00:06:03 There's a secret blood oath duh 00:06:12 Nah i'm just fucking witchu, what he said 00:25:01 recanman: idk probably some parts of it. We shall see 00:26:27 Thanks, I didn't read much into it and have been extremely busy. Bad timing I guess 00:27:49 Hi luigi1111: can you confirm that you are receiving DM? 00:28:19 no lovera, ill help ya 00:30:08 I just read somewhere that Luigi wasn't receiving DM 00:32:07 don't believe there are dms between matrix and irc 00:36:11 I'm not logged into matrix so yeah I won't get them 00:49:35 <123bob123:matrix.org> Plowsof is matrix <> bridge 01:16:11 "Is the fluffypony plan being implemented?" <== it reads like a bunch of decentralization theater to me. how do you multisig website hosting? 01:17:37 I worded it incorrectly, its just that I read recent messages and thought a decision was already made 01:17:43 I disagree with it 01:19:04 you could have the website hosted from the repo source. github and other hosts offer this. 01:19:29 Good point, just not sure about that 01:19:37 Binaries would also be hosted on github? 01:20:03 Probably less than 50% of people verify hash, and less than 20% of those verify pgp signatures 01:20:10 So github could modify it easily 01:20:26 What am I saying...it's all a mess. I am extremely busy 01:20:42 they could be. or from multiple places. they are built on github. as long as they are still reproducible. 01:22:15 further centralizing around github doesn't seem ideal. Binaries used to be uploaded to Github too tho for convenience 01:22:58 replicate them wherever you want really 01:23:29 ^ binaries 01:23:51 k I thought we were talking about replicating plowsof 01:24:33 sounds like a risky procedure 😬 01:28:25 is it time to just put the binaries up with those torrent magnet links? I guess the underlying question there is whether the cdn management is .... cumbersome or centralizing etc 01:30:07 of course the obvious solution is to train an AI chatbot to do all the things 01:30:30 we'll just train it on all the logs of all the things 01:36:22 the super administrators will create multi sig ssh wallets for sensitive infrastructure access 01:47:57 "replicate plowsof" => please wait until the headache passes , geonic "decentralisation theatre" i agree, i also do not want it to be a distraction from setting up emergency/temporary measures to ensure that the CCS gets back up and running asap 01:49:23 fluffypony will tari labs continue the sponsorship of the CDN used by getmonero? https://www.getmonero.org/community/sponsorships/ 01:50:28 does anyone know the specs of the server that fork networking provides and who uses it? gingeropolous should be listed in their place otherwise 01:57:15 <123bob123:matrix.org> Lets create a CDN through monero nodes :) 03:01:32 do what now? 03:26:36 you have provided/maintained a server(s) for development for years gingeropolous 03:29:18 forknetworking provide affordable ip addresses so people can attack us :P 04:09:22 <123bob123:matrix.org> We need CDN so people in north korea don’t have slow website access 05:00:17

There are watcher services out there that keep an eye out on changes in hashes for binaries to detect malicious activity. Something like that would have helped detect that time malware was served from the get monero domain 05:00:58

luigi1111: Do you have access to the windows machine or not until after thanksgiving? 05:14:17

I thought I would share this here too: 05:14:17

https://github.com/monero-project/meta/issues/923 05:17:33

This is my outline for the incident response. My goal is to gather all the evidence to conduct forensics and identify any malware to complete the picture of what happened. Once that is identified I can then document the incident with additional context. 05:21:53 Yes also not until after 05:36:07 geonic: I literally note that in the proposal - "Finally, some of these workgroups simply CANNOT have any form of multisig / ACL / group access, and by definition each individual on the workgroup can exercise complete control and abuse their position (or be wrench-attacked, or be compromised). I've tried to note that below." 05:36:47 geonic: what's your alternative proposal, since you think that this proposal is decentralisation theater? 05:38:15 > "Is the fluffypony plan being implemented?" <== it reads like a bunch of decentralization theater to me. how do you multisig website hosting? 05:38:15 geonic, honestly, what do you want people to do? Everyone knows that it is a difficult process, so of course the first idea proposal isnt perfect. Instead of bitching about it, can you please provide improved suggestion? 05:49:45 100% - dissenting without an alternative is just nonsensical 05:50:22 if you want the Core Team to continue, that's fine, but understand that maybe some or all of the current members don't want that, so then you'll need to factor that into your counter-proposal 06:23:42 dictatorship 06:24:09 we need that 06:30:25 Who opined to introduce a dictorship? Or what is, currently, a dictatorship? 