00:00:28 Being unrealistic, is carrying on like nothing happened 00:00:43 just imagining how things would go with a idea that was put forward as a solution 00:00:46 I want to lose 3000 xmr and not have to explain anything 00:00:53 Just be handed another 3000 00:01:40 as you have said most of what was in the wallet shouldn't have been there 00:01:51 Or, to explain that my security was bottom tier and still be the front runner 00:02:27 nioc, yep.. and because of were useless, it will accumulate again 00:03:30 Right now, we _should_ have a jet fund. 00:03:30 240xmr leftover = same amount as overages wallet that should have been in plowsof posession 00:03:31 2000 xmr = funds being used to pay devs from generalfund right now, but should have been jetfunded 00:03:44 All we did, was lose 3000 xmr and give the jet fund to luigi and bf 00:04:13 Now we have a "protected" and "non protected" group, and 0 authority over how to use thr jet fund 00:04:20 you are of the opinion that luigi doesn't care about what happened which is based on ...... 00:04:35 We also went 60 days literally making excuses to devs about where their money was 00:04:46 > you are of the opinion that luigi doesn't care about what happened which is based on ...... 00:04:47 The fact hes gone til after thanksgivinf 00:05:02 And the funds finak soend was a few days before disclosuren 00:05:24 The active _hackers_ on the payroll werent told anything 00:05:32 !tip ofrn 1 real keyboard 00:06:13 If we wanted to track the funds or find the hole, youd think youd use the devs who want to track the funds and find the hole 00:06:38 Thats what you call having 0 faith in them 00:06:56 You called fluffy? And bf? But not plowsof, kaya, jeffro, berman, koe? 00:07:14 Thats not reality. thats a damn circus 00:07:43 If im holding money for the smaetest hackers i know, im not calling bf and fluffy for backup when i get robbed 00:07:56 Im calling the dangerous men and women who own the stolen funds 00:09:08 Someone wants to rob _us_?? 00:09:18 They want to attack the beehive?? 00:09:41 Oh. The security guard didnt wake the bees. 00:12:23 I'd take it personally if someone targeted _me_ to get one over on with the monero project. 00:12:23 imagine your the hacker 00:12:50 wouldnt you think these monero geniuses were hot on your trail from 5 seconds after you got out? 00:13:31 Nope. They were able to taje their sweet ass time and do whatever they wanted with the money for 60 damn days 00:20:13 the wallet itself gets only opened once every 4 months or so 00:20:38 once he saw the funds are gone 30 days had already passed, the funds were long gone 00:43:41 <1​23bob123:matrix.org> could of had SIEM solution setup 00:49:37 midipoet: context for my should/shouldn't be comment - the award for the most unclear "No" goes to https://libera.monerologs.net/monero-community/20231120#c305322 01:01:25 <1​23bob123:matrix.org> ``` 01:01:25 <1​23bob123:matrix.org> 14:16 01:01:26 <1​23bob123:matrix.org> midipoet 01:01:26 <1​23bob123:matrix.org> Unfortunately, i don't think it should not be luigi 01:01:27 <1​23bob123:matrix.org> 14:16 01:01:27 <1​23bob123:matrix.org> midipoet 01:01:28 <1​23bob123:matrix.org> *should be 01:01:28 <1​23bob123:matrix.org> ``` 01:02:05 <1​23bob123:matrix.org> ``` 01:02:06 <1​23bob123:matrix.org> 14:16 midipoet: Unfortunately, i don't think it should not be luigi 01:02:06 <1​23bob123:matrix.org> 14:16 midipoet: *should be 01:02:07 <1​23bob123:matrix.org> ``` 15:10:22 Anyone have a public statement by luigi saying he is willing to be CCS escrow agent again? 15:15:16 luigi1111: ^ 15:41:36 No we don't. 15:56:29 So we've got that settled ... 16:08:52 xD 16:16:23 Is luigi an option or not? A plain reading is that he is not available. So the "vote" should be closed. 16:17:24 I think some of us assumed that he had offered to continue his escrow work as before, and maybe our assumption was wrong. 16:19:08 A really good alternative in case luigi1111 declines, is midipoet's multiple members idea. 16:19:12 I'm against this very mildly for only one reason, that it is more complex than a single person approach. 16:20:00 But if it seems that three or more members in good standing could easily be convinced to do the work, it might be our best option. What do you think rucknium? 16:20:45 And rbrunner7, would either of you want to be in the multimember escrow group? 