01:04:46 Hello, I am a student of phrog from discord 01:04:55 Phrog is my sensei 01:20:36 Im sorry..... 01:21:53 This was in the past 01:22:02 Ive learned better 10:22:09 'ick on 'eck 14:16:00 https://x.com/tokendynamics/status/1722494485383496086?s=46 14:16:00 Interesting video on moneros price floor 14:29:14 How are you supposed to calculate the "amount of times each unit is used over the year"? 15:55:09 <4rkal:monero.social> Wrote this cool guide on how to create a cool iso for cold storage. https://4rkal.eu.org/posts/coldstorage/ 15:59:39 <4rkal:monero.social> Wrote this guide on how to create a cool iso for cold storage. https://4rkal.eu.org/posts/coldstorage/ 16:00:22 <4rkal:monero.social> Maybe this is useful for some member of the community **cough cough** 16:08:24 mamma mia 16:09:20 Where do the OS files to write to this ISO come from? 16:09:46 From the installation you are running this on, or from some ArchLinux website? 16:17:00 <4rkal:monero.social> Its using this https://github.com/laurent85v/archuseriso . All packages are pulled from the arch repos 16:23:23 So should be pretty hard to corrupt even if you already have malware on the system you build the ISO 16:26:24 <4rkal:monero.social> Yeah ig 16:31:40 frfr ong no cap 16:36:04 gen-z_decode.py 16:46:35 <4rkal:monero.social> *.lua 16:49:44 Was listening to ArticMine on MoneroTalk discuss the Intel Management Engine. 16:49:45 And then watched a Defcon talk on it. 16:49:52 I see you can buy Purism and System76 laptops with it disabled. And possibly some laptops/motherboards are compatible with Coreboot, which disabled it. 16:50:04 Just wondered... 16:50:04 Do AMD devices have a similar vulnerability. 16:50:05 Same question for ARM devices? 16:51:21 AMD devices also have a similar vulnerability. 16:51:36 <4rkal:monero.social> The safest most tinfoil hat method might be using risc-v processors 16:51:57 <4rkal:monero.social> Don't think they have any kind of "management" engines 16:52:20 <4rkal:monero.social> +open source 16:53:21 Sandboxing DRM supporting devices on a separate sub net is a simple was to mitigate the risk 16:53:30 Thanks for doing that interview ArticMine - found it v interesting and thought provoking. 16:53:44 But Risc-V still have speculative execution :) 16:54:39 john_r365: You are welcome. 16:55:02 Re subnets - I was more thinking of devices used for generating seeds. 16:55:02 Presumably if you use a ME vulnerable device, the tin foil hat approach would be to disable/remove the WiFi card and keep it offline. 16:55:20 And then cold sign from it. 16:56:09 Maybe some Monero contributors have already covered this in detail in blog posts? 16:57:30 <4rkal:monero.social> https://monero.observer/cypherpunk-transmission-016-1vyrain-soft-disable-intel-me-xx30-thinkpads/ 16:58:04 <4rkal:monero.social> Don't know if this is what you're looking for.. 16:58:09 My Lenovo thinkcenter 1L PC have a Jumper 16:58:09 ME ON/OFF 16:58:33 Cool 17:00:07 That thinkcenter have a Intel 10900 in it, so still quite nice. 17:00:07 And I confirm that when jumper is set to OFF, if seam ME is OFF (at least all Intel tools for ME bark at me when I run them) 17:00:08 And I would not dare switching it back to ON as I already zeroed part of the flash already 17:02:34 Does play ready DRM (latest version) work on it? Can you install Windows 11 on it? Let me guess the answer is NO in both cases 17:03:20 Windows 11 work just fine 17:03:20 All my media content come from that very old network called Usenet, none have DRM so I have never tried 17:03:23 Once the Intel ME is disabled the DRM will not work 17:03:44 TPM seam to work too 17:04:07 TPM seam to work too (well I guess it is as it's required for windows 11 😂 ) 17:04:26 That could be the test 17:04:54 Testing play ready DRM would be helpful 17:06:45 But why would I want to play DRMed content. 