I am not that involved in bitcoin community anymore since bitcointalk is teaming full of noobs, libturds, speculative traders and incomprehensible millenials from India. I did not notice that Bitcoin Foundation had some trouble. I stopped dealing attention since Mt.Gox goatsed their users, and I lost my 2 US cents, 10 eurocents and 0.01 BTC
Maybe publish somewhere info not only about PGP signatures but Digital sigantures as well, including certifikate fingerprint and root and intermediate authorities? TrueCrypt did that and it worked well, Bitcoin devs also should do the same. This could have saved me some time when upgrading Bitcoin, since everything checked out on my imaginary "Legit" checklist, except for windows siganture.
Topic: Bitcoin Core 0.18.0 Released - page 2. (Read 3373 times)
Quote
As you note, the windows signatures mean essentially nothing-- anyone can get one and there is no real way to verify them. You could very likely get one called "Bitcoin Foundation", at most you'd just have to incorporate an entity with that name. The recommended procedure is to check the GPG signatures and keys, which have been consistently the same since 2013 or so.
So does PGP signatures. In that matter both PGP and Digital signatures in Windows are same. You must verify the signature and make sure it is signed by known trusted key.
Quote
Windows signed executables only stops Windows shouting "UNSAFE!" at you.
The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.
Wrong. Signatures are mandatory only for kernel-mode drivers. The warning when launching executables coming from internet is dependent on NTFS alternate streams feature to indicate it come from network and all it does is check presence, absence or validity of digital signature and display warning screen that is ignored by most users anyway.The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.
1. I didn't mention whether signatures are mandatory for installing, just that Windows warns about unsigned packages
2. Then you said the same thing, that Windows warns about unsigned packages
the change of signers raised some alarm to me.
You're a bit confused about this problem. In fact, very confused.
Everything you're saying suggests you undertand exactly what's happened, and what matters, and why. But you're still saying that the parts that don't matter are a problem? If you want two things that are mutually irreconcilable, it's impossible to be satisfied. You're going to be frustrated, and it will never end. Good luck.
Quote
As you note, the windows signatures mean essentially nothing-- anyone can get one and there is no real way to verify them. You could very likely get one called "Bitcoin Foundation", at most you'd just have to incorporate an entity with that name. The recommended procedure is to check the GPG signatures and keys, which have been consistently the same since 2013 or so.
So does PGP signatures. In that matter both PGP and Digital signatures in Windows are same. You must verify the signature and make sure it is signed by known trusted key. Windows is more complicated in this matter because it have trusted root CAs but the final certificate in chain of "trust" still have the hash that can be compared, it is only hidden few clicks deep. TrueCrypt managed this very good back in its days. I think Bitcoin must do the same and stick with one root CA and one signing entity that is well established and known.Quote
Windows signed executables only stops Windows shouting "UNSAFE!" at you.
The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.
Wrong. Signatures are mandatory only for kernel-mode drivers. The warning when launching executables coming from internet is dependent on NTFS alternate streams feature to indicate it come from network and all it does is check presence, absence or validity of digital signature and display warning screen that is ignored by most users anyway.The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.
And no, Windows is not nearly as broken as majority of computer users are.
I verify any software by all means possible before proceeding. The Digital signatures tab is not very important, but the change of signers raised some alarm to me.
Why the Windows binaries are signed by different signer and root authority? First it was Bitcoin Foundation, now it is bitcoincoresigningsomething.org
I can get my own certificate for bitcoin-something named entity and sign malicious bitcoin executables that steal coins. Get your shit right! Settle once and forever on single entity that is signing binaries and stick with that!
I can get my own certificate for bitcoin-something named entity and sign malicious bitcoin executables that steal coins. Get your shit right! Settle once and forever on single entity that is signing binaries and stick with that!
Windows signed executables only stops Windows shouting "UNSAFE!" at you.
The only reason is to make inexperienced people feel comfortable, the Windows system is broken, as you already know.
Use SHA-2 and PGP to check the authenticity of Bitcoin releases, that method comes with at least some guarantees (using the fingerprint to id the PGP key is possibly not reliable any more though, there should be a t-shirt with the Wladimir van der Laan PGP public key + expiry date printed all over it IMO, or at least till PGP updates their standard for fingerprinting public keys)
Why the Windows binaries are signed by different signer and root authority? First it was Bitcoin Foundation, now it is bitcoincoresigningsomething.org
I can get my own certificate for bitcoin-something named entity and sign malicious bitcoin executables that steal coins. Get your shit right! Settle once and forever on single entity that is signing binaries and stick with that!
