<k​arano:poddery.com> *centralised development

<k​arano:poddery.com> *centralised development 👍

?

<t​hekernel:matrix.org> hello world

<t​hekernel:matrix.org> quiet in here, anyone know good communities to chat with about cryptos similar to xmr?

<t​hekernel:matrix.org> most discords are full of airheads touting the next pump-scheme

<m​mxxx:matrix.org> telegram too

<a​xmasta:matrix.org> Over in the particl project talking about ptlcs, atomic swaps, adaptor signatures, and off chain smart contracts if that's at all your fancy

<a​xmasta:matrix.org> A lot less transitive poggernomic mania which is nice

<a​xmasta:matrix.org> That is, in between people lobbing scamcoin accusations, so the airheads's influence looms

<a​xmasta:matrix.org> The decred folks are in on the fun too apparently. Cool chats if you ask me

<a​remor:matrix.org> Irssi and Weechat

<a​xmasta:matrix.org> I dont hate quassel yet

<t​hekernel:matrix.org> and who wants to be one of those irssi people

<a​xmasta:matrix.org> media.tenor.com/e-tu1KPkCucAAAAM/the-simpsons-homer-simpson.gif

<a​remor:matrix.org> The people that can get to their client from any ssh client

<i​ty:itycodes.org> I swear I will murder somebody if it turns out to be an RCE or something similarly critical .-.

<i​ty:itycodes.org> Well they said it's a bug related to UTDs yet it's under embargo so who knows.

a bug in what?

<i​ty:itycodes.org> The Rust SDK's crypto

oh wow

<3​21bob321:monero.social> its called responsible disclosure. They have a certain time period to fix it and if not they will disclose it

<i​ty:itycodes.org> Centralized development*

i prefer full disclosure

<3​21bob321:monero.social> not embargo they cant enforce someone from releasing a report

the term "responsible" is virtue signalling. the neutral terminology is "coordinated disclosure"

<i​ty:itycodes.org> The worst enemy of any sysadmin wanting to keep any semblance of security outside of *let's update like mad*

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> NixOS Security was briefed on the issue so i am calm it will get fixed before it's disclosed

that does not make me calm

<i​ty:itycodes.org> If it turns out to be a critical bug I am officially labeling the Rust SDK a security risk and suggesting people to switch to a different client that does not use it

<3​21bob321:monero.social> cvd sounds like a disease

while they are waiting, anyone with decent security skills will be able to exploit it

<3​21bob321:monero.social> its how it works

it's dumb to think that hiding it from sysadmins who could rush a mitigation would also hide it from blackhats

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> Why

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> wrong distro choices (TM)

<i​ty:itycodes.org> *Thank* you, finally somebody sane .-.

<i​ty:itycodes.org> Also just to clarify the issue is in the Rust SDK, so most modern clients are affected

<i​ty:itycodes.org> Probably. No idea.

the companies that support coordinated disclosure want to bury their head in the sand and pretend that, if it's never vulnerable and public, then it was never vulnerable in the first place

<i​ty:itycodes.org> I would be grateful if anyone would vet the commits since the issue has been patched upstream already

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> They don't hide it, i got suggestion to block element-* infrastructure wide for now

unfortunately the only people vetting it will be the blackhats

<i​ty:itycodes.org> Any sus looking commit with a nonsense commit message

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> The way they are handling the problem seems up to the standard to me

<3​21bob321:monero.social> !ban matrix.org

<i​ty:itycodes.org> gitlab.archlinux.org/archlinux/pack…5757abdc39d3cfea1c3e34ec09f637424ad an example of how deceitful commits look like by the way and what to look out for

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> +1 Ban all matrix.org users from this room and tell them to use a better home-server linking a list to the public providers

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> we all should be doing that

<3​21bob321:monero.social> rip plowsof

<i​ty:itycodes.org> Not just element

<i​ty:itycodes.org> Fractal affected too seemingly.

<i​ty:itycodes.org> I lose faith in Matrix more and more .-.

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> I ain't aware of fractal being vulnerable

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> though i bumped the fractal release on the unstable branch in my infra

<i​ty:itycodes.org> The vuln is in a common dependency

sad to see so much matrix on irc :(

<i​ty:itycodes.org> Line breaks on IRC when

never

it doesn't support it by design, which is a good thing

<i​ty:itycodes.org> Hehe

<i​ty:itycodes.org> Which server is the channel on?

libera

<i​ty:itycodes.org> If it's smth sane I might join on IRC side too

if you mean irc

<i​ty:itycodes.org> Yaa meant IRC

libera and oftc are the two big foss irc servers

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> i am aware, but timo gets security briefings and he doesn't seem to be worried so i assume it's rather something electron-related

<i​ty:itycodes.org> Guess I am not joining :/ sad.

