luigi1112: pls merge + force push tag before sleep so that I can prepare everything tomorrow

let's see

luigi1112: everything good now, sorry for 3 tags :D

^_^

Hey luigi

are you, or the gui dev team planning to make any changes to the monero gui to make it look more modern and nice? monero gui has been looking the same for 4+ years, i think an UI upgrade to make it look modern and fresh would be extremely appreciated ? perhaps make a bounty for this ?...

message for @everyone

This is a message for everyone ^^^^\

s/^^^^\/^^^^/

MESSAGE TO EVERYONE ; hey luigi1112 , selsta are you, or the gui dev team planning to make any changes to the monero gui to make it look more modern and nice? monero gui has been looking the same for 4+ years, i think an UI upgrade to make it look modern and fresh would be extremely appreciated ? perhaps make a bounty for this ?...

I don't think a UI upgrade is currently planned. We don't have the developers like for profit companies to rewrite the UI every couple years.

it's better to focus on bug fixes and missing features

selsta: thats why i suggest put a bounty for it

either way, any word on Tor integration for simple mode?

like it's better to focus on Tor integration instead of a complete rewrite

also, if I may, we should add a feature for simple mode : if the send fee is over x amount of monero, make an option to automatically reject the transaction and block the node from ever connecting to you ever again

complete UI rewrite

moneroextremist[: do you agree with this ? ^

I have added this now: monero-project/monero-gui #3897

the next step will remove the node scanner from simple mode and only connect to community hosted nodes

this is great but not enough in my opinion

add in option in the settings to have a maximum fee

if the fee is over the maximum fee, automatically reject transaction

also, for the love of god, can we have an option to have transaction caps ? my biggest fear is to accidentally send out my entire balance selsta

the real solution is not to connect to malicious nodes in the first place, otherwise it's a cat and mouse game

i hate the fact that theres a "send entire balance button" i actually wish we could make it so theres a high transaction cap. Like on trezor when you send over $10k it sends a huge warning saying you'll send a lot of money

selsta: this button scares me so much. IM always so scared to accidentally touch it and send my entire balance to someone while trying to pay for a small transaction

but if you press this button you still have to confirm twice

yes but its still here

it always makes me paranoid i accidentally touch it

it has 0 use case

if i want to send my entire balance im gonna type it out

but you have to consider the fee

if you manually type out the full balance there is not enough left for the fee

thats a good point... its still way too close to the amount box and way too big

there should be another way

put that button somewhere else

but where?

it has to make sense UI wise

you could put it in the settings, "send entire balance"

trezor doesnt have that button

trezor doesnt have a way to send out your entire balance

i may be wrong on this but i dont beleive they have

security wise this is terrible

i could be drunk and accidentally press that button, i could be stressed trying to send a small $5 transaction to a friend and accidentally press that button without looking properly and my entire balance is gone

fwiw we never had a report about this yet

selsta: another thing i think would be great, would be to go in settings, and setup a "max transaction". If you're trying to send any transaction over (say, $10k) it will reject the transaction and ask you to type a different password to avoid typos.

What do you think about that one?

selsta:

but what's the point of this?

moneroextremist[: it might make sense if you split your coins in multiple accounts

<selsta> "but what's the point of this?" <- avoid accidentally sending 10 xmr instead of 1xmr etc

avoid accidentally sending a lot of xmr by typo

Wallets should not connect to random nodes, why was simple mode designed like this ?

because centralization is bad

shit, why even have a network? the monero core team can just run 1 trusted node

all problems solved

<gingeropolous> "because centralization is bad" <- Make users put remote node addr themselves

yeah. the dream for simple mode was to make it so a user could download software and start using monero out of the box. that dream was dreamt without awareness of assholes

making users put in remote node addy was the way it was before

"these withered hands have dug for a dream"

These wizard hounds have dreamt for a dog.

i mean, at this point, with the availability of so many third party wallets, perhaps remote nodes could be buried in the GUI somewhere. are we at the "enough nodes is enough" level of nodes on the network?

well, so many being like 3

meh

yeah. once i matrix download coding skills i wanna do the multi-node connection thing

nikg83[m]: didn't Electrum have this exploit where it would display rich text sent from the server?

but yes I know they fixed it

but they had their own set of issues with malicious nodes

<selsta> "but they had their own set of..." <- Yes, I was just pointing out how they are doing fee thing with checking with multiple nodes

it is something that can be explored in the future but for now I will hardcode community hosted nodes in simple mode.

