<yushanren:matrix.org> focus on code and algorithm auditing plz

<yushanren:matrix.org> talking about economics is fool, because monero is an asset not a kind of money

<jpk68:matrix.org> mrelay.p2pool.observer/m/matrix.org/vShtqrTMdcWnqdRWQLCBNmLv.png (clipboard.png)

<yushanren:matrix.org> money is something that pays tax with

<yushanren:matrix.org> you don't pay tax with xmr or btc

you are saying that what is money is determined by a government

that is, it is declared by fiat

hence the name fiat

<yushanren:matrix.org> money is not determined by gov, it is widely accepted by people

<yushanren:matrix.org> fiat is widely accepted by gov force

<yushanren:matrix.org> money is something that pays tax with <<>> I took this as meaning that you were saying that the definition was determined by the govt

<jpk68:matrix.org> @yushanren:matrix.org: This contradicts your point about taxes. Are you using a state-based or market-based definition?

<yushanren:matrix.org> i might be wrong in logic, but what makes you think xmr is money?

<yushanren:matrix.org> it could be, but not so soon

I have used it as money but it is not widely accepted as money

<jpk68:matrix.org> @yushanren:matrix.org: There are many places in real life where Monero is used as money, and there are probably at least a dozen people in this room alone who are paid their salary in Monero

<yushanren:matrix.org> just because i am the holder now, doesn't mean i can use it freely in everyday life

<yushanren:matrix.org> @jpk68:matrix.org: i prefer to buy more, not to spend it

<hbs:matrix.org> > <@sgp_> sech1: we were accepted to the Claude Cyber Verification program, including your account

<hbs:matrix.org> I attempted to use the latest Claude Fable 5 within Devin (ex Windsurf) to perform a routine security analysis of a smart contract as I've done previously with Opus 4.8 and the request was purely and simply rejected, so I guess this program is now the only way to have advanced models perform security analyses.

I will check Monero's ringct/bp+ code today with Fable 5

<hbs:matrix.org> sech1: The same prompt works with Opus 4.8 Max but fails with all Fable 5 ones so I think they included some "safety" filters.

<hbs:matrix.org> Even a prompt as simple as "Perform a security analysis of the XXX smart contract" fails

Yes, I know. I still haven't tested if my account is whitelisted now, because I have another urgent matter at hand

<hbs:matrix.org> sech1: I managed to tweak the prompt so the analysis could start but as soon as the thinking phase identified a potential issue (which actually isn't one), it aborted the process.

yes, it was the same for me yesterday

I'll try later today

this urgent matter: reddit.com/r/Monero/comments/1u1tt1…psa_critical_p2pool_security_update

<basses:matrix.org> Why alert about a security vulnerability with no patch, which will make threat actors look for that vulnerability and exploit it during that timeframe?

<basses:matrix.org> Why not wait till patch with obscuring commit message and commit change (Ex: multiple code changes at once and not the problematic code only)?

<basses:matrix.org> then announce it publicly?

<monerify:matrix.org> the patched code can show what the exploit was

<basses:matrix.org> @monerify:matrix.org: > patch with obscuring commit message and commit change (Ex: multiple code changes at once and not the problematic code only)?

<monerify:matrix.org> so if it's released now before people are aware and awaiting the update, it's much easier for an attacker to abuse the nodes that haven't been aware of the news

<monerify:matrix.org> @basses:matrix.org: might have been an option too, i guess

<basses:matrix.org> how you can be sure that now attackers are motivated to look for this exact issue right now as they have more breadcrumbs to trace where this issue could be exactly

It's hard to obscure what I found, believe me

<basses:matrix.org> can you detect if someone is exploiting it in the wild?

yes

DataHoarder has checked it already, it's not being exploited and never was

<basses:matrix.org> good, hopefully safe till patch date

even in my own codebase @basses:matrix.org in Go it's affected as it matches behavior, and it's even harder to obscure

<basses:matrix.org> hmm, ok.

I'm not placing the tests that check for it but it's clear with the specific fix. It'd be released along other of my own fixes/consensus checks

<basses:matrix.org> thanks everyone

sgp_ I'm still not whitelisted for Claude Fable 5 - it switched to Opus 4.8 again because "cybersecurity" flagged

sech1: it always switches on that, as Fable is Mythos with the guardrails

so I guess it'd switch if you are approved

No, my account should be whitelisted - I did sign the "responsible use" agreement

for the magic grants team account

does it show up as a different model then?

No

<hbs:matrix.org> I disabled the fallback, otherwise you may end up thinking it's an analysis done by Flame 5 when it was only Opus 4.8

"Flame 5" :D

<hbs:matrix.org> sech1: It's a fable :-)

<longtermwhale:matrix.org> Its not as big of a deal as they try to market it for months. You can just use 4.7/4.8 opus and give it enough $$$ to work.

<longtermwhale:matrix.org> Their main goal is to get you out of zero-data-retention, meaning reading all your conversations and train on them.

<longtermwhale:matrix.org> You could just put the same guardrails on every account. Every malicious actor can apply for cyber program anyway. KYC use a dipshit ukrainian for 30$. Its 50% marketing, 50% wanting your data.

<spirobel:kernal.eu> yes it is a scam. anything above deepseek v4 flash thinking low is a larp. they are all cooking with water.

<spirobel:kernal.eu> zookos BOSL license is the main culprit. nobody besides the zcash cultists looked at the code. the ai "narrative" is a distraction and they succeeded with this distraction. (so far)

<spirobel:kernal.eu> hbs: use a more specific prompt. it does not have to be security related. in the end "vulnerability research" is just a subset of quality assurance

<sgp_> It’s possible they don’t really support it for Fable since it’s so new. I’ll check but there’s no separate option on my end to turn on or off for certain models only

<sgp_> Glasswing is a separate tier

<jpk68:matrix.org> nitter.net/0xTib3rius/status/2064442190240100597

<spirobel:kernal.eu> isnt "fable" some old rpg game by microsoft? the names for these things are so turbo cringe i have a hard time to suspend disbelief and pretend this magic zip file can do something

<spirobel:kernal.eu> llms are only useful if they are used to gain a deeper understanding of the codebase and the problem. if they are not used as a tool to help the developer achieve that goal, they are just a source of entropy and a distraction.

<syntheticbird> @spirobel:kernal.eu: fable also means a type of story in french

<spirobel:kernal.eu> @syntheticbird: in German there is the word "Fabel" as well. it means some old made up story about something. really quite fitting

<jpk68:matrix.org> In English it also means the same thing :D

<syntheticbird> why is there different langages already ?

<jpk68:matrix.org> We should all be speaking Esperanto. Take the Rust route and rewrite all literature in Esperanto

<syntheticbird> @jpk68:matrix.org: you almost got me there, it looks so much like a prompt I was about to do it

<spirobel:kernal.eu> nitter.net/spirobel/status/2064210981274923325 saw zcashers liking this post. and there is a former ecc member agreeing with my characterization

<spirobel:kernal.eu> nitter.net/januszg_/status/2064310786806206946#m

<spirobel:kernal.eu> two options: 1. this ai powered vulnerability searcher is a genius and ai is really smart now and can break anything 2. the zcash codebase was toxic waste for anyone outside of the zcash orbit because of the BOSL license

<spirobel:kernal.eu> the reality is number 2. but they managed to convince the market of 1. including the people running the monero twitter account and vik.

<monerobull:matrix.org> great opus marketing

<boog900> why would a license prevent people from looking at the code?

<boog900> did they have a BBP?

<spirobel:kernal.eu> @boog900: look at the BOSL license and you will see why.

<kiersten5821:matrix.org> @boog900: by reading this message you agree to pay me 1000 xmr

<monerobull:matrix.org> why would you look at the code of some shitty license that prevents you from using it

<spirobel:kernal.eu> @boog900: dont think so no. the researcher is asking for donations now

<spirobel:kernal.eu> @monerobull:matrix.org: that might lead to your unrelated work being forced to pay for zookos groceries in the future

<monerobull:matrix.org> Zooko the typa guy to sue Anthropic for having trained on all of github

<monerobull:matrix.org> You dont get it, he DESERVES at least 5% of their company now

<spirobel:kernal.eu> similar situation why people working at large companies are not allowed to read patents

<monerobull:matrix.org> btw does anyone have a usecase for fable 5 that isnt security related? i had a usecase, it oneshotted it, ran out of subscription session usage, i added way too many credits and now have 97% of credits sitting here

<spirobel:kernal.eu> janusz worked at ecc before so it is zcash insiders agreeing with my pov. ( and more zcashers liked this post, so you can assume there is a large fraction that knows this is the true ) > <@spirobel:kernal.eu> nitter.net/januszg_/status/2064310786806206946#m

<syntheticbird> monerobull I wanted to use it for creating bioweapons but they they blocked that too, useless model.

