10:03:39 <m-relay> <b​ehelit:hackliberty.org> after the ccs incident what does the community think is the best methods of crowdfunding projects
10:05:44 <m-relay> <b​ehelit:hackliberty.org> Can you send monero whilst offline?
10:15:53 <m-relay> <4​rkal:monero.social> CCS with good opsec is still the best
10:17:23 <m-relay> <4​rkal:monero.social> But whoever is holding the funds should disclose their setup to be "reviewed" by the community. At least in my opinion.
10:17:56 <m-relay> <b​ehelit:hackliberty.org> how would you trust a reviewed setup
10:18:25 <m-relay> <4​rkal:monero.social> Wdyn?
10:18:30 <m-relay> <4​rkal:monero.social> Wdym?
10:19:53 <m-relay> <b​ehelit:hackliberty.org> how would you verify that the approved setup is actually being used
10:20:06 <m-relay> <4​rkal:monero.social> You can't
10:20:17 <m-relay> <4​rkal:monero.social> Don't verify; trust
10:20:19 <m-relay> <4​rkal:monero.social> Lol
10:20:47 <m-relay> <4​rkal:monero.social> You are already trusting them to hold the funds so...
10:20:54 <m-relay> <b​ehelit:hackliberty.org> and what type of entity would be trustworthy in your eyes
10:21:12 <m-relay> <4​rkal:monero.social> Multisig with many devs
10:39:53 <m-relay> <e​ndor00:matrix.org> You can sign a transaction offline, yes. And then submit it to an online node
10:40:07 <m-relay> <e​ndor00:matrix.org> Same as any other coin
10:45:34 <m-relay> <4​rkal:monero.social> You can't tho can you?
10:45:52 <m-relay> <4​rkal:monero.social> You have to have an online device too
10:46:20 <m-relay> <4​rkal:monero.social> Before submitting the file to an online node right?
11:10:57 <m-relay> <e​ndor00:matrix.org> Well yeah, you can't be both online and offline at the same time
11:12:06 <m-relay> <e​ndor00:matrix.org> The important part is that the private spend key is on a device that never touches the internet
11:13:28 <m-relay> <b​ehelit:hackliberty.org> can you give examples of this setup
11:27:38 <m-relay> <u​nkn8wn69:matrix.org> Anonero
11:47:06 <m-relay> <4​rkal:monero.social> https://anonero.io
11:47:11 <m-relay> <4​rkal:monero.social> Tor required
14:57:39 <m-relay> <v​ikrants:monero.social> Thanks for foundation devices and stack wallet, cake and Monerocom wallets have native tor in next update.
14:57:46 <m-relay> <v​ikrants:monero.social> https://matrix.monero.social/_matrix/media/v1/download/monero.social/GqqdxqmLRKySYSMvHBdXIEzh
14:57:53 <m-relay> <v​ikrants:monero.social> https://matrix.monero.social/_matrix/media/v1/download/monero.social/EiqfXknyFrwhxHEytXfFyzNi
14:58:04 <m-relay> <v​ikrants:monero.social> Thanks to foundation devices and stack wallet, cake and Monerocom wallets have native tor in next update.
16:09:16 <m-relay> <a​js_:matrix.org> monerokon 2024 planning in about an hour
16:09:20 <m-relay> <a​js_:matrix.org> in #monero-events:monero.social
16:09:36 <m-relay> <a​js_:matrix.org> agenda https://github.com/monero-project/meta/issues/929
18:51:57 <luigi1111w> <4​rkal:monero.social> But whoever is holding the funds should disclose their setup to be "reviewed" by the community. At least in my opinion. <= some consideration should be made to physical security as well if "publishing" your setup, targeting involving meatspace could become more likely
19:09:45 <m-relay> <1​23bob123:matrix.org> Disclosing somethings is actually worse for opsec
19:16:04 <m-relay> <o​frnxmr:monero.social> Its on my google drive
19:40:56 <m-relay> <d​iego:cypherstack.com> hi guiz
19:42:52 <m-relay> <b​ehelit:hackliberty.org> sounds like security through obscurity
19:43:23 <m-relay> <s​weetbearkiller:monero.social> have rules that must be followed
19:43:42 <m-relay> <s​weetbearkiller:monero.social> regarding the opsec
19:43:44 <msvb-lab> Hello diego.
19:47:55 <luigi1111w> security through obscurity is a great thing when it comes to physical world
19:48:22 <luigi1111w> (rather, is a part of the equation)
19:53:15 <plowsof> Upload a floor plan of your home with positions (screenshots of any/all security cameras) so we can help improve your setup
20:01:49 <m-relay> <s​weetbearkiller:monero.social> yes dont forget to send the address to check if you are in a safe place
20:02:00 <m-relay> <s​weetbearkiller:monero.social> just in case
20:11:04 <m-relay> <4​rkal:monero.social> If you told people about your terrible opsec beforehand there would probably have been a large backlash.
