06:55:47 I do not see a significant reason to keep rucknium's analysis private based on my best assessment. I already commented this on the CCS proposal 06:55:58 the applicability to arbitrary transactions is reasonably small 06:56:57 and any such "vulnerability" has already been majorly patched in #7821 06:58:32 beyond that, the "vulnerability" generally refers to improvements of the selection algo, which is something that can always use improvement but isn't worth panicking over in my opinion. It's reasonable to speak about the scope of these problems and the results in MRL imho 06:59:40 such over-caution on open research is going to cause more harm than good in this area 07:22:05 I'd suggest also to write a post-mortem similar to Justin Berman did (https://www.getmonero.org/2021/09/20/post-mortem-of-decoy-selection-bugs.html) 07:22:09 ^ Rucknium[m] 08:15:28 Friendly reminder: Dev meeting this Sunday at 1700 UTC. Agenda: https://github.com/monero-project/meta/issues/614 10:35:43 dEBRUYNE: Post mortem of what, exactly? 10:39:01 the "vulnerability" generally refers to improvements of the selection algo, which is something that can always use improvement but isn't worth panicking over in my opinion. 10:39:03 ^ That basically 10:41:14 It's too early to say whether it is worth panicking over. 10:41:52 Look, sgp_ has done great things for Monero and has been involved in lots of technical discussions, but his technical understanding has limitations. 10:42:51 isthmus, who has a Ph.D. from a top-ten U.S. chemistry program and has been working as an MRL researcher for years thinks, as I have stated in this channel previously, that 10:43:22 my work is "a fundamental breakthrough in analyzing Monero-style ledgers" that is "potentially catastrophic" and "might be honest-to-god RIP for Monero at current ring size and composition". 10:43:45 I am merely saying that we should be cautious with wording and not unnecessarily antagonize users 10:43:53 Initial assessment of the other bug was also wrong 10:43:53 We are having other qualified people within the Monero community review it as we speak 10:44:33 Using those quotes without having proper review of other members is arguably unnecessary spreading fear 10:44:39 You know, the more this game of secrecy goes on over something that was essentially qualitatively known, the more I'm starting to smell something off. 10:44:43 dEBRUYNE: Yeah, which is exactly _why_ the technoque and associated information should not be released. we don't understand how dangerous it all is yet 10:45:52 moneromooo: What do you mean by "off", moo? 10:46:15 It suggests some hidden motive. 10:46:20 You know there are people currently reading it who can offer a good assessment 10:46:31 What motive? 10:46:40 That I want to FUD Monero or something? 10:46:48 I'm not sure. It is just starting to feel off. 10:47:04 It doesn't really add up. 10:47:21 Non-experts are commentating and I'm pushing back, based on the fact that they are not experts 10:47:36 Let's wait for more experts to weigh in 10:48:46 Look, different users face different threats. For some users, probabilistic analysis doesn't matter. for others, it does. 10:48:48 Rucknium[m]: Given that 'we don't understand how dangerous it all is yet' we shouldn't draw conclusions and use words that may antagonize users 10:48:52 That's the point I am trying to make 10:48:56 And I feel that's currently not the case 10:50:21 Well, maybe SGP shouldn't have given his assessment publicly then either 10:50:32 SGP has an undergraduate degree only. So does jberman 10:50:40 The bug Justin Berman found was initially deemed to be of high impact. After further review it was concluded that the impact was not as high as initially assessed 10:51:02 In the meantime we had news outlets writing various articles about how 'Monero's privacy was broken' 10:51:13 The only person with a Ph.D. that has weighed in says that it is a problem. Now several people with Ph.D. are examining it and will hopefully give their views shortly 10:52:03 I don't think degree / no degree can necessarily be used as measure to determine one is qualified 10:52:39 dEBRUYNE: Here's the problem, of Monero's own making: I need to raise community support for my project. The remedy to the problem is linked to the attack. People are saying I should release even more info about the attack 10:53:03 That's not the point. This is appeal to authority *and* we've known there is a problem for ages. It's builtin. 10:53:29 Ok, yes there is a problem. Everyone agrees 10:53:40 I have a proposed fix. We are all on the same page 10:54:15 * moneromooo misses the days of "just fucking fix it". 10:54:42 (not for this particular case alone) 10:55:02 I agree that I should just fucking fix it, but I cannot work for months for free. That's unreasonable any way you slice it 10:55:40 If there was some other funding mechanism than CCS, then maybe we wouldn't be having this conversation. 10:56:15 Jesus, straw man. 10:56:42 * moneromooo goes back to more interesting stuff before getting angry 10:56:47 What's the strawman? 