunner
"I don't like that I wasn't credited for that prevented failure" that's a clear and frank statement, something to work with.
-
ofrnxmr[m]
These things can be easily fixed. Proper attributions etc.
-
rbrunner
I really don't think we have a culture and a problem of "not crediting" or not wanting to
-
kayabanerve[m]
ooo123ooo1234567: If you want to be credited, which I think you should have been asked about, I'd either go there now or ask mooo for such a correction
-
rbrunner
Looks like you came under the bus here, but not because of bad faith, I would say
-
kayabanerve[m]
ofrnxmr: It's called asking the discloser and honestly is just a basic sign of respect. While I understand being in a rush/being distracted, I will say it's always what people should do if possible
-
ofrnxmr[m]
The moo PR was written after a meeting where it was decided to disabled it outright pending audit results.
-
ofrnxmr[m]
I highly doubt there was any malicious intent. Moo just heard "disable multisig" and did it.
-
kayabanerve[m]
And I say that in response to the potentially-sarcastic "Who do we credit?" + providing a counterpoint to excusing mooo, though I won't say they shouldn't be excused
-
kayabanerve[m]
I'd assume it's an oversight
-
ooo123ooo1234567
prevented failure -> 1 week -> merge 8149 with experimental flag -> audit in order to find undisclosed failure ->
-
ooo123ooo1234567
and here I expected the following
-
ofrnxmr[m]
kayabanerve[m]: This is all im saying.
-
ofrnxmr[m]
Also with 8149, perfect daemon account would have the active pr. I feel perfect daemon deserves the credit due, 100%.
-
rbrunner
Well, as far as I know not *everything* that UkoeHB did after he took over the PR was mere cosmetics. So 100% of the credit for *8149* to ooo is probably a bit much
-
rbrunner
How about 95% :)
-
ofrnxmr[m]
rbrunner: Dont remember the original PR # , but I was referring to if koe didnt resubmit the pr as 8149 it would still be [old pr]
-
rbrunner
Yes, I understood. But that "old pr" developed further, that's what I mean. And not just inserting a few empty lines for it to look more pretty.
-
kayabanerve[m]
Koe did a lot of work on the TX building process, actually
-
rbrunner
And before we misunderstand: We don't imply ooo would not have been able to do that as well.
-
rbrunner
They just did not, as things turned out.
-
kayabanerve[m]
ooo's PR does have a lot of the cleanups I appreciated. Just saying koe did a bit more than 5%
-
kayabanerve[m]
and then, AFAIK, the security of the two are mostly the same. I believe ooo's declared the transcript format used in 8149 I noted a transcript conflict in
-
kayabanerve[m]
Which was also in 8149. koe said they fixed it in 8149 though :p
-
ooo123ooo1234567
what transcript conflict ?
-
kayabanerve[m]
Lack of ring length + nonce length.
-
kayabanerve[m]
Two variable sized arrays enables a longer one and a shorter one overlapping, assuming the elements in the middle were successfully arranged.
-
ooo123ooo1234567
ring size and number of nonce components are static in monero protocol, so it's redundant in practice
-
kayabanerve[m]
They can't be, under current Monero, as ring length is hashed into the message
-
kayabanerve[m]
And yes. That function has a dynamic nonce components yet practically, it's static
-
kayabanerve[m]
Yet ring is only pseudo-static. We're changing it in just a few weeks lol
-
kayabanerve[m]
So stable, not static, IMO
-
kayabanerve[m]
It's a minor note, but still better to have
-
ooo123ooo1234567
I didn't add any unimportant changes, since these details may steal focus
-
ooo123ooo1234567
It's easy to add such minor improvements, that's also one of the reasons I hate many here
-
kayabanerve[m]
I'd argue after this whole debacle, we'd want to ensure transcript validity, which means including lengths as needed
-
kayabanerve[m]
Especially since message including ring length is solely an implicit bound
-
kayabanerve[m]
If you're uninterested in doing such changes, either for security, code style, or whatever reason they're proposed, it explains why PR maintenance was taken over by someone else
-
kayabanerve[m]
Obviously, no, you don't have to accept all changes. I'm just noting why your PR wasn't merged and why more commits were made
-
kayabanerve[m]
There's give and take here.
-
ooo123ooo1234567
kayabanerve[m]: not uninterested, but it was postponed before overall security was confirmed; and after 8149 I had no chance to update my own PR with important changes and optionally unimportant too
-
ooo123ooo1234567
I'm prioritizing important things over unimportant to not lose focus
-
kayabanerve[m]
That's why collaboration exists
-
ooo123ooo1234567
once overall security confirmed, It's probably ok to accept collaboration, but forced collaboration with minor changes before overall security is not easy trade-off to do
-
ooo123ooo1234567
* changes before confirmation of overall security
-
ooo123ooo1234567
There was one important demand from my side: I wanted cryptography audit firstly before any C++ reviews, but in fact it was done this way: C++ review from UkoHB/moneromooo/vtnerd -> then kayabanerve burning bug -> shitty audit -> still no cryptography review
-
ooo123ooo1234567
I wanted it since I don't want to take responsibility for my patch without cryptography review, and currently it was resubmitted with experimental flag by those are ok without cryptography review
-
ooo123ooo1234567
monero-project/monero #8149#issuecomment-1027330071, "@arnuschky I'm not sure... there are some non-public review processes going on that I need to respect. It's mostly a waiting game I guess." non-public review is about that demand from my side in private
-
ooo123ooo1234567
<kayabanerve[m]> "Koe did a lot of work on the..." <- can you find such commit in 8149 PR ?
-
ooo123ooo1234567
-
ooo123ooo1234567
* 8149 PR (unsquashed commits
monero-project/monero 040b093) ?
-
kayabanerve[m]
I commented that while reviewing the files changed of both. They have notable differences.
-
ooo123ooo1234567
monero-project/monero 3c16469, "cosmetic improvements to aid readability " due to this
-
ooo123ooo1234567
monero-project/monero 59db13b, " address vtnerd review comments " and this relocation
-
ooo123ooo1234567
it's just relocations
-
kayabanerve[m]
I do understand you had the signing process file and koe's moved things around. There's still more than just relocations though. The line count alone shows that
-
ooo123ooo1234567
methods implementations from .hpp to .cpp isn't just relocations ?
-
rbrunner
"by those are ok without cryptography review" by those are ok without cryptography review *right now, holding up everything else". Important point, at least for me
-
ooo123ooo1234567
monero-project/monero f5e3347, "update tx builder so it works pre-BP+/viewtags " not cosmetic change
-
ooo123ooo1234567
monero-project/monero 975b57f, " update multisig tx_builder_t to make RCTTypeBulletproofPlus txs instead of RCTTypeCLSAG" and this one
-
rbrunner
Hmm, yes? It's important the new release works pre-hardfork as well as afterwards.
-
ooo123ooo1234567
<kayabanerve[m]> "So I'd note your insistence..." <-
libera.monerologs.net/monero-dev/20220510#c93252, "Oh, it was just some snark, nothing actually useful ? nvm then."