20:11:21 <m-relay> <4​rkal:monero.social> We only learned about your setup once it was too late
20:12:45 <m-relay> <4​rkal:monero.social> Disclosing that you have for example and offline qubes os install with an offline vm to sign transactions can't really make it easier to attack you. On the other hand if you do something stupid the community might be able to help
20:14:31 <m-relay> <s​weetbearkiller:monero.social> I think the opsec should be disclosed in the future
20:15:18 <m-relay> <s​weetbearkiller:monero.social> security through obscurity has limits
20:15:26 <m-relay> <s​weetbearkiller:monero.social> an attacker will find out
20:16:30 <m-relay> <s​weetbearkiller:monero.social> that or having a standard that everyone must follow once they get enough responsabilities
20:18:23 <m-relay> <s​weetbearkiller:monero.social> it'd not be ridiculous to ask for an airgapped signer when you manage funds >1M$
20:19:33 <m-relay> <s​weetbearkiller:monero.social> and a signer in an offline cube when managing funds > 10k$
20:19:55 <m-relay> <4​rkal:monero.social> Yeah for example don't use an online windows machine when managing 500k in funds
20:20:01 <m-relay> <s​weetbearkiller:monero.social> and a signer in an offline qube when managing funds > 10k$
20:20:42 <m-relay> <s​weetbearkiller:monero.social> we learn from our mistakes
20:21:26 <m-relay> <4​rkal:monero.social> But yeah having a certain standard sounds like a good idea. Should have EXACTLY the same setup for every dev tho
20:21:56 <m-relay> <s​weetbearkiller:monero.social> Shouldnt* ?
20:21:58 <nioc> luigi1111w: which is why I suggested that trusted persons deal with it without telling who they are, ofc I got laughed at
20:22:52 <m-relay> <4​rkal:monero.social> But yeah having a certain standard sounds like a good idea. Shouldn't  have EXACTLY the same setup for every dev tho
20:23:04 <m-relay> <s​weetbearkiller:monero.social> Maybe that will get more consideration now ig
20:23:17 <plowsof> Seems like people want 4/9 multisig + the plot of a Tom Cruise movie 
20:23:32 <m-relay> <o​frnxmr:monero.social> 2/7
20:23:42 <m-relay> <o​frnxmr:monero.social> I like 4/90
20:23:43 <nioc> 1/1
20:23:50 <m-relay> <4​rkal:monero.social> 6/9
20:24:12 <m-relay> <o​frnxmr:monero.social> (4rkal is serious)
20:24:28 <m-relay> <o​frnxmr:monero.social> Dreamlandia
20:24:31 <plowsof> I hope people realise we will just be shooting the shit and nothing will happen until multi sig is ready(tm)
20:24:35 <m-relay> <s​weetbearkiller:monero.social> 4/9 would not be irrealist in managing the cold wallet honestly lol
20:25:09 <m-relay> <4​rkal:monero.social> Sorry for cringy joke ofrn
20:25:44 <nioc> monerokon has not set up their multisig wallet yet because all participants need to be online at the same time for some amount of time 
20:25:58 <nioc> takes a while to do 
20:26:01 <m-relay> <o​frnxmr:monero.social> irrealist (brb while i dictionary)
20:26:18 <m-relay> <s​weetbearkiller:monero.social> lmao
20:26:23 <nioc> highlight and Rclick
20:26:30 <m-relay> <o​frnxmr:monero.social> > <n​ioc> monerokon has not set up their multisig wallet yet because all participants need to be online at the same time for some amount of time 
20:26:30 <m-relay> <o​frnxmr:monero.social> Arent they trusting rino aka basically dr
20:26:59 <nioc> they want to set up CLI multisig as well for cold wallet
20:27:04 <nioc> rino = hot wallet
20:28:01 <m-relay> <o​frnxmr:monero.social> ahi thoight rino = their solution
20:28:24 <m-relay> <s​weetbearkiller:monero.social> if people are trusted and good standards are adopted the risk is already significantly reduced even without multisig
20:28:38 <m-relay> <o​frnxmr:monero.social> They want to use simplex for their key exchange, thata right
20:29:37 <nioc> they want to set up a simpleX group, I have no idea how things will be set up
20:30:11 <nioc> that is, no idea what it will be used for
20:30:35 <midipoet> why is simplex better for key exchange than pgp encrypted email? Is it just cause simplex establishesbs p2p connection for the blob exchange?
20:30:57 <midipoet> *establishes
20:31:04 <plowsof> Security/convenience i think
20:31:14 <midipoet> sure, but why?
