09:12:08 <123bob123:matrix.org> Someone from core attending the meeting? 09:42:39 Probably not 09:42:41 We'll see 09:49:21 <123bob123:matrix.org> Hmm 09:52:15 <123bob123:matrix.org> Should give community a progress report on whats been done to workout how jet funds took off without us,also steps that are being taken to protect existing wallets and what cybersec plan are they implementing to protect the rest of monero infrastructure 09:55:42 Join us LIVE from labitconfin Buenos Aires! SAT 11AM-EDT/5PM-CET! ! 09:55:42 👀➡️: https://youtube.com/watch?v=CsCjRSul6Yo 09:55:43 Join ➡️: https://streamyard.com/4tmv6k8zkm 09:55:43 🙏🏽 09:55:44 https://monero.com/ 09:55:44 https://cakewallet.com/ 09:55:45 https://localmonero.co/ 12:05:48 if someone missed, https://github.com/monero-project/meta/issues/926 12:06:09 maybe not the best idea, but maybe someone can use any part of it 12:06:17 even with just GF2 design 13:10:50 fluffypony: CCS meeting here in just under 3hrs. Now that you are one of us maybe you want to attend 13:27:02 one of us. one of us 13:59:20 Meeting says 15:00utc which is in 1 hour https://github.com/monero-project/meta/issues/920 😮 14:01:03 oh clock change 14:01:42 fluffy ^^ 15:00:00 Meeting time https://github.com/monero-project/meta/issues/920 15:00:06 Greetings 15:00:22 hi hello 15:00:28 hi 15:00:37 hey 15:00:38 greets 15:00:45 hello 15:00:46 hi 15:01:05 nice to see people arriving, so usually we'd spend the opening 15 mins or so on recent events then dive into the CCS ideas list, however, until we have a path forward i can't see us getting to the ideas. 15:01:07 hello 15:01:22 ideas first 15:01:24 hello 15:01:27 The agenda/goal of this meeting should be to help clarify where Core and the community are at in terms of short / long term solutions for a path forward, whilsts disrupting Moneros development as little as possible. 15:01:54 short term > get ball rolling. devs need to eat 15:02:32 long term (2-4 weeks) setup infra for funds moving forward 15:03:23 Hi 15:03:26 I say, proposals first. Im nit worried about an empty wallet 15:03:48 the Monerokon events team have went there own way for funding (and target a return to the CCS in spring~ depending on how things are resolved) - their latest example https://funding.monerokon.com/ 15:04:12 i am multisig agnostic, doesnt exist :( 15:04:27 🔜 15:05:29 Reminder that the MAGIC Monero Fund was unaffected by the CCS wallet theft. People can apply now. The main downside for applicants is that they have to KYC to receive money: https://monerofund.org/apply 15:06:03 (Donors do not have to KYC. But if they have USA tax liabilities, then they can make the donation tax deductible.) 15:06:32 i await MRL's discussions on multisig (mentioned here) https://libera.monerologs.net/monero-research-lab/20231108#c301310 ( i also know that jeffro256 is building something for the UX, rbrunners MMS and semi related tobtoht has offline signing via QR's on his todo list / has already made progress) 15:06:49 Hi 15:07:36 Community highlights: 15:08:07 If the CCS will again use escrow, then the process to create and manage the wallet should be documented publicly. No more security through obscurity. 15:08:28 soon 15:08:37 hello 15:09:05 Giant Pink Elephant = general fund 15:09:15 Hi Hinto 15:09:45 Ccs wasnt even 2600xmr. Nearly 2000 of that was never to be claimed 15:10:05 are we able to get a clarification of where binaryfate is regarding a short term solution operation 'the show must go on' - where a seperate ccs wallet is created and luigi is topped up to make payouts? or how the community would feel about this? 15:10:24 or if not specifically that, whatever is on your mind 15:10:29 I think bf is a no go after speaking with others 15:10:46 clarify please 15:10:49 I vote plowsof sucks it up for now 15:11:28 Plowsof Monero bank 15:11:31 You hold _all_ the money. In a solo wallet. Need to fix that first 15:12:08 it might be better to have the general fund as a separate discussion 15:12:20 would you be willing to take on more responsibility temporarily by 1) creating a 'secure' ccs wallet (if so, consider Ruckniums points of disclosing where possible the measures taken to ensure that it is secure) and 2) send funds from this new wallet on to luigi 15:12:26 Bothering you for payouts in every situation is less than ideal 15:13:03 what is community view on luigi1111 doing it instead of me? 15:13:16 No 15:13:36 not solo. Worst opsec. Gone til thanksgiving. Nah 15:13:40 OPSEC. 15:13:48 multisig signer? Ya 15:14:03 opsec can be fixed if the steps of creating/securing are agreed/disclosed right? 15:14:05 > what is community view on luigi1111 doing it instead of me? 15:14:06 P l o w s o f 15:14:09 Not luigi 15:14:42 whatever we do, we need a short term solution to feed the devs 15:14:51 ideas time 15:14:59 let's go 15:15:04 Possible donor's thought process if luigi creates and manages the main CCS wallet: "They lost a lot of the money I sent to help improve Monero. Did they do anything to regain my trust? No. They are just doing the same thing." 