16:25:50 Is the idea to have a single multisig wallet or having multiple single-signer wallets held by multiple people, taking turns for which proposals they escrow? I doubt Monero's current multisig has enough confidence to do CCS multisig now. 16:31:06 rucknium: midipoet's idea does not require multisig. Rather, a one time pad style iteration among a group of escrow providers with a level of randomness. 16:31:10 I'm not strictly against it. I just am not sure 16:31:30 Okay luigi1111, just know that you have some very grateful fans in the audience. 16:32:30 I think we should continue plowsof's weeklong survey 'Luigi yes or no' and then deliver the results to luigi1111 can decide if he wants the role. 16:32:37 Would that be okay with you luigi1111? 16:33:18 Even if the community votes no, it's up to luigi1111 to decide if he's the new escrow boss. That's a privilege he (and core colleagues) have. 16:33:59 I plan to ping all contributors that have been through the CCS system to vote if they wish to 16:36:57 Anyone have a link to midipoet's idea? 16:38:13 e.g. from https://libera.monerologs.net/monero-community/ 16:38:54 Does this link in the meeting notes take you there (my phone doesnt want to cooperate) https://libera.monerologs.net/monero-community/20231124 RTFMeering issue! 16:39:03 Meeting* 16:41:24 Rucknium i just rtfmeering notes and the link was wrong , here https://libera.monerologs.net/monero-community/20231124#c306628 16:48:50 I don't know if the idea reduces the total attack surface. Maybe it does. (But IMHO we should not refer to it as one time pad style iteration since that's just confusing.) 16:50:18 I may ask the MAGIC Monero Fund committee if they would be willing to fund a bounty to improve multisig. Probably there would be no takers for the bounty, but we could get lucky. 16:51:25 Sorry rucknium, that's mixing concepts and I'll avoid the term again. 16:51:43 Thanks :) 16:51:44 I think midipoet has stated several times their idea, so it's a stable one not under development. 16:52:26 If we ask him (because we consider it an important option) then he would probably be convinced to create a document like a whitepaper or RFC. 16:52:32 BIP. 17:39:06 Well, the good thing for me with multisig would be that I would not carry responsibility *alone* and would *never* have power to spend alone, hence much lower chance to get into the crosshairs of somebody. That's not given with some one time pad scheme where at random times I would have power alone. 17:39:59 Because, as I speculate personally, may that was indeed the case with Luigi: That somebody, or some gang, made them their target and just dug long enough until they got the jackpot. I really would not want that for me ... 17:41:35 As for trust in multisig, being un-proofed and "experimental" and all: For me a question of the lesser evil. Single persons with full power over single wallets are an almost guaranteed week point, whereas the weak points with Monero multisig seem to be more on the theoretical side. 17:41:53 IMHO, of course. 17:42:27 But yeah, of course it would be somehow unsatisfying having to resort to that. 17:43:43 And, hardly anybody more aware about that, lol, Monero multisig is damned complicated as-is. 17:44:38 Which is itself again a possible source of weak points. I am just a bit uneasy already e.g. with 3/4. If more than 1 person loses their keys, gone are the funds. 17:45:44 Can't we just set up a clever Ethereum smart contract and let people donate ETH? (ducks and covers) 17:46:50 > if they would be willing to fund a bounty to improve multisig 17:47:08 and make a well planned rugpull , normal in the eth world 17:47:38 I see it as a grave chicken-and-egg problem: I stopped to work on the MMS because almost nobody used the poor thing ... 17:47:57 With a lot of people using multisig motivation would have been there ... 17:49:00 Is money a good motivator? 17:49:13 imo, multisig is still meh 17:49:29 We need better theoretical basis for the multisig implementation. We need better MMS, but also the theoretical work. 17:49:42 I would say it depends. For me personally, not so much, I have a full dayjob that already pays reasonably .. 17:50:59 For me, the MRL meeting about multisig made clear how hard it would be to get full, 100% trustworthy multisig just on the side of math and crypto. It's almost too easy to despair. 17:51:46 do we 100 percent sure know what / how exactly this happened, and are there ways, to clean up, secure against what happened ? 