I've never set or changed the root password, if there is a default one then perhaps I'm in luck? Not sure if this will be useful but
On the boot load screen just before I press enter it says "cannot open access to console, the root account is locked. See sulogin ( 8 ) man page for more details."
I have been out of this thread and off the board since Tuesday because of work. So if I missed it while going through this thread sorry about the re-posting but did you try pi/raspberry? -Dave |
|
|
|
Not really, many people do it. Heck you can even run an entire lightning node on one. It is not plug & play / as quick and simple as double-clicking an exe and done. But, it's not impossible and a lot of people do. It just takes a bit more time and effort. It's a good learning experience too. -Dave |
|
|
|
I forgot about that. I know last week there was the discussion about the malicious Python libraries https://bitcointalk.org/index.php?topic=5206906.0Makes you wonder what else is lurking out there. Sure, but how can you prove the closed source wallet has 2 levels of review on a secure PC if not without trust?
You can't because most places will not. BUT lets put this hypothetical out there. Take a well regulated exchange. Since Gemini is taken lets call it Aires. Aires is in NY so they have all the NY and USA regulators looking at everything they do. They decide all the wallets out there are crap so they release their own. They have auditors give a list of all the security processes but at the end of the day it's still closed source. Do you trust it more or less then say Mycelium? Now, if you don't auto update and wait for people to review the code before compiling yourself that is a different story. I don't, and I don't think anyone should. I don't feel comfortable giving any app, program, or software the ability to automatically download and execute code on my devices. That is very rare, most people just set it and forget it. -Dave |
|
|
|
Regardless what other people said, being open-source or partially open-source should be important aspect when looking for Bitcoin wallet. I agree. I also like to think of being open-source as decentralizing trust. If you don't have the ability or time as DaveF points out to review the code yourself, at least if it is open source then other people can and will flag up any issues. With a closed source wallet I have to trust the developer(s). With an open source wallet I can decentralize that trust from a single person or small team to an entire community. But, unless someone is checking every build that gets released to the play store vs what is in github in somewhat real time it is as I said a false security for most people. As I said above, do you know who has the access to push the apk to the play store? Do you know what access and security controls they have to that PC that they upload the file from? Do you know what kind of internal reviews exist to make sure all code is internally reviewed? Oh, and can you prove all of the above? Which is safer? A closed source wallet that has 2 levels of review and a separate PC in a secure area of an of a data center for uploading OR an open source one where the main developer has every password saved on his laptop that they leave in their car so they can work in the coffee shop where they connect to the open WiFi? Now, if you don't auto update and wait for people to review the code before compiling yourself that is a different story. But if you have your phone / tablet do the normal daily checks for updates then everything above is moot. Step 1 develop new wallet Step 2 publish code and release app. Step 3 update on a regular basis Step 4 become evil Step 5 keep updating as normal Step 6 repeat #5 for a while Step 7 release an update that steals coins to the app store / play store Step 8 Run with the BTCYes you have to trust some people at some times, that is just a fact. But, saying that open source is better or more secure that is really pushing it. It lets you find bugs / security issues quicker. It does not make it more secure. Unless you can verify the whole process. What we should be telling people IMO is "Over time open source things have had better security but you cannot always rely on that fact. Use separate hardware wallets when possible and don't store life altering amounts of coin in a hot wallet" https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.htmlAs someone who deals with it likes to say to me. "When the PCI compliance ( Payment Card Industry) audit comes remember to answer truthfully. They ask you if you store customers credit card information on your computer, and you don't. They don't ask you if you have that information on post it notes stuck to the wall in the warehouse so you don't need to tell them that. -Dave |
|
|
|
Btw it is just me or seems like this month a lot of scams are biting the dust?  They're filling up their year end quota lol. Glad that arrests were made though it could've been a lot sooner. Now all other scammers should know that it's only a matter of time till they too bit the dust.
Now we can debate if it was a long enough prison term, but the end was never in doubt.
-Dave
Dont think they will spend long though. I reckon 2- 3 years maybe less. Depends on if they go to trial or settle. Settle, yeah 2 or 3 years (possibly 4). Trial, you never know. When you drag everyone through a trial you are really never know how it ends up. Could be 6 months, could be a decade. More stuff comes out the longer you are in court and most of the time it's not good for the defendant. -Dave |
|
|
|
But, in a hot phone wallet does it matter? If you have more then spending amounts in your phone isn't this all kind of moot? Because...wait for it....phones & PCs are not that secure by themselves at the end of the day....
no, it doesn't really matter. mobile apps and custodial wallets are both high risk. it's always prudent to limit risk exposure either way. tbh i just avoid both. brick-and-mortar spending usually calls for buying gift cards, so i just buy those at home and keep all my private keys offline. Exactly, and I think that is actually what got me annoyed at the post / article. I really could not figure it out. Now I can. It's the title. "Is your wallet secure" The next line really should have been. "Duh, of course not, it's on a phone that is vulnerable, in an environment that is vulnerable. But these wallets might possibly be a tiny bit safer then others" Always like hearing your opinions, Dave.
