If the transaction got confirmed - which you can check on a block explorer, e.g. https://live.blockcypher.com/btc/ - then you already received the coins. In order to spend them, you have 2 options: 1) Either wait for core to sync and access them using armory (if you want to continue using armory) or 2) Export the private key of that address and import it into a lightweight wallet which does not require to have the whole blockchain downloaded (e.g. electrum). You can export the private keys by going to: wallet properties -> backup wallet -> export key list. |
|
|
|
-m is used to configure permission of the installed application. 0755 (in order) means :
0 : AFAIK it's indication whether it's directory or file, CMIIW
~snip~
0755 is the octal notation of the permissions. And the first 0 means that there is no sticky-bit set. If you'd want to set the sticky-bit, you would have to add 1 to the first number, so 1755(in octal notation only; in decimal, you'd do chmod +t). Whether a file is a directory, socket, etc.. is seen with ls -l at the first character of the permissions (d, s, ..), but they are not set using the first digit of the octal notation  |
|
|
|
There is no way we can run the full node.
Are you sure ? What is the reason for that ? A hard drive costs around 25$ and basically any CPU would be suitable. You could even use a raspberry pi to run a full node. So what is the best option in this case? Can I use current flow (with an xpub key) in that case?
Yes, definitely. I understand that is not safe to query a third party service to check a transaction state.
But we have some limitations.
What are your limitations ? Are you going to start a service which sells goods but can't afford a 50$ device to run a full node ? If you can not run your own node, the only option is to rely on a 3rd party. You could either query an API provided by a blockchain explorer or query an electrum server. I just want to know maybe there are any other types of wallets that allows an owner to provide some public key to generate new payment addresses.
I guess you mean to provide the master public key to derive multiple addresses ? In this case, yes. You could go for electrum. |
|
|
|
But I will be forced to transfer all my personal data to an external hdd. Will the virus be transferred to external hdd along with the files?
Not as long as you only move personal data (documents, pictures, music, etc.. ). I hope you don't see executable files as personal data. As long as you don't, you are most probably fine. Just don't copy your whole hard drive over. And try to not copy any software over (which always is a mess with windows anyway). |
|
|
|
I'm still using Win7 at work, (company computer) and it's pretty darn secure.
I doubt that. Win7 is missing a ton of security features, which are included into win10. I mean..sure it is not like winXP, which is an open door for every script kiddie, but it is still far away from being secure (at least the individual computer, not talking about your network since i don't know what your protection there is). We have a robust anti-malware and anti-virus suite with hard-drive boot encryption that helps keeps the systems secure.
Just a question out of curiosity, does your company do regular penetration testing ? Whenever i see Win7 computer in a company (working as an IT security consultant), there almost always is a misconfiguration which allows lateral movement. And in a terrifying amount of cases it is possible to get domain admin privileges. And in case of a malicious cleaner/trainee (which are some test cases in my company), win7 computer mostly won't resist attacks. Once an attacker is inside of a network, win7 computer are the #1 target (besides XP which can be found from time to time too). |
|
|
|
Am I correct to assume the tarball file I downloaded has not failed the hash matching test based on the line I read below? gpg: Good signature from "Wladimir J. van der Laan The line saying that the hash matches was this one: john@mylaptop:~/Downloads$ sha256sum --ignore-missing --check SHA256SUMS.asc
bitcoin-0.18.1-x86_64-linux-gnu.tar.gz: OK
In short, do I have an authentic legitimate tarball file? If yes, what line from the Terminal output is that decision based on?
Yes. The line from above says that: gpg: Good signature from "Wladimir J. van der Laan Additionally, does my tarball file not failing this hash matching mean using the PPA installation method is now risk free?
No. What you have done is: Downloaded tarball -> verified it. This means you are now free to safely install it. If you however use the PPA method, you are adding a private repository to your list of repositories. Then, if you'd do apt-get install .., you would be downloading the files again from this repository. In your case, just untar the files and install them. You verified them. Please note that the PPA method isn't unsafe per se. But since you already downloaded and verified the tarball, stick with that would be my suggestion. |
|
|
|
Ich fühle mich jetzt mega dumm...
Ach quatsch  Ich ignoriere den restlichen Teil eines Posts auch häufig, wenn ich irgendetwas lese was im ersten Moment falsch oder sinnlos wirkt. Fällt mir dann in der Regel auch erst einen Tag später auf. Shit happens  |
|
|
|
|
You won't be able to find a private key with an associated balance. That's pointless.
Instead of creating countless threads regarding this topic, do some simple math. You will realize that you wouldn't find a private with some balance even if you'd use all computer on the world within your lifetime.
You are asking extremely basic questions. If you can't google it yourself (which can be found within 5 minutes because you are asking questions which have been answered already multiple times), ask someone to create a script for you.
If you are ready to pay for it, i'll do it. But you won't have any success in finding free bitcoins.
Besides the fact that you whole approach is extremely inefficient, it is a shame that you can't find the information yourself on how to randomly generate private keys and derive the addresses.
I am out. Either pay me for creating such a (useless) script, or do it on your own.
|
|
|
|
|
It might be worthy to expand the "Check URL Before Downloading" part by verification of the signature.
Just verifying the URL is not enough to be secured against all attack vectors.
For example:
DNS-/ARP spoofing.
If your computer is clean and secure, but your network is compromised your DNS request to electrum.org could be resolved to a different IP address.
This would result in visiting a fake-website by entering the original URL.
You would basically download malware from a fake electrum site without noticing it on the first sight.
Verifying the signature is the best way of making sure you are installing the legitimate software you intend to install. And this is a necessary step to be safe.
Additional similar attack vectors exist, which would all be prevented by simply verifying the signature of the file.
|
|
|
|
Das Grundlegende hat aundroid dir bereits erklärt. Sofern du in der Zukunft gerne näher technische Informationen erhalten möchtest, frag einfach. Hier gibt es genug Member welche ihr Wissen gerne teilen.
Gibt es auch Buch oder Online Empfehlungen, in denen das ganze in Deutsch erklärt ist? Ich kenne leider keine deutsche Literatur zu den ganzen technischen Details. Habe aber auch nie danach gesucht, gibt bestimmt welche. Aber hier im Forum sollte eig. schon der Großteil gepostet worden sein. Ist halt ein wenig verstreut und man müsste explizit danach suchen. Aber sonst -> Einfach Thread erstellen und fragen. Antworten kommen bestimmt |
|
|
|
I'd rather not do this. I include single topics into my watchlist where i know i might have to reply later (because of technical issues / questions / to help / etc.) and topics which i am interested in reading. My watchlist is already large enough You can sort by last post time with one click, even if this new sort order gets implemented.
You are right, i didn't think about that  |
|
|
|
|
Are there any intentions to bring this to other subs too ?
I am explicitly thinking about subs which are for information exchange (Development & Technical Discussion / Technical Support / Beginners & Help).
IMO this would make it way harder to keep track of all (new posts) in a topic where questions might have been asked.
Can we be assured that there are no intentions (yet) to bring that bump button to these boards which highly focus on the exchange of knowledge ?
|
|
|
|
Basically those two commands posted by TryNinja is all you need to install core. Additionally, I learned the PPA installation method poses a security risk. So I want to avoid installing Bitcoin Core using the PPA installation method. Lastly, I have already successfully verified the tarball file keys using the SHA256SUM.asc file and it checks out correctly.
Did you check whether the hash of the tarball matches the hash in the file AND whether the hash-file is signed correctly ? Both steps are necessary to ensure you are installing the original file. If you have any further questions, feel free to ask. |
|
|
|
Ausserdem erklärt Ledger in einem Artikel wie man prüfen kann ob an der HW was geändert wurde, zumindest sichtlich.