-
ooo123ooo1234567
libera.monerologs.net/monero-dev/20220510#c93251, "It's pretty misleading to say 'without any validation' when it's really 'without validation that meets my standards' (which we'd probably get closer to if you participated instead of hiding behind your indignation)."
-
ooo123ooo1234567
<kayabanerve[m]> "ooo123ooo1234567: If you want to..." <- That situation could be treated as a test: whether others would act honestly despite of personal disagreement or not and it failed
-
ooo123ooo1234567
<rbrunner> "I really don't think we have a..." <- It's easily verifiable with tests: solve some hard problem -> post solution after some trolling -> submitted patch without any credit
-
ooo123ooo1234567
> <@rbrunner:libera.chat> I really don't think we have a culture and a problem of "not crediting" or not wanting to
-
ooo123ooo1234567
* It's easily verifiable with tests: solve some hard problem -> post solution after some trolling -> others submit this patch without any credit
-
ooo123ooo1234567
I wouldn't do this even under pressure from the other side since I respect original solutions
-
ooo123ooo1234567
And for me it's like a test of honesty which failed
-
rbrunner
Whether a community like our group of Monero dev has or does not have a certain culture is not "easily verifiable". You have to watch for quite some time how things work and run
-
rbrunner
And you always find counterexamples
-
ooo123ooo1234567
I watched and tested for quite some time
-
rbrunner
Which, alone, do not yet prove something or make it easily verifiable
-
ooo123ooo1234567
Anything is verifiable with some test, even thoughts of concrete human
-
rbrunner
I think part of our difficulties are a certain tendency of yours to think things with humans can be as razor-sharp as code: correct or not, black and white
-
rbrunner
Humans are more complicated
-
rbrunner
By a wide margin, if you ask me
-
rbrunner
And if you have a whole group of them even more :)
-
rbrunner
Cherry on top is anonymity, and not being able to disucss things face to face.
-
rbrunner
Really, sometimes I think it's a freaking wonder that Monero got anywhere at all and did not explode, oh, 3 months after inception back in 2014
-
ofrnxmr[m]
<ooo123ooo1234567> "It's easily verifiable with..." <- A lot of people didnt know you = perfect daemon
-
ooo123ooo1234567
<rbrunner> "I think part of our difficulties..." <- give me an example of something that isn't razor-sharp ?
-
ooo123ooo1234567
I'll prove otherwise
-
rbrunner
With humans? Opinions. Sometime I change my opinion about something several times a day, if you asked me why I couldn't probably not reason why.
-
rbrunner
You don't?
-
ooo123ooo1234567
rbrunner: do self-analysis and find why
-
ooo123ooo1234567
rbrunner: I can explain everything I do, there is always a reason
-
ooo123ooo1234567
and the same applied to others
-
rbrunner
I believe you that you believe that.
-
ofrnxmr[m]
A lot of people didnt know you = perfect daemon
-
ofrnxmr[m]
A lot thought you _were_ just a troll.
-
ooo123ooo1234567
rbrunner: more concrete example then ?
-
rbrunner
I don't know why I fell in love with my wife back a long time ago. Most probably wasn't a razor-sharp decision yes/no :)
-
ooo123ooo1234567
something except "fell in love", it's too personal to ask you about
-
rbrunner
Sense of beauty then, how's that? I find something beautiful but could not argue why. Tomorrow, in another mood, I might not like it any more.
-
ofrnxmr[m]
People changed their opinions of you from useless troll to something more respectful
-
rbrunner
Well, some people probably are still somwhere on the way there ...
-
rbrunner
But anyway, seems to me we are basically arguing now whether the human mind is more than razor-sharp conscious logic think in the cerebral cortex.
-
rbrunner
Which is, frankly, a bit hilarious.
-
rbrunner
Of course, at the end of the day, Monero is only compiled C++ code, and really nothing more, but the ways to arrive there can be terribly complicated
-
ooo123ooo1234567
rbrunner: self-analysis/critical thinking is directly needed in problem solving
-
ooo123ooo1234567
and lack of it affects quality of solutions
-
rbrunner
Agree. But if you have a problem in a group of devs, maybe that "problem" needs some other or at least additional strategies.
-
rbrunner
Because humans.
-
ooo123ooo1234567
group of humans / crowd doesn't solve problem, any counterexample ?
-
ooo123ooo1234567
s/doesn/don/, s/problem/problems/
-
ooo123ooo1234567
especially without critical thinking
-
rbrunner
No, maybe I wasn't clear: If a group has a problem, you can't debug that problem like you can a handful of lines of C+ that do not behave
-
ofrnxmr[m]
ooo123ooo1234567: And clear and concise communication
-
ooo123ooo1234567
ok, concrete problem example that is hard to debug ?
-
rbrunner
If somebody is wrong, you can't always convince them right away by proving it to them. That will only result in more anger, in that very moment.
-
rbrunner
There may be people where that works, but probably not many.
-
rbrunner
To much ego in play, for example.
-
rbrunner
Who likes to be wrong? Honestly.
-
ooo123ooo1234567
rbrunner: The goal is to solve technical problems of monero, not convince some humans. It's possible to redirect internal anger towards some problem analysis
-
rbrunner
Sometimes humans are, for whatever reasons, not ready to work with you to solve a particular problem. Then you do have to convince them, for better or worse.
-
ooo123ooo1234567
rbrunner: I hate many here, hate this environment, but I like technical problems despite all of this; this persists under external pressure
-
ooo123ooo1234567
* this persists even under external
-
rbrunner
"I hate many here" That's a bit unfortunate.
-
ooo123ooo1234567
rbrunner: there is a common goal: progress of project, and it should be prioritized over personal goals
-
rbrunner
Well, yes, and we all should live together in peace on this planet. Look how this plays out ...
-
rbrunner
But, seriously, and I don't want to mock you here, if you hate people, and hate the environment, maybe that's a problem that can be solved with some introspection, like you explained yourself
-
rbrunner
Basically, make peace with some things that are as they are, and you can't immediately change them
-
rbrunner
Sometimes aka "compromise"
-
ooo123ooo1234567
rbrunner: There is huge intersection between things that I hate and things that are bad for project goal
-
ooo123ooo1234567
I'm focusing on this intersection
-
rbrunner
Hmmm .. interesting statement.
-
rbrunner
But still, pushing the project forward with the price of you enduring hate is probably too high a price to pay.
-
rbrunner
Especially if there might be ways to still push it forward, but damp down the hate
-
rbrunner
(I start to sound like some over-the-top tv psycho doc, and wait for somebody telling us this is, for all things, #monero-community ...)
-
ooo123ooo1234567
rbrunner: I call it following path of least resistance
-
ooo123ooo1234567
s/following//
-
rbrunner
Yeah, with that I can agree. Humans are lazy :)
-
ooo123ooo1234567
preventing that failure is certainly against path of least resistance
-
ooo123ooo1234567
And I want more changes since it will have positive impact on development
-
ooo123ooo1234567
without any problems
-
ooo123ooo1234567
rbrunner: "project goal over personal goals" those who disagree may be lazy outside of development process
-
rbrunner
Well, with Seraphis and Jamtis we will have mountains of new codes to write, and existing code to change, I for one would be glad if we could find together and collaborate
-
ooo123ooo1234567
That scammer is an example of parasite that not only lazy but also tries to profit from this
-
ooo123ooo1234567
It's very bad example
-
ooo123ooo1234567
Lazy people is like static obstacle, not so hard to bypass
-
rbrunner
I guess you hate parasites?
