18:21:30 [CCS Proposals] plowsoff closed merge request #622: 39C3 Support https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/622 18:21:41 [CCS Proposals] plowsoff closed merge request #651: Grease Payment Channels -- production implementation and SDK https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/651 18:21:53 [CCS Proposals] plowsoff closed merge request #660: monero.eco 2025-2026 compensation https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/660 18:22:52 [CCS Proposals] plowsoff closed merge request #672: Integrating Monero to AirGap's cold wallet solution https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/672 18:27:57 [CCS Proposals] plowsoff opened merge request #679: move sneedle/fcmp audits to wip https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/679 18:59:40 Top comment was paid by Vik Sharma. https://old.reddit.com/r/Monero/comments/1opli92/million_downloads_of_cake_wallet_a_personal/ 19:00:01 His "marketing manager" is refusing to answer these questions on X: https://xcancel.com/vikrantnyc/status/2059130928866247022#m and blocking users. 19:01:47 What questions 19:34:29 https://mrelay.p2pool.observer/m/matrix.org/txTgvzEPuoJahMSwgqYHHxPC.jpeg (viklols.jpeg) 19:35:21 <321bob321> Martian? 19:43:03 wild what people do 19:43:05 i use twitter to shitpost and take some notes 19:43:12 so you are supposed to buy fake followers and retweets? 😆 20:16:17 yep, the whole game is so sold out and artificially pumped it’s not even fun anymore: on twitter I feel like a natural bodybuilder who accidentally walked into Mr. Olympia )) 20:19:26 reallyunhinged i cant tell who is what on that screenshot, if the question is why is cakewallet not listed on getmonero then who ever asked it should look at getmonero first 20:19:56 @aillia:matrix.org: also: monero people are very individualistic. everyone is in his own mental corner. we have to concede that the zoggers are better at coordinating the cult and crafting a coherent narrative 20:20:16 (even if it is fake and build on mistruths more often than not) 20:22:38 they also go into it as a group pvp game / they pay for botted likes on replies: https://xcancel.com/spirobel/status/2057718548068282666 this chubby kid from the whiteboard scaling video was in my replies here and his two comments instantly had 17 likes (both of them, which were a reply chain ) 20:23:33 i think all of their shit can be undone when you win the "micro" (starcraft terms) often enough 20:24:15 because it will recurse through their cultist + clanker hive mind that they are losing and then the downward reflexivity begins 20:25:29 <321bob321> plowsof: You’ll find out july 1st 20:25:42 plowsof: Screen shot was obviously before they were re-added. Vik paid many people to get re-added. Would you like to discuss further? 20:26:22 <321bob321> The point of this is what? 20:26:36 <321bob321> Companies pay for marketing ? 20:26:50 <321bob321> Spoiler it happens everywhere 20:27:23 🍿 20:28:05 plowsof: It says that unhinged got paid to post for vik, and that vik didnt stopped paying him 20:28:34 Its a screenshot of a dm from 6 months ago 20:28:59 Edit: that vik stopped paying him* 20:29:13 https://mrelay.p2pool.observer/m/matrix.org/VVvjaRMxewCmkLAuLVwURTlD.jpeg (paid.jpeg) 20:29:38 Now unhinged is mad that vik doesnt wanna pay shills, is what it sounds like this is 20:30:49 Just being transparent. Where are you picking up anger? 20:30:59 he is not 20:31:12 i mean i am not 20:31:18 ofrnxmr and I are the same person 20:32:22 @reallyunhinged:matrix.org: I clicked the link and saw this already 20:36:30 instead of paying shills and playing a pvp game over the existing audience it would be much more productive to just build up a decent media org and pay for banner ads to build a new audience to grow the pie 20:36:54 but also not much sympathy for the shills. bohooo 20:37:46 <321bob321> Its just a nothing Burger 20:38:00 <321bob321> The money tap stopped 20:39:31 "Vik paid many people to get re-added." why didnt anyone tell me??? 20:39:45 https://mrelay.p2pool.observer/m/matrix.org/uPbByRetICNMVvIPtDwPjXgW.png (image.png) 20:40:01 eigenwallet apparently exploited 20:40:10 wouldnt call it a nothing burger. astroturfing and snakey stuff like this, paying people off creates general distrust. not good that it is normalized but also not the biggest deal 20:40:11 hi jwinterm thanks for sharing 20:40:38 hello, please make payments out to my company for tax purposes :P 20:40:55 @jwinterm:matrix.org: "thee may be a vulnerability" 20:41:23 yea but when he says "Possibly actively exploited" seems like a strong "may be" 20:41:29 true 20:41:33 anyway just sharing 20:42:03 so panic 20:42:37 eigenwallet cant possibly have been exploited as they are using claude and 1M context 20:42:51 @spirobel:kernal.eu: "paying for shills is bad because it disrepresent the genuine population of your product and is deceptive", incredible statement i know 20:43:06 only hot take in this chat 20:43:38 @plowsof:matrix.org: this is why I always get codex to review my claude then run the whole thing thru gemini 20:44:11 they probably forgot to tell it not to make mistakes 20:44:34 very important to add "secure" at the end of your prompt 20:45:30 Should have opted for the max subscription :pensive: 20:46:23 @plowsof:matrix.org: memes aside, did they actually vibecode? 20:46:40 @intr:unredacted.org: OH 20:46:41 NEVER 20:46:49 ITS WRONG FROM YOU TO ASK 20:46:54 STOP DOUBTING 20:46:56 lmfao 20:46:59 EMBRACE THE PROGRESS 20:47:09 my brother in avian I'm pretty much totally out of the loop with eigenwallet 20:47:19 @intr:unredacted.org: Yes 20:47:22 @intr:unredacted.org: same 20:47:31 @ofrnxmr:xmr.mx: god damn it dude 20:47:34 they forgot to remove the unsafe keyword 20:48:03 https://github.com/eigenwallet/core/blob/master/AI_POLICY.md 20:48:25 @intr:unredacted.org: I think the asb was created before they started using ai to write code, but they def write code with claude now 20:48:52 https://mrelay.p2pool.observer/m/unredacted.org/ePpycPsNdikTpmfwDVaYhxcf.png (clipboard.png) 20:49:04 funny seeing this and scrolling down to AI written garbage 20:49:08 https://github.com/eigenwallet/core/commits/master/?after=a81417607595b7f7e8bcae3eb114d6efae8233d5+34 20:49:43 Co-authored-by: Claude Opus 4.7 (1M context) 💪enterprise grade 20:49:54 cuprate is organic code 20:50:00 edible 20:50:10 eigen is mechanic code 20:50:15 taste like metal in mouth 20:50:31 i don't have anything else to say i'm drunk right now 20:50:52 cheers 20:51:06 @spirobel:kernal.eu: https://github.com/eigenwallet/core/commit/3c3a9fb3b9683d3540aa001fc4f7cb4b03328137 20:51:06 co-authored by himself . You think this is manually commited? Lol 20:51:19 https://github.com/eigenwallet/core/commit/22b7608e72d7496833fd6d21fbdd61c4cd6cc725 20:51:19 co-authored by claude twice. Bro doesnt even audit the commit messages 20:51:36 @ofrnxmr:xmr.mx: PLACE TO OUR SPONSOR CODERABBIT AI 20:51:49 400% OFF WITH DISCOUNT CODE SYNBIRD 20:52:28 @ofrnxmr:xmr.mx: I lied. 3 times 20:52:41 I guess from squashing vibe commits 20:52:50 actual genuine brain rot 20:52:51 syntheticbird i like the how fucking dare you, type response 😆 20:53:58 plowsof i like you totally i could eat you alive and leave no trace for your family and friends ❤️❤️❤️ 20:54:32 🥰 20:54:40 bisq dinosaur java code vs claude code gozilla ... 20:54:50 which one do you trust with your life savings? 20:54:53 you have to pick one 20:55:37 @spirobel:kernal.eu: everytime i tell myself "Claude could save this software" I remember most of the time i find LLM useful is when I'm in despair 20:55:39 Memory safe and 20 dependencies vs. memory safe and 800 dependencies 20:56:15 @jpk68:matrix.org: I need to introduce you to the java ecosystem my brother 20:56:38 No thanks :P 20:56:57 @jpk68:matrix.org: good decision 21:01:08 @syntheticbird: https://mrelay.p2pool.observer/m/kernal.eu/QuNAxguvjJygzujUXUfQtlnc.png (image.png) 21:01:27 i try to use elons rok to do search 21:01:35 it makes shit up all the time 21:01:54 and then gets sassy about it. so i gave it this prompt template 21:04:56 i hand crafted a web framework over the last few years that is as minimalistic as possible. 21:05:28 tried to do get qwen 3.6 in ollama to extract patterns from a codebase and write docs based on it 21:06:19 i had to go through manually and it still looks like shit. so in the end i am not sure if it wasted time or saved time 21:06:52 open cargo.lock, ctrl+f [[package]], "More than 1000 matches". 21:06:56 why is every rust project like this 21:07:19 it is simply too memory safe and blazing fast for you 21:07:48 didn't you hear, npm is migrating to rust 21:08:32 frfr ong and such 21:08:36 Won't fix the main issue right? 21:08:36 Supply chain compromise. 21:09:14 @spirobel:kernal.eu: Qwen 3.6 is too dumb for that imo, at least the one you can run locally. 