15:15:11 luigi is fine by me, does anybody think that no lessons have ben learned? 15:15:20 no 15:15:44 Hes gone til thanksgiving, cant do forensics 15:15:45 no trust 15:15:47 Eff that 15:15:54 Luigi shouldn't be allowed to handle anyone else's money ever again, lol. The setup for the wallet was extremely careless for someone in such a position 15:16:02 we have very few from core actually doing things 15:16:14 On the other hand, we still don't have the slightest clue how luigi was targeted, right? Maybe that's reason enough to choose somebody else for the time being. 15:16:21 hi, sorry for delay 15:16:24 Imagine if plowsof went on a haitus/vaca after, and left his pc behind.. again 15:17:00 ofrn, why would you be traveling with a secure pc? 15:17:13 rbrunner good point 15:17:18 Usually when these things happen, the person responsible should simply leave their position, resign without being asked by the community. There are mistakes 15:17:26 stupid question, but cant we use a ledger or trezor while we figure out multisig proper? 15:17:27 Suggesting luigi, is pretty funny. @bf 15:17:27 Why dont YOU suggest plowsof? Sus 15:17:32 Hope nobody is on a boat rn 15:17:36 Yes 15:17:40 Plowsof has one 15:17:43 Yeah good point 15:17:55 luigi was OK handling a secondary wallet last time i checked in. and for the balance to be below a certain threshold at any time (but enough to handle 1~months of payouts) 15:17:59 > ofrn, why would you be traveling with a secure pc? 15:17:59 Secure? 15:18:15 We have servers running 16.04 15:18:22 a hardware wallet would have defeated the evil hackers 15:18:51 The best short term solution may be direct funding to workers' XMR wallets. The CCS website would probably have to be coded a little different to scan for multiple view keys. 15:19:00 Core needs to use that GF to deal with infra. 15:19:00 they dont need to be bank tellers 15:19:11 give the wallet to a trusted person but don't tell anyone so nobody wpuld know who to hack 15:19:31 Ok 15:19:50 Project decoy 15:19:55 If someone from the community is skilled in hardening a PC (removing intelME etc.) I would highly appreciate a guide or a link collection; both for my own setup as well as hardening other community members setups 15:19:56 I think the point rbrunner makes is important. You don't know how Luigi has been targeted. Personally I feel good about Luigi, but when these things happen, the person responsible should leave 15:20:09 luigi can for example use a hardware wallet for a hot wallet to payout devs while the cold wallet that gets the actual funds are in someone else's hands 15:20:26 Luigi disappeared forn3 months 15:20:33 And didnt tell anyone their money was gone 15:20:42 Til LONG after it was spent 15:20:46 tobtoht shared the "ultimate" guide on securing a laptop ceetee (it involves breaking it open and adding some wires) https://osresearch.net/ 15:20:48 Fuck that 15:20:56 Id sue the shit out of my employer 15:21:38 i am in favour of a the show must go on / same shit different day as a temporary fix 15:21:39 Had plowsof wasting community funds 15:21:54 Thanks for sharing 15:22:01 > i am in favour of a the show must go on / same shit different day as a temporary fix 15:22:01 2-4 weeks. Max 15:22:11 Not same show for an eternity 15:22:37 Ok, what will we do? 15:23:00 plowsof, would you be willing to use a HW wallet for payouts in the next 4 weeks? 15:23:02 Core will handle it :D. 15:23:02 can we get to merging now? 15:23:17 > plowsof, would you be willing to use a HW wallet for payouts in the next 4 weeks? 15:23:17 No, but ill make him 15:24:11 How much, give or take, would be those payouts in the next 4 weeks? 15:24:30 0 right now 15:24:33 the last payout(s) totalled about 600 xmr (that was a month~ ish) 15:24:39 Building as donations come in 15:24:50 Potentially all of the proposals that are posted 15:24:57 it's more holding donations for the CCSs that will be approved 15:25:01 so the CCS has some serious throughput when people are achieving milestones and not letting things accumilate 15:26:21 were not talking about moving the 2000 xmr to this wallet. This is for current proposals and fast payouts. 15:26:39 and yeah fkn right plowsof hides shit for 60days. Hes not that brave 15:27:34 so who creates the new wallet that gets all the funds from the proposals? that has to be solved too, not only the person who does the hot wallet payouts 15:27:36 on who holds funds long term: if not luigi again, then who is the question - there aren't many (if any) members that are trusted by the multiple parts of the community 15:28:11 temporarily i think plowsof is trusted by mostly everyone to hold funds - but this decision is still up to core 15:28:11 Multisig 15:28:12 Long term 15:28:12

Luigi disappeared forn3 months <= plz stop the gross misreprentations 15:28:24 it is also his job :D 15:28:24 New wallet = plowsof 15:28:34 BinaryFate through RINO or some multisig schema 15:28:38

