00:46:20 Binaries for v0.18.3.3 are now available at https://www.getmonero.org 01:07:57 Does this have MRL 108/109 patch ? 01:31:02 Can whoever runs the Monero Git repository publish the latest source code? The latest version on Github is still 0.18.1.0-c8214782f. 01:34:58 Because the source code Tarball is completely useless when it comes to compiling Monero by yourself. 01:35:44 remiliascarlet: compile release branch or the tag 01:35:48 not master branch 01:36:04 That one is 3 weeks behind, just like master. 01:36:20 not sure what you mean 01:36:43 there hasn't been anything merged since 01:36:50 I mean that the `release-v0.18` branch is 3 weeks behind, same as `master`. 01:36:57 it's not behind 01:37:12 And yet a new version of Monero came out only 1 hour ago? 01:37:37 yes, it took a while to update the website and put out the release 01:37:38 And if it's not behind, then why is the compiled binary on version 0.18.1.0-c8214782f.? 01:37:54 because you compiled the master branch and not the release branch 01:38:16 master branch isn't kept up to date with version number changes 01:39:41 release-v0.18 and v0.18.3.3 tag is exactly what was released today 01:39:44 I'll check a bit later, I'm in the middle of compiling (I had to copy over the entire ./external directory from the Git repo into the source of the Tarball to get the compilation to work). 01:40:05 And since I'm compiling on a Core 2 Duo P8700 machine, it will take a while. 02:19:51 Ring Signatures for Secure Online Voting w/ Vasilii Rogin of CryptoPoll / EPI 305 (MT 305) 02:19:52 TODAY'S 🎙SHOW: Douglas Tuman interviews Vasili, a software developer from Helsinki, who has developed an application called CryptoPoll that utilizes the ring signature concept from Monero. 02:19:52 The application aims to enable anonymous voting, surveys, and whistleblowing by leveraging the privacy features of ring signatures. Vasili demonstrates how it works and explores potential use cases for CryptoPoll. 02:19:53 Watch Here (YouTube) ➡️ https://youtu.be/83ygMo5Ml4M 02:19:53 Watch Here (Odysee) ➡️ https://odysee.com/@MoneroTalk:8/ring-signatures-for-secure-online-voting:9 02:19:54 Listen Here 🎧: https://www.monerotalk.live/monerotalk-305 02:19:54 Coffee & Monero, Go to Gratuitas.org today! 02:19:55 Monerotopia23 confer vids: monerotopia.com/videos 02:19:55 FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk 02:19:56 Thank you to sponsors, u/cakelabs and u/Stealthex_io as well as u/sunchakr for making these interviews possible! And of course our listeners and supporters for making 02:19:56 Monero Talk possible! 02:19:57 Podcasts 🎧 : 02:19:57 iTunes: https://podcasts.apple.com/us/podcast/monero-talk/id1445930212 02:19:58 Spotify: https://open.spotify.com/show/60lQ05X8lcuXv71fhi6hl7?si=SL2rlvDPS0q68169NlCrtQ 02:19:58 If you enjoy our show please Subscribe, Like, Share, Rate our YouTube Channel & Podcasts. This will help us grow and spread Monero content! 05:47:46 selsta: OK, confirmed that what you said is indeed correct. 06:50:55 no of txs: 1445, size: 9266.54 kB 06:50:56 Cheap attacker is back 07:03:54 It looks different this time 07:04:10 A lot of 146/2 transactions - over a hundred of them 07:04:27 It's probably the previous attacker shutting down and consolidating the outputs they used 07:04:56 It's over 15k outputs if my math is correct 07:06:24 I counted ~150 transactions 07:41:29 Big whoop 07:46:40 https://github.com/monero-project/research-lab/issues/108 07:46:40 https://github.com/monero-project/research-lab/issues/109 07:46:41 Still open 08:13:04 Everyone, just a late reminder to any Australians to protest against cash being slowly removed from the system by getting some cash from an ATM. You may think "Big deal, we still got monero" but monero is not big enough yet. We must fight and buy ourselves time before cash is removed and everyones money is just a number in a corrupt companies data center. 08:13:04 We lose cash now we lose our freedom for a long time. 08:13:38 "big deal, we still have monero"? Do you realize that this would mean you'd need to carry a smartphone everywhere just for basic payment?? 08:14:01 I withdraw all my earnings immediately anyway, jokes on you! 08:43:21 BlueyHealer: "Do you realize that this would mean you'd need to carry a smartphone everywhere just for basic payment??" Order everything online to work around that problem. 08:43:48 Or maybe something like a paper-based QR-code if that's possible? 08:46:47 Are there any software for monero donations where it keeps track of all donations made to monero donation wallet address? 08:46:47 Useful for organizations 08:48:02 BTCPay supports Monero. 08:49:01 https://sethforprivacy.com/guides/accepting-monero-via-btcpay-server/ 08:50:22 I tried to set it up before, but it was a total pain in the ass. 08:51:29 Another one is Shadowchat, but it's more useful for live streamers: https://gitgud.io/greyarea/shadowchat 09:28:41 <1​23bob123:matrix.org> like a monero wallet? 09:30:43 relavant bounty remiliascarlet https://bounties.monero.social/posts/77/7-052m-make-btcpay-server-configuration-accessible . Monerokon used btcpayserver to run their donation rounds 09:31:22 <3​21bob321:monero.social> i give up its like using monero.social is on chain and matrix.org is LN 09:32:27 Woshlist (multicrypto) is somehow still functional, example here: https://rucknium.me/donate/ and theres also monerofund.org (which appears to be offline Rucknium) 09:33:13 basses: I would assume on getmonero.org 09:33:28 Matrix dot org is LN -> lol 09:34:05 plowsof: It's not just the configuration, the entire installation process is a complete pain, especially if you're like me who doesn't want to use cope containers. 09:36:06 ofrnxmr was working on a shell script to setup btcpayserver on android, in fact he succeeded 10:41:51 yep? 10:51:32 matrix.org lol 11:16:35 https://libreddit.bus-hit.me/r/Monero/comments/1btsmt3/safely_navigating_exchanges_in_2024_insights_from/# 12:17:18 Monero is tanking hard in value this week, holy fuck! 12:27:17 <3​21bob321:monero.social> Maybe the “usage” spammer is dumping it 13:08:04 i only saw something about this on youtube in the evening, im surprised i watched it as it was from sky news. reddit failed here. 13:12:04 reddit fails everywhere 13:16:06 damn you made me check price. well...its not the only one tho. 13:16:09 sorry jp the spammer is not back 13:16:14 please hold............. 13:31:03 Compared to? 13:31:14 https://matrix.monero.social/_matrix/media/v1/download/monero.social/FrrmlvnNcwtaERRukYuEDUZR 13:48:00 basses, thank you for the reddit post 13:48:03 @basses 14:17:49 https://github.com/keepassxreboot/keepassxc/issues/10535#issuecomment-2032146436 14:17:54 > 14:17:55 I prefer donations in a currency that can pay the bills. 14:18:07 > I prefer donations in a currency that can pay the bills. 14:26:43 So BTC/ETH and SOL (!!!) can pay the bills? 14:47:24 plowsof: Thanks. Fixed. 15:08:51 BTC can indeed pay the bills... Of whoever receives its fees! 15:25:26 >Chainalysis will continue to be a part of those efforts in partnership with our government customers in Israel, the United States, and elsewhere. We look forward to sharing more updates on these efforts when possible. 15:25:40 Spam of the day is different, A lot more imput than outputs 15:25:45 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/SuXsWfdcmaxwQThbudgAZWZh 15:25:47 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/XEmWLWFCxNhONhZuZsanEUwM 15:25:49 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/SlNPhaNWwQJpdmKFWJzQdmEW 15:27:24 You can't have a sustained spam if you have more inputs than outputs. You'll run out of inputs pretty quickly 15:27:46 I think it's just the previous spammer consolidating to get what's left of their funds 15:28:13 Yeah, really possible indeed 15:29:31 Why doesn't translate.getmonero.org work? 15:31:51 Moneroed 15:32:05 they are currently fixing it for about 1+ year 15:32:33 some real progress was happening lately to finally fix it but they got hit with matrix issues 15:47:35 thanks for the heads up 15:53:43 He is probably a bitcoin extremist 15:53:43 At the speed he closed the issue 15:54:13 A bitcoin extremist doesn't accept SOL 15:54:52 If he has enough money, the 50$ will find another use, idc 15:54:55 ohh, yeah, your are right 16:04:12 my wallet 16:04:53 send link to foss project you are working on 16:08:04 https://github.com/jermanuts/bad-opsec 16:08:10 does that count? 16:10:10 unfortunately no, but I also see no XMR address on that profile 16:10:54 (joke) 16:12:23 might add later in general 16:15:34 divestos, grapheneos, non google appstores 16:16:11 I just realized how most FOSS projects got VC funding or Gov funding (OTF for example) 16:16:48 also Signal 16:17:51 signal is sus 16:21:33 Consider most foss project backdoored and act accordigny. Been saying that since forever because I know how easy it is. 16:21:34 For XZ i think it's no fed but just dude wanting to make money selling 0day on dnm 16:23:22 And wen someone find a backdoor, it become a bug and it get fixed. 16:49:45 According to your logic, consider all software backdoored 16:49:52 https://matrix.monero.social/_matrix/media/v1/download/kernal.eu/TbjcovGTBDzPGTcZwDsvjlNn 16:50:44 According to my logic, consider all software safe from backdoors 👍️👍️👍️ 16:51:00 (my logic = no computer) 16:51:19 if you can choose between "assumed backdoored" and "assumed backdoored without the ability to check" one should still obviously pick the former 16:51:39 SimpleX is much better but already VC funded 16:51:55 I prefer Signal UX/UI 16:52:05 I am concerned about probably 99% of Simplex messages going through the central servers. 16:52:12 conspiracy 16:52:21 and both are better then whatsapp or telegram. don't let perfect be the enemy of good 16:52:40 Like, you can selfhost, but chances are most of your conversations would still go through the central servers. 16:52:41 It's end to end encrypted, without IDs, and you can use it through Tor. I wouldn't be so concerned. 16:53:10 syntheticbird, I HATE UX/UI of Signal. I want to use it without a smartphone, and it doesn't like being used this way. 16:53:21 https://jermanuts.vercel.app/posts/secure-apps/ 16:53:28 You have to use Signal-Cli, which is inconvenient AF. 16:53:36 Still probably better than Electron app tho 16:53:42 you're right. Signal UX on desktop is shit 16:53:55 syntheticbird, yes, indeed, but it's still effective centralization. 