-
ErCiccione
Alright. When emulating mobile phones on desktop i would see the desktop layout of the page. If it works on people's phone good. I'll leave mobile support as it is and just fix where needed
-
binaryFate
How are users going to authenticate the generator page?
-
binaryFate
If compromised, it presents a similar catastrophic risk as using compromised binaries.
-
binaryFate
But all binaries are signed
-
binaryFate
And if they use a hash to download the generator page, verify and run it, is it realistically doable on a phone?
-
ErCiccione
Good point. I was thinking to not include the signature for the page (for the verification), but if it's preferred for security reasons it can be done. Only downside i see is that it will need to be signed again at every edit
-
binaryFate
Hmm I think it's too much blindly trusting that getmonero.org server is never compromised. I don't think it's a sensible risk design. Compromised entropy in generator could go unnoticed for a long time and be a disaster
-
binaryFate
But I don't think me signing for every little edit is doable in practice either
-
binaryFate
How often do we want to edit this? If we don't beautify it at all, we probably don't need to touch it ever?
-
monerobull[m]
website has problem
-
plowsof11
resolving to a prohibited ip?
-
monerobull[m]
yes
-
plowsof11
ccs is fine though. reg the generator - the original file was modified 2 years ago, seems to be 'set in stone'
-
binaryFate
checking
-
binaryFate
cloudflare complaining, but we haven't changed any conf recently. I don't see anything particular.
-
binaryFate
fluffypony should be able to have a look in an hour
-
plowsof11
thanks!
-
plowsof11
seems fine now
-
binaryFate
yeah looks good for me too. Might have been a cloudflare hickup
-
fluffypony
weird
-
fluffypony
yeah must have been
-
ErCiccione
<binaryFate> "How often do we want to edit..." <- yeah we would mostly only lose the possibility of making it multilingual.
-
ErCiccione
so, i'm updating the text, fixing some minor css issues and adding other things like headers and links back to getmonero.
-
ErCiccione
the only thing that might need to be changed would the links, so the problem of edits should be avoided
-
binaryFate
no multilingual is ok. I'd prefer a barebone tool that does the job and can be deployed and used securely, rather than a more good looking security nightmare...
-
binaryFate
maybe an alternative would be to host it at github monero-project and simply link to it from getmonero.org/generator. With signed commits.
-
ErCiccione
agree. We can also have a dedicated repo if that's seen as useful, but adding the standalone page to jekyll is not an issue
-
ErCiccione
it's not about being "good looking" btw (i would also be the worst choice for working on it in that case), more about making it more accessible as possible, but yeah i see how for security reasons is better to keep it barebone.
-
ErCiccione
<plowsof11> "ErC i did not think about this..." <- Opening the link from mobile now. Looks the same of what i was seeing on desktop. I does work, but it's not really mobile friendly. Text and buttons are very small
-
ofrnxmr[m]
The issue right now isnt presentation, but a fast removal/replacement of the bad link
-
ofrnxmr[m]
Shouldn't have had links on website being blocked by ____
-
ofrnxmr[m]
Bad* links
-
ErCiccione
anyone is free to already pr the removal of the old references if deemed urgent. Since this is something that needs to be stable and changed as little as possible, better do it once but do it right
-
ErCiccione
i don't consider changing the link so urgent because they point to mymonero, not a random website
-
ofrnxmr[m]
I had started a pr to remove. Planned to link to only the zip. Since its intended to be used offline anyway, I didnt care about the online HTML link. And easier for translations.... (full message at <
libera.ems.host/_matrix/media/v3/do…5a2cbada14f9355f577577bd002b42a46f3>)
-
ofrnxmr[m]
Moneroaddress.org or whatever isnt anybody we know, and mymonero isnt a paper wallet.
-
ofrnxmr[m]
That link should not be there. Mymonero being the destination is a terrible justifcstion for someone who is reading an "official" source for how to _securely store monero_