Please upgrade to Bitcoin 0.8 and help Android/MultiBit users! - page 3.

cypherdoc

legendary

Activity: 1764

Merit: 1002

Quote from: niko on February 21, 2013, 08:25:05 PM

Quote from: grue on February 21, 2013, 07:49:42 PM

Quote from: cypherdoc on February 21, 2013, 06:06:40 PM

so that's good enough? never checked this way before.

thanks.

you only need to check if the signature is OK (by clicking "details"). the rest is not needed.

Yes. I wanted to illustrate the depth of information available. Anyone handling significant amounts of coins or sensitive data should in fact check the certification path, and look for suspicious changes in signing authorities. Case in point:
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/

i'm a little skeptical about signing certifs after that incident last year where Diginotar got compromised.

i mean no one around here has told us how to verify that the CA you pointed out is genuine. i see a few words that say Bitcoin Foundation in the detail and COMODO and someone's email address but how am i supposed to know that this detail is genuine?

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: grue on February 21, 2013, 07:49:42 PM

Quote from: cypherdoc on February 21, 2013, 06:06:40 PM

so that's good enough? never checked this way before.

thanks.

you only need to check if the signature is OK (by clicking "details"). the rest is not needed.

Yes. I wanted to illustrate the depth of information available. Anyone handling significant amounts of coins or sensitive data should in fact check the certification path, and look for suspicious changes in signing authorities. Case in point:
http://arstechnica.com/security/2012/06/flame-malware-was-signed-by-rogue-microsoft-certificate/

Vernon715

full member

Activity: 182

Merit: 100

Quote from: runeks on February 21, 2013, 02:43:47 PM

Is there an armhf Debian package available for Bitcoin 0.8 (bitcoind)? I wouldn't mind running it on my Raspberry Pi around the clock.

+1

grue

legendary

Activity: 2058

Merit: 1452

Quote from: cypherdoc on February 21, 2013, 06:06:40 PM

so that's good enough? never checked this way before.

thanks.

you only need to check if the signature is OK (by clicking "details"). the rest is not needed.

cypherdoc

legendary

Activity: 1764

Merit: 1002

Quote from: niko on February 21, 2013, 05:47:02 PM

Quote from: cypherdoc on February 21, 2013, 04:02:30 PM

Quote from: niko on February 21, 2013, 03:35:56 PM

Quote from: cypherdoc on February 21, 2013, 03:16:00 PM

Quote from: Pieter Wuille on February 20, 2013, 05:59:26 PM

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

then they ought to put their PGP signature on the bitcoin.org download site.

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/SHA256SUMS.asc

i still don't see the BF's pgp key.

Were you able to check the CA signature chain? It's only a few clicks away.

i did check the CA certificate in properties like you said. it's just i'm more comfortable checking signature files BEFORE i install the client.

You should check before you run the installer, of course. An example at hand:

so that's good enough? never checked this way before.

thanks.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: cypherdoc on February 21, 2013, 04:02:30 PM

Quote from: niko on February 21, 2013, 03:35:56 PM

Quote from: cypherdoc on February 21, 2013, 03:16:00 PM

Quote from: Pieter Wuille on February 20, 2013, 05:59:26 PM

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

then they ought to put their PGP signature on the bitcoin.org download site.

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/SHA256SUMS.asc

i still don't see the BF's pgp key.

Were you able to check the CA signature chain? It's only a few clicks away.

i did check the CA certificate in properties like you said. it's just i'm more comfortable checking signature files BEFORE i install the client.

You should check before you run the installer, of course. An example at hand:

cypherdoc

legendary

Activity: 1764

Merit: 1002

Quote from: niko on February 21, 2013, 03:35:56 PM

Quote from: cypherdoc on February 21, 2013, 03:16:00 PM

Quote from: Pieter Wuille on February 20, 2013, 05:59:26 PM

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

then they ought to put their PGP signature on the bitcoin.org download site.

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/SHA256SUMS.asc

i still don't see the BF's pgp key.

Were you able to check the CA signature chain? It's only a few clicks away.

i did check the CA certificate in properties like you said. it's just i'm more comfortable checking signature files BEFORE i install the client.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: cypherdoc on February 21, 2013, 03:16:00 PM

Quote from: Pieter Wuille on February 20, 2013, 05:59:26 PM

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

then they ought to put their PGP signature on the bitcoin.org download site.

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/SHA256SUMS.asc

i still don't see the BF's pgp key.

