I cannot replicate this.  I have tested in both Linux and Windows, and the option works for me.  Please try renaming your ArmorySettings.txt file (in C:\Users\<user>\AppData\Roaming\Armory), and then start Armory again -- it will be like new, asking you to agree to the EULA, etc.  Try setting the option again in the menu and then restart.  Tell me if it works.

So... is version 0.92 bug-free or are people not testing anymore?    I'll take this as a good sign for the upcoming release!

Also, any Mac users please chime in -- we're anxious to find out if Mac stability improved with .9 and .11.  doug_armory found some patches that supposedly improved stability noticeably, but no one has yet commented on it.  I will assume no news is good news

We've tried to make it so that if the online computer is totally under the control of an attacker, there's still minimal risk to the offline computer.  You obviously want the online computer to be free of malware, and so you should take preventative measures, but it's still the offline computer that matters.  And the attack surface is pretty slim.

People have asked if the offline computer should be updated with OS updates, etc.  My attitude on this is:  if you are going to keep the offline computer updated, you are introducing far more risk than you are reducing:  you will be regularly transferring data from your potentially-compromised online system, and executing it with root privileges on your offline computer (to install the updates).  This seems to introduce a recurring (weekly?) channel for remote, root execution by the online computer to the offline computer.  Even without a fancy USB virus, this could be exploited with someone pushing a coin-stealing chunk of code into a system library/service update silently.  It doesn't have to persist for long to compromise a lot of people who are diligent about updating their offline computer.  

Personally, I'd feel safer using a version of Linux/Ubuntu that has been around for a while (perhaps before Bitcoin was worth $billions), and has a well-known verifiable CD/DVD hash.  I believe the attack vector of such an OS--even if there are known vulnerabilities--is far smaller than having users regularly execute code transferred from their online computer with root privileges.

Also, updates can also introduce vulnerabilities.  It might be the case that vulnerabilities are reduced on average, but if you are updating software with all sorts of new features, you might actually be adding more vulnerabilities than you are fixing.

FYI, this feature slid quite nicely into the new wallet format I'm working on.  One thing I wanted to mention for completeness, is the necessity to make sure that you cannot verify passwords individually.  I am storing key-stretching info with each fragment, so that Armory knows how to decrypt it, but all it decrypts is an opaque 32-byte chunk of data, with no clear indication of whether the result is valid.  The only way to know is if a quorum of passwords is present to restore the master encryption key, which then can be checked for accuracy.   

This is important, because it means that you are exponentially increasing the effective entropy of the master key encryption, not linear.  For instance, let's say you have a 3-of-5 password and each of the 5 participants chooses a password with 40 bits of entropy.  If you can verify each password independently then the effective brute-force time is:


Instead, I'm making sure that only the final reconstucted key can be verified, which means brute-force time is:


Quite literally, the first one is brute-forceable while the second one is not.  The downside is that if one person types their password incorrectly, there's no way to know without everyone re-typing their passwords.  I think the CONOPS can be extended so that when the passwords are initially set, each participant ALSO inserts a USB key and gets a 3-of-5 fragment of the wallet backup (unencrypted) copied to it.   They can then protect that however they see fit, such that you need either:

(A)  Encrypted wallet file + 3-of-5 passwords
(B)  3-of-5 fragments to restore a lost wallet file

However, if three people lose the USB drive and three people forget their password, the wallet would not be recoverable despite having 4 "pieces" (2 passwords + 2 fragments).   Perhaps the unencrypted password fragment should be copied along with the unencrypted backup shard.   Either way, this seems to have all the right properties for multi-user protection of a wallet or a piece of a multi-sig wallet.  You could also print out this data onto paper, but there would probably be some OPSEC issues having 5 people in a room all being exposed/flashed to fragments getting printed. 

It's called "Do not ask again" or "Do not show this message again".  That's been there for a while but only when you click the "Offline Transactions" button on the main window.  On the .11 testing release, it is now also displayed when you try to create any unsigned transaction.  

If you click the "Do not show again" box, it will disable it in both places.

More specifically, I'm sure you can create the multi-sig with mixed keys, since public keys have a standard encoding, but you won't be able to easily spend the money because Armory doesn't know how to communicate with BitPay/Copay, etc.  As CircusPeanut said, standardization will need to be developed but everyones' multi-sig implementations are too young to have gotten to that point yet.

FYI, I think .11 has a fix that allows you to load, review, and broadcast any Armory transaction regardless of its relationship to your wallets.  Use the offline transactions if it's an Armory sigcollect block, or Tools->Broadcast Raw Tx if it's a regular hex transaction.

Strange... if you can still replicate the error can you go back to .9 and test if it's oding the same thing?  I don't think anything changed between .9 and .11 that would've induced that kind of error.

Final Testing Version before 0.92 (0.91.99.11-beta)
This will be the released version of 0.92 unless important/dangerous bugs are found (gotta stop polishing and just release it at some point).  Plan to rename this to 0.92 on Tues or Weds.

---

Installers for version 0.92 (pre-release 0.91.99.11-beta):
  Armory 0.91.99.11-beta for Windows XP, Vista, 7, 8+ 32- and 64-bit
  Armory 0.91.99.11-beta for MacOSX 10.7+ 64bit
  Armory 0.91.99.11-beta for Ubuntu 12.04+ 32bit
  Armory 0.91.99.11-beta for Ubuntu 12.04+ 64bit
  Armory 0.91.99.11-beta for RaspberryPi (armhf)


Offline Bundles:
  Armory 0.91.99.11-beta Offline Bundle for Ubuntu 12.04 32bit
  Armory 0.91.99.11-beta Offline Bundle for Ubuntu 12.04 64bit
  Armory 0.91.99.11-beta Offline Bundle for RaspbianPi (armhf)

Signed Hashes:
  Armory 0.91.99.11-beta: Signed hashes of all installers

---

Honestly, not a lot has changed from the .9 testing version except:

• Proper sorting of simultaneous ledger entries now (should've done that like 2 years ago)
• Offline message format upgrade warning when you attempt to create and unsigned transaction from the "Send Bitcoins" dialog (matching the one when you click "Offline Transactions" from the main window)
• Strips extraneous signatures from transactions just before broadcast -- it will carry the extra sigs around with it so you can see who has signed, but the extras are removed when you hit "Broadcast".

There appears to be a misunderstanding here.  Armory is not part of any repo.  Updating/upgrading your system will not do anything.  Even if synaptic was used to install it, it has no idea how/where to look for updates.  You cannot update Armory in this way.

You have to download the new version from the website, or if you're now 0.91+ already, you can use the built-in secure downloader to grab the latest version for your OS and Armory will verify the package signatures for you.  It won't automatically install it for you, but it will put it in a folder where you can go double-click to install (or not put it in the folder if the signature isn't valid).

I guess we really need a way to make this clearer.

Download the new version from the website (it's an Ubuntu .deb package).  Double click to install.  It will overwrite the previous version but will keep all your wallets and settings intact.  It's that simple.

If you simply want to remove without installing over it, it was most likely installed with your package manager such as Synaptic.  You can open the package manager, search for it in installed packages and mark it for removal.  Or I believe you can simply run "sudo dpkg -r armory" from the command line

On that note, after this release we're going to go through and clean up all the random side branches.  I'd like to reduce to just "master", "testing", "dev", and a couple others that are works in progress.  There's a lot of abandoned branches that were really for one bug or feature that took way longer than it should have.   A little belated spring cleaning. 

There is a "hide unused" button when in the wallet properties window.  That at least will hide them from view when browsing, though it doesn't actually change anything internally.  Since there is no limit on the number of addresses you can generate deterministically, we have no reason to complicate the interface by trying to allow the user to specify certain addresses to "suppliable" again with the "Receive Bitcoins" button.  No extra work for the user, and they are guaranteed a fresh address every time.  If you want to use one of those old addresses, then next time you need it, go to one of those unused addresses and right-click-copy it to the payer. 

That's correct.  0.91.2 is the last version that is compatible with.... every previous version of Armory ever made!   yes, I believe it works even if your offline computer is running Armory 0.51 which was like 2.5 years ago.  BIP 10 served us well, but it's time to move on.

As I mentioned in other threads, the new format has been pretty thoroughly tested, and we've done 5-way simulfunding and 7-of-7 multisig with it, and it serves our needs.  We don't expect to have to change it again, and if we do, we may be able to do so in a backwards-compatible way.

The databases, at least for now, are compatible.  So you can keep a copy of 0.91.2 on your system, and use that for executing offline transactions.

Unfortunately, it was way too much work to support both formats simultaneously.   We had to remove the old one.  I recognize that's inconvenient, but we didn't have too many choices in the matter (the new 0.92+ signing system expects different information than was provided by BIP 10 which was used for the old offline tx format).

...and he still gets the bounty because it should've been fixed but still exists in the new testing version.   I think we got so distracted by helgabutters' bugs, we forgot to go back through some of the other reports.  Whoops.  [EDIT: scratch that... it was fixed, but TimS's report was made against an earlier testing version]



You know, that has always bugged me, but just not enough to be motivated to go find and update the sorting code.  Thanks for encouraging me to do it, finally!

Perhaps .9 won't be the last testing release, but I also won't make a big deal about doing a couple tiny intermediate releases.  My release scripts are mature enough that it's not a huge burden anymore.  And as simple as these changes are, it always makes me uncomfortable right before a release (but none of them are the kind that would lead to money loss if we botched something).  

@helgabutters

#3 and #4 are actually the same bug.  And I recognize the issue... it's a rare condition that's leading to the data being saved in the settings file being read later, incorrectly.  Can you tell me what data is in the "DefaultLinkText" line of the ArmorySettings.txt file?  Either way, you can close Armory, remove that line, and then restart Armory and it will be fixed.  I'll figure out how to avoid that condition.

Whoops, that's a pretty obvious error.  You definitely deserve a bounty for that ... or at least we deserve to lose a bounty for not noticing it ourselves

It's funny you ask that.  The guys that work with me would probably complain that I like to declare schedules and then not stick to them.  Which is true -- I try to set schedules to give us a target to work for, but the true end date is "when it's ready"    Especially with a piece of software as sensitive as this, we never rush anything which might lead to dangerous bugs.

So to answer your question more directly:  we'd like to officially release this next week.  Saturday is a good target for the end of the testing phase.  But depending on how testing goes, it may be further delayed.  So far, things are looking good, an these bounties have been tremendously useful for speeding up this process so you guys can expect these to continue for further releases!

Strictly speaking, the answer to your subject line is: yes.  The new simulfunding features do allow you to simulfund one transaction from multiple input wallets.   However, talking about dust:  due to the complexity of allowing it, we do not have coin-control available for simulfunding transactions, so your wallet would have to be empty except the dust, in order to guarantee that the dust is used in the simulfunding tx.  If you have 5 wallets with only dust, you could create 5 prom notes for the full amount of each wallet -- which can be done by going to "Merge promissory notes" and then add 5 notes in the interface, one from each wallet.  But if the wallets aren't otherwise empty, it's likely not to behave how you expect.  Though you could just empty all of the wallet entirely back into one of your own wallets, which will destroy the dust and merge all the wallets into a single address/UTXO.