10:57:44 I agree that these things raise the conversation temperature around here. As I have said before, sometimes my emotions come out in a way that I don't want them to 11:56:29 I might be off here, so apologies if so, but I think part of this comes down to financial interest. There's a risk to Rucknium, once the information is made public, that he doesn't get the paid work for improving the mixins, and also potentially doesn't get the bug bounty. I'd probably feel the same anxiety if I thought I had some paid work lined up, and then saw it potentially slipping out my 11:56:35 fingers. However, given that we now have JBerman, SGP and monoromoo (who've seen the write up) advocating for making this info public, it's probably worth clarifying on a few things. 1) if made public - does Rucknium get the bug bounty or not? He has previously said he doesn't care about that monetary aspect, but probably worth still clarifying (?). Then 2) Will making public impact Rucknium's CCS 11:56:41 proposal getting funded? Hard to tell, but probably not? There seems to be concensus that this is a weak point in Monero, and effort to improve it is desired 11:57:47 sorry *moneromooo, i often forget the third 'o' in your name! 11:58:48 john_r366: To clarify this specific point: "He has previously said he doesn't care about that monetary aspect, but probably worth still clarifying".... 11:59:26 I do want to get paid for months of work. However, I don't care much if it comes in the form of CCS or the "bug bounty". 12:00:26 People should also be aware that conceptual problems, and not just code bugs, are within the scope of the Vulnerability Response Process / HackerOne 12:00:46 "This Vulnerability Response Process and subsequent bounty reward apply to the following....(2) Written research from the Monero Research Lab which dictates said code implementation" 12:00:51 https://github.com/monero-project/meta/blob/master/VULNERABILITY_RESPONSE_PROCESS.md 12:03:49 Whether it is made public or not has no bearing on whether there is a bounty. However, whether it is deemed worthy of a bounty has influence on whether it is made public. 12:04:02 I've not thought about whether a bounty is applicable here tbh. 12:04:38 As for the work, improvements to the fake out selection is always good, whether the analysis is public or not. 12:04:43 Keep in mind that 11 -- Eleven -- people worked on Moser et al. (2018), which currently determine the mixin selection algorithm. I am not sure how many labor hours went into that paper, but it's probably a lot. Of course, the paper did a lot more than just suggest a new mixin selection algorithm 12:05:14 The only change that could hapoen here is some other person seeing the analysis and doing the work for free to trying another CCS. Slim chance. 12:05:50 sgp made a suggestion in his comment on my CCS that 10 weeks of work by one person (me) plus an undetermined amount of work by jberman may be "on the high side" 12:08:09 (And Moser et al. (2018) couldn't even get it right. They made basic mistakes.) 12:23:32 @Rucknium - moneromooo has just clarified that making this info public does not impact whether or not there is a bounty. So that avenue of payment isn't invalidated. And then in terms of the CCS, it doesn't appear that anyone else is clamouring to do the same work - so that avenue will remain open. It may be worth getting alongside moneromoo, JBerman and SGP - opening up this information, and then 12:23:38 pushing forward to get this CCS into the funding stage? 12:26:15 john_r366: " It may be worth...." Yes, possibly. I think even more people should be brought into the conversation.... 12:27:34 In my HackerOne submission I specifically suggested 3 people in particular to act as auxiliary reviewers, since the contents of the submission may have been outside of the area of expertise of luigi and moneromooo... 12:29:11 Two of those people were jberman and isthmus. jberman has weighed in, giving a comment on the CCS proposal page. isthmus has not really made much in the way of public statements, but he is busy with his day job and just sunk a ton of time into Monero, for free, with his (our) analysis of the tx volume anomaly, which I hope people have read. 12:29:42 The third person is in the process of reviewing it. 12:30:09 I believe I have had to do all the legwork to get the auxiliary reviewers on board. 12:31:45 There are also two more Monero community members with Ph.D.'s who have requested and received the HackerOne submission. I'm not sure what they intend to do, though -- give feedback to me privately? Discuss in a group? Public statement? Unclear so far 12:32:29 Ok, so where are you in the process of thinking about opening this information up publicly... you want to wait for this third reviewer to complete? 12:33:09 I guess people hate "appeal to authority", but even one of the people with a Ph.D. told me directly., "Oh, BTW, I have a Ph.D. in X technical subject" when requesting the HackerOne submission, so at least they may think it is important 12:33:40 "Rucknium: Given that 'we don't..." <- ^ 12:34:40 I will refer to dEBRUYNE 's statement here. We don't fully understand how the information could be used by a Monero adversary. I don't understand the urgency for release. Good science takes time. It always does 12:35:51 Look, all of you: I took very seriously the suggestion 1.5 months ago by someone, I don't remember who, that the recent bug found by jberman did not follow proper Vulnerability Response Process guidelines. 