<sgp_> "I encourage a certain someone to..." <- "productive conversation with a group of people with a lot of conflict interests that force them to trade-off security for something else so easily" it's impossible

<sgp_> "I encourage a certain someone to..." <- "... and encourage everyone else to be more aggressive at changing discussions to get back on topic when someone is clearly trying to derail." define the goal, it isn't clear whether it's a derail or rail

<sgp_> "I encourage a certain someone to..." <- I hate you for stupid msg like "seems consensus reached", the same happened during discussion of Triptych multisig

<binaryFate> "whoever you would give your..." <- I had to explain why exploits are exploits and got only 100xmr for it, 0 respect, 0 credit, resubmit of PR by those who didn't care about deeper inspection; indeed, why not tell these people now what the issues are

<tobtoht[m]> "vulnerabilities in unmerged code" <- there is comp-sci bug with deadlock, in mainnet code, but does anyone care ?

how much would've been required to not be "only"/

?*

<kayabanerve[m]> "So they've claimed this, there's..." <- there were/are examples with denied existence/importance even for comp-sci bugs with reproducible tests pushed into repo; indeed, no evidence, no one else has found them, it's obvious they don't actually want to help; indeed, you all would appreciate it

Can we not necrobump discussions please

(kaybanerve, I've already said that I don't care about etiquette )

No one's saying there weren't p2p issues. jberman spent weeks going through them. We appreciate the work

It feels like you're just trying to start an argument though. I have no idea why these are coming up now nor what triggered it

kayabanerve[m]: jberman spent weeks on personal learning of code via reproducible tests from my PR

it's education

Like if you want to further discuss this, because you're frustrated, PM us, please. Don't spam #monero-dev:monero.social

And if the other person doesn't accept your PMs, that's their choice. You didn't accept mine

My message was also about multisig specifically.

<kayabanerve[m]> "ooo123ooo1234567: Tell koe one..." <- knowing we it would be better to say: there are 100 other interesting projects / bounty programs that you can pursue instead of wasting your time here, and I can help somehow with them

instead of suggesting 10xmr, which is like 100% disrespect

s/we/me/

... if I offer you a thousand dollars from my personal funds, it's not direspect

I wasn't saying it's a fair bug bounty. I've already commented on my thoughts there

But you realize I'm not a millionaire, right?

I offered you multiple percent of my cash if you could submit a valid bug

So no, it's not disrespect. It's what I could.

kayabanerve[m]: it would be better to not say anything money then, instead of suggesting that amount

* say anything about money then,

If that's your opinion, that's what it is, but you should realize that when community members put forth what they can, it's meant to be a reward for volunteers. It's in no way disrespectful, and it should still be a pleasant treat to receive.

Plus, it's free money, if you're going to submit it anyways.

acknowledge that you outcompete someone worth more than any direct financial compensation

at least for me

?

Oh. Got it. Sorry, took me a second to understand

I did also say "Prove you're superior" :p

kayabanerve[m]: I've proved when had to explain why exploits are exploits already

or when explaining why bugs are bugs

> <@kayabanerve:matrix.org> I did also say "Prove you're superior" :p

* I'd proved it already when had to explain why exploits are exploits already

luigi asks "how much would've been required to not be "only"?" (reg 'only' 100xmr)

This starts to feel like a case of "Prima Donna Syndrome". Nasty.

it would be better to analyse bugs in code (which is open source and public) instead of analyzing concrete humans

TrasherDK[m]: if I don't comment on personality of others then it doesn't mean that I don't have questions to them

but it looked like discussion of technical problems is much better

<luigi1112> "how much would've been required..." <- why do you focus on that amount instead of all other problems that I've called before ?

because you brought it up and it's relevant to me

MONERO is going LIVE in Boston Harbor on the 4th of July.

should I ride in on a fluffy poney?

Try community or main for that question.

<arnuschky[m]> "word" <- How much would it cost to change your word to something like "I'm against cryptography changes without rigorous proofs, security is much more important than any short-term benefits from new features" ?

nitter.42l.fr/matthew_d_green/status/1537144725555355649#m, "As academic researchers we’re doing this for the research credit, not the bucks. Nobody is going to report bugs to big corporations if that isn’t respected."; comment about motivation of researchers said not by me

<luigi1112> "because you brought it up and it..." <- do you ignore all other problems since they are going to be fixed ?

s/are/will/, s/going/not/, s/to//

<ooo123ooo1234567> "there is comp-sci bug with..." <- I care, I spent this whole beautiful saturday on this + tx pool related stuff

no

it would be interesting to participate in discussion of full list of problems that are supposed to be fixed and not be fixed

judging by replies in the above meeting, it isn't obvious that there is some non-zero intent to change something

if I'd want something to change some rules then I'd try to firstly stop breaking them by myself

s/something//

<jberman[m]> "I care, I spent this whole..." <- you've started since 2nd July (at least in public, libera.monerologs.net/monero-community/20220702#c116207), but I've replied to tobtoht comment from 30th June, and that problem is existing since 27th June (libera.monerologs.net/monero-dev/20220627#c113240) in public;

Ya once it became abundantly clear you had no intention of PR’ing the solution you already found

<sech1> "now ooo asks all developers to..." <- do you agree with it or not ?

<jberman[m]> "Ya once it became abundantly..." <- It would be wise to blame for a bug those who created it, but not those who've spent time on investigation whether that bug is related to their PR or not

s/wise/better/

Retrospective analysis should be applied to source of bug, but not source of solution

Analysis should be applied to both. The source of a bug’s problem and solution are both obviously important. In a healthy collaborative developer environment you would actually share what you know on both fronts

So that we can move forward avoiding similar problems in the future in an actually efficient way

teddit.net/r/Monero/comments/sw5t09…e_development_3/hxo1kuu/?context=10, "I like to be pushed. And I welcome this push. I want to reach a higher bar and demonstrate that I am capable of it, leaving no room for doubt." If I would say something like then I wouldn't complaining about any technical challenges on the way

* teddit.net/r/Monero/comments/sw5t09/seeks\_funding\_ccs\_jberman\_fulltime\_development\_3/hxo1kuu/?context=10, "I like to be pushed. And I welcome this push. I want to reach a higher bar and demonstrate that I am capable of it, leaving no room for doubt." If I would say something like this then I wouldn't complaining about any technical challenges on the way

Unsolved technical challenges from the code I like to solve. Human problems like convincing you to collaborate and participating in games not as much

What's about human problem like me convincing others to not follow path of least resistance ?

I'm spending time on both: technical challenges and humans, 2nd one isn't successful yet

ooo123ooo1234567: The path of least resistance would be not repeating work that has been completed, and instead reviewing or improving upon it

No comment on your human challenges. I would just like to see better code and us moving forward toward better code collectively and I think you are holding that back

Did you notice at least one case when I blamed someone who knows solution for not disclosing it ?

jberman[m]: I didn't receive credit even for my patch for multisig which was resubmited, it's one of the reasons to not release everything asap currently

Everyone credits you including koe idk what you’re talking about

ooo123ooo1234567: No one does this except you

<jberman[m]> "Everyone credits you including..." <- I'd say after resubmit it's impossible to separate contribution to PR from my side and from UkoeHB, and explicit questions a this only confirmed it

s/a/about/

You’re complaining the git history won’t immortalize your anonymous account?

There was reasonable justification for why a new PR was made. This is petty

<jberman[m]> "You’re complaining the git..." <- No, it's required for a confirmation that I've solved task properly from the first try and all changes on top are unimportant (including those suggested in comments)

Required for who?

for me that I did work well, for others that they did bad review

It's like someone submit fix to bounty program

then incompetent developers slap patch on top of it -> squash it -> release as collaborative efforts

don't know why someone would like to participate in such collaborative environment

especially those who are doing original work

You weren’t responsive for months and it’s good code that people should run and that seemed the optimal way for the code to be used. And then you came back

Funny that there was no doubt to resubmit patch (presumably good, don't know why) of someone unresponsive, but there was no clear & public conclusion regarding that scammer

if work would be credited / rewarded based on it's quality then that scammer would be kicked immediately