<monerobull:matrix.org> Aww

So yes, this doesn't give unrestricted access to Fable 5. But unrestricted Opus 4.8 is not that bad too.

<sgp_> sech1: Yeah fake news in original post

<syntheticbird> @rucknium:monero.social, there are no reason not to ban fireine

<kiersten5821:matrix.org> this guy is a schizo

<syntheticbird> he is just a sealion

<jpk68:matrix.org> @rucknium:monero.social I think this would be far more preferable to muting the room. Muting also prevents many users without level 10 (including myself) from contributing to the discussion

<ofrnxmr:xmr.mx> can mute a single user. let him read.

<rucknium> I will try to boost everyone who has sent messages recently to level 10. Just muting a single user does not prevent ban evasion through creating new accounts.

<ofrnxmr:xmr.mx> just lower his power to -1 iirc

<syntheticbird> how about both muting and banning him

<syntheticbird> sounds like a good option to me

<rucknium> People have used new accounts to evade bans in MRL in the past.

<jbabb:cypherstack.com> I shouldn't speak for other people but I feel I should mention that at least one person that has been mentioned pretty regularly isn't comfortable being mentioned/cited in such a manner

<jbabb:cypherstack.com> or to put it simply, please do not associate Cypher Stack work with this new crop of contributions.

<jbabb:cypherstack.com> or rather--it is not associated with Cypher Stack except in that some past papers and some real life conversations seem to have served as some inspiration and that's it. I am not really in a position to speak "for" CS anyways 🤡

<ofrnxmr> @rucknium: I would honestly just mute him alone for now

<ofrnxmr> Which should at leash usher /nudge him to use the correct rooms

<ofrnxmr> i meant "least", but leash works too

<ofrnxmr> "alone" meaning, not the whole room. Just set his power lvl to -1. He can still read along, just cant have verbal diarrhea and blow up everybodies notifications

<spirobel:kernal.eu> schizo or Zersetzung

<spirobel:kernal.eu> en.wikipedia.org/wiki/Zersetzung

<jbabb:cypherstack.com> @spirobel:kernal.eu: I wondered what relation "MONEROCHAN OS" had to the MoneroChan of yours (I think it's yours) I know of--I'm assuming no relation?

<jpk68:matrix.org> @spirobel:kernal.eu: Or maybe he's an MKULTRA victim ;)

<spirobel:kernal.eu> @jbabb:cypherstack.com: there is constant bullshit with it in the name ... there was also some zcash based tech used as scam with monerochan in the name

<spirobel:kernal.eu> not sure if this is random bullshit of people trying to profit or if there is some concerted action.

<spirobel:kernal.eu> since the gon gate i distrust unknown accounts entirely

<spirobel:kernal.eu> many attempts to glaze first and then do some kind of psycho bullshit

<spirobel:kernal.eu> last one ended with sean bowie and zooko having a conversation with sock puppets in my replies

<spirobel:kernal.eu> where they announced zcash wallets cant be used without an "enterprise kit" anymore

<jpk68:matrix.org> Genuinely, thank you for the rabbit hole > <@spirobel:kernal.eu> en.wikipedia.org/wiki/Zersetzung

<jpk68:matrix.org> I need something interesting to read

<jpk68:matrix.org> Maybe should be on here: endwalker.com/archive.html

<jpk68:matrix.org> </offtopic>

<rucknium> I don't see a way to give users -1 power levels on Matrix. It doesn't accept negatives.

<syntheticbird> needs room update

<syntheticbird> (probably)

<ofrnxmr:xmr.mx> Dont type it in, use the arrow keys

<ofrnxmr:xmr.mx> If that doesnt work, then its probably that the room is old

<sgp_> room version 6

<rucknium> Arrow keys worked. Thanks.

Feel free to upgrade the room version later. The bridge will automatically migrate on receiving the tombstone

<syntheticbird> based bridge