06:41:38 <123bob123:matrix.org> easier to just whinge and not have alt solution 🤔 06:48:24 Yes. I think I had a little insight lately, when I noticed several accounts here, on Reddit, and on GitHub commenting on our plight, accounts never seen before 06:48:40 I now believe those are mostly "disaster tourists": https://en.wikipedia.org/wiki/Disaster_tourism 06:51:33 This in contrast to any theories that assume that those are mostly actively malicious 07:10:48 what is this supposed to mean 07:10:54 are you calling me a nobody 07:12:23 sussy chungus 07:54:22 To be honest, i hope i am the only one that is disappointed that Core lost half a million euro of community funds, but then instead of taking responsibility by regrouping and improving their roles, methods and responsibilities for stewarding the project (roles that they gladly chose i might add), they propose to disband while passing on responsibility to the rest of the community. We could have done that years ago and 07:54:22 potentially avoided this situation. Not to mention that years ago, a small Community tried to remove responsibility from Core and there was pushback. 07:54:42 *not the only one disappointed 07:58:03 midipoet why do you say they propose when it was a proposal put forward by a one of them, that also stepped down from it? 07:58:06 I disagree on equating fluffypony's proposal with "Core proposing to disband" 07:58:21 Great minds think alike. 07:59:02 <123bob123:matrix.org> tbh there isnt enough consensus to split like this 07:59:15 Who said Dan? 07:59:43 <123bob123:matrix.org> have a look on how things are done here. fighting and pissing match 08:00:11 <123bob123:matrix.org> no imagine that when trying to "re structure" 08:00:15 <123bob123:matrix.org> now* 08:00:32 <123bob123:matrix.org> its will turn into divergent the movie 08:00:35 <123bob123:matrix.org> factions and shit 08:01:27 <123bob123:matrix.org> i think css is a test case tbh to see if we can pull our finger out and do it on a small scale 08:01:34 <123bob123:matrix.org> i think ccs is a test case tbh to see if we can pull our finger out and do it on a small scale 08:01:43 Who is "we"? 08:02:06 <123bob123:matrix.org> you, me and everyone 08:02:21 ofrnxmr: you sleepy? 08:02:41 rottenwheel: fair enough, then it seems a proposal by a former Core member to more formally remove responsibilities from Core 08:03:07 binaryfate: is that more accurate ^ 08:03:09 <123bob123:matrix.org> lol rotten 08:03:39 <123bob123:matrix.org> havnt heard the other core members take either 08:06:10 midipoet: yes, though his proposal even if followed through doesn't necessarily imply that all individual members would just pass on all their responsibilities and vanish 08:07:55 His proposal has a lot of merit, kicking constructive discussions if nothing else, though the timing is a pity IMO. Everyone reads this in the emotion of the CCS failure, and that didn't need to be so. 08:12:06 binaryfate: well they have mentioned numerous times that some would prefer not to continue the stewardship role, so presumably it is the case for more than 1. If it's the case that some, or most, want to remain then all members of Core (if they haven't already) should make it clear whether they wish to remain or not. This would preferably be done by stating their desire to lead one, or more, of the proposed new WGs. 08:12:06 Otherwise we are just dancing around the actual topic, which is "how much administration burden are the members of Core willing to burden moving forward". 08:14:56 For the record, i don't think it's fair that Core should maintain Supra-voting weight, without being willing to maintain a more than trivial administrative burden. They can be supported with that burden more widely from the community (always would have if they had of asked), but the fundamental stewardship role should surely remain. 08:16:33 <123bob123:matrix.org> so you want core to have more input cause of the "voting weight"? 08:17:11 123bob123: they have always had Supra-voting weight. that's a primary function of Core. 08:18:14 Otherwise the project would be at risk of being derailed by commons/peanuts 08:18:14 <123bob123:matrix.org> but are you inferring they shouldn't be in the shadows "administrative role"? 08:18:37 I am saying they can't really have one without the other 08:19:14 If they arent ACTUALLY stewarding, why should they have stewardship voting rights? 08:19:19 > Yes. I think I had a little insight lately, when I noticed several accounts here, on Reddit, and on GitHub commenting on our plight, accounts never seen before 08:19:19 One of the commenters on github is the director behind discreet, another "privacy" coin. I would assume that it is in his best interest to use the situation to gain market share. The writing style of the other two seem familiar in context of discreet shilling. 