12:36:00 So I tried to do what I thought was right 12:36:26 I am under a ton of heat right now. I can take it, but you have to understand why I am doing what I am doing. 12:37:26 Also also take into account my inexperience in this particular area. I don't understand vulnerability processes very well, or the FOSS community for that matter 12:38:03 It hasn't help, frankly, that moneromooo said that he doesn't like to follow formal VRP processes. That's a problem when I don't understand the implicit norms. 12:38:20 * It hasn't helped.. 12:38:57 In what way did this hinder you ? 12:39:56 I like mooo. I respect him a lot. Overall I think we have a good working relationship. The whole reason I became involved in Monero research is because mooo made an awesome diamond-the-rough blockchain game, Townforge, actually. But I have not been happy with how my HackerOne submission has been handled 12:40:26 Dude. You want it kept secret but keep talking it up in public. 12:40:31 THAT is what annoys. 12:41:01 Not following formal processes? Well, I don't know the do's and don'ts. Apparently I have done a lot of the don'ts. I am sorry for doing the don'ts, but in some ways the responsibility is shared 12:41:21 moneromooo: You gave no clear guidance at all when I specifically requested you tell me what can and cannot be released 12:41:29 I feel a bit dizzy from this continuously circular discussion... 1) Rucknium[m] it may have been useful to get all those extra expert opinions before bringing up the proposal. Now, community members like sgp have no choice but to be vocal in opposition to perceived mistakes for lack of a better option (ie assessing the arguments of those experts). 2) In my experience, closed R&D cycles in crypto are very frustrating because they 12:41:29 feel like runaway trains you have no possibility of affecting (whether or not it needs to be affected). The healthy dynamic is ‘here’s my idea, let me know what you think’ rather than ‘I’m (or we are) doing this thing unless you convince me/us not to do it (or kidnap me/us)’. 3) Appeals to authority can be useful, but in limited cases (like “let’s delay until an expert can look at this” or “let’s hire an 12:41:29 expert to work on this”). It works when you are unable to make a convincing argument - eg your ability to assess something isn’t good enough or the subject matter is too complicated so you want an expert to help. I’m concerned you put too much weight on qualifications as a general rule for ‘does your opinion matter?’. Note that Monero and Bitcoin were and continue to be designed and built by mostly pseudonymous people. 12:41:50 I tend to err on the side of what the reporter wants. 12:42:15 The main thing I want to result from this submission is an o􏰇cial determination of what should be redacted from a public version of this document in order to protect user privacy. I give my own view about information exclusions in Recommendation III. I wish to submit a CCS funding proposal that is based on this 􏰀roadmap􏰁, so your views on redactions is appreciated. The organization and tone of this roadmap will likely change 12:42:15 before release, but the basic elements are all here. The second thing is to initiate the Monero process for mitigating vulnerabilities, whatever that may be. The third and 􏰅nal thing is to determine if this submission quali􏰅es for a vulnerability bug bounty. I have attached an XMR address for use if a bounty is deemed warranted. 12:42:31 ^ That is literally the first several lines of my HackerOne report 12:43:58 Meh, formatting. The "􏰅" should be f's, mostly 12:44:43 So it should be clearer why I did what I did, and when I did it. 12:45:38 I submitted this report, said, "Please tell me what is sensitive, moo and luigi, so I can construct my CCS." I got not clear guidance on what was sensitive. I took that to mean that everything was potentially senstive, so I wrote my CCS in the way that I did 12:46:16 Does that clarify my actions to everyone? 12:47:21 It does. Regarding the idea of redacting certain info, it would seem that those who've voiced opinion on making it public (and have seent he document) - moneromoo / SGP / JBerman - don't feel strongly about redacting any content. 12:47:24 mooo felt that a lot of the report was "fluff", so I didn't even want to press him harder on my request for some determination of what was sensitive and what was not 12:47:35 Alright. I will go reread that section and tell you my opinion then. 12:47:47 moneromooo: That would be awesome. Thank you 12:49:41 john_r366: For SGP and jberman, that may be true. For moneromooo , in an earlier discussion about a week ago, he said to not make it public, weakly. He asked if I thought publicly releasing it would aid "assholes" or "helpers" more, at this point. I said the formner, so he deferred to me on the matter 12:50:15 I feel strongly we need more people who have seen the report to weigh in before we go the way of releasing it publicly. 12:50:33 Makes sense - sounds like moneromoo will clarify on that position shortly 12:51:48 Sounds like something I'd say. I don't mind it being private while being worked on. What is started to really get on my tits is the public shit slinging while pointing to secret stuff of unknown magnitude. 