Genau auf diesen Artikel habe ich ja verwiesen, mit der Zusatzinformation, dass es nötig wäre das zu tun um sich sicher zu sein. Das war in dem Post, den du dann gequotet hast um mir zu sagen, dass ich mit dem "Unsinn" aufhören soll Ich hoffe du bist dir aller Risiken bewusst bei Hardware Wallets welche nicht direkt vom Hersteller oder offiziellen Resellern kommen. Mit einem offiziellen Update der Firmware hättest du zwar eine bösartige Software ausgeschlossen, jedoch bleibt da noch das Risiko manipulierter Hardware. Um auf Nummer sicher zu gehen, könntest du das Gerät öffnen und dir die Hardware anschauen. Ledger hat diesbezüglich einen Guide veröffentlicht: https://support.ledger.com/hc/en-us/articles/115005321449 |
|
|
|
I have Kaspersky Anti-Virus installed, but it seems to me that it does not see all the problems.
No AV will ever find all problems. In fact they only find a very small subset of malware. If I will use these programs that you recommended, am I need to format the disk?
No. I'm too lazy to reinstall the OS.
So.. you are too lazy to be sure that your computer is clean ? Then you'll live with the fact that your PC might be compromised. Even malware-removing tools won't guarantee you that all malware will be removed. You have to choose between convenience and security. |
|
|
|
can you correct this code: ~snip~ the output file part  If it prints the correct key, but writes the wrong (or nothing) to the file, my solution has been posted. Just view the code and at least try to understand it. I gave an explanation on how to fix it, together with an example integrated in the code from above. |
|
|
|
>> Eine Bitcoin-Adresse ist also nur eine Kurzschreibweise für den Public Key.
Nur um das noch ein wenig auszuführen: Es gibt verschiedene Arten von Transaktionen. Die "klassische" ist die P2PKH (Pay to public key hash). Da ist die Adresse der Hash des public keys. Daneben gibt es noch P2SH (Pay to script hash), was z.B. für Multi-signature verwendet wird. Da ist der hash (also die Adresse) der Hash des Redeem-script. Also des Scriptes welches die Regeln zum senden der Coins berechtigt. Insgesamt kann das Thema recht komplex sein, je nachdem wie tief man einsteigen möchte Das Grundlegende hat aundroid dir bereits erklärt. Sofern du in der Zukunft gerne näher technische Informationen erhalten möchtest, frag einfach. Hier gibt es genug Member welche ihr Wissen gerne teilen. |
|
|
|
Are you sure about that?
I remember a few years ago when my motherboard broke on my laptop. I connected my hard-drive to a new laptop. The data and my personal documents were intact but everything else was a mess. Old drivers from the other laptop were installed and the computer started installing new drivers which created compatibility issues. My OS genuine key was blacklisted and I could no longer use that. Tried to call the local Microsoft department to get a new key, they didn't want to exchange it etc etc...
Seems like such hardware changes do create a few issues.
All of the personal data and the programs / program data will stay. This includes metamask and all private keys stored by desktop wallets. Driver issues on the other hand definitely can happen. But after the new drivers have been installed, everything should be working without any flaws again. I don't know what kind of mess windows created on your computer. The blacklisting does make sense, since microsoft is tying your windows-key to your hardware. I don't know which licence you had, but AFAIK most licence are that you either can install the OS on up to X computer or have it installed simultaneously on X computers at the same time. But regarding this topic, connecting the hard drive to another computer is definitely fine to gain access to all private keys etc. |
|
|
|
The problem here is not centralized / decentralized but too make sure that if someone other than the user comes across the file, only the user can have access to its content. I am using only the details I have from the user, nothing else. Will not collect other information
But you are encrypting the files on your machine, so you have access to them ? This means trust is involved ? And if the user is the only one allowed to decrypt the file, why not let him choose a password and use symmetric encryption ? |
|
|
|
|
Show Posts