-
ofrnxmr[m]
rbrunner: Not a bad trait, hating parasites
-
ooo123ooo1234567
It has direct impact on development, so bad
-
ooo123ooo1234567
* it's very bad for project goal independently whether i hate it or not
-
ooo123ooo1234567
* it's very bad for project goal independently on whether i hate it or not
-
rbrunner
Right. But sometimes parasites are so small they are hardly worth our full attention. Distraction on the sideways, if you like.
-
ooo123ooo1234567
rbrunner: Any example of small /big parasites ?
-
ooo123ooo1234567
rbrunner: I would like to have solved few hard problems at the end of 2021, it's half of 2022 and seraphis is supposed to be deployed in 2 years
-
ooo123ooo1234567
I don't like it
-
rbrunner
Well, maybe that's controversial big time, but I followed your epic fights with that solar cell miner, and I don't think it was worth it
-
ooo123ooo1234567
And I don't see any hard obstacles on they way it, ability to do security analysis was the hardest part
-
ooo123ooo1234567
s/they/the/
-
rbrunner
I think Seraphis and Jamtis really depend on our ability to rise enough manpower. Sometimes I think it does not look to good right now.
-
rbrunner
*too good
-
rbrunner
By the way, that's one of the reasons I am still here, and still writing: I for one would like to have you on board. Some rough sailing first maybe, but that's life :)
-
ooo123ooo1234567
<rbrunner> "Well, maybe that's controversial..." <- 0 progress over 2021 means there is huge problem with devolpment
-
ooo123ooo1234567
And removal of that scammer is a good example what should be done with anyone who would do the same
-
ooo123ooo1234567
I can't even get reward for cryptography fix, while scammers are teaching others what to do in monero-research-lab channel by suggesting absolute bullshit for decentralized protocol
-
rbrunner
Yes. But that removal, IMHO, as it happened, was expensive. Much china got broken, and I think many people see you now as a troll, or worse
-
ooo123ooo1234567
rbrunner: At first I don't believe that It even happened
-
ooo123ooo1234567
I wanted to submit open source alternative for that task to show an example how it's possible to compete even with scammers
-
ooo123ooo1234567
<rbrunner> "I think Seraphis and Jamtis..." <- you're contradicting to yourself: no reward for cryptography work, but free feeding for scammers
-
ofrnxmr[m]
You arent able to claim your ccs?
-
ooo123ooo1234567
<rbrunner> "Well, maybe that's controversial..." <- the case with scammer -> competition for that task -> open source alternative -> changes to CCS process in order to prevent similar problems in future
-
ofrnxmr[m]
Or referring to other work
-
ooo123ooo1234567
It would mean quick changes to development process, but instead It didn't happen
-
rbrunner
Well, I did not talk about reasons why we may have difficulties to attract manpower. Just that we have. That's probably not very controversial.
-
ooo123ooo1234567
someone chosen path of least resistance
-
ooo123ooo1234567
changes to CCS -> less noise in development -> more people doing some hard work ->
-
rbrunner
Yes, but you know what, for better or worse, it's like that in groups: People will listen to you after the got to know you, and respect you. That will take time.
-
rbrunner
Even if you are right 100%.
-
ooo123ooo1234567
ofrnxmr[m]: I was working whole year, that CCS only for 3 months, claiming that reward would mean free work over 1 year
-
rbrunner
And can prove it. Easily.
-
ooo123ooo1234567
* would mean admitting free work
-
ofrnxmr[m]
ooo123ooo1234567: Update it to request more
-
ofrnxmr[m]
And include your other work
-
ooo123ooo1234567
ofrnxmr[m]: not very honest relatively to others
-
ooo123ooo1234567
competing with scammer is much more honest, but it wasn't done properly
-
ooo123ooo1234567
* competing with scammer is much more honest
-
ooo123ooo1234567
rbrunner: I'm against any appeal to authority, there should be equal treatment based on done work
-
ofrnxmr[m]
ooo123ooo1234567: Open a new ccs and raise your rates accordingly?
-
rbrunner
I understand, and I sympathize up to a point. Just pointing out that groups of humans work like that. Ever did. Probably since 200,000 years. You are in such a group here.
-
ofrnxmr[m]
ooo123ooo1234567: Its not about authority, its about nobody taking you seriously or even ignoring you before they know about your contributions
-
ooo123ooo1234567
rbrunner: I want to push changes to CCS that are compatible with anonymity and competition, it would not honest relatively to others to claim compensation for my work prior to changes to CCS
-
ofrnxmr[m]
When your first few accounts got banned, some of those people had no idea who you were
-
ooo123ooo1234567
case with scammer and multisig would be enough to teach others and prove my point
-
ooo123ooo1234567
but something went wrong
-
ooo123ooo1234567
* to CCS process that are
-
rbrunner
That's a bit of an understament. A hell of a lot of things went wrong.
-
ooo123ooo1234567
* to CCS process that are, * it would be not honest
-
rbrunner
Quite a tangle.
-
ooo123ooo1234567
From my point of view it failed since others don't want to behave honestly and prefer personal goals / interest over project goal
-
ooo123ooo1234567
In general, it can be justified by "they are humans", but what to do with failed project goals ?
-
ooo123ooo1234567
I don't see yet changes even in perspective
-
ooo123ooo1234567
The best what you suggest me is personal compensation, but without any changes to whole environment
-
rbrunner
May sound dumb, but try again, and try better?
-
ooo123ooo1234567
* you suggest to me is
-
ooo123ooo1234567
I don't have energy / health for second try
-
rbrunner
Nobody has the power to change the "environment" just like that. In such a diverse open-source project those are almost always slow and painfull changes
-
rbrunner
Did you follow our attempts to get rid of timelocked transactions? The process was hair-pulling and quite frustrating, and in the end we failed as a dev group.
-
rbrunner
They are still there.
-
rbrunner
Thankfully not that important, but shows how things can work, or *not* work, in groups.
-
ooo123ooo1234567
rbrunner: From perspective of project goal, there should be just some work that no one wants to do
-
ooo123ooo1234567
rbrunner: mainnet -> release -> repo -> merges -> pr -> devs
-
ooo123ooo1234567
first 4 components are manually controllable and centralized
-
rbrunner
Doesn't it make you a bit suspicious that the world is littered with dev groups with problems, but your logic tells you it's simple?
-
ooo123ooo1234567
rbrunner: I'm not trying to achieve better result doing the same as others
-
ooo123ooo1234567
In the worst case it may be very experimental
-
ooo123ooo1234567
rbrunner: I'm not afraid of complex problems
-
rbrunner
I believe you, and that's a net positive, I would say.
