BCOS Monero Village - Greatest Questions

Video thumbnail (Frame 0) Video thumbnail (Frame 9778) Video thumbnail (Frame 19556) Video thumbnail (Frame 29147) Video thumbnail (Frame 38638) Video thumbnail (Frame 53470) Video thumbnail (Frame 67929) Video thumbnail (Frame 77819) Video thumbnail (Frame 87471)
Video in TIB AV-Portal: BCOS Monero Village - Greatest Questions

Formal Metadata

Title
BCOS Monero Village - Greatest Questions
Title of Series
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English

Content Metadata

Subject Area
Point (geometry) Perfect group Multiplication sign 1 (number) Open set Mass Information privacy Mereology IP address Perspective (visual) Product (business) Expected value Frequency Emulator Goodness of fit Internetworking Computer configuration Hypermedia Circle Office suite Information security Traffic reporting Address space Overlay-Netz Forcing (mathematics) Physical law Projective plane Bit Database transaction Lattice (order) Line (geometry) System call Uniform resource locator Arithmetic mean Process (computing) Software Order (biology) Codec Right angle Cycle (graph theory) Spacetime
Point (geometry) Group action Implementation Service (economics) Real number Web browser Mereology Expected value Web 2.0 Revision control Inclusion map Different (Kate Ryan album) Computer configuration Term (mathematics) Formal verification Computer hardware Streamlines, streaklines, and pathlines Software testing Series (mathematics) Information security Address space Computing platform Task (computing) Physical system Authentication Email Theory of relativity Information Interface (computing) Feedback Interactive television Mathematical analysis Database transaction Cryptography Cartesian coordinate system Process (computing) Password Order (biology) Video game Right angle Quicksort Communications protocol Spacetime
Torus Point (geometry) Token ring Confidence interval Student's t-test Perspective (visual) Direct numerical simulation Causality Term (mathematics) Computer configuration Core dump Damping Software framework Data structure Data conversion Router (computing) Information security Computing platform Random variable Domain name Curve Graph (mathematics) Regulator gene Software developer Weight Physical law Shared memory Line (geometry) Institut für Umweltphysik Bremen Cryptography Flow separation Connected space Proof theory Type theory Word Integrated development environment Physicist Chain Order (biology) Self-organization Quicksort Musical ensemble Mathematician Freeware Communications protocol
Point (geometry) Open source Code Multiplication sign 1 (number) Open set Mass Information privacy Mereology Perspective (visual) Formal language Number Mathematics Term (mathematics) Different (Kate Ryan album) Core dump Arrow of time Nichtlineares Gleichungssystem Endliche Modelltheorie Information security Metropolitan area network Physical system God Scaling (geometry) Theory of relativity Software developer Projective plane Expression Database transaction Bit Hecke operator Type theory Proof theory Arithmetic mean Personal digital assistant Order (biology) Video game Right angle Quicksort Spacetime
Complex (psychology) Common Language Infrastructure Building Hoax Code Mereology Public key certificate Computer programming Neuroinformatik Usability Coefficient of determination Different (Kate Ryan album) Core dump Cuboid Information security Physical system Curve Software developer Feedback Electronic mailing list Database transaction Bit Entire function Degree (graph theory) Type theory Website Self-organization Right angle Quicksort Whiteboard Spacetime Point (geometry) Functional (mathematics) Implementation Kreisprozess Open source Software industry Web browser Number Twitter Revision control Goodness of fit Latent heat Internet forum Operator (mathematics) Address space Focus (optics) Interactive television Content (media) Cryptography Cartesian coordinate system Graphical user interface Maize Software Personal digital assistant Freezing Abstraction
Common Language Infrastructure Complex (psychology) Group action Code Euler angles Multiplication sign Direction (geometry) Design by contract Information privacy Perspective (visual) Computer programming Software bug Malware Mathematics Bit rate Semiconductor memory Matrix (mathematics) Cuboid Arrow of time Data conversion Information security Vulnerability (computing) Physical system Social class Collaborationism Software developer Constructor (object-oriented programming) Feedback Bit Instance (computer science) Flow separation Data mining Process (computing) Software repository Order (biology) Self-organization Right angle Quicksort Whiteboard Asymmetry Thermal conductivity Row (database) Point (geometry) Content delivery network Web page Divisor Open source Robot Ultraviolet photoelectron spectroscopy Virtual machine Hidden Markov model Product (business) Number Frequency Internet forum Hacker (term) Term (mathematics) Internetworking Data structure Router (computing) Traffic reporting Metropolitan area network Computing platform Condition number Capability Maturity Model Form (programming) Dependent and independent variables Multiplication Information Projective plane Counting Limit (category theory) Frame problem Word Software Personal digital assistant Cartesian closed category HTTP cookie Communications protocol
Axiom of choice Mobile app Server (computing) Greatest element View (database) Multiplication sign Virtual machine Neuroinformatik Prototype Centralizer and normalizer Synchronization Internetworking Computer hardware Authorization Energy level Software testing Endliche Modelltheorie Traffic reporting Default (computer science) Touchscreen Key (cryptography) Block (periodic table) Projective plane Data storage device Bit Proof theory Data mining Software Personal digital assistant Right angle Quicksort Communications protocol Sinc function
Axiom of choice Slide rule Multiplication sign Online help Function (mathematics) Mereology Number Twitter Power (physics) Roundness (object) Internet forum Hacker (term) Mathematical optimization God Email Closed set Moment (mathematics) Projective plane Infinity Bit Line (geometry) Lattice (order) Substitute good Ring (mathematics) Tower Telecommunication Self-organization Right angle Musical ensemble
all right it is five o'clock it's time for me to pass this mic on to SGP who will be passing it on to these guys this is the this is the panel with all of these guys we've got let's go at this just go ahead and introduce everybody real quick okay awesome so welcome everyone we are just having a very informal panel here and with many of these lovely participants I'll give them all a chance to introduce themselves and there will be plenty of time for audience questions because we have a full hour so if you didn't see me earlier today I'm Justin I'm just going to be leading a casual discussion here so hold your hand up with questions as we have time later oh and my handle is SGP or Samsung Galaxy Player and no I'm not sponsored by Samsung all right we'll pass the mic down Yama no animal eat the mic hi everyone I'm ricotta ricotta Swaney you may know me as fluffy Bernie feel like I said that already today my name is Sean ik I'm on the security team at coinbase name is call names Paul you might know me by endo genic or tweeting Paul s I'm not really clear if it's plural or just singular and by last things awesome perfect so anonymity can keep them like so I know you spent the last several hours talking about Cobre and what privacy means to you but I think it's a good opening question to sort of go down the line if you sense already gave a two hour talk about privacy if you could just give a 30 second one here but just what does privacy mean to you and why do you feel like what projects were doing with Manero to help further that and if you're if that's the not applicable question what is privacy media well I don't believe there's such thing as privacy I think what we're doing is attempting to achieve the impossible but it's not really impossible yet because we haven't proven that if anyone for the first part of the talk they would know exactly what I'm talking about so why am I doing this I'm attempting to emulate hack an emulation of bringing two points of space-time into one while still retaining the same qualities I mean really that's what it comes down to why because I think that's the essence of love and essentially that's what we're expressing the you know think of all the name-calling you didn't call just because you used this software and then you can just left and saying no I'm just I just want to join two points it's based on the other until one just where do you see you're working on Colver you want to take a second to talk about Cole Reed oh well okay so Cobre will do you want the textbook definition took the quick definition okay so when you use manera when you use basically anything you have an Origin IP address if you're using the Internet right essentially unless you're using an overlay network which anonymizes your anonymizes you know your location or your address and that's what Cobra will do essentially completing the no no no is it a cycle or circle of the Manoa project goal to have these this truly decentralized trustless functionally private software and community I'm so you can have we actually anonymized transactions perfect yeah thanks enough if you can pass the mic down we can continue their privacy discussions I think from my perspective privacy or a meeting the mic sorry I think privacy is a basic human right or it should be a basic human rights and and that's not to say that I am anti-law enforcement I you know there are bad people in the world you know they're murderers and stuff and sure no problem law enforcement needs to catch them I just don't think then you slowed up all my data to do so I'm against passive surveillance I think that that's not an objectively good way of enforcing laws and I think that unfortunately what's happened over the past thirty years which is roughly the time period we've had traceable money is law enforcement has gotten really lazy and what they've decided to do is the burden of enforcing laws the burden of figuring out who is suspicious they put that on financial institutions so you know you get a deposit of a certain size in your bank reports you like why is your bank the law maker why is your bank the detective who decides that you're suspicious like surely like law enforcement officers should be the ones doing that and and I think that that's what we're trying to achieve with mineiro is a world that you know we're not we're not able to solve everything but at least we can try and solve the problem of massive surveillance and force things to go back to the way they were when law enforcement agencies did their job thank you I am surprisingly an agreement with roughly with what you're saying which is working in an exchange means we have to be an enforcer for laws that we don't necessarily get to decide right and so if it's like if we have to give information out about a user to a law enforcement agency it's because we are being forced to we have to do so in order to do business in the US but back to the actual privacy bit it's a basic human expectation right and it's where and how the circumstances in which you're communicating you're talking to right I talked to my doctor I have an expectation of privacy I talked to a journalist I have no such expectation right and for us particularly in a product team it's how do we make sure that that expectation of privacy carries over to all the different like expectations the user has thank you yeah just from a basic definition standpoint I would say privacy seems to be the option to
disclose what you want to disclose so I would say to your point giving that option to the users is exactly what we need to do and you know in all of these technologies there is the interface with the real world and that's where information that gets disclosed really lives so yeah people need to have that kind of option awesome so Paul you can keep the microsecond I have a quick question for you so you you represent my Maneri or the CEO of my Manero which is a common web wallet and also recently a an application wallet for Manero so what are this can you speak broadly about some of the challenges that you faced developing maintaining these these services for them in our ecosystem yeah totally that's a really good question I think probably the biggest challenge we have right now is keeping up with manera and the reason that that's important primarily is so that all of the usage of people on my monaro blends into all of the other Manero usage you know so that nothing stands out you know for that purpose we've had to port a lot of the Monaro cryptography techniques and protocol implementations I mean I wouldn't say that it's so much of a challenge because I enjoy it but I think the other really big thing we work on is making sure that this technology is accessible one of the things Ricardo mentioned earlier was that people just don't know these terms like address in bukey and so understanding what those things mean in real life in real usage and translating that is definitely a big task so how do you approach finding out what's usable to everyday people do you have like test groups how do you consult to figure out what is a streamlined experience for people right no yeah that's exactly it so there are official and unofficial test groups you know official in the sense that like there are people that I regularly talk to you about this stuff and they give me all kinds of feedback and we work on next versions and things like that but the other thing is so I really enjoy talking to people about just how they use Manero in general and listening to the sticking points or how people design services that use Manero or built on top of the Monaro and where the technology you know it needs to be massaged basically like for example recently someone was working on a way to include order details in a transaction you know figuring out exactly the right way to do that you know it definitely requires analysis of the technology perfect so thank you I think we can move on to shamekh we have it just a question for you if you want to talk more specifically about Manero let me know but I didn't want to keep putting you on the spot for monaro related questions we had now you can answer why Manero yeah so we had that question earlier today with one of your coworkers um but I I'm curious coinbase has gone through a series of different approaches to 2-step authentication for its applications I've if I remember correctly they previously or you previously had in a partnership with authy and then that was dropped for in favor of other systems so can you speak to the difficulties related to user security and actually logging into these accounts and also specifically talk about how to factor is kind of an important role in that I think the important thing to do here first is establish what a coinbase user looks like one of our goals is in exchange is to make cryptocurrency available as like an on-ramp right we want people who otherwise would never interact with crypto or crypto like systems to be able to buy sell whole trade send off platform just interact with crypto in any sort of way with that comes with no expectation of any kind of sagginess with regard to their user account user security right there's no way we can make sure this user has like a safe email address for example or that they haven't reused passwords in places right or they haven't even done something as simple as keep their TOTP seed as a screenshot in their cent drive in their in their email so at one point like you lose the email address you lose the totp seed so with that said part of the work that we do is we try to find two FA methods that are a usable by most users right it's on their device or it's available to them to use through the browser what have you and then it's actually like they'll interact with it one of the most interesting pieces of individual feedback I've gotten for the user is asking why do we do device verification emails can't you tell it's just me right and well no we can't which is why we have to do device verification so for us we're saying how difficult can we make it for an attacker while still making it trivial for a user there's a world where you could imagine even coinbase branded Hardware that just does 2 FA for you right however we want to implement it on the other side but that's like a far-out world someplace that we'd love to get to awesome all right I have a tough question for you Ricardo that's all right this is a low in space good this is in relation to tari so you are the co-founder of tari in the past you have been very vocal against a lot of the ICO and essentially a lot of the problems that was created in the etherium ecosystem that was perpetuated by hype perpetuated by people being able to make these digital assets for the sake of essentially spreading hype and gathering money so I'm curious with tari can you speak to how tari itself is which enables this sort of activity on the Monaro platform and brynn essentially brings this sort of ICO culture closer to the Monaro ecosystem how this how you reconcile that and how you are able to like what what how you sort of approach that sort of thought process sure I think the first thing is that I don't have a sort of standing opinion that all i SEOs are bad and every ICO that it will ever exist will be bad I think that ICO is in general our regulatory from a regulatory perspective on murky I think there a thickly murky I
think they're most mostly mishandled and
mismanaged and I think they're largely
done by people that would be laughed out the dwarf they were too traditional for VC and and that's you know not to say again that if we every ICO is bad I think they score four security tokens I think security tokens are really interesting if you can divvy up your company and instead of issuing shares you I should have talked a security token and that could trade free D on secondary markets that's something that is interesting to me as as a way of doing an IPR IPO style organization or public company I think that we are still a while away from understanding what the laws are going to look like around that from having a regulatory framework that encourages good behavior because I mean I SEOs are not decentralized that's there's a central issue and they've got to comply with laws you know we know this is not a decentralized technology and I think we need to wait for regulators to see what they do and and from Terry's perspective I mean you note RV's permissionless it's like we have a permissioned environment where it's like please apply yet amongst your token and we'll decide so you know people are gonna do what they're gonna do and and that's not like we can prevent them from doing that I mean someone could build a colored coins protocol on Manero tomorrow it wouldn't be a particularly good idea but I mean it could be done so you know someone can do that and launch an IC o---- using Manero and we wouldn't be able to stop them so I think that the on the one hand there's hope for the future that I cos will become less murky there's hope that black security tokens will be something that's interesting and and Tory will be ready for their coming wave and on the other hand even if I felt differently and I thought that every ICO was bad I still wouldn't be able to stop them so follow a question with that u s-- atari is merge mind with Manero but as its own separate chain so are you concerned that tari as a company will be exposed to the liability of potentially being able to change consensus on that chain in order to manipulate these sort of ICO in the platform are you concerned about any sort of liability that Terry would have there I don't think so I mean that the organizational structure is I mean we own the Tory to come domain in the turret with a handle net but the organizational structure is ready Tory labs and and that's the that's the cool thing that we've created and Tory Labs is an organization that has employees and is employing more people in Johannesburg in South Africa and they will be working they are working already on some of the the stuff that the learning curve really to allow them to bolt re but they're not going to be building in isolation they're going to be contributing to Tory and they're going to be contributing to manera so you know they're like the organization that self is just an organization that contributes don't know if it's all supportable okay cool thanks ok no an animal so in previous conversations that we've had you've expressed that co-vary is not it's not just meant for the I to P ecosystem it's meant to be at its core an anonymizing router can you speak to in the future Cobras connections with I to P and what other sort of technologies that you're considering perhaps even if it's several years down the road using with with Cobre ok so I want to keep it open-ended because as I discussed earlier this is an ongoing development and we can't get like if you ever in jazz you have they're called pet cords right you go into those pet cords where are you okay I'm gonna play that off minor depth about the duck cause it's comfortable it's there so no way am i saying anything we do is going to be forever and we know ITP is what it is now but that doesn't mean it's not going to be that later you want to know what other options there's not really many other other options at this point there's attempts at options everywhere from but those aren't really good new net was one attempts dandelion as I said earlier the bitcoins non solution to anonymity [Music] CJ DNS porn it I mentioned Hornet we need more research honestly I mean for every crypto enthusiast you know yours like you know a twelfth of that person is an anonymity developer so I mean it's really miniscule really small amount of people working on this type of technology so we just need more people more interest more physicists mathematicians especially more physicists because this problem is not going away anytime soon that answer your question yeah you did and like unless you had any specific technologies that you were really looking for you mentioned dandelion no no no okay no they draw a line on the graph you know I hear you're anonymous okay no okay so yeah I'm not joking you go look at the specs it's okay okay so I'm a student at the University of Minnesota I have spoken to one of the professor's there who does tour research and he said that he previously did some initial look at IUP several years ago the protocol has likely changed significantly since then but according to his own words he said that they did not even bother publishing papers about how insecure it was because it was essentially self-evident and it was very obvious so generally it's proof this is like back in this is several years ago so generally for the question for you what general sort of confidence do you have that i2p is a generally rigorous and researched protocol in terms of protecting the anonymity that you would have with some scratches oh yeah well okay that's a great question have you looked at the specs has anyone here looked at specs done their own research is anyone here looked at the tour specs done their own tour research I mean this best that like the specs where you're
laying out the equations yeah see no one's raising their hands because okay I've got my hand back there cool I mean but and then again how many people are knee deep in the code developing this stuff see that number just gets smaller and smaller and smaller so you can you know anyone can say Oh a live look you can throw millions of dollars of research you can throw all kinds of fancy equations out like I'm sorry I'm not gonna beat up on dandelion but it looks fantastic on paper until you realize it just doesn't work so I don't know they're not even answering the question it's just really there's no like safe you know oh I feel cuddly feeling this system oh my god this is great I feel perfect I'm so private it's it's essentially yes I mean this is the ultimate DEFCON expression of this is just for hacking one hack after a hack after a hack after hack I mean that's like life or we're just trying to get through this and there's no perfect solution said the trill yeah exactly I'm that high note let's open up for questions well I look I don't know how this work yeah you're what you're welcome to a coin based thing you're welcome to ask so just so we get this on recording you have that same I have the same answer to I about why Manero yes I have a quick yeah okay so in my talk I forgot to mention okay so like okay Oh an animal does believe in privacy with what the heck man so essentially privacy still is I believe to be ill-defined and I think what we're trying to define privacy is essentially varied aspects of relative publicity because there's no such thing as being private because you cannot exist while not existing yet at least I have you have to see the proof any mathematical yeah any math anything anything about that I talked about that the first half of my talk okay so great nothing's private so we can take that out of the reasons why X can't use Y next thing a Manero is essentially in language between two points in space-time right like you can mean me save like space-time you know you'll see that I'll probably do it if you don't aliens aliens yeah exactly so you want to have that private to transaction essentially you just want it with that other point in space-time so mineiro is a language all right these are all languages in which we're expressing now for any X institution to discriminate someone based on language that is flat-out discrimination I don't think coinbase has a real reason or even the government to have any reason to discriminate based on language nor can they I mean this is like a constitutional thing so I wonder I mean with that perspective which is absolutely proven Wow why not Manero what's proven I'm not prepared to answer in this question well I was just gonna say I wanted to buy a whole bunch of stuff on Project coral reef and I can't get an arrow you know so that's why manera thank you for saying so that means you see look at all the suffering children they can't get there Mariah Carey Souls yes literally so do we want more audience questions yeah we we have a lot of extra time on set yeah this we can to avoid any more brigade Ian of why Monroe's not on coinbase let's have some additional questions I guess I'll just hand back the mic then I'm just gonna so this is kind of a question for everybody here because I mean tari is kind of open sort well I guess clean voice isn't so you can sit tight but you if you have an opinion on this please do copies open source my Monaro is well okay you know once again it's kind of open source but yeah I'm a UX person you know and the UX is really it's at its core it's all about empathy it's understanding what are people not getting right and why are they not getting it right and what can we do so that way they can get it right you know kind so that that that whole that whole piece of designing for the user and not for yourself and open-source technology is just at the absolute worst with this it's filled with developers and so these things work they are functional which is great that's a great first step but they suck to use and this is the case with Bitcoin and this is even exponentially more than case with Manero just because we have these privacy technologies layer on top of that like what work is being done on just to keep things user focused and we can always say well they should just read the manual this is you know look and I understand we're in the early stages of all these different type of stuff but eventually if we're talking about mass adoption like everyone likes to say if we have to start thinking users first every other persons for it and you know that's actually one of the things I appreciate about coinbase that this is one of the things that they were they really aim for and of course there's pros and cons here and there in achieving this but just be like in terms of Kaveri what what um and you actually touched it a little bit about this you know make it so you you plug and play and it's in and then you don't have to think about it but like in terms of tari and in terms of my Manero and stuff like I just want to hear everybody's thoughts like what how are we keeping things user centric how are you keeping things user first without sacrificing at all on security and privacy is that even possible because it sends they see one eye problem set into the scale he already answered the in your in your question I think from my perspective you're correct in saying that they're trade-offs and so there's or and their ways are gonna be trade-offs using my Manero it's really easy but it's you sacrificing some privacy or of sacrificing part of your security model even in order to use that
as opposed to running a full node that's not going to change I think what we can do is we can more effectively communicate to people the differences but I think that even that's largely
unnecessary because a more paranoid person will naturally gravitate towards doing doing research figuring out what they should be doing and then running a full node anyway and somebody who just wants to get up and running is gonna take the the whatever is the lowest the easiest way to get in they're gonna use edge or my Minero or something that is just like super simple and and I think that the focus that we've had up to now has been on functionality you know it's been unlike first make it work and we're starting to get to a point where we can say make it work well and and that is that's definitely something that not only like Atari but I know across the board all of the the wallet manufacturers and and software companies are interested in improving that user experience I know coinbase is interested in improving the user experience but it is its progressive and it's iterative it's not gonna happen overnight we you know we we have accessed incredible resources we have the forum funding system there's all sorts of stuff that we can that we can throw money at if we needed to but you know as a community but I think that it's largely premature in some respects and I think that there are organizations like my Manero like edge like cake wallet like mana rudra that are making efforts to improve the user experience without the need for us as a community to go and like try and figure out what the ultimate user experience is but it will get there it just has to be iterative because that's the way that good open-source software is built and and one one more thing just to speak to your point is I know that a large a lot of open source software is clunky but there are some really beautiful open-source applications out there so like it's not that's not the method of building that is the problem I think it's just that sometimes we tend to either not dog food it and we don't use our own applications or we're just not speaking to users enough and this there's a bit of a bit of a break between like the people sitting on IRC in manera dev on freenode and put the brain who has talks all the questions on reddit so adding into that as well one of our successes at coinbase is being an abstraction forum core crypto interactions that a user has to do right our users like we protect them from a lot of this complexity because they otherwise wouldn't interact with the system at all and so there is space if you think about defining what your user actually is an open source right who are you building it for there's a world where your open source developer builds it for like the internal crypto team at coinbase to use well so that we can then make it available to our users easier right and so those types of abstraction layers and the degrees of complexity as you get further away from what is the core crypto operation is where you get better u.s. you just focus a bit more on different pieces so I agree with Ricardo about open source not being implicitly antagonistic to good user experience I think it's just that um well it's a few different things so first of all I want to mention I had this teacher back in the day who said that get the tool for for um you know it's used on Linux and yeah version control it's not learner friendly but it's very user friendly and so there's a steep learning curve but once you get there it's extremely easy to use and I found to a certain degree the same thing about the Monaro CLI program I think it's actually quite well designed but I think that the reason it's able to be so well designed is that it's relatively straightforward to build something like that simply because you're just relaying the specific data content that the user needs to interact with whereas with something like a GUI I think that the phenomenon of design by committee tends to come in a little bit more because there are all these different ways you could do it and exactly for the reason that there isn't as much interfacing with the user and you know all that like feedback that you get from that that um the exact use cases aren't made clear first of all awesome any question Diego I have strong opinions on this since I've been writing soft security software for like 30 years your your basic question is you know why isn't the the application easy to use while not losing any privacy okay and and this is actually you know a question that the entire computing industry still haven't solved right you look at a web browser and freaking HTTP support okay everybody here probably uses that but you know as soon as you go to a web site with certificate you've never seen before you know you get this little dialog box up probably everybody just clicks okay all right so the fact is we don't have any working examples of good security with good usability we don't exist and it's an ongoing problem it's unsolved in the entire industry thank you go ahead power cycle okay for corn base um and this may not be directly to your department but you're here so about like the world police thing and policing what people transact I've heard many stories of where people were sending money to maybe a darknet market or some sort of address and have their coinbase account just freeze and locked first question is do you publish the list of blacklisted addresses so that someone doesn't accidentally send their money and get their account locked and - if you don't why not pop up a little like warning to say like hey you maybe [Applause] your left hand [Applause] so I don't know how much of this I can actually answer when I couldn't tackle but we don't publish the list of blacklisted addresses a lot of this is we don't it's retroactive we don't know until law enforcement comes and tells us and then we have to start cleaning things up now even in that circumstance I don't know how much we're just able to then publish what we've been given and told to clean up from with that said I would love to give a little pop up to say are you sure you wanna send this transaction but I have a pretty shot gross people would tell okay just so we I'm gonna repeat the questions this would make sure it's recorded so the question was if if there is a situation where you already have the addresses why don't you will let them know that this this behavior would be flared part of that is just implementation wise right another thing is some of these addresses that are being locked are also those scam addresses that you see on Twitter and it's it's we all kind of yeah it's it's all over the place so it's some of it is protective right we lock the account because hey you obviously don't know that you shouldn't send fake Elon Musk ten Eve with the hope of getting like 50 youth back right and so it's it's kind of a catch-all system right now it's just implementation wise some of this is we'd love to explore it and see how much we're allowed to do that versus you know we could publish that's a scam address don't ever send if they're right for the law enforcement related stuff I'm not sure where our opportunities are all right so we have a question over there question yeah so going back to what you were saying earlier about the number of people that have actually gotten into the I to be spec and the implementation and really Yard knee-deep and the code there's been a lot of there's a there's a big rift between like I to PD and Cobre and do you think that is worth reconciling and trying to trying to get that in a more amicable situation where cross contributions are able to be made and if so how would you see that happening wait for the mic to come back first I would ask how do you define reconcile but to say something so I was there like right at the beginning when
the rift happened and it's like I have I have mattress I haven't respect for anyone who's working on privacy software but the dude working on it like Upton disappeared for for a long period of time multiple months and we were just like left hanging and so we continued the work on I TPD but in our own Fork and the people that were left hanging in channel going well I have no idea what's going on they continued the work on that fork and when he suddenly pitched up he lost his mind because we hadn't done things his way and I had you know I mean my concern with with reconciliation is it's all it's all fine to like try and reconcile that you know heal the divide and all that we can all sing Kumbaya but what happens when he ups and leaves again and unfortunately just the structure of their project is as a benevolent dictator it's not community driven and he's not very benevolent as far as dictators go that's I just I don't you having been there I just don't see value in trying to trying to solve that we have a really good working relationship with the rest of the ITP developers we go to CCC as often as we can we go to the we simplify GP guys at CCC we figure out ways that we can we can work with them from our protocol perspective and I think that's that's we're doing like the best that we can do in terms of interacting with ITP the organization and making sure we stick to specs and future specs that they might might publish until such time as we find a better technology okay let's say you and I are collaborating on something right and let's say on a malicious person like an attitude demeanor I I'm immature I call you names you know whatever you brush it off and then you get to the code and then you realize this code I'm giving you it's also malicious I don't know it's pure it's literally either either I am so incompetent that I honestly don't know what I'm doing or I'm actually intending to do this so I can watermark routers and essentially you know because you know memory is of course enosis memories always initialized right no okay so so you do that you do it over and over again you do you try over and over again and nothing changes so I ask you what would you do do you do you find a healthy and extremely intelligent capable community to collaborate with or do you keep using malicious code with the malicious person it just I don't understand what's to reconcile I don't understand I mean personally it's it all comes down to the code in my opinion okay so I have a follow-up question with with Ricardo can you speak a little bit more broadly within the Monaro ecosystem I know I'm aware of several situations where we've had contributors that did not work well with the culture of marrow can you speak to his record sort of this similar situation where you have someone who might be gifted in code but just doesn't have the sort of culture to work with the Monaro team well we're talking about fireEye's now I didn't say that I only implied that we're talking about people that may or may not you know I mean like like there's a way of doing things in the man heard with my to inherit developers and these the things that we do are not difficult hang out and Ric as often as you can we have relays you know through matrix slack discord so you don't have to use IRC even and there are tons of developers that don't but like you know communicate so that it would just be there so that you can see when like people are making stuff up I think that's a pretty important tenant and then when you submit code just you know you're submitting it to the venereal project under the conditions and licenses the Minerva project users you cannot write your own license and attach it to a PR and and then when all of these things aren't working and you're not communicating with people and people are asking you please come communicate with us then don't rage quit you know I mean the I think I think these are three basic things that first my contributors are happy to do and and I mean we have we've had nearly 500 people contribute to Manero over the past four and a bit years we've had one problem child I think that speaks to to the the way the developers work with each other and don't get me wrong there there are many frustrating things there are people waking from heat of marriage of Earhart's that's whole week you know like there are people that get irritated with me there are people that get irritated we get irritated with each other there are people that get irritated with the with things howard says and you know i mean but i think we all have a mutual respect for each other and and it is extremely you have to really go off the rails to to break that respect down to the point where no one actually cares if you walk away i mean you have to you have to be a problem child of north we'd like that that respect for that person from a technical perspective is gone and that's that's what ended up happening there you know I mean like we we rarely try I had many conversations where I was like you know I I don't think you're a person who's trying to harm an arrow what can we do to try and like fix things and how can we work together and peace can you not attach your own licenses to requests it's bizarre and I'm eventually it's just just you know that's not you it's me clearly and and that's sort of you know with Diggs ended up on and and he's now working on rye or whatever it's called and they like you know he by he backwater to pull fixed for a while they're cashing back and that's nice and you know like like they're gonna obviously back port things that we do and I think that that's probably the best that we're gonna get in terms of a development relationship because he just is a impossible person to deal with I was about to there's the other point where that said issue that you explained was posted on github rather than the VRP the alleged reason that the VRP is insufficient for dealing with no the urkki we have we have a vulnerability response program we use hacker one we've used it for for some time now hacker one works surprisingly well it's not difficult to use everyone that discloses issues to the manure project uses hacker one and I think the you know where there are exceptions like Cisco talis found an issue and they posted up and get up they're like who do we report this to because clearly you eating secured yet dot txt used individual and and we pointed them in the right direction we showed them where the the GPG cookies were they were able to send us stuff it was out of banned it wasn't through the the VRP so we don't have a problem with like people reporting things outside of the VRP as long as they do using the responsible to some sort of responsible disclosure and that's kind of what you can hope for and when someone just like almost purposely and maliciously goes and mike takes things and then publishes them out in the open without going through the responsible disclosure stuff that we all know we really should be doing if you're even vaguely interested in security then it's disruptive for the project as a whole and i think you know we we use the the collaborative code construction contract that 0nq developed that that peter Hinton's put a lot of work in into before he passed away and the collaborative code construction contract is is not a it's not like a code of conduct it's just a lack hey if you're gonna work in the project this is house administered and these are some basic things and it really like it makes it super difficult to take action against anyone because it's like this is the absolute last resort is that you actually block any box someone's access to to some any code to the project and we didn't even get there you know we put a lot of stuff before we even get to the point where as people who have access to like you collaborate a status on the github repo that we'd actually take action and try and bar somebody from wrong what they're doing we're not there yet but you know maybe it'll get they one day so i have a question we can pass it to shamekh so I know coinbase uses hacker one also for responsible disclosure can you speak a little bit about how that has either ways that it is simplified the process is do people generally report things and has it worked out well for coinbase so like any public bug bounty program with December Awards we get a strong mixture of terrible terrible just non bugs things like you know we and your your rate limits are bad well like your your the requests are within
