01:04:31 <selsta> luigi1112: pls merge + force push tag before sleep so that I can prepare everything tomorrow
02:56:21 <luigi1112> let's see
03:02:44 <selsta> luigi1112: everything good now, sorry for 3 tags :D
03:03:11 <luigi1112> ^_^
04:27:30 <moneroextremist[> Hey luigi
04:28:33 <moneroextremist[> are you, or the gui dev team planning to make any changes to the monero gui to make it look more modern and nice? monero gui has been looking the same for 4+ years, i think an UI upgrade to make it look modern and fresh would be extremely appreciated ? perhaps make a bounty for this ?...
04:28:41 <moneroextremist[> message for @everyone
04:29:00 <moneroextremist[> This is a message for everyone ^^^^\
04:29:05 <moneroextremist[> s/^^^^\/^^^^/
04:29:50 <moneroextremist[> MESSAGE TO EVERYONE ; hey luigi1112 , selsta  are you, or the gui dev team planning to make any changes to the monero gui to make it look more modern and nice? monero gui has been looking the same for 4+ years, i think an UI upgrade to make it look modern and fresh would be extremely appreciated ? perhaps make a bounty for this ?...
04:30:56 <selsta> I don't think a UI upgrade is currently planned. We don't have the developers like for profit companies to rewrite the UI every couple years.
04:31:17 <selsta> it's better to focus on bug fixes and missing features
04:32:11 <moneroextremist[> selsta: thats why i suggest put a bounty for it
04:32:25 <moneroextremist[> either way, any word on Tor integration for simple mode?
04:32:50 <selsta> like it's better to focus on Tor integration instead of a complete rewrite
04:32:56 <moneroextremist[> also, if I may, we should add a feature for simple mode : if the send fee is over x amount of monero, make an option to automatically reject the transaction and block the node from ever connecting to you ever again
04:32:56 <selsta> complete UI rewrite
04:33:03 <moneroextremist[> moneroextremist[: do you agree with this ? ^
04:33:19 <selsta> I have added this now: https://github.com/monero-project/monero-gui/pull/3897
04:33:36 <selsta> the next step will remove the node scanner from simple mode and only connect to community hosted nodes
04:33:43 <moneroextremist[> this is great but not enough in my opinion
04:33:54 <moneroextremist[> add in option in the settings to have a maximum fee
04:34:04 <moneroextremist[> if the fee is over the maximum fee, automatically reject transaction
04:34:39 <moneroextremist[> also, for the love of god, can we have an option to have transaction caps ? my biggest fear is to accidentally send out my entire balance selsta 
04:35:02 <selsta> the real solution is not to connect to malicious nodes in the first place, otherwise it's a cat and mouse game
04:35:10 <moneroextremist[> i hate the fact that theres a "send entire balance button" i actually wish we could make it so theres a high transaction cap. Like on trezor when you send over $10k it sends a huge warning saying you'll send a lot of money
04:36:09 * moneroextremist[ uploaded an image: (27KiB) < https://libera.ems.host/_matrix/media/r0/download/matrix.org/HeNtewCzglaAyabwUCCWNIlk/dfd.png >
04:36:34 <moneroextremist[> selsta: this button scares me so much. IM always so scared to accidentally touch it and send my entire balance to someone while trying to pay for a small transaction
04:36:37 <selsta> but if you press this button you still have to confirm twice
04:36:44 <moneroextremist[> yes but its still here
04:36:53 <moneroextremist[> it always makes me paranoid i accidentally touch it
04:36:56 <moneroextremist[> it has 0 use case
04:37:04 <moneroextremist[> if i want to send my entire balance im gonna type it out
04:37:19 <selsta> but you have to consider the fee
04:37:46 <selsta> if you manually type out the full balance there is not enough left for the fee
04:38:02 <moneroextremist[> thats a good point... its still way too close to the amount box and way too big 
04:38:06 <moneroextremist[> there should be another way
04:38:12 <moneroextremist[> put that button somewhere else
04:40:05 <selsta> but where?
04:40:18 <selsta> it has to make sense UI wise
04:40:25 <moneroextremist[> you could put it in the settings, "send entire balance"
04:40:28 <moneroextremist[> trezor doesnt have that button
04:40:35 <moneroextremist[> trezor doesnt have a way to send out your entire balance
04:40:40 <moneroextremist[> i may be wrong on this but i dont beleive they have
04:40:44 <moneroextremist[> security wise this is terrible
04:41:29 <moneroextremist[> i could be drunk and accidentally press that button, i could be stressed trying to send a small $5 transaction to a friend and accidentally press that button without looking properly and my entire balance is gone
04:43:19 <selsta> fwiw we never had a report about this yet
04:47:23 <moneroextremist[> selsta: another thing i think would be great, would be to go in settings, and setup a "max transaction". If you're trying to send any transaction over (say, $10k) it will reject the transaction and ask you to type a different password to avoid typos.
04:47:30 <moneroextremist[> What do you think about that one?
04:47:47 <moneroextremist[> selsta: 
05:11:17 <selsta> but what's the point of this?
05:12:46 <selsta> moneroextremist[: it might make sense if you split your coins in multiple accounts
05:52:39 <moneroextremist[> <selsta> "but what's the point of this?" <- avoid accidentally sending 10 xmr instead of 1xmr etc
05:52:46 <moneroextremist[> avoid accidentally sending a lot of xmr by typo
14:29:42 <nikg83[m]> Wallets should not connect to random nodes, why was simple mode designed like this ?
15:06:27 <gingeropolous> because centralization is bad
15:06:49 <gingeropolous> shit, why even have a network? the monero core team can just run 1 trusted node
15:06:53 <gingeropolous> all problems solved
15:20:53 <nikg83[m]> <gingeropolous> "because centralization is bad" <- Make users put remote node addr themselves 
15:23:24 <gingeropolous> yeah. the dream for simple mode was to make it so a user could download software and start using monero out of the box. that dream was dreamt without awareness of assholes
15:24:04 <gingeropolous> making users put in remote node addy was the way it was before
15:25:01 <gingeropolous> "these withered hands have dug for a dream"
15:26:59 <moneromooo> These wizard hounds have dreamt for a dog.
15:33:12 <gingeropolous> i mean, at this point, with the availability of so many third party wallets, perhaps remote nodes could be buried in the GUI somewhere. are we at the "enough nodes is enough" level of nodes on the network?
15:33:58 <gingeropolous> well, so many being like 3
15:34:02 <gingeropolous> meh
15:44:16 <nikg83[m]> https://electrum.readthedocs.io/en/latest/faq.html#does-electrum-trust-servers
15:47:07 <gingeropolous> yeah. once i matrix download coding skills i wanna do the multi-node connection thing
16:08:59 <selsta> nikg83[m]: didn't Electrum have this exploit where it would display rich text sent from the server?
16:09:33 <selsta> but yes I know they fixed it
16:10:49 <selsta> but they had their own set of issues with malicious nodes
16:17:39 <nikg83[m]> <selsta> "but they had their own set of..." <- Yes, I was just pointing out how they are doing fee thing with checking with multiple nodes 
16:19:27 <selsta> it is something that can be explored in the future but for now I will hardcode community hosted nodes in simple mode.
16:19:49 <selsta> no more random nodes
17:30:41 <gingeropolous> so there's cakes nodes, rinos node ...
17:36:50 <selsta> gingeropolous: ideally all nodes run the monero-beta branch I shared yesterday
17:36:58 <selsta> so that there are no connection and performance issues
17:46:10 <gingeropolous> hrm. ok, well, i guess we'll have to reach out to community remote node operators then
17:47:16 <gingeropolous> i mean, because this is Centralized Fun, should we just hardcode node.getmonero.org, and whoever manages the DNS entry just manage a round-robin CNAME list there or something?
17:47:58 <gingeropolous> that would allow for remote node list management without needing a new release when xyz goes down or gets pwnd
17:48:46 <gingeropolous> cause if getmonero.org gets pwnd well its all on fire at that point
17:52:50 <selsta> I thought about hardcoding the node IPs
17:53:15 <selsta> but don't know yet
17:56:47 <moneroextremist[> is there any problems to downloading the new monero gui update through the gui using a remote node ? can a node operator make you download malware through the gui like they did in electrum ? selsta 
17:57:17 <selsta> you don't download update through remote nodes
17:57:33 <selsta> they aren't involved at all in the update process
17:57:53 <selsta> so no, we never had this issue that Electrum had
18:16:11 <MajesticBank1> > I thought about hardcoding the node IPs
18:16:18 <MajesticBank1> bad idea
18:16:46 <MajesticBank1> but we are cooking idea / css
18:17:03 <selsta> explain why and suggest something better :P
18:17:14 <selsta> I would like to avoid running a centralized server
18:17:51 <selsta> that returns a list of remote nodes
18:18:11 <MajesticBank1> it's actually about incentive to run remote node
18:18:21 <MajesticBank1> software that will scan all active remote nodes on internet
18:18:44 <MajesticBank1> 18080,18081,18089
18:18:50 <MajesticBank1> + add node to the list
18:19:13 <moneromooo> Oh god no. I added the p2p based public node list, it was a stupid idea. It just gives scammers and spies an easy way to advertise their traps.
18:19:18 <selsta> but that's what we want to go away from
18:19:19 <selsta> yes
18:19:23 <moneromooo> I wish I'd never done that now.