-
rbrunner
But as I argued earlier, some problems are of a very, very different nature than others, and they need a very different approach because of this.
-
rbrunner
Problems with those pesky humans for example :)
-
ooo123ooo1234567
rbrunner: project goal over personal goals -> focus -> ...
-
rbrunner
Well, call me pedantic, but seems to me putting project goal over personal goal *is* a personal goal of yours
-
ooo123ooo1234567
it may happen naturally when you're focusing on something for a long period of time
-
ooo123ooo1234567
for the best efficiency
-
ooo123ooo1234567
of solving problems
-
ooo123ooo1234567
When someone starts to prioritize their personal goal over project you will notice by inability to focus on single subject,
-
ooo123ooo1234567
* will notice it by inability
-
rbrunner
Alright, have to go. I want to sincerely thank you for the interesting chat, and I hope other people find it intersting to read up, and learn something about you, and about the situation
-
ooo123ooo1234567
<kayabanerve[m]> "It just ignores that as part..." <- another possible test would be to talk after released code, but then I would be blaimed for allowing insecure code
-
ooo123ooo1234567
though this test would be more clear from external point of view
-
ooo123ooo1234567
<kayabanerve[m]> "ofrnxmr: It's called asking..." <- "It's called asking the discloser and honestly is just a basic sign of respect." so lack of it is a basic sign of disrespect
-
ofrnxmr[m]
Referring to moos pr to disable multisig by default
-
ofrnxmr[m]
Im pretty sure moo didnt know who you were at the time..most people didnt and assumed the anon was MIA and koe was handling it now
-
ofrnxmr[m]
If moo should have asked you first.. but moo has you on ignore because of the mj spam. So good chance they didnt see you share anything and only heard it be parrot'd by other memebers
-
ooo123ooo1234567
It isn't about concrete humans, but about why it affects development
-
ofrnxmr[m]
<ooo123ooo1234567> "It isn't about concrete humans..." <- Moo leaving -dev affects development too
-
bridgerton[m]
<Encore> mmm, delicious infighting
-
bridgerton[m]
<Encore> that's what monero needs
-
dsc_
whenever there is drama here I think of
web.mit.edu/gtmarx/www/movement.html
-
ooo123ooo1234567
> <@ofrnxmr:monero.social> Referring to moos pr to disable multisig by default
-
ooo123ooo1234567
>
-
ooo123ooo1234567
> Im pretty sure moo didnt know who you were at the time..most people didnt and assumed the anon was MIA and koe was handling it now
-
ooo123ooo1234567
no, ignore was added after 14th May
-
dsc_
ooo123ooo1234567: your quoting is really annoying;
i.imgur.com/WRWPzVO.png
-
dsc_
You just spammed 4 lines to say 7 words
-
ooo123ooo1234567
dsc_: it's automatic formatting from matrix-irc bridge
-
dsc_
ooo123ooo1234567: Your violations to IRC etiquette are not working in your favor
-
dsc_
>>> len("ooo123ooo1234567")
-
dsc_
16
-
ooo123ooo1234567
matrix users don't see it and IRC doesn't allow anonymous participation
-
MajesticBank
how not?
-
kayabanerve[m]
<ooo123ooo1234567> ""It's called asking the disclose..." <- It is disrespectful, yet I wouldn't assume it was on purpose. Mooo is a quality person
-
dsc_
kayabanerve[m]: that goes for you as well
-
kayabanerve[m]
dsc_: What specifically?
-
dsc_
kayabanerve[m]: IRC has existed for decades and FOSS developers have specific ways (read: etiquette) how to conduct technical discussions, this includes formatting
-
kayabanerve[m]
Oh. Referring to the reply scheme
-
dsc_
-
kayabanerve[m]
While I do agree regarding IRC etiquette, not being spamming, I would like to note the disjoint platform behavior
-
kayabanerve[m]
Not to say we shouldn't be mindful of IRC. To say that this isn't something intrusive here and can help conversation
-
kayabanerve[m]
The median I've noted, which I think is fair, is infrequent replies
-
kayabanerve[m]
I responded to something from hours ago. ooo responds in every message lol
-
dsc_
older boomer developers (read: the OG hax0rs) are using different clients, usually text-based, this chat is totally unreadable through it, so you may find that 1) they might leave the channel 2) they might start to ignore you 3) they may avoid your otherwise seemingly good contributions
-
dsc_
but I am done complaining... continue :P
-
ooo123ooo1234567
<kayabanerve[m]> "That's why collaboration exists" <- I think It was one of the points of UkoeHB to teach me that any collaboration is useful
-
kayabaNerve
If it makes you feel better, I'm still connected on IRC :p
-
kayabaNerve
So I do know the pain and while I'm not using a terminal to view it, it is pretty raw text here
-
ooo123ooo1234567
<kayabanerve[m]> "If you're uninterested in..." <- security - yes, everything else - only later; not sure why you mixed security with code style into one sentence
-
dsc_
dear lord.
-
ooo123ooo1234567
<kayabanerve[m]> "And that thankfully, that's..." <- are there any rules/principles that will not ever break ?
-
ooo123ooo1234567
or grown individuals don't have any ?
-
kayabanerve[m]
dsc_: Nothing I can do about it, though I do agree it's rude considering you just complained
-
dsc_
he just continues
-
ooo123ooo1234567
dsc_, it's like reading tcp dump for high level protocol
-
ooo123ooo1234567
switch to matrix or vote for d
-
ooo123ooo1234567
* switch to matrix
-
dsc_
ooo123ooo1234567: are you trying to spam this community or somtehing?
-
kayabanerve[m]
You commented the transcript collision was a minor change best put off. It was for security though, which is why I commented on it.
-
kayabanerve[m]
Matrix has several reasons not to use it .-.
-
dsc_
matrix is for noobs.
-
dsc_
it is for non-developers
-
dsc_
and teenagers
-
kayabanerve[m]
Eh. I don't want to run a bouncer and appreciate e2e.
-
kinghat[m]
ouch babe
-
dsc_
kinghat[m]: <3
-
kinghat[m]
am noob so holds water
-
dsc_
its a centralized MITM chat service, which is fine by me, just dont quote every damn message
-
kayabanerve[m]
While I'm sure there are some principles you won't break, part of being a mature individual is being able to change.
-
ooo123ooo1234567
being able to change is a must to survive, but don't know how to respect people that don't have any principles
-
kinghat[m]
this seems like a less circular convo than anything ooo can come up with 😀
-
ooo123ooo1234567
humans are different from animals a bit
-
kayabanerve[m]
I have principles. Being forced into seeing the world as black and white isn't a principle.
-
kayabanerve[m]
kinghat: We made progress earlier
-
kinghat[m]
much doubt. you've just taken the bait 😛
-
dsc_
thanks for not quoting
-
dsc_
the past 8 lines were readable
-
dsc_
xD
-
kinghat[m]
</unquote>
-
ooo123ooo1234567
kayabanerve[m]: any example ?
-
kinghat[m]
🤦♂️
-
kinghat[m]
ya those quotes are pretty illegible on the irc side dsc_
-
ooo123ooo1234567
seeing the world as black and white is critical thinking
-
kayabanerve[m]
kinghat: They may have gotten better at trolling, but they haven't said they hated me today, we've acknowledged disagreeances, and they agreed about the path forward on multisig. So I see progress;
-
ofrnxmr[m]
ooo123ooo1234567: No it isn't.
-
ofrnxmr[m]
Only perfection is black and white
-
dsc_
kinghat[m]: they are, and you could make the argument that most here are on matrix, which is fine, but do realize that most developers **are not** (c)(tm)(past performance is not indicative of future results)
-
kayabanerve[m]
k but what if my perfection is the perfect multiexp algorithm and yours is rock solid abs
-
ooo123ooo1234567
I've explicitly confirmed disagreement in order to prevent cyclic discussion
-
kayabanerve[m]
For an example on principles, here's an easy one. Racism is bad .-.
-
kayabanerve[m]
Plenty of principles have bends. Murder being bad, most people would call a principle, yet plenty of Americans would leap at the death penalty.
-
ooo123ooo1234567
any principles related to work ?
-
kayabanerve[m]
So it's not absolute. I would call racism being pseudo-science dividing society definitive though, making it a principle to not be nor perpetuate racism.
-
kayabanerve[m]
🤔
-
kayabanerve[m]
None I care to put forth. At best, I've bent them. At worst, broken.
-
kinghat[m]
ooo you are the burger king of circles
-
kayabanerve[m]
I could only do what you believe in, yet I've needed to pay rent before and done things I disliked
-
kinghat[m]
and tangents
-
kayabanerve[m]
I could say don't scam people, which I largely believe, yet there was one time I said I'd open a new contract with someone if they paid me for the outstanding work lol
-
ooo123ooo1234567
"I could only do what I believe in" typo ?
-
kayabanerve[m]
*I could say "Only do..."
-
kayabanerve[m]
I
-
kayabanerve[m]
* I'll agree with kinghat and say this seems largely irrelevant to any actual progress
-
ofrnxmr[m]
I think people need to realize that people have lives, kids, jobs, whatever. Spending hours in a high school chat and leaving in the same place you started = waste of time
-
ooo123ooo1234567
kayabanerve[m]: no, it's likely means that progress is impossible until I'll accept some compromise for past work and for future
-
ooo123ooo1234567
I don't like compromises
-
ooo123ooo1234567
s/'s//
-
ofrnxmr[m]
What sort of compromises do you think you have to accept? And why do you feel you have to make compromises?
-
kayabanerve[m]
You probably will have to compromise in some way. The question is will you compromise over the past or in the present
-
ooo123ooo1234567
I'm ok to compromise on the past if there will be no compromise on the future, it's wise choice in long term
-
kayabanerve[m]
It isn't a compromise to forgive mooo for a slip if it's corrected. It is a compromise to not be credited because you don't just go and ask for the correction.
-
kayabanerve[m]
As one example. I know there's a lot of other comments available
-
kinghat[m]
after reading the backlog i dont know if youre owed something? credit or value? its hard to follow. if so, ask for it and go from there. if youre here to help, do that. if its both, cool. its really surprising to me that people are still playing your game. its babying like ive ever seen before.
-
ooo123ooo1234567
youre owed something -> debt ?
-
kinghat[m]
i cant tell if its deliberate or a terrible personality trait. mebbe add in non native speaking? could be a big mashup of all of them.
-
dsc_
fireice origin story
-
dsc_
v2
-
kinghat[m]
even fuk moved on though..
-
dsc_
kinghat[m]: Yeah, after Ryo exploded in may and he cashed out his dev tax
-
dsc_
(yes I am salty)
-
kinghat[m]
is that when ooo showed up?
-
dsc_
ha.
-
ooo123ooo1234567
`/ignore kinghat`
-
kinghat[m]
not enough time in life to play these games
-
dsc_
fuk wouldnt work on levin p2p I would think, which ooo submitted a PR for
-
ooo123ooo1234567
OMG
-
dsc_
ooo123ooo1234567: did your p2p PR end up getting merged?
-
dsc_
maybe I am mistaking you for someone else, not sure...
-
dsc_
I guess not (#7999)
-
ooo123ooo1234567
<kayabanerve[m]> "It isn't a compromise to forgive..." <- Not, the compromise is that I have to accept that some rules can't be changed and no matter how hard I'll work it will be the same unless someone will profit from it and gave up
-
ooo123ooo1234567
kind of revenge is impossible
-
ooo123ooo1234567
not revenge, but fair compensation
-
dsc_
guess he ignored me
-
kinghat[m]
😢
-
dsc_
and continues quoting :D
-
dsc_
this_guy.jpg
-
ooo123ooo1234567
dsc_, what's the purpose of your question if you don't read code / don't complain about code problems, but complained about irc etiquette
-
dsc_
hold your horses, I was just wondering if that PR got merged...
-
dsc_
I read the code, I even merged it for a monero fork and tested it in production
-
ooo123ooo1234567
open github and check, why to ask in irc ?
-
dsc_
lol ok dude
-
ooo123ooo1234567
wownero didn't merge it properly, did you try 2nd time ?
-
kinghat[m]
3rd times a charm
-
ooo123ooo1234567
(checking wownero git)
-
dsc_
only 1 time
-
bridgerton[m]
<Encore> is this still going?
-
bridgerton[m]
<Encore> bro
-
ooo123ooo1234567
`/ignore Encore`
-
ooo123ooo1234567
talking about people who see world as black/white
-
ooo123ooo1234567
* nvm
-
ofrnxmr[m]
<dsc_> "hold your horses, I was just..." <- 7760 isnt merged yet but will be for the HF
-
dsc_
nice.
-
GoldenAngle
Hello
-
Fibonacci12358
Hey
-
ofrnxmr[m]
Morning.
-
dsc_
ofrnxmr[m]: those 2 PRs are cool but both have no description at all and IRC communication doesnt seem to be going very smooth
-
dsc_
vtnerd asks for context on both issues
-
dsc_
(rightly so)
-
Fibonacci12358
I disagree
-
ofrnxmr[m]
The irc discussion arround the p2p stuff was largely pushed to the background behind all of the ccs mj stuff, but Jberman finished the review
-
ofrnxmr[m]
Fibonacci12358: About
-
Fibonacci12358
No No No.. No NO No..
-
dsc_
the p2p improvements are really cool (in theory)
-
Fibonacci12358
I have no idea
-
ofrnxmr[m]
Dont shoot me DSC. Lol sorry the quote
-
dsc_
sure np
-
ofrnxmr[m]
In practice my node seems to not crash due to oom on android anymore
-
kayabanerve[m]
dsc_: What happened with Ryo lol. Last I heard fireice was going to add Halo 2 to it IIRC
-
kayabanerve[m]
ooo123ooo1234567: I haven
-
kayabanerve[m]
* I haven't seen you actually work towards changing rules yet, beyond initial statements
-
dsc_
kayabanerve[m]: FuK went to zcash and some other project after he was able to unload Ryo on unsuspecting telegram users
-
kayabanerve[m]
Want to be more specific which rules you mean?
-
kayabanerve[m]
I did know about them being part of Zcash. I saw them over there
-
kayabanerve[m]
They hated me lol
-
kayabanerve[m]
And tbc, yes, I know you're advocating for CCS reform. I just want to confirm that's still the topic
-
dsc_
who, me?
-
kayabanerve[m]
No, ooo
-
dsc_
CCS reform? context/link? I'd be interested in reading that :)
-
ooo123ooo1234567
<kayabanerve[m]> "ooo123ooo1234567: I haven" <- kaybanerve, I know a lot of problems in it, also criticized different parts in public, but no one except me has any enthusiasm to change
-
ooo123ooo1234567
the same as changes for development
-
ooo123ooo1234567
ideally there must be someone else except who know it from all sides (non-participant / participant) and don't afraid of changes
-
ooo123ooo1234567
but there is no such candidate
-
ooo123ooo1234567
* ideally it would be good to have someone else except me who know CCS / development process from all sides (non-participant / participant) and don't afraid of changes
-
ooo123ooo1234567
* ideally it would be good to have someone else except me who know CCS / development process from all sides (non-participant / participant) and isn't afraid of changes
-
ooo123ooo1234567
<kayabanerve[m]> "ooo123ooo1234567: I haven" <- There was an idea to setup competition for multisig work, but it paused until that audit was completed
-
ooo123ooo1234567
and then bulletproofs++
-
kayabanerve[m]
I've also advocated for change and tried to discuss working with you there last night
-
ooo123ooo1234567
but currently I hate everyone else is even more than before audit
-
ooo123ooo1234567
kayabanerve[m]: yes, but you don't have strong position regarding multisig and you didn't participate in CCS
-
kayabanerve[m]
For a few reasons, one being its issues :p
-
ooo123ooo1234567
and I want to push changes that would favour anonymous participation
-
ooo123ooo1234567
In theory, would you participate in CCS anonymously if all conditions regarding task / payment /timeline would be satisfactory ?
-
ooo123ooo1234567
or you're against anonymous participation ?
-
kayabanerve[m]
No, no, I'm fine with and encourage anonymous participation. I don't believe it should solely be anonymous though, in case that's the next question
-
kayabanerve[m]
I'd personally be more likely to participate in the ccs anonymously at this point due to how toxic some of it can be
-
kayabanerve[m]
But I also wouldn't have a single project I'd do anonymously. Even if I took my recent multi sig work, that's been part of a larger project I'm on
-
kayabanerve[m]
So I can't anonymously take money to avoid vitriol yet then still be known for doing the work :p
-
kayabanerve[m]
My solution was just not doing it
-
kayabanerve[m]
I also, obviously, haven't needed to (obviously as I'm alive and have still contributed as I have). I accordingly don't care to take money from the community
-
kayabanerve[m]
I think hyc would call me a mercenary if I did. While I don't have his distaste, I understand it.
-
ooo123ooo1234567
why mercenary ? how did you predict it ?
-
ooo123ooo1234567
unknown task / unknown timeline / unknown reward
-
ooo123ooo1234567
or you mean your rate would be very high ?
-
kayabanerve[m]
My comment was I cared to volunteer as it mutually aligns or as I have the time.
-
kayabanerve[m]
While I could still seek funds, I don't need to, I don't want to take from the community like that, and it's a hassle in a few ways
-
ooo123ooo1234567
<kayabanerve[m]> "No, no, I'm fine with and..." <- if it's compatible with anonymity then there is no bias towards any kind of authority
-
ooo123ooo1234567
non anonymous people usually like to use their background as argument, but
-
kayabanerve[m]
I believe people should have the option to be known by their past. I don't believe that should be a requirement. I don't believe we should disadvantage people who'd rather not.
-
kayabanerve[m]
Your past can be an argument in your favor though. One anon contributors don't have to offer.
-
ooo123ooo1234567
I'd say current judgement for CCS / bounties / etc is biased towards any social credit and based solely on work quality
-
ooo123ooo1234567
I'd want to have unbiased judgement, so that anonymous participants would have equal opportunities
-
ooo123ooo1234567
* credit and isn't based solely
-
ooo123ooo1234567
most ordinary humans would be against it since are used to it
-
ooo123ooo1234567
* against it (ability to social credit) since are
-
ooo123ooo1234567
* against it (inability to social credit) since are
-
ooo123ooo1234567
* against it (inability to use social credit) since are
-
ooo123ooo1234567
<kayabanerve[m]> "I'd be very interested in..." <- indeed, with proper rules for CCS there would be more interest to donate more, since it wouldn't be wasted on useless work
-
dsc_
-
dsc_
wtf.
-
plowsof
social credits are valid 'in the current system' (for handing out (what feels like) none-compete contracts)
-
ooo123ooo1234567
bug bounties have the strictest payout rules -> the best efficiency per reward / work
-
ooo123ooo1234567
and they don't add anything just due to background of submitter
-
ooo123ooo1234567
it's either exploitable or not
-
plowsof
so the 200iq devs who do 'none sexy things' struggle. the current system you must perform a marketing campaign of sorts
-
plowsof
tldr ooo has done a years work of 'noether' level difficulty and 'accepting 100 xmr' for it would be a disgrace, but the ccs rules do not pay for 'already completed work' AND he also would not accept / engage in the 'flawed system' himself for a payout anyway
-
plowsof
can we just forget about all this and fundraise for hacker one pot? :(
-
plowsof
also feels like his work has not been acknowledged * and retro-activley acknowledging his work is not acceptable because it would feel forced / not genuine
-
dsc_
what work are we talking about?
-
plowsof
i don't know exactly, a "security analysis" for something
-
dsc_
#7999 and #7760 ?
-
dsc_
oh ok
-
dsc_
link? :P
-
plowsof
and we also discovered that the hacker one bounty program has a payout for 10kusd for a critical , with the total pot sitting at 90kusd
-
plowsof
which is unacceptable to protect a cryptocurrency?
-
plowsof
i also dont know who / what / where the security analysis is public , i think its private and relates to multi sig ??
-
ooo123ooo1234567
-
ooo123ooo1234567
7999/7769 are needed, but much easier changes to do, though also took some time, 7999 - 1 month too, but without any research
-
ooo123ooo1234567
it was just 4 rewrite of that serialization until it was more/less acceptable for c++11
-
ooo123ooo1234567
<plowsof> "tldr ooo has done a years work..." <- If I've found problems in work of noethers, then it's at least would be enough to compete with
-
ooo123ooo1234567
but they are not here
-
ooo123ooo1234567
* If I've found problems in work of noethers, then it would be enough to compete with them
-
ooo123ooo1234567
s/'s//, s/at least//
-
plowsof
im just using broad terms to try and make sense of this all
-
ooo123ooo1234567
I literally mean I've found such errors
-
ooo123ooo1234567
in their work
-
plowsof
is ' pumping the hacker one pot full of money ' a step in the right direction?
-
dsc_
so weird, another PR without description and also no further comments
-
dsc_
am I missing something?
