00:14:55 <algo_max[m]> I'm running the latest version (0.17.1.6) of monerod, yet my node fell 2 blocks behind again... it worked fine for a few days, just noticed this now. Are there still any holes left that need to be fixed? Height: 2250141/2250143
00:16:21 <dEBRUYNE> Do you have the ban list applied?
00:16:41 <algo_max[m]> No.. they said it's not required with 0.17.1.6 anymore so I happily removed it again
00:38:27 <selsta> algo_max[m]: it will be required for one or two more releases
02:27:21 <ConsciousFlesh> Has anyone here used the "Feather Wallet" client? The beta was released in October I believe and it's essentially an Electrum clone for Monero (a very good one). I'm throwing everything I have it it via the terminal, using different addresses indices on a hardware wallet... it seems to be totally solid. I'm considering using it as a portable client since it plays nice with hardware wallets and syncs very quickly. Got a look at the codeba
02:27:21 <ConsciousFlesh> se and there's certainly nothing malicious, but I haven't been able to audit it 100% yet. Wondering if anyone else has had a chance to test it out and has any feedback
02:28:31 <ConsciousFlesh> It's not created by the official Monero team FYI (unless they're being super anonymous).
02:30:50 <nioc> it was created by someone who used to work on the GUI
02:31:16 <nioc> AIUI it's not an electrum clone, just inspired by it
02:31:45 <Lyza> Yeah it's legit I've been using it as an intermediary wallet since the alpha. couldn't in good conscience recommend beta software for storing large amounts of funds but the devs themselves are solid they work on wownero too
02:32:22 <Lyza> the advanced coin control is nice
02:33:48 <ConsciousFlesh> Yes! Love the advanced coin control. Sorry, I did mean to say alpha. It's a very slick wallet.
02:34:54 <Lyza> no you were right the beta was released recently
02:35:17 <Lyza> just saying I was using it in alpha as well
02:36:00 <Lyza> they've got an IRC channel on OFTC you might've found it already
02:36:32 <ConsciousFlesh> Yes, thank you I did see that on the site.
02:40:56 <ConsciousFlesh> Good to know the devs are standing members of the community, appreciate all the feedback.
03:25:57 <viperperidot[m]> <ConsciousFlesh "Has anyone here used the "Feathe"> I thought Feather didn't support hardware wallets?
03:26:06 <viperperidot[m]> But yes I also use it - is awesome
03:26:26 <viperperidot[m]> Love the integration of Morphtoken and xmr.to
03:26:46 <viperperidot[m]> I think its cool having the reddit and ccs pages on there too
03:26:53 <viperperidot[m]> Overall a great wallet and super lightweight
07:37:18 <algo_max[m]> selsta: alright, I'll enable the ban-list again. thanks
12:46:11 <codesoap> I'm trying to download the current version of the cli wallet for Linux amd64, but it's still v0.17.1.3. Other downloads, like Linux x64 or FreeBSD amd64, are v0.17.1.6. Is there a reason for the Linux amd64 version being older?
12:46:30 <codesoap> *Linux x86
12:51:15 <Lyza> The CLI v0.17.1.6 is definitely available. You may have a stale cache. I think ctrl+F5 forces a full refresh?
12:52:18 <dEBRUYNE> codesoap: Use a private / incognito window, probably a local caching issue
12:52:32 <Lyza> or wget :)
12:52:57 <tobtoht> And if that doesn't work, here's a direct download link: https://downloads.getmonero.org/cli/monero-linux-x64-v0.17.1.6.tar.bz2
12:53:12 <Lyza> Firefox caching really seems uhh, a little too aggressive ngl, we see people with this issue regularly heh
12:53:23 <Lyza> dunno if other browsers are as bad
12:53:49 <codesoap> Thanks for your help! ctrl+F5 didn't help, but a private window did work. That' indeed weird caching of Firefox...