<i​ty:itycodes.org> Ya oftc is the sane one

<i​ty:itycodes.org> I hang out on oftc

<t​hekernel:matrix.org> hello everyone

they're both sane. libera is just freenode without the takeover nonsense

same staff as old freenode and everything

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> NixOS doesn't even have a build prepared in the nixos-staging-next branch for fractal

<i​ty:itycodes.org> The registration process is utter insanity

<i​ty:itycodes.org> I have been unable to figure out a way to register yet

there's no need to register to join #monero

only a small number of channels require registration

<i​ty:itycodes.org> The server does not allow me to connect without registering

are you using a vpn?

or tor?

<i​ty:itycodes.org> Tor.

ah

<i​ty:itycodes.org> As I do for all IRC servers

for tor users, i agree oftc is way better

i'm also a tor user, i'm just using a znc

tor -> znc -> libera

<i​ty:itycodes.org> Yep because I can actually register for free

<i​ty:itycodes.org> ZNC?

it's a type of bnc (bouncer). it's like a proxy that logs so that when you disconnect, it remains connected to irc, then when you reconnect, you have the scroll log

<t​hekernel:matrix.org> is there a popular Tor irc? nothing comes up in the search

oftc is the popular one

<5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> how do you mitigate the ZNC being traceable

<i​ty:itycodes.org> Tor IRC?

<i​ty:itycodes.org> oftc has an onion

you mitigate it being traceable by using tor

<i​ty:itycodes.org> Sane FOSS projects are on oftc

<t​hekernel:matrix.org> like a irc channel to discuss TOR

the #tor irc channel is on oftc

<i​ty:itycodes.org> I mostly hang around driver ppl and they are all on oftc

<i​ty:itycodes.org> And the libera.chat projects tend to have mailing lists so it's okay I suppose

<t​hekernel:matrix.org> cool. thanks!

but znc is nice. if my tor circuit went down right now, i would disconnect from the znc but the znc would stay connected to libera. then if you said something while i was disconnected, when i reconnect i'd see it

btw libera also has an onion, but you have to connect with non-tor to register first, which defeats the purpose (although you can use a proxy to do it initially)

<i​ty:itycodes.org> I have auto reconnect, it works quite well

<i​ty:itycodes.org> But ya a bouncer is better

<i​ty:itycodes.org> Yea I am aware

<i​ty:itycodes.org> It's pain I have not been able to figure out how to solve yet

<i​ty:itycodes.org> libera registrations are why I was here a week ago asking for VPS reccs

<i​ty:itycodes.org> So I could get a proxy and register an acc

the only downside to bouncer is that it's basically a mitm, so i don't like using it if i'm doing private messages (unless i use otr)

<i​ty:itycodes.org> I wouldn't use IRC for private msgs, no E2EE so kinda a dum idea

otr is e2e

works on irc

<i​ty:itycodes.org> Hm

<i​ty:itycodes.org> First time hearing of it

ity, some clients have plugins for e2e at least.

it's a plugin for many irc clients

otr is the popular one

<i​ty:itycodes.org> O

I used Hexchat with otr previously.

<i​ty:itycodes.org> I use weechat personally haha

It apparently also has one!

<i​ty:itycodes.org> Nice

libotr is the library the cliets use. hexchat, weechat, and irssi support it. probably others too. when two people pm who are using otr, they can establish a secure connection. data is encrypted using aes128 and converted to base64 before being transparently sent over pm

I use it now too, but have not installed otr yet because I pm so few people, and even fewer use otr.