08:19:56 <123bob123:matrix.org> ok i get you know 10:09:23 can just serve binaries via torrents, you'll save up on some 1000 trillion USD AWS S3 bills 10:10:16 <123bob123:matrix.org> I can host minio on rpi4 if you need :) 10:10:26 the trend (in the western world at least) is households getting optical fiber 10:11:13 perfect for p2p file sharing 10:13:58 also less susceptible to binary switch-a-roo fuckery 10:14:41 <123bob123:matrix.org> I can seed with limewire if needed :0 11:13:44 plowsof, i guess I don't understand that the fork network servers are for. 14:36:16 > the trend (in the western world at least) is households getting optical fiber 14:36:16 I'm in the far east, sporting a 1GB fiber home connection, with free mobile data at a very high throughput connection, very cheap. Western world my ass 🖕 14:54:17 nice trasher, internet here (eastern europe) is very cheap/good too 15:03:42 i'm happy with my 800kbps 15:07:55 the only thing available to me is optical fiber 15:10:13 I chose the minimal service, 300Mbps 15:10:44 more than enough 15:10:57 i have 1gbit at home because I run an AWS competitor 15:14:06 midipoet: to be clear, I sort-of envisioned some Core members like binaryFate transitioning into multiple (if not all) of the proposed workgroups, but then as a result of splitting it like that you create more of a hydra and less of a one-headed snake 15:17:23 fluffypony: i understand that. The first step is then to figure out who from Core wants to maintain a leadership role, and in which workgroup, and which members definitively do not want any responsibility. 15:19:36 yes that's an excellent next step - and then my other thought around that was that maybe some workgroups fill up faster than others (also some workgroups don't need a lot of people, they're fine with like 2-3) 15:19:46 so there's definitely a path there 15:23:10 Hi fluffy 15:23:23 We ❤️fluffy 16:51:13 Does Monerujo encrypt wallet files? 16:52:20 it seems so, yes 16:53:47 Thank you. 16:54:31 I can't seem to get it to connect to onion nodes 16:55:14 Oh wait. There's a "Tor mode" that I have to enable 17:01:38 I figured a way for new style ccs wallet, where we keep luigi and plowsof and add 3rd person 17:01:44 Yes. Wallet files are encrypted with the "crazypass" 17:01:58 yes, they're encrypted with the crazypass 17:02:19 trustless and easy to use, doing writing up now 17:02:32 What's a crazypass? 17:02:39 we may use monero multis-sig only once or not at all 17:04:14 Is it risky to connect to non-onion nodes over clearnet and then use Tor? 17:05:24 https://anhdres.medium.com/how-monerujos-crazypass-crazy-secure-password-scheme-works-dc4f99a99ff0 17:24:58 i would like >this< already existing and functioning CCS workgroup to be able to resume discussing ideas and putting things forward for funding. the CDN .. back end stuff, i have no input on .. im not a sysadmin or have any idea how any of it works 17:26:49 if binaryFate agrees with temporarily increasing his surface area, that sounds fine to me. The show must go on or something. 17:32:45 Isn't that called a KDF? 17:33:22 these temporary measures do not include multisig wallets IMO - just this week i've nearly been ran over at least twice, i have no measures in place should i meet my maker, i have a secure pgp key that is now 5 days old which exists on 3 cold storage medias. 17:33:58 multisig .. cumbersome / experimental / logistics problem - soon(tm) 17:34:48 ok but was it by a bus 17:35:10 it was a small car so i probably would have survived but still 17:37:50 why don't we just add multisig and be done with it all -_- 17:38:08 even if it's not private as long as it works 17:40:00 IIRC, Monero's current multisig cryptography has not been proven secure. That may be a good reason not to use it. 17:44:42 i know lol i'm talking about fixing it or making a new one 17:47:35 I think the answer that that question is that we don't have anyone currently working on Monero who can write or review a security proof AFAIK. 17:48:08 fuuuuuuuuuuuuuck 17:48:43 I don't know what that means 17:49:05 where do people go to learn that kind of stuff? like deep crypto shit not just coding 17:50:15 I don't know exactly what it takes, but some of the people I know about who are able to write and review security proofs have PhDs. 17:50:32 oh rip lol 17:50:51 so that means we gotta hire adults 17:51:00 nvm we don't need multisig then 17:54:20 if we hadn't got robbed we coulda used that money to send one of us to university 17:54:54 We could see if sarang (Aaron F.) would want to try. He used to do a lot of work for Monero and could be hired to do it. He works for Cypher Stack now. 17:58:05 I don't know much about it but it's a way of deriving an encryption (or other) key from a password. It stands for "Key Derivation Function". 