17:52:56 As far as I learned so far, no, it's not yet known what happened, and IMHO that's a point against Luigi doing duty again until it's known. Not a statemeent about them, but a statement about the unknowns in the situation. 17:53:40 I would give the theory "Luigi just took it" a quite low probability. 17:54:38 But there are many things that could have happened that would not have been possible if more than 1 person was needed to spend, if you ask me. 17:56:03 is this wallet moved from one person, to another person, then the leak could have been happened, on another place too 17:57:07 it does not make sense, going put from 'luigi just took it' 17:58:39 "going put"? 18:00:08 'stating' would be better 18:00:42 working on different platforms, seems there are some pool problems 18:42:46 I just brainstormed that the Monero project could sponsor the Python3 port of PyBitmessage, which is maybe half completed, make it happen *somehow*. As a messaging app PyBitmessage has some, let's say, retro charm, but for shuttling around Monero multisig related data packets it does the job. If only it could leave out-of-life Python2 behind already ... 18:47:22 rbrunner7: Will PyBitmessage or something with similar features be necessary for Seraphis multisig? Wondering about obsolescence when/if Seraphis arrives on mainnet. 18:58:12 I think the problem is smaller in Seraphis, because after wallets are established much less data must be sent around after transacting. But of course it still would be comfortable to be able to pass partially signed transactions to the next signer with some simple command, and also safer. 19:08:35 <4​rkal:monero.social> How can I get the average transaction fee? 19:08:54 <4​rkal:monero.social> Via api or something 19:09:51 4rkal: The empirical average tx fee or the fee that you should be using in your txs? 19:12:12 <4​rkal:monero.social> Both would be optimal 19:14:44 An RPC call to `monerod` gets you the fee you should use for your txs if you are building a custom wallet implementation: https://www.getmonero.org/resources/developer-guides/daemon-rpc.html#get_fee_estimate 19:15:22 A chart for the daily mean tx fee in USD is https://bitinfocharts.com/comparison/monero-transactionfees.html 19:15:55 The median is much lower. The mean is pulled up by a few txs that use a high nonstandard fee. 19:16:40 <4​rkal:monero.social> Cool thanks alot 19:16:58 More info: https://github.com/Rucknium/misc-research/tree/main/Monero-Nonstandard-Fees 19:39:55 Does anybody here have a link /room-name for policy working group? 19:40:11 I remember joining it long time ago but must have removed myself from the group. 19:40:29 I remember joining it long time ago but must have removed myself from the group. 19:43:33 Monero Policy 19:44:57 Thanks. 20:39:51 MoneroKon 2024 Call for Presentations now open https://apply.monerokon.org 20:40:28 please share with people you think would be interested in doing a talk or workshop at monerokon 20:48:04 <1​23bob123:matrix.org> Hows the progress on multi sig development ? 21:13:29 Nonexistent? :) No, maybe tobtoht may tell us what they are up to, and how far along they are. 21:29:04 <1​23bob123:matrix.org> One would think after the jetfund flew away that it might become a priority ? 21:29:47 rbrunner7: Currently finishing up a big Feather release that should be out some time next week. After which I will focus on adding practical multisig support. Shared some ideas with jeffro re: self-hostable message daemon / UX. Keep an eye on #feather:monero.social for updates. 22:39:43 <1​23bob123:matrix.org> What about monero gui/cli “ No wallet left behind”!!! 22:56:09 Dan r/dark (Is not the man & Braxman Tomsparks Advocate ): Multisig was discussed two MRL meetings ago: https://libera.monerologs.net/monero-research-lab/20231115#c303794 22:56:35 My conclusion: "If anyone really wants to work on multisig, especially in the direction of kayabanerve 's proposal, please speak up. IMHO, this was a productive conversation, but I don't expect any action to be taken unless more labor [is] put toward the problem." 22:57:13 Proposal is: "What'd likely be easiest, in a pure-C++ way, is to explicitly intended Monero's DKG to match MRL-0009 (if not already) and have it audited to line up. Then, a Musig2-esque CLSAG should be formalized (likely a modification of MRL-0009's Musig-DN-esque CLSAG?) and Monero should explicitly intended to match it. The fact it lines up should be audited." 23:27:30 Very much appreciated, tobtoht @tobtoht:monero.social: and jeffro256: