tobtoht: could you reapprove monero-project/monero #8178 ?

.merge+ 8254

Added

🥳

happy monero bday

thanks everyone in here for all your hard work

curtains[m]: Thanks for being part of it :)

jeffro256[m]: I think I saw your comment in the Unity Build PR, that I can't see anymore. Yes, you're right, it was failing to build, but should be OK now. I pushed and we'll see. One way or another, it should be ready on 2 hours max.

I think I'll give up with the unit_tests for now TBH. The core_tests build 50% faster, while unit_tests only 35% and require much more work.

jeffro256[m]: ready.

folks, as a reminder **STOP USING MONERO FOR ILLICIT ACTIVIETES**

nsa & co record the internet for the next gen quatums to break privacy and f** u in 10 years down the road

monero is FULLY transparent regards quantums, see github.com/insight-decentralized-co…r/writeups/semitechnical_summary.MD

I think you misread the channel name. There is a -dev here. Be more careful next time.

<moneromooo> "I think you misread the channel..." <- i am aware, the idea is to get your opinions (if any voiced), since quantum resistance is deeply tech

If you really care about the technical aspects, use #monero-research-lounge:monero.social

This is not the channel for that, dr flashd.

s/**/\*\*/, s//, s/semitechnical_summary/semitechnical\_summary/

* folks, as a reminder **STOP USING MONERO FOR ILLICIT ACTIVIETES**

nsa & co record the internet for the next gen quatums to break privacy and f\*\* u in 10 years down the road

monero is FULLY transparent regards quantums, see github. com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/semitechnical\_summary.MD

...

OK, ignore list it is.

if everyone agrees, we allocated 5000$ for multi-sig fix coder / reviewer

stumbled upon ohshitgit.com

I like this, gonna use it a lot to fix my trigger-happy commits: git commit -a --amend --no-edit

.merge+ 8247

Added

Has anyone reached out to Ledger and/or Trezor to be sure they're aware of the scheduled hard-fork? Or should that wait until after the release is tagged etc?

no, that has to be done before the release

OK, do we have specific contacts or would it help if I send a quick email to both supports/public emails?

Want to be sure they have as much time as possible.

You can message the Trezor dev on Reddit -> reddit.com/user/ph4r05

^ sethforprivacy

Alternatively, create a ticket on the Trezor repository, they usually respond quite fast as far as I can see

I'll try the Trezor dev first, thanks

sethforprivacy: I can contact Ledger

i'm in their discord

<selsta> "Seth For Privacy: I can contact..." <- Great, thanks

Trezor notified, if I don't hear back in a few days I will open an issue instead.

Please ping/tag me once LEdger are notified so I can update the checklist, selsta!

I'm still convinced that we will have to implement it ourselves

Oof, I hope not

Hey are there any plans to eventually move away from MD5 HTTP authentication in the future?

<jeffro256[m]> "Hey are there any plans to..." <- I was attempting to learn more about authentication lately. I was wondering if jwt++ is a potential replacement?

I've never seen that library before, but at first glance, that seems like an excellent replacement for what we currently have

The only issue being that library isn't as well supported as MD5 Digest authentication

But the again, nothing will

<jeffro256[m]> "Hey are there any plans to..." <- Where is this used in Monero?

That library supports Ed25519 encryption which could open up some really cool doors like authentication by wallet keys

lberrymage in contrib/epee for the http servers, and wallet for http client

Basically any code that has to do with RPC calls

As of right now, any node that exposes its RPC port to the public must turn on restricted RPC because MD5 is so insecure. We could lift that restriction if we actually had a decent way to authenticate RPC calls

<jeffro256[m]> "That library supports Ed25519..." <- That is currently how himitsu works. It does self authentication via wallet signature. then uses `<primary_address>:<signature>` like a cookie until the auth server invalidates it. I think the default cookie expiration is ~10 blocks

super buggy and experimental

maybe create like a separate auth server for rpc, where the jwt bakes in wallet sig? Not sure though.

That's a really cool idea

Is the `<primary_address>:<signature>` cookie sent in plaintext tho?

Because if so, then someone can just sniff it then start using it themselves

What would be ideal is to use the wallet key to generate a shared secret and then upgrade to a TLS session

😅 yes it need to be encrypted for http

himitsu only works over i2p tunnels i dont think it can be sniffed

00:02 <jeffro256[m]> As of right now, any node that exposes its RPC port to the public must turn on restricted RPC because MD5 is so insecure. We could lift that restriction if we actually had a decent way to authenticate RPC calls <-- any links to this?

not sure what you mean by this

restricted-rpc is to avoid fingerprinting and also disable things like start/stop mining and stopping the daemon

RPC also supports SSL

but maybe I just don't know what you are talking about

yo seista

selsta i been looking for you selsta

REALLY, really important question i have here.

So the hard fork is happening in July. Will you have to download the new Monero GUI update from getmonero.org and reinstall the program all over again, or will you be able to do any necessary update straight from the GUI ?

I really don't feel comfortable and safe downloading the GUI again to have to put my seed in again. I would feel much better if we could just do the update straight from the GUI, or continue using the GUI without having to make any updates. It's a stressfull process.

please answer this ^ will we have to download the gui all over again for the hard work selsta

there is an update dialog inside the GUI that downloads and verifies the new version for you, but you have to install it yourself

you don't have to enter your seed again, you can open the same wallet file

selsta: what do you mean exactly by that?

will it give a link to download and install the new update or will it be downloaded straight in the GUI?

it will be downloaded inside the GUI and you can select a place to save the file

then you have to close the GUI and open the new file

anyway let's continue in #monero-gui because this isn't dev related

ok im waiting for u on monero gui

u left me selsta