12:53:13 moneromooo: I will again refer to the formal VRP process: 12:53:13 "If disputes arise about whether or when to disclose information about a vulnerability, the Response Team will publicly discuss the issue via IRC and attempt to reach consensus" 12:53:42 We have. Impasse between you and sgp mostly :) 12:53:57 Maybe there should be an acronym for following processes, like there is for RTFM 12:54:03 FTFP 12:56:26 moneromooo: Maybe you could even go so far as to say Sections X YZ A BC are safe to release. As you say, there is some "fluff" in there. And we could just release some of that today, even. 12:58:14 I'm not reading 28 pages of that again. Just going through section 3. 12:59:13 tbh the formalism is not too hard to work out even if kept private I think, so keeping it private is possibly mostly pointless. 13:03:33 moneromooo: I understand and respect your view. I think we should have others weigh in before doing something that cannot be undone, however. 13:04:22 Here's my off-the-cuff view on what may be able to be released. I would like to re-read the sections to think about them more before making a final decision, however. 13:04:31 Probably OK to release: 13:05:27 First three paragraphs of NOTE TO VULNERABILITY RESPONSE PROCESS REVIEWERS... (full message at https://libera.ems.host/_matrix/media/r0/download/libera.chat/70dfef8cb14626cf9f806a11a399beff1cbbc225) 13:16:12 moneromoo - whilst you've said "I don't mind it being private while being worked on." - just to clarify - are you also ok with it all being made public? 13:16:22 Yes. 13:16:27 thanks 13:16:59 I mean all this VRP stuff is deisgned bug bugs. Keep stuff private till fixed so you can't get pwned. 13:17:13 It doesn't really fit here. 13:24:28 Ok, moneromooo and I worked out a semi-official (I guess) statement for me to make on the matter. I suppose if there are questions in other venues about this issue, it would be good to just quote me on this: 13:24:58 "I have found a way to frame the shortcomings of the current mixin (a.k.a. "decoy"; a.k.a. "fake out") selection algorithm in a somewhat rigorous mathematical/statistical form. This discovery would allow someone well-trained in statistical analysis to calculate the likelihood that each ring member in an arbitrary ring of a Monero Transaction is the "real spend" in a more precise way than has previously been achieved. Calculating such a 13:24:58 likelihood increases the traceability of Monero transactions, but it does not make Monero 'traceable' in a deterministic way. The technique is probabilistic, not deterministic. I intend to leverage this technique to inform the development of a substantial improvement to the mixin selection algorithm to help protect the privacy of all Monero users, which is what I think everyone wants." 13:25:03 "I agree that I should just..." <- I don't get this point. Why not simply telling the Community, that you need further funding and telling why? 13:26:03 mj-xmr: That is what I'm doing, as far as I understand it. You don't think so? I've submitted a CCS. That's how we do things here, no? 13:28:09 Yeah, you did, but it's limited to closing that particular bug you're working on. 13:28:09 I'm thinking about discussing with the Community a possibility of being funded as a resident researcher, if you feel that it will go on for longer than expected. 13:28:09 I'm not saying they'll agree 100%, but that should cover your costs. I've had a very similar situation. My initial proposal takes ages to complete, not from my fault at all. 13:29:21 "I'm thinking about discussing with the Community a possibility of being funded as a resident researcher, if you feel that it will go on for longer than expected." Well that would be just swell :D 13:30:16 I feel like reliance on the CCS system as the sole means of funding Monero work has sort of forced a suboptimal equilibrium. 13:30:32 Just ask. Write on Reddit to get an initial response and give your reasons. See the reaction. With that, you're go to start a follow-up proposal. 13:30:51 Rucknium[m]: Sorry, this ain't a university. Things are not perfect >_< 13:31:03 Be creative :) 13:31:12 mj-xmr[m]: I'll think about it. Maybe in a few days. I'm a bit exhausted at the moment though. 13:32:03 Some times a one step back is needed. 13:32:17 Funding for my BCH was easy. This is tougher, partially since the work is more involved and technical and sensitive. Partly due to the CCS funding structure. 13:32:32 *Funding for my BCH work was easy 13:33:45 It was funded within 48 hours of me posting this: 13:33:45 https://www.reddit.com/r/btc/comments/p7ex09/flipstarter_announcement_red_team_to_strengthen/ 13:41:53 "*Funding for my BCH work was..." <- The Monero Community is also equally fast in funding good ideas. 13:42:27 You can blame the CCS system if you want, but it's just ... a system. 13:42:29 Well, CCS is somewhat permissioned though 13:42:46 luigi has to approve it. And then the funds are custodial 13:43:00 Then the question is: 13:43:00 Do you want to get funded, or do you want to change CCS system? 13:43:42 Maybe I'm too pragmatic, but I'm happy with this. 13:44:08 I have said before that I think Monero would benefit from a permissionless, self-hosted, non-custodial option like BCH's Flipstarter. That's in addition to, not instead of CCS. 13:44:28 OK It's not there. 13:44:50 As an economist I have spent, I don't know, thousands of hours thinking about how to get capital and labor to meet up, combine, and produce great things. 