03:46:12 *centralised development 03:46:27 *centralised development 👍 03:48:25 ? 05:50:03 hello world 05:58:09 quiet in here, anyone know good communities to chat with about cryptos similar to xmr? 05:59:01 most discords are full of airheads touting the next pump-scheme 05:59:46 telegram too 06:48:34 Over in the particl project talking about ptlcs, atomic swaps, adaptor signatures, and off chain smart contracts if that's at all your fancy 06:49:07 A lot less transitive poggernomic mania which is nice 06:50:15 That is, in between people lobbing scamcoin accusations, so the airheads's influence looms 06:54:48 The decred folks are in on the fun too apparently. Cool chats if you ask me 06:56:24 Irssi and Weechat 06:57:02 I dont hate quassel yet 06:58:01 and who wants to be one of those irssi people 06:59:43 https://media.tenor.com/e-tu1KPkCucAAAAM/the-simpsons-homer-simpson.gif 07:13:33 The people that can get to their client from any ssh client 09:48:01 I swear I will murder somebody if it turns out to be an RCE or something similarly critical .-. 09:49:21 Well they said it's a bug related to UTDs yet it's under embargo so who knows. 09:49:46 a bug in what? 09:50:54 The Rust SDK's crypto 09:51:05 oh wow 09:52:16 <3​21bob321:monero.social> its called responsible disclosure. They have a certain time period to fix it and if not they will disclose it 09:52:33 Centralized development* 09:52:46 i prefer full disclosure 09:52:48 <3​21bob321:monero.social> not embargo they cant enforce someone from releasing a report 09:53:05 the term "responsible" is virtue signalling. the neutral terminology is "coordinated disclosure" 09:53:10 The worst enemy of any sysadmin wanting to keep any semblance of security outside of *let's update like mad* 09:54:06 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> NixOS Security was briefed on the issue so i am calm it will get fixed before it's disclosed 09:54:25 that does not make me calm 09:54:31 If it turns out to be a critical bug I am officially labeling the Rust SDK a security risk and suggesting people to switch to a different client that does not use it 09:54:37 <3​21bob321:monero.social> cvd sounds like a disease 09:54:57 while they are waiting, anyone with decent security skills will be able to exploit it 09:55:15 <3​21bob321:monero.social> its how it works 09:55:17 it's dumb to think that hiding it from sysadmins who could rush a mitigation would also hide it from blackhats 09:55:17 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> Why 09:55:25 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> wrong distro choices (TM) 09:55:58 *Thank* you, finally somebody sane .-. 09:56:33 Also just to clarify the issue is in the Rust SDK, so most modern clients are affected 09:56:52 Probably. No idea. 09:57:05 the companies that support coordinated disclosure want to bury their head in the sand and pretend that, if it's never vulnerable and public, then it was never vulnerable in the first place 09:57:21 I would be grateful if anyone would vet the commits since the issue has been patched upstream already 09:57:35 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> They don't hide it, i got suggestion to block element-* infrastructure wide for now 09:57:39 unfortunately the only people vetting it will be the blackhats 09:57:41 Any sus looking commit with a nonsense commit message 09:58:00 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> The way they are handling the problem seems up to the standard to me 09:58:02 <3​21bob321:monero.social> !ban matrix.org 09:58:23 https://gitlab.archlinux.org/archlinux/packaging/packages/xz/-/commit/881385757abdc39d3cfea1c3e34ec09f637424ad an example of how deceitful commits look like by the way and what to look out for 09:58:52 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> +1 Ban all matrix.org users from this room and tell them to use a better home-server linking a list to the public providers 09:58:58 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> we all should be doing that 09:59:11 <3​21bob321:monero.social> rip plowsof 09:59:21 Not just element 09:59:26 Fractal affected too seemingly. 10:00:59 I lose faith in Matrix more and more .-. 