17:58:05 https://en.wikipedia.org/wiki/Key_derivation_function 18:06:17 Some researchers at the CISPA Helmholtz Center for Information Security once said they could be interested in creating security proofs for Monero multisig: https://libera.monerologs.net/monero-research-lab/20230308#c214622 18:09:05 IIRC the MAGIC Monero Fund contacted them after the meeting, but they we not ready to commit to anything at that time. 18:16:09 Does monero not have multisigs as of now? 18:18:19 It does, but the implementation is considered experimental. 18:20:54 ok boys here's my plan: 1) we raise enough funds 2) we buy a shit ton of graphic cards 3) we buy pirated gpt tech off the dark web 4) we build private chatgpt 5) we feed gpt with source code from other blockchains that have multisig 5) we tell it to spit out monero multisig 6) ???? 7) PROFIT! 18:21:19 time to start thinking like 21st century gentlement 18:21:53 Sounds like that, but m2049r: could answer it definitely 18:21:57 probs cheaper than hiring some rocket scientist 18:26:29 if we hadn't got robbed we coulda used that money to send one of us to university <= well that would've involved stealing it for a different purpose -__- 18:26:53 It would be nice to have that actually. I would like to be able to use a social recovery wallet. One of the reasons it has taken me so long to get into crypto is the fear of losing it all and not being sure how to protect against that. 18:26:56 plowsof: you have to look *both* ways before crossing the street 18:28:14 luigi1112: nah lol since universities are irl we can just hire pi's and muscle to keep tabs on them... if their loyalty to monero ever comes into question, or if they can't deliver us multisig, we pay them a little visit 18:28:53 scratch that idea though - my a.i. idea better 18:29:05 >_> <_< *am i in England or Europe... oh whats this meme on my phone lol BANG* 18:29:14 ;') 18:29:29 I think MS is likely secure enough, but usability is...not awesome 18:30:31 we still need a new one ;-; 18:30:34 otherwise we'd be using it 18:42:29 Do any Android clients support the experimental multisigs yet? 18:42:50 that can happen you in banks too 18:43:15 monero-wallet-cli 18:43:49 doubt it considering the official gui client doesn't have it 18:43:53 only cli 18:44:33 Yup, CLI is the only game in town 18:45:04 cellphone wallets should not be used for bigger wallets, use with caution, for beer money or something 18:45:27 ^ agree 120%. mobile is spyware 18:46:56 I disagree 18:47:00 Windows is spyware 18:47:29 Google android is spyware 18:47:46 -_- so ur a mac fanboy...? wtf 18:47:52 mac/iphone 18:48:03 OpenBSD ftw 18:48:13 if you absolutely need windoz, use it in a sandboxed vm 18:48:27 > mac/iphone 18:48:27 No. 18:48:36 Iphone is also fucked up 18:49:11 even newer hardware these days is su 18:49:15 even newer hardware these days is sus 18:50:01 I'm only planning to keep as much money in it as I keep in my regular wallet 18:50:47 Are you responding to my comment about multisig support? 18:51:12 Yes^ 18:51:13 spaceguide: 2013 was the year that killed hardware innocence in pc's with the introduction of intel ime and amd psp 18:51:20 why not 18:51:34 anything built since then is owned by government 18:51:50 How and how common is it? 18:52:14 I guess, I should not have to explain that 18:52:43 phones are more secure than desktop 18:52:50 self-plug: in my (freelance) day job I am a systems engineer for the Maemo Leste project, a FOSS (debian based) operating system for mobile phones: https://leste.maemo.org/images/thumb/e/e8/Statsfun.jpg/800px-Statsfun.jpg 18:52:55 i use it as my daily driver 18:52:59 and yes, SMS, calls etc. work 18:53:09 gorillaquest: if that's what u gotta tell urself to sleep at night bro 18:53:28 <123bob123:matrix.org> https://bitwarden.com/help/kdf-algorithms/ 18:54:06 Hyolobrika (carrier pigeon bridge (sorry about the delay)): RINO wallet may be what you are looking for. AFAIK, it uses the experimental Monero multisig. 18:55:51 I know of 3 cases.. 18:57:24 ? 18:57:28 and yes, cellphones can be made safer, yet, you always have yet another minicomputer in the cell, you don;t control, which is yet another vector 18:58:09 your not supposed to have access to that 18:58:24 <123bob123:matrix.org> I use my own stringray :0 18:58:28 that gives applications root privileges which breaks security 18:58:32 if we're talking about safe from the everyday hacker then i agree phones can be safer to use... but no chance to hide from google/apple and the government, their spying, or their data collection. in that realm pc rules 18:59:26 Phones also have secure elements and now MTE 18:59:53 well, your provider has access to it, as well as all three letter agencies 19:00:12 Use GrapheneOS 19:00:30 exactly. pc's aren't TOO much safer in that regard anymore because of ime/psp but at least there's no "provider" 19:01:08 <123bob123:matrix.org> You can avoid google its not hard 19:01:42 old ddr2-era pc is the way to go for no spyware 19:01:52 untill AMD was safe ? 