21:09:14 And GLM forget >50% of the code you feed it in 21:11:36 It is genuinely perplexing to me how people seem to give Rust a free pass when it comes to insane dependency graphs and centralization risk. Like, we removed miniupnpc because there's a security benefit to reducing unneeded dependencies, yet fcmp_pp_rust adds 80 crates and no one thinks there's anything wrong with this? 21:12:12 @jpk68:matrix.org: bro literally any sane rust user think there is something wrong with it 21:12:13 We all think theres something wrong with this 21:12:15 don't act like we don't see that as a problem 21:12:16 Haha, speak of the devik 21:12:31 Not to mention that you need a connection to crates.io to build it, and a GH account to use the registry 21:12:49 @jpk68:matrix.org: false 21:12:59 You can use mirrors of crates.io or third party registry 21:13:09 forgejo have first class integration for publishing third party crates 21:13:20 very easy to add to your codebase and circumvent crates.io 21:13:27 And I can't think of one project that uses it 21:13:50 @jpk68:matrix.org: fcmp_pp_rust is a fast-track to mainnet. Imo, ideally, we reimplement it in c++ 21:13:52 @jpk68:matrix.org: FOSS project don't care because they visibility. It's very much use in any enterprise proprietary licensed setup 21:14:31 @ofrnxmr:xmr.mx: ask claudeTM 21:14:49 (kayabanerve might kill us) 21:15:19 "Claude please dont put that strange connection to a .Il domain in the code" 21:15:22 I can do it before july 1st w/ martians help 21:15:39 Ask Claude for the conversion and Codex for the audit! 21:15:47 Just use duckai, noobs 21:15:56 Gemini can audit 21:16:09 @ofrnxmr:xmr.mx: last time I used duckai was for vibecoding the sync plotting graph in early test of cuprate syncing 21:16:49 inb4 you are a vibecoder. ITS PYTHON WHO CARES 21:17:24 It would be nice if people could maybe be a bit more vocal about their concerns related to centralization, then 21:17:34 Thinking specifically about GH and Cloudflare 21:17:55 @jpk68:matrix.org: I made a CCS proposal related to it and I'm appealing for funding of an alternative main hosting and CI. I can't do more 21:17:56 Yes, I know everyone is busy. But this is important :P 21:18:43 @syntheticbird: Is it still open? 21:18:54 I would strongly support it 21:19:51 . > [CCS Proposals] SyntheticBird opened merge request #678: SyntheticBird Cuprate Address Book, Reproducible Build and Supply Chain Security (3 months) https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/678 21:20:35 Already upvoted, lol. Didn't realize this had to do with Forgejo 21:20:43 @jpk68:matrix.org: oh no no 21:20:52 it had nothing to do with forgejo 21:21:01 my bad i put the two topic on the same sentence 21:22:39 F7BLX4e4yEG$A!%$Xh2X 21:22:46 Sorry, ignore 21:22:55 incredible 21:23:15 please enable 2fa, thank you 21:23:38 its recorded forever on monerologs.net jic 21:23:55 my bouncer too incase you need a backup 21:24:02 lmao 21:24:08 FYI it was newly generated, not used for anything. Don't worry about it :) 21:24:30 feds, he is gaslighting you into thinking its a nothingburger 21:26:27 @ravfx:xmr.mx: i am looking at small models since the last 3 years https://github.com/spirobel/bunny-llama like mistral 7b and just stare at the output and see what they can do. and the difference between instruction tuned models and base models... studied the llama.cpp code base and the development around constrained de [... too long, see https://mrelay.p2pool.observer/e/wZG3_YYLWFdVV2g2 ] 21:26:28 Deepseek V4 works pretty nice when its about big chunks of code 21:28:39 > <@jpk68:matrix.org> It is genuinely perplexing to me how people seem to give Rust a free pass when it comes to insane dependency graphs and centralization risk. Like, we removed miniupnpc because there's a security benefit to reducing unneeded dependencies, yet fcmp_pp_rust adds 80 crates and no one thinks there's anything wrong with this? 21:28:39 thats my issue with rust, you can tell where the package dev came from after analyzing how many crates it was used 21:30:45 I do ask new local models to make me some code in assembler for DOS (Simple VGA demo that run in pmode). 