12:54:03 <Lyza> cool :)
12:54:19 <p0nziph0ne> download accelerator plus from tucows works best
12:54:50 <Lyza> lol is that a joke
12:54:57 <Lyza> tucows still exists?
12:57:17 <p0nziph0ne> probally :D
13:05:57 <codesoap> Is there a good reason for the download link pointing to downloads.getmonero.org/cli/linux64 instead of /downloads.getmonero.org/cli/monero-linux-x64-v0.17.1.6.tar.bz2? I guess Firefox wouldn't have problems, if the link changed with every release. It would also be better for downloading with wget, since the output file would have a meaningful name, instead of "linux64".
13:09:58 <Lyza> I would presume the idea is to have a permanent URL that always redirects to the most recent version. Maybe makes updating the site for new releases easier as well? but yeah Ig that's probably the source of the caching issues too
13:10:54 <hyc> use wget --trust-server-names and it'll use the expected filename
13:11:18 <codesoap> @hyc cool, thanks for the tip!
13:11:57 <hyc> always read the manpages...
13:14:10 <codesoap> @Lyza: OK, that sounds plausible. I guess downloads.getmonero.org/cli/linux64 could be useful for some scripts, but this link could be kept, besides changing the links on the webpage. Though I undestand, that updating the HTML on every release could be annoying...
13:23:10 <codesoap> Aha! In the Firefox dev console I can see, that the redirects are cached. I guess some cache-control-headers are missing here. I'm going to take a look at github.com/monero-project/monero-site and maybe propose a pull request.
13:34:00 <Lyza> that would be dope
13:51:21 <ziyzhou[m]> who can share Feather Wallet link?
13:51:58 <ziyzhou[m]> Does it have mac version. I'll give it a shot.
13:58:15 <moneromooo> https://featherwallet.org/
13:58:30 <moneromooo> And it has a mac version.
14:00:07 <donkeydonkey[m]> on featherwallet.org firefox says: "featherwallet.org has been reported as containing harmful software. You can ignore the risk and go to this unsafe site."
14:01:26 <moneromooo> Damn javascript is everywhere nowadays, isn't it.
14:05:14 <codesoap> @Lyza @hyc: JFYI: I created github.com/monero-project/monero-site/pull/1366. I think this should stop the download caching problem.
14:35:39 <gingeropolous> kinda blows my mind that the server can control the client
15:26:22 <bobandback> My monerod is still reporting 2 blocks missing from the attack. Anything else i can do besides using the banlist?
15:30:24 <moneromooo> Use latest. Those blocks aren't missing fwiw, they don't exist and never have.
15:30:34 <moneromooo> Or wait for .7, which should be out soon.
15:33:59 <bobandback> moneromooo, I´m aware they don´t exist, but they do prevent proper syncing/unlocking of the wallet.
15:34:30 <bobandback> I just want my node to run optimally to support the network and mitigate the effect of the attacks.
15:35:13 <bobandback> Does my monerod also report the chain length of +2 or does it report the actual block height to my outgoing connections?
15:38:18 <bobandback> I assume the actual current node block height gets sent, but i´m not 100% certain.
15:40:36 <bobandback> Can this not be mitigated like this? my node receives a fake +2 block height from malicious node, requests these blocks from any of these nodes that have this block height, fetching blocks obviously fails, either because they are invalid blocks or don´t get send at all. Then receive a time-out and fall back to the lower, actual block height?
15:42:03 <Lyza> <bobandback> u running on Linux?
15:42:35 <bobandback> Lyza, yes.
15:43:37 <Lyza> I wrote a little script to get the latest ban list and add any new entries without restarting monerod, might help you out here
15:43:44 <Lyza> https://paste.debian.net/plain/1176596
15:44:17 <Lyza> I'm running it with cron every 24 hours, haven't seen the issue crop up
15:44:56 <bobandback> I´m using the latest blocklist which doesn´t seem to help (enough)
15:45:34 <Lyza> you're on 0.17.1.6?