13:45:12 (ahem, appeal to authority) So I have some insight into the issue 13:45:19 ... in the "Clown World" 13:45:39 mj-xmr: What are you referring to? 13:45:47 Google it. 13:45:56 It's nothing offensive 13:46:22 I see nothing relevant on the first page of results 13:46:32 https://www.urbandictionary.com/define.php?term=Clown%20World 13:46:33 I also just want to caution everyone into devolving into paranoia; security researchers are often cautious with their research, and Rucknium[m]'s write-up is solid. This is good research that improves Monero, and I support and applaud his efforts. 13:47:29 fluffypony: Thank you for taking an interest in my work. I appreciate it very much. 13:47:49 "Clown World" is also a term used by black project researchers, describing our fake societies, structures and jobs. 13:48:03 I hope this gives you some context. 13:48:28 Rucknium[m]: thank you for your work, anything that provides tangible improvement to Monero - no matter how breakthrough or incremental - should be highly valued 13:48:33 So if you excuse, I've got some stuff to do. I showed you the way, that works. It worked for me at least. 13:48:42 I'm not commenting on the research itself. 13:48:54 mj-xmr: Thank you for your guidance 13:49:04 mj-xmr[m]: I'm sure it's good :) 14:50:42 ""I have found a way to frame the..." <- To be clear, the statistical tests were specifically run for the *old* version of the selection algorithm. It's not that they don't apply at all to the *current* algorithm, but I think everyone agrees that the numbers are far better for the *current* algorithm than the results may imply 14:51:35 sgp_: By current, you mean the one that was released a few weeks ago, correct? 14:51:46 "I feel like reliance on the..." <- You do not need to use the CCS. MAGIC could find this easily. It's research 14:51:51 Rucknium[m]: Yeah 14:52:03 MAGIC requires KYC. I don't do KYC 14:52:21 I think MAGIC is good for what it does, but it cannot cover all cases 14:52:45 Still inaccurate to say CCS is the only option 14:52:50 You could do what Monerujo does 14:53:04 But I get why you may want to use CCS 14:53:06 sgp_: I will see if I can figure out a way to get new estimates of attack potency for the new mixin selection algorithm. 14:53:50 Monerujo's funding model is about a month old. Hardly something that I want to rely on, especially given that I have little reputation, unlike Monerujo 14:53:54 Should be possible to do some estimates for recent-spend blocks I think. Don't need the full tail 14:54:25 I can maybe work with jberman on this 14:55:03 And fwiw, I do find it odd that we know nothing about your academic background, but you're the first to attack others like me about only having an undergrad. Maybe that's the biggest proof you are in academia though :p 14:55:40 If this report was public I'm confident everyone could just calm down 14:56:12 There's plenty of work to do; what you outlined as future work was just a rough outline so it's not like someone could just steal it 14:57:07 FWIW, I vetted the new MSA back in August and discussed that it improves, but doe not entirely solve, the issue with the MSA 14:57:10 https://github.com/monero-project/monero/pull/7821#issuecomment-900763942 14:57:20 If this was just pitched as "hey I want to make the selection algo better, here's a heuristic example that shows I can look at this, please support future research" that's what I generally look for 14:57:20 >From a statistical perspective, I support the latest version. What is accomplished here is "thickening" the probability density function of the selection algorithm in the section closest to zero. This more closely mimics the observed distribution of mixins + real spends. However, in the near future it is crucial that we consider moving away from the current selection algorithm that is based on Moser et al. 2018. I have some ideas about 14:57:20 how to accomplish this. 14:57:29 ^ August 18. 14:57:37 Rucknium[m]: Nothing will "entirely solve" without potentially severe drawbacks 14:57:48 So the goal isn't to make certain values = 0 14:58:17 The secrecy is what has prevented us from having basic discussions about this 14:58:45 Instead I need to have a non-discussion with no details to support anything 14:59:09 Look, we all have to be patient. This needs work ASAP, but no sooner that "is possible". These things cannot be rushed 14:59:19 sgp_1: I feel your pain 15:00:46 \* no sooner _than_ "is possible" 15:01:33 >Nothing will "entirely solve" without potentially severe drawbacks 15:01:33 ^ We don't even know this. More research is needed. It might be able to be completely solved. 15:07:16 Keeping cool heads and just waiting until more people who read the report a few more days seems fine 15:07:42 * the report to express opinions a few 17:02:33 I will refer to dEBRUYNE 's statement here. We don't fully understand how the information could be used by a Monero adversary. <= And that should arguably also have been reflected in the CCS, which currently is not really the case 17:03:41 dEBRUYNE: Ok, sure, I can revise the CCS. That's the point of this part of the CCS process, right? 17:03:46 Revisions, with git? 17:04:40 I feel like you guys are complaining that I'm creating drama or something. Instead, you should be focusing on the technical issues. 