September 01, 2018
<sgp_1> All right, meeting time
<sgp_1> 0. Introduction
<sgp_1> We would like to welcome everyone to this Monero Community Meeting!
<sgp_1> Link to agenda on GitHub: https://github.com/monero-project/meta/issues/271
<sgp_1> Monero Community meetings are a discussion place for anything going on in the Monero Community, including other Monero workgroups. We use meetings to encourage the community to share ideas and provide support. Stay up to date with the latest events by subscribing to this calendar: https://xmr.ncrypt.sh/index.php/apps/calendar/p/8dP6z6XQDnkPREo4/Monero-Meetings
<sgp_1> 1. Greetings
<xmrmatterbridge> <cryptochangements> Hey everyone
<el00ruobuob_[m]> Hi there!
<xmrmatterbridge> <ordtrogen> Greetings earthlings we come in peace
<sgp_1> Is rehrar here?
<xmrmatterbridge> <ordtrogen> He was, 45 mins ago
<xmrmatterbridge> <ordtrogen> (maybe still is, idk)
<el00ruobuob_[m]> he might be trying to change a scammer's mind
<_Slack> <xmrscott> Hola
<sgp_1> hopefully he hops on later
<sgp_1> 2. Community highlights
<sgp_1> anhdres gave a talk about Monero in Spanish at Bitcoin Argentina: https://www.reddit.com/r/MoneroCommunity/comments/9b92t2/i_gave_an_introduction_to_monero_talk_last_friday/
<monerobux> [REDDIT] I gave an Introduction to Monero talk last friday in the Bitcoin Argentina space (in spanish) (https://www.facebook.com/bitcoinargentina/videos/326676071411351/) to r/MoneroCommunity | 8 points (85.0%) | 3 comments | Posted by anhdres | Created at 2018-08-29 - 13:01:40
<sgp_1> vp11 has been making progress with r/MoneroSupport. It now tags issues for easier support, and the number of active contributors has been steadily increasing.
<sgp_1> We had our August Monero Coffee Chat: https://www.youtube.com/watch?v=8dH3R27grLE
<monerobux> [ Monero Coffee Chat - 2018.08.18 - YouTube ] - www.youtube.com
<sgp_1> There was a lot of visible work on the Monero blackball tool. moneromooo PR’ed several updates. I made a blackball database with Monero, Monerov6 (XMC, XMO), MoneroV (XMV), and public pool data available at moneroblackball.com. Another researcher shared some preliminary results of their investigation: https://www.reddit.com/r/Monero/comments/9ayq0c/results_from_my_masters_thesis_on_monero/
<monerobux> [REDDIT] Results from my Master's thesis on Monero traceability, another blackball-DB (self.Monero) | 203 points (100.0%) | 37 comments | Posted by oerpli | Created at 2018-08-28 - 13:03:10
<sgp_1> Blackball tools can help you increase the privacy offered by Monero
<sgp_1> iCryptoNode announced their Raspberry Pi Monero project: https://www.reddit.com/r/Monero/comments/9bg7a3/new_raspberry_pi_monero_project_and_company_launch/
<monerobux> [REDDIT] New Raspberry Pi Monero Project and Company Launch (self.Monero) | 155 points (99.0%) | 66 comments | Posted by jamesishere | Created at 2018-08-30 - 03:37:51
<sgp_1> An update on the Monero-sponsored racecar: https://www.reddit.com/r/Monero/comments/98uhtb/monero_sponsered_racecar_status_update/
<monerobux> [REDDIT] Monero sponsered racecar - status update (self.Monero) | 115 points (96.0%) | 40 comments | Posted by M5M400 | Created at 2018-08-20 - 15:20:12
<sgp_1> rehrar published a Defcon Monero village summary: https://www.reddit.com/r/Monero/comments/97ba8q/defcon_monero_village_update_and_summary/
<monerobux> [REDDIT] Defcon Monero Village Update and Summary (self.Monero) | 114 points (98.0%) | 22 comments | Posted by Rehrar | Created at 2018-08-14 - 19:19:35
<sgp_1> The Monero Defcon party was featured on Mashable: https://mashable.com/2018/08/14/monero-cryptocurrency-def-con-vegas/
<sgp_1> Last chance to recommend a name for the Monero 0.13 release: https://forum.getmonero.org/6/ideas/90722/release-name-for-oct-0-13-0-hard-fork
<sgp_1> Does anyone else have community (non-workgroup) updates to share?
<el00ruobuob_[m]> i asked for feedback on github
<el00ruobuob_[m]> about monero-integrations integration to the user-guides
<el00ruobuob_[m]> any votes here are welcome
<xmrmatterbridge> <cryptochangements> I vote 100% in favor
<midipoet> has that Rasberry Pi code been community vetted?
<xmrmatterbridge> <cryptochangements> I'll comment on github, even if I may be a little biased lol
<sgp_1> midipoet not that I know of but it's open source
<hyc> oooo. new workgroup. review other software in the ecosystem
<hyc> give a "monero community reviewed" stamp
<midipoet> thats actually a nice idea for a workgroup
<el00ruobuob_[m]> agreed too
<xmrmatterbridge> <ordtrogen> yup
<sarang> Hi, just joined
<sgp_1> 3. FFS updates
<sgp_1> There are several Forum Funding System (FFS) updates. Workgroup reports now have their own section.
<sgp_1> rehrar opened a FFS for his tour to speak at several conferences, still in ideas: https://forum.getmonero.org/6/ideas/90717/the-rehrar-tour
<sgp_1> Brandon opened a FFS for another quarter of research, still in ideas: https://forum.getmonero.org/6/ideas/90730/continued-funding-for-surae-for-another-quarter-september-october-november-2018
<sgp_1> moneromooo opened a FFS for another quarter of development, still in ideas: https://forum.getmonero.org/6/ideas/90748/moneromooo-coding-october-december
<sgp_1> A contributor made a flyer and is asking for support to share with other households, still in ideas: https://forum.getmonero.org/6/ideas/90669/anybody-interested-in-participating-in-a-monero-pamphlet-drive
<sgp_1> violentlypeaceful opened a FFS to translate Monero documentation to Brazilian Portuguese, still in ideas: https://forum.getmonero.org/6/ideas/90652/monero-ecosystem-translation-to-brazilian-portuguese
<sgp_1> Does anyone else have a FFS update, or comments about any of these FFS proposals?
<sarang> I'll be submitting a similar FFS next month
<el00ruobuob_[m]> rehrar, Brandon & Moneromoo to Funding Required, sure! The flyers may be a good idea too.
<sarang> For a quarter of research
<el00ruobuob_[m]> I will propose another quarter myself
<sgp_1> All right, we can move on
<sgp_1> 4. Workgroup report
<sgp_1> This is a new separate section where other workgroups can report on all that they are working on. If you would like for your workgroup to be represented, please contact me at least a few hours before the meeting.
<sgp_1> a. Monero Malware Response Workgroup
<sgp_1> The Malware Response workgroup site will be up very soon at mrw.getmonero.org.
<sgp_1> rehrar isn't here so he can't share the latest version, but you'll see it soon enough
<xmrmatterbridge> <rehrar> Watchoo want?
<sgp_1> link to malware response test site
<xmrmatterbridge> <rehrar> Ok. Hopping on IRC.
<xmrmatterbridge> <rehrar> Till then continue with others.
<sgp_1> Do any workgroups have a report?
<el00ruobuob_[m]> is ErCiccione around?
* ChanServ a donné l'état d'opérateur de canal à rehrar
<el00ruobuob_[m]> there was a call for translaters by outreach workgroup, for their quick facts sheet
<el00ruobuob_[m]> French is done, i don't know for other languages
<xmrmatterbridge> <cryptochangements> <3
<sgp_1> If he shows up he can join in :)
<sgp_1> welcome cryptochangements
<sgp_1> thanks rehrar!
<xmrmatterbridge> <cryptochangements> Thnx sgp I've been here the whole time lol
<sgp_1> Can we have your feedback for the website?
<el00ruobuob_[m]> nice website!
<xmrmatterbridge> <cryptochangements> Whoever did the graphic in the corner, it's great
<midipoet> looks good. some info on what malware is might be helpful for some users/visitors
<rehrar> all work is mine
<camthegeek> nice indeed
<sgp_1> midipoet nice, I didn't really think of that
<rehrar> copyright rehrar, license is if you look at it you owe me royalties
<xmrmatterbridge> <cryptochangements> It looks super helpful. Well organized with good info
<el00ruobuob_[m]> ransomware-response link has a glitch, but still great overall
<sgp_1> but we tried to focus on the impact it has on users directly
<xmrmatterbridge> <cryptochangements> Ah of course it was our hero rehrar!
<el00ruobuob_[m]> great job!
<sgp_1> Well, that's all I had planned for this meeting :)
<sgp_1> 5. Open ideas time
<sgp_1> It’s open ideas time! Feel free to propose your ideas to this discussion group, and feel free to comment on others’ ideas. If you disagree with the idea, please reply with constructive criticism. Thank you!
<rehrar> best meeting ever
<xmrmatterbridge> <ordtrogen> Too little time to provide a review, but I thinks there's a theme missing and thats's Monero is actually making it harder for malware in the long run. Malware piggybacking on Monero forces IT security etc to harden their systems.
<rehrar> Here's an idea, buy all of the cypher market shirts to support FOSS
<rehrar> I've become the very thing I've sworn to destroy: a shill
<hyc> a couple hours before the meeting, we discussed in here - starting a gov't outreach workgroup
<hyc> if your IRC client has the backlog, please review that
<binaryFate> sorry missed the beginning, hi everyone
<rehrar> Mr. 01fatey
<sgp_1> needmoney90 recommended to focus less on research for the next coffee chat, and I agree
<sgp_1> It should be highly accessible to new users also
<needmoney90> Voice? Or text
<midipoet> i like just hearing all your voices in the coffee chat. you could all talk about anything.
<rehrar> the goal of the coffee chat should be to make the people, community, and tech accessible
<hyc> next time I'll read 200 lines from a randomly chosen source file
<rehrar> doesn't get more accessible than hyc himself walking you through the code base
<xmrmatterbridge> <ordtrogen> "a la recherche du bug perdu"
<el00ruobuob_[m]> some month ago, we discuss the refactoring of the hangout wabsite page, we have an issue open on this, but no new ideas for a while
<el00ruobuob_[m]> i believe this is something we should work on, especialy when Telegram chats are so active
<sgp_1> oh yes good point
<rehrar> I've been hanging on the telegrams for a while. I'm shocked at how little they know about the happenings of Monero. Really.
<rehrar> No clue about RandomJS, questions about what bulletproofs is, etc.
<xmrmatterbridge> <ordtrogen> you mean the Monero telegrams?
<rehrar> yes ordtrogen
<rehrar> Telegram is for scrubs
<xmrmatterbridge> <cryptochangements> I havent been on there since the bridge got axed like over a year ago
<xmrmatterbridge> <cryptochangements> Is there still a spam problem?
<rehrar> in the groups themselves, as well as spammers PMing you
<xmrmatterbridge> <cryptochangements> :(
<rehrar> I hired a spammer that did that
<rehrar> no joke
<rehrar> he messaged me and I gave him a job for cash, he took me up on it
<hyc> telegram had some major encryption flaw reported in Feb
<sgp_1> now you're giving people a financial incentive to spam you
* binaryFate messaging rehrar
<sgp_1> hey it's me a spammer
<rehrar> want a job?
<rehrar> Alright, open ideas time still going. Pigeons and I have looked at various infrastructure things to expand. Such as media.getmonero.org where we can upload a lot of videos and keep a lot of Monero info consolidated, having our own Jitsi instance, etc.
<rehrar> We've got some fun things we're looking at, but there's a concern brought about by anonimal, and he is correct at least in the sense that the discussion should be had
<rehrar> at that is that we should discuss the centralization on the getmonero infrastructure, largely headed and financed by the pony, and maintained by pigeons and myself
<rehrar> there's a lot of great open source, self-hosted FOSS that Monero could utilize
<rehrar> and I have no issue helping people getting these things up and running, but I think we should see about maybe getting some other volunteers to run certain services?
<hyc> what services do people want to use?
<rehrar> getmonero already does the getmonero.org website, taiga, mattermost, soon Malware Response, and other stuff
<rehrar> hyc there was talk of a Pootle instance which is a translation thingy that would help the translators keep track of strings to be translated and stuff
<rehrar> the name of the one used by almost everyone escapes me at the moment
<xmrmatterbridge> <ordtrogen> transifex
<rehrar> THAT'S the one, yes
<rehrar> Pootle is an open source alternative to that, and there are a few others like Weblate
<sgp_1> well, unless someone else offers to host it, I prefer to have a core team-hosted solution than nothing
<el00ruobuob_[m]> what do you think of? Running hosted web server on aws or others?
<rehrar> as well, as suggested before a media solution, and any other ideas
<parasew> hetzner is the cheapest to host servers currently (cloud.hetzner.de) 2.49 per instance
<rehrar> The issue becomes that if we continually de facto give up power like this to the core team and centralize infrastruture to them, they could in theory hold this project hostage. And we don't want these "what ifs" even if we never see them actually happening
<rehrar> walking of the walk of decentralization, not just talking the talk
<rehrar> there's something to be said about practicing what we preach, even if we don't think the threat is necessarily super high
<binaryFate> I think it's a sane discussion to have, and I won't comment on it because core team. I would simply suggest to start small and with something not critical, and see how it goes.
<hyc> ok. in that case, we should be talking at least 2x redundancy on any service, with completely different providers
<sgp_1> yeah rehrar but if no one else will host it then we won't have the infrastructure otherwise. I'm fine having others host, but it seems like no one else has stepped up
<sgp_1> we need people like ErCiccione to, for example, have a FFS to host Pootle
<el00ruobuob_[m]> but the others will be the new spof. How could we rely on them better than on the core team?
<rehrar> hyc, correct. The question always becomes where do we draw the line of efficiency and trust
<rehrar> I'm not advocating for one way or the other here necessarily. Like I said, it's just to get some discussion going and some thoughts rolling.
<rehrar> We also do generally tend to have a good amount of 'sysadmin wanting to help' type stuff every once in a while. And we can maybe see about starting a sysadmin workgroup
<hyc> good idea.
<rehrar> where they can individually host services and even mirror each other, setting up a network of redundancy of sorts
<midipoet> at the moment is each workgroup/working division in charge of their own hosting?
<midipoet> as that seems like a natural division of responsibility
<sgp_1> midipoet it's at their own discretion
<rehrar> so that way if one goes rogue, we have mirrors from others
<hyc> fwiw I think all of this falls under the core team's stewardship remit. but having at least one external redundant site is still a good idea
<rehrar> I know the outreach group has their own website I think?
<rehrar> And they haven't asked for core team
<sgp_1> yes hyc, I think the Cofe Team should offer these services if it can, but people can use others if they want, esp. for redundancy
<el00ruobuob_[m]> dns redundancy?
<el00ruobuob_[m]> who owns the dns then?
<rehrar> as well, because we're getting people to open source software for their flows, if they ever wanted to, say, stop trusting Core Team's Taiga instance, they can spin up their own and be on their way quite quickly
<rehrar> Taiga has docs, and nobody stops anybody from making their own version
<rehrar> el00ruobuob_[m] we need I2P only :D
<rehrar> that was it for me. Just wanted to get a bit of conversation going on this subject.
<sgp_1> each workgroup should own all non-getmonero.org domains. For example, I own moneroblackball.com and monero.coffee
<Inge-> A number of community-hosted mirrors could be useful
<rehrar> let's apply for a .xmr TLD
<rehrar> semi serious here, what would it take I wonder?
<binaryFate> Looks to me that it would be more productive to define a bit better the threat model (people going rogue? going dark and leaving the project? censorship resistance if people are pressured? etc), rather than a vague "we need to decentralize"
<Inge-> still that would be more centralized - and is expensive
<sgp_1> All right I'm at a student fair promoting my cryptocurrency club and they're showing up now, so I need to leave unfortunately. Next meeting in two weeks on 15 September at 17:00 UTC. rehrar can wrap up for me :)
<rehrar> threat model = binaryFate using his charisma and god bod to gain traction with the populace and take over the coin
<rehrar> bai sgp_
<binaryFate> The threat model is probably different for different work groups and infrastructure, so you may not have the same goals everywhere.