17:06:45 If it's the only loss then it's a non issue (I get my content on usenet because of DRM... Imajin being on Linux and being limited to 1080p because you don't have Windows + edge or something) 17:06:59 But why would I want to play DRMed content. 17:06:59 If it's the only loss then it's a non issue (I get my content on usenet because of DRM... Imajin being on Linux and being limited to 1080p because you don't have Windows + edge or something) 17:07:00 Not paying money for inferior quality 17:07:07 Also are you running Windows 11 in a VM? 17:08:00 Naa, I did run Windows for a while got I got sick of some issue on Linux. 17:08:00 Then I figured out after a while that people found a fix for my issue (disabling power management for the iGPU). So I reinstalled Linux. 17:09:28 But I did the ME test while on Windows (the Intel tools for messing with ME are for windows) 17:09:48 One would want to run DRM infected in this context to identify the relationship of the DRM to the vulnerability 17:11:14 If it is the root cause this is very important. Also it can be a test that the Intel ME was truly disabled 17:11:42 If the DRM still works the vulnerability remains 17:13:01 DRM is critical here because of the US DMCA 17:13:34 Will try this weekend maybe. 17:13:35 Any "DRM" will work or it's specific, I think I never played drm content. 17:13:35 I just get Netflix and test with that? 17:14:28 The newest Microsoft play ready. Not just any DRM 17:15:05 Netflix is a good test 17:16:50 i assume we have seen the latest monerotalk? havn't finished it myself yet https://www.yewtu.be/watch?v=9XgG4sNVS38 17:59:04 Doug: "So... how could the CCS Hacker have better structured their transactions to make network graph analysis harder?" 17:59:04 Justin & ArticMine: "No comment" 😂 18:16:03 :) 18:28:12 He recommended an old device as a wallet which is untrue because they are EOL 18:33:47 Also supported "properly" rooting a phone, if they can't use desktop OS which is not a good idea 18:33:53 Also supported "properly" rooting a phone if they can't use desktop OS which is not a good idea 19:03:53 <123bob123:matrix.org> Still guessing on how it happened are we 19:06:48 No, Im trying to clear some misinformation that was said in the recent monerotalk episode about security practices 19:08:13 <123bob123:matrix.org> It was more directed at the convo about it. Unless there is a forensic analysis where doing market speculation 19:08:52 <123bob123:matrix.org> But from what i have seen about infrastructure would surprise me was cause of a high cve 19:09:02 <123bob123:matrix.org> But from what i have seen about infrastructure wouldn’t surprise me was cause of a high cve 21:38:07 HELO WE'VE BEEN HACKED FOR 2k XMR BUT DON T WORRI WE'LL FORENSIC OUR BACKDOORED DEV MACHINES AFTER "THANKS"_GIVING X---------_DDDDD 21:38:07 it's not a time-sensitive issue after all... always yours, Luigi1111111 21:38:07 21:42:14 everyone knows its 1111, or 1112, or 1111w, or 1112w, not 1111111 22:09:24 The CCS Wallet Hack: Exposing and Improving Monero’s weaknesses with Francisco “ArticMine” Cabañas and Justin Ehrenhofer. EPI #288 22:09:24 ➡️ https://youtu.be/9XgG4sNVS38?si=wsekcu5Vvhg-73Wq 22:09:25 We discuss: 22:09:25 -The Hack of the CCS Wallet and possible causes 22:09:26 -Moonstone’s probabilistic tracing of the stolen funds 22:09:26 - Future of Monero dev funding & Governance 22:09:27 Special thanks to our sponsors 22:09:27 https://cakewallet.com/ 22:09:28 https://monero.com/ 22:09:28 https://linktr.ee/stealthex 22:09:29 as well as Sunchakr for making these interviews possible. 22:09:29 And of course our listeners & supporters for making Monero Talk possible 🗽📷🎤!! 22:23:51 <123bob123:matrix.org> How shit we got hacked! 22:25:17 Nacho: - yeah, I wondered about that. Doesn't rooting a phone make it more vulnerable not less? Afaik you can install a custom OS like Graphene without rooting it... 22:25:17 Root is only needed if you want to do something specific - like run Titanium backup etc.