- Maybe Bulletproofs will be in the next hard fork...but probably not...unless we adjust the hardfork date...but still probably not...unless an external auditing team can verify the code/algorithm in time....but still probably not...but if it *does* make it in, it will just be for single outputs...but...
12:01 PM <rehrar> heyo everyone! Meeting time. 12:01 PM <rehrar> https://github.com/monero-project/meta/issues/161 12:01 PM → monero joined (monero@gateway/service/github.com/x-ttjlomaupxebxhpu) 12:01 PM <monero> [monero�] mrwhythat� opened pull request #3170: Remove redundant monerod testnet options (master�...testnet-options�) https://git.io/vN2kJ� 12:01 PM ← monero left (monero@gateway/service/github.com/x-ttjlomaupxebxhpu) 12:02 PM <rbrunner> Hi, was already afraid nobody around or wrong time :) 12:02 PM <rehrar> this meeting is all about Bulletproofs, and discussing when/how, audit stuff, finance stuff, and more 12:02 PM <rehrar> fluffypony smooth ArticMine luigi1111 luigi1111w hyc (said he can't be here though) moneromooo gingeropolous endogenic anonimal 12:02 PM <rehrar> binaryFate sarang suraeNoether stoffu 12:03 PM <sarang> this channel? 12:03 PM <rehrar> and feel free to ping anyone else 12:03 PM <rehrar> oh, we doing it in MRL? We can if that's what we want. 12:03 PM <sarang> Either. I couldn't recall which 12:03 PM <sarang> Your pick 12:03 PM <rehrar> The Github issue says #monero-dev 12:03 PM <sarang> k 12:03 PM <rehrar> and more people can see in Slack and Mattermost since MRL is not relayed 12:03 PM <sarang> roger 12:04 PM <rehrar> so first order of business, as always, is 1. Greetings. 12:04 PM <rehrar> If you're here, say hi. :) 12:04 PM <sarang> yo 12:04 PM <rbrunner> Hi 12:04 PM <sgp_[m]> Hi 12:04 PM <dsc_> Hi 12:05 PM <pigeons1[m]> Hi 12:05 PM <geozdr> hi 12:05 PM <rehrar> well, that's a decent group so far. Perhaps a few others will join as time passes. 12:05 PM <rehrar> dEBRUYNE, Jaquee, vtnerd 12:06 PM ⇐ Era52Grant quit (~Era52Gran@ns334669.ip-5-196-64.eu) Ping timeout: 268 seconds 12:06 PM <dEBRUYNE> I am here 12:06 PM <rehrar> In the meantime, let's begin discussion. 12:06 PM <rehrar> Does MRL have an update for us regarding audit outreach? 12:06 PM <sarang> Yes 12:06 PM <suraeNoether> howdy 12:06 PM <sarang> So 12:06 PM <rehrar> and I know hyc isn't here atm, but does someone know about how the mailing list outreach went also? 12:06 PM <rehrar> (sorry, go ahead sarang) 12:06 PM <sarang> There are three groups to whom we are reaching out 12:06 PM <sarang> One is professional auditing/security roups 12:06 PM <sarang> *groups 12:07 PM <sarang> Second is targeted individuals who know the material 12:07 PM <sarang> Third is volunteers without necessarily any particular credentials, but who want to help the project 12:07 PM <sarang> All are valuable 12:07 PM <Maxithi> Perhaps a few others will join as time passes. <= Joined 12:07 PM <sarang> Let's start with targeted individuals 12:07 PM <sarang> Benedikt Buenz is an author on the original paper. He may be available after Feb 20 and has shown interest but not a commitment yet 12:08 PM <sarang> Jonathan Bootle is another author. He is unavailable but will pass on word to his colleagues 12:08 PM <sarang> I reached out to Greg Maxwell who's newly independent, and haven't heard back 12:08 PM <sarang> It was assumed that we would offer compensation to these individuals for their time, with no details on amount 12:08 PM <sarang> Next up is volunteers 12:09 PM <sarang> I've heard from ~5 people who'd like to help out 12:09 PM <sarang> I'm setting them loose with as much information as I can 12:09 PM <sarang> This would be on a volunteer basis, but we'd credit them publicly for their help 12:09 PM <sarang> Finally is the pro groups 12:09 PM <sarang> fluffypony put me in touch with one group that has given me a quote of $40K 12:10 PM <sarang> Downsides: it'd be for internal-only reports, but obviously any changes would become public right away 12:10 PM <sarang> We also couldn't credit them by name 12:10 PM <sarang> I'm having them check with their attorneys on exactly what we could share 12:10 PM <sarang> OSTIF works with a lot of different groups, and has been in contact with several, quotes pending 12:11 PM <sarang> OSTIF's policy is only to work with groups that allow public disclosure 12:11 PM <sarang> They are also willing to accept XMR (which they transfer to the groups in their currency of choice) and has agreed not to take a cut 12:11 PM <sarang> Any questions from the group on this wall of info? 12:11 PM <suraeNoether> were we also not contacted in a cold-call situation? 12:12 PM <sarang> Yes, one pro group did a cold-call. Turns out OSTIF was in contact with them too, so I'm lumping them in with OSTIF 12:12 PM <sarang> That cold-call group's rough estimate was $25-35K 12:13 PM <suraeNoether> oh ok 12:13 PM <rbrunner> Is that USD 40K in the right ballpark for work like that, from a "pro group"? 12:13 PM <sarang> So I had expected less, but only because of the limited scope of the BP code; it's relatively small and self-contained 12:13 PM <sarang> But the quotes are reasonably consistent with each other 12:13 PM <suraeNoether> rbrunner: it's in line with similar quotes obtained back when we pushed ringct, which was around 50k iirc. so somewhere between 40 and 50k is sort of what i expected, personally... the 25-35k was a little bit of a surprise 12:14 PM <sarang> and assumes $1-2K per person-day 12:14 PM <rbrunner> Ok 12:14 PM <sarang> The timeline would be between 10-25 work days once it starts 12:14 PM <sarang> Again, OSTIF is still waiting on additional quotes and will report to me when they have them 12:15 PM <rehrar> So there is at least some interest being generated. 12:15 PM <sarang> So for now, assume that we definitely have options for pro audits in the range of $25-40K 12:15 PM <sarang> I also love the idea of getting Buenz or Maxwell to audit individually 12:15 PM → janeropicasso joined (a1009e8a@gateway/web/freenode/ip.18.104.22.168) 12:15 PM <sarang> but there are no commitments from them, and may not be. They have a lot going on 12:15 PM <sarang> But 12:15 PM <sarang> We need to know how to fund this shiz 12:16 PM <rehrar> alright, and this doesn't include hyc's outreach stuff too, correct? 