10:01:35 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> I ain't aware of fractal being vulnerable 10:01:38 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> though i bumped the fractal release on the unstable branch in my infra 10:01:57 The vuln is in a common dependency 10:01:59 sad to see so much matrix on irc :( 10:02:33 Line breaks on IRC when 10:02:46 never 10:02:57 it doesn't support it by design, which is a good thing 10:03:07 Hehe 10:03:12 Which server is the channel on? 10:03:20 libera 10:03:24 If it's smth sane I might join on IRC side too 10:03:25 if you mean irc 10:03:36 Yaa meant IRC 10:03:45 libera and oftc are the two big foss irc servers 10:03:50 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> i am aware, but timo gets security briefings and he doesn't seem to be worried so i assume it's rather something electron-related 10:03:51 Guess I am not joining :/ sad. 10:03:54 Ya oftc is the sane one 10:03:59 I hang out on oftc 10:04:01 hello everyone 10:04:06 they're both sane. libera is just freenode without the takeover nonsense 10:04:24 same staff as old freenode and everything 10:04:37 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> NixOS doesn't even have a build prepared in the nixos-staging-next branch for fractal 10:04:37 The registration process is utter insanity 10:04:45 I have been unable to figure out a way to register yet 10:04:45 there's no need to register to join #monero 10:04:57 only a small number of channels require registration 10:05:04 The server does not allow me to connect without registering 10:05:17 are you using a vpn? 10:05:22 or tor? 10:05:25 Tor. 10:05:27 ah 10:05:32 As I do for all IRC servers 10:05:37 for tor users, i agree oftc is way better 10:05:44 i'm also a tor user, i'm just using a znc 10:05:51 tor -> znc -> libera 10:05:53 Yep because I can actually register for free 10:05:56 ZNC? 10:06:28 it's a type of bnc (bouncer). it's like a proxy that logs so that when you disconnect, it remains connected to irc, then when you reconnect, you have the scroll log 10:06:41 is there a popular Tor irc? nothing comes up in the search 10:06:46 oftc is the popular one 10:06:49 <5​m5z3q888q5prxkg:chat.lightnovel-dungeon.de> how do you mitigate the ZNC being traceable 10:06:51 Tor IRC? 10:06:56 oftc has an onion 10:07:00 you mitigate it being traceable by using tor 10:07:09 Sane FOSS projects are on oftc 10:07:11 like a irc channel to discuss TOR 10:07:19 the #tor irc channel is on oftc 10:07:23 I mostly hang around driver ppl and they are all on oftc 10:07:48 And the libera.chat projects tend to have mailing lists so it's okay I suppose 10:07:54 cool. thanks! 10:08:02 but znc is nice. if my tor circuit went down right now, i would disconnect from the znc but the znc would stay connected to libera. then if you said something while i was disconnected, when i reconnect i'd see it 10:08:24 btw libera also has an onion, but you have to connect with non-tor to register first, which defeats the purpose (although you can use a proxy to do it initially) 10:08:33 I have auto reconnect, it works quite well 10:08:38 But ya a bouncer is better 10:08:47 Yea I am aware 10:09:00 It's pain I have not been able to figure out how to solve yet 10:09:15 libera registrations are why I was here a week ago asking for VPS reccs 10:09:26 So I could get a proxy and register an acc 10:09:26 the only downside to bouncer is that it's basically a mitm, so i don't like using it if i'm doing private messages (unless i use otr) 10:09:59 I wouldn't use IRC for private msgs, no E2EE so kinda a dum idea 10:10:10 otr is e2e 10:10:16 works on irc 10:10:39 Hm 10:10:45 First time hearing of it 10:10:52 ity, some clients have plugins for e2e at least. 10:10:52 it's a plugin for many irc clients 10:10:59 otr is the popular one 10:11:06 O 10:11:06 I used Hexchat with otr previously. 10:11:20 I use weechat personally haha 10:11:34 It apparently also has one! 10:11:46 Nice 10:11:50 libotr is the library the cliets use. hexchat, weechat, and irssi support it. probably others too. when two people pm who are using otr, they can establish a secure connection. data is encrypted using aes128 and converted to base64 before being transparently sent over pm 10:11:58 I use it now too, but have not installed otr yet because I pm so few people, and even fewer use otr. 10:12:19 How is key agreement handled? 10:12:29 dhe 10:13:01 Diffie-Hellman? 