-
dsc_
vtnerd is doing a code review but nobody responds
-
ooo123ooo1234567
dsc_, it's incentive to read code before writing any comments
-
ooo123ooo1234567
all comments from vtnerd that were reasonable were addressed
-
ooo123ooo1234567
there very few such comments
-
dsc_
my opinion #1: generally in FOSS you create a PR that includes a description of what/why you changed things. "incentive to read code" makes no sense
-
dsc_
my opinion #2: you are not adressing the code reviews in the PRs
-
ooo123ooo1234567
plowsof: my retirement plan is to go to hack projects from rekt.news
-
dsc_
they were adressed on IRC? or via private messages?
-
dsc_
regardless, its a strange workflow
-
ooo123ooo1234567
dsc_: wownero killed mining pools before writing code for p2p network, are you sure you're the right person to complain about development ?
-
ooo123ooo1234567
monero: disagreement between people working on p2p network -> p2pool -> dead end too
-
dsc_
im giving you my honest opinion based on 10+ years of collaborative software development both commercial and FOSS, I have no other agenda than acting in the good faith of Monero
-
ooo123ooo1234567
dsc_: link to concrete comment ?
-
ofrnxmr[m]
dsc_: On irc
-
plowsof
i remember at school, the teacher would whisper * you can all leave now * , but the class was busy talking loudly to each other so we all ended up staying an extra half hour. making a complex PR without a description feels like that.. like a big FU - heres a fix - now show me how incompetent you all are by ignoring it / not trying to 'figure it out' , is this whats happening?
-
dsc_
-
dsc_
its like you submit a PR and then forget about it? am I crazy or what?
-
ooo123ooo1234567
all of them were not critical, in the wost case I would address them once security would be verified by me or by someone else
-
ooo123ooo1234567
but resubmit happened earlier
-
ooo123ooo1234567
dsc_: No, I was doing serial work with important changes
-
ooo123ooo1234567
after 7759 it was clear that it would not be merged
-
ooo123ooo1234567
then i did 7999
-
ooo123ooo1234567
and went to do multisig
-
ooo123ooo1234567
once did 8114 I went to do security analysis
-
ooo123ooo1234567
and ignored any unimportant changes related C++, there was no critical things
-
dsc_
ok
-
ooo123ooo1234567
I can't translate C++ for people that don't want to read code or suggesting unimportant changes / microoptimizations while working on math
-
dsc_
are you saying vtnerd doesnt want to read code?
-
dsc_
translate C++ .. what?
-
ooo123ooo1234567
they are cases when he didn't
-
dsc_
I see
-
ooo123ooo1234567
7759 was stuck at that time
-
ooo123ooo1234567
7999 too
-
ooo123ooo1234567
so why to waste time on his comment about cryptography ?
-
dsc_
that may be the case, but you are essentially saying "I dont have time for vtnerd"
-
dsc_
which may be true, but this is a community project
-
ooo123ooo1234567
No, I checked that there was no critical things firstly
-
ooo123ooo1234567
if there would be at least critical thing then I would have to reply
-
dsc_
big part of FOSS development is also the social part
-
dsc_
answering people's (stupid) questions
-
ooo123ooo1234567
dsc_, I want working monero daemon + cryptograph update promised by Triptych
-
ooo123ooo1234567
I don't care about any FOSS ideology
-
ooo123ooo1234567
I just wast those promised updates asap
-
ooo123ooo1234567
I care about any changes that would speed up development or improve it's quality, but not any ideology or etiquette
-
dsc_
you should try this approach with linux over at kernel.org. "Here is this super big PR, it fixes your stupid kernel problems that Linux introduced, I will also ignore your feedback, when is it merged? I worked 1 month on it, and I want some compensation"
-
dsc_
no offense.. not trying to fight
-
ooo123ooo1234567
Linux isn't decentralized protocol
-
ooo123ooo1234567
monero is decentralized
-
ooo123ooo1234567
changes should be added into upstream
-
ooo123ooo1234567
Linux doesn't run any consensus
-
ooo123ooo1234567
it's just software for each pc
-
ooo123ooo1234567
dsc_, linux has maintainer that created it
-
ooo123ooo1234567
monero doesn't have such competent maintainer yet
-
dsc_
lold
-
ofrnxmr[m]
Iirc kyc has a pr open on Mozilla for like 15 years
-
ofrnxmr[m]
Hyc*
-
ofrnxmr[m]
-
ooo123ooo1234567
<dsc_> "im giving you my honest opinion..." <- any great achievements through collaborative work ?
-
dsc_
working together with people is always fun but I will not share my resume
-
ooo123ooo1234567
do you have any financial interest in monero ?
-
dsc_
I currently own around 3 XMR so yes
-
ooo123ooo1234567
not so much then
-
dsc_
nope
-
midipoet
I can confirm dsc_ is a super hero
-
dukenukem
super what?
-
dukenukem
more like a homeless robot.
-
dsc_
ooo123ooo1234567: I worked on GUI and made featherwallet.org, why? does it matter?
-
dsc_
does it matter how much XMR I have?
-
dukenukem
oh god, you're still arguing with this ooo guy ?
-
dukenukem
that's like 2-3 days of wasted time.
-
ooo123ooo1234567
`/ignore dukenukem`
-
dsc_
ooo guy is a good programmer so no reason to not have a conversation
-
dsc_
im intrigued by his behavior
-
dukenukem
not arguing that. just the fact he has derailed -dev and -community for hours and hours and hours and... hours.
-
ooo123ooo1234567
derailed ?
-
dukenukem
you can be einstein on steroids if you want. wasting everyone's time with your bs isn't justified by what you do or know.
-
ofrnxmr[m]
dukenukem: Community hasnt really been derailed. We moved the convo over here so try to get things solved.
-
ooo123ooo1234567
I've fixed deadlock while others complained why I was trying to teach them
-
dukenukem
ok, mom.
-
dukenukem
carry on.
-
ooo123ooo1234567
I was trying to communicate with them about audit / what they want from multisig, but they voted for merge asap without any conversation
-
ooo123ooo1234567
actually case with multisig was supposed to teach some people too, but didn't happen
-
dsc_
ooo123ooo1234567: why are you asking me for my achievements though?
-
ooo123ooo1234567
-
dsc_
yes
-
dsc_
-
phleb[m]
<ooo123ooo1234567> "I care about any changes that..." <- I like your thinking.
-
ooo123ooo1234567
<plowsof> "i remember at school, the..." <- no, it's an incentive to learn something without having path of least resistance where you will just ask any questions or approve blindly
-
ooo123ooo1234567
s/will/would/
-
ooo123ooo1234567
homework for students
-
dsc_
very simple, there is a FOSS workflow which is generally accepted and you dont seem to follow it
-
dsc_
people make a comment about it, you get angry
-
ooo123ooo1234567
generally accepted workflow was with previous researchers that were pushing hard tasks
-
ooo123ooo1234567
current workflow isn't generally accepted
-
dsc_
yeah, just another diva
-
ooo123ooo1234567
if you're looking at this situation without looking into code, then indeed, it's unreasonable behaviour
-
ooo123ooo1234567
like creating empty github profile, submit 1 line readme change and do everything I did
-
ooo123ooo1234567
indeed, another diva
-
ofrnxmr[m]
Ooo, question. After 7760 is merged (by HF) are you good to go on 7999 if review has hiccups, or ok with merge if review is good?