16:54:39 That was easy, even Telegram had this! How much would it cost to just have a little box for the SMS registration code? But "fuck you, go eak your conversations to a smartphone first lolol" 16:57:30 I would not mind TUI, but this is not it. You type the command evety time you want to send or receive a message, which is annoying as fuck. 16:58:24 Assume proprietary software (Say windows) is backdored by Microsoft and the NSA 16:58:25 Assume FOSS is backdored by the Glowies if over 100 countries 16:58:25 So yeah, Assume everything is backdoored, it's easier lol 16:59:14 It's what I do. 16:59:14 My only safe machine is my 486 running on DOS 16:59:37 what outcome of that assumption? 17:01:39 It's extremely easy for a proper agency to backdoor foss. 17:01:39 1 - You pull the git 17:01:39 2 - You get your team to stufy the code and work a backdoor 17:01:40 3 - You pull les of contributor with commit access 17:01:40 4 - You run your intelligence on these peoples to know who is the best canditate for bribery 17:01:41 5 - You contact the contributer, tell him about the .patch you made, give him 2M now and another 2M after it get commited in the code. 17:03:10 Microsoft won't allow backdoor that are not necessary (hence probably NSA only) The risk is too hard, if everyone can push backdoor in microsoft code and it get leaked, you can short Microsoft... The cost of doing stupid is very high. 17:03:11 why bother with money if you can just threaten him with death 17:03:11 You can't short Glibc or XZ... 17:03:45 Plus, unlike Linux code (Not specifically the Linux kernel but all the kitchen sink that get included in distribution) is barely audited. 17:03:58 You'll get cancelled from the whole job market and possibly internet as the contributor (unless you were anonymous, it's actually rare to be that outside of Monero dev). Not sure if it's worth 4 million. 17:04:00 why bother with hacking if you can just threaten people with death 17:04:38 Risk of leaking way higher. 17:04:38 Just give him half of the money, the high he will get from the digit hitting his account will make him push the patch without even looking 17:04:59 lool 17:05:06 What is the worse outcome? 17:05:17 no one uses Windows cuz backdoored? 17:05:29 man I'm starting to suspect all the anti-FOSS posting this week is an IC op 17:05:34 nope 17:05:35 Then everyone use Linux even if more backdoored 😂 17:05:55 I'm not anti foss, I actually find that a better development model in general 17:06:12 But you can't just assume foss is better and more secure, most foss project don't get proper audit 17:06:13 Linus bullied bad code multiple times 17:06:33 And even proper audit can't detect well made backdoor 17:06:40 proper audit? 17:07:02 cuz it's expensive and most devs do it for free 17:07:03 unless you want to sponsor security audits 17:07:04 You think glowies will produce bad code? They have the capacity to provide good qualoity code with a small surprise in it 17:07:08 for them 17:07:18 But you just said it, who audit Linux? Only Linus? 17:07:25 NSA contributes to Red hat 17:07:39 if you can't assume a codebase that is capable of being reviewed publicly is on average more secure than a codebase that cannot receive any public scrutiny then you should just defenestrate all your computers and go live in the woods 17:07:49 also made Ghidra 17:08:02 Windows can backdoor whatever they want and deny it happened. 17:08:13 who audits any software, with your logic 17:08:23 Do you have an example of a project that went through a code audit that had a backdoor in it? 17:08:28 Do you know that microsoft developement is segmented, dev don't access to whole code. Onde dev working on X is done with a patch, another dev working on same X look at the code and if approved, the suppervisor who is also auditor for the group working on X also audit the code. 17:08:28 So every piece of code in Windows is double audited 17:09:07 okay Ballmer 17:09:45 bruh lol 17:09:46 https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html 17:09:46 Siren 17:09:54 If you count Linus audit as proper audit of course 17:10:42 This is not a backdoor 17:10:49 Prove it 17:11:33 Like I said, most found backdoor are very likely to be dismissed as "bugs" 17:11:40 thx for the link. 17:13:25 FOSS so great that backdoor stay in the code for 15 years 17:13:26 Yay, people can all read the code, we are all safe... 17:13:54 this kind of rhetoric results in nothing but fearmongering among technological illiterates 17:14:04 What about that classic one? https://www.csoonline.com/article/562859/the-heartbleed-bug-how-a-flaw-in-openssl-caused-a-security-crisis.html 17:14:04 How much time that "bugs" did stay in openssl? 10 years or something like that if I rememnber 17:14:16 if you care this much, audit some code yourself. otherwise you're just doing the IC's work for free 17:14:34 presumably 17:14:34 How many audits did monero have 17:14:40 quite a few 17:14:45 for protocol 17:14:49 At least one per hard fork implementation 17:14:52 Can you audit the code yourself, really? 