* regarding that very responsive scammer

<jberman[m]> "You weren’t responsive for..." <- The only case when I wouldn't have any questions to UkoeHB

* to UkoeHB if he pursue security analysis too and done it faster than me

* to UkoeHB if he would do security analysis faster than me

* to UkoeHB if he would have done security analysis faster than me

libera.monerologs.net/monero-community/20220626#c113145, "project goal -> the next obstacle -> task description (at least should be verifiable and helpful for project goal)-> reward funding (add incentive to solve task, tasks with good verifiable description are supposed to be more attractive) -> submitted solutions (public log of incremental work done by participants, motivate to submit solutions asap) -> reward split

(unbiased judgement, punish incorrect solutions / spam); " did you this comment ?

<jberman[m]> "No one does this except you" <- Judging by inability to get concrete replies to critical questions, others are not disclosing all solutions too, but I don't blame them for it.

I want say that It's normal to say everything preliminary if you're doing original work

* normal to not say everything

and especially in non ideal collaborative environment

<kayabanerve[m]> "Like if you want to further..." <- who are us ?

<TrasherDK[m]> "This starts to feel like a..." <- funny that I'm the only one who is using fresh anonymous account and ignore any direct questions about identity; certainly "Prima Donna Syndrome", but not a try to prove the point

<jberman[m]> "There was reasonable justificati..." <- "Follow up to PR #8114. I lost contact with the original author two weeks ago." indeed, reasonable, especially in the context of broad problems with development (that scammer, no merges of p2p patches in time that didn't required hardfork, etc)

A question, just to gather facts, not to take side or even accuse: Back in January, when that "PR takeover" happened, did you speak up in any way? If you decided against, why?

You can't gather facts without looking into private communication, why not to focus on other problems that are easier to track via public log ?

There are so many contradictions in words of others

The point is that independently on actions of original author there are problems

Well, then I am a bit confused why you bring that January PR takeover story up now. Shouldn't we better concentrate on solving problems *ahead*?

Do you follow context of conversation ?

I think so, yes, jberman brought this up originally yesterday. I wonder why it looks you still want to *continue* that conversation.

First thing on the way to solve hard problems is to understand them. My understanding of the problem is still quite limited.

<rbrunner> "A question, just to gather facts..." <- It wasn't expected step and there was no agreement to do, but for some reason it happened and it created interesting opportunity what others will do with my PR

* interesting opportunity to see what others

You mean you let it run back then because you were curious to see what happens next?

I was sure that I'll find some deep issues that will not be fixed within resubmitted PR, so it was a challenge that UkoeHB created by himself

I continued to work on security analysis and turned out I had found something

And resubmitting PR without understanding it is kind of interesting case

Hmm, looks like a high-risk venture to me, this course of action. Maybe you found out interesting things, as you see them, but with quite some risks and tradeoffs involved

It also added so much confidence to others, so that they were attacking even my p2p code after

monero-project/monero #8365, though failed too

interesting story

rbrunner: It was risky for me too, but I took it as a challenge: whether I'll outcompete all of them or not

Technical problems are interesting, and challenge add motivation to pursue it to the end

s/add/adds/

It may turn out to be a bit tragic that you indeed outcompeted them all but now can't reap the fruits because of the tangled relationship of the Monero dev community and you

That resulted from this all

rbrunner: It was an opportunity to prove the point in the most uncontroversial way

rbrunner: There is no justification in ignoring technical problems just due to personal disagreement

Well, lol, I think opinions differ widely whether that was indeed the "most uncontroversial way"

even auditors didn't find the issues

Ok, sorry, have to go again; maybe we find time to chat a little more in a few hours time, maybe better over in #monero-community if not strictly dev-related

how is it not the most uncontroversial way ?

I read the log in any case

Really sorry to create a cliffhanger, I am invited to lunch, those human things.

rbrunner: It just shows that something else is more important for you

<rbrunner> "Hmm, looks like a high-risk..." <- If there would be no problems with CCS / hackerone / development process, then there would be no need in it

<rbrunner> "It may turn out to be a bit..." <- "can't reap the fruits" what do you mean ?