15:46:28 <bobandback> Maybe i should clear my p2pstate.bin?
15:46:32 <bobandback> Lyza, yes.
15:47:52 <Lyza> ehhh I mean it won't hurt but prolly would only be a temorary sol'n. I wish I had more advice like I said this has been sufficient mitigation for me. Next version should have further mitigations.
15:48:13 <Lyza> if you need to transact there's the CLI or feather which are unaffected but the +2 issue
15:48:22 <Lyza> by*
15:56:07 <bobandback> Why are those not affected? They don´t lock the wallet if the blockchain isn´t fully synced to the highest reported block height?
15:56:16 <bobandback> Haven´t used CLI in ages.
15:59:34 <Lyza> yeah that's basically my understanding though I'm not a dev. the GUI or some reason uses different logic for this while the CLI and feather ise libwallet directly or some such? I'm sure somebody will correct me :D
16:00:53 <bobandback> Deleting the p2pstate helped for now. May not last though, we will see. At least i can do a transaction.
16:16:46 <Whitecat812> How does it feel to be in the queue to be the bottom bitch in a harem of a narcissistic fraud?
16:16:49 <Whitecat812> If you really want to learn an outdated programming language like C you can just take a course instead of sucking off "the Saviour of NASA"
16:28:14 <omega> yo, why does monero use gpg hashes and electrum wallet uses signatures to verify?
16:29:23 <omega> like for example fro the electrum site, "(Note that an attacker would be able to create valid hashes, this is why we do not publish hashes of our binaries here, it does not bring any security)."
16:29:55 <omega> just tryin to knowledge up on pgp
16:30:05 <dEBRUYNE> The hashes are signed
16:30:10 <fluffypony> I don't know what threat they're trying to describe
16:30:18 <dEBRUYNE> They are correct that merely posting hashes is not sufficient
16:30:24 <dEBRUYNE> fluffypony: If someone modifies the plain hashes
16:30:28 <dEBRUYNE> I think that's what they are referring to
16:30:36 <fluffypony> ah ok
16:30:49 <dEBRUYNE> List plain SHA256 hash -> attacker will modify both the hash and the binary
16:30:56 <dEBRUYNE> So verifying the listed hash is insufficient in that sense
16:36:41 <omega> hmmm.  so, is verifying with hashes adding another step? here's what i did to verify electrum: gpg --verify electrum-4.0.7-x86_64.AppImage.asc electrum-4.0.7-x86_64.AppImage
16:36:48 <omega> thanks!
16:37:29 <dEBRUYNE> That should be enough to verify it as long as you properly imported and verified the key that was used to sign it
16:38:56 <omega> yes. thanks so much.  didn't mean to ask for electrum support just tryin to understand to difference. PEACE TO ALL.  enjoy the apocolypse
16:48:01 <bobandback> omega, It´s essentially the same process. I find signed hashes more useful. Only need to verify the entire list once and can then just check hashes of the binaries.
16:55:03 <omega> thank you!
16:58:49 <Copenhagen_Bram> Is Kastelo still being worked on?
18:58:58 <Lyza> I just wanna say the option for "human readable date format" on the GUI is really funny. are there non-humans using the GUI? =P
19:00:53 <hyc> where's the Klingon date format?
19:03:34 <Lyza> lol brb starting a CCS for translation to klingon
19:05:06 <jwinterm> is non-human date format unix time?
19:05:21 <jwinterm> I don't think I ever used gui for more than 5 min
19:08:14 <Lyza> yyy-mm-dd hh:mm:ss
19:08:23 <Lyza> "human readable" is like, "10 days ago"
19:41:58 <sethsimmons> https://reddit.com/r/Monero/comments/kbv35c/poll_gauging_community_sentiment_towards/
21:50:37 <Copenhagen_Bram> Why does the Monero website recommend the Edge app? Is the Edge app fully open source and reviewed for security?