17:14:53 For every bloaty libs you have installed on your system, and everytime one get updated? 17:15:08 Full code audit 17:15:10 plus like a said, it's apparenly easy to pass audit with C/C++ code 17:15:23 For every like of code that was added ? 17:15:36 nah. Cryptography and consensus code. 17:15:59 even the best developer in the entire world is incapable of auditing every single line of code on each layer of their own systems 17:16:02 Monero have better audit than most of what's in Linux afaik 17:16:18 None afaik. But core team have good coding practices. vulnerabilities are very rarely severe. You can check HackerOne to see some of them 17:16:18 you clearly know nothing so that statement isn't worth much 17:16:33 Hence assume everything is backdoored, make it easier for you to manage your security model 17:16:43 so why are you on a computer? 17:16:50 yeah 17:16:53 touch grass 17:16:58 Everyone use computers today lol 17:17:00 if everything is backdoored, you should be using stone tablets and a chisel 17:17:01 (I like windows) 17:17:07 https://news.ycombinator.com/item?id=37702491 17:17:10 so you're just full of shit 17:17:11 Stone can be backdoored 17:17:36 Hacker one bounty is so low 17:17:38 https://news.ycombinator.com/item?id=36773242 17:18:57 this chatroom is backdoored, BETTER SIGN OFF NOW BEFORE THEY GET YOU 17:19:05 too late now i own all ur momos 17:19:09 Glowies are listenig for sure 17:19:21 put down the bong dude 17:19:34 https://nvd.nist.gov/vuln/detail/CVE-2021-22555 17:19:34 Attack vector: Local 17:19:35 Shitty backdoor honestly 17:19:43 no need to be listening. Just check out the record later 17:20:05 USER_NS strike again 17:21:40 You do know that local privilege escalation are usefull right. 17:21:40 A assume that on your server you don't run services as ROOT. 17:21:40 So once someone break it using a "bug" from something else, then you use the local privilege escalation to get the root 17:21:41 So I assume glowies want to keep a constant supply of nice local escalation exploit available 17:21:59 ofrnxmr would disagree 🤣 17:22:31 That one local privilege escalation on where linux-ld.so.2 was giving root to everyone asking was sooo funny 😂 17:23:02 Fortunately it did not affect unbloated distribution (like Alpine) 17:23:08 Yes but this is not a backdoor. And it doesn't look like it was deliberately introduced by someone either. Probably was discovered by fuzzing. 17:23:41 You can't prove if it was deliberately introduced by someone 17:23:43 or no 17:26:21 You can by checking the commits. Too difficult to deliberately introduce things like this. 17:26:38 For the two people who linked ycombinator about Azure, I still try to find the relation with windows 17:26:38 For the double audit thing it probably only apple to the product named "Windows" 17:27:13 Well, that botched ZX issue we got went on until someone working from Microsoft found it was sus that it was adding 0.5s delay on ssh 😂 17:27:35 Don't get me started on AD and Windows. It's way shitter. 17:27:54 And? Your point? 17:28:22 Someone discovered that tiny little change and since it was FOSS they could check it out. Great. 17:28:23 only use Windows on Desktop behind a NAT lol. 17:28:24 Anything else (like server shit) Use Linux (if possible one that is not bloated, like Alpine) 17:28:53 Nah need to live like osama bin laden 17:29:23 Yeah, the FOSS developement model is great, It allow cooperation from people from all over the world and gave birth to great products, like Linux 17:29:46 Imagin trying to run Windows server on a VPS with 1GB of ram and 20 GB of storage lol 17:30:15 Linux is the best os for the Internet infrastruction, there is no second best really 17:30:40 But I don't assume something is more secure because it's FOSS. Linux just do the job better for that use case... Way better 17:31:11 idk if you are even talking about intential backdoor or insecure code, cuz if all foss libraries are backdoored then govs are also backdoored so anyone auditing may use it against govs 17:32:29 If you're so worried about supply chain attacks in FOSS, I suggest investing in SAST. 17:33:18 Stuff like sonarqube can find suspicious code or malware in the libraries you use 17:33:24 Will look at that one, thanks 17:34:46 stop pointing out such logical discrepancies, we have fear mongering to do here 17:35:24 I already try to minimize the quantity of code I run on my server. 17:35:24 I replced all Debian with Alpine recently (almost, I still have some Debian running but there been replaced slowly) 17:36:09 is it a VPS? 17:36:11 A lot of gouvs still use Windows, so they have the possible NSA backdoor, so it's not better lol 17:37:02 and what does NSA use? 17:37:06 I have rented VPS, rented dedicated hardware, and owned dedicated hardware. All my monero stuff run on the later 17:37:38 do you own the switches that your dedicated servers are patched to? 17:37:47 Good question, ask them, i'm sure they will tell you 17:37:47 My guess is they use Windows and Linux, you know, use the best tool for the job 17:37:49 I maybe wrong. What are you refering to exactly ? 17:37:52 how about the routers those switches are on? the cables between the routers? 