21:30:45 Only GLM passed the test so far 21:30:45 Yet if you feed it the code it pissed and ask it to refactor something it often forget half of the code you just gave it and complain that the code is missing functions 21:31:11 I think qwen 3.6 improved a lot the "forgot part of the prompt" problem 21:31:43 Ask a LLM about something super niche in the great realm of the internet -> is surprised it fails miserably 21:31:46 @adderall:fvcked.life: the deepseek v4 context size is a larp though. its all information theory at some point there is too much noise in the channel. they are giant zip files that you can use like a comb to achieve certain tasks. but its unclear if in the end more time was wasted and it would have been better to just do [... too long, see https://mrelay.p2pool.observer/e/k97K_YYLVXZkcVh6 ] 21:31:58 Tor devs did that but with rust > <@syntheticbird> ask claudeTM 21:32:13 Arti is vibecoded? 21:32:41 A project converted whole codebase from C to rust with a clanker the other day, I don't remember which one 21:32:42 I wasn't aware of that 21:33:17 This is where your tax dollars go, BTW: 21:33:17 https://www.darpa.mil/research/programs/translating-all-c-to-rust 21:33:27 regardless of whether its the case, daily reminder that the project is a honeypot 21:33:41 @ravfx:xmr.mx: bun did a zig to rust but they had a good testsuite and infinite token budget 21:34:01 @spirobel:kernal.eu: yeah that's the one... Zig to rust, not C to rust 21:34:13 honestly this approach might have legs, to use the clanker as a fuzzer 21:34:16 +1000000 rewrite in rust meme pr 21:34:27 Zig is better anyways 21:34:32 clanker seam to be a good option to audit yeah 21:34:35 Zig sucks 21:34:38 It can find thing you did not see 21:34:38 and you know it 21:34:46 and also complain on false positive 21:35:23 both rust and zig are better than cpp 21:36:06 except for the supply chain problem (at least for rust, I have no idea for zig, never tryed it) 21:36:28 What project was that with the 1 million line port to rust? 21:37:04 Was that bun 21:37:05 @ravfx:xmr.mx: there is no supply chain problem if you pin the versions / git commits or use submodules ... nobody forces you to use crates io for everything ... cpp supply chain is a total desaster 21:37:20 @spirobel:kernal.eu: assuming you audited all the dependencies 21:37:32 and then pinned them down 21:37:44 Zig is in the Goldilocks zone when it comes to the content of its standard library, IMO. Rust has pretty much nothing in there, meaning everyone has to use a bunch of dependencies for basic functionality, whereas C++ doesn't know how to say no and got way too complicated 21:38:05 @ravfx:xmr.mx: i see it more as a network effect thing: rust just has the snowball growing for cryptography related libraries. no other ecosystem is going to take over 21:38:15 You know you're overcomplicating things when your language's for loops expand to iterator chains (looking at Rust here) 21:38:43 Zig also plays nice with C and has super small binary sizes 21:38:53 That's enough shilling for today :P 21:39:35 tobtoht: Are you a Zig fan? We should add build.zig to Monero /s 21:39:45 monero rewrite in zig incoming 21:40:01 <321bob321> Zag* 21:40:33 Just rewrite it to x68_64 and arm assembler and call it a day (hand optimization only, no clankers allowed) 21:40:58 Neovim added build.zig: https://github.com/neovim/neovim/blob/master/build.zig 21:41:05 rewrite all dependency, that way you don't need dependencies. win win 21:41:23 Can ask the linker to not link agains libc! 21:41:32 @jpk68:matrix.org: yas ... i tried this 4 years ago https://github.com/spirobel/monero-zig/blob/master/src/main.zig 21:41:58 That's pretty cool 21:42:21 It would also be cool to support Fil-C builds for the security-conscious 21:42:53 i gave up though after the logging library depended on signal.c and i wanted to use the wasm unknown unkown target 21:42:54 i like tiny binaries https://github.com/tobtoht/ln-guix-store/tree/feather > <@jpk68:matrix.org> tobtoht: Are you a Zig fan? We should add build.zig to Monero /s 21:43:08 <321bob321> Thats what she said 21:44:05 @tobtoht: Yeah, I did see you did "think" about that for the windows release. I did notice a windows.h somewhere a while ago but nothing using it I think. 