Were you able to check the CA signature chain? It's only a few clicks away.

cypherdoc

legendary

Activity: 1764

Merit: 1002

Quote from: Pieter Wuille on February 20, 2013, 05:59:26 PM

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

then they ought to put their PGP signature on the bitcoin.org download site.

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/SHA256SUMS.asc

i still don't see the BF's pgp key.

cypherdoc

legendary

Activity: 1764

Merit: 1002

Quote from: HorseRider on February 21, 2013, 08:52:09 AM

And please make a Ubuntu PPA please......

+1

runeks

legendary

Activity: 980

Merit: 1008

Is there an armhf Debian package available for Bitcoin 0.8 (bitcoind)? I wouldn't mind running it on my Raspberry Pi around the clock.

HorseRider

donator

Activity: 1120

Merit: 1001

And please make a Ubuntu PPA please......

camolist

hero member

Activity: 896

Merit: 1000

just brought up a node on a server in the datacenter.

50mbit/sec dedicated that is very very underused

addnode=69.162.139.23

DannyHamilton

legendary

Activity: 3472

Merit: 4801

As a benchmark for those who are interested, I installed 0.8.0 on a 5 year old 2.4 GHz Intel Core 2 Duo MacBook Pro with 4 GB 667 MHz DDR2 SDRAM and a NVIDIA GeForce 8600M GT 256 MB graphics processor running Mac OS X Lion 10.7.5. The total synchronization time starting on 2013-02-19 was 22 hours, and the total disk space used is 6.4 GB

Disk usage:

Code:

$ pwd; du -h
~/Library/Application Support/Bitcoin
31M ./blocks/index
6.2G ./blocks
193M ./chainstate
10.0M ./database
6.4G .

Mike Hearn

legendary

Activity: 1526

Merit: 1134

I just ran the PeerMonitor app and found a bunch of 0.8 nodes that were in the middle of syncing the chain. That's great! Let's keep it up.

Pieter Wuille

legendary

Activity: 1072

Merit: 1189

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

then they ought to put their PGP signature on the bitcoin.org download site.

http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.8.0/SHA256SUMS.asc

alexeft

legendary

Activity: 854

Merit: 1000

I got two nodes running on 0.8!
Let's help this thing grow bigger!!!

jim618

legendary

Activity: 1708

Merit: 1066

Quote from: Sukrim on February 20, 2013, 03:49:51 PM

Is there a node that you control or make use of to find 0.8 clients quicker which we can add via "addnode" so you also see our nodes? Or do you just hope that your client will after some days just randomly stumble upon a 0.8 full node because there are so many?

Bitcoinj uses DNS discovery - it initially makes connections to 4 nodes at random.

It will then look at the Satoshi version running, the block height the peer says it is at and the peer's ping time to decide which is the best to download from. (The other peers are then used to verify things but it wants the 'best' for downloading).

Once V0.8.0 gets to about 15% of nodes then with 4 connections the chance of getting at least one V0.8.0 at random is:

1 - (1 - 0.15)^4 = 48%

I think we are planning to wait for 10% of nodes at V0.8.0 before releasing.
(If there are two few V0.8.0 nodes they might become too popular and get overloaded by SPV clients wanting to connect to them).

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: cypherdoc on February 20, 2013, 03:37:52 PM

Quote from: niko on February 20, 2013, 03:23:40 PM

Quote from: cypherdoc on February 20, 2013, 03:16:47 PM

Quote from: Mike Hearn on February 20, 2013, 03:14:42 PM

Bitcoin 0.8 is signed by the Foundation.

If you run a node via Tor then nobody can connect to it, so no, it doesn't help. We need nodes on the regular internet for this, sorry.

then they ought to put their PGP signature on the bitcoin.org download site.

It is not signed via PGP. The signature is CA based.

so how does that work?

Like any signed code - but I can only speak about Windows. When you try executing the code, the UAC prompt will provide the information about the signature, and offer details where you can check the certificate and certification path. Alternatively, right-click on downloaded file and check signature/certificate from the Properties dialogue.

Sukrim

legendary

Activity: 2618

Merit: 1007

Is there a node that you control or make use of to find 0.8 clients quicker which we can add via "addnode" so you also see our nodes? Or do you just hope that your client will after some days just randomly stumble upon a 0.8 full node because there are so many?

Topic: Please upgrade to Bitcoin 0.8 and help Android/MultiBit users! - page 3. (Read 8902 times)