17:05:18 Which we are working through as quickly as possible, but deliberately. 17:06:03 i think the bikeshed should be purple 17:08:16 gingeropolous: Good one! I believe what is being referred to here is 17:08:16 https://en.wikipedia.org/wiki/Law_of_triviality 17:08:56 Rucknium[m]: I am mostly worried about this: 17:09:04 'I feel some are (understandably) misunderstanding what is being claimed in the post. The claim is not that using the technique in isolation, you can arrive at a conclusion that enables you to trace a transaction with 100% certainty' 17:09:12 I've seen this multiple times already in the community recently 17:09:26 Hence my suggestion to not draw conclusions until the issue has been extensively analyzed 17:09:50 To reiterate, the bug Justin Berman found was also not as impactful as initially thought 17:10:32 dEBRUYNE: I think a lot of this is due to cross-disciplinary miscommunication. 17:10:43 In economics, everything empirical is stochastic. 17:11:11 So maybe in the back of my mind I just have a constant basis of "approximately X, approximately Y" 17:11:28 Whereas in CompSci, things tend to be more deterministic. So I see the point. 17:11:40 I can edit the CCS. I mean, I will edit several things. 17:11:53 I am kind of exhausted at the moment though 17:12:12 Taking dozens of questions and needing to have extensive, precise responses 17:13:11 you need a secretary :D 17:14:26 sech1: Practically, lol. I mean, it would help if some of the more technical reviewers could chime in. But review takes time. 17:17:06 The proposal arguably should simply have been 'marketed' as working full-time on working, among other things, Monero's decoy selection algorithm 17:17:15 Without drawing preliminary conclusions 17:19:16 fwiw, Rucknium I know this has been kinda rough and I really appreciate the report and you opening up a CCS 17:19:22 dEBRUYNE: As I stated above, I specifically asked moneromooo for guidance in constructing my CCS he gave me none. What you see is the result of no guidance 17:19:28 it is good research and I'm glad you are wanting to look into it further 17:19:49 sgp_: I appreciate that. Thank you. 17:20:44 as I said on gitlab: "there's no question in my mind that MRL will get something out of this." 17:20:48 dEBRUYNE: As I stated earlier, no hard feelings toward monermooo, but I am none too happy with how my HackerOne submission was handled. You can take it up with him. 17:23:13 Again, the key phrase at the very top of my HackerOne submission: 17:23:13 >I wish to submit a CCS funding proposal that is based on this "roadmap", so your views on redactions is appreciated. 17:23:22 I encourage you to try to think about things from dEB and my perspective, where we historically have been the ones who deal with the fallout of interestingly-worded scientific papers that are then marketed misleadingly by media and thus cause total chaos in various areas 17:23:50 Luigi in theory also is part of the Vulnerability Response Process, but I have no evidence that luigi read my submission. 17:24:46 VRP hasn't ever provided CCS feedback before, maybe that assumption led to this confusion 17:25:08 so they were like "sure, go do it" and you were like "pls help" and they were like "normally other people help with that" 17:25:09 sgp_: Yes, I understand this. I am working within the Monero Project as best as I am able, in my estimation. So this is different, of course. I could have just published or, worse, sold off information and my labor to the highest bidder 17:26:10 the CCS audience is almost always quite a community-oriented audience 17:26:11 sgp_: I see. Could be. There have been communication breakdowns all around. 17:29:14 My personal opinion is that Ruck’s submission should be made public at this point. The VRP exists so that matters like these can be worked out quietly and handled without fanfare. The amount of dust that’s been raised by the author around this issue makes that impossible. So if moo is ok with publishing it, do that and let’s deal with the 17:29:15 fallout. 17:29:49 FWIW "I could have screwed you" usually doesn't help in making people see things from your point of fiew. 17:30:01 Rucknium[m]: To be clear, I have a similar opinion as -> I really appreciate the report and you opening up a CCS 17:30:17 However, (i) you cannot hold mooo responsible for the current version of your CCS proposal 17:30:26 You could have asked guidance on IRC from other community members 17:30:35 moneromooo: I mean, I see that. Sorry for my frustrated words 17:30:36 (ii) Please consider this -> I encourage you to try to think about things from dEB and my perspective, where we historically have been the ones who deal with the fallout of interestingly-worded scientific papers that are then marketed misleadingly by media and thus cause total chaos in various areas 17:31:53 dEBRUYNE: We had a discussion here exactly a week ago when mooo and I and others were openly discussing the HackerOne submission. So where was the "community guidance" then? 17:32:12 I submitted my CCS on Wed 17:32:25 So everyone had 4 days or so to help 17:32:37 Breakdowns, everywhere 17:33:02 I wasn't really able to comment on it because I didn't see the paper so I had no idea if the tone was a good fit or not 