I don't understand why people are getting suddenly worked up over transparency when they haven't bothered to ask in the first place. These channels are active and responsive.

A lot of people asked for core team transparency.

The first report is a step in the right reaction.

oh, well nevermind me if they have :P

Supercop was merged? Where can I see that? Was not able to find the PR / commit.

Ah, never mind, found it: monero-project/supercop #3 It's not the master branch, but the monero branch there

you can test the PR here: monero-project/monero #6337

Alright, thanks. Just because somebody today on Reddit was crying out for good news about Monero :)

though compiling the monero-wallet-crypto-bench bin requires some cmake magic

Uh, with "cmake magic" I am sure not to apply

I can explain it if you want to test it on your system

About yesterday's discussion. I would like to have some info from the core team about their plan to avoid the general fund to get drained in a year or so. The suggestion from luigi1111 to move rehrar's job to a ccs system + core filling the shortcoming sounds like a good short term solution to me.

I'm aware my tone can often sounds harder than it actually is, so i rephrase the first part from "i would like some info" to "i would like a conversation to be started about it"

If that makes sense :D

ErCiccione[m] I don't participate much here, but in my experience with places that have a diffusion of responsibility, conversation topics need to be directed at individuals rather than an open room. I don't know how the core team operates, but I bet if one of them felt responsible for this specific issue, he would help coordinate discussion in a positive way.

I see your point, but i'm confident they are aware of the issue after yesterday's discussion and will discussec the feedbacks received yesterday. I'm merely making some pressure, because i forsee problems if the issue is left to collect dust.

nonsense, monero's goin to the effin moon. all our prollems solved. mo money, no problems, thats how the song goes

well, you can be confident or be certain :P

ErCiccione[m]: we will definitely discuss it to some extent tomorrow during the Coffee Chat

But it's meant to be a casual discussion, not for formal decisions lol

Looks like malicious code allowed someone to print an extra 300M rvn

yeap

> A community code submission caused a bug that has been exploited. Law enforcement has been notified and is working with us.

;')

a wallet bug can mint coins?

with an incompetent enough dev team, anything's possible :P

what does law enforcement has to do with it? I'm not a lawyer, but I can't see any law that was broken

Code reviewed and checked in? Then it's a new consensus.

yeah that sounds like a stretch

attacker played by the rules

it's like Ethereum DAO hack

unless there was a responsible disclosure agreement that was breached? would that be illegal?

agreement between which parties?

I don't know if the code submission was malicious

or they're trying to say that it's not "core devs" that caused it

core or not, nobody caught it in reviews

but since they know the offending commit, they should have some idea of the type of person who wrote it

<[discord] Kayla#5718>: it was malicious but since the bug abuse been done from unknown party then that's just the perfect scam

<[discord] Kayla#5718>: on one end code been pushed (that dev could just be like they didnt see that coming) and on the other end there's the other party (which could be the same but cant prove it) that did use that fuck up to go brrrrrr

yeah, hard to believe the bug was accidental and an unrelated party discovered it and exploited it

Are the details published yet? I'd like to see that sneaky code

no not yet

they released closed-source bins to fix it

talk about flawed processes

... if this happened to us, would we also release closed-source binaries to fix?

"this" meaning a bug discovered long after the fact

last time we had an inflation bug, the fix was public but not announced

until deployed

sech1 yes but nobody had exploited it

hyc: no, we wouldn't

if it's REALLY bad we would discretely give mining pools and exchanges a patch

and have them build from source

and then once enough of them they confirmed they'd updated with it we'd make the patch public

makes sense

we've done that once before iirc

300M RVN is a nice $5M.

that was an expensive audit

lol

$5M is only scratching the surface. the reputation cost will be more

there are thousands of projects. why invest in one with a proven loss?

because historically most projects that had that happen dumped, and the performance after the aftermath was actually decent (from memory) 👀

weak hands leaving and all

I've never tried to play that game tho

bytecoin inflation bug was exploited and when announced it pumped

talk about stupid money

it may have been added to an exchange or two afterwards as well

even knowing the devs are dishonest

ofc everything pumped at that time

Weigh that against us all talking about RVN here. Free marketing

<[discord] Kayla#5718>: bad press is good press eh 😛

<[discord] Kayla#5718>: it still getting the word out, to communities that didnt know aobut it then it still brings some more people that start googling about it [...]

<[discord] Kayla#5718>: batman (bruce) pinging fullypony on twatter, monero irc channels now talking about it

<[discord] Kayla#5718>: i think it would only be fair if the word of monero being brought over their communities too, just sayin uwu

<[discord] Kayla#5718>: gotta brainstorm on how to get bad press on monero since that's the way to go

when will xmr get its emoji?

even tron has one

.soon

<[discord] Kayla#5718>: :xmr_monero:

<[keybase] kaylasu>: :xmr_monero:

<[discord] Kayla#5718>: @shillo that's some not very subtle shill u be doing right there tho 😛

thats about as subtle as a brick through a window

ban

<[keybase] kaylasu>: oof, rude x)