20:31:18 <midipoet> Or how?
20:34:27 <plowsof> So with pgp, because i have to give my blob thing to all participants several times/vice versa - i would have to encrypt the message separately with each participants pgp.pub keys 
20:35:00 <plowsof> Unless there is a shared pgp key between us all (not sure how that would be distributed securely)
20:35:49 <plowsof> Protonmail does the above automagically(?) Simplex even more automagically(?) I dont know
20:36:24 <m-relay> <s​weetbearkiller:monero.social> do that with the key ?
20:36:58 <m-relay> <s​weetbearkiller:monero.social> tho that means if anyone leaks everyone is compromised, we cant just revoke one key
20:41:55 <midipoet> Yeah, should still be shared  encrypted on simplex. There are still five (for example) phones with the blob on it. Unless there is autodestruct on messages, i guess. 
20:45:01 <m-relay> <s​needlewoods_xmr:matrix.org> > <p​lowsof> So with pgp, because i have to give my blob thing to all participants several times/vice versa - i would have to encrypt the message separately with each participants pgp.pub keys
20:45:01 <m-relay> <s​needlewoods_xmr:matrix.org> not sure I understand this correctly, do you mean with pgp you have to create multiple encrypted messages, each for every participant?
20:46:06 <plowsof> You have to encrypt the message with someones public key  
20:47:58 <m-relay> <s​needlewoods_xmr:matrix.org> yes, but you can add multiple pub keys to one encrypted message
20:48:30 <plowsof> TIL? 
20:49:58 <plowsof> Nice, PGP is more than pretty good https://crypto.stackexchange.com/a/86489
20:51:37 <plowsof> So midipoet i see no reason for not using pgp over trusting 'thr next best thing since sliced bread' app 
22:11:26 <m-relay> <p​lowsof:matrix.org> Community meeting next Saturday - what do we discuss
22:13:40 <m-relay> <p​lowsof:matrix.org> 280 XMR to be handed to 37c3 event organisers to pay an outstanding invoice, and to fund the current event: https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/105#note_22896
22:13:59 <m-relay> <p​lowsof:matrix.org> How to fix the ccs wallet because every option has a reason not to move forward with it
22:14:35 <m-relay> <p​lowsof:matrix.org> are we gatekeeping the ccs so that only core / seraphis devs will receive funding? is everyone finally happy?
22:16:59 <m-relay> <p​lowsof:matrix.org> xmrscott wants to raise a Q about http://mattermost.getmonero.org/
22:21:01 <m-relay> <p​lowsof:matrix.org> adding a custom "fr-external" tag to ccs proposals with an extra "donate-url" field would allow things to be displayed on the funding required page, and simply re-direct people to the link. (no progress bar or anything unless integration for specific funding platforms is added to scrape their api on regular intervals) - problem is that the ccs backend can't be built (needs a docke<clipped message>
22:21:02 <m-relay> <p​lowsof:matrix.org> r wizard to handle old php dependencies)
22:23:27 <m-relay> <p​lowsof:matrix.org> also subscribe to featherwallets RSS feed https://featherwallet.org/feed.xml (theres going to be nice update soon with offline QR code transfer capabilities
22:25:53 <m-relay> <p​lowsof:matrix.org> diceware (adding dice rolls to produce seeds / add extra entropy?) and other things listed here https://matrix.to/#/!mehPttlWNbDtNeDbvu:monero.social/$wt5Khi3WaiXC8rRjPTA_QtolVgJHIp0NevdlS9Dy2bE?via=matrix.org&via=monero.social&via=nitro.chat
22:30:26 <midipoet> Plowsof: whats the gatekeeping topic about?
22:31:08 <m-relay> <p​lowsof:matrix.org> so currently the only assurances for proposals in the ideas stage have been made to core / seraphis dev things
22:31:38 <m-relay> <p​lowsof:matrix.org> the rest of them (myself included) are being left in the dark / asked to wait for a magic fix
22:32:42 <midipoet> how do you mean assurances?
22:33:45 <m-relay> <p​lowsof:matrix.org> funding will be secured for them (one way or another: either directly from the general fund / put forward for retro funding(should the ccs wallet situation be fixed shortly) or a combination of the 2)
22:38:20 <m-relay> <p​lowsof:matrix.org> all of the inprogress proposals are covered* this is for the proposals at ideas
22:49:50 <midipoet> Can we not just a set up a RINO wallet as a stop gap in the short term ? Is it that we don't have anyone trusted enough to run it?