I can get my own certificate for bitcoin-something named entity and sign malicious bitcoin executables that steal coins. Get your shit right! Settle once and forever on single entity that is signing binaries and stick with that!
As you note, the windows signatures mean essentially nothing-- anyone can get one and there is no real way to verify them. You could very likely get one called "Bitcoin Foundation", at most you'd just have to incorporate an entity with that name. The recommended procedure is to check the GPG signatures and keys, which have been consistently the same since 2013 or so.
Back when windows and windows AV started punishing software for not purchasing a cert the Bitcoin Foundation offered to take care of it. They went on to exploit the author indication to make people believe they were responsible for releasing Bitcoin... not really a great outcome. They subsquiently went up in a ball of cretinous glory. Several of them ending up in prison, others backing an obvious scammer.
Eventually the certificate expired, as all centralized certs eventually do. It was replaced with a key assigned to an entity that doesn't do anything else, to hopefully reduce the odds of future stupidity.
Regardless, you're still best off checking the PGP signatures.
Why the Windows binaries are signed by different signer and root authority? First it was Bitcoin Foundation, now it is bitcoincoresigningsomething.org
I can get my own certificate for bitcoin-something named entity and sign malicious bitcoin executables that steal coins. Get your shit right! Settle once and forever on single entity that is signing binaries and stick with that!
I can get my own certificate for bitcoin-something named entity and sign malicious bitcoin executables that steal coins. Get your shit right! Settle once and forever on single entity that is signing binaries and stick with that!
But we really have to make the most convincing case to ditch this crappy stuff to those who otherwise wouldn't care.
I guess the simplest way is:
Bad:
- Fedora
- Centos
- Ubuntu
- Mint
Good:
- Devuan
- um, Gentoo
trouble is there aren't many non-systemd Linux distros, and Devuan is probably gonna be the most user friendly of them all (Gentoo isn't really user friendly). There must be some more I didn't mention
[...] and if the Bitcoin Core project sees enough additional adoption, it will instead default to bech32 receiving addresses in Bitcoin Core 0.19 (approximately November 2019).
How will 'enough adoption' be determined? The percentage of transactions sent to native SegWit addresses? Number of the most popular services which support sending to bech32 addresses?
[...] and if the Bitcoin Core project sees enough additional adoption, it will instead default to bech32 receiving addresses in Bitcoin Core 0.19 (approximately November 2019).
How will 'enough adoption' be determined? The percentage of transactions sent to native SegWit addresses? The number of the most popular services which support sending to bech32 addresses?
The thing with systemd is not simply "learning" things, but the fact that its so buggy and bloated and the main developer doesn't really care.
most Ubuntu or Mint users aren't going to notice the kinds of bugs it has, and they're equally unlikely to appreciate the poor design philosophy behind systemd
In fact I'm avoiding all his projects (don't need any of them), he tends to keep that same mindset in all his works.
sure, but convincing people to ditch systemd for OpenRC is one thing, getting them to configure jack audio and eudev is just more on top, it may be all too much for some people. Building up the ecosystem around well designed alternatives to invasive Red Hat products is important to keep Linux going in the direction of good quality software engineering.
Corporate software is basically attacking Linux with these bad quality system components (and in other ways too, arguably), so sure, start with yourself. But we really have to make the most convincing case to ditch this crappy stuff to those who otherwise wouldn't care.
Fuck systemd though. Ain't nobody got time for that.
well, I agree, except that it's precisely because people don't want to take time to learn how to write sysvinit scripts (or upstart scripts? not sure about upstart) that they end up just going with the path of least resistance and sticking with systemd (Bitcoin thankfully has some sample sysvinit/OpenRC/Upstarts scripts available here - https://github.com/bitcoin/bitcoin/tree/0.18/contrib/init)
you can bet RedHat were thinking exactly that when they saw the first design specification for systemd. Fuck systemd, and RedHat
Well I'm in favor of choice, and I'm using Artix here for that very reason. There is no need to use systemd if you don't want to, there are plenty of alternatives such as openrc, runit and s6.