Thanks :-) Enjoy the rest of the weekend everyone. -Dave |
|
|
|
So there is a post here: https://bitcointalk.org/index.php?topic=5209504.0 About is your Android wallet secure. Now I have some issues with the article, and how it is written, and some other things, but that is me. It basically discusses if the github version matches the compiled download for Android devices. Is it open source, is it custodial, etc. But that brings up another point which is, is that important? And what is? Going back to here: https://bitcointalk.org/index.php?topic=5205304.0 where I was talking about how to help new people pick their wallet, this also brings up the point of what is secure and good for you might not matter what it good and secure for me. I used to like Mycelium more but I have really started to drift away from it. For my own personal use I have moved to 2 separate mobile wallets. Both of which would make most people scream ARE YOU NUTS?? one is closed source (with some unverified complaints) and the other is custodial. But for me they do work,for others they might not. So this point here is: Since most of us can't really read the 1000s and 1000s of lines of code, and even if we could we may or may not compile it to verify what is on github matches what we just downloaded, which may or may not matter if they admit github might be a version or 2 behind what is being downloaded but the phone auto-updates the app anyway. Which then does not matter since we probably don't know the security procedures in place for them to upload the update to the playstore anyway. Aren't we just making ourselves feel good? Think about it. Coinomi is closed source. If they put in code to send all the coins in all their installed wallets to them, we can't do anything about it. And we will not know till all our funds are gone. BUTBlockstream Green Wallet is open source, and you can verify the build same way as listed it in the article. But still auto updates from the play store. Do we really know if the username and password for account that they use to upload to the store is secure along with the 2fa? Or is the user / pass on a post-it note on the monitor with the 2fa usb device left sitting plugged into the USB port on the computer that does the uploads? If someone goes evil Friday at 3:45PM as everyone is walking out of the office. By the time everyone figures it out Monday AM it's all over. Same with custodial vs non custodial? Yeah Coinbase has it's issue, but you know what else it has? Insurance & a phone number to call. I KNOW Not your keys / not your coins. But if you trade just about any financial instrument (stocks / bonds / currency) 99% of the time you don't have the actual bonds / stock certificates / cash anyway. Other then logging into my trading account I really can't prove I own "X" shares of "Y" stock. If I want the actual certificate I have to PAY a lot to have created it mailed to me. So long it's at a place like Coinbase and not Dave's unknown exchange does it matter that much? Yeah, they can spring KYC on you at any moment. But you know what, so can any payment gateway. I'm not saying leave real amounts of BTC there. With that being said... But, in a hot phone wallet does it matter? If you have more then spending amounts in your phone isn't this all kind of moot? Because...wait for it....phones & PCs are not that secure by themselves at the end of the day.... I can go on, but I just wanted to put this all down again -Dave |
|
|
|
So I saw this post and clicked on it.
Hmm, can't build bitpay wallet, can't build copay cant find bitcoin.com
As a NOOB I built copay took about an hour.
We disclosed our findings in great detail, including the date we did our investigation. If back when you did it or now, things are different, that might explain it and we might give it another shot. This puts you in an kind of never ending loop as everything is always in flux. You should put more detail in the testing then. If you really want to do it then put tested Date-Month-Year. Version tested AND what was the latest version available at the time of your test. etc. For example: You have 3.0.0.23 as the version you used to test mycelium that is from the end of September. It's mid December and the version Google Play just put on my phone was 3.2.0.11. That repository has its last code update in June, while the wallet on Google Play's last update was in October. This repository was not linked from Google play or their website. Why should I assume it's relevant? <RANT>
While we have a commitment with Mycelium, we also have a private life and while we do work for the company, we do not call the shots. Also Mycelium still owes me money since June and Rassah?? Do you live under a rock? He's not with Mycelium since years and said so in various occasions. A few things in there: 1) If mycelium owes you money and you are doing work for them, that should also be stated in the review. Because sooner or later I would think you are going to have to cut your losses and that is also relevant to wallet security. That is just my opinion, you can keep working for free but I would assume it would fall lower on your priority list as time goes on. 2) Rassah is still the mod of the mycelium forum and although claims to not have any affiliation with them (don't know why he would lie) he was still a contact point. Now everyone get's to bug you about the bugs.... 3) You did not address the rest of what was in my rant such as the syncing issues, the dead support links, the ads that still come on when turned off [as of 3.2.0.11 it still did it but not with any regularity]. And that is fine, you don't need to defend your project to random internet stranger. But, do not pretend they don't exist. Because saying that the code on github matches the compiled version is only part of the issue. If you have to export your keys to another wallet because the one you are using does not sync then the code is not really important is it? -Dave |
|
|
|
|
Dave hits F5 to refresh browser. Nope, still no pictures of clubs.
Waits 3 seconds, hits F5 again, still no pictures.
Another 3 seconds, F5 no pictures.
.
.
.
A few hours later, F5 key worn out still being pressed every few seconds. :-)
-Dave
|
|
|
|
There is another discussion about his site here: https://bitcointalk.org/index.php?topic=5209504Except for my 1 post there and this post I am going to stay out of it since he is a Mycelium developer and my current view of the app has greatly degraded. Because of the issues costing people a lot of time & effort to get their BTC, I don't think I am going to be able to provide a fair view and ranting is not going to help anything. -Dave |
|
|
|
|
Can you please add a shopping cart instead of having to buy each card one at a time?
Getting 5 cards means 5 transactions with 5 tx fees.
At that point the miners are happy with the extra fees but it's just costing your customers extra BTC
-Dave
|
|
|
|
So I saw this post and clicked on it. Hmm, can't build bitpay wallet, can't build copay cant find bitcoin.com As a NOOB I built copay took about an hour. Bitcoin.com is a copay clone, took about 3.2 seconds of searching to find it: https://github.com/Bitcoin-com/WalletNo idea if the above is the correct one but it is there. At least one other one also exists that they could not find. Don't remember which one it was, have not had coffee yet. <RANT> Since the authors say that they contribute to mycelium perhaps they should spend more time fixing that app then slamming others. https://bitcointalk.org/index.php?topic=5204973.0https://bitcointalk.org/index.php?topic=5208593.0Rassah has not logged on here in 6 months, the support link on their website is dead, so yeah, let's mark it as safe. I use to use mycelium a lot, however with the issues that everyone seems to be having syncing, the lack of updates for ios, and various other issues, it's gone to shit so I stopped using it / recommending it. It's great that it's open source and secure, but if I can't connect to their servers and have to import my key into another wallet to spend then whats the point. And lets not forget the ads that come up that not everyone can turn off: https://github.com/mycelium-com/wallet-android/issues/527</RANT> -Dave |
|
|
|
i would to see a separate board for Lightning Network (both technical discussion and clients) but i think it is way too soon to create it since there aren't that much topics on the subject and most of the topics that already exist (like the ones you posted here) should still remain where they are like the one in beginners and help board or the Electrum related topic.
The issue I see, is that yes you have a good point with that. BUT even the 1st thread I had listed points to a Telegram channel and a pair of different websites. One of the others I found, not sure if I listed it, points to a discord chat. It just feels to me that we are saying "come to bitcointalk to talk about bitcoin, go here to talk about lightning" I was trying to find out how to fix something I broke with my node and wound up on finding the answer on reddit. Was not even and discussion about it here. Not good / not bad just not here. Which is why I bought it up. -Dave |
|
|
|
|
So I never posted to github, that's on me. I keep forgetting when I am at work and it's tied to the office email.
Anyway, it's definitely not happy with larger wallets. I just dumped in another one with 1000s of transactions and again it's just sitting there with 2 threads maxed out.
Anyone else seeing this with bigger wallets. I'm assuming its just searching through an un-optimized database.
-Dave
|
|
|
|
|
Did the same wearing Sr. Member for now.
-Dave
|
|
|
|
|
Still borked.
Can you try it in yours to make sure it's not just me.
-Dave
|
|
|
|
|
The Hero / Legendary is over 4000 characters.
At least for a copy / paste.
-Dave
|
|
|
|
Now since we agree to the fact the home miners will dominate at certain point, how reliable will bitcoin be then when 1 large farm can switch their gears back on and easily attack the network or force new rules / hardfork or whatever shit anyone would do? The blockchain size by then will also be very large,nodes number might as well drop significantly , making every kind of attack much more easier than it is now.
Probably not as easy as it sounds. You are still going to need the gear and the power. No big miner is going to just shut down and go away. They are going to sell the buildings / get out of the leases they are in and sell off the gear. Sitting on the gear to attack later is just not good business. Newer, gear more efficient will still come out since there will be a profit in designing and building miners so even if they kept it they might be behind the curve . The biggest issue would be a pool or group of pools that gains enough hash. But I would think the same backlash that hit ghash.io back in the day would happen again. And as Phil said it's probably not going to happen for at least 10 years so there could be some other changes in mining that we are not even thinking about. Edit: As for the blockchain size, I really think that is a non issue. I just got a 1TB SSD for under $100 at Amazon. I could have gotten it for less but I was in a hurry and just wanted to get it ordered, did not want to stop and shop to save $10.00. -Dave |
|
|
|
|
Show Posts