<rbrunner> "It may turn out to be a bit..." <- It would be enough to just admit development/technical problems (there are many of them) and do something to solve them, but for some reason those who blaimed me in "too much ego / behaving like 12 / etc" can't overcome their own personal goals in order to do improvements for project goal.

The project goal is to make the code better. No one here cares about anything more than that. You’re not making it easy to discuss that you want to add drama to things that aren’t worth drama

<rbrunner> "Well, then I am a bit confused..." <- Do you need me to find examples in history of -dev/-lab when others are avoding discussion of technical problems once it reaches some difficulty ?

No, can we move forward?

Can you help move forward to a better direction?

yes, I'll list technical problems and others will confirm their importance and solve them and provide countrexample why they are not important and solve them

though it should be done somehow without abuse where I do the work and others only add minor comments on the result

Discussing unsolved technical problems sounds productive to me

libera.monerologs.net/monero-dev/20220517#c96445, "Fundamental concept is to approach common goal without compromises and with critical thinking." at the beginning it was very gentle pressure: let's set common goal, though everyone rejected

libera.monerologs.net/monero-dev/20220517#c96521, "16:33 UkoeHB ooo123ooo1234[m]: ‘critical questions’ pretty rich coming from someone who thinks he is too important to answer questions. Nice double standard" and this reply about whether it makes sense to reply to questions

These aren’t technical progressive discussions

<jberman[m]> "Discussing unsolved technical..." <- ok, let's try one more again with discussion of technical problem to see whether it will be stopped once it reached certain level of difficulty

problem with txpool: does required more time on investigation ?

* problem with txpool: does it require more time on investigation ?

(I can't use info from PM)

* important and not solve them

* yes, I'll list technical problems and others will confirm their importance and solve them or provide countrexample why they are not important and not solve them

Yea, to have a completely informed discussion on it yes? What does that have to do with difficulty

then txpool isn't suitable for discussion yet

any other problem ?

(deadlock isn't suitable since others think that I have a solution)

You said you wanted to list technical problems

bulletproofs++

<jberman[m]> "Discussing unsolved technical..." <- monero-project/research-lab #62, but it requires firstly choosing the design to implement among all those listed

monero-project/research-lab #100, this one requires research (not clear whether it's even possible) + implementation + security analysis

<jberman[m]> "These aren’t technical progressi..." <- "Fundamental concept is to approach common goal without compromises and with critical thinking" I would firstly start from discussion goals since it looks like others have different priorities on what things to fix firstly

s/discussion//

and I strongly disagree with their priorities

All 3 are neat IMO and worthy of concrete rationale in a decision to pursue or not built on logic. From what I know.. bulletproofs++ have gotten very little love not borne out of academia, Janus has been sitting it requires wallet changes too which arguably could’ve should’ve been done along view tags, but we’re here now, zk snarks obviously worth research that’s absolutely critical imo

bulletproofs++ origin isn't argument for competent people who can verify it and implement it

Ya, agreed

jberman[m]: Please, don't mention argument against bulletproofs++ and then agree that it isn't an argument

I can't understand such quick change of opinion

Wasn’t an argument against

hmm, for me it was like an argument

Nah, just a statement

janus: did you read all those designs ? are you sure that all of them require wallet changes and can't be done in backward compatble way ?

zk snarks: this topic is very close to whether Seraphis is a way to forward or not, but it's very heavy an the same time

s/an/at/

Hmm on Janus, there’s a non fingerprintable design that can be done at any time?

jberman[m]: monero-project/research-lab #62, I believe so, otherwise I've not noticed some deep problem that prevents it

if you will just do C++ implementation like with view tags, then someone else should provide the design to you

for me subaddress privacy issues mitigation is much more important, than speed up from view tags

<jberman[m]> "Nah, just a statement" <- "bulletproofs++ have gotten very little love not borne out of academia" source for a statement then ?

<ooo123ooo1234567> "for me subaddress privacy issues..." <- Ya, I’d agree. It’s a larger byte bump per tx. But probably as if not more worth it considering. Did you argue for it in the past?