temporarily i think plowsof is trusted by mostly everyone to hold funds - but this decision is still up to core <-- I disagree this is up to core 15:28:40 >

Luigi disappeared forn3 months <= plz stop the gross misreprentations 15:28:40 a bit more than 60 days? 15:29:03 my pgp key is .. 6 days old and remains not compromised (these are my qualifications) 15:29:05 >

temporarily i think plowsof is trusted by mostly everyone to hold funds - but this decision is still up to core <-- I disagree this is up to core 15:29:05 I disagree. This is up to us 15:29:14 Plowsof has been doing a good job and I think is s trusted by many people of the community 15:29:22 fluffypony: 15:29:25 I didn't disappear either. 15:29:41 The money did 😆 15:29:53 please ofrn 15:30:17 Let's put Vik from cake wallet 15:30:17 im not trolling or joking. 15:30:18 without the intention to put plowsof under pressure, I think he is trustworthy for the new short term wallet 15:30:24 One important question would be whether plowsof seems themselves able to take the responsibility. They could have doubts, which I would understand. 15:30:51 Core is da boss and i am subservient ! 15:30:59 and long term multisig, if multisig is achievable in a couple month 15:31:12 Community is your boss, plowsof 15:32:06 for the funds issue otherwise yeye im a slave to all 15:32:54 So to share risk, still leaves the questions where *new* donations that come in will go? 15:32:55 i've only ever custodied around 23 xmr and i spent all 15:33:35 Maybe for that binaryfate could use the GF security setup to create a new wallet? 15:34:06 there is alot more that goes into it (the mouth begins to dry and heart pounds) if you truly consider holding a serious amount of funds for the community when i am neither anon , or have anything in place should i stop breathing 15:34:20 I'm not comfortable piggybacking on different wallet when we have different requirements on how frequently to access funds 15:34:38 +1 to bf 15:34:54 I don't think plowsof wants to do it. plowsof, answer directly: do you want this responsibility? 15:34:59 Too many wallets already, big target 15:35:42 So who? 15:35:52 he probably shouldnt _want_ to. 15:35:52 the question is "will you" 15:36:08 Strange reasoning 15:36:18 i would like more responsibility, but my first rodeo should not be 'the CCS wallet' 15:37:07 we're talking about a guy that can't delete spam comments/issues here 15:37:10 everyone _wants_ 2600xmr in their wallet. 15:37:10 not plowsof. hes selfless 15:37:14 from the ccs gitlab 15:37:40 6 month terms repeatedly. Doesnt even claim his own milestones on time 15:37:44 has there been any other volunteers? 15:37:45 Lovera: Probably no one. Thinking like a game theorist: You need at least three groups/individuals to be satisfied with the arrangement. Donors, workers, and the escrower(s). There may be no arrangement that satisfies all three now. So go to direct funding with no escrow. 15:38:13 And we need people to vet proposals, too. That's 4 groups. 15:38:21 Of the pending payouts, is it true that one or two represent the majority of the funds? If one or two payments could be done alongside filling a smaller CCS hotwallet it might be less stressful. Not sure how workable that would be. 15:38:22 > has there been any other volunteers? 15:38:22 Selsta :D 15:38:33 we gotta be careful not to overburden plowof, don't want him to break under the pressure 15:38:36 no 15:38:37 You have an asymmetric information problem and a collective action problem. Solve the game! 15:38:44 therefor it should be strictly a temporary messure 15:38:58 Jk. I dont think selsta can be made to do it 15:39:22 rucknium please do :) 15:39:25 Otherwise id have nominated selsta over Plowsof. 15:39:29 Rucknium: on direct funding: would this mean proposers would directly receive funds even before milestones are complete? 15:39:49 Scam central 15:39:51 hinto: Yes. 15:39:56 i have a bad history of voting in favor of ccs's that do jack all after getting merged :) 15:40:05 Even if ... that's no shorttime solution for the payouts that are due, no? 15:40:33 Payoute due = come from generalfund right now 15:40:40 hinto: So nothing would change with the direct funding :) 15:41:17 plowsof: do you want to do this? if not, we need another volunteer to step forward to handle this. otherwise I'd argue binary fate is probably the most qualified 15:41:24 the work in progress proposals are covered by the general fund / have already been paid out (if someone did not know) 15:41:36 Ah, ok 15:41:57 plowsof: will you take on this responsibility? if not, we need another volunteer to step forward. Cringe 15:42:07 no i would rather gain responsibility in other areas first 15:42:33 my alt will be unbreakable when my 4 year plan is complete and world domination will be possible 15:42:47 Is that to me, or x3nu? 15:43:10 yes xenu/ofrnxmr 15:43:37 who is plowsof? can't even be trusted to delete spam comments from the ccs, now he custodies the CCS? lolool 15:44:17