<m​ichael:monero.social> Do you midipoet: have a couple highlights on the meeting for those of us who missed it?

michael: work on the draft consultations is continuing, with a lot of intial thoughts being provided excellently by andrea_togni. There was a discussion about considering to offer a reply to a call for evidence on an evaluation for a specific AML Directive in Europe, but it was decided we would wait until further opportunity, due to the impracticability of replying to all of these consultations at the same time. Minutes

of the meeting are here: monero-project/meta #869 . Next meeting is 22nd August.

<m​ichael:monero.social> Good summary midipoet: dankon very much.

<n​igger666:buyvm.net> matrix.monero.social/_matrix/media/…/buyvm.net/TNBOYqBiBeFzZyHcElbMWGJd

<n​igger666:buyvm.net> Not traced 'p

<n​igger666:buyvm.net> matrix.monero.social/_matrix/media/…/buyvm.net/xDgrhsUFmIzEXmzfbDBiGJRe

<m​onerochad> Tf

<n​igger666:buyvm.net> >>monerochad Tf

<c​trej:matrix.org> plowsof Banhammer: BanhammerMonero:

<c​trej:matrix.org> sgp: ofrnxmr:

<c​trej:matrix.org> cleanup pls?

<s​gp:magicgrants.org> done, thanks for the ping

<x​mrscott:monero.social> (Also in the process of reporting to their home server admins to spare other FOSS communities having to deal with this one)

<1​23bob123:matrix.org> Do you guess use cme-list?

<1​23bob123:matrix.org> Do you guys use cme-list?

<d​reamcityx:matrix.org> No, I'm not familiar with the CME-list. Could you provide more information about it?

<1​23bob123:matrix.org> Community ban list. So if your room uses it, if i ban in another room ie gos it pushes across to who is apart of it.

<z​arter:matrix.org> Is there a way to improve my knowledge of monero after reading mastering monero reading zero to monero due to it being to advanced?

<d​reamcityx:matrix.org> Are there specific parts of Monero's ecosystem, like wallet usage or mining, that you find challenging?

<z​arter:matrix.org> Do you mean from zero to monero? Or just what I wish to learn more of?

<d​reamcityx:matrix.org> What you wish to learn

<z​arter:matrix.org> Well not sure, just generally. Maybe not the cryptography specifically, that would require me to actually study maths

<d​reamcityx:matrix.org> Well, to give a few ideas you could learn about ring signatures, stealth addresses and ring confidential transactions. You could learn about 51% attacks and how how Monero tries to mitigate these risks.

<d​reamcityx:matrix.org> How Monero can be used for online purchases or donations is cool as well; Its practical usage

<z​arter:matrix.org> I have read slight about all of the points mention in the "Mastering Monero" book

<z​arter:matrix.org> But nothing I can think of being possible to go deeper into without being required to learn to much new cryptography

<z​arter:matrix.org> Moreover, how do you protect it from botnets? For example as there is at this moment among the monero miners

<r​ucknium:monero.social> Zarter(Please ping me): Maybe read current research issues: github.com/monero-project/research-lab/issues

<r​ucknium:monero.social> And Seraphis: github.com/UkoeHB/Seraphis

<r​ucknium:monero.social> Idea that could reduce profitability of botnets: monero-project/research-lab #98

<z​arter:matrix.org> Will definently looks in to it

<z​arter:matrix.org> But is there a way to contribute without maybe programming myself?

<r​ucknium:monero.social> Zarter(Please ping me): monero.observer/ultimate-guide-new-monero-contributors

<z​arter:matrix.org> It appears as if the only solusion they came up with was increasing the bandwith for miners... Doesn't feel like a good solution

<r​ucknium:monero.social> Zarter(Please ping me): It only increases the bandwidth for miners who don't run their own nodes on their machines

<r​ucknium:monero.social> Anyway, it's obviously a hard problem since mining is permissionless

<z​arter:matrix.org> Yeah, definently

<d​reamcityx:matrix.org> It's an industry-wide problem... I mean the community can try to monitor suspicious activity, but we are playing catchup at this point

<d​reamcityx:matrix.org> We can't prevent people from sending malware to other computers...

Can't we?

<z​arter:matrix.org> The only one I can see myself doing is 30. Guerilla marketing, however I already see monero stickers everywhere

<z​arter:matrix.org> We can just create an antivirus, then make everyone install it. That problem solved!

<d​reamcityx:matrix.org> If only...

<e​ndor00:matrix.org> Marketing is much more than just stickers though

<e​ndor00:matrix.org> Then a new vulnerability drops, and your antivirus is outdated

<e​ndor00:matrix.org> Actually, there already is a program specifically designed to detect RandomX mining activity on a cpu. But I don't know if anyone has integrated it into some intrusion detection system, or antivirus

<z​arter:matrix.org> Please elaborate, I feel like this is a project I really want to be a part of and improve

<z​arter:matrix.org> It feels like a very specific issue

<e​ndor00:matrix.org> There are many ways to advertise a project, from going door-to-door and trying to convince merchants/shop owners to adopt Monero, to creating all kinds of advertising material for different platforms. It all depends on the kind of time and resources you are willing to invest

<e​ndor00:matrix.org> Given how widespread the problem of botnets is, I think it would definitely be a worthwile tool to include

<e​ndor00:matrix.org> Especially considering that botnet mining is basically a free intrusion alert

<z​arter:matrix.org> I feel more like it would be more efficient if I were to learn cryptography and some programming to simply try to improve the project that way

<z​arter:matrix.org> Wouldn't the only solution basically be if windows defender integrated it?