19:02:05 untill when AMD was safe ? 19:02:20 123bob123: "its not hard" you talking about installing a custom os like graphene? yeah "its not hard" if you have one of a handful of phone models 19:02:47 spaceguide: i forget which cpu it was but i'm 99% sure it was released in 2013 19:02:57 may have been one in the bulldozer series 19:02:57 google pixels for instance 19:03:23 there's a reason they only support google pixels 19:03:35 because every other phone doesn't meet their security requirements 19:03:48 I do use still a bulldozer series 19:03:58 no secure element, broken verified boot, etc 19:04:16 <123bob123:matrix.org> Thing i dont get with GOS is you use it to degoogle and then they have google sandboxed play services. 19:04:40 GOS doesn't advertise themselves as degoogling 19:04:44 you are not forced to use them 19:05:07 its some community members that assume that 19:05:08 spaceguide: yes, google pixels. which makes you wonder about the hardware... perhaps your software is google-free, but the hardware itself was made by the adversary you're trying to evade with software 19:05:10 spaceguide: yeah u might wanna double check ur exact model to make sure if u have psp or not 19:05:17 I do install most of my apps straight from source 19:05:37 AOSP is "degoogled" in a way 19:06:10 https://github.com/monero-project/meta/issues/926 19:06:33 don't get me wrong, google pixel with graphene is still probably the best option out there, it's just so impossibly far from optimal 19:07:08 <123bob123:matrix.org> They use to advertise as degoogled 19:07:52 if somebody released a truly spyware-free smartphone that would be a game changer... makes u wonder why it hasn't happened already... makes u wonder what happened to those who tried 19:09:46 because google has the funds to harden the secure element and they prioritize security 19:10:10 unlike other phones besides apple phones 19:10:53 yeah we have different definitions of security bro xD 19:11:06 Oh wow dsc_ I didn't know you worked on that. I retired my n900s when "2g" networks were shut down everywhere I use a phone. 19:13:55 You can hypothesize about backdoors in any hardware. Pixels are the most externally researched/analyzed mobile devices and provide an objectively much higher level of security than any other options that GOS could support 19:17:28 <123bob123:matrix.org> Maybe move to offtopic keep plowsof happy 19:17:47 yeah among mobile devices - i'm still considering all devices including pc's 19:18:41 123bob123 ok ur right we need to focus on fixing monero 19:18:55 so who all gonna pay me to buy graphics cards? 19:19:53 for epic 21st century a.i.-driven r&d for monero multisig 19:21:25 pigeons: hehe yeah, if you are looking into using that OS again; motorola droid 4 (2012) works quite well 19:22:10 Ty 19:22:37 dsc_: foss os for a non-google, non-apple device? now why didn't we talk about this earlier rofl instead of google pixies 19:23:05 spadin_spider: it certainly is nice to just be able to `apt install` everything from the debian repos on your phone 19:23:14 Ty 19:23:42 dsc_ does it actually work as a phone in 2023 tho? idk much about mobile bands but i hear they change 19:24:21 our next target is the pinephone 19:24:34 oooo i've heard good things about that one 19:25:10 but it is only a matter of time before proper FOSS mobile hardware come out (like pinephone), that is the trend at least 19:25:43 unfortunately for now we support a small number of devices 19:27:17 my currently relationship with my smartphone is treat it like nuclear waste until i need to make a call or send a text... been considering upgrading to a basic phone if i can find one with tethering, but if i can get a smartphone that isn't fucking rooted (like that motorola u mentioned) then that may be an even better option 19:27:46 rooted/backdoored whatever the proper term is 19:27:57 for sure 20:21:39 As an owner, Pinephone Pro isn't anywhere near ready for daily driver https://wiki.pine64.org/wiki/PinePhone_Pro_Software_State 20:22:42 how far is it useable 20:24:29 It's not open source hardware in general. The entire main SoC is not open source. There is substantial confusion between a device running an open source OS and the device being open source 20:25:45 Terrible battery life, terrible calling and SMS experience. Would only recommend as a dev device right now 20:26:20 Pinephone has 100% proprietary hardware for the SoC, radios, SSD, etc. Those components aren't open hardware. The cellular radio is very strange and has a separate CPU running an outdated proprietary fork of Android to talk to the baseband instead of the OS doing it directly. 20:27:41 The last update by GNOME on better mobile support was over a year ago: https://blogs.gnome.org/shell-dev/2022/09/09/gnome-shell-on-mobile-an-update/ 20:29:16