10:13:25 and authentication is optional. you can either use tofu (gpg style trust on first use, where the other person's dsa fingerprint is saved), or smp (socialist millionaire protocol which is a need way to verify if two people share the same secret without revealing it), or by manually checking fingerprints 10:13:30 That relies on an offline channel for key verification 10:13:51 that's the case for 100% of e2e systems 10:13:54 O hm 10:14:01 Indeed 10:14:05 but you can verify pretty easily using smp 10:14:11 Smp? 10:14:30 socialist milionaire protocol. it's a way for two parties to prove they both hold the same secret without revealing the secret 10:14:36 I either do it in-person or in a randomly chosen channel. 10:15:18 so if my key is "apple" then i put "apple" into smp. despite that being very weak, you can't brute force it. and if i use "apple" but you use "pear" then all either of us knows is that we didn't pick the same key 10:15:33 then as soon as it's verified once, the dsa fingerprint is saved as trusted 10:17:50 otr is very clever because it provides perfect repudiation 10:18:24 so even if the person you talk to is malicious and they record all the traffic as well as record the ephemeral encryption key used internally, the transcript won't hold up in a court of law 10:19:01 because every once in a while it will intentionally "leak" the mac key, which would allow forgeries. it's like revealing your pgp signing private key once you're done using it and the other party is done using it to verify 10:56:37 I never used IRC before, when I ever join using oftc web client I get flagged 10:56:54 using VPN 10:57:22 oftc web client seems to ban all vpns and proxies for some reason 10:57:29 but the irc server itself doesn't, if you connect using an irc client 10:59:07 can't we make our own protocol? 10:59:16 at this point it would just be better 11:01:46 https://xkcd.com/927/ 11:03:34 the protocol isn't the problem, it's just the choice of oftc what ips they let in on their web client 11:05:16 I am working on one lol 11:05:29 Too tired of Matrix's bullshit 11:05:55 Mind giving us some hype? tell us everything 11:11:24 simpler is better 11:11:30 which is why irc (or at least ircv3) is better 11:12:05 Well, mostly working on UX and getting features of modern IM services so that I can get normies over lol 11:12:23 build on top of xmpp then 11:12:25 And improving E2EE reliability and idiot-proofness 11:12:31 Heck no 11:12:36 it's highly extensible 11:13:00 and meant to be the basis of any communication protocol 11:14:16 or use irc and they haphazardly stuff all new incompatible features into ctcps :p 11:17:36 Lol 11:18:52 (the joke being that ctcp itself is a haphazard hack to give irc capabilities it doesn't otherwise hve lol) 11:19:52 but i love how simple it is 11:20:01 so simple you can use irc with telnet 12:45:34 aaabbb: "socialist milionaire protocol." Or "socialist millitant parade" just to include all those socialist slaves who got brainwashed into believing it's the best thing ever. 16:58:09 haveno git has a new commit for a new documentation file for deploying on mainnet. 16:58:12 https://github.com/haveno-dex/haveno/blob/master/docs/create-mainnet.md 16:58:50 seems it's getting closer and closer 😃 16:59:52 haveno git just had a commit for a new documentation file for deploying on mainnet. 17:10:14 Privacy is Pro-National Security w/ J.W. Verret (MT 310) 17:10:15 TODAY'S 🎙SHOW:Douglas Tuman interviews J.W. Verret, a practicing lawyer and law professor at George Mason University. 17:10:17 J.W. discusses his role as an expert witness in the Roman Sterlingov trial, where he argued that Sterlingov could not have allegedly ran Bitcoin Fog. J.W. and Doug also talk about the implications of the government's recent overreach related to privacy and cryptocurrency technology by exploring the indictments against Tornado Cash and Samurai Wallet. 17:10:19 Hear about who in the US Congress are allies in the movement to normalize privacy and the potential hope Monero provides to resist increasing government infringement on privacy. 17:10:21 Watch Here (YouTube) ➡️ https://youtu.be/ZLJMyQ9dcOI 17:10:23 Watch Here (Odysee) ➡️ https://odysee.com/@MoneroTalk:8/privacy-is-pro-national-security-w-j.w.:e 17:10:25 Listen Here 🎧: https://www.monerotalk.live/privacy-is-pro-national-security-j-w-verret-310 17:10:27 Coffee & Monero, Go to Gratuitas.org today! 17:10:29 Monerotopia23 confer vids: monerotopia.com/videos 17:10:31 FOLLOW US https://monero.town/u/monerotalk & https://mastodon.social/@monerotalk 17:10:33 Thank you to sponsors, u/cakelabs and u/Stealthex_io as well as u/sunchakr for making these interviews possible! And of course our listeners and supporters for making