21:44:05 Imajin not having to rely on QT 21:44:51 At least feather look great when used with Plasma 21:48:56 Arent "Tiny" binary should fit in one 64KB segment 21:49:18 the question is how can we get through more trust worthy code bases and swaps that will not get easily exploited 21:49:31 i dont think language choice matters in this regard 21:49:56 Ideally you use the less dependency as possible, that way you don't depend on them! But that would require a LOT more time. 21:50:21 @tobtoht: I did end up rewriting this in x86_64 asm because I didn't want to bootstrap zig lol 21:50:30 https://github.com/feather-wallet/feather/blob/master/contrib/depends/patches/flatstart/main.S 21:53:43 @ravfx:xmr.mx: yes to some degree that is true. some dependencies are not bad though especially if the code is well audited and understood 21:54:19 i also dont think clanker use by itself is the issue. bun was bought by anthropic. they heavily use clankers but didnt have any major security issues so far 21:55:23 also: if you dont use clankers someone else will. if there is a good test suite the clankers can act as more intelligent fuzzer that produces the right kind of entropy to find new kind of bugs 21:56:26 eigenwallet uses the atomic swap that was implemented long before clankers arrived 21:57:23 lets see if the issue is fundamentally part of the way the swaps were implemented or somewhere above 21:57:41 I will make fun of them for vibecoding regardless 21:59:21 yes maybe they trusted the clankers too much. but i am sure they will come out of this with a deeper understanding and hopefully more humility towards the issues that come with letting clankers into our development work flow 21:59:41 @spirobel:kernal.eu: <-- clueless 22:00:30 its still great that someone made atomic swaps more accessible to the average user. 22:00:39 @spirobel:kernal.eu: The issue with systems like eigenwallet or haveno (both exploited) in the complexity of the surrounding code. Both systems have re-invented communication protocols which are error prone and could lead to exploit on an otherwise perfectly valid actual swap protocol. 22:01:08 I used a clanker to reimplement malloc, it just work 22:02:10 @hbs:matrix.org: making the communication protocol simpler would be the right direction. i just remember something about using libp2p havent looked closely at their codebase yet ... 22:04:08 @spirobel:kernal.eu: IIRC Athanor's labs ETH-XMR atomic swaps used libp2p, but still, the protocol on top which is key in the exchange of parameters needed to perform the swap may have flaws. 22:06:09 @hbs:matrix.org: why not just use a simple rest api for communication? maybe because it already depended on libp2p continued using it. it might be too complicated to get right easily 22:06:49 @spirobel:kernal.eu: I took another route, get rid of the added communication layer completely. 22:07:08 @hbs:matrix.org: how does it work? 22:07:23 without the communication layer 22:08:04 @spirobel:kernal.eu: In the case of EVM based atomic swaps, use a smart contract as the (async) communication layer. 22:08:51 so the offers are written on chain? 22:08:58 Yes 22:09:56 makes it hard to ddos. means you have to ddos all eth nodes to ddos the makers 22:10:02 i think they had issues with that 22:10:22 But don't that will make it expensive to use when the chain will be used for the next big scam? 22:11:00 Or they actually fixed that, no risk of 30$ gas prize? 22:11:04 @ravfx:xmr.mx: You mean when block space is packed with monkey pictures or something similar? 22:11:09 @hbs:matrix.org: yep 22:12:06 <321bob321> Cat pics* 22:12:23 @ravfx:xmr.mx: That was the case 4 years ago, today tx cost are way more reasonable, not mentioning other chains like Base, Arbitrum, OP, Gnosis, where tx cost a fraction of pennies even for gas budget in the millions. 22:13:02 And for Ethereum mainnet, the upcoming Glamsterdam upgrade will increase the block space even further. The mid term target on the Ethereum roadmap is 200M gas per block. 22:13:45 @hbs:matrix.org: base scales by buying a bigger aws instance 22:14:22 @spirobel:kernal.eu: True, I was not advocating for Base, just saying the EVM landscape has tremendously changed from 4 years ago. 22:14:30 Current gas price on Ethereum mainnet is 0.051 Gwei 22:15:34 <321bob321> Inverse of real petrol prices 22:17:00 @hbs:matrix.org: probably has the most uses though. people could onramp directly from the coinbase defi app to monero 22:18:45 would they need monero to take the offer? 22:20:39 @321bob321: petrol did not move here :p 22:21:14 <321bob321> Iranian spotted 22:21:24 And last time I brought gas it was cheaper than the previous time I brought gas, which was cheaper than the previous... 22:21:26 @spirobel:kernal.eu: no they would just need ETH 22:24:31 @spirobel:kernal.eu: BNB-XMR swaps would reach an even larger user base 22:26:12 @hbs:matrix.org: is it deployed on base / binance smart chain? 22:28:18 @spirobel:kernal.eu: Can be deployed on any EVM chain 22:28:58 But to answer your question, to the best of my knowledge, no. 22:29:26 But it could if somebody is willing to