12:16 PM <suraeNoether> i believe that's the case rehrar. 12:16 PM <Maxithi> How did BP get funded? 12:16 PM <sarang> hyc's outreach to the list has generated a few contacts within the groups I mentioned 12:16 PM <Maxithi> *RCT 12:16 PM <rehrar> ok, great 12:16 PM <suraeNoether> Maxithi: I believe we chose to not do the audit back then 12:16 PM <sarang> The RingCT audit didn't happen, IIUC 12:17 PM <rehrar> maybe MRL can do RingCT audit? :P What would you guys quote us? 12:17 PM <rbrunner> That about RingCT is ... surprising 12:17 PM <suraeNoether> rbrunner the math was a lot more straightforward for original RingCT 12:17 PM <rehrar> Wasn't that one of the reasons for bad blood with Shen? 12:18 PM <rehrar> anyways, off-topic. 12:18 PM <sarang> It was suggested that perhaps some general funding might be available, but otherwise an FFS 12:18 PM <suraeNoether> i think it would be nice to get buenz, but since he's on the late-feb timeline, that conflicts with our hard fork 12:18 PM <rehrar> I think we should try to raise the full amount with FFS, and anything that is not covered in reasonable time can be covered with the General Fund 12:18 PM <sarang> We'd be cutting it close to March with any group 12:18 PM <sarang> And there's no guarantee of an immediate start 12:18 PM <rehrar> suraeNoether it only conflicts if we try to roll out BP in March, no? 12:19 PM <suraeNoether> rehrar yes 12:19 PM <rehrar> I think this info gives strong pushes to rolling out in September 12:19 PM <sarang> Also, in terms of scope I've asked them to only review the multi-BP code 12:19 PM <rehrar> Because we also need the time to raise the requested funds 12:19 PM <dEBRUYNE> <rehrar> Wasn't that one of the reasons for bad blood with Shen? <= No. 12:20 PM <suraeNoether> IMO, if we can't reasonably expect an audit to be completed before the march hard fork 12:20 PM <rehrar> <dEBRUYNE> <rehrar> Wasn't that one of the reasons for bad blood with Shen? <= No. <= K. Thanks. 12:20 PM <dEBRUYNE> We should just put the "include it in the March HF" out of our heads tbh 12:20 PM <suraeNoether> dEBRUYNE: +1 12:21 PM <rehrar> agreed 12:21 PM → nickler joined (~email@example.com) 12:21 PM <suraeNoether> in that case, I think we should just go with Buenz and Maxwell 12:21 PM <suraeNoether> and/or 12:21 PM <sgp_[m]> Unless there is a strong reason to hardfork in March, why not delay it until whenever the review is ready? 12:21 PM <suraeNoether> continue to try to talk to them 12:21 PM <suraeNoether> sgp_[m]: because delaying hard forks sets a very disagreeable precedent 12:21 PM <sarang> Keep in mind there's no guarantee that Buenz and Maxwell are even going to be available to do it 12:21 PM <sarang> We'll have professional options available for sure 12:22 PM <suraeNoether> sarang: ok, if they turn us down then we go with one of the other options: what you are saying is that no one has committed, so that statement is not really helpful for any of our optiosn rihgt now. :P 12:22 PM <sarang> Heck, I have a contract from the non-public group already 12:22 PM <rbrunner> You mean ready to sign? 12:22 PM <dEBRUYNE> <suraeNoether> sarang: ok, if they turn us down then we go with one of the other options: <= Imo should just take on multiple options 12:22 PM <rehrar> non-public group doesn't sound quite so useful tbh. But maybe I just don't understand how these things work. But they're like: "We can't share hardly anything publicly." So what's the point? 12:23 PM <dEBRUYNE> re: funding, the general dev fund could kickstart it and then the community could fund the remainder 12:23 PM <sgp_[m]> @surae RingCT warranted moving the fork. I'd hate to have the review done in May but have to wait until September to include this important code 12:23 PM <sarang> rbrunner: they're ready to sign if/when we are, but we're under no obligation with them 12:23 PM <suraeNoether> dEBRUYNE: i'm fine with that too, assuming we have infinite funding available 12:23 PM <dEBRUYNE> rehrar: they can still disclose vulnerabilities privately 12:23 PM <dEBRUYNE> and we can fix them 12:23 PM <rehrar> ah, k. Don't know why that didn't cross my mind. :P 12:23 PM <suraeNoether> rehrar: we can share whether they have recommended changes, and if they do recommended change, we will end up communicating all of them to the community. they just don't want their company name or the report itself to be made public afaik? 12:23 PM <sarang> dEBRUYNE: rehrar: the changes are all public, and we can likely discuss the vulnerabilities 12:23 PM <sarang> just not release their review 12:24 PM <Maxithi> What I fear with internal report is that the community would be less willing to support it as they haven't any view on how the funds were used. 12:24 PM <sarang> And we can't say who did the review. They can do a more public audit but they said it'd be a lot more $ and time 12:24 PM <dEBRUYNE> assuming we have infinite funding available <= not infinite, but if the community can raise 450k $ for globee, I am sure we can raise a few hunderd k $ for this too 12:24 PM <sarang> Again, I'm working with them and their lawyers to get as much public as possible 12:24 PM <rehrar> And it gives 'poking power' to naysayers of Monero who say that we don't release the name of people who did the audit. It could have been Joe Schmoe 12:25 PM <rbrunner> Why do they work so secretly? In a few words ...? 12:25 PM <sarang> Fortunately all of the OSTIF quotes will be for fully public audits 12:25 PM <sarang> rbrunner: it's not working in secret 12:25 PM <sarang> It's not wanting to be seen as an endorsement 12:25 PM → taisel and quigonjinn joined 12:25 PM <sarang> They do either internal audits (like this one), or much more comprehensive public-facing ones 12:25 PM <pigeons1[m]> Do they not want to be blamed for what they miss? 12:26 PM <sgp_[m]> pigeons I'm sure that's part of it 12:26 PM <rehrar> I see the not wanting to be viewed as an endorsement unless they are adequately compensated for that 12:26 PM <sarang> Fortunately they won't be the only option, just the first to prepare a quote and contract 12:26 PM <suraeNoether> sgp_[m]: moving HF dates is not on the table, in my mind. 6 months of data on the blockchain is marginal in the long run; delaying HFs sets an unfortunate precedent. 12:26 PM <sarang> I think the community will appreciate the openness of an OSTIF group 12:27 PM <rehrar> but because Monero always prides itself in doing most things in the open, I think we should try the other more public options first 12:27 PM <sarang> and/or Buenz and/or Maxwell 12:27 PM <sarang> rehrar: I agree 12:27 PM <rbrunner> Agree also 12:27 PM <Maxithi> Agree 12:27 PM <suraeNoether> rehrar sarang +1 12:27 PM <sarang> We should get a sense of how much we think is reasonable to raise in funds 12:27 PM <sarang> since that determines how many groups/peeps we can get 12:28 PM <rehrar> well, it should also be said that perhaps we should raise a 'vetting pool' of funds for not just BP, but any future work that needs to be looked at 12:28 PM <suraeNoether> rehrar great minds, buddy 12:28 PM <suraeNoether> i was just thinking about that 12:28 PM <rehrar> could be managed by MRL how they see fit, and reported to the community 12:28 PM <Maxithi> That would be great! 12:28 PM <rehrar> suraeNoether, in Russia the saying is: "Two fools are of the same mind." 12:28 PM <sarang> We have the bounty funds, but those can't be used for reviews 12:29 PM <sarang> So this would need to be separate 12:29 PM <suraeNoether> rehrar: I don't know about MRL being exclusively in control of vetting funds... i think multisig would be a better option :P 12:29 PM <sarang> But any reported flaws could be bountied 12:29 PM <rehrar> The stipulations of the pool would be that MRL manages, gets counsel from the Core Team, and reports spending to the community 12:29 PM <rehrar> or something along those lines anyways 12:29 PM <suraeNoether> right 12:30 PM <sarang> I'm sure someone will complain "isn't review what MRL is for????!?!?111!?" 12:30 PM <rehrar> I think reported flaws would go through the HackerOne bounty system, and the pool would be for formal review compensation 12:30 PM <sarang> But you can't do first-person peer review =p 12:30 PM <sarang> rehrar: yes 12:30 PM <suraeNoether> sarang +1 12:30 PM <suraeNoether> i was wondering what a good snappy response to that should be 12:30 PM <suraeNoether> thank you for that. :P it's been on my mind 12:30 PM <sarang> I like to think of it as belt and suspenders 12:30 PM <rehrar> Raise half a million. Increase as necessary. Sound good? 12:30 PM <Maxithi> isn't review what MRL is for????!?!?111!? <= Nope, the R stands for Research not Review 12:30 PM <rbrunner> Somebody always complains :) 12:30 PM <sarang> and that I've had spinach caught in my teeth and not noticed for hours 12:31 PM <geozdr> maybe not set public targets for raising funds before you get all the quotes? that would hurt our negotiating position. 12:31 PM <suraeNoether> geozdr +1 also 12:31 PM → pebx joined (~firstname.lastname@example.org) 12:31 PM <Maxithi> Can you have "private funding" on the forum? 12:31 PM <sarang> We certainly don't have numbers for paying targeted individuals 12:32 PM <rehrar> geozdr, but not all funds will be for BP, so we can internally set a 'BP budget' that is not advertised to potential reviewers 12:32 PM <suraeNoether> they'll also have to provide us with a quote sarang imo 12:32 PM <sarang> Yes, and I asked Buenz about thi 12:32 PM <sarang> *this 12:32 PM <sarang> didn't hear back yet 12:32 PM <rehrar> just because we raise a public amount, doesn't mean all of that amount is available for Bulletproof review, and if anyone tries to negotiate based on total amount raised, we push back with that fact, and that BP has a budget 12:33 PM <rehrar> *cracks knuckles* and I'll let those tech nerds know that we like our money here, and it will not be easily parted with 12:34 PM <rehrar> what about andytoshie, wasn't he approached about review also? 12:34 PM <rehrar> *andytoshi 12:35 PM <suraeNoether> sarang do you think that since andytoshi sort of helped with the development, he falls into the "self-peer-review" category 12:35 PM <suraeNoether> ? 12:36 PM <sarang> andytoshi has provided useful guidance on bulletproofs but I don't believe he's available for a formal audit 12:36 PM <suraeNoether> ah, that answers that question 12:36 PM <sarang> He's also expressed that he doesn't necessarily want to be seen as endorsing particular projects, but I don't want to put words into his mouth 12:37 PM → floam412 and bearjewpaca joined 12:37 PM <rehrar> So...since it's pretty much unanimously agreed that BP should not be in March, do you think MRL can put together a formal little news bulletin (I can help), explaining that and why? 12:38 PM <rehrar> It'd be helpful to the community, and could help with explaining to some grumblers the benefits and reasons for waiting 12:38 PM <rbrunner> Other "heavyweights" are known to be against March? 12:38 PM <rbrunner> Not present now 12:39 PM <rehrar> luigi and ArticMine both come to mind 12:39 PM <suraeNoether> rbrunner: I have a text message from fluffypony describing his position on it, but that's hearsay without a PGP signature. :P 12:39 PM <rehrar> I think smooth as well, but don't quote me on that 12:40 PM ⇐ fsalgo quit (~email@example.com) Quit: My MacBook has gone to sleep. ZZZzzz… 12:40 PM <suraeNoether> so, it seems like there is a weak consensus here that we should start an FFS to fund up a general "new scheme and code" auditing fund. either for MRL to spend as we feel we need to (with as much transparency as possible) or with several core members on board with distribution of those funds also. 12:40 PM <rbrunner> Yes, and with a catchy name 12:40 PM <rehrar> Yes. 12:40 PM <sarang> Setting up a more general fund is also really good optics against the naysayers 12:40 PM <rbrunner> as this review stuff is quite dry :) 12:40 PM <suraeNoether> if we are going to assume the march HF is out the window, then we can spend another few weeks working out the details on that 12:40 PM <pebx> suraeNoether I think we trust you that you don't fake a message from fluffy... 12:40 PM <sarang> It shows that we have a plan for BPs, and also for future big changes that need audits 12:41 PM <rehrar> Monero Auditing Interest Department So Audits Frequently get Done or MAIDSAFE for short 12:41 PM <rbrunner> Monero security fund, or so 12:41 PM <Maxithi> MAIDSAFE lol 12:41 PM <rehrar> oops, fail on that last letter though 12:41 PM <suraeNoether> pebx: heh, well he basically said we shouldn't worry about the optics of pushing it back or about the added blockchain space. in the long run, those things become quite marginal 12:41 PM <rbrunner> Did you come up with that right now? Wow 12:41 PM <sgp_[m]> @rehrar is now a good time to discuss the hard fork schedule? I want to express some dissenting opinion 12:42 PM <suraeNoether> fluffypony ^ 12:42 PM <rehrar> of pushing back March hardfork you mean? 12:42 PM <rehrar> oh, of pushing back BPs 12:42 PM <rehrar> sgp, speak my child. 12:42 PM <rehrar> (So Audits Frequently Execute, there's the E) 12:43 PM <sgp_[m]> I'm totally fine not including BPs in the March hard fork since it seems a review will not be completed yet. I get that 12:43 PM <sgp_[m]> If people want to stick with the March harkfork for precedent reasons, I'm fine with that too 12:44 PM <sgp_[m]> But I really think it's a bad idea to wait until September to add the BP code once it has passed review 12:44 PM <sarang> Why? 12:44 PM <sgp_[m]> There are many practical reasons to have another hardfork 12:44 PM <sarang> Blockchain waste? 12:45 PM <sgp_[m]> Smaller transaction sizes, smaller fees, smaller blockchain 12:45 PM <rehrar> Sumokoin will implement, then we're screwed 12:45 PM <sgp_[m]> Yes, basically 12:45 PM <sgp_[m]> And I think the precedent argument is pretty weak. Last year, the community agreed upon moving the date of one hardfork and adding another 12:45 PM <gingeropolous> y are we screwed? 12:46 PM <rehrar> I was joking 12:46 PM <gingeropolous> :) 12:46 PM <rehrar> thought of another name for the fund btw, but I'll save it for after meeting 12:46 PM <rbrunner> rehrar, MAIDSAFE is great 12:46 PM <medusa_> initially it was planned to use the general dev fund for reviews afaik 12:46 PM <pebx> I'm totally with sgp_[m] 12:46 PM <medusa_> if there is no money left we can run an ffs, but that should be checked first in my opinion 12:47 PM <sgp_[m]> So my vote is to either have another hardfork after the BP review, or to push back the March hardfork if there's no real reason to have a hardfork in March for another feature 12:47 PM → Waylon68Stamm joined (~Waylon68S@ns334669.ip-5-196-64.eu) 12:47 PM <pebx> as far as i know there is no other feature which needs a hard fork actually 12:47 PM <rehrar> rbrunner, not as good as Ze Cryptography Auditing Software Hoard Foundation 12:47 PM <rbrunner> Might not be a bad idea, with so many thing into service waiting 12:48 PM <sarang> -_______- 12:48 PM <sgp_[m]> @pebx exactly, unless there was consensus on a larger ringsize or something 12:48 PM <rbrunner> I know, some things do not technically need a hard fork, but a hard fork forces updates, which is nice 12:48 PM ⇐ floam412 quit (floam412@gateway/vpn/privateinternetaccess/floam412) Ping timeout: 264 seconds 12:48 PM <medusa_> we use hardforks to force ppl to upgrade the software..this has an effect on support work on redit, relegram etc. thats the main reason 12:48 PM <sgp_[m]> Which I don't think will happen 12:49 PM <suraeNoether> "And I think the precedent argument is pretty weak. Last year, the community agreed upon moving the date of one hardfork and adding another" <-- you just used precedent to demonstrate that precedents don't matter? 12:49 PM <suraeNoether> and btw this is exactly the discussion that we wanted to avoid with the HFs... "So my vote is to either have another hardfork after the BP review, or to push back the March hardfork if there's no real reason to have a hardfork in March for another feature" <--- we hard fork twice a year, how much is enough? 12:49 PM <pebx> i can say you as of telegram: people are really expecting BP or at least lower fees... but lowering the fees manually is in my opinion some kind of doctoring around without a real scop 12:49 PM <sgp_[m]> I'm saying your argument of needing to stick with precedent should be more flexible 12:49 PM <pebx> *scope 12:50 PM <rbrunner> Well, the reaction on the Monero subreddit in face of a move into September was surprisingly subdued 12:50 PM <rehrar> delaying until September has other benefits not related to the Monero implementation 12:50 PM <suraeNoether> sgp_[m] and you are using precedents of previous moving HF schedules to show why it's not a big deal to move HFs... but the entire point is *these precedents need to be avoided* 12:50 PM <rehrar> it lets the BP paper itself have more time in existence 12:51 PM <sarang> And the audits specifically are not testing the BP math/paper 12:51 PM <rehrar> and there may be some people interested in reviewing the paper itself (Without carin about the Monero implementation) that would be useful to us 12:51 PM <sarang> It's way out of scope for those groups 12:51 PM <sgp_[m]> Why? If there's a legitimate reason to, what's the harm? 12:51 PM <suraeNoether> just the code 12:51 PM <sarang> sgp_[m]: you mean why are they not reviewing the math? 12:52 PM ⇐ DaveJones quit (~Dave@dslb-188-107-069-073.188.107.pools.vodafone-ip.de) Read error: Connection reset by peer 12:52 PM <sarang> Because it's an entirely different kind of review, altogether 12:52 PM <suraeNoether> i think sgp means "why not have three HFs this year 12:52 PM <sgp_[m]> No, not that 12:52 PM <sarang> k 12:52 PM <pebx> but let's be realistic: probably most interested people start to look into it only 1-2 weeks before it will be implemented anyway 12:53 PM <sgp_[m]> If we don't add another hardfork, we're committing at least 12 GB of extra blockchain data, assuming transaction volume stays the same 12:53 PM <rehrar> that was the argument before pebx, yes 12:53 PM <pebx> i would rather prefer to move the hard fork to april or may with BP than hard forking in march just for the case 12:53 PM <rehrar> but now there is demonstrated interest in getting the reviews done for financial compensation 12:53 PM <suraeNoether> sgp_[m]: we have to freeze the code 3+ weeks before each HF and begin implementation. HFing monero to implement BPs is not simple as creating a new email account. 12:53 PM <suraeNoether> think of each HF as rolling out a new year/model of car. 12:54 PM <sgp_[m]> I understand that surae 12:54 PM <sgp_[m]> But you could easily schedule a hardfork a month after you felt comfortable with the review 12:54 PM <suraeNoether> and if that happens to be August 12:55 PM <suraeNoether> does that mean we then HF immediately again in September, or also put that one off? 12:55 PM <suraeNoether> etc 12:55 PM <suraeNoether> etc 12:55 PM <sarang> So to move this talk forward... really the question is between (a) doing March and then BP when it's ready, (b) doing no fork until BP is ready, or (c) doing March and waiting on BP until Sept 12:55 PM <sgp_[m]> Then don't add another one in that case 12:55 PM <sgp_[m]> But it seems like from your estimate the review should take less than a month 12:55 PM <pebx> sarang i'm for b 12:55 PM — iDunk likes how MRL is making sense 12:55 PM <suraeNoether> sarang no, this is not the question 12:55 PM <pebx> i really don't see a need for the march hard fork 12:56 PM <suraeNoether> not to mention 12:56 PM <suraeNoether> screwing with HF schedules 12:56 PM <suraeNoether> completely BLOWS for HW wallet developers 12:56 PM <iDunk> Postpones subaddresses 12:56 PM ⇐ Waylon68Stamm quit (~Waylon68S@ns334669.ip-5-196-64.eu) Ping timeout: 268 seconds 12:56 PM <suraeNoether> sarang: we had a weak agreement, even sgp agreed... that the March HF should go forward, and BPs should probably not be included. 12:57 PM <rehrar> suraeNoether, you say that the best thing for new cryptography is time 12:57 PM <medusa_> C is the only option 12:57 PM <rehrar> correct? 12:57 PM <suraeNoether> agreed with medusa_ 12:57 PM <suraeNoether> rehrar: always yes 12:57 PM <sgp_[m]> I've expressed my support for A or B 12:57 PM <rehrar> then C is the only option 12:57 PM <rbrunner> Maybe the least bad 12:57 PM <thrmo> second B 12:57 PM <rehrar> we are responsible for people's money, freedom, and lives, remember? 12:57 PM <iDunk> I'm for C. 12:57 PM <suraeNoether> any concerns about getting BPs implemented *quickly* are not thinking about what Monero is going to look like in 2022 12:58 PM <Maxithi> Mind to make a quick run up to explain in one sentence A, B and C? 12:58 PM <thrmo> suraeNoether, B doesn't have to be quickly 12:58 PM <sarang> The real downside in a March/Sept is the blockchain size 12:58 PM <thrmo> Maxithi, <sarang> So to move this talk forward... really the question is between (a) doing March and then BP when it's ready, (b) doing no fork until BP is ready, or (c) doing March and waiting on BP until Sept 12:58 PM <sarang> if that's something you care about 12:58 PM <pebx> i somehow miss smooth, moneromoo and fluffypony in this discussion... i know, i have been late today but what's their opinion? 12:59 PM <suraeNoether> fluffypony is in Miami right now iirc, so he's probably sleeping on a pile of money and hookers 12:59 PM <endogenic> sarang: without bps coming along we wouldnt hve been able to avoid that 12:59 PM <Maxithi> thrmo Thx 12:59 PM <pebx> sarang the real downside in september is the community which is expecting it 12:59 PM <pebx> even more after fluffy announced it on twitter 12:59 PM <iDunk> Why are they expectiong it ? 12:59 PM <pebx> to be in march 12:59 PM <medusa_> that not an argument rly 12:59 PM <medusa_> ofc they want it 12:59 PM <iDunk> Who told them it would be in March ? 1:00 PM <endogenic> i want 0kb transactions and i want them now 1:00 PM <rbrunner> It was "word on the street" for a long time 1:00 PM <sgp_[m]> It just means we need a press release saying why the decision changed 1:00 PM <rehrar> I'm sure they also want other things asap. 1:00 PM <suraeNoether> sgp_[m]: we never announced any decisions on bulletproofs 1:00 PM <rehrar> hence my suggestion for MRL to put out a little news bulletin with a formal recommendation to wait 1:00 PM <thrmo> Without BP what consensus rules changes NEED an hardfork by march? 1:00 PM <sarang> We said March if it was ready 1:01 PM <sarang> We should do a press thing, yes 1:01 PM <dEBRUYNE> <rbrunner> It was "word on the street" for a long time <= Not really 1:01 PM <pebx> iDunk fluffy announced it to be implemented in march hard fork. that's also the reason why i miss him in the whole discussion 1:01 PM <suraeNoether> so our bulletin announcemennt that rehrar suggested will be the *first* formal announcmenet about BPs coming from monero. 1:01 PM <sarang> regardless of our choice 1:01 PM <rehrar> if community whines, we point to the bulletin 1:01 PM → floam412 joined (~floam412@unaffiliated/floam412) 1:01 PM <rbrunner> Pushing people to update needs a hardfork in any case, IMHO 1:01 PM <iDunk> Well, fluffypony jumped the gun then. 1:01 PM <rehrar> if they REALLY disagree, I'm sorry to say, they can fork :P 1:01 PM <dEBRUYNE> fluffypony strongly favors adherence to the schedule fwiw 1:01 PM <suraeNoether> pebx: where did he announce that? can you send me a link? 1:01 PM <pebx> one second, i have to search on twitter... 1:02 PM <thrmo> dEBRUYNE, the schedule was never meant to be set in stone 1:02 PM <gingeropolous> was double blob brought up at all as an option? or am i just chasing windmills 1:02 PM <thrmo> It will eventually be changed, maybe now would be a good time to do it. 1:02 PM <rbrunner> double blob? 1:02 PM <dEBRUYNE> thrmo: need a source on that 1:02 PM <iDunk> You are chasing windmills :) 1:02 PM <suraeNoether> gingeropolous: not brought up at all. care to explain how that would work? 1:03 PM <suraeNoether> one thing i want to make perfectly clear to everyone in this room 1:03 PM <endogenic> thrmo: what necessitates breaking the existing schedule? 1:03 PM <thrmo> dEBRUYNE, fluffy mentioned it several times iirc (and others) that eventually the scheduled would be changed and the rate of HFs diminished. 1:03 PM <Maxithi> Double Blob https://github.com/monero-project/monero/issues/3154 1:03 PM <gingeropolous> u make a transaction with a borromean and a bullet proof. You only work with the borromean for n months. Eventually, bulletproofs are trusted. You can then prune the borromean from the chain. 1:03 PM <dEBRUYNE> thrmo: Then we'd change to once a year probably 1:03 PM <dEBRUYNE> and either march or september would be thrown out 1:03 PM <suraeNoether> gingeropolous: ah, there could be some security issues with that 1:04 PM <endogenic> thrmo: he mentioned that in the context of monero stabilizing in the future didnt he 1:04 PM <rehrar> thrmo, this is true when we get to a point that Monero has so many users that HFs become more and more difficult to pull off, not as a result of new tech as I understand it 1:04 PM <thrmo> endogenic, unnecessary blockchain growth for one, and why exactly do we NEED to hardfork in march? 1:04 PM ⇐ TinusMars_ quit (51f0265c@gateway/web/freenode/ip.22.214.171.124) Ping timeout: 260 seconds 1:04 PM <gingeropolous> in various conversations it seems that the issues aren't as severe as they seem. 1:04 PM <endogenic> thrmo: a hard fork causes blockchain growth? 1:04 PM <rehrar> to force upgrades to newer, more stable software is as good a reason for me as any 1:05 PM <thrmo> endogenic, adopting BPs later rather than sooner. 1:05 PM <suraeNoether> gingeropolous: it would take more time for us to vet the double blob technique than it would for us to audit the BP code alone and push it. :P 1:05 PM <rehrar> suraeNoether, what did you want to make perfectly clear? 1:05 PM <thrmo> rehrar, why do you need to fork for that? 1:05 PM <suraeNoether> so what i wanted to make clear: if you are hoping to get BPs implemented before September in order to get a price bump, or to avoid a price crash in Monero... 1:05 PM <gingeropolous> suraeNoether, perhaps.. but here I tried to fully explain it: https://github.com/monero-project/monero/issues/3154 1:05 PM <medusa_> we usually use the fork to roll out cleints, so we just have 1 version to support 1:06 PM <gingeropolous> and furthermore, this isn't going to be the last time some amazing tech comes through to reduce transaction size 1:06 PM <endogenic> thrmo: changing the existing schedule needs to be justified more than not doing so in the absence of a problem making it necessary, and people agree that bulletproofs and its implementation needs to be audited right? 1:06 PM <thrmo> medusa_, i know, it doesn't need to be that though. 1:06 PM <rehrar> can I speak bluntly? 1:06 PM <gingeropolous> so it'd be great if we had a mechanism to transition to fresh tech without wondering if the whole thing'll come crashing down 1:06 PM <suraeNoether> then your logic is already flawed... if you think Monero will hit 10,000 USD faster if we get BPs implemented in June instead of September, you are... well, i can't say for sure that you are wrong, but your logic circuits may need some dusting. 1:06 PM <endogenic> agree surae 1:06 PM <endogenic> also fees 1:07 PM <thrmo> endogenic, I do agree too, I just don't think that adherence to the schedule is as a big thing as it's been portrayed. 1:07 PM <suraeNoether> fees are going to be changing in this HF either way 1:07 PM <sgp_[m]> @surae please, I've been in the community for several years. I don't care about the price nearly as much as I care about the practical benefits of lower transaction fees and reduced blockchain bloat 1:07 PM <endogenic> if they are lowered at the expense of monero's security 1:07 PM <endogenic> what's even the point 1:07 PM <gingeropolous> ^^ 1:07 PM <suraeNoether> sgp_[m]: *good* but our fees are going to be reduced anyway, and blockchain bloat is literally going to be marginal as time goes on 1:07 PM <rehrar> this is a moot conversation honestly, and it's silly that we are having it. Again, the responsibility on our shoulders is very large. Money, freedom, and lives. And if the best thing for this new crypto is time, then the LEAST we can do is give it an extra six months. 1:07 PM <thrmo> I couldn't care less about the price either. 1:08 PM <endogenic> i dunno thrmo imo it's a matter of what precedent we implicitly accept by agreeing to an action even if we arent aware of the consequences 1:08 PM <endogenic> people will use that precedent for their own reasons 1:08 PM <endogenic> just my two cents :p 1:08 PM <sgp_[m]> @rehrar we would be at the point though where the review(s) would have already been completed 1:08 PM <suraeNoether> sgp_[m]: and please don't take my comment as accusing you of being only interested in monero's price, i know that you are a long-time member of the community and we have had several good discussions in the past. i value your opinion 1:09 PM <rehrar> again sgp, it's not just the code that needs time to be 1:09 PM <rehrar> it's also the paper of BP itself 1:09 PM <suraeNoether> i just wanted to make that clear to anyone who ends up reading the logs later, or any lurkers who are thinking "but oh man i could totally get rich if they push this in June." 1:09 PM <rehrar> what if there is an exploitation in the crypto itself that has gone unnoticed at this point in time 1:09 PM <rehrar> the reviews will review our code implementation, not the paper 1:09 PM <suraeNoether> *nod* similar to the ASNL ring signatures in the original ringct paper 1:09 PM <rehrar> the crypto itself needs time to breathe 1:09 PM <thrmo> endogenic, there are some costs for "unnecessary" hardforks too, even if they are on schedule. 1:09 PM <suraeNoether> *which wasn't caught until after the paper was published, put through peer review, and after I believe we had gone live with code.* 1:09 PM <rehrar> this itself is an argument to wait 1:10 PM <rehrar> as I said before, there may be third parties that will review the BP paper itself (not our implementation of it) for their own reasons 1:10 PM <rehrar> and we can benefit from that 1:10 PM <iDunk> It was live on testnet, not in mainnet. 1:10 PM <thrmo> Hard forks momentarily weaken the security of the network, so doing it because of no other good reason than schedule seems silly to me. 1:10 PM <endogenic> thrmo to say they are technically unnecessary only speaks to part of the hypothetical necessity which must be evaluated. that's everything i'm saying 1:10 PM <pigeons1[m]> The code was only live on testnet 1:10 PM <sarang> We're definitely not the only ones interested in BPs, so there will be good eyes on it going forward 1:10 PM <thrmo> as rehrar pointed above, money, freedom and lives are at stake. 1:10 PM <sgp_[m]> We discussed this in previous meetings. There's always an argument to wait. If the community wants more review on the math, we should get an audit of that too 1:10 PM <gingeropolous> thrmo> Hard forks momentarily weaken the security of the network >>> what? 1:11 PM <thrmo> gingeropolous, Node count drops, hashrate drops, etc 1:11 PM <suraeNoether> thrmo we are modifying fees in the next hf so its not merely to accommodate schedules 1:11 PM <sgp_[m]> If we knew of researchers in the process of looking at the math I would agree with you, but it seems odd to wait in hopes someone is looking at it 1:11 PM <rehrar> sorry sgp, but the argument is not to wait indefinitely, it's to wait until September 1:12 PM <rehrar> it was mentioned in a previous meeting 1:12 PM <gingeropolous> and what if there aren't any reviews by then? 1:12 PM <rehrar> if we wait until September, that more than doubles the time that the BP paper has been in existence 1:12 PM <dEBRUYNE> sgp_[m]: Waiting until August / September literally triples the time the paper has been out in existence 1:12 PM <dEBRUYNE> That's a convex pay off 1:12 PM <pebx> https://twitter.com/fluffypony/status/945706717421195266 26 Dec Poorbrokebastard @OGbigblocker Replying to @fluffypony and 5 others The impending fee drop reminds of us the impending LN. BCH "shills"...interesting characterization, I suppose that includes me? Also...what criteria does a fork need to have to be defined as "malicious?" Riccardo “fluffyblockchain” Spagni ✔ @fluffypony Not even remotely comparable. Thanks to the very excellent paper (which lists 3 Blockstream employees as co-authors), single-output Bulletproofs code is merged and will be live as part of the March hard fork. Also see: https://getmonero.org/2017/12/11/A-note-on-fees.html … 12:23 PM - Dec 26, 2017 · Plettenberg Bay, South Africa Monero: A note on fees A note on fees [on the home of Monero, a digital currency that is secure, private, and untraceable] getmonero.org 1 1 Reply Retweets 1 1 like Twitter Ads info and privacy 1:12 PM <rehrar> dEBRUYNE is more right than me ^ :P 1:12 PM <pebx> sorry took me longer than i thought, twitter search is unfortunately not the best 1:12 PM <rehrar> although I guess triples is technically "more than doubles" 1:13 PM <thrmo> pebx, fluffypony doesn't decide the community does. 1:13 PM <rehrar> also, the second time me and dEBRUYNE said remarkably similar things. Just a thought. 1:13 PM <dEBRUYNE> rehrar: :P 1:13 PM <rbrunner> Yes, but that was word on the street :) 1:13 PM <gingeropolous> nonsense! He is our god! Such blasphemy! 1:13 PM <pebx> i know, but the community expects this now... that's why i miss fluffy in the discussion 1:13 PM <sgp_[m]> He was just finding the tweet that others asked for 1:13 PM <dEBRUYNE> Whether the community expects BP in March is at most ambigous imo 1:13 PM <rehrar> ok, let's end this conversation with one question 1:13 PM <suraeNoether> pebx thanks for finding that. He shouldn't have said that, number one 1:14 PM <dEBRUYNE> at best* 1:14 PM <rehrar> MRL: what is your formal recommendation to us at this point? 1:14 PM <iDunk> That tweet was unfortunate. 1:14 PM ⇐ taisel quit (~taisek@2601:582:4501:14d4:41d:b80a:d843:7c32) Quit: Leaving 1:14 PM <pebx> suraeNoether that's the thing i'm talking about... 1:14 PM <endogenic> the code IS merged though 1:14 PM <endogenic> to master 1:14 PM <sarang> single output 1:14 PM <pebx> he is still some kind of project leader, but he missed last sunday's discussion and now too 1:14 PM <iDunk> And is live on testnet :) 1:14 PM <rbrunner> Yes, and live on Testnet 1:15 PM <sarang> multi is not yet 1:15 PM <sarang> and that's what we want audited 1:15 PM <endogenic> yes but aside from tagging an old commit 1:15 PM <endogenic> does this raise the issue of whether it should have been merged? 1:15 PM <suraeNoether> rehrar: Sarang, correct me on this if need be: our formal recommendation to pay an OSTIF group to audit the code, funded through a new acronym, and to include BPs in September. 1:16 PM <dEBRUYNE> I wouldn't confine the audit to the OSTIF group 1:16 PM <rehrar> sarang? you second this? 1:16 PM <suraeNoether> dEBRUYNE: just my recommendation based on what we've seen and heard so far. if another group feels more right, we can goi with them instead. 1:16 PM <sarang> I don't have a particular opinion on September vs pushing the March, since there are many other parties involved and I don't work closely enough with them to fully appreciate their needs 1:17 PM <sarang> I agree on the rest from a research perspective 1:17 PM <rehrar> ignoring needs of others for the time being, just think of the crypto 1:17 PM <suraeNoether> the delay of HF schedules, etc, this is all not even really MRL's job to make decisions about. the quesiton is: will BPs be implemented in the next scheduled HF for May? And I dont' think the answer to that is yes, from either me or sarang 1:17 PM <suraeNoether> and by "will" i mean "should" 1:17 PM <sarang> I consider the crypto pretty independent from the fork schedule 1:17 PM <gingeropolous> and by may u mean march 1:18 PM <suraeNoether> yeah the one starting with "ma" 1:18 PM <rehrar> and by dont', you mean "don't" 1:18 PM <sarang> Using the double blob method would be a good way to mitigate issues 1:18 PM <sarang> but we haven't used it before 1:18 PM <suraeNoether> sarang do you have expectations of security if two range proofs for the same masked amount are provided? because I can imagine at least two different ways that could go wrong if done incorrectly. 1:19 PM <suraeNoether> but that's highly dependent on the algebra and boosting negligible event probabilities into more likely events. 1:19 PM <sarang> suraeNoether: I am not worried about the two-proof method in that way 1:19 PM <dEBRUYNE> suraeNoether: we can go with multiple groups as well 1:20 PM <suraeNoether> sarang: ok we should talk more about it later then i guess 1:20 PM <sarang> yes 1:20 PM <rehrar> well, hard fork times aside, it's agreed it shouldn't be in March, and that's enough for the time being 1:21 PM <sarang> yes 1:21 PM <rehrar> good updates on the audit front 1:21 PM <rbrunner> But a HF in March is not entirely agreed, it seems to me ... 1:21 PM <sarang> But he means BPs will not be in March 1:21 PM <sarang> Too many audit steps before then 1:21 PM <suraeNoether> rbrunner: this meeting was never about HF schedules 1:21 PM <sarang> I'll keep everyone updated in #monero-research-lab on the OSTIF quotes 1:22 PM <pebx> sarang what's a real timeframe to be ready with audits? 