17:38:12 everyone knows copper is backdoored ore 17:38:50 if not then you're PWNED 17:38:53 better shut it all down now! 17:38:56 That's another can of worm 😂Try at minimum to have nothing exposed on the internet (specially the router stuff) 17:39:16 take a hammer to you computer ASAP or you're just concern trolling 17:39:28 if you don't like it, just build your own internet 17:40:05 They say don't trust, verify. 17:40:06 So go just audit all the code you run, without exception 😂 17:41:25 I hear the Amish are doing well this time of year 17:41:56 kiwifarms? 17:41:57 just fabricate your own CPUs bruh 17:41:58 I do have safe CPUs, there maybe older than you (don't know how old you are so it's an assumption) 17:42:38 did you audit every line of their firmware? 17:42:46 Intel have ME since the Core2? 17:42:47 And AMD have that PSP since Ryzen. Sad AMD did not want to open the code even if they initially planned to 17:42:47 if not how do you know that they're safe? 17:43:00 why you are acting like you are the only one not backdoored? 17:43:25 yeah there were no architectural or firmware vulnerabilities before management engines because a thing 17:43:41 🙄 17:43:51 when auditing the code, how do you know your programming skills are good enough to spot a state-sponsored backdoor? 17:44:03 *became a thing 17:44:08 It's not good enough, at least mine 17:45:26 I'm not 17:46:55 Someone can probably break into his home wifi and _schedule a print job_ https://en.wikipedia.org/wiki/PrintNightmare 17:47:05 I pray. God knows give strength to find vuln when I need it 17:48:00 It use to be easier to unpack BIOS into there different modules and then desassemble the modules. Ganted, it take time and brain. 17:48:00 But it's more doable than now, way more doable. 17:48:00 Back then you have 64KB BIOS, now you have 32MB EFI. One of them will require more work to reverse engineer, wonder which one. 17:48:01 There also alternative bios for these antique 17:48:20 i agree EFI was an atrocity 17:48:35 giving Microsoft design control over such a low level standard was fucking stupid 17:49:53 hire best coders in the world with experience in safe coding practices/memory safe langues. Build your OS from scratch, will take about 10 years with $100mil in funding, just to get backdoored by the programming language you used, hardware backdoor or side channel analysis. 17:50:00 Back then the stuff was so simple 17:50:00 You could remove the BIOS chip from an ASUS or MSI board, and stuff it in a ACER board, And it would just work (assuming it have the same chipset and same super IO chip) 17:50:25 back then this stuff was simpleR, it wasn't simple per se 17:50:31 By back then I mean 386 & 486 era, way before they begin to lockdown everything 17:51:28 You can't prevent your house from being burglarized, best you can do is make it a less attractive target than the next house over and a pain to break in to 17:51:45 Yep, exactly 17:52:08 you know your house can easily be burglarized, so take proper measure. 17:53:06 there are no absolutes in this world, at all really 17:53:09 https://matrix.monero.social/_matrix/media/v1/download/kernal.eu/vbOYZfZkHrZmJuGEeSamZnFf 17:53:13 and certainly no such thing as absolute security 17:53:35 all things are processes with tradeoffs, especially security 17:54:22 And layer your defenses too. 17:56:12 by and large, an open codebase that can be peer reviewed by anyone with the interest in doing so will result in better security overall. but also, we have no consumer-scale open hardware due to the particularities of intellectual property law, logistics, and production 17:56:42 the real root of this issue is not a technological one - it's certainly possible to build and scale up open architectures 17:56:59 If the general Linux space was less fragmented, it would help a lit 17:57:00 lot* 17:57:02 but in the reality of power structures as they exist in our present world, that's not going to happen anytime soon 17:58:53 describing it as fragmented is your ideological perspective. mine sees it as decentralized, and that decentralization provides a defensive barrier towards monopoly by entrenched interests and power structures 17:58:57 If all brains working of 4 distribution instead of 69 distribution, there would be more people to see that code and maintains the packages on these specific distribution. 17:58:57 If we had like 3 WM instead of 42 WM, I assume they would have a way better integration and hopefully better code quality 17:59:30 (that's a few example, assume the same for everywhere the wheel got reinvented 16 times) 17:59:50 remember how hard Microsoft tried to snuff out Linux in the first decade? 18:00:10 Yep 18:00:10 And now Linux come with Windows 😂 18:00:34 Linux come with Windows? 18:00:36 Yep, and now there's even talks of Windows being rewritten to base it on Linux 18:00:46 that's testament to the efficiency and strength of decentralized development 18:01:17 Yeah, I was thinking in the past that microsoft could use WSL as a way to slowly port there whole Windows shit on Linux then eventually just replace the kernel 18:01:59 clipboard.png 18:02:13 that's like the default windows explorer, no plugin added. 