16:48:09 Meeting in a bit more than 1 hour 18:00:01 Meeting time. Hello! https://github.com/monero-project/meta/issues/1232 18:00:24 hey 18:00:42 *waves8 18:00:46 *waves* * 18:02:16 Alright, let's start with the reports from last week 18:02:24 mainly worked on multisig, will need to spend some time testing when everything is ready 18:02:25 `grep "\" src/simplewallet/simplewallet.cpp -c` now gives 326 results on my branch, 668 on master 18:02:52 Also noticed there is a problem with the methods that take `char *password` as argument (from my [remove cached password PR](https://github.com/monero-project/monero/pull/9915/commits/214bbf59092337987830dbfe66c574c7fe708566)). AFAICT after debugging, it is no issue if the pointer comes from a `string` (as it is the case in the GUI), but `wipeable_string` is not zero-terminated, s o if you just pass `wipeable_str.data()` it will read the password + random amount of random bytes until next zero-byte. 18:02:55 To solve this I added function overloads with `size_t pw_length` ([commit](https://github.com/monero-project/monero/commit/a5fc39da427fff8fdbd593713169f47343f0a7a2)). 18:02:57 Haven't changed #9915 yet, but I'd say that we should not allow the potentially dangerous functions like `setPassword(const char *old_password, const char *new_password)` without `size_t pw_length`. So instead of overloads I would just replace the functions, do you agree? 18:02:59 Sounds good 18:04:02 You mean your *own* new methods that take a password in the form of `char *password`? 18:04:31 yes, not merged into monero-project yet 18:04:54 Then yes, I would make them safe 18:05:13 But where would the caller get the length from? 18:05:15 me: contest review/handling, PR wrangling, nothing significant to share since last week 18:05:33 `wipeable_string.size()` 18:05:47 I see 18:06:09 jberman: Say again, when is the new, extended contest deadline? 18:07:02 helioselene deadline extended to July 10th, 17:00 UTC 18:07:23 https://github.com/j-berman/fcmp-plus-plus-optimization-competition?tab=readme-ov-file#update-helioselene-submission-deadline-extended 18:07:48 Hopefully the updated rules do not allow any more loopholes or still offer room for misunderstandings ... 18:08:12 sorry brb 18:08:38 Who would have thought that the contest would get into such rough waters :) 18:09:38 There is a second submitter for Helioselene beside dimalinux, right? You did not hear much from them? 18:10:57 We're in contact via DM, they are aware of the latest 18:11:14 Ok, so just less public drama :) 18:12:14 pw_length makes sense to me here (unfortunately) 18:12:42 Yep 👌 18:13:11 Alright, do we have something to discuss beyond these reports? 18:14:35 Does not look like it. Thanks everybody for attending, read you again next week! 18:16:01 Doesn't need an answer right now, but was curious if you may have any thoughts on deprecating Boost serialization for MMS messages here: https://github.com/monero-project/monero/pull/9940 18:18:57 Don't see any problem with that. MMS does not work properly anymore anyway, and with tobtoht hopefully sooner or later bringing some successor to the table I don't think Boost support matters in any way here. 18:28:35 >MMS does not work properly anymore anyway 18:28:37 that's good to know, can skip investigating how that works then 18:28:56 only first line should be quote 18:33:08 You mean because of any relevance for your extended / completed Wallet API? Yeah, somehow I don't see that supporting it there would make sense. 18:34:02 I just don't see clearly now whether not supporting it in the Wallet API would lead to a requirement to fully remove anything MMS related from the CLI wallet ... 18:37:05 I was talking about my current "replace wallet2 from CLI", there I added `TODO`s to investigate mms https://github.com/monero-project/monero/commit/a6cbf24ce2a5ac425553e4b6286bb799fe07bcdf 18:37:05 I'm actually not sure how far mms is/was ever integrated into the Wallet API, what's something I'd need to look into 18:38:10 s/what's something/that's something 18:38:56 No, the MMS never was in the Wallet API. But if you want, on the one hand, a CLI wallet that is free of `wallet2` references, thanks to your much extended Wallet API, but on the other hand don't want to support the MMS there, the logical consequence seems to be to rip out everything MMS 18:41:23 sounds harsh, but if it doesn't work anymore ... I need to study that code, seems most of mms stuff is just in simplewallet, searching for mms in wallet2 only gives a dozen results 18:44:56 I think a quick chat for you with tobtoht regarding this would be a good idea. I don't have recent info where they stand with their MMS alternative. I suspect that it's not imminent, so removing all the MMS code in `simplewallet` for the time being would maybe be painful, at least for me, but only logical.