<binaryFate> that's evidently a concern you should have yes
<rehrar> alright, anything else for open ideas time?
<rehrar> I am now the new sgp of this meeting
* rehrar est maintenant connu sous le nom de sgprehrar
* sgprehrar est maintenant connu sous le nom de rgp
<rgp> We still have ten minutes left, so feel free to speak up
<midipoet> i knew there was lizards here
<rgp> alright everyone
<rgp> we'll probably rap up then
<rgp> thanks for coming
<hyc> talking about balancing act
<rgp> something something change starts with you
<hyc> whether we should draw gov't attention to our work vs continuing to fly under the radar
<hyc> tho I''m pretty sure that by now, we're on the radar
<midipoet> i dont think you could argue that privacy coins are under the radar anymore.
* rgp est maintenant connu sous le nom de rehrar
<midipoet> having said that, it may be difficult for some actors to distinguish serious projects
<Inge-> hyc "and an unknown amount of monero" …
<el00ruobuob_[m]> play clean: talk more about audit wallet to those gov't
<midipoet> so approaching government with the mentality of being a serious project with 'pure' goals centred around bettering society/privacy/humanity - i think would be wise
<hyc> still not as easy as all that. gov't still pusing for backdoors.
<midipoet> yes, understand that. but monero seems to be about control of privacy rather than absolute privacy
<midipoet> unless i am wrong
<hyc> it's both. if someone chooses to remain private, then they're absolute
<hyc> gov't wants magic unlock codes
<midipoet> of course, but if the government comes to me with a warrant and asks for my private key, there isnt that much i can do
<hyc> anyway, that's probably enough for now.
<Inge-> Maybe EU govt that understands privacy re GDPR
<binaryFate> I don't think "reaching out" to them would give them any more potential pressure than they would have now anyway
<rehrar> yep, you read that nonsense about that IBM guy (or whatever) and his project "Clear"? To give government backdoors for encryption?
<midipoet> yes, have read something today from the 'five eyes'
<rehrar> binaryFate: the idea would be to try to do education for sane regulation knowing that we actually kinda know what we talking about
<midipoet> but what will they do, outlaw some encryption methods?
<rehrar> as opposed to waiting for the incredibly ignorant doofus' make regulation based on their own ignorance
<binaryFate> yeah, so I don't think it opens us to backdoor pressure specifically
<midipoet> yes, i agree rehrar
<el00ruobuob_[m]> we all agree!
<midipoet> otherwise you might have someone from Ripple representing privacy concerns with government
<midipoet> and like, f that
<rehrar> I will set up a meeting with my town major this year
<rehrar> no joke
<rehrar> start somewhere
<binaryFate> rehrar when is the next CCC meeting taking place? I'm really bad with dates
<rehrar> next Saturyda
<vp11> oh well I guess I got the wrong timezone
<rehrar> every other Saturday, staggered with community meetings
<midipoet> are people really all going to CCC?
<binaryFate> Europeans, probably quite some
<hyc> I'll email Sherri for more details/suggestions on g'vt contacts
<binaryFate> We were ~15 last year already
<hyc> but I don't expect to have time to drive this forward myself
<Inge-> rehrar: if you gp to a small country like Scandinavia, you could likely be put in touch with data protection authorities and/or other relevant authorities. I'd help out in .no for instance. long term project to influence Brussels.
<midipoet> i can try
<rehrar> Inge-: let's do it
<binaryFate> hyc as soon as we know more what they expect, I agree a working group may be the way to go
<hyc> ok. will see what I can find to make this more concrete
<midipoet> i get the impression most governments dont know whatthey want. mostly as they are playing serious catch up in a very rapidly moving industry
<midipoet> and most states move at elephants pace
<hyc> it's a win-win for us to engage with them, i think
<binaryFate> if we can help the narrative that Monero != nefarious to some influencial ears, that would be good from our side
<rehrar> then maybe we might be able to get the politicians to hide their corruption using Monero and then we'd be back to square one
<rehrar> if they're convinced that is :P
<hyc> not quite square 1. there'd be nod Fed Resv controlling supply.