-
ofrnxmr[m]
Would this check off the "working daemon" box? + the deadlock
-
ofrnxmr[m]
And moving forward, we'll need to change how ccs proposals work (for more reasons than yours. Another example being volatility of funds held in xmr pending milestones).
-
ofrnxmr[m]
Talking to some people about how to raise the vuln bucket by 10x. 90k is way to low
-
ooo123ooo1234567
<dsc_> "yeah, just another diva" <- I have such opinion about some people, but it doesn't matter if they can do something that I can't; not sure whether I fall into this category from perspective of others
-
cryptogrampy[m]
some people are able to make monero payment gateways, others can't
-
cryptogrampy[m]
it's basically how i divide the world
-
ooo123ooo1234567
> <@ofrnxmr:monero.social> Would this check off the "working daemon" box? + the deadlock... (full message at
libera.ems.host/_matrix/media/r0/do…f73b12c4f486251c344c14f214a5a200280)
-
jberman[m]
<ooo123ooo1234567> "I was trying to communicate with..." <- false
-
nioc
oh the matrix irc quoting format 0_o
-
ooo123ooo1234567
any link to concrete statements ?
-
ooo123ooo1234567
jberman[m]: what exactly is false ?
-
jberman[m]
Had you shared what you know with koe regarding multisig, there would be good reason not to merge. You are choosing not to share what you know with koe.
-
jberman[m]
-
ooo123ooo1234567
this condition is bounded on concrete human that I have conflict
-
ooo123ooo1234567
I said it there
-
ooo123ooo1234567
* have conflict with
-
jberman[m]
-
ooo123ooo1234567
libera.monerologs.net/monero-dev/20220630#c114318, "selsta: besides ooo, does anyone else oppose this"
-
-
jberman[m]
Here are 5 people from the meeting who are interested in not merging if you choose to share more information on multsig:
-
ooo123ooo1234567
<jberman[m]> "
libera.monerologs.net..." <- "... they voted for merge asap without any conversation" -> "they voted for merge asap without any conversation about audit / what is the plan for multisig usage with experimental flag / ..."
-
jberman[m]
-
ooo123ooo1234567
I wanted to discuss something
-
jberman[m]
-
jberman[m]
-
jberman[m]
-
jberman[m]
-
ooo123ooo1234567
libera.monerologs.net/monero-dev/20220630#c114474, "selsta: thanks for the meeting. I will squash 8149 in 2hr unless I get a solid pm justifying more delays." it means I have to resolve somehow conflict in private
-
ooo123ooo1234567
I don't think I can do it and again bounded to concrete human
-
plowsof
also ooo is blocked / ignored by koe *
-
jberman[m]
from earlier in the discussion, it seemed that you deemed the best course of action was to disclose the issues privately, but you didn't want to do it via hackerone. That's why I suggested disclosing to Koe earlier
-
ooo123ooo1234567
I would do it via better system than hackerone
-
ooo123ooo1234567
not worse
-
ooo123ooo1234567
and the same with CCS
-
ooo123ooo1234567
and behind hackerone I would talk again with UkoeHB
-
ooo123ooo1234567
since there is no one else
-
ooo123ooo1234567
and I'm not satisfied with prev hackerone experience
-
ooo123ooo1234567
the same for CCS
-
jberman[m]
ok that makes sense
-
ooo123ooo1234567
Ideally if there would be no that scammer
-
ooo123ooo1234567
then I would do multisig somehow more in public and with easier communication with others
-
ooo123ooo1234567
But that case with scammer only emphasize that no one cares about overall environment
-
ofrnxmr[m]
☀️ guy?
-
ooo123ooo1234567
Also before beginning the audit UkoeHB invited me into -lounge and there was some interesting conversation
-
ooo123ooo1234567
before erciccione and arnuscky forced it into "we will do audit, ignore this guy"
-
ooo123ooo1234567
ok, I agreed to wait
-
ooo123ooo1234567
then audit was in private with funny tracking of progress via supervisor twitter
-
ooo123ooo1234567
and audit report without anything interesting
-
ooo123ooo1234567
I've asked about whether audit was useful or not, but again game of words
-
ooo123ooo1234567
I asked about it because the logic is " if audit was paid and didn't find anything useful then my PR was written well"
-
ooo123ooo1234567
ok, audit is awesome, 8149 is awesome, why did you not remove experimental flag which was added after my comments during 7th May meeting ?
-
ofrnxmr[m]
We wont know until a proper security analysis is completed
-
ofrnxmr[m]
The audit was sub par.
-
ofrnxmr[m]
The plan was, of the audit was good to remove the flag. Its shipping disabled, even after the audit, because the audit was not confidence inspiring.
-
ooo123ooo1234567
the audit didn't find anything interesting except minor issue with modulo bias
-
ooo123ooo1234567
no findings - no problems in implementation
-
ooo123ooo1234567
<jberman[m]> "kayabanerve:
libera...." <-
libera.monerologs.net/monero-dev/20220630#c114286, "rbrunner: Fuck it, I'll add a 10 XMR bounty on 8149. If any loss of funds are submitted, outside of the rpc routes being manual, and UkoeHB: confirms... Stands until the hf" this one was interesting suggestion
-
ooo123ooo1234567
"kayabanerve[m]: 1000xmr ?" but reply to this was "hyc: meh. mercenaries have no place here."
-
ooo123ooo1234567
you've just paid for useless audit , don't admit it, but call me mercenary
-
ofrnxmr[m]
Sometimes you get under peoples skin and force them out of character
-
ofrnxmr[m]
Don't take everything so seriously.
-
ofrnxmr[m]
Mj said he should shoot you
-
ooo123ooo1234567
<jberman[m]> "ok that makes sense" <-
libera.monerologs.net/monero-dev/20220630#c114406, "18:02 hyc so this meeting has run over an hour now. congrats ooo on successfully DOSing development"
-
ooo123ooo1234567
mainly this statement prevented further discussion about that deal
-
ooo123ooo1234567
with UkoeHB
-
ooo123ooo1234567
I wanted to ask from rino what they want from multisig
-
ooo123ooo1234567
but it didn't happen
-
plowsof
ofrnxmr he said he wouldn't need weapons and that he would kill him with his bare hands :(
-
ofrnxmr[m]
Selsta said he was sleeping. You did ask
-
ooo123ooo1234567
libera.monerologs.net/monero-dev/20220630#c114311, "17:48 arnuschky[m] I'll happily badger ooo to prove to us that he indeed knows of more vulnerabilities" only this trolling comment
-
ooo123ooo1234567
ofrnxmr[m]: it was later in -community, not in meeting; that's why it was important to ask it during meeting
-
jberman[m]
<ooo123ooo1234567> "and behind hackerone I would..." <- are you saying here you would or wouldn't talk with UkoeHB via hackerone?
-
jberman[m]
Oh I see, I misread