22:55:51 <nioc> we need more than one incase someone gets hit by a bus
22:59:30 <midipoet> Just leave the backup with a couple of trusted members. Don't say who
23:00:03 <m-relay> <p​lowsof:matrix.org> i am in favour of any stop gap short term solution. the bar for being "more secure" than the previous setup is really low and the disclosure can be as simple as "its not a hot wallet" hooray
23:00:25 <midipoet> plowsof: I agree. 
23:00:52 <m-relay> <p​lowsof:matrix.org> multisig which is what RINO is based on though, is not "known secure" (there is an above zero chance an exploit exists)
23:01:07 <midipoet> it will be fine 
23:01:28 <midipoet> and it's a short/medium term solution anyway 
23:01:47 <midipoet> if events want to risk 12k with it, i am sure CCS can risk the same
23:02:22 <midipoet> how much normally does the CCS wallet need to hold at any one time?
23:03:26 <m-relay> <p​lowsof:matrix.org> the last group of pending payments accumulated about 600 xmr in 1 month which is an ok estimate to throughput
23:03:58 <nioc> there was over 600xmr in proposals ready to be merged when the bad news was announced 
23:04:52 <midipoet> Yeah, i count ~870 XMR in ideas now (not founding FCMPs)
23:05:02 <luigi1111> Realistically it's gonna be 1-2k if people don't leave milestones for years. 1k per 3 months is probably not far off, I can easily check later
23:05:04 <nioc> some are a no go
23:05:41 <nioc> events won't keep all funds raised in RINO 
23:06:11 <nioc> CLI multisig = cold, RINO = hot
23:06:51 <m-relay> <p​lowsof:matrix.org> we have to ask ourselves then, the theoretical multisig hacker: would they steal a few measily monteros or wait for something big - if this is the only reasoning then , it would be safe, however , the damage to the project/core team if it happens would be severe / out weight the monetary value so seems appealing for enemies
23:08:17 <m-relay> <p​lowsof:matrix.org> in security there is a counter argument for everything :(
23:08:20 <midipoet> so theoretically what is the total amount we are willing to risk in a RINO wallet? 
23:08:43 <midipoet> 250 XMR?
23:09:35 <m-relay> <p​lowsof:matrix.org> 244~xmr was the "unhacked amount" in the CCS2 (the small wallet that was actually used to payout people quickly) so its a good number to start at
23:09:50 <midipoet> Just make that the max allowed for each wallet. Will take some managing, admittedly but it's doable. 
23:10:42 <midipoet> And just distribute control out to trusted members and don't say who
23:11:05 <midipoet> also, ensure backups are distributed out as well, to mitigate bus
23:11:15 <nioc> to reduce the number of Monero needed to be held please pump (blasphemy) 
23:11:38 <m-relay> <p​lowsof:matrix.org> reduce the coinbase outputs temporarily
23:11:53 <m-relay> <p​lowsof:matrix.org> this is no time for inflation
23:13:07 <midipoet> right, so we have a plan?
23:14:01 <m-relay> <p​lowsof:matrix.org> the github security experts and the anti ccs / core people will be mean to us
23:15:13 <midipoet> People are mean here most of the time these days, so how does that change anything?
23:16:26 <midipoet> we probably need four RINO wallets, and four (?) trusted members + plowsof. 
23:41:47 <m-relay> <o​frnxmr:monero.social> Round and round we go
23:44:06 <m-relay> <o​frnxmr:monero.social> Or should i say
23:44:07 <m-relay> <o​frnxmr:monero.social> facepalm
23:44:37 <m-relay> <o​frnxmr:monero.social> That IF core holds it
23:46:34 <m-relay> <o​frnxmr:monero.social> argument has been had and settled
23:46:44 <m-relay> <o​frnxmr:monero.social> Solution: core doesnt hold the money, duh
23:47:13 <m-relay> <o​frnxmr:monero.social> Lets just leave the money in the known vaults why dont we
23:47:13 <nioc> they are not trustworthy? 
23:47:57 <nioc> let Cat do it, nobody would suspect 
23:48:06 <m-relay> <o​frnxmr:monero.social> +1
23:48:25 <m-relay> <o​frnxmr:monero.social> Lets give it back to luigi, so i can rob him twice in a row
23:48:38 <m-relay> <o​frnxmr:monero.social> Or give to bf, so when i finally get him, i can wipe monero clean
23:48:56 <m-relay> <o​frnxmr:monero.social> Or give it to cat
23:49:02 <m-relay> <o​frnxmr:monero.social> .. why would i waste my time on cat
23:49:06 <m-relay> <o​frnxmr:monero.social> Cat wont even get me famous
23:49:31 <m-relay> <o​frnxmr:monero.social> I hacked cat for 100xmr? "do you want a gold star sticker, ofrn?"
23:50:34 <m-relay> <o​frnxmr:monero.social> Making a big deal out of peanuts. What we lost were funds that should not have been there