18:02:24 You add the linux of your choice with one command in powershell 18:02:25 >maintains the packages on these specific distribution. 18:02:26 literally how 18:02:50 WSL 18:03:12 Instead of having people working of 42 thing you have the same quantity of people working on 3 thing. I wonder.... 18:03:21 really there's only a handful of "base" distributions; debian-based, rhel-based, arch-based 18:03:23 Yeah I know, just didn't understand you were talking about WSL. You can evade AVs through it and do nasty shit. 18:03:30 gentoo presumably has some too 18:03:55 3 people working on millions of packages what are you talking about 18:03:59 so saying the problem is there's too many distributions is overlooking that 18:04:23 well, doubling the number of engineers working on a project usually doesn't half the time or double the quality. I'd assume it's the same for software 18:04:30 in a larger sense, there's even meta groupings within the base distros, namely glibc-based vs musl-based 18:04:45 Possible yeah, I did not look for Gentoo, yet 18:04:53 that there's 69 variants of ubuntus doesn't contribute much to "fragmentation" 18:04:59 they're all reskins really 18:05:20 non 18:05:26 their maintainers are probably not capable of doing much auditing of code themselves 18:05:44 thousands people working on 3 WM instead of the same thousands people working on 42 WM 18:05:50 so having them focus on whatever shitty desktop env they prefer isn't subtracting capacity away from the "core" maintainers or w/e 18:06:20 you're ignoring that these groupings aren't all the same size and capacity 18:06:28 38/42 WMs are one or two devs 18:06:28 wait you mean my commit fixing a typo in Mint's interface doesn't translate into a core feature? say it isn't so 18:06:31 they're vanity projects 18:06:38 Only redhat and canonical ships kernels with custom patches usually, they sometimes screw up vuln patches. It's not that fragmented. 18:08:15 Unfortunately the issue itself had only 1 👍️ 18:08:16 I added the second. 18:08:16 At least _**we**_ could show we are interested in this, even if DroidMonkey doesn't seem interested. 18:08:17 there's almost certainly more fragmentation within the organizational teams that exist in Microsoft's corporate structure 18:08:30 My biggest issue with Linux (on desktop) is packaga management. 18:08:31 For servers in general it's nice and always work, considering Linux run the Internet that could explain why it's fine for server 18:08:50 You mean that there are multiple of said package formats? 18:08:54 so use slackware and track your dependencies on pen and paper like a true greybeard :upside 18:09:01 🙃 18:09:27 I mean that stuff often break and I have to lose time to fix it (that append only on desktop, not server) 18:09:28 and sometime it's hillarious, wait a min, I confirm it's still there 18:09:56 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/ionMkkHKltAreOffgavZaolR 18:10:06 This is true because when you take a look at the source code leaks of windows you will find lots of duplicate implementations of the same functionality in many userland tools (I didn't check it in depth) 18:10:10 also i work on servers all day and can confirm server package management can be as big a pain in the neck as on desktop once you get above the level of complexity of hosting a shitty wordpress or w/e 18:10:14 It's still there!!!! 18:10:14 Go get community-qt one and install in a vm, then do pacman -Syu 18:10:19 then you gonna laugh 18:11:41 Oh sad, I found it usually way more reliable than desktop. 18:11:41 And now with docker it well, you install Alpine, you install Docker and your done adding shit with the package manager 😂 18:11:46 So then it usually work 18:11:58 > <@yasabi:matrix.org> there's almost certainly more fragmentation within the organizational teams that exist in Microsoft's corporate structure 18:11:59 This is true because when you take a look at the source code leaks of windows you will find lots of duplicate implementations of the same functionality across many userland tools. 18:12:00 bring these thousands working for free on WM 18:12:12 that's a big reason container solutions have become so popular, beyond their security benefits 18:12:17 Every time I hear about Wordpress, it's about a vulnerability in some plugin, lol 18:12:19 the problems also with main contributors 18:12:23 they may close PR 18:12:27 now you don't need to manage chroots and jails and pyenvs and all that junk 18:12:31 so you only left with forking it 18:12:41 they may decline PR 18:13:11 I use to be that anti container guy until I tried them and was like... no more package manager going to bark at me... nice... 18:13:34 there's real benefits that outweigh the complexity they add imo 18:14:00 and, that's a demonstration that with FOSS, there will always be solutions 18:14:16 Yep, can apk update && apk upgrade in prod without having a heart attack 18:14:34 if you wanna ditch a package manager and closely track everything you can! if you wanna stick with the default manager you can! if you wanna put everything in a container you can! 18:14:51 remember docker didn't run on windows until like a couple years ago 18:14:55 and it still sucks shit there 18:15:18 I did LFS in the past, but thanks, I value my time lol 18:15:29 I'm getting old now so I just want shiet to work 18:16:27 you pay with what? also do u use cpanel? 