"Did you argue for it in the past?" is it possible to not ask questions about personal opinion ? In the worst case it's verifiable via logs checking

"But probably as if not more worth it considering. " is it a comment in favour or against ? can't understand

Sure. I think you make a reasonable point with it. In favor

jberman[m]: I don't like in your comment that make some conclusions without providing numbers

> <@jberman:matrix.org> Ya, I’d agree. It’s a larger byte bump per tx. But probably as if not more worth it considering. Did you argue for it in the past?

* I don't like in your comment that make some conclusions without knowing exact numbers

or you know them ? at least upper boundary on tx size increase?

jberman[m]: "I think you make a reasonable point with it" it would be better to replace with something like " it's about X bytes, while size of tx is Y, so it's reasonable trade-off"

I always try to find lower/upper boundary on effect of some change in order to preliminary filtering whether it's useful or not

don't know whether others are doing it, but it's useful

`-inf/+inf` means undefined

* default is `-inf/+inf` or undefined

32 bytes extra per tx not involving subaddresses and 32 bytes extra per output per tx involving subaddresses with 3+ outputs? Did I read it wrong?

Plus it feels like a more complex change to wallets to me, more involved edge

<ooo123ooo1234567> "It just shows that something..." <- I once had an employer tell me to treat my job like my kids.... (full message at libera.ems.host/_matrix/media/r0/do…17d5b999e89d06213a44a7cb488527c63c1)

do i neeeed Docker on Ubuntu 18.04 for building Monero to Android?

i mean if we are building on Docker why do i need Ubuntu 18.04?

nah you shouldn't need docker then

depends build should work there

can i just use Docker to build to Android on Windows?

dunno, I've never tried to use docker on windows

why are you building for android on windows?

im using Windows

the thing i wonder about is

there are dependencies of Monero

where are they coming from on Ubuntu for ARM target?

aren't they pre-built archives?

no. in a depends build, most of the dependencies are built from source

okii goooooood

that's kind of why it's called a depends build...

github.com/monero-project/monero/bl…r/contrib/gitian/gitian-android.yml what is this for?

it's for building with gitian

which usually uses docker (or lxc)

on MSYS2 libraries are prebuilt archives

you don't have any prebuilt archives for android on msys2

yess

can i use WSL/Debian to use it?

i have no idea, never tried it

or should i be able to use Debian?

ummmm

supposedly wsl2 works pretty well tho

yess WSL2 is like just Linux

but i mean do i need Ubuntu 18.04 to build with Docker?

no

if you have ubuntu 18.04 you should be able to just do a depends build

if you want to use docker, it ought to work with any recent ubuntu or debian release

IMO using docker is the easiest approach

if i use Docker why do i need Ubuntu?

it will be faster

the docker build image installs compiler and a bunch of other stuff from ubuntu repos

it assumes you have apt-cacher-ng running on the host, to cache these images

afaik apt-cacher-ng is only available on ubuntu and debian

why there is no a Dockerfile?

but again, if you have ubuntu you can just build on ubuntu and ignore docker

there's no Dockerfile because it's more complicated than a dockerfile setup

anyway, this conversation is over. I've already given you the best advice on how to build.

im trying to run gitiean-build.py on Docker/Ubuntu 18.04

but im getting strange errors

TypeError: expected str, bytes or os.PathLike object, not NoneType

im getting this from gitian-build.py

on Ubuntu 18.04

./gitian-build.py -j 5 --memory 10000 --detach-sign --no-commit --build rohanrhu v0.17.3.2

im doing this

subprocess.CalledProcessError: Command '['make', '-C', 'inputs/monero/contrib/depends', 'download', 'SOURCES_PATH=/root/monero/contrib/gitian/builder/cache/common']' returned non-zero exit status 2.

but getting this error

your invocation there doesn't use docker, is that what you intended?

im trying to use gitian-build.py on Docker/Ubuntu 18.04

I think all you need to do is follow the readme in contrib/depends

make HOST=aarch64-linux-android

that will build all the 64bit android dependencies

then cmake to build monero itself

.merges