The thing with systemd is not simply "learning" things, but the fact that its so buggy and bloated and the main developer doesn't really care. In fact I'm avoiding all his projects (don't need any of them), he tends to keep that same mindset in all his works.
Those who most need to learn the different start/stop script variants are the package maintainers for the distros using them, i don't think the Bitcoin core team is in need to provide them, but its nice of them to provide some examples. So let Red Hat (or whoever maintains the rpm) to make it...
Upstart was pretty much abandoned (being from Canonical, who switched their Ubuntu distro to systemd) but iirc they were just sysv init scripts.
"and how many address book entries it has."
O no it will see my auto clicker spamming them?
O no it will see my auto clicker spamming them?
Fuck systemd though. Ain't nobody got time for that.
well, I agree, except that it's precisely because people don't want to take time to learn how to write sysvinit scripts (or upstart scripts? not sure about upstart) that they end up just going with the path of least resistance and sticking with systemd (Bitcoin thankfully has some sample sysvinit/OpenRC/Upstarts scripts available here - https://github.com/bitcoin/bitcoin/tree/0.18/contrib/init)
you can bet RedHat were thinking exactly that when they saw the first design specification for systemd. Fuck systemd, and RedHat
Fuck systemd though. Ain't nobody got time for that.
to actually experience sub 1 sat/b require majority full nodes use Core 0.18.0 or set minrelayfee value very low.
1sat/b is still the minimum relay fee, it wasn't changed in 0.18.0
or through bittorrent:
magnet:?xt=urn:btih:a25c86ffa7a512b6d074287f74762b77f91cef4c&dn=bitcoin-core-0.18.0&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fexplodie.org%3A6969
magnet:?xt=urn:btih:a25c86ffa7a512b6d074287f74762b77f91cef4c&dn=bitcoin-core-0.18.0&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Fzer0day.ch%3A1337&tr=udp%3A%2F%2Fexplodie.org%3A6969
note:
if you don't want to give your IP to the trackers, you can edit the above magnet urn to just:
magnet:?xt=urn:btih:a25c86ffa7a512b6d074287f74762b77f91cef4c
You need a modern bittorrent client that supports DHT well. Decentralise all the things
So, any idea when these would be implemented?
No idea, i'll check it laterThanks for the hard work 
As far as i remember, Dandelion implementation and lower default minrelayfee expected on Core 0.18.0, but looks like neither of them happened.
Also, i think it's worth to mention previous public key used to sign release already expired some time ago and people should obtain newer public key.
As far as i remember, Dandelion implementation and lower default minrelayfee expected on Core 0.18.0, but looks like neither of them happened.
Also, i think it's worth to mention previous public key used to sign release already expired some time ago and people should obtain newer public key.
So, any idea when these would be implemented? I like how bech32 will become the default on core, adoption seems to be lagging in some places...
Too bad we won't be able to use smaller fees yet, I wanted to try sub 1sat/b transactions...
Hurrah! As usual for an .0 release the changelog was so large this time, I had to split the announcement into multiple posts.
Absolutely awesome. Thanks to all the contributors
fyi the link at the very top 'News:' still says 0.17.1 though it redirects to 0.18.
Thanks for the hard work
As far as i remember, Dandelion implementation and lower default minrelayfee expected on Core 0.18.0, but looks like neither of them happened.
As far as i remember, Dandelion implementation and lower default minrelayfee expected on Core 0.18.0, but looks like neither of them happened.
yeah, that was a somewhat of a letdown. I can see why dandelion tx propagation didn't make it, it's a significant change, and there are other changes to tx propagation that probaby affect the way dandelion would need to be implemented. Why the relayfee default wasn't changed is a little more difficult to understand, especially seeing as mempools continue to hit the 1 sat/byte fee floor very regularly.
But there is now a hardware wallet utility
And the new node connection code makes having hundreds/thousands of peers realistic (was 125 the previous maximum? think so). This strengthens the network between nodes that can handle that number of connections, I'm surprised that more hasn't been made of it Also, i think it's worth to mention previous public key used to sign release already expired some time ago and people should obtain newer public key.
Yeah, wladimir's expired key is gonna be causing some sweaty hands.
Update wladimir's key, everyone!!!
gpg --refresh-keys
Hurrah! As usual for an .0 release the changelog was so large this time, I had to split the announcement into multiple posts.
That's good news. Watching for questions and whatnot. Jump to: