--- layout: post title: Overview and Logs for the Dev Meeting Held on 2019-07-28 summary: Development status, Code & ticket discussion, Moving off GitHub, and miscellaneous tags: [dev diaries, core, crypto] author: el00ruobuob / rehrar --- # Logs **\** Alright, it's time to start ladies and gentlemen. **\** 1. Greetings **\** Anybody out there? **\** Nope. All people on holiday. **\** **\** yes **\** well, the three of us can have a grant ol time then **\** just pinging hyc moneromooo dsc\_ selsta and dEBRUYNE also **\** maybe a luigi1111 and fluffypony in the mix too, who knows **\** either way **\** 2. What's been completed since last meeting? **\** dont ping me broooo **\** \_csd **\** there, I took it back **\** CLI v0.14.1.2 has been released **\** Which is mostly bug fixes I guess **\** mooo is holding a vacation, but he provided me a list of stuff that is ready to be merged **\** So I am working with luigi to get the merge queue relatively empty **\** 🙏 **\** ah, did not know mooo was on vacation **\** I hope he ignores my ping then. Sorry! **\** For the GUI, we tagged 0.14.1.2 and we're waiting on pony to finish the builds **\** I'm more than half way into integrating i2p-zero and tor into GUI **\** Main new feature is optimized Tails support **\** Perhaps dsc\_ can share a bit more detail **\** Sure thing. **\** dsc\_: that's actually super exciting **\** So Tails integration is a collection of improvements that improve user experience for our Tails users **\** You would be suprised how big the audience is there **\** So, starting from 0.14.1.2 it will be very easy to use GUI on Tails **\** As for i2p-zero, I need a couple of days then that's done too **\** I suggest to package i2p-zero with the GUI release **\** Which can pose problems for our reproducible build efforts **\** I don't see much harm in packaging it with the GUI, especially if the user first has to check a checkbox to turn it on **\** but that's a problem for later **\** That also **\** Shouldn't the CLI pack it also then? **\** I think most CLI users are able to download the package themselves **\** And get it running (especially given the instructions present on Github) **\** By contrast, GUI users need a checkbox and not tons of steps **\** Ok, makes sense, more or less ... **\** The fact we package i2p-zero is a convienence feature. I'm also 'integrating' support for Tor but we wont be packaging that. That's basically running Tor and using socks proxy at :9050 **\** we GUI people are scrubs **\ \** is there already some doc about running monerod over tor ? **\** https://github.com/monero-project/monero/blob/master/ANONYMITY\_NETWORKS.md **\** https://github.com/monero-project/monero/blob/master/ANONYMITY\_NETWORKS.md & https://github.com/monero-project/monero#using-tor **\ \** thanks guys **\** hyc any update on randomx audit? **\** The last one? **\** One more thing regarding i2p-zero.. It can take up to 1-2 minute(s) for the local socks proxy to become 'active' which means, if the user has i2p-zero enabled and starts up the GUI to create a quick tx ... might have to wait a minute or two **\** This is related to how i2p-zero works **\** so beware of that limitation **\** So it's i2p-two, from "two minutes"? **\** can it check if i2p is currently running? **\** rbrunner: haha **\** it's how i2p works in general, no? Getting bootstrapped into the network, I mean. **\** rehrar: most likely **\** kinghat: it can **\** under bad circumstances it can take even longer **\** I wonder if there can be some kind of notification to let users know this **\** tor should have similar issue iirc, building circuits isn't immediate **\** also, are we still going to do the beta builds for the gui? **\** vtnerd\_\_: Sure, but not 1-2 minutes? **\** kinghat: yes **\** 👌 **\** I think it might be longer than that, at least it seemed like forever yesterday when I was testing **\** actually no, I've run tails once before, it takes some amount of minutes, just don't remember the exact time frame **\** vtnerd\_\_: **\** $ time (sudo service tor restart && sleep 2 && torify curl icanhazip.com) **\** 171.25.193.77 **\** real0m2.759s **\** if your not using outbound connections tor destroys the circuits and goes into an idle mode too, which isn't a problem if "noise" is enabled (because its always sending) **\** there goes dsc\_ bragging about his internet again **\** yes, my internet. **\** it keeps state in a file that it might re-use, so you'd have to a cold restart **\** vtnerd\_\_: fair enough **\** alright, anything else? **\** vtnerd\_\_: I was wondering if you intend to pick this up somewhere in the future? https://github.com/monero-project/monero/pull/2317 **\** see https://github.com/monero-project/supercop/pull/2 **\** this one and the next one after that PR is a bit rough because its x86 ASM **\** that was a hilarious conversation to witness **\** person 1: i was wondering if git link **\** person 2: Well you see it's like git link **\** Thanks **\** Im also not certain that having a separate repo for this is beneficial, but I guess some other project could make use of the custom hooks **\** my original code should need some re-working since the device/ledger stuff got slammed in, but I look at recently and I think its possible to rebase/update that without crying **\** Im also not certain whether that supercop repo should be an external git thing, or something that you manually have to do **\** I'm thinking the latter, since people are blasted without another submodule **\** \*are not **\** I see, seems like a thing that warrants more in depth discussion in a future dev meeting **\** With more attendees? **\** serious question **\** And maybe some more background info to prepare **\** who should be present for such a discussion? **\** we can add it to next meeting as an item and try to ping the people to be there **\** the background is either the supercop code goes as a submodule and it must be synced by every person **\** or only those that which to accelerate wallet scanning drop the repo into a folder and toggle a cmake bit **\** So that's not something for the normal, general release then? **\** its not needed for testing, unless you need to test the feature specifically **\** no, likely it would be in the normal general release, but I suppose it doesn't have to be **\** this came up because ryo recently added support for basically