The first way (gpg --import key.asc) imports an already downloaded key (which is on your hard drive now) into the pgp database.
The second command (gpg --recv-keys XXXXX) pulls the key with  the ID XXXXX from the keyserver you have specified with --keyserver or from the default one of your distro.

It doesn't really matter which way you choose, both have its pros and cons.
You just need to make sure that the source of your information is correct. This means if you download an .asc file, make sure you download it from the correct site.
And if you import it from a keyserver, makesure the ID you are using is coming from the correct source/website.




I personally don't like PPA's either.

You could theoretically use them and wouldn't have much downsides.
But i would stick with the manual method.
Once you installed it, all you need to upgrade is to download the new .deb-file and run sudo apt-get install ./newDebFile.deb.

The statement is comparing PPA's to the distros repository (installing packages via apt-get install xxx from the official distro repository).
That's not what you are doing currently, you are downloading the .deb files yourself.

But this basically comes down to what i have said:


Fake wallets, whether through DNS poisoning or through the user who downloaded the wrong software, put the user at the same position.
With a hardware wallet, you are still safe from loss of funds as long you check the amount and address of the transactions.

As long as you are using a hardware wallet and are cautions when sending transactions, you are safe.
And as long that is the case, using a browser-based wallet is absolutely fine IMO.

As long as MEW has been used with a hardware wallet, there are no exploits which could have affected the loss of funds.
At least not if the user are somewhat attentive.

I mean, if someone doesn't check the address he sends funds to, that could be exploited. But this applies to every wallet and is not specifically an exploit tied to MEW or any other browser-based wallet.
Proper double-checking of addresses and amounts together with a hardware wallet would have never led to someone losing funds.

Which exploits specifically are you referring to ?

I can highly recommend https://searx.me/ to you.
I have my own personal version of searx hosted at home.

You can configure it to use the search engines you want. It strips off any not relevant data such as browser version, OS, display configuration etc..

If you configure it to use only google, you basically have a google search without any privacy implications.
It only transmit the keyword you searched for and the language for your results to google. Nothing else.

I have mine configured to search roughly 8 search engines and i am pretty happy with the results i get. And no privacy implications at all.

This would still require people to download and run the source code, not to simply download the webpage (what everyone is suggesting to do).
And most of the time it is easier to check C/Java/Python code than javascript. Most websites use tons of JS libraries which makes it almost impossible to check them all.

JS is known to be somewhat risky when dealing with crypto operations.

My way to go would still be to either 1) generate a private key using the linux command line or 2) to use a well-known wallet (e.g. electrum / core).

Please provide us the URL which you think belongs to 'blockchain'.

You never need to pay any fee to get your transaction 'unstuck'.
This is most probably a scam site.

Do NOT pay anything, check the transaction on a blockexplorer whether it really has been sent.

The only official site to access blockchain.com is https://blockchain.com, former https://blockchain.info (which now redirects to .com).

Auto-fill is highly risky.

A fake site could be set up where the login fields are basically 'the same' as on an original site, and the chrome auto-fill (not extension, but built-in auto-fill) will enter your username and password.
This is a known attack vector and one reason why auto-fill should never be used.

I don't know how this extension behaves, but rather be safe than sorry.

IMO this extension is definitely not worth the risk.

Check this site for how to create a shortcut on your desktop.
In the command field simply use the path to the binary followed by all parameters, for example:

A desktop environment is a window manager (as the name says, managing windows from programs you open) and a bundle of software (e.g. settings manager, network manager, text editor, etc..).

You can take a look here: https://itsfoss.com/best-linux-desktop-environments/ and check the pictures. Which seems to be the closest to your setup (specifically the task bar and start menu) ?

Generally there are multiple ways to create a clickable shortcut, the easiest probably should be to right-click on the desktop and choose something like create shortcut.
If you can provide us the name of your DE, we can give you a more detailed instruction.




You can click Quote at the top right corner of a post, to quote it:






If new dependencies are required, then yes.
Otherwise you don't have to transfer anything to your offline machine (except for the armory upgrade of course).

Binance wäre so ein exchange.

Die bieten recht viele Coins an. Das withdrawal Limit ohne Verifizierung liegt bei 2 BTC täglich, also rund 19.000€ (nach aktuellem Kurs).
Ein viel höheres Limit ohne Verifizierung wirst du wohl nirgends finden.

Edit:
Wenn du mit "auscashen" meinst deine Coins in € zu tauschen, dann geht das nicht ohne komplette Verifizierung (Name und Perso). Und das hat auch einen Sinn.
Sich BTC in € ohne Namen oder Verifizierung auf ein ausländisches Konto überweisen zu lassen schreit ja schon förmlich nach Steuerbetrug.

Yes.




Yes, you can run this on debian.




You can create a shortcut running any command with any parameter you wish.
What DE are you using ?

Obvious scam.

You will lose money if you send them BTC.

That's some old school scam attracting extremely greedy individuals.
While there is a possibility that it might work well for a few days, this site will shut down. Might be tomorrow, might be in a month.
It might allow the first withdrawal, or might not allow one at all.