1:22 PM <rehrar> MRL, let's talk about the Z.C.A.S.H (name pending) fund later today? 1:22 PM <sarang> Once the funds are raised and the group has a start date? A month, maybe 25 biz days 1:22 PM <sarang> But start dates depend on the groups' availabilities 1:23 PM <pebx> okay, so i'm still for delaying the hf to april or may but then with bp 1:23 PM <rehrar> last question, should we still have dev meeting next week, or push to three weeks from now? 1:23 PM <pebx> otherwise some sumo will have it before monero 1:23 PM <janeropicasso> Hi guys I'm new been reading along. I'd just like to say one thing. I think keeping an eye on the long term view is much better than any short term benefits unless the situation is dire. In my experience hard deadlines on things never work. Security, Privacy and Untraceability is what separates Monero high tx fees can wait. 1:23 PM <iDunk> I don't see this as a dev meeting. 1:23 PM <pebx> i would be for a dev meeting next week, but who i am... 1:24 PM <rehrar> alright, I'll make an issue for it on the Githubz 1:24 PM <rbrunner> Meet again next week, I would say, in any case. 1:24 PM <dEBRUYNE> janeropicasso: There will be a partial solution for fees in the next release 1:24 PM <iDunk> Next week is the normal schedule. 1:24 PM <rehrar> just don't want burnout 1:24 PM <rbrunner> Critical times 1:24 PM <pebx> rbrunner this. 1:25 PM <rehrar> Alright. Anything anyone else wants to say on this? 1:25 PM <rehrar> dEBRUYNE, can we get the logs for this too? 1:25 PM <dEBRUYNE> Sure 1:25 PM <dEBRUYNE> No ETA though :P 1:25 PM <sgp_[m]> I suppose I'd like to hear a bit more about fees 1:25 PM <gingeropolous> so, just throwing it out there - could we get one of the clones to implement? Then there's a worthy target to exploit .. 1:25 PM <rehrar> sgp outside the scope of this meeting I think? 1:26 PM <rbrunner> Yes, I don't fear Sumo implementing it at all 1:26 PM <rbrunner> Our fall guys :) 1:26 PM <endogenic> janeropicasso: i do wonder what people will prioritize. history is scary 1:26 PM <sgp_[m]> "Bulletproof/fees meeting" lol 1:26 PM <rehrar> Ah, good point. 1:26 PM <rbrunner> Just think that currencies normally work within time frames of decades 1:27 PM → amiuhle joined (~firstname.lastname@example.org) 1:27 PM <pebx> rbrunner well it's some kind of an issue if someone will implement monero developed code before monero does... 1:27 PM <sarang> That's part of what we're trying to avoid 1:27 PM <pebx> at least for observers 1:27 PM <sgp_[m]> @dEBUYNE can you speak about what you meant by "partial fix"? 1:27 PM <sgp_[m]> @dEBRUYNE 1:27 PM <rbrunner> pebx: Reminds me of my Windows installer and the X12 coin :) 1:28 PM → Fjahfehdnxjdjfcj joined (d13a94e3@gateway/web/freenode/ip.126.96.36.199) 1:28 PM <gingeropolous> pebx, what do u mean by observers? 1:28 PM <dEBRUYNE> So the wallet will use low priority by default when there's no or low backlog and the last N blocks are below X size 1:28 PM <dEBRUYNE> Then switch to the old default once activity picks up 1:28 PM <dEBRUYNE> And we reasonably assume miners are going to expand the blocksize 1:28 PM <dEBRUYNE> It's still a bit crude and there's no perfect solution, but at least we got something going 1:28 PM <rbrunner> Throwing people a bone 1:29 PM → _Slack joined (~Slack_@c-98-234-122-54.hsd1.ca.comcast.net) 1:29 PM <sgp_[m]> @dEBRUYNE, ok cool. Just curious if there was something else I missed 1:29 PM <dEBRUYNE> Some talk about whether we should lower the unimportant level, because it's arbitrary anyway 1:29 PM <sarang> So any action items before next meeting? 1:29 PM <sarang> Besides carry on w/ audit and start to plan funding? 1:29 PM <sarang> We'll need more input from core folks about the role of general funds 1:30 PM ⇐ Fjahfehdnxjdjfcj quit (d13a94e3@gateway/web/freenode/ip.188.8.131.52) Client Quit 1:30 PM <pebx> gingeropolous people out of the community and people trying to attack monero and spreading disinformation... 1:31 PM <rehrar> hmmmm... 1:31 PM <pebx> i am moderating the groups on telegram so i see the "normal people talk" 1:31 PM <rehrar> nothing else from me on this meeting? 1:31 PM <rehrar> sarang even with availability of general funds, I'd like to try at least some with FFS. It's just good 'marketing'. 1:32 PM <pebx> but i wouldn't like to rush it either into march if it's not ready to be released... 1:32 PM <rehrar> Monero raises grassroots money for review 1:32 PM <sarang> In that case we should at least set a goal amount for this review fund 1:32 PM <pebx> that's a good point rehrar 1:33 PM <sgp_[m]> Is $50k a good goal? 1:33 PM <rehrar> So much is said in that Monero crowdfunds two full time researchers, two full time coders, and other stuff 1:33 PM <rehrar> I think add a zero to that sgp 1:33 PM <rehrar> if this will be used for multiple reviews over multiple years 1:33 PM <sarang> $50K would fund a pro audit and maybe one individual 1:33 PM <sgp_[m]> Ok, thought that was initial goal scope 1:34 PM <suraeNoether> rehrar i think if we shoot for 75-100k, and we have to pay, say, 50k this year... well... that's 25k in monero that could be worth several extra zeros by the next time we need an audit going 1:34 PM <rehrar> or could be worth several less zeros :P 1:34 PM <pebx> 500k is quite a figure... but if we can raise that for some merchandise stores to accept monero, it should be possible to do so for the tech 1:34 PM <suraeNoether> yeah, we can always FFS again to refresh the fund 1:34 PM <suraeNoether> pebx +1 1:35 PM <sgp_[m]> I think 100k is manageable. 500k is unrealistic to start imo. GloBee is an exception, not the norm 1:35 PM <rehrar> but if we think 100k is good enough to start, we can shoot for that 1:35 PM <gingeropolous> f'real 1:35 PM <suraeNoether> sgp_[m]: +1 also on that 1:35 PM <suraeNoether> if we need to re-up, we can 1:35 PM <rehrar> it can also be like the HackerOne fund 1:35 PM <rbrunner> Yes, it's not sexy enough for 500K 1:35 PM <rehrar> the goal has been met and extended a few times 1:35 PM <sarang> OK, I'm out for now but will keep everyone informed on audit progress 1:35 PM <rehrar> ok, thanks sarang 1:35 PM <rehrar> thanks everyone for coming. Was fairly productive I think.