<i​ty:itycodes.org> How is key agreement handled?

dhe

<i​ty:itycodes.org> Diffie-Hellman?

and authentication is optional. you can either use tofu (gpg style trust on first use, where the other person's dsa fingerprint is saved), or smp (socialist millionaire protocol which is a need way to verify if two people share the same secret without revealing it), or by manually checking fingerprints

<i​ty:itycodes.org> That relies on an offline channel for key verification

that's the case for 100% of e2e systems

<i​ty:itycodes.org> O hm

<i​ty:itycodes.org> Indeed

but you can verify pretty easily using smp

Smp?

socialist milionaire protocol. it's a way for two parties to prove they both hold the same secret without revealing the secret

I either do it in-person or in a randomly chosen channel.

so if my key is "apple" then i put "apple" into smp. despite that being very weak, you can't brute force it. and if i use "apple" but you use "pear" then all either of us knows is that we didn't pick the same key

then as soon as it's verified once, the dsa fingerprint is saved as trusted

otr is very clever because it provides perfect repudiation

so even if the person you talk to is malicious and they record all the traffic as well as record the ephemeral encryption key used internally, the transcript won't hold up in a court of law

because every once in a while it will intentionally "leak" the mac key, which would allow forgeries. it's like revealing your pgp signing private key once you're done using it and the other party is done using it to verify

<b​asses:matrix.org> I never used IRC before, when I ever join using oftc web client I get flagged

<b​asses:matrix.org> using VPN

oftc web client seems to ban all vpns and proxies for some reason

but the irc server itself doesn't, if you connect using an irc client

<s​yntheticbird:monero.social> can't we make our own protocol?

<s​yntheticbird:monero.social> at this point it would just be better

the protocol isn't the problem, it's just the choice of oftc what ips they let in on their web client

<i​ty:itycodes.org> I am working on one lol

<i​ty:itycodes.org> Too tired of Matrix's bullshit

<s​yntheticbird:monero.social> Mind giving us some hype? tell us everything

simpler is better

which is why irc (or at least ircv3) is better

<i​ty:itycodes.org> Well, mostly working on UX and getting features of modern IM services so that I can get normies over lol

build on top of xmpp then

<i​ty:itycodes.org> And improving E2EE reliability and idiot-proofness

<i​ty:itycodes.org> Heck no

it's highly extensible

and meant to be the basis of any communication protocol

or use irc and they haphazardly stuff all new incompatible features into ctcps :p

<i​ty:itycodes.org> Lol

(the joke being that ctcp itself is a haphazard hack to give irc capabilities it doesn't otherwise hve lol)

but i love how simple it is

so simple you can use irc with telnet

aaabbb: "socialist milionaire protocol." Or "socialist millitant parade" just to include all those socialist slaves who got brainwashed into believing it's the best thing ever.

<l​m:matrix.baermail.fr> haveno git has a new commit for a new documentation file for deploying on mainnet.

<l​m:matrix.baermail.fr> github.com/haveno-dex/haveno/blob/master/docs/create-mainnet.md

<l​m:matrix.baermail.fr> seems it's getting closer and closer 😃

<l​m:matrix.baermail.fr> haveno git just had a commit for a new documentation file for deploying on mainnet.

<k​orgprivacy:matrix.org> Privacy is Pro-National Security w/ J.W. Verret (MT 310)

<k​orgprivacy:matrix.org> TODAY'S 🎙SHOW:Douglas Tuman interviews J.W. Verret, a practicing lawyer and law professor at George Mason University.

<k​orgprivacy:matrix.org> J.W. discusses his role as an expert witness in the Roman Sterlingov trial, where he argued that Sterlingov could not have allegedly ran Bitcoin Fog. J.W. and Doug also talk about the implications of the government's recent overreach related to privacy and cryptocurrency technology by exploring the indictments against Tornado Cash and Samurai Wallet.

<k​orgprivacy:matrix.org> Hear about who in the US Congress are allies in the movement to normalize privacy and the potential hope Monero provides to resist increasing government infringement on privacy.

<k​orgprivacy:matrix.org> Watch Here (YouTube) ➡️ youtu.be/ZLJMyQ9dcOI

<k​orgprivacy:matrix.org> Watch Here (Odysee) ➡️ odysee.com/@MoneroTalk:8/privacy-is-pro-national-security-w-j.w.:e

<k​orgprivacy:matrix.org> Listen Here 🎧: monerotalk.live/privacy-is-pro-national-security-j-w-verret-310

<k​orgprivacy:matrix.org> Coffee & Monero, Go to Gratuitas.org today!

<k​orgprivacy:matrix.org> Monerotopia23 confer vids: monerotopia.com/videos

<k​orgprivacy:matrix.org> FOLLOW US monero.town/u/monerotalk & mastodon.social/@monerotalk

<k​orgprivacy:matrix.org> Thank you to sponsors, u/cakelabs and u/Stealthex_io as well as u/sunchakr for making these interviews possible! And of course our listeners and supporters for making