Anyone engaging in such things will lose money. Don't throw your money away.
If something sounds too good to be true, it is.

Carlton Banks pretty much explained everything, however if you are going to use your fresh Ubuntu install for more than just your online armory, i would install the package via apt-get instead of dpkg.

So, instead of:


you can do (when inside of the directory):

It usually is recommended to stick with apt-get, because it doesn't just install a package, but also looks for dependencies since it is a package management software.
This makes it easier for you to remove or change packages later compared to simply just installing it using dpkg.

apt-get uses dpkg to install the package in back end, but has additional features (scanning for dependencies, notifying when they can be removed, etc.).

Jaxx is a horrible wallet. Just like Exodus.

Both store all the private information unencrypted on the hard drive.
This basically means.. give anyone 20 seconds access to your computer or let him plug in an USB device for 3 seconds and all of your funds are gone.
They have a horrible security concept.

It really wouldn't be a lot of effort to implement encryption. A lot of (good) wallets do exactly that (e.g. core, electrum, wasabi).

IMO every wallet which stores private keys and other sensitive data unencrypted on the hard drive, should be avoided at all costs.

There could be bugs in the implementation of some algorithms, for example regarding PRNG's.
Or they might be simply using outdated libraries, which even could already contain known vulnerability, decreasing the entropy used to generate the private key(s).

The javascript aspect isn't really influenced by where it is run (online / offline pc), but by the code and libraries itself.
A faulty implementation could result in easily crackable private keys. And you have no proper and comfortable way of checking the code / libraries.


A better way would be to simply create a wallet (e.g. core or electrum) on an offline computer with a live distro and use that private key for a paper wallet.

Nested segwit is p2wpkh nested into p2sh. Those addresses start with 3.. (just as any other P2SH address).
Native segwit (bech32 encoded) on the other hand is the 'real segwit'. Those addresses start with bc1...

Unfortunately nicehash didn't update the software in the last few years, so they don't accept addresses starting with bc1.. yet.
Their software checks the entered address and gives an error (e.g. 'not valid address'), because it doesn't know how to handle it.




The easiest for your would probably be to simply use a nested segwit (P2SH, starting with 3..) to withdraw funds from nicehash.
See bitmover's post on how to create a second 'account' in ledger live.

Zum Glück gibt es dafür ja local mods 




Ja, das stimmt. Ich hoffe nur, dass alle reports dann auch manuell geprüft werden.
Zumindest gehört bei solchen automatisierten Report Tools eine Menge Ausnahmen Behandlung dazu.




Ich bin deiner Meinung, versteh mich da bitte nicht falsch.
Wollte nur nochmal klar machen, dass es definitiv kein gerechtfertigter Ban wäre, sondern dass dieser dann auf einem Fehler beruhen würde.

Zwar werden diese Accounts dann wieder freigeschaltet, jedoch kann das teilweise ganz schön lange dauern. Daher am besten wirklich Quotes verwenden 

Every service/exchanges supports nested segwit, because that's basically just P2SH.
You'll only see whether it is a multisig / nested segwit / etc. after funds has been spent from such an address.

P2SH got introduced in 2012. Any service etc. which doesn't support it yet, didn't change anything in the last 7 years and should be avoided at all costs.


I'd recommend to use nested segwit for such sites and services.
You'll still save on fees (roughly 26%) compared to legacy transactions.

Blockchain.com generiert eine neue Adresse für jede Zahlung (quasi nachdem du bereits Coins erhalten hast), siehe dazu auch hier: https://support.blockchain.com/hc/en-us/articles/360000574523-My-receiving-requesting-address-has-changed

Natürlich sollte der Betrag, bzw. die Transaktion in deiner App auftauchen.
Ist dies nicht der Fall, ist die TX entweder noch nicht bestätigt (keine Ahnung ob blockchain.com die dann schon anzeigt) oder sie wurde gar nicht erst versandt.

Am besten tust du, was o_solo_miner vorgeschlagen hat, und schaust dir die Adresse in einem blockexplorer an.Gib dazu einfach die Adresse in dem Feld auf https://live.blockcypher.com/btc/ ein.
Wenn du die gewünschte TX siehst, dann liegt es irgendwie an der App (Verbindungsproblem etc.). Wenn nicht, dann hat derjenige der dich bezahlen wollte/sollte es noch nicht getan.

Es wäre auch sehr hilfreich zu wissen welche versionen du benutzt.
Also quasi die Ledger live version und die aktuelle Firmware des Nano S.




Ich glaube jetzt nicht, dass ein Mod - wenn er den Post richtig liest - das als Plagiat markiert und zu einem Global Mod eskaliert.  Steht ja ausführlich "Vom Ledger Support:" davor.
Aber natürlich stimme ich dir zu, dass Quotes zu verwenden immer besser ist. Damit wäre man auf der sicheren Seite.

Trozdem, ein Ban wegen so etwas wäre ein eindeutiger Fehler des Mods.