21:53:07 <Copenhagen_Bram> <Lyza> lol brb starting a CCS for translation to klingon
21:53:09 <Copenhagen_Bram> That's a good idea. Monero is like a cloaking device for money.
23:30:48 <ForeverNoob[m]> hello, does the AppImage version of monero-gui have an auto updater?
23:32:58 <ForeverNoob[m]> or like... what's the best way to auto update it? Should I best download the new version every time?
23:42:21 <anchor[m]> The best way is to use your package manager tbh
23:45:38 <ForeverNoob[m]> anchor: uh, but don't a lot of distros have like _really_ outdated packages in their repos?
23:45:48 <ForeverNoob[m]> Debian stable comes to mind
23:45:49 <anchor[m]> Only the garbage ones
23:46:00 <anchor[m]> Debian stable is meant for servers
23:46:18 <ForeverNoob[m]> ...or for desktop users looking for maximum stability.
23:46:39 <anchor[m]> If you're looking for maximum stability don't use appimages or snaps or flatpaks
23:47:17 <ForeverNoob[m]> what? AppImage files are built by devs and contain all of the dependencies as meant for by the devs themselves, no?
23:47:47 <anchor[m]> Yes but you get a mess of a system if you use appimages. The only real benefit I can see is portability.
23:48:05 <anchor[m]> not entirely related but snaps and flatpaks are the devil
23:48:23 <ForeverNoob[m]> I don't use those but for certain key apps I do use AppImage
23:48:36 <anchor[m]> you can use appimages as much as you like but it's not the best way
23:48:54 <anchor[m]> I'm pretty sure Monero devs ship normal binaries too
23:49:16 <ForeverNoob[m]> what is then the difference of a really big static binary vs. AppImage?
23:49:28 <anchor[m]> The binaries aren't really big.
23:49:36 <anchor[m]> AppImages are, they're basically glorified ISOs
23:49:54 <ForeverNoob[m]> but they can be compiled with everything including the kitchen sink, thus making them equivalent to said ISOs
23:51:06 <anchor[m]> iirc it's computationally easier to just run a binary rather than to mount an ISO every time
23:51:39 <anchor[m]> at which point I fail to see any benefit to AppImages
23:52:03 <ForeverNoob[m]> well that could be but I don't really care about CPU usage, I'd just like it to get timely (auto) updates to stay up with the latest patches.
23:52:15 <anchor[m]> can appimages do autoupdates? I don't know
23:52:24 <anchor[m]> I don't believe so
23:52:36 <anchor[m]> if you wanna stay up to date just check Monero's news
23:53:01 <anchor[m]> https://www.getmonero.org/blog/
23:53:46 <ForeverNoob[m]> so, manual updates then.
23:53:56 <anchor[m]> yep
23:54:37 <anchor[m]> Sorry if I came off like an ass, I just have a gripe with 'universal' package manager snakeoil. And I've had a long day lol
23:55:55 <ForeverNoob[m]> I didn't get that impression, more that the answers weren't thought through sufficiently.
23:56:41 <ForeverNoob[m]> A repo / PPA would be best in my case but I'm not sure if Monero devs offer that
23:56:59 <anchor[m]> a quick google shows that there are ways to get updater functionality for appimages, if you really want that
23:57:21 <anchor[m]> it sounds bloated though.
23:58:22 <ForeverNoob[m]> then there wouldn't be much difference between AppImage and Snap/Flatpak (as the latter offer the auto-update functionality)
23:58:24 <anchor[m]> When it comes to Monero distributions I would ONLY trust getmonero.org and your official distro package repositories
23:58:34 <ForeverNoob[m]> in fact, you can't even turn them off in Snaps :p
23:58:35 <anchor[m]> I can't even find an AppImage on the site
23:58:51 <ForeverNoob[m]> it's included in the tar files
23:58:55 <anchor[m]> Ah okay
23:59:05 <anchor[m]> I got the binaries from my repo
23:59:25 <anchor[m]> <span data-mx-spoiler>I use Arch btw</span>