the same thing, and it should cut wallet-scanning time in half **\** although its probably dependent on your HD speeds too **\** alright, any more discussion on this? **\** re: randomx audit, Quarkslab are finalizing their report, said we may get it by middle of next week **\** nice! **\** does anyone have anything else that they want to discuss? **\** since they've been opening github issues as they arose, there's not likely to be anything in the report we haven't already seen **\** yep! https://github.com/monero-project/meta/issues/236#issuecomment-515669422 **\** GitHub is starting to censor people coming from countries under US sanctions, we should definitely migrate away **\** i don't know how the core team feel about it **\** do people here have any thoughts about the Github/Gitlab thing, especially in light of the recent Github things? **\** those countries listed probably require some vpn/tor/i2p opsec to contribute anyway ... ? I'm certainly not attempting to stop a switch to a self-hosted gitlab, but meh **\** If such a switch was so easy it would probably have happened already, I think, after the Microsoft acquisition ... **\** or maybe not, but they would have to after that hammer that was thrown **\** With all submodules still on GitHub, for example **\** the support team for the gitlab instance are probably the most relevant for this **\** rbrunner: the point was to test monero-site on the self-hosted gitlab first, and then see what to do with the other repos. But has been almost an year now **\** I've always favored moving to self-hosted gitlab and away from github **\** Yeah, I remember. But I think the site is a particularly simple case **\** I mean most devs should have a copy of the code and history luckily, but its the discussions that can get purged if not backed up properly **\** but this particular issue only affected private, paid github accts **\** (i.e., github closing off accts from sanctioned countries) **\** hyc: i guess that depends by how they are forced to enforce the sanctions **\** https://twitter.com/natfriedman/status/1155533738278699008 **\** https://twitter.com/natfriedman/status/1155311121038864384 **\** they're splitting some hairs I guess. trade sanctions only affect commerce. if you paid for a private acct, you're affected. **\** Has any other notable cryptocurrency team already made such a switch? **\** if you're on a public/free acct, you're not affected **\** rbrunner: define notable? **\** I mean, some "interesting" team. Top 100 coin, maybe? Sizeable community, I mean **\** thanks for the links. it's still a very precarious situation. **\** rbrunner: sia **\** And complexity of the code **\** ErCiccione: agreed. as I already said, I'm in favor of moving off. **\** i think ppl are worried about contributions after moving off github. i dont think it would make a difference. **\** again, just my perspective: the OpenLDAP Project maintains our own repo. we only mirror to github, because it seems you're not a real project these days if you're not on github **\** out github mirror is read-only **\** our\* **\** kinghat: i agree. **\** I keep repeating myself but I question people whose first thought is 'gitlab' when thinking of a git alternative **\** There is more! Noooo.. Yes!! **\** Consider it... **\** gitea? **\** for example, yep **\** I don't really care which alternative is used. all I care is self-hosted. **\** iirc gitea was considered **\** you could make an argument that being off github adds a barrier to entry - people don't like having to create accounts just to interact with another project **\** In favor of gitea **\** Even more so when considered gitlab is a company, enterprise, they have funding, maybe they have shareholders - and capitalism is evil. Therefor, gitea **\** hyc which is why I am arguing for a federated git ecosystem **\** open issues on another git based project management site from yours, etc **\** let's not forget that we already have half repos on github and half on gitlab. That's not ideal **\** rehrar: agree, federated identity would be preferable **\** let's build it **\** we can have it out by Wednesday at the latest **\** +1 **\** ok sounds good **\** i want 2 **\** that'll take an extra day **\** this could be a long conversation, but totally - we need to rethink the notion of accounts and identities **\** But for reals though this is an ongoing discussion and... **\** ^ hyc **\** we have the issue open about this that ErCiccione **\** although that one is about moving to gitlab, I think **\** so maybe another one can be opened for discussion on which platform? **\** +1 for centralized authentication service **\** (hosted by monero) **\** Oh the added complexity **\** rbrunner: for whom? **\** The system in general, I mean. **\** It could simplify things **\** not quite centralized authent. just public key based. **\** Something more that can go wrong **\** rehrar it is yes, as hyc says for me the important is to move away from a centralized place. I think gitlab is the best choice because we have been testing it for an year, but sure let's discuss alternatives **\** we could use monero wallet addresses as our identities **\** hyc I've been thinking of using Monero signatures as password alternatives **\** thats a cool idea **\** public key as ID **\** signature from private key as password **\** does that work with subaddys or am i missing something? **\** but then losing your seed is even a bigger deal **\** or getting it stolen **\** good point **\** as long as there are standard ways of resetting or something **\** it's no more annoying than losing or getting your regular password stolen **\** having a reset facility implies a centralized admin authority **\** Call the Monero helpdesk and provide them your miaden name, your first car brand and your date of birth **\** ^ **\** enforced 2/3 MFA then **\** should we wrap up the mtg before continiung this conv? **\** but yeah, we'll call it here **\** unless anyone has any last minute things? **\** I hope to finally issuing some PRs related to the i2p/tor white noise stuff, took some time to architect this bt hopefully. nothing else needs to be reported by that really other than look for more stuff to review **\** cool deal! **\** well everyone, thanks for making the time today. **\** You're all free to disperse. Coffee on the little table outside the meeting room.