<e​ndor00:matrix.org> There's more than just windows defender, but yes that would be a step in the right direction

<e​ndor00:matrix.org> Lots of botnets target servers and other kinds of devices, which don't run Windows

<z​arter:matrix.org> I would presume the majority of them were windows devices, or am I incorrect?

<z​arter:matrix.org> Does it affect phones as well?

<e​ndor00:matrix.org> Most servers run linux variants

<e​ndor00:matrix.org> And when I say "servers", don't think just a handful - think thousands, up to hundereds of thousands

<e​ndor00:matrix.org> *per botnet*

<z​arter:matrix.org> Do they attack the servers or simply host a vps and build the botnets?

<z​arter:matrix.org> It feels as if someone where to notice if someone ran miners of off their servers

<e​ndor00:matrix.org> And yet...

<e​ndor00:matrix.org> Apparently there are many servers with poor security setups, or exposing vulnerable applications. Ripe targets with little to no monitoring

<z​arter:matrix.org> The miners use a spefic port IRRC from the book, somethingikr 18000. But would most servers block all the ports and only allow the ones required by the server such as tps and UPC or whatever? Or do they porport the data via open ports and try to obfuscate the mining?

<z​arter:matrix.org> Ohh

<z​arter:matrix.org> The miners use a spefic port IRRC from the book, somethingikr 18000. But would most servers block all the ports and only allow the ones required by the server such as tps and UPC or whatever? Or do they port the data via open ports and try to obfuscate the mining?

<z​arter:matrix.org> I'll be honest, I've been told to setup iptables on my PC, I just haven't had the energy to neither learn nor set it up

<e​ndor00:matrix.org> Are you referring to the monero node's rpc port 18081? That's hardly relevant - miners typically connect to pools, and most of them offer port 443 with ssl specifically to bypass firewalls

<z​arter:matrix.org> Very possible, I must've mixed them together

<e​ndor00:matrix.org> So unless you use tools that monitor all your connections and report unusual activity, you won't really notice

<z​arter:matrix.org> This is a really difficult issue...

<z​arter:matrix.org> Is there a solution to this or might this just end up a chasing game?

<e​ndor00:matrix.org> The solution is making these tools as ubiquitous as possible, and shipping software and devices with sane default configurations that don't expose you to trivial attacks

<e​ndor00:matrix.org> If your password is "password", you've already lost from the start

<z​arter:matrix.org> So basically the rest of the world must get better security?

<e​ndor00:matrix.org> Pretty much, yes

<z​arter:matrix.org> I guess that's not completely impossible

<z​arter:matrix.org> Anything we could do to just improve it without needing to wait on the rest of the world

<e​ndor00:matrix.org> A lot of stuff is relatively trivial, e.g. not exposing your router's control panel to the internet, and changing its default password

<e​ndor00:matrix.org> There are programs like Glasswire (I think) that monitor your network activity in real time and warn you if there's anything unusual/suspicious going on

<z​arter:matrix.org> Is there a big risk of a 51% attack?

<e​ndor00:matrix.org> Hard to quantify. A 51% attack can only do a specific thing (ie rewrite history), which has a limited number of applications (ie a double spend attack, and general disruption). There's a whole cost vs. incentive analysis that gets rather complicated

<e​ndor00:matrix.org> Which is probably why we have not yet seen any actual attacks, even in moments like this when a pool gets close to (or slightly exceeds) the 50% threshold

<e​ndor00:matrix.org> What we can say is that Monero has a pretty big mining network, which is squeezing every last drop of that mining incentive (aka security budget). But we're nowhere near Bitcoin's levels unfortunately

<e​ndor00:matrix.org> (For reference: BTC is currently paying 314 $/s to its miners, while Monero is paying 0.787 $/s)

<z​arter:matrix.org> And we can't improve that without increasing the fees or tail emission...

<z​arter:matrix.org> But I guess there isn't something we can directly do except mine oursleves

<e​ndor00:matrix.org> ...or increasing marketing efforts, which would drive up the usage of Monero, and thus the market demand, and thus the price, and thus the security budget

<e​ndor00:matrix.org> 😉

<z​arter:matrix.org> Does the monero project spend money to host their own mines?

<e​ndor00:matrix.org> Do you mean mining pools?

<z​arter:matrix.org> You said security budget

<z​arter:matrix.org> Is it something the project has to host a vps or whatever to mine?

<e​ndor00:matrix.org> No, it's the value of the block rewards earned by the miners (0.6 xmr + tx fees every ~2 minutes on average)

<z​arter:matrix.org> Ohh, makes a lot more sense

<z​arter:matrix.org> But isn't this basically the main issue with monero at the moment?

<e​ndor00:matrix.org> I sometimes call it security budget because I've seen people throw that expression around to try to justify all kinds of bs without giving it an actual meaning, or associating it with nonsense metrics

<e​ndor00:matrix.org> What are you referring to?

<z​arter:matrix.org> Botnets and thus making it possible for 51% attacks, not that it's a privacy issue but still

<e​ndor00:matrix.org> That's a slightly different issue, i.e. that of mining centralization. If the botnet had spread its hashrate across multiple pools, things would have been just fine (aside from the reduced profitability for the other miners)

<e​ndor00:matrix.org> Since they chose to put it all on one pool, that pool has the *potential* to use that hashrate to attack

<e​ndor00:matrix.org> But it's not an automatic on/off thing, it requires an active effort to specifically do something malicious with it

<z​arter:matrix.org> I guess it's just a theoretical issue that could be possible still

<e​ndor00:matrix.org> Until then, it's just a slightly bigger mining pool

<z​arter:matrix.org> True