<xmrmatterbridge> <ordtrogen> Ccc's the thing in prague?
<midipoet> are there any cryptos that have the ability to control supply dynamically (so in effect have a monetary policy they could enact when needed)
<midipoet> oh that a good point
<binaryFate> ordtrogen no, that's HCPP in October. CCC is the 2nd largest hacker event in the world, in Germany end of December.
<rehrar> but let's be real. We're pretending to be productive while watching Monero pump and waiting for it to overtake IOTA as #10
<binaryFate> midipoet yes ethereum
<binaryFate> as per the status of the foundation in Switzerland, they could change supply any time. They're doing it now btw.
<midipoet> but ethereum isnt strictly a currency?
<rehrar> Post meeting meeting
<xmrmatterbridge> <ordtrogen> Re: this "shifting of perspective", which in our case relates to tptb, I invite you to listen to this TED presentation on youtube "Rory Sutherland: Perspective is everything". If we take the principles he presents and adapt them to our situation …
<midipoet> this is what i read today, if you havent seen it
<midipoet> about encryption backdoora
<midipoet> "The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries"
<midipoet> that is basically the view key. so Monero is fine
<hyc> only fine if the viewkey is accessible.
<midipoet> oh i see
<hyc> iphones have unlock codes, but FBI wants a bypass if the owner doesn't yield it
<binaryFate> Monero is hardly a service provider
<midipoet> no, but you could argue that the network is
<midipoet> a self servicing payments system
<hyc> I'm sure they will try to apply this to everything possible. legislative overreach is the norm.
<binaryFate> It would be impossible to have any "on request" access without centralizing.
<midipoet> isnt this the audit key accumulator idea that was touted?
<binaryFate> I don't know about that.
<midipoet> seems someway related
<midipoet> or am i completely missing something?
<binaryFate> What do you mean by "audit key accumulator"
<midipoet> havent a notion to be honest. it was an idea that MRL discussed as a method for providing better access to info within wallets than the current method
<el00ruobuob_[m]> IMHO, it's up to the governments to request for audit key as part as a financial audit of someone / some company
<midipoet> some sidechain mechanism for accumulating (outputs?) so they could be audited with the correct 'audit key'
<midipoet> thats my understanding, but open to any and all corrections
<binaryFate> Ah. I think you mean an upgraded view key that would give access to spent outputs, not just received ones. Which has implications because then you endanger everyone else rings.
<binaryFate> Still does not meet their criteria of access if they request the service provider, as providing that view key would remain up to each user.
<hyc> probably a conv for a different group
<endogenic> the idea is to prove spent balance without exposing key images
<endogenic> area of ongoing research
<midipoet> but yes, i see how it does not meet requirements.
<hyc> yes, would be ideal if you could simply log the amount.
<binaryFate> what they want is theoretically impossible with a decentralized project.
<midipoet> 'lawful access' is such a loaded term
<midipoet> kind of funny really
<midipoet> anyway. i am signing off
<ErCiccione> sorry guys, didn't know there was a meeting today. Was the issue opened in meta?
<xmrmatterbridge> <ordtrogen> yup
<xmrmatterbridge> <ordtrogen> #271
<Inge-> endogenic: also, while I might want to give the taxman a correct assessment of my wealth, I don't want to expose what I used my personal funds on
<ErCiccione> ok, yes. opened 14 hours ago, didn't see it. sorry folks
<endogenic> Inge-: you might also want to share a proof but not share forward (ongoing) access to updated values
<endogenic> sarang: ^
<ErCiccione> about pootle. it will be hosted on getmonero. I have already contacted pigeons and he is working on it with the pony. i hope we will be able to test it soon
<pigeons> Hi, I'll get with ErCiccione today and we can finish this up
<ErCiccione> great :)
<Inge-> endogenic: that could perhaps easily be done by moving to a different wallet before spending..
<endogenic> Inge-: right but think of the typical user
<endogenic> it's a design flaw that a user must know to do that
Post tags : Cryptography