the number of rate limit and so forth we also get some like very high quality bugs and it's just a matter of that's that's what we have to deal with in order to get through it for us what helps here is every security vulnerability disclosure always goes through the same pipe and we have our internal policy and programs to actually deal with it in like a reasonable time frame and so giving our support agents for example a place where they can say if this is a real Vaughn and it looks like one send it over there plus we do also get some product feedback and we get a ten I'd say once a quarter we get somebody reaching out to us thinking we are Bitcoin and proposing you know sending pips our direction that way we have to let them down they tend not to understand it's it's public right other many people can interact with it if you open a door like that many people are gonna walk through awesome and can you speak to some of the fallouts or difficulties that you've had with the hacker one system has has there been a case where it's people who have responsibly disclosed code with hack one have explained or have expressed dislike disappointment with how this is how coinbase handled with the issue and sort of the process that you have for handling the issues on hacker one yeah some of this is as a person doing a disclosure for a very complex piece of software you don't see the same things that we see and so we have people who are doing just pure old-fashioned ACH fraud thinking that they've been they found some new like class of vulnerabilities that's deflecting coinbase and when we say like that's not how the system works it's a lot of like you need to understand how these payment systems work to understand whether or not you're exploiting vulnerability they they don't get it right and for them it's likewise coinbase who is a large brand not giving me like this money in in some particular cases we've had somebody come back in 30 or 60 days be like hey my counts locked now what happened I was like you did ACH fraud you never trued up like that's this is what ACH fraud does to to an account to a person um in other cases it's just it's mostly this information asymmetry some reporters have reported something that somebody else that has just taken care of right or has just like presented to us as well given that we have millions of users and somebody's gonna run it like two people are gonna run into the same thing at some point send that to us whoever comes in first whoever comes in with a better like well explained system we'll give them the the award which means that if you're the other person the blood still exists as far as you can tell right we can't fix things immediately you're wondering why you didn't get paid out as well okay so we still have some time for more audience questions does anyone have any questions for thinkin on the panel here yes can we get the mic or from moving that way like I'm new to the moon arrow hmm I've known the word I'm just curious you mentioned a sort of hesitancy for I SEOs and raising money that way I don't know how the project is funded I'm just curious how is it funded it's funded by watches couldn't resist no so so it's a good question we have a general donation fund and people donate there are some minor mining pools who send a portion of the their profits to the general donation fund and that's one way that we cover monthly costs we have build BOTS across all the platforms that we support separate buildbot instances for the GUI and for the CLI that ends up being quite a big group of machines that that we have to pay for there's armed devices that have to do that sort of internet that we pay for there's our CDN costs are stupid because people are downloading manera a lot and and CD hint costs like four and a half thousand dollars a month and that all pretty much gets paid paid for out the general donation fund and then we have some like corporate sponsors in a sense so as an example the company that how it works for they're one of the corporate sponsors because they pay for his time and let him work on Manero we have some corporate sponsors that have given us licenses or like dome nine who handles our firm and some of our security infrastructure they give us door nine for free because we're an open source project so we list them on the sponsors page we generally take a proactive approach with that way we will say to someone hey we're using your stuff we're an open source project can you give us a reduced rate and then they'll be like sure we'll give it to you for free and then to thank them we go and and put their logo JetBrains they've given us some stuff so you know like across the board we we get some of that and then we have something called the ffs the foreign funding system which is a crowdfunding system so anyone can pitch up and they can say I have this cool idea I want to build a new logo for mineiro because Kenneth just got a Manero logo tattooed in his wrist and so now is the time to change the logo and and so they can they can pitch up with any idea I mean I don't think that manera particularly needs marketing is an example but there are people that do and there's a guy that's doing a whole outreach marketing thing and then they are two full-time researchers who are yeah if you get paid for they work on the Monaro project by the the forum funding system you get paid for by the third form funding system so there are full-time developers that use the ffs to pay the salary so that they can work on Manero there are some people who also use their fur vests to work on specific things I'd like to build this particular feature and then we control the the per that of the wallet that money comes into and we pay it out on milestones based on whether the community accepts the milestone as having been met or not so
those are the three main ways that the the project is funded there's no pre mine there's no whatever that you know portion of the block reward that comes to any central authority in fact there is no central authority we could all get it by us tomorrow this entire room could get new tonight menorah would continue but we'd be sad excellent does that answer your question all right any other questions we have only eight more minutes left so only a few more questions okay so the question is what's the best what what are the best practices to take with securing your wallet do you want Paul Paul do you want to talk about this but don't take them on a boat yeah and if you do make sure it's paper make sure you write it down on paper so um the generally advised best practice is you want to generate your seat on a machine that's never been connected to the Internet and then you generally want to back that up in some way that's relatively secure you can go pretty far with that you can encrypt the mnemonic or your seed you can split it up and then encrypt those pieces and you can do all sorts of things for most people you probably don't have to go too crazy with it it is important to know that if you lose that secret seed or the secret mnemonic exactly yeah you don't have access to those funds anymore it would be extremely difficult or impossible to regain access and then yeah from there there are just varying levels of more convenient but slightly less secure for example my Monaro generates the seed on your computer and the seed never leaves your computer but it discloses the view key which is necessary for scanning the blockchain to the server of your choice and then that server will do the scanning for you and so that gives you the benefit of being able to jump on another device and you don't have to scan the whole blockchain again you just log in and all your data is there but there is that slight trade-off there so yeah and I mean like like in tip that I think you're also going to figure out your threat model right I mean if your threat model is like I want to fund my unborn daughters college then you know and that's what you want to do or you want to have like a private store of value that no one knows about if that's your use case and that's your threat model then yeah cold storage like if it goes into the safe which goes on the boat that's at the bottom of the ocean whatever like you know you figure out your threat model and that's and you deal it accordingly for regular spending or for keeping smaller amounts there are mobile apps that are pretty decent obviously my monaro there's cake wallet there's mana rudra there's edge X Y and X wallet and then if you want to use a hardware wallet they're a bunch of really good hardware while its engine an OS just got support for Manero tracer says it's coming with the Model T and then there's her sister which is the the sort of tracer ish clone our own thing that the Monaro hardware guys bolt and of course this bit fire which is unhackable these aren't used but please do not use that but yeah I think it turns of harder while it's you're the legend analyst is probably your best bet right now Orca sister if you can get all of prototype hardware and and yeah we'll wait for the trace or bottle T to come out okay any other questions okay so we want to general update on the upcoming v8 software upgrade of Manero will get you do it once [Laughter] yeah look I mean that there's these small things that are gonna be in there it's nothing mind-blowing I mean there's the Kryptonite v8 tweaks the Casal the smile thank us wallet proves a small thing no or bullet proofs we hope we'll be live in it it depends on the on everything on the third report we're waiting on the third audit umballa proofs but yeah hopefully bullet I mean bulletproof has been live on test night since December and it's held up because people use testing it all the time I promise and it's it's been reasonably robust and with the audits have been having pretty good so yeah like hopefully we'll have proofs hopefully you know a couple of other little sort of little itty-bitty things and performance gains some nice performance gains nice improvements on sync and then fluffy blocks I think will be the the default way of moving blocks around the the network ranvier it has already birds really happened for so it's from d7 yeah hopefully the bullet person might get in there because that's the it's a significant improvement to maneras general protocol okay yeah so so that was I mean like we used to do March September and then with the with v7 falling over to April October I mean to April then the consensus that seems to be like we're just gonna do octo April turbine are moving forward I just pick buttons I haven't you know I think I just read the thing on the screen where people go this is what we're doing and I go huh I I know as much as you do alright so we have time for one more question who wants to close this panel out there so real quick so an animal is
a comment just real quick since we're talking about hacker 1 and what not tomorrow I will be speaking briefly about our VRP our hacker one thing I'll have slides music I hope to be really hungover from the party tonight the epic Manero party we should have I mean nevermind it's not a party it's cancelled yeah closing question anyone original party excuse me it is not 6 p.m. yet question anyone non coinbase oh god I got one so the optimal ring size the answer infinity minus one yeah well I join us secure you can speak first then I kind of want to speak on that too that's fine I was gonna say the optimum size is orange yeah I mean strictly from a general you have more outputs as possible spenders the higher is better but you need to make sure that there are legitimate improvements and mrl have spent a lot of time looking at what these like what the bottom line of these improvements are I think at the moment it'll follow but fall somewhere between ten and twenty okay Brandon let's brandish it usually ok brands agreeing with me good ok so given that it is now 6:00 p.m. we're going to wrap this panel let's have a round of applause for all the participants please [Applause] all right and now for the reason you're actually here we have is a power cyclist oh yeah party okay so car psych you can just come up and do your fancy announcement I sure actually all that sunburned flower do it because she's a better speaker we can hop on stage or stand right there your choice my name can hear me every day okay my name is cinnamon flower I worked on a lot of the art for the village and for the party and I'm one of the organizers for the party so I'm here to tell you a little bit about that but before I do what I wanted to say is that a lot of us volunteers the Monaro Hardware team in particular who I worked with we've been working for weeks and months on this so I want to acknowledge all of their hard work and congratulate them on our successful villages here [Applause] and I also want to mention the fact that up until a couple days ago a lot of us we have no idea what each other look like or sounded like because all of the communication was done over IRC email whatever but then we met and I really feel like there is no substitute for a meeting in person talking exchanging ideas and this is what I feel that this evening should be about I really feel like this evening should focus on people meeting people talking engaging talking about what excites you Manero other projects maybe but you know yeah so if you came to the party last year you know it was a lot of fun but we had a lot of people walk in saying I don't know anything about Manero but I do want to learn like whom I talk to pretty much everybody here so they left the party excited and wanting to pitch in and help with the community so so that was I would say the most thrilling part of the party last year and what I'd like to see tonight hopefully a little bit more and I'm gonna turn the mic over to power-cycle he's gonna give you a little bit of the history of how the party started which is kind of funny not everybody knows how it started but you go ahead thank you real quick the party is in forum tower room 61 16 because that's what I know you nine o'clock it starts at 9:00 we're supposed to go till 2:00 a.m. so feel free to drop by any time about the party how canva weather is I was just coming to to DEFCON and said the hey does anybody want to meet up and so the community just started to pitch in more and more and we had a great party last year and that's essentially what we did again this year so there's a lot of contributors if there are no corporate sponsors or anything like that this is all the individuals just wanting to get together and mingle you know outside of the tech thing that that we're all doing during the day so everyone is invited it's an open party and please tell your friends and bring them all no you don't and if anyone would like to help me pal I could use some help moving some ice and stuff like that so come find me afterwards somebody had a question in the back you're in yes room 61 16 the forum forum tower and if you look on Reddit there's a I just did a post that says the room number as well if you look on my Twitter account it says the room number and sweet on the Monaro sub right ready comm slash are slash manera thank you [Applause]
Feedback