18:16:27 Docker run fine on windows (WSL2) 18:16:27 But I do prefer to run them in dedicated linux PC (I have a few Lenovo tiny 1L PC) 18:16:59 having more control of your environment means you're responsible for the security profile of your environment, similar to how taking self-custody of your money via crypto means you need to have your keys thoroughly backed up 18:17:06 Honestly I've only seen two reasons for container usage 1. K8S 2. Stuck with PHP 5 18:17:23 but the truth is corporations don't want to pay much money to properly manage their security profiles 18:17:35 they want to pay the absolute least amount they can to maximize their EOY reports 18:17:50 Monero for the rented VPS 18:17:50 Monero converted to руб via friends to pay for the dedicated 18:17:50 And for the stuff I own, Cash work just fine lol 18:18:08 that usually means outsourcing to a third party, and leveraging legal liability instead of investing in proper security 18:18:13 I don't use Cpanel, never used it somehow so I don't know how good it could be for me 18:18:29 the long term effects of that have been compounding for decades now 18:18:34 which is why we're seeing more severe vulnerabilities on the reg 18:18:49 that's another example of how the root of this all isn't a technological problem 18:18:50 I use to own everything I used to host 18:18:54 then cloud came... 18:18:58 and there aren't technological solutions to social problems 18:19:25 And now I'm back to slowly moving everything back into my full control 18:20:27 I think part of if is bloat. 18:20:27 Now we have CPU that run 95% bloat to run the 5% of the code that matter 18:20:31 Heard of PtaaS and CISOaaS? 18:21:00 yes then no 18:22:02 And then there is compliance as a service 😭 18:22:36 chief information security officer as a service 18:22:43 Peak corporate greed 18:22:51 Yeah, I did look it up 18:23:05 the bloat is a byproduct of this corporate incentive structure 18:23:17 it's been an hour 18:23:21 quit ffs 18:23:23 writing clean, efficient, simple code costs more in time and resources than churning out loads of junk 18:24:30 same reason why the ratio of significantly unique cultural content is declining in the face of volumes of reboots and spinoffs 18:24:32 There's a difference between running bloat to please corporate interests and inefficiency developpers, and running bloat because of 25 efficient and powerful abstraction layers of lvm+luks+block devices+virtualization+... 18:24:32 My cpu runs at 3% when i'm idling in a ubuntu KVM inside a ubuntu host 18:24:35 Code and bloat is so much of a problem like. 18:24:35 Why tf my 486 with NT4 load Excel 97 faster than my Ryzen + Linux + Libreoffice 18:24:36 The Ryzen have 1000x more ram and a NVME drive that do 4GB/s instead of a compact flash stuck in PIO3 mode (~3mb/s) 18:24:36 Both program do the same thing... 18:25:24 Imajin if we had the hardware of today with the unbloated software of yesterday 18:25:45 The stuff would all run before you click on it lol 18:26:21 offtopic 18:26:23 There is usefull bloat yeah. 18:26:23 LVM+luck+virtualization are all usefull thing 18:26:28 and afaik there not bloated 18:26:32 > <@ravfx:xmr.mx> I think part of if is bloat. 18:26:32 > Now we have CPU that run 95% bloat to run the 5% of the code that matter 18:26:33 There's a difference between running bloat to please corporate interests and inefficiency developpers, and running bloat because of 25 efficient and powerful abstraction layers of lvm+luks+btrfs+block devices+virtualization+... 18:26:33 My cpu runs at 3% when i'm idling in a ubuntu KVM inside a ubuntu host 18:26:54 (as I'm no longer interested in participating) 18:26:55 We are off topic since a long while indeed 18:27:39 https://github.com/keepassxreboot/keepassxc/issues/10535 18:27:45 will never accept Monero lol 18:29:02 LVM is bloated in ways, it's a wrapper around MD essentially but performs worse 18:29:09 Naaa, it's one of these people, just forget it I think 18:29:11 requires many times more IOPs for the same functions, etc 18:29:45 tho the real issue is distributions defaulting to it even when you don't need to be able to resize volumes 18:29:58 Just wow 18:29:58 >I don't want their money. Spend it on your family and maybe escaping from that situation. 18:30:32 Yeah, it should not be default for sure, same for thing like luks. You use it if you need it and all these things are nicely layerable 18:32:20 He just don't have the spark of curiosity to test out new opportunities. 18:32:46 Still wish KeepassXC to succeed. 18:34:18 At least he accepts other crypto to begin with. I use it everyday. 18:34:57 One day I should try making my own password manager 18:35:12 What other similar managers even are there? 18:35:26 many use it to store their seed 18:35:40 I would rather have mine on paper) 18:35:53 will probably backdoor it if you have used monero RavFX right? 