18:19:29 <MajesticBank1> software will check uptime and broadcast tx trought nodes
18:19:39 <MajesticBank1> checking integrity
18:19:48 <selsta> it's basically impossible
18:19:58 <MajesticBank1> of nodes and for best 100 / 200 monthly
18:20:07 <MajesticBank1> reward with 30-40$ each
18:20:56 <selsta> I will just hardcode nodes from long time community members, everything else is a mess
18:20:57 <gingeropolous> it'll be gamed
18:21:22 <selsta> this node scanner only brought problems and support requests
18:21:35 <selsta> plus it helped malicious actors gain data
18:23:19 <MajesticBank1> hardcoded nodes makes it easier to spy on ISP level
18:23:36 <gingeropolous> i cant imagine what the load would be these days for "long time community members", or the level of service capable
18:23:38 <MajesticBank1> even community members are trusted
18:24:34 <gingeropolous> id say just drop remote nodes from the GUI, or bury it deep in a setting. if people want instant-on user experience, they can go 3rd party
18:25:57 <selsta> MajesticBank1: ISP level spying is way less of an issue than blockchain analysis companies setting up spy nodes (which is already happening)
18:26:15 <gingeropolous> according to https://monero.fail/map , that dudes node has seen ~12k nodes over the past 24 hours
18:26:17 <selsta> also nodes use some kind of SSL, don't know what that means in regards to ISP
18:26:36 <gingeropolous> thats 3k less than what bitcoin has according to https://bitnodes.io/
18:27:13 <gingeropolous> enough ppl have downloaded the GUI to run a node. if ppl download the GUI and can't use it instantly and drop it entirely so they can use cakewallet or whatever, thats fine
18:27:42 <MajesticBank1> it's self-signed SSL by default
18:28:10 <MajesticBank1> but can be signed with free https cert
18:30:01 <MajesticBank1> https://node.majesticbank.is:18089/
18:30:17 <jeffro256[m]> The community SSL certs should DEFINITELY be hardcoded if we're hardcoding node IPS, otherwise attackers will just spoof being a community node
18:30:32 <jeffro256[m]> *IPs
18:31:46 <gingeropolous> or we just put it right in the users face with 3 modes: Simple / Secure / Advanced
18:33:52 <gingeropolous> Simple does some version of remote node shenanigans with bootstrapping. Secure only allows for tx broadcast following full blockchain processing.. and advanced is the existing advanced
18:34:04 <jeffro256[m]> That just avoids the problem because are going to choose "simple" either way just like everyone uses default options when installing a program
18:34:16 <jeffro256[m]> *because people
18:34:55 <gingeropolous> yeah, but at least it presents the fact that simple is not secure
18:35:18 <selsta> jeffro256[m]: can you explain how IP spoofing would work?
18:35:46 <gingeropolous> Simple / Secure / Custom
18:36:25 <jeffro256[m]> Monero thrives because privacy and security and ON by default, they're shouldn't be a "simple and insecure but you don't know any better. It's not named secure so please don't blame us if it goes wrong" mode 
18:36:38 <gingeropolous> aye
18:37:08 <gingeropolous> well if thats the ethos then remote nodes should be dropped entirely
18:37:24 <gingeropolous> from core implementations. right?
18:37:43 <gingeropolous> or can we dance the dance of ..... waffly waffles
18:37:44 <jeffro256[m]> @selsta Not IP spoofing, but using their own SSL key in the middle since before being bootstrapped the node wouldn't know what the correct SSL public key to talk to
18:38:50 <MajesticBank1> there must be a way to protect wallet from remote node except tor / vpn
18:39:32 <jeffro256[m]> Well remote nodes are a valid use case for someone like me who doesn't have enough space on my laptop and connects to their node at home
18:40:00 <MajesticBank1> is the fee attack problem, finding real input or collecting monero-gui users IPs?
18:40:59 <gingeropolous> even tor / vpn can be malicious
18:41:03 <gingeropolous> the route doesn't matter
18:42:08 <gingeropolous> oooh i just used the GUI download and verifier. such awesome
18:47:49 <gingeropolous> yeah. so i can't copy and paste from the GUI, but selecting simple mode has that wall of text that includes "they could track your IP address, track your "restore height" and associated... etc etc"
18:48:29 <gingeropolous> and involves a checkbox indicating the user understands the privacy implications
19:53:38 <nioc> I would love to understand things by ticking a checkbox 
20:02:48 <gingeropolous> lulz
22:04:26 <moneroextremist[> hey
22:04:29 <moneroextremist[> selsta: luigi1111 realistically speaking, how much would it cost to have a complete UI overhaul?
22:17:03 <jeffro256[m]> moneroextremist Are you stylistically or what?
22:17:11 <jeffro256[m]> *talking stylistically
22:45:17 <gingeropolous> moneroextremist[, what kind of new and sexy are u talking about? granted, I guess I don't use many new and sexy apps on my desktop. but cereal... u have any examples?