no more random nodes

so there's cakes nodes, rinos node ...

gingeropolous: ideally all nodes run the monero-beta branch I shared yesterday

so that there are no connection and performance issues

hrm. ok, well, i guess we'll have to reach out to community remote node operators then

i mean, because this is Centralized Fun, should we just hardcode node.getmonero.org, and whoever manages the DNS entry just manage a round-robin CNAME list there or something?

that would allow for remote node list management without needing a new release when xyz goes down or gets pwnd

cause if getmonero.org gets pwnd well its all on fire at that point

I thought about hardcoding the node IPs

but don't know yet

is there any problems to downloading the new monero gui update through the gui using a remote node ? can a node operator make you download malware through the gui like they did in electrum ? selsta

you don't download update through remote nodes

they aren't involved at all in the update process

so no, we never had this issue that Electrum had

> I thought about hardcoding the node IPs

bad idea

but we are cooking idea / css

explain why and suggest something better :P

I would like to avoid running a centralized server

that returns a list of remote nodes

it's actually about incentive to run remote node

software that will scan all active remote nodes on internet

18080,18081,18089

+ add node to the list

Oh god no. I added the p2p based public node list, it was a stupid idea. It just gives scammers and spies an easy way to advertise their traps.

but that's what we want to go away from

yes

I wish I'd never done that now.

software will check uptime and broadcast tx trought nodes

checking integrity

it's basically impossible

of nodes and for best 100 / 200 monthly

reward with 30-40$ each

I will just hardcode nodes from long time community members, everything else is a mess

it'll be gamed

this node scanner only brought problems and support requests

plus it helped malicious actors gain data

hardcoded nodes makes it easier to spy on ISP level

i cant imagine what the load would be these days for "long time community members", or the level of service capable

even community members are trusted

id say just drop remote nodes from the GUI, or bury it deep in a setting. if people want instant-on user experience, they can go 3rd party

MajesticBank1: ISP level spying is way less of an issue than blockchain analysis companies setting up spy nodes (which is already happening)

according to monero.fail/map , that dudes node has seen ~12k nodes over the past 24 hours

also nodes use some kind of SSL, don't know what that means in regards to ISP

thats 3k less than what bitcoin has according to bitnodes.io

enough ppl have downloaded the GUI to run a node. if ppl download the GUI and can't use it instantly and drop it entirely so they can use cakewallet or whatever, thats fine

it's self-signed SSL by default

but can be signed with free https cert

The community SSL certs should DEFINITELY be hardcoded if we're hardcoding node IPS, otherwise attackers will just spoof being a community node

*IPs

or we just put it right in the users face with 3 modes: Simple / Secure / Advanced

Simple does some version of remote node shenanigans with bootstrapping. Secure only allows for tx broadcast following full blockchain processing.. and advanced is the existing advanced

That just avoids the problem because are going to choose "simple" either way just like everyone uses default options when installing a program

*because people

yeah, but at least it presents the fact that simple is not secure

jeffro256[m]: can you explain how IP spoofing would work?

Simple / Secure / Custom

Monero thrives because privacy and security and ON by default, they're shouldn't be a "simple and insecure but you don't know any better. It's not named secure so please don't blame us if it goes wrong" mode

aye

well if thats the ethos then remote nodes should be dropped entirely

from core implementations. right?

or can we dance the dance of ..... waffly waffles

@selsta Not IP spoofing, but using their own SSL key in the middle since before being bootstrapped the node wouldn't know what the correct SSL public key to talk to

there must be a way to protect wallet from remote node except tor / vpn

Well remote nodes are a valid use case for someone like me who doesn't have enough space on my laptop and connects to their node at home

is the fee attack problem, finding real input or collecting monero-gui users IPs?

even tor / vpn can be malicious

the route doesn't matter

oooh i just used the GUI download and verifier. such awesome

yeah. so i can't copy and paste from the GUI, but selecting simple mode has that wall of text that includes "they could track your IP address, track your "restore height" and associated... etc etc"

and involves a checkbox indicating the user understands the privacy implications

I would love to understand things by ticking a checkbox

lulz

hey

selsta: luigi1111 realistically speaking, how much would it cost to have a complete UI overhaul?

moneroextremist Are you stylistically or what?

*talking stylistically

moneroextremist[, what kind of new and sexy are u talking about? granted, I guess I don't use many new and sexy apps on my desktop. but cereal... u have any examples?