18:36:00 local ? not a lot. Iirc there is one written in Go, CLI. 18:36:01 detect monero seeds 18:36:10 Also KeepassXC is now the only way I would even consider passkeys. 18:36:17 (joke) 18:37:20 sum of backdoors on my system will increase 18:38:26 What do you think of passkeys btw? 18:40:05 wdym, context.exe not found (was afk for a few min) 18:40:35 Isnt keepassXC a reimplementation of the one made in .net 18:41:06 gopass 18:41:13 and pass sucks 18:41:34 I use yubikeys. They're a bit better than having your TOTP secret saved in the same place as your password. 18:41:35 https://rot256.dev/post/pass/ 18:42:19 Yubikeys are expensive iirc. 18:42:25 But a hammer and a wrench always works 18:42:26 I use a phone for TOTP, I do not save them in keepassXC. 18:42:26 Same reason, I don't undersand the point of saving the TOTP where you save your password, just look like a bad idea for some convenience 18:42:51 Naa, just use that tool, work better 18:42:53 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/VusbYXbhJNySJqCGnwwdlTHb 18:43:00 Dumb people exist and in many companies I have seen people leave laptops with yubikeys attached unattended. So in that case obviously they're worse. 18:43:14 I would rather not have my phone touch sensitive data of mine, it is ADB-neutered stock android so not very clean. 18:43:44 ravfx, what if you use a separate database for 2fa and regular passwords? 18:43:55 keep a old phone with network access ideally. 18:43:55 But I do use my "yubi" where I can use it, instead of totp 18:44:08 I do not trust the phone's software to not snitch. 18:44:17 could be better but it would be less convenient 18:44:31 I mean, old phone without network 18:44:38 Old phone? You think we'd keep a functional phone around for pretty much no reason? 18:44:43 First world. 18:45:01 But yea, if you can afford that - yubi seems better. 18:45:08 like a old antique galaxy S3 18:45:08 with a fscked baseband firmware, that way LTE and Wifi totally innoperable 18:45:30 Why would I have a phone benched like this if it is not broken beyond repair? 18:45:49 Cloudflare used to offer big discounts for yubikeys 18:46:06 Just to run Aegis auth for the TOTP collection 18:46:29 Can also use your ledger as TOTP 18:46:52 Ledger as in wallet? These must be expensive too... 18:47:27 that way you don't have to buy many key, if ledger it your screen at high rate of velocity, just get a new one and restore with the words list 18:47:27 I mean use ledger as a yubi lol, not TOTP 18:47:41 that way you don't have to buy many key, if ledger hit your screen at high rate of velocity, just get a new one and restore with the words list 18:47:42 I mean use ledger as a yubi lol, not TOTP 18:48:14 How would a new one get the keys? 18:48:21 if you already have a ledger for crypto, you can also use it as a yubi key 18:48:36 Ledgers for crypto seems like something for wealthy people. 18:48:42 you know these 24 words you keep safe... 18:49:19 the only place the ledger sucks for yubi emulation is for the rarer and rarer sites that also use the counter 18:49:23 Wait, these can be used like this? 18:49:31 yes 18:50:23 it work for websites yubi stuff and Linux PAM. 18:50:23 it does not work for keepassxc and windows auth 18:51:18 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/KHVzVhGbGUWuAeNpfSAEaYaJ 18:54:07 DO not use the ledger as yubi for site that use the counter (I would not use a real yubi for these too) 18:54:07 Else if you replace the key (new counter) or restore the ledger (counter reset to 0) then you are going to have fun to fake auth thousand time till the counter is == to what it was the last time you logged on that site 18:54:59 The only site that did that afaik, was Bitfinex, but I think they don't use the stupid counter anymore (to reconfirm) 19:00:43 There is that one now too, did not try 19:00:44 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/vEWQQGuxlvfrSwSYekhXTWNN 19:02:00 Ok, that one is for "WebAuthn" 19:02:29 It's sad, it seam that they removed SSH & PGP ledger app 19:02:40 It was possible to use the ledger for SSH private/public key shenanigans too 19:05:03 ah way, they removed the SSH thing because you can apparently use SSH with Fido now. 19:05:03 You use that Security Key app for SSH 19:05:04 https://matrix.monero.social/_matrix/media/v1/download/xmr.mx/zocMajwqIOIiGlYwlwTGcyhh 19:05:11 https://www.ledger.com/blog/strengthen-the-security-of-your-accounts-with-webauthn 19:35:51 learned that keepassDX (not keepassXC) accepts xmr 19:36:23 directly featured on their front page as well 19:40:02 <3​21bob321:monero.social> Yeah andriod only 22:00:45 RavFX: https://www.investopedia.com/terms/h/hawala.asp#:~:text=Hawala%20(sometimes%20referred%20to%20as,developing%20countries%20sending%20remittances%20home sounds more anonymous than your latin country dream land 22:06:11 I know Hawala :p 22:23:26 How do you guys get pdfs from https://www.elliptic.co/ and chainanalysis without subscribing to their shitty newsletter? 23:47:32 i dont see those words in that thread. pretty sad tho for a project that keeps secrets safe. 23:55:26 start using bitwarden instead 23:55:53 he doesn't deserve your moneros