17:33:46 Typically -dev is not the place for that, but I guess I am being pedantic 17:34:02 jberman and isthmus had seen the full HackerOne report at the time that I submitted it, which at this point is 2.5 weeks ago 17:34:11 We need to separate the vulnerability process / response here and the ccs proposal 17:34:35 dEBRUYNE: Yes you are since there is no clear place to discuss big Monero issues other than -dev . #monero is, for whatever reason, not the place 17:35:00 Yeah, I'm not quite sure how I became the person responsible for editing people's CCS. I'm on the VRP fix exploitable code. 17:35:03 fwiw, I understand that the separation may not have been clear from rucknium's perspective, but yes in my view they should be thought of separately 17:35:49 sgp_: But, again, I linked them extremely explicitly in my submission. Mooo thought it was "fluff" *shade* 17:35:57 Rucknium[m]: I am speaking about getting input for your CCS, not the VRP 17:36:27 dEBRUYNE: Ok, well maybe I shoudl have gotten some guidance from mooo about how to proceed 17:37:08 would definitely have been useful. I also see how moo doesn't consider that to be their task. hence the result 17:37:10 Since, as I have stated over and over again, I am not a computer scientist, I am not a Real Programmer. I am a researcher! 17:37:52 I suggested to mooo to get additional opinions, but that didn't really happen 17:38:38 I sort of brought up my frustration a week ago in a somewhat unstructured way. Read the -dev logs. 17:39:22 It's not clear to whom I appeal if I feel that the VRP process is not proceeding well. 17:39:51 Within nearly all formal processes within well-functioning organizations, there is an appeal process 17:40:09 I was blocked in by the fact that I didnt know whom i could talk to , and about what since 17:40:20 I am not a Real Programmer. I am an economist. 17:40:40 So I don't understand these processes. 17:40:52 FOSS can appear a bit messy to people that come from private or public organizations 17:40:59 There's often not a clear structure in place 17:41:05 And it's worse when I get a response that the manager of the VRP doesn't like to follow formal processes 17:41:17 Since then, what am I supposed to go on for guidance? 17:41:25 question to anyone: has there ever been another VRP-to-CCS case before? 17:41:35 Ask guidance to the community 17:41:50 You can use r/monero and IRC 17:41:58 dEBRUYNE: dEBRUYNE: But this doesn't work in a VRP case 17:42:00 -dev is more geared towards development, so we typically refer to -community 17:42:10 Did you try contacting luigi on IRC? 17:42:26 wait let's take a step back 17:43:06 Yes. Well I communicated with luigi since I needed to do a test. And luigi replied that the test was OK. Then after I did the submission of my report, I didn't hear anything from luigi. 17:43:11 VRP team basically said that the report was interesting but wasn't necessary to keep private, allowing discretion, right? 17:43:32 So I could have, I guess tried to appeal to luigi I suppose. I think I had difficulty contacting them, though. 17:43:54 Plus, I stated certain things in the HackerOne log, which both Luigi and mooo could see 17:44:07 sgp_1: No 17:44:16 Let me look at IRC logs 17:45:03 if that wasn't clear, then it should have been, because else how would you have known what to do at all 17:45:25 Just look here. I repeatedly query moneromooo about release 17:45:25 https://libera.monerologs.net/monero-dev/20210925 17:46:00 Eventually he says, to sum up: 17:46:00 >Whether you should [publish], overall, depends on whether you'd be helping assholes more or helpers more. 17:46:33 So he deferred back to my own judgement. Since, frankly, I don't think that everyone who reads this thing can fully understand its implications. 17:46:43 And I said "Then let's not publish" 17:46:52 yeah imo moneromooo a clearer "yes or no" that wasn't all on rucknium deciding would have helped a lot I think 17:47:07 SerHack said 17:47:07 >Then there's a solid no from me. 17:47:33 selsta: 17:47:33 >It's fine not to disclose it publicly in this case. 17:48:03 serhack and selsta didn't see it by then right? 17:48:41 So that's mooo (deferring to me), SerHack (security researcher), and selsta (dev, paid via CCS) all saying 17:48:43 NO 17:48:46 I did not see anything yet. 17:48:54 * selsta didn't read backlog 17:49:06 No, SerHack hasn't seen it either 17:49:17 they probably said NO because they had no ability to judge the severity because they didn't see the report 17:49:19 But ....look, just read the logs 17:49:56 SerHack and selsta asked questions of me. I responded. Then, in their judgement, they said "Don't disclose" 17:50:08 sgp_: Yeah, better safe than sorry! 17:50:16 yeah but the risks were inflated in these discussions imho 17:50:18 LOOOK 17:50:47 The first time I encounter real encryption, it was in a context in which if the encryption protocol failed.. 17:50:56 PEOPLE COULD BE KILLED 17:51:04 SO I TAKE THIS DEADLY SERIOUSLY 17:51:09 FFS! 17:51:16 oh my 17:51:20 SO, BETTER SAFE THANM SORRY 17:51:28 FFS 17:53:29 Protection of user privacy is paramount. 17:53:29 Every other concern is secondary. 17:53:51 For Monero, what is privacy-critical is also safety-critical. 17:54:02 I don't want blood on my hands. 17:54:08 I don't know about you. 17:54:11 FFS 17:55:29 What we are NOT is stewards of price, or, really, image. 17:55:45 We are stewards of people's privacy, in safety-critical contexts. 17:56:09 yes yes. 17:56:17 I don't care if some "FUD" is generated, if at the end of the day, user privacy is protected. 17:56:30 dude it didn't matter what you did. FUD would have been generated 17:56:40 Monero is literally a FUD machine. Effort goes in, FUD comes out. 17:57:05 ya 17:57:27 Maybe I should do what mooo did and take a break for a bit 17:57:51 It is quite hot in this room. And yeah, I made a lot of the heat. 17:58:00 I'd focus on working with other developers and researchers on determining the impact of the bug 17:58:10 And not making any public statements about it until we have sufficient clarity 17:58:37 Protection of user privacy is paramount. <= And giving proper information to the user is imperative 17:58:52 That doens't work well since we don't know full impact for weeks into my CCS research. 17:58:53 Drawing preliminary conclusions could technically lead to misinformation, which may falsely antagonize the user 17:58:58 There has to be a healthy balance here 17:59:14 The CCS can still be merged, I don't see any issue with that 17:59:42 Yeah, i agree. I have avoided making key specific statements that are in my HackerOne submission, since they may be misinterpreted by users 17:59:56 #monero-community:monero.social meeting starting this moment btw 18:00:14 Just on time. lol. I will observe there 18:03:01 looking at specific steps forward here: 18:04:26 I think the most obvious thing would be a short document for VRP-to-CCS that explains expectations and gives some highlights to people who haven't made a CCS before 18:27:26 Rucknium[m] sorry I had a bit of trouble decrypting (fixed now), and was also a bit behind to start, however I had/have no issue deferring to mooo for opinions in the meantime 18:42:39 moneromooo there's something weird going on with Monero network right now. Multiple nodes get stuck and mempool is flooded (no of txs: 491, size: 43243.58 kB) 18:43:47 sech1: which height? 18:44:19 2462270-2462280, different nodes stuck at different heights. Very high CPU usage 18:44:44 I was able to recover my node by popping blocks and flushing tx pool offline and then syncing from node.supportxmr.com in exclusive mode 18:45:13 2462324 took 9 minutes to produce 18:45:25 my low ram nodes got killed 18:46:28 my regular node seems fine at height 2462324 18:46:54 my node has 64 GB RAM 18:46:59 the problem was with CPU usage 18:47:38 two tx with huge input set just got mined: https://localmonero.co/blocks/tx/ee82f9330c3b93945cca901eaa1a2e72f6e3f6103630b319989cc5c6af2ee753 https://localmonero.co/blocks/tx/555a3a9258807ef0eca5ed51397e748229b4d7ceadc2d1c230a3c6a6ae2ccd78 18:47:58 3 more in this block: https://localmonero.co/blocks/block/2462321 18:48:14 2 in this block: https://localmonero.co/blocks/block/2462319 18:48:18 On my node too, very high CPU usage with 8 core 18:48:30 DDOS? 18:48:44 past 24hrs 194 input txs spiking: https://pooldata.xmrlab.com/ 18:49:12 I think it's just the max size for a single tx 18:49:21 created by CLI wallet 18:49:25 sech1: do you still have high cpu usage? 18:49:46 not anymore, after flushing tx pool 18:50:08 every recent block seems to have some of em 18:50:13 jberman[m] Rucknium[m] isthmus: maybe the tx volume anomaly consolidating outputs? 18:50:46 that's what I'm thinking too 18:51:54 tx pool still has a ton of them submitted 1.5-2hr ago; it will take a while to get through them all 18:52:15 1-1.5hr* 18:53:33 Interesting... This is just speculation, but it looked like the tx vol anomaly was spending outputs as fast as it was creating them, so I assumed that volume dropped off as they simply ran out of funds / ran out of outputs 18:53:41 So I don't know that they'd have much left to consolidate 18:54:10 Also the anomaly had just 2-output txns, so every time they made a 3+ input transaction, they reduced their total available output count 18:56:33 that's my `print_pool_stats` output: https://paste.debian.net/hidden/99b1ade0/ 19:05:10 check this, something odd in tx pool volume 8 hrs ago: https://pooldata.xmrlab.com/; I also noticed the 194-input tx all have one very young ring member (just visually based on the dots: https://xmrchain.net/tx/f95f7826531b7333a264acd1d6eec6cdcebcd9fddd9d32c99103d522e4c3b1dc) 19:05:55 "Rucknium sorry I had a bit of..." <- Ah I see. Thank you. 19:07:01 Hmm are they all 1-input 2-output tx? 19:08:38 seems like a lot of variance no? 19:09:03 .bbl 19:10:53 yeah idk don't see any real patterns in ring member reference ages with just visual inspection... 19:12:57 "It's too early to say whether it is worth panicking over" <- Ruck really wants his research to mean something, his funding depends of it 19:12:59 makes sense 19:15:54 <+moneromooo> "It suggests some hidden motive" <- No hidden motive he wants funding 19:16:20 That's what we will get with self recruited talent usually 19:17:20 Let's not act surprised 19:38:50 "And fwiw, I do find it odd that we know nothing about your academic background, but you're the first to attack others like me about only having an undergrad. Maybe that's the biggest proof you are in academia though" - I did warn you that recruiting self-declared anon phd's could be troublesome, and that it would not be sustainable or 19:38:51